dns.ct.uvlava.com — Bun+Hono service backed by the DO DNS API that lets
region-mobile nodes repoint their own A record on relocation:
- live.ct.uvlava.com (per-show broadcast relay, ephemeral)
- prospector.ct.uvlava.com (always-on Prospector PWA, follows operator)
Token -> hostname allowlist auth (a node can only update its own record;
cannot touch forge.ct/npm.ct). dyndns2 /nic/update (Bearer or Basic) +
/healthz. Runs behind the ct-forge Caddy on a shared "edge" network.
- terraform: dns.ct A -> forge; live.ct/prospector.ct seeded with
ignore_changes=[value] (service owns the value at runtime)
- forge cloud-init: edge network + dns.ct vhost (declarative)
- deploy.sh: rsync/build/start + idempotent live Caddy vhost wiring
- 8 smoke tests pass (auth, allowlist, IP validation, good/nochg, basic-auth)
The transquinnftw.com pretty-names become static CNAMEs onto these at
joker.com (one-time, manual) so only the DO-controlled zone ever moves.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
25f58cdc3c