From 841f666de93be362bfed6f958a85acf8829a1f5e Mon Sep 17 00:00:00 2001 From: sjat Date: Fri, 5 Jun 2026 11:50:04 +0200 Subject: [PATCH] =?UTF-8?q?CAPABILITIES:=20VPN=20decided=20=E2=80=94=20Net?= =?UTF-8?q?Bird=20self-hosted=20(ADR-016)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- docs/CAPABILITIES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/CAPABILITIES.md b/docs/CAPABILITIES.md index c128b11..783e634 100644 --- a/docs/CAPABILITIES.md +++ b/docs/CAPABILITIES.md @@ -26,7 +26,7 @@ decisions this frame enables. |---|---|---|---|---|---| | Reverse proxy / TLS | Traefik | P | core | Edge routing + ACME certs for everything exposed | Spin-up order names it (TODO 12) | | Internal DNS | `dns` role → dns1/dns2 | P | core | Authoritative internal zone (ADR-007) | Ansible-rendered zone | -| VPN / remote access | Netbird · *or* OPNsense WireGuard | P | candidate | Secure remote access to `srv`/`mgmt` | ⚠️ ADR-007 commits WireGuard-via-OPNsense; Netbird (mesh) is a real alternative to weigh | +| VPN / remote access | NetBird (self-hosted on `askari`) | P | core | Secure mesh remote access to `srv`/`mgmt` | **Decided (ADR-016):** NetBird mesh replaces ADR-007 OPNsense WireGuard | | Service portal / dashboard | Homepage | A | candidate | One landing page listing all services — a "what does what" front door | Gap surfaced by V4; fits boma's legibility goal | _(DHCP, firewall, mDNS reflection live on OPNsense — Ansible-managed, not containers.)_