Skip to content

feat(deploy_tee)!: configure injects [domain] from descriptor + --email#46

Merged
samlaf merged 1 commit into
mainfrom
configure-inject-domain
Jun 30, 2026
Merged

feat(deploy_tee)!: configure injects [domain] from descriptor + --email#46
samlaf merged 1 commit into
mainfrom
configure-inject-domain

Conversation

@samlaf

@samlaf samlaf commented Jun 30, 2026

Copy link
Copy Markdown
Contributor

node.toml now carries [enclave] only. configure assembles the POSTed config by appending two tables it owns: [domain] (name ← the descriptor's fqdn, the cert domain; email ← --email, default ops@seismic.systems) and [network] (← --manifest). This kills the fqdn duplication that broke cert issuance — the cert domain now comes from the same place that created the DNS record, so they can't drift (the mismatch was an NXDOMAIN certbot failure cascading to reth + summit).

fqdn is now a required descriptor key (no public_ip fallback — a cert domain must resolve). configure rejects a node.toml carrying [domain] or [network], catching stale templates. The merge stays a plain text append (node.toml comments preserved), so render_network_section is unchanged.

Templates drop [domain]; README updated.

node.toml now carries [enclave] only. configure assembles the POSTed config
by appending two tables it owns: [domain] (name ← the descriptor's fqdn, the
cert domain; email ← --email, default ops@seismic.systems) and [network] (←
--manifest). This kills the fqdn duplication that broke cert issuance — the
cert domain now comes from the same place that created the DNS record, so
they can't drift (the mismatch was an NXDOMAIN certbot failure cascading to
reth + summit).

fqdn is now a required descriptor key (no public_ip fallback — a cert domain
must resolve). configure rejects a node.toml carrying [domain] or [network],
catching stale templates. The merge stays a plain text append (node.toml
comments preserved), so render_network_section is unchanged.

Templates drop [domain]; README updated.
@samlaf samlaf merged commit 0be9a7c into main Jun 30, 2026
1 check passed
@samlaf samlaf deleted the configure-inject-domain branch June 30, 2026 16:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant