iklim.co/Environment_Infrastructure
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Environment_Infrastructure/roadmap/prod-env/02-godaddy-credentials.md
Murat ÖZDEMİR 8875af8e8a docs: fix roadmap and setup reference direction 
Remove setup runbook references from prod roadmap docs so roadmap remains design intent only. Keep setup-to-roadmap links, but normalize them to explicit relative paths.
2026-06-15 19:57:21 +03:00

2.6 KiB
Raw Blame History

02 — GoDaddy DNS Credentials for SWAG (Prod)

Context

Same credential model as ../test-env/02-godaddy-credentials.md, except the StorageBox path is prod/ instead of test/.

⚠️ Security — Rotate credentials before use

If credentials were shared in any chat log, Slack message, or email, revoke them immediately:

  1. Go to: https://developer.godaddy.com/keys
  2. Revoke the exposed key
  3. Create a new Production key pair

Never commit credentials to the repository.

Step 1 — Add credentials to storagebox .env.secrets.swag (prod path)

Open the file at storagebox path:

prod/secrets/iklim.co/.env.secrets.swag

Add:

GODADDY_KEY=<your-new-api-key>
GODADDY_SECRET=<your-new-api-secret>

.env.secrets.swag contains SWAG/GoDaddy credentials only. .env.secrets.shared contains AppRole IDs, DB passwords, and other runtime secrets — do not mix.

Step 2 — Repo template file

Same file as test: template/swag/dns-conf/godaddy.ini.tpl (already created in test step 02). No additional action needed in the repo.

Step 3 — (Handled by pipeline) Write credentials file on prod StorageBox path

The deploy pipeline (see 08-deploy-pipeline-update.md) runs on iklim-app-01:

set -a; . ./.env; set +a
mkdir -p "$SWAG_DNS_CONFIG_DIR"
envsubst < template/swag/dns-conf/godaddy.ini.tpl > "$SWAG_DNS_CONFIG_DIR/godaddy.ini"
chmod 600 "$SWAG_DNS_CONFIG_DIR/godaddy.ini"

Step 4 — GoDaddy A records for prod subdomains (handled by pipeline)

The deploy pipeline's Update DNS Records step automatically manages A records via GoDaddy API. It reads the Floating IP from the Gitea variable vars.PROD_FLOATING_IP — set this once in Gitea project settings.

To get the Floating IP: terraform output prod_floating_ip

Record Value
api vars.PROD_FLOATING_IP
apigw vars.PROD_FLOATING_IP
rabbitmq vars.PROD_FLOATING_IP
grafana vars.PROD_FLOATING_IP

Logic: for each record, pipeline queries the current value via GoDaddy API. If already correct, it skips. Otherwise it creates/updates the record.

The Floating IP is assigned to iklim-app-01 by terraform/hetzner/prod/floating_ip.tf; use the production Terraform output for the PROD_FLOATING_IP value. If failover is needed, the Floating IP can be reassigned to another app node; DNS does not change.

Notes

  • Test and prod SWAG instances both obtain *.iklim.co independently from Let's Encrypt. There is no conflict — they use the same domain, different servers.
  • DNSPROPAGATION=90 handles GoDaddy's typical 30-90s propagation delay.