Standalone plan for the TaPPaaS operator's Claude Code: WireGuard client (peer 10.13.0.9, split-tunnel), Caddy plain-HTTP backend on 10.13.0.9:80, firewall lock to 10.13.0.1, internal split-horizon DNS. Bakes in the verified VPS-side contract (hub endpoint/pubkey, preserved Host, *.tappaas wildcard, public DNS) and the key-exchange handshake. Flags the internal-TLS decision (internal CA vs Gandi DNS-01 vs no internal TLS). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> |
||
|---|---|---|
| docs/superpowers | ||
| incidents | ||
| runbooks | ||
| .gitignore | ||
| access.md | ||
| CLAUDE.md | ||
| network-map.md | ||
| README.md | ||
MakerFLOSS Troubleshooting
A working repo for troubleshooting and fixing hosts at the Orange Makerspace that are part of the MakerFLOSS project.
This repo is reference + thin runbooks: it does not duplicate authoritative data (IPs, topology, secrets). Those live in the source repos below. Here we keep access procedures, runbooks, and an incident log, with pointers back to source.
Source repos (authoritative)
| Repo | Path | What it owns |
|---|---|---|
| AnsibleBaobabV4 | ~/Projects/AnsibleBaobabV4 |
Canonical infra-as-code. The makerfloss VPS, makerfloss1, mf04, the makerfloss WireGuard plane (wg1), the Netbird control plane, and all containerised services. This is where most fixes land. |
| MakerFLOSS_Mikrotik | ~/Projects/MakerFLOSS_Mikrotik |
The CRS310 switch (crs310-maker) — Ansible-managed RouterOS config. The "new switch" at the makerspace. |
| MakerFLOSS | ~/Projects/MakerFLOSS |
Documentation site (docs.makerfloss.eu) and slides. Docs-only; the human-readable hardware/service catalog. |
Note:
AnsibleBaobabV4is a separate (homelab) project that also happens to manage the MakerFLOSS infrastructure — early MakerFLOSS work started there and stayed. Its git remote is the baobab Forgejo, not the MakerFLOSS one.
Where fixes go
Fixes land in the relevant source repo's main branch (per decision
2026-06-09). Switch/live-infra changes still follow that repo's own
lockout-safety and idempotency rules (e.g. run device-touching plays twice;
enable VLAN-filtering last). This repo only holds runbooks and the incident log.
Layout
.
├── access.md # HOW to reach makerspace hosts (read this first)
├── network-map.md # thin network overview + pointers + open questions
├── runbooks/ # task-focused troubleshooting guides
│ ├── README.md
│ └── switch-crs310.md
└── incidents/ # dated log of issues worked + outcomes
└── README.md
Quick start for a troubleshooting session
- Read
access.md— pick a reach path for where you are (makerspace with mamba, or tunneling in fromfisi). - Check
network-map.mdfor the host/subnet you're after. - Find or create a runbook in
runbooks/. - Apply fixes in the source repo; log what happened in
incidents/.