- Multi-profile support: create named profiles (demo, guest, etc.)
- Auto IP allocation: 10.8.0.10-50 range managed via registry
- Revocation: --revoke <profile> removes peer from server immediately
- Profile listing: --list shows all profiles with connection status
- Auto-install qrencode with --transient on bootc systems
- Route both VPN (10.8.0.0/24) and LAN (10.0.0.0/24) through tunnel
- DNS via PowerDNS on VPN gateway for internal name resolution
Usage:
PROFILE=demo ./setup-mobile-vpn.sh # Create shareable profile
./setup-mobile-vpn.sh --revoke demo # Revoke when done
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Move infrastructure tooling to dedicated repository, separate from codebase.
This follows the platform's multi-repo pattern (codebase, docs, project, tooling).
Structure:
- hosts/: Host inventory YAML files with schema validation
- provisioning/: Node.js reconciliation with verification/rollback
- reconciliation/: Bash reconciliation with verification/rollback
- docker/: Container configurations
- nginx/: Web server configs
- scripts/: Deployment and maintenance scripts
- service-registry/: Service discovery dashboard
- systemd/: Service unit files
Verification system implements "first step = last step" pattern:
- State hashing for quick comparison
- Pre-reconciliation snapshots for rollback
- Transaction semantics with file locking
🤖 Generated with [Claude Code](https://claude.com/claude-code)
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>