roof/pic
1
0
Fork 0
Code Issues Pull Requests Actions Wiki Activity
Page: Admin – Overview
Pages
ADR – 001 Store Images Are Signed and Verified by Cells ADR – 002 Named Connection Instances for Connectivity ADR – 003 All Optional Functionality Ships as Store Services Admin – Back Up and Restore Admin – Configure Connectivity Admin – Configure Domains and TLS Admin – Install and First Run Admin – Logging and Audit Admin – Manage Peers Admin – Manage Services Admin – Monitor and Troubleshoot Admin – Overview Archive – ADR 004 The Wiki Is the Single Documentation Source Archive – User Guide Dev – API Reference Dev – Architecture Dev – Build a Store Service Dev – Install Internals Dev – Overview Dev – Service Manifest Reference Dev – Testing Home Meta – Glossary Meta – Template ADR Meta – Template Runbook User – Connect to the VPN User – FAQ User – Start Here User – Troubleshooting User – Use Your Services
Clone
Admin – Overview
Dmitrii Iurco edited this page 2026-06-11 15:39:28 -04:00
Table of Contents

Status: Active | Owner: @roof | Updated: 2026-06-11

Admin – Overview

This is the operator manual for a Personal Internet Cell. It covers everything a cell admin needs to know after the initial install.

Sections

Page What it covers
Admin – Install and First Run The installer, first-run wizard, cell identity, and what each step does
Admin – Configure Domains and TLS Domain modes, HTTPS certificates, DDNS, and host NTP
Admin – Manage Services Installing and removing optional services; what each service provides
Admin – Configure Connectivity Named VPN/tunnel/proxy connections, per-peer routing, fail-open/fail-closed, cell-to-cell links
Admin – Manage Peers Adding peers, WireGuard config export, per-peer access control
Admin – Back Up and Restore What is backed up, passphrase encryption, how to restore
Admin – Logging and Audit Per-service log levels, activity audit trail
Admin – Monitor and Troubleshoot Health checks, common errors, and fixes

Quick reference — daily commands

Run these from the PIC installation directory (/opt/pic for installer installs):

# Run on: the cell server host, as the pic user or any user in the docker group
make status          # container status + API health check
make logs            # follow all container logs
make logs-api        # follow API logs
make update          # pull latest code, rebuild, restart
make backup          # archive config/ and data/ to backups/

Security reminders

  • The Flask API (port 3000) is bound to 127.0.0.1 only. Caddy proxies all external requests. Do not expose port 3000 externally — access to it is equivalent to root access on the host.
  • All secrets (WireGuard keys, CA private key, admin credentials, DDNS token) live in data/ which is git-ignored. Keep your backups safe — they contain this material.
  • The Docker socket is mounted only into the cell-api container. No other container has Docker access.

Internals: see Dev – Architecture

Personal Internet Cell

Home

New here?

User – Start Here User – FAQ

Users

User – Connect to the VPN User – Use Your Services User – Troubleshooting

Admins

Admin – Overview Admin – Install and First Run Admin – Configure Domains and TLS Admin – Manage Services Admin – Configure Connectivity Admin – Manage Peers Admin – Back Up and Restore Admin – Logging and Audit Admin – Monitor and Troubleshoot

Developers

Dev – Overview Dev – Architecture Dev – Build a Store Service Dev – Service Manifest Reference Dev – API Reference Dev – Testing Dev – Install Internals

Decisions (ADRs)

ADR – 001 Store Images Are Signed and Verified by Cells ADR – 002 Named Connection Instances for Connectivity ADR – 003 All Optional Functionality Ships as Store Services

Meta

Meta – Glossary Meta – Template Runbook Meta – Template ADR

Archive

Archive – User Guide Archive – ADR 004 The Wiki Is the Single Documentation Source