Commit graph

2 commits

Author SHA1 Message Date
sjat
8a5966e367 plan: TaPPaaS-side publishing (sendable, self-contained)
Standalone plan for the TaPPaaS operator's Claude Code: WireGuard client
(peer 10.13.0.9, split-tunnel), Caddy plain-HTTP backend on 10.13.0.9:80,
firewall lock to 10.13.0.1, internal split-horizon DNS. Bakes in the
verified VPS-side contract (hub endpoint/pubkey, preserved Host, *.tappaas
wildcard, public DNS) and the key-exchange handshake. Flags the internal-TLS
decision (internal CA vs Gandi DNS-01 vs no internal TLS).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 13:47:38 +02:00
sjat
2e3f38cb3a plan: TaPPaaS VPS-side publishing implementation
Bite-sized tasks for the AnsibleBaobabV4 changes: flossfw wg1 peer +
keypair, *.tappaas wildcard cert, catch-all delegate route, public DNS.
VPS-side deliverable = valid-TLS 502; end-to-end gated on TaPPaaS-side plan.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 10:33:10 +02:00