boma/docs
sjat 65cf20a993 docs(spec): M4 — NetBird coordinator on askari + Caddy reverse proxy
Caddy becomes boma's standard reverse proxy (amends the soft Traefik assumption;
new ADR) with Gandi DNS-01 certs (custom xcaddy image, reuses vault.gandi.pat) —
the only cert path for mesh/LAN-only services. NetBird self-hosted in
external-proxy mode (embedded Dex), compose rendered from boma templates
(ADR-004/013). Three roles: docker_host (first real content), reverse_proxy (new,
Caddy), netbird (first service role w/ full ADR-004 standard files). Firewall +
DNS amendments; backup execution deferred (fisi). caddy-dns/gandi + NetBird
self-host facts verified.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-14 17:19:21 +02:00
..
access docs(access): correct ADR-021 governance (runbook+gate, not scaffold) 2026-06-09 17:52:24 +02:00
backup docs(backup): add BACKUP.md template + backup__* contract (ADR-022) 2026-06-10 11:20:01 +02:00
decisions docs(askari): amend ADR-006/009/020/007/016 for TF-provisioned offsite host; STATUS (apply pending) 2026-06-14 12:09:20 +02:00
hardware docs: record ubongo physical build (2026-06-11) 2026-06-11 10:32:26 +02:00
reviews docs(review): 2026-06-11 repo audit — fix build-wave doc drift 2026-06-11 14:48:00 +02:00
runbooks docs: record ubongo physical build (2026-06-11) 2026-06-11 10:32:26 +02:00
security docs: record ubongo physical build (2026-06-11) 2026-06-11 10:32:26 +02:00
superpowers docs(spec): M4 — NetBird coordinator on askari + Caddy reverse proxy 2026-06-14 17:19:21 +02:00
testing docs(kaizen): migrate gotchas to docs; curate FRICTION log (2026-06-10 review) 2026-06-10 12:51:39 +02:00
CAPABILITIES.md docs(public_dns): amend ADR-007 to wingu.me/Gandi; resolve TODO 4; STATUS + CAPABILITIES 2026-06-14 10:38:45 +02:00
FRICTION.md docs(friction): include_tasks tag-propagation + check-mode gotchas (M3) 2026-06-14 16:56:23 +02:00
README.md Add architecture decision records and runbooks 2026-05-30 14:10:01 +02:00
ROADMAP.md docs(base): M3 done — ssh hardening + fail2ban applied to askari; STATUS + roadmap 2026-06-14 16:55:22 +02:00
TODO.md docs(public_dns): amend ADR-007 to wingu.me/Gandi; resolve TODO 4; STATUS + CAPABILITIES 2026-06-14 10:38:45 +02:00

docs/

Project documentation.

  • decisions/ — Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.
  • runbooks/ — step-by-step operational procedures (add a host, add a role, rotate secrets).

For what is actually built vs only designed, see STATUS.md at the repo root — the ADRs describe intent, not necessarily current reality.