Add Gandi DNS management via Pulumi (#54)
## Summary - Restructure Pulumi into separate projects: `pulumi/tailscale/` and `pulumi/gandi/` - Add Gandi LiveDNS management for `eblu.me` domain - Create wildcard DNS record `*.ops.eblu.me` → indri's Tailscale IP (100.98.163.89) - Add mise tasks: `dns-up`, `dns-preview` - Update `tailnet-up` to pass `--yes` by default - Document PAT cycling process (expires every 30 days) ## Background This enables using real DNS names (`*.ops.eblu.me`) that resolve to Tailscale IPs, which allows containers and other systems to resolve services without depending on MagicDNS. Since Tailscale IPs (100.x.x.x) are not publicly routable, services remain tailnet-only while using standard DNS. ## Deployment and Testing - [ ] Run `cd pulumi/gandi && uv sync` to install dependencies - [ ] Run `cd pulumi/gandi && pulumi stack init eblu-me` to create stack - [ ] Run `mise run dns-preview` to verify configuration - [ ] Run `mise run dns-up` to apply DNS records - [ ] Verify with `dig +short test.ops.eblu.me` returns `100.98.163.89` 🤖 Generated with [Claude Code](https://claude.com/claude-code) Reviewed-on: https://forge.tail8d86e.ts.net/eblume/blumeops/pulls/54
This commit is contained in:
parent
af3536bc17
commit
b08faa50cc
17 changed files with 466 additions and 3 deletions
|
|
@ -9,5 +9,5 @@ TAILSCALE_OAUTH_CLIENT_SECRET=$(op --vault vg6xf6vvfmoh5hqjjhlhbeoaie item get w
|
|||
export TAILSCALE_OAUTH_CLIENT_SECRET
|
||||
export TAILSCALE_TAILNET="tail8d86e.ts.net"
|
||||
|
||||
cd "$(dirname "$0")/../pulumi"
|
||||
cd "$(dirname "$0")/../pulumi/tailscale"
|
||||
pulumi preview "$@"
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue