commit 76c6a406620d6351200d952db5aa25c841e70ea7
Author: n0ball <n0ball@n0ball.tw>
Date:   Tue Mar 10 19:46:12 2026 +0800

    Initial DNS records and CI workflow

diff --git a/.gitea/workflows/deploy.yaml b/.gitea/workflows/deploy.yaml
new file mode 100644
index 0000000..3d2153d
--- /dev/null
+++ b/.gitea/workflows/deploy.yaml
@@ -0,0 +1,35 @@
+name: Deploy DNS Records
+on:
+  push:
+    branches: [main]
+    paths: [records.yaml]
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install kubectl
+        run: |
+          curl -sLO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          chmod +x kubectl
+          mv kubectl /usr/local/bin/
+
+      - name: Setup kubeconfig
+        run: |
+          mkdir -p ~/.kube
+          echo "$KUBECONFIG_DATA" | base64 -d > ~/.kube/config
+        env:
+          KUBECONFIG_DATA: ${{ secrets.KUBECONFIG }}
+
+      - name: Generate and apply CoreDNS configmap
+        run: |
+          chmod +x generate.sh
+          ./generate.sh records.yaml > coredns-custom.yaml
+          echo "--- Generated configmap ---"
+          cat coredns-custom.yaml
+          echo "--- Applying ---"
+          kubectl apply -f coredns-custom.yaml
+          kubectl rollout restart deployment/coredns -n kube-system
+          kubectl rollout status deployment/coredns -n kube-system --timeout=60s
diff --git a/generate.sh b/generate.sh
new file mode 100755
index 0000000..99fc4b2
--- /dev/null
+++ b/generate.sh
@@ -0,0 +1,48 @@
+#!/bin/sh
+# Generates CoreDNS configmap YAML from records.yaml
+# Usage: ./generate.sh records.yaml > coredns-custom.yaml
+set -e
+
+RECORDS_FILE="${1:-records.yaml}"
+
+# Parse records.yaml, group by IP, generate CoreDNS template blocks
+# Uses only POSIX tools (awk)
+
+cat <<'HEADER'
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: coredns-custom
+  namespace: kube-system
+data:
+  homelab.override: |
+HEADER
+
+awk '
+/^[a-zA-Z0-9]/ && /:/ {
+  gsub(/"/, "")
+  split($0, parts, ":")
+  host = parts[1]
+  gsub(/^[ \t]+|[ \t]+$/, "", host)
+  ip = parts[2]
+  gsub(/^[ \t]+|[ \t]+$/, "", ip)
+  if (host != "" && ip != "") {
+    ips[ip] = ips[ip] ? ips[ip] "|" host : host
+  }
+}
+END {
+  for (ip in ips) {
+    n = split(ips[ip], hosts, "|")
+    regex = ""
+    for (i = 1; i <= n; i++) {
+      gsub(/\./, "\\.", hosts[i])
+      regex = regex ? regex "|" hosts[i] : hosts[i]
+    }
+    printf "    template IN A {\n"
+    printf "      match \"^(%s)\\.$\"\n", regex
+    printf "      answer \"{{ .Name }} 60 IN A %s\"\n", ip
+    printf "      fallthrough\n"
+    printf "    }\n"
+  }
+}
+' "$RECORDS_FILE"
diff --git a/records.yaml b/records.yaml
new file mode 100644
index 0000000..85c2964
--- /dev/null
+++ b/records.yaml
@@ -0,0 +1,9 @@
+## Cluster DNS Records
+## Format: hostname: IP
+## These are resolved by CoreDNS inside the K8s cluster.
+## Push to main to apply changes automatically.
+
+keycloak.n0ball.tw: "192.168.51.200"
+grafana.n0ball.tw: "192.168.51.200"
+vault.n0ball.tw: "192.168.51.200"
+gitea.n0ball.tw: "192.168.51.200"