From 5b6faba4f71d488e48c40e5631e65fd803d7ef06 Mon Sep 17 00:00:00 2001 From: Natalie Date: Mon, 29 Jun 2026 14:49:37 -0400 Subject: [PATCH] fix(dns): new ct records use var.forge_public_ip, not the forge droplet ref digitalocean_droplet.forge is not in this terraform state (the live forge was created/managed outside it). Referencing the droplet resource from the new dns.ct/live.ct records would drag a duplicate forge CREATE into any targeted apply. Use the literal var.forge_public_ip (= the live forge IP) so the three new records can be applied in isolation (-target) without touching the store tier. Pre-existing forge-dependent records are left as-is. Co-Authored-By: Claude Opus 4.8 --- terraform/do/dns.tf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/terraform/do/dns.tf b/terraform/do/dns.tf index 07baf39..8289922 100644 --- a/terraform/do/dns.tf +++ b/terraform/do/dns.tf @@ -91,11 +91,17 @@ resource "digitalocean_record" "apex" { # dns.ct.uvlava.com -> the forge droplet, which runs the dns-updater container # behind Caddy (services/dns-updater). Region-mobile nodes POST /nic/update here # to repoint their own A record via the DO API. +# +# These three records use var.forge_public_ip (a literal string) rather than +# digitalocean_droplet.forge.ipv4_address — the forge droplet is currently NOT +# in this state, so a resource reference would drag a duplicate forge create +# into any targeted apply. The literal matches the live forge IP and lets these +# records be applied in isolation (-target) without touching the store tier. resource "digitalocean_record" "ct_dns" { domain = digitalocean_domain.uvlava.name type = "A" name = "dns.ct" - value = digitalocean_droplet.forge.ipv4_address + value = var.forge_public_ip ttl = 300 } @@ -111,7 +117,7 @@ resource "digitalocean_record" "ct_live" { domain = digitalocean_domain.uvlava.name type = "A" name = "live.ct" - value = digitalocean_droplet.forge.ipv4_address + value = var.forge_public_ip ttl = 60 lifecycle {