ldraney/pal-e-platform
1
0
Fork 0
Code Issues 104 Pull requests 7 Projects Releases Packages Wiki Activity Actions

Add DNS and Caddy config for myvibes.world #458

Open
ldraney wants to merge 0 commits from 457-add-dns-and-caddy-config-for-myvibes-wor into main
pull from: 457-add-dns-and-caddy-config-for-myvibes-wor
merge into: ldraney:main
Conversation 1 Commits - Files changed -
ldraney commented 2026-06-19 01:57:04 +00:00
Owner
Copy link

Summary

Add GoDaddy DNS A record and Caddy reverse proxy configuration for myvibes.world, routing public traffic through the Hetzner edge VPS to the my-vibes-world Tailscale service. Follows the established pattern from palinks.app and landscaping-assistant.app.

Changes

  • terraform/dns.tf -- Added godaddy_dns_record.myvibes_world_a A record pointing myvibes.world to module.hetzner_edge.server_ipv4 with TTL 600
  • salt/pillar/caddy.sls -- Added my-vibes-world site entry under caddy.sites with domain myvibes.world, proxy target my-vibes-world.tail5b443a.ts.net, and www redirect enabled

tofu plan Output

Unable to run tofu plan in agent context (requires provider credentials and state access). The changes are purely additive -- one new godaddy_dns_record resource with no modifications to existing resources.

tofu fmt -check passed with no issues.

Test Plan

  • tofu fmt -check terraform/dns.tf passes (verified)
  • tofu plan shows only the new godaddy_dns_record.myvibes_world_a resource to add
  • tofu apply creates the A record on GoDaddy
  • Salt highstate applies the new Caddy site entry
  • dig myvibes.world resolves to the Hetzner edge IP
  • curl -I https://myvibes.world returns a response proxied from the Tailscale service

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive
  • Feature flag needed? No -- infrastructure config only

Related Notes

  • ldraney/pal-e-platform #457 -- the Forgejo issue this PR implements
  • pal-e-platform -- the project this work belongs to

Closes #457

## Summary Add GoDaddy DNS A record and Caddy reverse proxy configuration for `myvibes.world`, routing public traffic through the Hetzner edge VPS to the `my-vibes-world` Tailscale service. Follows the established pattern from `palinks.app` and `landscaping-assistant.app`. ## Changes - `terraform/dns.tf` -- Added `godaddy_dns_record.myvibes_world_a` A record pointing `myvibes.world` to `module.hetzner_edge.server_ipv4` with TTL 600 - `salt/pillar/caddy.sls` -- Added `my-vibes-world` site entry under `caddy.sites` with domain `myvibes.world`, proxy target `my-vibes-world.tail5b443a.ts.net`, and www redirect enabled ## tofu plan Output Unable to run `tofu plan` in agent context (requires provider credentials and state access). The changes are purely additive -- one new `godaddy_dns_record` resource with no modifications to existing resources. `tofu fmt -check` passed with no issues. ## Test Plan - [ ] `tofu fmt -check terraform/dns.tf` passes (verified) - [ ] `tofu plan` shows only the new `godaddy_dns_record.myvibes_world_a` resource to add - [ ] `tofu apply` creates the A record on GoDaddy - [ ] Salt highstate applies the new Caddy site entry - [ ] `dig myvibes.world` resolves to the Hetzner edge IP - [ ] `curl -I https://myvibes.world` returns a response proxied from the Tailscale service ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive - [ ] Feature flag needed? No -- infrastructure config only ## Related Notes - `ldraney/pal-e-platform #457` -- the Forgejo issue this PR implements - `pal-e-platform` -- the project this work belongs to Closes #457
ldraney commented 2026-06-19 01:59:14 +00:00
Author
Owner
Copy link

PR #458 Review

Parent issue: #457
Branch: 457-add-dns-and-caddy-config-for-myvibes-wor
Files changed: terraform/dns.tf, salt/pillar/caddy.sls

DOMAIN REVIEW

Stack identified: Terraform (GoDaddy DNS provider) + Salt (pillar YAML + Jinja2 template)

Terraform (dns.tf):

  • New godaddy_dns_record.myvibes_world_a resource follows the exact pattern of the existing palinks_a and landscaping_assistant_a records: apex @ A record, TTL 600, pointing to module.hetzner_edge.server_ipv4.
  • The godaddy provider is already configured in providers.tf -- no new provider dependency needed.
  • Resource naming convention is consistent: {domain_slug}_a.
  • tofu fmt compliance claimed in PR body and the file reads clean.
  • Change is purely additive -- one new resource, zero modifications to existing resources. State safety is not a concern.

Salt (caddy.sls):

  • New my-vibes-world site entry follows the existing pillar structure exactly: domain, proxy_target, www_redirect.
  • The Caddyfile.j2 template iterates pillar['caddy']['sites'] and generates site blocks dynamically -- no template modification needed.
  • www_redirect: true is consistent with existing sites and will generate a www.myvibes.world -> myvibes.world permanent redirect block.
  • The caddy-reload state in salt/states/caddy/init.sls uses onchanges to trigger caddy reload when the Caddyfile changes -- the new pillar entry will trigger this automatically on highstate.
  • Proxy target my-vibes-world.tail5b443a.ts.net follows the Tailscale MagicDNS naming convention used by the other services.

No secrets exposure: All sensitive values (GoDaddy API key/secret, Hetzner token, etc.) are referenced via Terraform variables, not hardcoded.

BLOCKERS

None.

NITS

  1. Minor comment staleness in init.sls (pre-existing, not introduced by this PR): Line 23 of salt/states/caddy/init.sls shows proxy_target: landscaping.tail5b443a.ts.net in the example pillar structure, but the actual pillar in caddy.sls uses landscaping-assistant.tail5b443a.ts.net. This is a pre-existing documentation drift, not introduced by this PR, but worth noting for a future cleanup.

  2. Deployment verification note: The PR body correctly acknowledges that tofu plan could not be run in agent context. The test plan covers the right verification steps (dig, curl). Ensure my-vibes-world is registered as a Tailscale service before applying, or the Caddy upstream will fail health checks.

SOP COMPLIANCE

  • PR body has: Summary, Changes, Test Plan, Related -- all present and well-structured
  • No secrets committed -- all credentials use Terraform variables
  • No unnecessary file changes -- exactly 2 files, both directly related to the task
  • Commit message is descriptive: Add DNS and Caddy config for myvibes.world
  • Closes #457 present -- issue will auto-close on merge
  • Test plan includes both infrastructure verification (tofu plan/apply) and runtime verification (dig, curl)

PROCESS OBSERVATIONS

  • Change failure risk: LOW. Purely additive infrastructure change following an established, well-tested pattern. No modifications to existing resources or state.
  • Deployment frequency: Normal. Single-purpose PR with clean scope.
  • Rollback path: Clean. If DNS or Caddy config causes issues, the new resource can be destroyed independently without affecting existing domains.

VERDICT: APPROVED

## PR #458 Review **Parent issue:** #457 **Branch:** `457-add-dns-and-caddy-config-for-myvibes-wor` **Files changed:** `terraform/dns.tf`, `salt/pillar/caddy.sls` ### DOMAIN REVIEW **Stack identified:** Terraform (GoDaddy DNS provider) + Salt (pillar YAML + Jinja2 template) **Terraform (dns.tf):** - New `godaddy_dns_record.myvibes_world_a` resource follows the exact pattern of the existing `palinks_a` and `landscaping_assistant_a` records: apex `@` A record, TTL 600, pointing to `module.hetzner_edge.server_ipv4`. - The `godaddy` provider is already configured in `providers.tf` -- no new provider dependency needed. - Resource naming convention is consistent: `{domain_slug}_a`. - `tofu fmt` compliance claimed in PR body and the file reads clean. - Change is purely additive -- one new resource, zero modifications to existing resources. State safety is not a concern. **Salt (caddy.sls):** - New `my-vibes-world` site entry follows the existing pillar structure exactly: `domain`, `proxy_target`, `www_redirect`. - The Caddyfile.j2 template iterates `pillar['caddy']['sites']` and generates site blocks dynamically -- no template modification needed. - `www_redirect: true` is consistent with existing sites and will generate a `www.myvibes.world -> myvibes.world` permanent redirect block. - The `caddy-reload` state in `salt/states/caddy/init.sls` uses `onchanges` to trigger `caddy reload` when the Caddyfile changes -- the new pillar entry will trigger this automatically on highstate. - Proxy target `my-vibes-world.tail5b443a.ts.net` follows the Tailscale MagicDNS naming convention used by the other services. **No secrets exposure:** All sensitive values (GoDaddy API key/secret, Hetzner token, etc.) are referenced via Terraform variables, not hardcoded. ### BLOCKERS None. ### NITS 1. **Minor comment staleness in init.sls (pre-existing, not introduced by this PR):** Line 23 of `salt/states/caddy/init.sls` shows `proxy_target: landscaping.tail5b443a.ts.net` in the example pillar structure, but the actual pillar in `caddy.sls` uses `landscaping-assistant.tail5b443a.ts.net`. This is a pre-existing documentation drift, not introduced by this PR, but worth noting for a future cleanup. 2. **Deployment verification note:** The PR body correctly acknowledges that `tofu plan` could not be run in agent context. The test plan covers the right verification steps (dig, curl). Ensure `my-vibes-world` is registered as a Tailscale service before applying, or the Caddy upstream will fail health checks. ### SOP COMPLIANCE - [x] PR body has: Summary, Changes, Test Plan, Related -- all present and well-structured - [x] No secrets committed -- all credentials use Terraform variables - [x] No unnecessary file changes -- exactly 2 files, both directly related to the task - [x] Commit message is descriptive: `Add DNS and Caddy config for myvibes.world` - [x] `Closes #457` present -- issue will auto-close on merge - [x] Test plan includes both infrastructure verification (tofu plan/apply) and runtime verification (dig, curl) ### PROCESS OBSERVATIONS - **Change failure risk: LOW.** Purely additive infrastructure change following an established, well-tested pattern. No modifications to existing resources or state. - **Deployment frequency: Normal.** Single-purpose PR with clean scope. - **Rollback path: Clean.** If DNS or Caddy config causes issues, the new resource can be destroyed independently without affecting existing domains. ### VERDICT: APPROVED
All checks were successful
ci/woodpecker/push/terraform Pipeline was successful
Details
ci/woodpecker/pr/terraform Pipeline was successful
Details
This branch is already included in the target branch. There is nothing to merge.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin 457-add-dns-and-caddy-config-for-myvibes-wor:457-add-dns-and-caddy-config-for-myvibes-wor
git switch 457-add-dns-and-caddy-config-for-myvibes-wor
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
ldraney/pal-e-platform!458
No description provided.