feat(bootstrap): real olsitec.net config + DNS records (steps 1+2)
CONTRACT_001 amendments: hosts.git, vm.sshPort (default 22; VM uses 222), cloudflare.zoneId. config.ts + lib/context.ts (provider host uses sshPort). - components/dns.ts: forge/vault/s3/git.olsitec.net A -> VM (DNS-only, own CF provider from encrypted token). Deployed + verified authoritative = 204.168.234.72. - Pulumi.foundation.yaml: real config (olsitec.net, vm 204.168.234.72:222, letsencrypt-dns01) + encrypted secrets (cloudflare token, offsite creds). Master passphrase: pass olsitec-foundation/PULUMI_CONFIG_PASSPHRASE. - run.sh: reproducible deploy (passphrase + ssh key from pass/home). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
db47037bdc
commit
185be52763
10 changed files with 141 additions and 60 deletions
|
|
@ -8,6 +8,7 @@
|
|||
import { loadConfig } from "./config";
|
||||
import { buildBaseContext, DeployCtx } from "./lib/context";
|
||||
import { deployNetwork } from "./components/network";
|
||||
import { deployDns } from "./components/dns";
|
||||
|
||||
const cfg = loadConfig();
|
||||
|
||||
|
|
@ -16,6 +17,10 @@ const base = buildBaseContext(cfg);
|
|||
const network = deployNetwork(base);
|
||||
const ctx: DeployCtx = { ...base, network };
|
||||
|
||||
// --- public DNS records → the VM (independent of the container plane) ---
|
||||
const dnsRecords = deployDns(ctx);
|
||||
export const dnsHosts = dnsRecords.map((r) => r.name);
|
||||
|
||||
// =============================================================================
|
||||
// PHASE 3 — DATA PLANE (depends on: network)
|
||||
// T03 postgres · T04 rustfs · T05 vault (sealed)
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue