feat(bootstrap): real olsitec.net config + DNS records (steps 1+2)
CONTRACT_001 amendments: hosts.git, vm.sshPort (default 22; VM uses 222), cloudflare.zoneId. config.ts + lib/context.ts (provider host uses sshPort). - components/dns.ts: forge/vault/s3/git.olsitec.net A -> VM (DNS-only, own CF provider from encrypted token). Deployed + verified authoritative = 204.168.234.72. - Pulumi.foundation.yaml: real config (olsitec.net, vm 204.168.234.72:222, letsencrypt-dns01) + encrypted secrets (cloudflare token, offsite creds). Master passphrase: pass olsitec-foundation/PULUMI_CONFIG_PASSPHRASE. - run.sh: reproducible deploy (passphrase + ssh key from pass/home). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
parent
db47037bdc
commit
185be52763
10 changed files with 141 additions and 60 deletions
|
|
@ -32,3 +32,6 @@ NOTE: docker-over-SSH provider path needs SSH_PRIVATE_KEY_PATH=~/.ssh/foundation
|
|||
--- 2026-06-30T18:32:52Z --- HOST: mac->minio.wob.olsitec.de:19000 CMD: pulumi up (olsitec-foundation bucket + scoped SA) EXIT: RUNNING NOTE: offsite backup target setup
|
||||
--- 2026-06-30T18:32:54Z UPDATE --- EXIT: 0 — bucket+scoped SA created on home MinIO
|
||||
--- 2026-06-30T18:34:55Z UPDATE --- EXIT: 0 — olsitec-foundation bucket + scoped SA verified (put/list/delete OK, cross-bucket DENIED).
|
||||
--- 2026-06-30T18:45:46Z --- HOST: mac->VM(204.168.234.72:222)+cloudflare CMD: ./run.sh up (foundation-net + 4 DNS A records) EXIT: RUNNING NOTE: steps 1+2 — real config deploy: network on Helsinki VM + forge/vault/s3/git.olsitec.net DNS
|
||||
--- 2026-06-30T18:45:52Z UPDATE --- EXIT: 0 (see above)
|
||||
--- 2026-06-30T18:47:30Z UPDATE --- EXIT: 0 — DNS authoritative=204.168.234.72 for forge/vault/s3/git; foundation-net live on VM.
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue