# uvlava **uvlava.com — the shared infranet.** The infrastructure layer beneath both product lines, replacing the dead homelan hosts `black` + `apricot` (died 2026-06-27). Not a product; the substrate the products run on. - **lilith (v2)** — `~/Code/@projects/@lilith/lilith-platform.live` - **cocotte (v4)** — `~/Code/@projects/@cocottetech` Both consume uvlava; neither owns it. Infra config lives here so it isn't buried in a product repo. ## Topology ``` PUBLIC INTERNET ─► serve tier (NOT uvlava): 1984.is / vps-0 (Iceland) nginx · SPAs · edge cache · mail · adult content │ private (WireGuard mesh) uvlava ───────────► store/infra tier: DigitalOcean (ct:prod, nyc3) Forgejo · Verdaccio · Managed PG · Spaces · workers ``` uvlava is **store/infra only** — it never serves adult content to the public (provider-AUP + the serve tier stays on content-tolerant 1984.is). ## What's live | Service | Host | Endpoint | |---|---|---| | Forgejo (git canonical) | ct-forge droplet | `https://forge.ct.uvlava.com` (live, Caddy + LE) | | Verdaccio (`@lilith/*` npm) | same droplet | `https://npm.ct.uvlava.com` | DO account `ct` / project `ct:prod` / region `nyc3`. `uvlava.com` is registered (joker.com) and **delegated to DigitalOcean** — joker.com publishes `ns1/ns2/ns3.digitalocean.com` at the `.com` registry (verified 2026-06-30). DNS resolves publicly and Caddy auto-provisions Let's Encrypt certs per hostname: `forge.ct.uvlava.com` serves `HTTP/2 200` with a valid LE cert (`CN=forge.ct.uvlava.com`). Only hostnames explicitly in the zone resolve — there is **no wildcard**, so each new subdomain needs its own A record. ## Layout - `terraform/do/` — DO store tier IaC (Managed PG + Spaces + backend droplet + WG peer + optional GPU). `init`/`validate`/`plan` verified against the live account (13 resources, no GPU); **not yet applied**. See [`terraform/do/README.md`](terraform/do/README.md) for the apply guide. ## Secrets None in-tree. All under `~/.vault/` (`0600`): `do-pat-ct.token`, `forge-admin-quinn.*`. `.gitignore` blocks `*.tfstate` / `*.tfvars`.