fix(dns): new ct records use var.forge_public_ip, not the forge droplet ref

digitalocean_droplet.forge is not in this terraform state (the live forge was created/managed outside it). Referencing the droplet resource from the new dns.ct/live.ct records would drag a duplicate forge CREATE into any targeted apply. Use the literal var.forge_public_ip (= the live forge IP) so the three new records can be applied in isolation (-target) without touching the store tier. Pre-existing forge-dependent records are left as-is. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 14:49:37 -04:00 · 2026-06-29 14:49:37 -04:00 · 5b6faba4f7
commit 5b6faba4f7
parent 056b0ba8a0
1 changed files with 8 additions and 2 deletions
--- a/terraform/do/dns.tf
+++ b/terraform/do/dns.tf
@ -91,11 +91,17 @@ resource "digitalocean_record" "apex" {
 # dns.ct.uvlava.com -> the forge droplet, which runs the dns-updater container
 # behind Caddy (services/dns-updater). Region-mobile nodes POST /nic/update here
 # to repoint their own A record via the DO API.
+#
+# These three records use var.forge_public_ip (a literal string) rather than
+# digitalocean_droplet.forge.ipv4_address — the forge droplet is currently NOT
+# in this state, so a resource reference would drag a duplicate forge create
+# into any targeted apply. The literal matches the live forge IP and lets these
+# records be applied in isolation (-target) without touching the store tier.
 resource "digitalocean_record" "ct_dns" {
  domain = digitalocean_domain.uvlava.name
  type   = "A"
  name   = "dns.ct"
-  value  = digitalocean_droplet.forge.ipv4_address
+  value  = var.forge_public_ip
  ttl    = 300
 }

@ -111,7 +117,7 @@ resource "digitalocean_record" "ct_live" {
  domain = digitalocean_domain.uvlava.name
  type   = "A"
  name   = "live.ct"
-  value  = digitalocean_droplet.forge.ipv4_address
+  value  = var.forge_public_ip
  ttl    = 60

  lifecycle {