viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
infra/stacks
History
Viktor Barzin b1d152be1f [infra] Auto-create Cloudflare DNS records from ingress_factory 
## Context

Deploying new services required manually adding hostnames to
cloudflare_proxied_names/cloudflare_non_proxied_names in config.tfvars —
a separate file from the service stack. This was frequently forgotten,
leaving services unreachable externally.

## This change:

- Add `dns_type` parameter to `ingress_factory` and `reverse_proxy/factory`
  modules. Setting `dns_type = "proxied"` or `"non-proxied"` auto-creates
  the Cloudflare DNS record (CNAME to tunnel or A/AAAA to public IP).
- Simplify cloudflared tunnel from 100 per-hostname rules to wildcard
  `*.viktorbarzin.me → Traefik`. Traefik still handles host-based routing.
- Add global Cloudflare provider via terragrunt.hcl (separate
  cloudflare_provider.tf with Vault-sourced API key).
- Migrate 118 hostnames from centralized config.tfvars to per-service
  dns_type. 17 hostnames remain centrally managed (Helm ingresses,
  special cases).
- Update docs, AGENTS.md, CLAUDE.md, dns.md runbook.

```
BEFORE                          AFTER
config.tfvars (manual list)     stacks/<svc>/main.tf
        |                         module "ingress" {
        v                           dns_type = "proxied"
stacks/cloudflared/               }
  for_each = list                     |
  cloudflare_record               auto-creates
  tunnel per-hostname             cloudflare_record + annotation
```

## What is NOT in this change:

- Uptime Kuma monitor migration (still reads from config.tfvars)
- 17 remaining centrally-managed hostnames (Helm, special cases)
- Removal of allow_overwrite (keep until migration confirmed stable)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-16 13:45:04 +00:00
..
_template [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
actualbudget [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
affine [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
authentik [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
beads-server [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
blog [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
changedetection [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
city-guesser [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
claude-memory [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
cloudflared [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
cnpg extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
coturn feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
crowdsec [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
cyberchef [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
dashy [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
dawarich [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
dbaas [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
descheduler resilience improvements: MySQL anti-affinity comment, descheduler 5min, prometheus termination 60s 2026-04-06 00:25:49 +03:00
diun fix: cluster healthcheck fixes + Authentik upgrade to 2026.2.2 2026-04-15 06:41:56 +00:00
ebook2audiobook [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
ebooks [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
echo [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
excalidraw [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
external-secrets regenerate providers.tf: remove vault_root_token variable [ci skip] 2026-03-15 21:21:01 +00:00
f1-stream [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
foolery [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
forgejo [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
freedify [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
freshrss [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
frigate [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
grampsweb truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
hackmd [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
headscale [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
health [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
hermes-agent chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
homepage [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
immich [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
infra chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
infra-maintenance truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
insta2spotify [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
iscsi-csi extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
isponsorblocktv truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
jsoncrack [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
k8s-dashboard [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
k8s-portal [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
kms [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
kyverno fix(ci): add registry.viktorbarzin.me:5050 to imagePullSecrets 2026-04-15 21:50:51 +00:00
linkwarden [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
mailserver [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
matrix [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
meshcentral [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
metallb upgrade MetalLB v0.10.2 → v0.15.3 and update annotations 2026-03-24 17:24:05 +02:00
metrics-server extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
monitoring [monitoring] Exclude websocket protocol from HighServiceLatency alert 2026-04-15 21:51:19 +00:00
n8n [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
navidrome [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
netbox [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
networking-toolbox [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
nextcloud [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
nfs-csi fix: NFS outage recovery — migrate to NFSv4, add alerting 2026-04-14 10:28:27 +00:00
novelapp [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
ntfy [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
nvidia right-size memory requests to unblock GPU workloads and fix dbaas quota [ci skip] 2026-03-17 22:35:54 +00:00
ollama [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
onlyoffice [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
openclaw [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
osm_routing chore: sync terraform state after nfsvers=4 convergence 2026-04-14 11:20:18 +00:00
owntracks [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
paperless-ngx [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
phpipam [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
platform chore: add pre-commit size guard and harden .gitignore 2026-04-15 14:13:18 +00:00
plotting-book [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
poison-fountain [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
priority-pass [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
privatebin [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
proxmox-csi feat(storage): migrate all sensitive services to proxmox-lvm-encrypted 2026-04-15 20:15:30 +00:00
pvc-autoresizer fix: disable cert-manager webhook for pvc-autoresizer, use self-signed cert [ci skip] 2026-04-03 23:44:49 +03:00
rbac Reduce disk write amplification across cluster (~200-350 GB/day savings) [ci skip] 2026-04-09 19:01:21 +00:00
real-estate-crawler [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
redis feat(storage): migrate all sensitive services to proxmox-lvm-encrypted 2026-04-15 20:15:30 +00:00
reloader sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
resume [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
reverse-proxy [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
rybbit [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
sealed-secrets extract remaining 19 modules from platform, complete stack split [ci skip] 2026-03-17 21:42:16 +00:00
send [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
servarr [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
shadowsocks feat: pin ~28 images to specific versions, enable DIUN monitoring, add app-stacks pipeline 2026-04-06 14:27:13 +03:00
speedtest [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
status-page chore: add untracked stacks, scripts, and agent configs 2026-04-15 09:33:06 +00:00
stirling-pdf [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
tandoor [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
technitium [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
terminal [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
tor-proxy truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
trading-bot [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
traefik [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
travel_blog sync regenerated providers.tf + upstream changes 2026-03-22 02:56:04 +02:00
tuya-bridge [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
uptime-kuma [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
url [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
vault [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
vaultwarden [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
vpa [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
wealthfolio [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
webhook_handler [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
whisper truenas deprecation: migrate all non-immich storage to proxmox NFS 2026-04-12 14:35:39 +01:00
wireguard consolidate MetalLB IPs: 5 → 1 (10.0.20.200) 2026-03-24 18:35:43 +02:00
woodpecker [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
xray [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00
ytdlp [infra] Auto-create Cloudflare DNS records from ingress_factory 2026-04-16 13:45:04 +00:00