Page Title: VaultMesh Node Topology (Canon v1) Summary: VaultMesh spans four primary tiers—Forge, Mine, Gate, and Lab—with mobile endpoints riding on top. The BRICK hypervisor anchors the virtualization layer, while v1-nl-gate acts as the outer gate. The result is a flexible topology where code forges on nexus-0, lands in GitLab on gate-vm, and manifests on shield-vm and lab nodes. Key Findings: - Clear separation between Forge (nexus-0), Core Mesh (gate-vm on brick), Edge Gate (v1-nl-gate), and Lab HV (ephemeral). - BRICK hypervisor hosts the critical core VMs: debian-golden (template), gate-vm (mesh-core-01), shield-vm (shield-01). - Tailscale tailnet binds everything together with MagicDNS and per-node hostnames. - v1-nl-gate is ready to act as external ingress or exit node for future services. - Node roles are stable but designed to evolve; lab nodes are intentionally ephemeral. Components: - Forge Tier: nexus-0 (BlackArch) and optional kali-forge. - Mine Tier: gamma, beta, brick, w3 – primary physical infra. - Gate Tier: v1-nl-gate (cloud gate), gate-vm on brick (core stack). - VM Tier: debian-golden (golden image), gate-vm (core services), shield-vm (OffSec/TEM). - Lab Tier: lab-mesh-01, lab-agent-01, lab-chaos-01, phoenix-01. Node Inventory: FORGE NODES: | Node | Hostname | OS | Role | |-----------|---------------------------|-----------|----------------------| | nexus-0 | 100.67.39.1 (Tailscale) | BlackArch | Primary forge (dev) | | kali-forge| (Tailscale IP) | Kali | Secondary OffSec lab | MINE NODES – Primary Infrastructure: | Node | Hostname | OS | Role | |--------|---------------------------|-------------|-------------------| | gamma | gamma.story-ule.ts.net | Arch Linux | Home primary | | beta | beta.story-ule.ts.net | Arch Linux | Backup node | | brick | brick.story-ule.ts.net | Debian | Dell server, HV | | w3 | w3.story-ule.ts.net | Raspbian | Raspberry Pi node | GATE NODES – Edge / Exit: | Node | Hostname | OS | Role | |------------|-------------------------------|--------|-----------------------------| | v1-nl-gate | v1-nl-gate.story-ule.ts.net | Debian | Netherlands external gate | | gate-vm | gate-vm.story-ule.ts.net | Debian | mesh-core-01 (core stack) | VM NODES – On brick (libvirt/KVM): | Node | Hostname | OS | Role | |---------------|---------------------------------|--------|-------------------------------| | debian-golden | debian-golden.story-ule.ts.net | Debian | Golden image / template | | gate-vm | gate-vm.story-ule.ts.net | Debian | Core services (GitLab, etc.) | | shield-vm | shield-vm.story-ule.ts.net | Debian | Shield / TEM / machine vault | LAB NODES – Experimental (Lab HV): | Node | Hostname | Role | |--------------|---------------------|----------------------------------| | lab-mesh-01 | lab-mesh-01 | Multi-node mesh tests | | lab-agent-01 | lab-agent-01 | Agent/orchestration experiments | | lab-chaos-01 | lab-chaos-01 | Chaos/failure drills | | phoenix-01 | phoenix-01 | Phoenix/PSI prototypes | MOBILE NODES: | Node | Hostname | OS | Port | |-------------|-------------------------------|---------------|-------| | shield | shield.story-ule.ts.net | Android/Termux| 22 | | bank-mobile | bank-mobile.story-ule.ts.net | iOS | 8022 | LAN Fallbacks: | Node | LAN IP | |-------|----------------| | gamma | 192.168.0.191 | | brick | 192.168.0.119 | | beta | 192.168.0.236 | Security Notes: - Forge, Mine, Gate, and Lab communicate primarily via Tailscale; LAN is a fallback. - VMs are isolated on libvirt NAT (192.168.122.x), with SSH + Tailscale as ingress. - v1-nl-gate can be used as WireGuard / exit node for privacy routing. Dependencies: - Tailscale on all nodes (physical and virtual as required). - libvirt/QEMU on brick for VM lifecycle. - SSH with per-node ed25519 keys.