Add Gandi DNS management via Pulumi #54

Merged

eblume merged 2 commits from feature/gandi-dns-pulumi into main

2026-01-25 08:15:46 -08:00

Author	SHA1	Message	Date
Erich Blume	e1d82935fb	Address PR feedback: dynamic IP resolution and documentation updates - Resolve indri's Tailscale IP dynamically via MagicDNS at deploy time - Add BLUMEOPS_REVERSE_PROXY_IP env var override for break-glass scenarios - Remove hardcoded IP from stack config - Clarify that indri hosts Caddy (the reverse proxy) in all docs - Update PAT permissions list with actual permissions enabled Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-25 08:12:47 -08:00
Erich Blume	cdeda4856f	Restructure Pulumi into separate projects for Tailscale and Gandi DNS - Move Tailscale ACL management to pulumi/tailscale/ - Add new Gandi DNS project at pulumi/gandi/ for eblu.me management - Create wildcard DNS record .ops.eblu.me pointing to indri's Tailscale IP - Add mise tasks: dns-up, dns-preview - Update tailnet-up/preview to use new path and add --yes flag - Document PAT cycling process (expires every 30 days) This enables using real DNS names (.ops.eblu.me) that resolve to Tailscale IPs, allowing containers to resolve services without MagicDNS dependency. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-01-25 07:59:22 -08:00

Author

SHA1

Message

Date

Erich Blume

e1d82935fb

Address PR feedback: dynamic IP resolution and documentation updates

- Resolve indri's Tailscale IP dynamically via MagicDNS at deploy time
- Add BLUMEOPS_REVERSE_PROXY_IP env var override for break-glass scenarios
- Remove hardcoded IP from stack config
- Clarify that indri hosts Caddy (the reverse proxy) in all docs
- Update PAT permissions list with actual permissions enabled

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-25 08:12:47 -08:00

Erich Blume

cdeda4856f

Restructure Pulumi into separate projects for Tailscale and Gandi DNS

- Move Tailscale ACL management to pulumi/tailscale/
- Add new Gandi DNS project at pulumi/gandi/ for eblu.me management
- Create wildcard DNS record *.ops.eblu.me pointing to indri's Tailscale IP
- Add mise tasks: dns-up, dns-preview
- Update tailnet-up/preview to use new path and add --yes flag
- Document PAT cycling process (expires every 30 days)

This enables using real DNS names (*.ops.eblu.me) that resolve to Tailscale
IPs, allowing containers to resolve services without MagicDNS dependency.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

2026-01-25 07:59:22 -08:00