developer/uvlava
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
No description
8 commits 1 branch 0 tags 124 KiB
Find a file
Natalie 25f58cdc3c feat(dns-updater): self-hosted dyndns2 service for region-mobile nodes 
dns.ct.uvlava.com — Bun+Hono service backed by the DO DNS API that lets
region-mobile nodes repoint their own A record on relocation:
  - live.ct.uvlava.com      (per-show broadcast relay, ephemeral)
  - prospector.ct.uvlava.com (always-on Prospector PWA, follows operator)

Token -> hostname allowlist auth (a node can only update its own record;
cannot touch forge.ct/npm.ct). dyndns2 /nic/update (Bearer or Basic) +
/healthz. Runs behind the ct-forge Caddy on a shared "edge" network.

- terraform: dns.ct A -> forge; live.ct/prospector.ct seeded with
  ignore_changes=[value] (service owns the value at runtime)
- forge cloud-init: edge network + dns.ct vhost (declarative)
- deploy.sh: rsync/build/start + idempotent live Caddy vhost wiring
- 8 smoke tests pass (auth, allowlist, IP validation, good/nochg, basic-auth)

The transquinnftw.com pretty-names become static CNAMEs onto these at
joker.com (one-time, manual) so only the DO-controlled zone ever moves.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-29 13:57:20 -04:00
services/dns-updater feat(dns-updater): self-hosted dyndns2 service for region-mobile nodes 2026-06-29 13:57:20 -04:00
terraform/do feat(dns-updater): self-hosted dyndns2 service for region-mobile nodes 2026-06-29 13:57:20 -04:00
.gitignore infra(uvlava): seed shared infranet repo with DO store-tier IaC 2026-06-27 09:43:44 -04:00
README.md infra(uvlava): seed shared infranet repo with DO store-tier IaC 2026-06-27 09:43:44 -04:00

README.md

uvlava

uvlava.com — the shared infranet. The infrastructure layer beneath both product lines, replacing the dead homelan hosts black + apricot (died 2026-06-27). Not a product; the substrate the products run on.

  • lilith (v2)~/Code/@projects/@lilith/lilith-platform.live
  • cocotte (v4)~/Code/@projects/@cocottetech

Both consume uvlava; neither owns it. Infra config lives here so it isn't buried in a product repo.

Topology

   PUBLIC INTERNET ─► serve tier (NOT uvlava): 1984.is / vps-0 (Iceland)
                       nginx · SPAs · edge cache · mail · adult content
                                     │ private (WireGuard mesh)
   uvlava ───────────► store/infra tier: DigitalOcean (ct:prod, nyc3)
                       Forgejo · Verdaccio · Managed PG · Spaces · workers

uvlava is store/infra only — it never serves adult content to the public (provider-AUP + the serve tier stays on content-tolerant 1984.is).

What's live

Service Host Endpoint (bare for now; named later)
Forgejo (git canonical) lilith-forge droplet 134.199.243.61:3000forge.uvlava.com (planned)
Verdaccio (@lilith/* npm) same droplet 134.199.243.61:4873npm.uvlava.com (planned)

DO account ct / project ct:prod / region nyc3. uvlava.com is registered (joker.com) but not yet pointed — DNS + TLS deferred until the store tier lands.

Layout

  • terraform/do/ — DO store tier IaC (Managed PG + Spaces + backend droplet + WG peer + optional GPU). init/validate/plan verified against the live account (13 resources, no GPU); not yet applied. See terraform/do/README.md for the apply guide.

Secrets

None in-tree. All under ~/.vault/ (0600): do-pat-ct.token, forge-admin-quinn.*. .gitignore blocks *.tfstate / *.tfvars.