Caddy becomes boma's standard reverse proxy (amends the soft Traefik assumption; new ADR) with Gandi DNS-01 certs (custom xcaddy image, reuses vault.gandi.pat) — the only cert path for mesh/LAN-only services. NetBird self-hosted in external-proxy mode (embedded Dex), compose rendered from boma templates (ADR-004/013). Three roles: docker_host (first real content), reverse_proxy (new, Caddy), netbird (first service role w/ full ADR-004 standard files). Firewall + DNS amendments; backup execution deferred (fisi). caddy-dns/gandi + NetBird self-host facts verified. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| plans | ||
| specs | ||