developer/tf-services
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(tf-services): reverse-DNS name + Caddy/TLS + ROOT_URLs

Browse source 
Droplet com.uvlava.quinn.artifacts (ignore_changes name+user_data). cloud-init
now provisions Caddy with auto-TLS routing forge/npm/pypi.{ct,mc,quinn}.uvlava.com
to the 3 Forgejo, each with its ROOT_URL. Matches live 134.199.243.61.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
quinn 2026-06-29 23:45:43 -04:00
parent 870bb55174
commit 1be4f8ba6b
3 changed files with 37 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

76
cloud-init.yaml
View file

@ -5,6 +5,21 @@ packages:
- docker-compose-v2
write_files:
- path: /opt/services/Caddyfile
permissions: "0644"
content: |
{
email quinn@cocotte.tech
}
forge.ct.uvlava.com, npm.ct.uvlava.com, pypi.ct.uvlava.com {
reverse_proxy forgejo-ct:3000
}
forge.mc.uvlava.com, npm.mc.uvlava.com, pypi.mc.uvlava.com {
reverse_proxy forgejo-mc:3000
}
forge.quinn.uvlava.com, npm.quinn.uvlava.com, pypi.quinn.uvlava.com {
reverse_proxy forgejo-quinn:3000
}
- path: /opt/services/docker-compose.yml
permissions: "0644"
content: |
@ -12,61 +27,36 @@ write_files:
forgejo-ct:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment:
USER_UID: "1000"
USER_GID: "1000"
FORGEJO__server__HTTP_PORT: "3000"
FORGEJO__server__SSH_PORT: "2222"
FORGEJO__security__INSTALL_LOCK: "true"
FORGEJO__service__DISABLE_REGISTRATION: "true"
volumes:
- /opt/services/ct:/data
ports:
- "3000:3000"
- "2222:22"
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.ct.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.ct.uvlava.com/", FORGEJO__server__DISABLE_SSH: "true", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
volumes: [ /opt/services/ct:/data ]
ports: [ "3000:3000" ]
forgejo-mc:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment:
USER_UID: "1000"
USER_GID: "1000"
FORGEJO__server__HTTP_PORT: "3000"
FORGEJO__server__SSH_PORT: "2223"
FORGEJO__security__INSTALL_LOCK: "true"
FORGEJO__service__DISABLE_REGISTRATION: "true"
volumes:
- /opt/services/mc:/data
ports:
- "3001:3000"
- "2223:22"
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.mc.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.mc.uvlava.com/", FORGEJO__server__DISABLE_SSH: "true", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
volumes: [ /opt/services/mc:/data ]
ports: [ "3001:3000" ]
forgejo-quinn:
image: codeberg.org/forgejo/forgejo:10
restart: always
environment:
USER_UID: "1000"
USER_GID: "1000"
FORGEJO__server__HTTP_PORT: "3000"
FORGEJO__server__SSH_PORT: "2224"
FORGEJO__security__INSTALL_LOCK: "true"
FORGEJO__service__DISABLE_REGISTRATION: "true"
volumes:
- /opt/services/quinn:/data
ports:
- "3002:3000"
- "2224:22"
environment: { USER_UID: "1000", USER_GID: "1000", FORGEJO__server__HTTP_PORT: "3000", FORGEJO__server__DOMAIN: "forge.quinn.uvlava.com", FORGEJO__server__ROOT_URL: "https://forge.quinn.uvlava.com/", FORGEJO__server__DISABLE_SSH: "true", FORGEJO__security__INSTALL_LOCK: "true", FORGEJO__service__DISABLE_REGISTRATION: "true" }
volumes: [ /opt/services/quinn:/data ]
ports: [ "3002:3000" ]
verdaccio:
image: verdaccio/verdaccio:6
restart: always
ports:
- "4873:4873"
volumes:
- /opt/services/verdaccio:/verdaccio/storage
ports: [ "4873:4873" ]
volumes: [ /opt/services/verdaccio:/verdaccio/storage ]
caddy:
image: caddy:2
restart: always
ports: [ "80:80", "443:443" ]
volumes: [ /opt/services/Caddyfile:/etc/caddy/Caddyfile, /opt/services/caddy-data:/data, /opt/services/caddy-config:/config ]
runcmd:
# 2GB swap (safety on the 4GB box)
- [ bash, -c, "fallocate -l 2G /swapfile && chmod 600 /swapfile && mkswap /swapfile && swapon /swapfile && echo '/swapfile none swap sw 0 0' >> /etc/fstab" ]
- [ bash, -c, "mkdir -p /opt/services/ct /opt/services/mc /opt/services/quinn /opt/services/verdaccio && chown -R 1000:1000 /opt/services" ]
- [ bash, -c, "mkdir -p /opt/services/ct /opt/services/mc /opt/services/quinn /opt/services/verdaccio && chown -R 1000:1000 /opt/services/ct /opt/services/mc /opt/services/quinn /opt/services/verdaccio" ]
- [ systemctl, enable, --now, docker ]
- [ bash, -c, "cd /opt/services && docker compose up -d" ]
final_message: "services droplet up: 3 Forgejo (ct:3000 mc:3001 quinn:3002) + Verdaccio:4873"
final_message: "com.uvlava.quinn.artifacts up: forges (forge.{ct,mc,quinn}.uvlava.com) + registries via Caddy/TLS"

5
main.tf
View file

@ -16,8 +16,9 @@ resource "digitalocean_droplet" "services" {
lifecycle {
# Forgejo/Verdaccio data lives in /opt/services volumes; never let a
# user_data tweak silently rebuild and wipe it.
ignore_changes = [user_data]
# user_data tweak silently rebuild and wipe it. `name` is ForceNew in the
# provider rename live via doctl, never let a label change replace the box.
ignore_changes = [user_data, name]
}
}

2
variables.tf
View file

@ -25,5 +25,5 @@ variable "ssh_key_fingerprints" {
variable "name" {
type = string
default = "services"
default = "com.uvlava.quinn.artifacts" # reverse-DNS: forges + registries box (convention:infra_manifest droplet_naming)
}