eblume/blumeops
1
1
Fork 0
Code Issues Pull requests Projects Releases 83 Packages Wiki Activity Actions

C0: split gandi-operations docs; add dns-acme-cleanup mise task

Browse source 
Splits the nebulous gandi-operations how-to into two single-topic cards
(manage-eblu-me-dns, rotate-gandi-pat) and adds a mise task for the
recurring _acme-challenge TXT cleanup needed due to a value-comparison
bug in libdns/gandi v1.1.0 that prevents certmagic's cleanup phase from
removing presented TXT values.

The gandi reference card is updated to drop the false "different
credential from Pulumi PAT" claim — verified during the 2026-04-27
incident that Caddy and Pulumi share a single PAT.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
Erich Blume 2026-04-27 09:48:46 -07:00
commit 005e2a03ed
10 changed files with 315 additions and 159 deletions
Download patch file Download diff file Expand all files Collapse all files

1
docs/reference/tools/mise-tasks.md
View file

@ -39,6 +39,7 @@ Run `mise tasks --sort name` for the live list with descriptions.
| `fly-shutoff` | Emergency shutoff: stop all Fly.io proxy machines |
| `dns-preview` | Preview DNS changes with [[pulumi]] |
| `dns-up` | Apply DNS changes with [[pulumi]] |
| `dns-acme-cleanup` | Delete orphaned `_acme-challenge.ops` TXT records (libdns/gandi v1.1.0 workaround) |
| `tailnet-preview` | Preview Tailscale ACL changes with [[pulumi]] |
| `tailnet-up` | Apply Tailscale ACL changes with [[pulumi]] |

3
docs/reference/tools/pulumi.md
View file

@ -49,7 +49,8 @@ mise run tailnet-up # Apply ACL/tag changes
## Related
- [[gandi-operations]] — DNS PAT rotation and Pulumi workflow
- [[manage-eblu-me-dns]] — DNS records workflow
- [[rotate-gandi-pat]] — Rotate the Gandi PAT
- [[update-tailscale-acls]] — ACL editing and Pulumi workflow
- [[gandi]] — DNS hosting
- [[tailscale]] — Tailnet configuration