valia-sites: registry stack for Valia's Pages sites + declarative internal DNS (ADR-0018)
Some checks failed
ci/woodpecker/push/default Pipeline failed
Build valia-sites-sync / build (push) Has been cancelled

Valia keeps asking Viktor to host 1-page sites from her Drive folders;
this makes it one map entry. New stacks/valia-sites: per site a CF Pages
project + custom domain + proxied CNAME (bridge adopted via import{}),
a ConfigMap feed (valia-sites-dns) the technitium ingress-dns-sync
script now reconciles internal CNAMEs from (add/update/REMOVE — fixes
the add-only stale-record gotcha), and one shared 10-min CronJob that
mirrors each Content folder (rclone, drive.readonly, stem95su's guards)
and wrangler-deploys ONLY on manifest change (free-tier deploy cap).
Scoped CF Pages token + shared rclone conf in secret/valia-sites; the
Global API Key never enters a pod. cloudflared forgets bridge's record
via removed{} (no destroy). stem95su is in the map dns-parked
(manage_dns=false) until its cutover commit.

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
Viktor Barzin 2026-07-03 12:28:06 +00:00
parent 5c42155b81
commit 8b80b4cc41
7 changed files with 478 additions and 17 deletions

View file

@ -235,16 +235,16 @@ resource "cloudflare_record" "keyserver" {
zone_id = var.cloudflare_zone_id
}
# Cloudflare Pages site "мост" (ОбУ Отец Паисий school static site).
# Content is deployed off-infra to the Pages project `bridge` via
# `wrangler pages deploy`; this record just points the custom domain at it.
resource "cloudflare_record" "bridge_pages" {
content = "bridge-cv2.pages.dev"
name = "bridge"
proxied = true
ttl = 1
type = "CNAME"
zone_id = var.cloudflare_zone_id
# bridge.viktorbarzin.me (Cloudflare Pages, "мост" school site) moved to
# stacks/valia-sites (ADR-0018) all Valia-site records live there now.
# Forget from this state WITHOUT destroying; valia-sites imports the live
# record by id. Delete this block once both stacks have applied.
removed {
from = cloudflare_record.bridge_pages
lifecycle {
destroy = false
}
}
# Enable HTTP/3 (QUIC) for Cloudflare-proxied domains