Caddy becomes boma's standard reverse proxy (amends the soft Traefik assumption; new ADR) with Gandi DNS-01 certs (custom xcaddy image, reuses vault.gandi.pat) — the only cert path for mesh/LAN-only services. NetBird self-hosted in external-proxy mode (embedded Dex), compose rendered from boma templates (ADR-004/013). Three roles: docker_host (first real content), reverse_proxy (new, Caddy), netbird (first service role w/ full ADR-004 standard files). Firewall + DNS amendments; backup execution deferred (fisi). caddy-dns/gandi + NetBird self-host facts verified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| access | ||
| backup | ||
| decisions | ||
| hardware | ||
| reviews | ||
| runbooks | ||
| security | ||
| superpowers | ||
| testing | ||
| CAPABILITIES.md | ||
| FRICTION.md | ||
| README.md | ||
| ROADMAP.md | ||
| TODO.md | ||
docs/
Project documentation.
decisions/— Architecture Decision Records (ADRs): the "why" behind the design. Numbered from 001; each records context, the decision, and what was ruled out.runbooks/— step-by-step operational procedures (add a host, add a role, rotate secrets).
For what is actually built vs only designed, see STATUS.md at the repo root —
the ADRs describe intent, not necessarily current reality.