diff --git a/data/mesh-hosts.json b/data/mesh-hosts.json index 0b77c97..0928acc 100644 --- a/data/mesh-hosts.json +++ b/data/mesh-hosts.json @@ -195,6 +195,29 @@ "public": "134.199.243.61", "mac": null, "identity": null + }, + { + "name": "ct.prod", + "aliases": [ + "com.uvlava.ct.prod" + ], + "class": "cloud", + "role": "DigitalOcean hardened PUBLIC prod host (nyc3, store vpc) for the Prospector app + Caddy edge (the DMZ). The ONLY ct host with public app ports: Caddy terminates 80/443 for apps.ftw.pw and reverse-proxies the same-origin NestJS app on 127.0.0.1:3210 (/prospector/* + static console); /internal/* is 403'd at the edge. DB (DO Managed PG) + mesh deps (people/mac-sync/mr-number) reached privately over the store VPC + wg1; lime stays internal. wg leg 10.9.0.10. Reserved public IP set after terraform apply (A record apps.ftw.pw at the ftw.pw registrar). Joins wg1 via phase-b-mesh-join.sh (nyc3 hub = citron). IaC: uvlava/terraform/do/ct_prod.tf.", + "os": "linux", + "ssh_user": "root", + "ssh_identity": "~/.ssh/id_ed25519_1984", + "segment": "nyc3", + "wg_pubkey": "__SET_AFTER_BOOT__", + "wg": "10.9.0.10", + "lan": null, + "public": "__SET_AFTER_APPLY__", + "mac": null, + "identity": { + "url": "http://{ip}:3210/", + "markers": [ + "ok" + ] + } } ], "services": {