ldraney/pal-e-platform

Fork 0

fix: correct Tailscale hostname in Caddy pillar for landscaping-assistant (#444) #445

Merged

ldraney merged 1 commit from 444-fix-caddy-pillar-hostname into main

2026-06-16 01:41:54 +00:00

ldraney commented

2026-06-16 01:38:35 +00:00

Owner

Summary

Fixes the Tailscale hostname in the Caddy pillar from landscaping to landscaping-assistant, matching the actual machine name shown by tailscale status.

Changes

salt/pillar/caddy.sls: Changed proxy_target from landscaping.tail5b443a.ts.net to landscaping-assistant.tail5b443a.ts.net

Test Plan

Verify tailscale status shows the machine as landscaping-assistant
Run salt '*edge*' state.apply caddy and confirm Caddy can reach the upstream

Review Checklist

One-line change, no side effects
Hostname verified via tailscale status

Closes #444

N/A — no docs changes needed for a hostname typo fix.

## Summary Fixes the Tailscale hostname in the Caddy pillar from `landscaping` to `landscaping-assistant`, matching the actual machine name shown by `tailscale status`. ## Changes - `salt/pillar/caddy.sls`: Changed `proxy_target` from `landscaping.tail5b443a.ts.net` to `landscaping-assistant.tail5b443a.ts.net` ## Test Plan - Verify `tailscale status` shows the machine as `landscaping-assistant` - Run `salt '*edge*' state.apply caddy` and confirm Caddy can reach the upstream ## Review Checklist - [x] One-line change, no side effects - [x] Hostname verified via `tailscale status` ## Related - Closes #444 ## Related Notes N/A — no docs changes needed for a hostname typo fix.

ldraney added 1 commit

2026-06-16 01:38:35 +00:00

fix: correct Tailscale hostname in Caddy pillar for landscaping-assistant

ci/woodpecker/push/terraform Pipeline was successful

Details

ci/woodpecker/pr/terraform Pipeline was successful

Details

ci/woodpecker/pull_request_closed/terraform Pipeline was successful

Details

a6205d3648

The proxy_target used "landscaping" but the actual Tailscale machine name
is "landscaping-assistant". Without this fix, Caddy cannot reach the upstream.

Closes #444

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

ldraney commented

2026-06-16 01:39:45 +00:00

Author

Owner

PR #445 Review

DOMAIN REVIEW

Stack: Salt (SLS pillar) / Caddy reverse proxy / Tailscale networking

This is a one-line fix in salt/pillar/caddy.sls correcting the proxy_target for the landscaping site from landscaping.tail5b443a.ts.net to landscaping-assistant.tail5b443a.ts.net.

Salt/Caddy checks:

Pillar structure is consistent -- both sites (palinks and landscaping) follow the same schema: domain, proxy_target, www_redirect.
The proxy_target now correctly matches the Tailscale machine name (landscaping-assistant), consistent with the domain landscaping-assistant.app already set in the domain field. The old value landscaping was a truncation that would cause Caddy to fail to reach the upstream.
No secrets in pillar -- hostnames only, credentials are handled elsewhere. Correct.
The site key remains landscaping (not landscaping-assistant), which is fine -- it is an internal identifier for the Jinja template, not a resolvable hostname. No issue here.

Naming observation (non-blocking): The site key landscaping is slightly misleading since the domain and proxy target both reference landscaping-assistant. However, changing it would be a separate concern and could affect state references. Not a blocker.

BLOCKERS

None.

This is a typo fix in a configuration file. No new functionality is introduced, so no test coverage is required. No user input is involved. No secrets are present. No auth logic is touched.

NITS

Site key naming -- The pillar key landscaping could be renamed to landscaping-assistant for consistency with the domain and proxy target. This is cosmetic and would need checking for any Salt state or template references to the key. Not worth blocking on.

SOP COMPLIANCE

PR body has: Summary, Changes, Test Plan, Related -- all present and well-written
No secrets committed -- only Tailscale hostnames, no credentials
No unnecessary file changes -- single file, single line, tightly scoped
Commit message is descriptive -- follows fix: conventional commit format
Test plan is reasonable for a config fix (manual verification via tailscale status and salt state.apply)

PROCESS OBSERVATIONS

Low change failure risk -- single character-level correction in a config value, easily reversible.
Deployment frequency: no impact. This is a hotfix for a broken upstream route.
The PR correctly references and closes the parent issue #444.
The test plan appropriately calls for manual infrastructure verification rather than unit tests, which is correct for Salt pillar changes.

VERDICT: APPROVED

## PR #445 Review ### DOMAIN REVIEW **Stack:** Salt (SLS pillar) / Caddy reverse proxy / Tailscale networking This is a one-line fix in `salt/pillar/caddy.sls` correcting the `proxy_target` for the `landscaping` site from `landscaping.tail5b443a.ts.net` to `landscaping-assistant.tail5b443a.ts.net`. **Salt/Caddy checks:** - Pillar structure is consistent -- both sites (`palinks` and `landscaping`) follow the same schema: `domain`, `proxy_target`, `www_redirect`. - The `proxy_target` now correctly matches the Tailscale machine name (`landscaping-assistant`), consistent with the domain `landscaping-assistant.app` already set in the `domain` field. The old value `landscaping` was a truncation that would cause Caddy to fail to reach the upstream. - No secrets in pillar -- hostnames only, credentials are handled elsewhere. Correct. - The site key remains `landscaping` (not `landscaping-assistant`), which is fine -- it is an internal identifier for the Jinja template, not a resolvable hostname. No issue here. **Naming observation (non-blocking):** The site key `landscaping` is slightly misleading since the domain and proxy target both reference `landscaping-assistant`. However, changing it would be a separate concern and could affect state references. Not a blocker. ### BLOCKERS None. This is a typo fix in a configuration file. No new functionality is introduced, so no test coverage is required. No user input is involved. No secrets are present. No auth logic is touched. ### NITS 1. **Site key naming** -- The pillar key `landscaping` could be renamed to `landscaping-assistant` for consistency with the domain and proxy target. This is cosmetic and would need checking for any Salt state or template references to the key. Not worth blocking on. ### SOP COMPLIANCE - [x] PR body has: Summary, Changes, Test Plan, Related -- all present and well-written - [x] No secrets committed -- only Tailscale hostnames, no credentials - [x] No unnecessary file changes -- single file, single line, tightly scoped - [x] Commit message is descriptive -- follows `fix:` conventional commit format - [x] Test plan is reasonable for a config fix (manual verification via `tailscale status` and `salt state.apply`) ### PROCESS OBSERVATIONS - Low change failure risk -- single character-level correction in a config value, easily reversible. - Deployment frequency: no impact. This is a hotfix for a broken upstream route. - The PR correctly references and closes the parent issue #444. - The test plan appropriately calls for manual infrastructure verification rather than unit tests, which is correct for Salt pillar changes. ### VERDICT: APPROVED

ldraney commented

2026-06-16 01:41:32 +00:00

Author

Owner

PR #445 Review

DOMAIN REVIEW

Stack: Salt pillar (YAML), consumed by Jinja2 template (salt/states/caddy/Caddyfile.j2).

The change is a single-line fix in salt/pillar/caddy.sls, correcting the Tailscale hostname from landscaping.tail5b443a.ts.net to landscaping-assistant.tail5b443a.ts.net. The pillar value feeds directly into the Caddyfile template:

reverse_proxy {{ site.proxy_target }}:443 {
    transport http {
        tls_server_name {{ site.proxy_target }}
    }
}

The fix is correct. The old hostname would cause Caddy to proxy to a non-existent Tailscale node, breaking upstream connectivity for landscaping-assistant.app.

Salt compliance: No structural issues. The pillar key name, nesting, and data type are consistent with the existing palinks site block above it.

Secrets handling: No secrets exposed. The Tailscale tailnet ID (tail5b443a) is a network identifier, not a credential.

BLOCKERS

None. This is a one-line typo fix in infrastructure configuration. No new functionality is introduced, so no new tests are required. No security surface is changed.

NITS

Stale documentation in state file: salt/states/caddy/init.sls contains an example pillar block in its header comments that still shows the old hostname (landscaping.tail5b443a.ts.net). Not functionally impactful (it is a comment, not rendered), but creates maintenance drift. Consider a follow-up or including the doc fix here.

SOP COMPLIANCE

PR body has Summary, Changes, Test Plan, Related sections
No secrets, .env files, or credentials committed
No unnecessary file changes (single file, single line -- tightly scoped)
Commit message is descriptive and references the issue
Branch name follows convention (444-fix-caddy-pillar-hostname)

PROCESS OBSERVATIONS

Change failure risk: Low. One-line config fix, easily verifiable via tailscale status and salt '*edge*' state.apply caddy. The test plan in the PR body is appropriate.
DORA impact: This is a bug fix for a recently merged feature (#442 / #434). The turnaround from feature merge to fix PR is fast, which is positive for change failure rate recovery.
Documentation gap: The stale comment in init.sls is minor but worth tracking to avoid future confusion during onboarding or audits.

VERDICT: APPROVED

## PR #445 Review ### DOMAIN REVIEW **Stack:** Salt pillar (YAML), consumed by Jinja2 template (`salt/states/caddy/Caddyfile.j2`). The change is a single-line fix in `salt/pillar/caddy.sls`, correcting the Tailscale hostname from `landscaping.tail5b443a.ts.net` to `landscaping-assistant.tail5b443a.ts.net`. The pillar value feeds directly into the Caddyfile template: ```jinja2 reverse_proxy {{ site.proxy_target }}:443 { transport http { tls_server_name {{ site.proxy_target }} } } ``` The fix is correct. The old hostname would cause Caddy to proxy to a non-existent Tailscale node, breaking upstream connectivity for `landscaping-assistant.app`. **Salt compliance:** No structural issues. The pillar key name, nesting, and data type are consistent with the existing `palinks` site block above it. **Secrets handling:** No secrets exposed. The Tailscale tailnet ID (`tail5b443a`) is a network identifier, not a credential. ### BLOCKERS None. This is a one-line typo fix in infrastructure configuration. No new functionality is introduced, so no new tests are required. No security surface is changed. ### NITS 1. **Stale documentation in state file:** `salt/states/caddy/init.sls` contains an example pillar block in its header comments that still shows the old hostname (`landscaping.tail5b443a.ts.net`). Not functionally impactful (it is a comment, not rendered), but creates maintenance drift. Consider a follow-up or including the doc fix here. ### SOP COMPLIANCE - [x] PR body has Summary, Changes, Test Plan, Related sections - [x] No secrets, .env files, or credentials committed - [x] No unnecessary file changes (single file, single line -- tightly scoped) - [x] Commit message is descriptive and references the issue - [x] Branch name follows convention (`444-fix-caddy-pillar-hostname`) ### PROCESS OBSERVATIONS - **Change failure risk:** Low. One-line config fix, easily verifiable via `tailscale status` and `salt '*edge*' state.apply caddy`. The test plan in the PR body is appropriate. - **DORA impact:** This is a bug fix for a recently merged feature (#442 / #434). The turnaround from feature merge to fix PR is fast, which is positive for change failure rate recovery. - **Documentation gap:** The stale comment in `init.sls` is minor but worth tracking to avoid future confusion during onboarding or audits. ### VERDICT: APPROVED