README.md

@@ -28,8 +28,7 @@ Ansible version will be implemented next as a direct comparison._
 
 ## Architecture
 
-### Goals
+Goals:
-
 - Separate concerns  
   Preferably one service/role per CT
 - Keep things as light as possible  
@@ -78,35 +77,12 @@ Ansible version will be implemented next as a direct comparison._
   +---------------------------------------------------------------+  
 ```
 
-The system defines two networks:
+XXX
-- LAN  
-  Hosts all the service CT's (`*.srv`)
-- ADMIN  
-  Used for administration (`*.adm`)
 
-The ADMIN network is connected to the admin port.
 
-Both networks are provided DNS and DHCP services by the `ns` CT.
+### Services
 
-Services on both networks are connected to the outside world (WAN) via 
+XXX
-a NAT router implemented by the `gate` CT (`iptables`).
-
-The `gate` CT also implements a reverse proxy ([`traefik`](https://traefik.io/traefik/)), 
-routing requests from the WAN (`$WAN_IP`) to appropriate service CT's on 
-the LAN.
-
-Services expose their administration interfaces only on the ADMIN network
-when possible.
-
-The host Proxmox (`pve.adm`) is only accessible through the ADMIN network.
-
-The `gate` and `ns` CT's are only accessible for administration from the 
-host (i.e. via `lxc-attach ..`).
-
-Three ways of access to the ADMIN network are provided:
-- `ssh` service (CT) via the `gate` reverse proxy
-- `wireguard` VPN (CT) via `gate` reverse proxy
-- `ssh` service (CT) via the direct `$WAN_SSH_IP` (fail-safe)
 
 
 
@@ -116,13 +92,11 @@ Three ways of access to the ADMIN network are provided:
 
 Install Proxmox and connect it to your device/network.
 
-
-#### Notes
-
 This setup will use three IP addresses:
-1. The static (usually) IP initially assigned to Proxmox on install. This 
+1. IP address used for setup only, this is the static (usually) IP 
-  will not be used after setup is done,
+  initially assigned to Proxmox on install and it will not be used after 
-2. WAN IP address to be used for the main set of applications, this is 
+  setup is done,
+2. WAN IP adress to be used for the main set of applications, this is 
   the address that all the requests will be routed from to various 
   services internally,
 3. Fail-safe ssh IP address, this is the connection used for recovery 

config.global.example

@@ -23,6 +23,8 @@
 # Usually this is the default bridge created in Proxmox, so there is no 
 # need to touch this.
 BOOTSTRAP_BRIDGE=0
+# XXX
+#BOOTSTRAP_PORT=none
 
 
 # CT interface bridge configuration.
@@ -41,6 +43,7 @@ BOOTSTRAP_BRIDGE=0
 #	ADMIN_BRIDGE=3
 #	LAN_BRIDGE=10
 #
+# XXX revise numbering...
 ADMIN_BRIDGE=_admin
 WAN_BRIDGE=_wan
 LAN_BRIDGE=_lan

host/make.sh

@@ -38,9 +38,7 @@ SOFTWARE=(
 
 INTERFACES=/etc/network/interfaces
 
-BOOTSTRAP_PORT=${BOOTSTRAP_PORT:-none}
+BRIDGES_TPL=bridges.tpl
-
-BRIDGES_TPL=${BRIDGES_TPL:-bridges.tpl}
 
 # XXX
 #readVars