bcd9b9aa56
scripts/fleet-fips-pair.sh writes a deterministic /etc/fips/fips.yaml on each of our 4 dev fleet nodes (.116/.198/.228/.253), listing the other three as static FIPS peers over their LAN IPs (UDP 2121 / TCP 8443). Also flips `node.identity.persistent: true` so the npub stays stable across restarts — without this the daemon rolls a new keypair on every restart and federation invites that carried the previous npub go stale. The script is NOT the general deployment mechanism: - Every archipelago install already ships fips.v0l.io as an anchor peer, so any node can DHT-route to any npub that has ever announced on the public mesh. - Federation invites (v1.4+) carry the peer's fips_npub, so accepting an invite is enough for crate::fips::dial::peer_base_url(npub) to reach the peer through the anchor network. - This script is a LAN fast-path optimization so intra-fleet traffic stays on the wire instead of bouncing through fips.v0l.io. Usage: scripts/fleet-fips-pair.sh # apply to all nodes scripts/fleet-fips-pair.sh --verify # print current peer state Verified: all 4 fleet nodes now report 3 authenticated peers each (their 3 fleet siblings), plus fips.v0l.io in the identity cache. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
5.8 KiB
Executable File
5.8 KiB
Executable File