{ "_purpose": "Single source of truth for the wg1 mesh + LAN: the four hosts, their addresses on each path, the MAC + L7 identity probe the smart-lan-router daemon uses, and the DNS records apricot's dnsmasq serves. Everything that needs a host address derives from here — never hardcode mesh IPs, MACs, or identity URLs elsewhere.", "_schema": { "hosts[].name": "Canonical name = fruit family encodes machine class (gpu=stone fruit, cpu=pome, cloud=citrus, laptop=vegetable).", "hosts[].aliases": "Old names, kept working during the alias-first rename. Renderers emit a record for name AND every alias.", "hosts[].class": "gpu | cpu | cloud | laptop.", "hosts[].wg/lan/public": "wg = mesh IP (10.9.0.0/24); lan = home LAN IP (10.0.0.0/24, null if roaming/no LAN leg); public = internet IP (null if none).", "hosts[].mac": "LAN interface MAC — used by the daemon to pin the ARP entry so the /32 LAN route actually carries traffic (null = unknown, no pin).", "hosts[].identity": "L7 identity probe so the daemon never routes to a stranger at the same RFC1918 IP. {url ('{ip}' substituted), markers (all must appear)}. null = not a routing target.", "two_views": "'.wg' ALWAYS = mesh IP (anywhere via tunnel); '.lan' = LAN IP (home network only). Suffix is authoritative. (The old '.local' platform scheme is retired — platform uses .com, infra uses .lan.)", "daemon_targets": "smart-lan-router.py routes hosts where lan AND identity are both set, excluding the host it runs on." }, "_consumers": ["bin/wg-dns-sync", "bin/mesh-hosts-render", "smart-lan-router/smart-lan-router.py"], "mesh": { "interface": "wg1", "cidr": "10.9.0.0/24", "hub": "yuzu", "hub_endpoint": "89.127.233.145:51820", "dns_host": "apricot", "dns_listen": "10.9.0.2:53" }, "lan": { "cidr": "10.0.0.0/24", "dns_host": "pear", "dns_listen": "10.0.0.11:53", "gateway": "10.0.0.1", "gateway_mac": "c4:4f:d5:5a:61:6f", "gateway_note": "Xfinity broadband gateway. gateway_mac is the home-LAN fingerprint: the smart-lan-router daemon treats the laptop as 'home' only when the default gateway on the LAN interface has this MAC — distinguishes the real home LAN from any visited 10.0.0.0/24 network. DHCP reservations only via xFi/web UI, no scriptable API." }, "hosts": [ { "name": "apricot", "aliases": [], "class": "gpu", "role": "Threadripper GPU compute — LLM serving, quinn dev, claude rc units, mesh DNS (dnsmasq 10.9.0.2:53)", "os": "linux", "ssh_user": "lilith", "wg": "10.9.0.2", "lan": "10.0.0.116", "public": null, "mac": "b4:2e:99:35:24:c5", "identity": { "url": "http://{ip}:8200/health", "markers": ["llama_service_available"] } }, { "name": "pear", "aliases": ["black"], "class": "cpu", "role": "Threadripper CPU/storage — Forgejo, Verdaccio, LAN DNS (dnsmasq 10.0.0.11:53), NFS/media", "os": "linux", "ssh_user": "lilith", "wg": "10.9.0.4", "lan": "10.0.0.11", "public": null, "mac": "b4:2e:99:30:a2:9a", "identity": { "url": "http://{ip}:3000/api/v1/version", "markers": ["version"] } }, { "name": "fennel", "aliases": ["plum"], "class": "laptop", "role": "MacBook Air M2 — roams (no fixed LAN IP), mesh client, runs the smart-lan-router daemon", "os": "darwin", "ssh_user": "natalie", "wg": "10.9.0.3", "lan": null, "public": null, "mac": "74:a6:cd:d4:b0:39", "identity": null }, { "name": "yuzu", "aliases": ["vps", "quinn-vps"], "class": "cloud", "role": "1984 Hosting (Iceland) — WireGuard mesh hub, quinn production", "os": "linux", "ssh_user": "root", "wg": "10.9.0.1", "lan": null, "public": "89.127.233.145", "mac": null, "identity": null } ], "dnsmasq": { "_note": "Mesh DNS served by apricot's dnsmasq (bound 127.0.0.1 + 10.9.0.2), written to /etc/dnsmasq.d/wg-mesh.conf by bin/wg-dns-sync. Consumed by wg clients that set DNS=10.9.0.2 (phones). Renders the host .wg + .lan records from hosts[] — NOT platform service records. The old *.local platform domains are RETIRED (platform uses .com; infra uses .lan); they are deliberately NOT carried here.", "listen_address": "127.0.0.1,10.9.0.2" } }