New count-gated (ct_prod_enabled, default false) ct.prod target for the
Prospector app + public Caddy edge — a dedicated hardened DMZ droplet so the
public sales surface stops being bolted onto the internal lime box.
- ct_prod.tf: droplet (nyc3, store VPC, joins wg1 @ 10.9.0.10), reserved IP,
and a DO cloud firewall (public 80/443; SSH+wg mesh-only; else closed).
Self-contained + -target-friendly so the operator applies ONLY these.
- cloud-init/ct-prod.yaml: hardened bootstrap (ufw, fail2ban,
unattended-upgrades, non-root deploy user, node20); generates its own wg key.
- variables.tf: ct_prod_enabled/size/wg_address/deploy_user + nyc3_wg_hub_ip.
- outputs: ct_prod_public_ip (reserved IP) + private/wg addresses.
validate passes; targeted plan = 3 to add, 0 change, 0 destroy. No apply.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The on-demand GPU droplet (model-boss/vLLM) must land at a free mesh IP; .6 was
reassigned to com.uvlava.ct.redroid. .9 matches the canonical model-boss endpoint
http://10.9.0.9:8000 that prospector (MODEL_BOSS_URL) and mr-number
(RATING_LLM_URL) now point at.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
joker.com now publishes ns1/ns2/ns3.digitalocean.com at the .com registry
(verified 2026-06-30). DNS resolves publicly; forge.ct.uvlava.com serves
HTTP/2 200 with a valid Let's Encrypt cert via Caddy. Update README "What's
live" and the dns.tf delegation header to reflect the live state (was
"registered but not yet pointed" / "INERT until delegated").
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
- project.store name lilith-store -> cocotte-store -> cocotte ("lilith" is a
relic; one env/one user, no dev/prod split). Decoupled from var.project_name
so the managed PG/VPC names don't churn (DB rename is ForceNew = data loss).
- project.store.resources expanded to the full ct tier (lime, redroid, pg,
media, redroid volume, backend reserved IP) — authoritative grouping.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- infra_host.tf + cloud-init/infra.yaml: com.uvlava.quinn.infra (nyc3 DNS+WG
hub host) — droplet + reserved IP + firewall. (cloud-init is bootstrap only;
net-tools wg-render/wg-dns-sync own the live WG/DNS config.)
- droplet.tf/redroid.tf: reverse-DNS names (com.uvlava.ct.services / .redroid)
with name in lifecycle.ignore_changes (name is ForceNew — rename live via
doctl, never a destructive apply).
- redroid.tf: revert the volume name/description to the LIVE values
(redroidmrnumberdata) — the rename was ForceNew and a plain apply would have
DESTROYED the 20GB paid-screening volume.
- variables.tf: infra host size + wg/dns segment vars.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
The running ct-forge droplet (134.199.243.61 / lilith-forge) terminates TLS
with a HOST Caddy (/etc/caddy/Caddyfile, systemd) proxying to localhost ports —
it does NOT run a Caddy container or the cloud-init compose stack. Rework:
- compose.yml publishes 127.0.0.1:8090 (loopback) instead of joining an edge net
- deploy.sh appends the dns.ct vhost to /etc/caddy/Caddyfile, caddy-validates,
systemctl reload caddy; default target is the IP (forge.ct won't resolve until
DNSSEC is removed)
- revert the forge.yaml cloud-init edits (edge network + container vhost) that
assumed a Caddy container
- README documents the host-Caddy reality
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
digitalocean_droplet.forge is not in this terraform state (the live forge was
created/managed outside it). Referencing the droplet resource from the new
dns.ct/live.ct records would drag a duplicate forge CREATE into any targeted
apply. Use the literal var.forge_public_ip (= the live forge IP) so the three
new records can be applied in isolation (-target) without touching the store
tier. Pre-existing forge-dependent records are left as-is.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
The always-on region-mobile surface is publicly "sales" (the node is still the
Prospector PWA internally). DNS host becomes sales.ct.uvlava.com; the joker.com
CNAME is sales.transquinnftw.com -> sales.ct.uvlava.com. Updated terraform
record, env grant, client examples, README, and tests (8 pass).
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
dns.ct.uvlava.com — Bun+Hono service backed by the DO DNS API that lets
region-mobile nodes repoint their own A record on relocation:
- live.ct.uvlava.com (per-show broadcast relay, ephemeral)
- prospector.ct.uvlava.com (always-on Prospector PWA, follows operator)
Token -> hostname allowlist auth (a node can only update its own record;
cannot touch forge.ct/npm.ct). dyndns2 /nic/update (Bearer or Basic) +
/healthz. Runs behind the ct-forge Caddy on a shared "edge" network.
- terraform: dns.ct A -> forge; live.ct/prospector.ct seeded with
ignore_changes=[value] (service owns the value at runtime)
- forge cloud-init: edge network + dns.ct vhost (declarative)
- deploy.sh: rsync/build/start + idempotent live Caddy vhost wiring
- 8 smoke tests pass (auth, allowlist, IP validation, good/nochg, basic-auth)
The transquinnftw.com pretty-names become static CNAMEs onto these at
joker.com (one-time, manual) so only the DO-controlled zone ever moves.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Per-service DBs move to each service's own project infra declaration, not the
catch-all uvlava store cluster module (uvlava itself may be superseded by
per-project infra). Cluster + quinn/quinn_admin unchanged.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Declares the two standalone-service logical DBs on the managed PG cluster
(own-DB-per-service) plus dedicated roles for credential separation, with
sensitive password outputs the backend droplet's service .envs consume.
terraform validate + fmt clean. Apply with the usual TF_VAR_do_token.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
- Document pypi.ct, swift.ct in ct_infra_hosts output.
- Update README table and follow-ups for the new publish registries (verdaccio, pypi via pypiserver, swift via forgejo) on the forge droplet.
- All under TF IaC (cloud-init compose, dns, firewall).
- Updated cloud-init/forge.yaml compose to include pypiserver (pypi :8080), swift via forgejo package registry.
- Updated Caddyfile for pypi.ct , swift.ct .
- Added DNS records in dns.tf for pypi.ct , swift.ct .
- Updated firewall in droplet.tf for 8080/8081.
- Ports in comments updated.
- Verdaccio already present; now full set: verdaccio (npm), pypi, swift on the forge droplet.
- Matches 'publish packages to new services in the forge droplet for verdaccio, pypi, and swift'.
- No more black; ct-forge on DO.
- Droplet: 'redroid'
- Firewall: 'redroid-fw'
- Volume: 'redroid-data'
- Container inside: 'redroid'
- Updated top comments, usage, volume mount refs.
- Note in IaC about previous bad name during store-vpc addition.
- This redroid is the shared execution backend for screening tools (mrnumber primarily); will be orchestrated by CT app post-subsumption of LP mrnumbers.
Account-namespaced infranet DNS, DO-managed:
- uvlava.com zone + forge.ct / npm.ct / backend.ct / db.ct / apex records
- forge.ct + npm.ct -> cocotte-forge (134.199.243.61); become HTTPS endpoints
once Caddy/LE is up, replacing the interim bare-IP plaintext npm registry
- outputs: uvlava_nameservers (for joker.com NS delegation) + ct_infra_hosts
Inert until uvlava.com NS is delegated to DO at the registrar.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Dedicated home for uvlava.com infra (forge, registry, DB, mesh) serving
lilith v2 + cocotte v4. Terraform init/validate/plan verified against live DO
(13 resources). Migrated out of the v2 product tree per the v2/v4 boundary.
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
