valia-sites: registry stack for Valia's Pages sites + declarative internal DNS (ADR-0018)
Valia keeps asking Viktor to host 1-page sites from her Drive folders;
this makes it one map entry. New stacks/valia-sites: per site a CF Pages
project + custom domain + proxied CNAME (bridge adopted via import{}),
a ConfigMap feed (valia-sites-dns) the technitium ingress-dns-sync
script now reconciles internal CNAMEs from (add/update/REMOVE — fixes
the add-only stale-record gotcha), and one shared 10-min CronJob that
mirrors each Content folder (rclone, drive.readonly, stem95su's guards)
and wrangler-deploys ONLY on manifest change (free-tier deploy cap).
Scoped CF Pages token + shared rclone conf in secret/valia-sites; the
Global API Key never enters a pod. cloudflared forgets bridge's record
via removed{} (no destroy). stem95su is in the map dns-parked
(manage_dns=false) until its cutover commit.
Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
parent
5c42155b81
commit
8b80b4cc41
7 changed files with 478 additions and 17 deletions
15
stacks/valia-sites/sync-image/Dockerfile
Normal file
15
stacks/valia-sites/sync-image/Dockerfile
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
# valia-sites-sync: everything the 10-min Content-folder mirror needs, baked in
|
||||
# (no runtime installs — CronJob pods must not apk/npm on every start).
|
||||
# rclone pinned to match the proven stem95su version; wrangler pinned to major 4.
|
||||
FROM node:22-alpine
|
||||
|
||||
RUN apk add --no-cache curl unzip ca-certificates jq \
|
||||
&& curl -fsSL https://downloads.rclone.org/v1.74.3/rclone-v1.74.3-linux-amd64.zip -o /tmp/rclone.zip \
|
||||
&& unzip -j /tmp/rclone.zip '*/rclone' -d /usr/local/bin \
|
||||
&& chmod +x /usr/local/bin/rclone \
|
||||
&& rm /tmp/rclone.zip \
|
||||
&& npm install -g wrangler@4 \
|
||||
&& npm cache clean --force
|
||||
|
||||
# wrangler writes config/cache under $HOME; the CronJob runs as non-root node (uid 1000)
|
||||
ENV HOME=/tmp
|
||||
Loading…
Add table
Add a link
Reference in a new issue