98cc0fa21d
The always-on region-mobile surface is publicly "sales" (the node is still the Prospector PWA internally). DNS host becomes sales.ct.uvlava.com; the joker.com CNAME is sales.transquinnftw.com -> sales.ct.uvlava.com. Updated terraform record, env grant, client examples, README, and tests (8 pass). Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
12 lines
686 B
Text
12 lines
686 B
Text
# Copy to .env on the forge droplet (gitignored). Never commit real values.
|
|
|
|
# DigitalOcean API token with read/write on the uvlava.com DNS zone.
|
|
# Use a DEDICATED token (revocable, scoped to this service) — not the terraform token.
|
|
DO_TOKEN=dop_v1_xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
|
|
|
|
# Zone the records live in.
|
|
DNS_DOMAIN=uvlava.com
|
|
|
|
# Token -> allowed-hostname grants. One grant per node; a token may update ONLY
|
|
# its listed hosts. Generate strong random tokens (e.g. `openssl rand -hex 24`).
|
|
DNS_UPDATER_TOKENS=[{"token":"REPLACE_live_node_token","hosts":["live.ct.uvlava.com"]},{"token":"REPLACE_sales_node_token","hosts":["sales.ct.uvlava.com"]}]
|