root
af090c818b
Woodpecker CI deploy [CI SKIP]
2026-04-16 13:46:08 +00:00
Viktor Barzin
b1d152be1f
[infra] Auto-create Cloudflare DNS records from ingress_factory
...
## Context
Deploying new services required manually adding hostnames to
cloudflare_proxied_names/cloudflare_non_proxied_names in config.tfvars —
a separate file from the service stack. This was frequently forgotten,
leaving services unreachable externally.
## This change:
- Add `dns_type` parameter to `ingress_factory` and `reverse_proxy/factory`
modules. Setting `dns_type = "proxied"` or `"non-proxied"` auto-creates
the Cloudflare DNS record (CNAME to tunnel or A/AAAA to public IP).
- Simplify cloudflared tunnel from 100 per-hostname rules to wildcard
`*.viktorbarzin.me → Traefik`. Traefik still handles host-based routing.
- Add global Cloudflare provider via terragrunt.hcl (separate
cloudflare_provider.tf with Vault-sourced API key).
- Migrate 118 hostnames from centralized config.tfvars to per-service
dns_type. 17 hostnames remain centrally managed (Helm ingresses,
special cases).
- Update docs, AGENTS.md, CLAUDE.md, dns.md runbook.
```
BEFORE AFTER
config.tfvars (manual list) stacks/<svc>/main.tf
| module "ingress" {
v dns_type = "proxied"
stacks/cloudflared/ }
for_each = list |
cloudflare_record auto-creates
tunnel per-hostname cloudflare_record + annotation
```
## What is NOT in this change:
- Uptime Kuma monitor migration (still reads from config.tfvars)
- 17 remaining centrally-managed hostnames (Helm, special cases)
- Removal of allow_overwrite (keep until migration confirmed stable)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 13:45:04 +00:00
Viktor Barzin
95d2a6abf8
state(wealthfolio): update encrypted state
2026-04-16 11:30:59 +00:00
Viktor Barzin
e8874dd37a
state(cloudflared): update encrypted state
2026-04-16 10:59:30 +00:00
Viktor Barzin
997fd4f85b
state(linkwarden): update encrypted state
2026-04-16 10:35:35 +00:00
Viktor Barzin
2ae31148cb
state(ytdlp): update encrypted state
2026-04-16 10:33:55 +00:00
Viktor Barzin
43b0316978
state(xray): update encrypted state
2026-04-16 10:33:39 +00:00
Viktor Barzin
f0e7de8e57
state(woodpecker): update encrypted state
2026-04-16 10:33:27 +00:00
Viktor Barzin
deff4ae9f5
state(webhook_handler): update encrypted state
2026-04-16 10:33:11 +00:00
Viktor Barzin
1557ce0084
state(servarr): update encrypted state
2026-04-16 10:30:30 +00:00
Viktor Barzin
6d0772df60
state(vpa): update encrypted state
2026-04-16 10:25:07 +00:00
Viktor Barzin
1616b3c483
state(vaultwarden): update encrypted state
2026-04-16 10:24:42 +00:00
Viktor Barzin
a34df78158
state(vault): update encrypted state
2026-04-16 10:24:29 +00:00
Viktor Barzin
fc813bd5bd
state(tuya-bridge): update encrypted state
2026-04-16 10:19:56 +00:00
Viktor Barzin
192bb2348f
state(traefik): update encrypted state
2026-04-16 10:19:35 +00:00
Viktor Barzin
90189a4307
state(trading-bot): update encrypted state
2026-04-16 10:19:13 +00:00
Viktor Barzin
8caf760878
state(terminal): update encrypted state
2026-04-16 10:18:57 +00:00
Viktor Barzin
99d607f8d3
state(technitium): update encrypted state
2026-04-16 10:18:44 +00:00
Viktor Barzin
3999deae71
state(tandoor): update encrypted state
2026-04-16 10:18:29 +00:00
Viktor Barzin
2de253b693
state(stirling-pdf): update encrypted state
2026-04-16 10:17:41 +00:00
Viktor Barzin
6ee429f8d2
state(speedtest): update encrypted state
2026-04-16 10:17:21 +00:00
Viktor Barzin
fd51caa572
state(send): update encrypted state
2026-04-16 10:16:45 +00:00
Viktor Barzin
cdf5e583a3
state(real-estate-crawler): update encrypted state
2026-04-16 10:12:57 +00:00
Viktor Barzin
2bd8c92f00
state(privatebin): update encrypted state
2026-04-16 10:12:41 +00:00
Viktor Barzin
32ad8342a1
state(poison-fountain): update encrypted state
2026-04-16 10:11:57 +00:00
Viktor Barzin
560a7b519f
state(plotting-book): update encrypted state
2026-04-16 10:11:45 +00:00
Viktor Barzin
2fddcabd01
state(owntracks): update encrypted state
2026-04-16 10:09:05 +00:00
Viktor Barzin
4f0dc058c6
state(openclaw): update encrypted state
2026-04-16 10:08:00 +00:00
Viktor Barzin
cc8e5e9d11
state(onlyoffice): update encrypted state
2026-04-16 10:07:41 +00:00
Viktor Barzin
e25eed343d
state(ollama): update encrypted state
2026-04-16 10:07:20 +00:00
Viktor Barzin
7fe9eb65e8
state(ntfy): update encrypted state
2026-04-16 10:07:04 +00:00
Viktor Barzin
c72257c58e
state(novelapp): update encrypted state
2026-04-16 10:06:45 +00:00
Viktor Barzin
71a3998193
state(nextcloud): update encrypted state
2026-04-16 10:06:26 +00:00
Viktor Barzin
44ef6af4fb
state(netbox): update encrypted state
2026-04-16 10:03:54 +00:00
Viktor Barzin
f78672d30b
state(navidrome): update encrypted state
2026-04-16 10:03:31 +00:00
Viktor Barzin
53855b4265
state(n8n): update encrypted state
2026-04-16 10:03:15 +00:00
Viktor Barzin
2e3edd7a48
state(matrix): update encrypted state
2026-04-16 10:02:24 +00:00
Viktor Barzin
4d4996f246
state(mailserver): update encrypted state
2026-04-16 10:01:59 +00:00
Viktor Barzin
0bd17e3122
state(kms): update encrypted state
2026-04-16 10:01:32 +00:00
Viktor Barzin
b8a35ecf52
state(k8s-portal): update encrypted state
2026-04-16 10:01:13 +00:00
Viktor Barzin
5d248e98fa
state(freedify): update encrypted state
2026-04-16 10:00:54 +00:00
Viktor Barzin
ab82b926da
state(k8s-portal): update encrypted state
2026-04-16 09:58:45 +00:00
Viktor Barzin
b25d121e4a
state(k8s-dashboard): update encrypted state
2026-04-16 09:58:35 +00:00
Viktor Barzin
b22496e6d8
state(jsoncrack): update encrypted state
2026-04-16 09:58:08 +00:00
Viktor Barzin
a1dfe195c6
state(immich): update encrypted state
2026-04-16 09:57:23 +00:00
Viktor Barzin
e3a68b5746
state(homepage): update encrypted state
2026-04-16 09:57:03 +00:00
Viktor Barzin
f0334f268c
state(health): update encrypted state
2026-04-16 09:56:40 +00:00
Viktor Barzin
db0c176a52
state(headscale): update encrypted state
2026-04-16 09:56:15 +00:00
Viktor Barzin
6a0d8e73e2
state(hackmd): update encrypted state
2026-04-16 09:56:00 +00:00
Viktor Barzin
83c3d95258
state(frigate): update encrypted state
2026-04-16 09:55:31 +00:00
