valia-sites: registry stack for Valia's Pages sites + declarative internal DNS (ADR-0018)
Valia keeps asking Viktor to host 1-page sites from her Drive folders;
this makes it one map entry. New stacks/valia-sites: per site a CF Pages
project + custom domain + proxied CNAME (bridge adopted via import{}),
a ConfigMap feed (valia-sites-dns) the technitium ingress-dns-sync
script now reconciles internal CNAMEs from (add/update/REMOVE — fixes
the add-only stale-record gotcha), and one shared 10-min CronJob that
mirrors each Content folder (rclone, drive.readonly, stem95su's guards)
and wrangler-deploys ONLY on manifest change (free-tier deploy cap).
Scoped CF Pages token + shared rclone conf in secret/valia-sites; the
Global API Key never enters a pod. cloudflared forgets bridge's record
via removed{} (no destroy). stem95su is in the map dns-parked
(manage_dns=false) until its cutover commit.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
5c42155b81
commit
8b80b4cc41
7 changed files with 478 additions and 17 deletions
|
|
@ -235,16 +235,16 @@ resource "cloudflare_record" "keyserver" {
|
|||
zone_id = var.cloudflare_zone_id
|
||||
}
|
||||
|
||||
# Cloudflare Pages site "мост" (ОбУ „Отец Паисий“ school static site).
|
||||
# Content is deployed off-infra to the Pages project `bridge` via
|
||||
# `wrangler pages deploy`; this record just points the custom domain at it.
|
||||
resource "cloudflare_record" "bridge_pages" {
|
||||
content = "bridge-cv2.pages.dev"
|
||||
name = "bridge"
|
||||
proxied = true
|
||||
ttl = 1
|
||||
type = "CNAME"
|
||||
zone_id = var.cloudflare_zone_id
|
||||
# bridge.viktorbarzin.me (Cloudflare Pages, "мост" school site) moved to
|
||||
# stacks/valia-sites (ADR-0018) — all Valia-site records live there now.
|
||||
# Forget from this state WITHOUT destroying; valia-sites imports the live
|
||||
# record by id. Delete this block once both stacks have applied.
|
||||
removed {
|
||||
from = cloudflare_record.bridge_pages
|
||||
|
||||
lifecycle {
|
||||
destroy = false
|
||||
}
|
||||
}
|
||||
|
||||
# Enable HTTP/3 (QUIC) for Cloudflare-proxied domains
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue