docs: bring all docs current with this session's changes
Unit Tests / test (push) Successful in 12m12s
Unit Tests / test (push) Successful in 12m12s
Update README, QUICKSTART, wiki, service-developer-guide, and CLAUDE.md for: optional store services (email/calendar/files), sshuttle+proxy egress exits, provider-aware Network Services/DNS overview, DHCP/dnsmasq removal, split-horizon VPN DNS, container hardening (slim images, unprivileged WireGuard, webui port 8080, pinned ntp/coredns), installer changes (host NTP, PIC_DEBUG, clean output, systemd), and the backup overhaul (full secrets coverage + optional passphrase encryption). Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
This commit is contained in:
@@ -8,7 +8,7 @@ This file is the primary context source for Claude Code in this repository. Read
|
||||
|
||||
**Personal Internet Cell (PIC)** is a self-hosted digital infrastructure platform for individuals who want full ownership of their core internet services without relying on cloud providers.
|
||||
|
||||
A PIC instance runs DNS, DHCP, NTP, WireGuard VPN, email (SMTP/IMAP), calendar/contacts (CalDAV/CardDAV), file storage (WebDAV), HTTPS reverse proxy (Caddy), an internal certificate authority, and optional third-party services — all managed from a single REST API and a React web UI. No manual config-file editing is required for normal operations.
|
||||
A PIC instance runs DNS, NTP, WireGuard VPN, an HTTPS reverse proxy (Caddy), an internal certificate authority, and — as optional store services — email (SMTP/IMAP), calendar/contacts (CalDAV/CardDAV), file storage (WebDAV), and extended-connectivity exits (WireGuard-ext, OpenVPN, Tor, sshuttle, proxy) — all managed from a single REST API and a React web UI. No manual config-file editing is required for normal operations.
|
||||
|
||||
**Primary users:** technically capable individuals, homelab operators, small families or teams.
|
||||
|
||||
@@ -45,8 +45,7 @@ A PIC instance runs DNS, DHCP, NTP, WireGuard VPN, email (SMTP/IMAP), calendar/c
|
||||
### Infrastructure
|
||||
- **Docker Compose** — all 12+ service containers
|
||||
- **Caddy** — reverse proxy, TLS termination (Let's Encrypt DNS-01 or HTTP-01 or internal CA)
|
||||
- **CoreDNS** — `.cell` TLD authoritative DNS
|
||||
- **dnsmasq** — DHCP
|
||||
- **CoreDNS** — `.cell` TLD authoritative DNS + split-horizon for the effective domain
|
||||
- **chrony** — NTP
|
||||
- **WireGuard** — VPN (kernel module, not userspace)
|
||||
- **Postfix + Dovecot** — email via `docker-mailserver`
|
||||
@@ -69,7 +68,7 @@ Browser / WireGuard peer
|
||||
└── Caddy (:80/:443) TLS termination, reverse proxy
|
||||
└── React SPA (:8081) Vite + Tailwind (Nginx in container)
|
||||
└── Flask API (:3000) REST API, bound to 127.0.0.1 only
|
||||
├── NetworkManager CoreDNS, dnsmasq, chrony
|
||||
├── NetworkManager CoreDNS, chrony
|
||||
├── WireGuardManager WireGuard peer lifecycle
|
||||
├── PeerRegistry peer registration and trust
|
||||
├── EmailManager Postfix + Dovecot
|
||||
|
||||
Reference in New Issue
Block a user