Correct Forgejo host to forgejo.nyumbani.baobab.band

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
This commit is contained in:
sjat 2026-05-30 18:16:38 +02:00
parent 4ee1b66e23
commit 810e6d557b
7 changed files with 12 additions and 12 deletions

View file

@ -12,7 +12,7 @@ platforms:
# Project-owned image built from .docker/molecule-debian13/Dockerfile # Project-owned image built from .docker/molecule-debian13/Dockerfile
# and hosted in the Forgejo container registry. # and hosted in the Forgejo container registry.
# Build/push with: make molecule-image / make molecule-image-push # Build/push with: make molecule-image / make molecule-image-push
image: git.baobab.band/<owner>/<repo>/molecule-debian13:latest image: forgejo.nyumbani.baobab.band/<owner>/<repo>/molecule-debian13:latest
pre_build_image: true pre_build_image: true
privileged: true # required for systemd privileged: true # required for systemd
cgroupns_mode: host cgroupns_mode: host

View file

@ -45,7 +45,7 @@ has been run).
## State backend ## State backend
**Choice**: Forgejo HTTP backend (self-hosted at git.baobab.band) **Choice**: Forgejo HTTP backend (self-hosted at forgejo.nyumbani.baobab.band)
Keeps all state on the same self-hosted stack without additional services. Keeps all state on the same self-hosted stack without additional services.
Authentication uses a Forgejo personal access token via `TF_HTTP_USERNAME` and Authentication uses a Forgejo personal access token via `TF_HTTP_USERNAME` and

View file

@ -150,7 +150,7 @@ IoT devices cannot initiate connections to `srv`.
| Infrastructure VMs | `<role><n>` | `dns1`, `dns2`, `proxy` | | Infrastructure VMs | `<role><n>` | `dns1`, `dns2`, `proxy` |
| Hetzner VPS | `askari` | Swahili for guard/sentinel | | Hetzner VPS | `askari` | Swahili for guard/sentinel |
| Internal FQDN | `<host>.boma.baobab.band` | `dns1.boma.baobab.band` | | Internal FQDN | `<host>.boma.baobab.band` | `dns1.boma.baobab.band` |
| Public service FQDN | `<service>.baobab.band` | `git.baobab.band` | | Public service FQDN | `<service>.baobab.band` | `forgejo.nyumbani.baobab.band` |
--- ---
@ -166,7 +166,7 @@ Terraform itself writes no DNS records — see ADR-009.
Public-facing services resolve to the public IP or Cloudflare proxy. Public-facing services resolve to the public IP or Cloudflare proxy.
**Split-horizon**: `dns1`/`dns2` serve internal answers for any hostname that has **Split-horizon**: `dns1`/`dns2` serve internal answers for any hostname that has
both a public and private face. Example: `git.baobab.band` resolves to both a public and private face. Example: `forgejo.nyumbani.baobab.band` resolves to
`10.20.0.12` (proxy) internally and to the public IP externally. `10.20.0.12` (proxy) internally and to the public IP externally.
OPNsense DNS resolver forwards `boma.baobab.band` queries to `dns1`/`dns2`. OPNsense DNS resolver forwards `boma.baobab.band` queries to `dns1`/`dns2`.

View file

@ -62,7 +62,7 @@ configuration issues invisible to Ansible check mode.
**Source**: `.docker/molecule-debian13/Dockerfile` **Source**: `.docker/molecule-debian13/Dockerfile`
**Base**: `debian:trixie-slim` (official Debian 13, Docker Hub — only external **Base**: `debian:trixie-slim` (official Debian 13, Docker Hub — only external
dependency permitted here, as the base OS image is not substitutable) dependency permitted here, as the base OS image is not substitutable)
**Registry**: `git.baobab.band/<owner>/<repo-name>/molecule-debian13:latest` **Registry**: `forgejo.nyumbani.baobab.band/<owner>/<repo-name>/molecule-debian13:latest`
Build and push with: Build and push with:
```bash ```bash

View file

@ -108,7 +108,7 @@ rendered entirely by the Ansible `dns` role:
remains the ultimate source of truth for which hosts exist; the data simply flows remains the ultimate source of truth for which hosts exist; the data simply flows
through the inventory instead of through a direct Terraform→DNS write. through the inventory instead of through a direct Terraform→DNS write.
- **Service, alias (CNAME), split-horizon, and non-VM records** (e.g. the OPNsense - **Service, alias (CNAME), split-horizon, and non-VM records** (e.g. the OPNsense
gateway, `git.baobab.band` → proxy) are explicit zone data in `group_vars`. gateway, `forgejo.nyumbani.baobab.band` → proxy) are explicit zone data in `group_vars`.
This dissolves the bootstrap cycle that a Terraform-managed zone would create. If This dissolves the bootstrap cycle that a Terraform-managed zone would create. If
Terraform wrote records via RFC 2136, provisioning the **first** DNS server would Terraform wrote records via RFC 2136, provisioning the **first** DNS server would

View file

@ -8,9 +8,9 @@ terraform {
# #
# If Forgejo's HTTP state endpoint is unavailable, remove this block entirely # If Forgejo's HTTP state endpoint is unavailable, remove this block entirely
# to fall back to local state on the control node. # to fall back to local state on the control node.
address = "https://git.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/production.tfstate" address = "https://forgejo.nyumbani.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/production.tfstate"
lock_address = "https://git.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/production.tfstate/lock" lock_address = "https://forgejo.nyumbani.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/production.tfstate/lock"
unlock_address = "https://git.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/production.tfstate/lock" unlock_address = "https://forgejo.nyumbani.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/production.tfstate/lock"
lock_method = "POST" lock_method = "POST"
unlock_method = "DELETE" unlock_method = "DELETE"
} }

View file

@ -8,9 +8,9 @@ terraform {
# #
# If Forgejo's HTTP state endpoint is unavailable, remove this block entirely # If Forgejo's HTTP state endpoint is unavailable, remove this block entirely
# to fall back to local state on the control node. # to fall back to local state on the control node.
address = "https://git.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/staging.tfstate" address = "https://forgejo.nyumbani.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/staging.tfstate"
lock_address = "https://git.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/staging.tfstate/lock" lock_address = "https://forgejo.nyumbani.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/staging.tfstate/lock"
unlock_address = "https://git.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/staging.tfstate/lock" unlock_address = "https://forgejo.nyumbani.baobab.band/api/v1/repos/<owner>/<repo>/raw/terraform/state/staging.tfstate/lock"
lock_method = "POST" lock_method = "POST"
unlock_method = "DELETE" unlock_method = "DELETE"
} }