No description
Find a file
sjat 8a5966e367 plan: TaPPaaS-side publishing (sendable, self-contained)
Standalone plan for the TaPPaaS operator's Claude Code: WireGuard client
(peer 10.13.0.9, split-tunnel), Caddy plain-HTTP backend on 10.13.0.9:80,
firewall lock to 10.13.0.1, internal split-horizon DNS. Bakes in the
verified VPS-side contract (hub endpoint/pubkey, preserved Host, *.tappaas
wildcard, public DNS) and the key-exchange handshake. Flags the internal-TLS
decision (internal CA vs Gandi DNS-01 vs no internal TLS).

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-28 13:47:38 +02:00
docs/superpowers plan: TaPPaaS-side publishing (sendable, self-contained) 2026-06-28 13:47:38 +02:00
incidents Initial troubleshooting workspace: access, network map, runbooks 2026-06-09 13:24:26 +02:00
runbooks docs: runbook for publishing services on mf01 2026-06-09 18:02:09 +02:00
.gitignore Initial troubleshooting workspace: access, network map, runbooks 2026-06-09 13:24:26 +02:00
access.md access: fisi enrolled in netbird (on-demand), record overlay facts 2026-06-09 13:39:34 +02:00
CLAUDE.md Initial troubleshooting workspace: access, network map, runbooks 2026-06-09 13:24:26 +02:00
network-map.md access: fisi enrolled in netbird (on-demand), record overlay facts 2026-06-09 13:39:34 +02:00
README.md Initial troubleshooting workspace: access, network map, runbooks 2026-06-09 13:24:26 +02:00

MakerFLOSS Troubleshooting

A working repo for troubleshooting and fixing hosts at the Orange Makerspace that are part of the MakerFLOSS project.

This repo is reference + thin runbooks: it does not duplicate authoritative data (IPs, topology, secrets). Those live in the source repos below. Here we keep access procedures, runbooks, and an incident log, with pointers back to source.

Source repos (authoritative)

Repo Path What it owns
AnsibleBaobabV4 ~/Projects/AnsibleBaobabV4 Canonical infra-as-code. The makerfloss VPS, makerfloss1, mf04, the makerfloss WireGuard plane (wg1), the Netbird control plane, and all containerised services. This is where most fixes land.
MakerFLOSS_Mikrotik ~/Projects/MakerFLOSS_Mikrotik The CRS310 switch (crs310-maker) — Ansible-managed RouterOS config. The "new switch" at the makerspace.
MakerFLOSS ~/Projects/MakerFLOSS Documentation site (docs.makerfloss.eu) and slides. Docs-only; the human-readable hardware/service catalog.

Note: AnsibleBaobabV4 is a separate (homelab) project that also happens to manage the MakerFLOSS infrastructure — early MakerFLOSS work started there and stayed. Its git remote is the baobab Forgejo, not the MakerFLOSS one.

Where fixes go

Fixes land in the relevant source repo's main branch (per decision 2026-06-09). Switch/live-infra changes still follow that repo's own lockout-safety and idempotency rules (e.g. run device-touching plays twice; enable VLAN-filtering last). This repo only holds runbooks and the incident log.

Layout

.
├── access.md            # HOW to reach makerspace hosts (read this first)
├── network-map.md       # thin network overview + pointers + open questions
├── runbooks/            # task-focused troubleshooting guides
│   ├── README.md
│   └── switch-crs310.md
└── incidents/           # dated log of issues worked + outcomes
    └── README.md

Quick start for a troubleshooting session

  1. Read access.md — pick a reach path for where you are (makerspace with mamba, or tunneling in from fisi).
  2. Check network-map.md for the host/subnet you're after.
  3. Find or create a runbook in runbooks/.
  4. Apply fixes in the source repo; log what happened in incidents/.