diff --git a/docs/superpowers/specs/2026-06-11-public-dns-gandi-migration-design.md b/docs/superpowers/specs/2026-06-11-public-dns-gandi-migration-design.md index 40f9785..0b76bf7 100644 --- a/docs/superpowers/specs/2026-06-11-public-dns-gandi-migration-design.md +++ b/docs/superpowers/specs/2026-06-11-public-dns-gandi-migration-design.md @@ -79,6 +79,10 @@ one-time purge + anti-spoof baseline. | Home / cluster services | `.wingu.me` | internal zone (split-horizon) | only deliberate exceptions | | Off-site / VPS services | `.askari.wingu.me` | Gandi LiveDNS | yes (askari has a stable public IP) | +- **Project vs domain.** The project/homelab stays **`boma`** (ADR-007); **`wingu.me`** is + its domain. `.boma.wingu.me` reads as "host in the `boma` compound, on the `wingu` + cloud" — kept distinct deliberately (`boma` wasn't available as a domain; the two layers + fit the self-hosting ethos). Folds into the ADR-007 amendment. - **`nyumbani` removed** — home is the default; only the exception (`askari`) needs naming. - **The mesh carries "internal" to road-warriors.** NetBird pushes `dns1`/`dns2` (over `wt0`) as resolver for the `wingu.me` match-domain → on-LAN-or-on-mesh resolves