applications/net-tools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
net-tools/data/mesh-hosts.json
Natalie 68c848dc56 feat(@tools/net-tools): add tray icon system 
Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
2026-06-10 02:20:23 -07:00

135 lines
6.6 KiB
JSON
Raw Blame History

{
"_purpose": "Single source of truth for the wg1 mesh + LAN: the four hosts, their addresses on each path, the MAC + L7 identity probe the smart-lan-router daemon uses, and the DNS records apricot's dnsmasq serves. Everything that needs a host address derives from here — never hardcode mesh IPs, MACs, or identity URLs elsewhere.",
"_schema": {
"hosts[].name": "Canonical name = fruit family encodes machine class (gpu=stone fruit, cpu=pome, cloud=citrus, laptop=vegetable, phone=berry).",
"fleet.enforce_hostname": "true => every agent converges its node's OS hostname to its canonical name (scutil on darwin, hostnamectl on linux). The FLEET renames hosts — never run hostnamectl by hand.",
"phones": "class=phone (berry family): no agent possible (ios/android run nothing); they are DNS clients — WireGuard app with DNS=10.9.0.2, names served by apricot's mesh dnsmasq (wg-dns-sync). ssh_user null => no ssh stanza rendered. os distinguishes ios/android. Enroll with wg-phone-add, then add the entry here. If the phone's per-SSID Wi-Fi MAC is pinned (iOS 'Private Wi-Fi Address: Fixed'), add mac to get home-LAN discovery too.",
"hosts[].aliases": "Old names, kept working during the alias-first rename. Renderers emit a record for name AND every alias.",
"hosts[].class": "gpu | cpu | cloud | laptop.",
"hosts[].wg/lan/public": "wg = mesh IP (10.9.0.0/24); lan = home LAN IP (10.0.0.0/24, null if roaming/no LAN leg); public = internet IP (null if none).",
"hosts[].mac": "LAN interface MAC — the stable key the daemon uses to DISCOVER the host's current DHCP IP via ARP (name-sync). null = not discoverable.",
"hosts[].identity": "L7 identity probe so the daemon never routes to a stranger at the same RFC1918 IP. {url ('{ip}' substituted), markers (all must appear)}. null = not a routing target.",
"services": "{host: [fqdn, ...]} — service vhost names that live ON a host and must resolve to that host's CURRENT LAN IP. Rendered by mesh-hosts-render with the discovered overlay, so they track DHCP drift. Add names here, never hand-edit /etc/hosts.",
"naming": "'<host>.wg' = mesh IP (explicit tunnel path); '<host>.lan' + BARE '<host>' = current LAN IP (direct at home; via tunnel when away, since the daemon routes the LAN /24 through wg then). Hosts without a LAN IP get bare name → wg IP. ('.local' is retired — platform uses .com, infra .lan.)",
"daemon_targets": "smart-lan-router.py routes hosts where lan AND identity are both set, excluding the host it runs on."
},
"_consumers": ["bin/wg-dns-sync", "bin/mesh-hosts-render", "smart-lan-router/smart-lan-router.py"],
"fleet": {
"enforce_hostname": true
},
"mesh": {
"interface": "wg1",
"cidr": "10.9.0.0/24",
"hub": "yuzu",
"hub_endpoint": "89.127.233.145:51820",
"dns_host": "apricot",
"dns_listen": "10.9.0.2:53"
},
"lan": {
"cidr": "10.0.0.0/24",
"dns_host": "pear",
"dns_listen": "10.0.0.11:53",
"gateway": "10.0.0.1",
"gateway_mac": "c4:4f:d5:5a:61:6f",
"gateway_note": "Xfinity broadband gateway. gateway_mac is the home-LAN fingerprint: the smart-lan-router daemon treats the laptop as 'home' only when the default gateway on the LAN interface has this MAC — distinguishes the real home LAN from any visited 10.0.0.0/24 network. DHCP reservations only via xFi/web UI, no scriptable API."
},
"hosts": [
{
"name": "apricot",
"aliases": [],
"class": "gpu",
"role": "Threadripper GPU compute — LLM serving, quinn dev, claude rc units, mesh DNS (dnsmasq 10.9.0.2:53)",
"os": "linux",
"ssh_user": "lilith",
"wg": "10.9.0.2",
"lan": "10.0.0.116",
"public": null,
"mac": "b4:2e:99:35:24:c5",
"identity": { "url": "http://{ip}:8200/health", "markers": ["llama_service_available"] }
},
{
"name": "pear",
"aliases": ["black"],
"class": "cpu",
"role": "Threadripper CPU/storage — Forgejo, Verdaccio, LAN DNS (dnsmasq 10.0.0.11:53), NFS/media",
"os": "linux",
"ssh_user": "lilith",
"wg": "10.9.0.4",
"lan": "10.0.0.11",
"public": null,
"mac": "b4:2e:99:30:a2:9a",
"identity": { "url": "http://{ip}:3000/api/v1/version", "markers": ["version"] }
},
{
"name": "fennel",
"aliases": ["plum"],
"class": "laptop",
"role": "MacBook Air M2 — roams (no fixed LAN IP), mesh client, runs the smart-lan-router daemon",
"os": "darwin",
"ssh_user": "natalie",
"wg": "10.9.0.3",
"lan": null,
"public": null,
"mac": "74:a6:cd:d4:b0:39",
"identity": null
},
{
"name": "strawberry",
"aliases": ["phone-quinn"],
"class": "phone",
"role": "Quinn's iPhone — wg mesh client via WireGuard app (DNS=10.9.0.2); no agent, no sshd",
"os": "ios",
"ssh_user": null,
"wg": "10.9.0.5",
"lan": null,
"public": null,
"mac": null,
"identity": null
},
{
"name": "yuzu",
"aliases": ["vps", "quinn-vps"],
"class": "cloud",
"role": "1984 Hosting (Iceland) — WireGuard mesh hub, quinn production",
"os": "linux",
"ssh_user": "root",
"ssh_identity": "~/.ssh/id_ed25519_1984",
"wg": "10.9.0.1",
"lan": null,
"public": "89.127.233.145",
"mac": null,
"identity": null
}
],
"services": {
"_note": "Service vhosts hosted ON a fleet host — adopted from the loose hand-maintained /etc/hosts lines (quinn.* dev vhosts, lm/llm stack, forge/registry). Rendered at the host's CURRENT discovered IP.",
"apricot": [
"quinn.apricot.lan",
"www.quinn.apricot.lan",
"my.quinn.apricot.lan",
"admin.quinn.apricot.lan",
"ai.quinn.apricot.lan",
"api.quinn.apricot.lan",
"data.quinn.apricot.lan",
"m.quinn.apricot.lan",
"sso.quinn.apricot.lan",
"vip.quinn.apricot.lan",
"docs.quinn.apricot.lan",
"lm.apricot.lan",
"lm-api.apricot.lan",
"llm.apricot.lan",
"status.apricot.lan",
"redis.apricot.lan"
],
"pear": [
"forge.black.lan",
"registry.black.lan",
"forge.pear.lan",
"registry.pear.lan"
]
},
"dnsmasq": {
"_note": "Mesh DNS served by apricot's dnsmasq (bound 127.0.0.1 + 10.9.0.2), written to /etc/dnsmasq.d/wg-mesh.conf by bin/wg-dns-sync. Consumed by wg clients that set DNS=10.9.0.2 (phones). Renders the host .wg + .lan records from hosts[] — NOT platform service records. The old *.local platform domains are RETIRED (platform uses .com; infra uses .lan); they are deliberately NOT carried here.",
"listen_address": "127.0.0.1,10.9.0.2"
}
}
Reference in a new issue View git blame Copy permalink