No description
Find a file
Natalie 5faaa24c75 terraform: quinn.infra host + reverse-DNS naming + redroid volume landmine fix
- infra_host.tf + cloud-init/infra.yaml: com.uvlava.quinn.infra (nyc3 DNS+WG
  hub host) — droplet + reserved IP + firewall. (cloud-init is bootstrap only;
  net-tools wg-render/wg-dns-sync own the live WG/DNS config.)
- droplet.tf/redroid.tf: reverse-DNS names (com.uvlava.ct.services / .redroid)
  with name in lifecycle.ignore_changes (name is ForceNew — rename live via
  doctl, never a destructive apply).
- redroid.tf: revert the volume name/description to the LIVE values
  (redroidmrnumberdata) — the rename was ForceNew and a plain apply would have
  DESTROYED the 20GB paid-screening volume.
- variables.tf: infra host size + wg/dns segment vars.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-29 23:12:47 -04:00
.project chore(uvlava): add .project planning dir 2026-06-29 14:35:14 -04:00
services/dns-updater uvlava: add ./run task runner for the services tier 2026-06-29 23:12:47 -04:00
terraform/do terraform: quinn.infra host + reverse-DNS naming + redroid volume landmine fix 2026-06-29 23:12:47 -04:00
.gitignore infra(uvlava): seed shared infranet repo with DO store-tier IaC 2026-06-27 09:43:44 -04:00
README.md infra(uvlava): seed shared infranet repo with DO store-tier IaC 2026-06-27 09:43:44 -04:00
run uvlava: add ./run task runner for the services tier 2026-06-29 23:12:47 -04:00

uvlava

uvlava.com — the shared infranet. The infrastructure layer beneath both product lines, replacing the dead homelan hosts black + apricot (died 2026-06-27). Not a product; the substrate the products run on.

  • lilith (v2)~/Code/@projects/@lilith/lilith-platform.live
  • cocotte (v4)~/Code/@projects/@cocottetech

Both consume uvlava; neither owns it. Infra config lives here so it isn't buried in a product repo.

Topology

   PUBLIC INTERNET ─► serve tier (NOT uvlava): 1984.is / vps-0 (Iceland)
                       nginx · SPAs · edge cache · mail · adult content
                                     │ private (WireGuard mesh)
   uvlava ───────────► store/infra tier: DigitalOcean (ct:prod, nyc3)
                       Forgejo · Verdaccio · Managed PG · Spaces · workers

uvlava is store/infra only — it never serves adult content to the public (provider-AUP + the serve tier stays on content-tolerant 1984.is).

What's live

Service Host Endpoint (bare for now; named later)
Forgejo (git canonical) lilith-forge droplet 134.199.243.61:3000forge.uvlava.com (planned)
Verdaccio (@lilith/* npm) same droplet 134.199.243.61:4873npm.uvlava.com (planned)

DO account ct / project ct:prod / region nyc3. uvlava.com is registered (joker.com) but not yet pointed — DNS + TLS deferred until the store tier lands.

Layout

  • terraform/do/ — DO store tier IaC (Managed PG + Spaces + backend droplet + WG peer + optional GPU). init/validate/plan verified against the live account (13 resources, no GPU); not yet applied. See terraform/do/README.md for the apply guide.

Secrets

None in-tree. All under ~/.vault/ (0600): do-pat-ct.token, forge-admin-quinn.*. .gitignore blocks *.tfstate / *.tfvars.