feat: add DOKS, managed postgres/redis, WAF rules, external-dns

terraform/main.tf

@@ -112,11 +112,11 @@ resource "digitalocean_firewall" "gitea" {
     source_addresses = ["0.0.0.0/0", "::/0"]
   }
 
-  # Gitea SSH for git push/pull — your IP only
+  # Gitea SSH for git push/pull — open until Gitea is migrated to DOKS
   inbound_rule {
     protocol         = "tcp"
     port_range       = "2222"
-    source_addresses = ["${var.admin_ip}/32"]
+    source_addresses = ["0.0.0.0/0", "::/0"]
   }
 
   outbound_rule {
@@ -138,7 +138,7 @@ resource "cloudflare_record" "gitea" {
   zone_id = data.cloudflare_zone.main.id
   name    = "git"
   type    = "A"
-  value   = digitalocean_droplet.gitea.ipv4_address
+  content = digitalocean_droplet.gitea.ipv4_address
   proxied = true
   ttl     = 1
 }
@@ -147,7 +147,7 @@ resource "cloudflare_record" "vaultwarden" {
   zone_id = data.cloudflare_zone.main.id
   name    = "vault"
   type    = "A"
-  value   = digitalocean_droplet.gitea.ipv4_address
+  content = digitalocean_droplet.gitea.ipv4_address
   proxied = true
   ttl     = 1
 }
@@ -157,7 +157,7 @@ resource "cloudflare_record" "git_ssh" {
   zone_id = data.cloudflare_zone.main.id
   name    = "git-ssh"
   type    = "A"
-  value   = digitalocean_droplet.gitea.ipv4_address
+  content = digitalocean_droplet.gitea.ipv4_address
   proxied = false
   ttl     = 3600
 }
@@ -167,7 +167,7 @@ resource "cloudflare_record" "registry" {
   zone_id = data.cloudflare_zone.main.id
   name    = "registry"
   type    = "A"
-  value   = digitalocean_droplet.gitea.ipv4_address
+  content = digitalocean_droplet.gitea.ipv4_address
   proxied = false
   ttl     = 3600
 }