TailOpsMCP

🛰️ TailOpsMCP — A secure MCP control surface for Tailscale-connected homelabs

Secure remote monitoring and AI-assisted operations for your homelab over Tailscale — powered by MCP
Model Context Protocol (MCP) server for managing Proxmox LXC containers, Docker stacks, and system administration - all through natural language with AI assistants.

🎯 What is TailOpsMCP?

TailOpsMCP is an MCP (Model Context Protocol) server that lets you manage your home lab infrastructure using AI assistants like Claude, ChatGPT, or any MCP-compatible client. Instead of remembering complex commands, just ask:

"Deploy my monitoring stack from GitHub"
"Analyze the auth logs for security issues"
"What's using all the CPU on dev1?"
"Update all packages on the server"

Perfect for home lab enthusiasts, self-hosters, and DevOps engineers running Proxmox, Docker, and Tailscale.

✨ Key Features

🚀 Current Capabilities

✅ Smart Inventory Management - Auto-detect and track applications running on LXC (Jellyfin, Pi-hole, Ollama, PostgreSQL, etc.)
✅ Multi-System Support - Identify systems by hostname + container ID for managing multiple LXCs with one AI
✅ MCP Prompts - Pre-configured workflows for common tasks (security audit, health check, troubleshooting, inventory setup)
✅ Docker Compose Stack Management - Deploy GitOps-style stacks from repos (like Portainer/Komodo)
✅ Proxmox LXC Detection - Automatic virtualization environment detection
✅ AI-Powered Log Analysis - Root cause detection with actionable recommendations
✅ System Monitoring - CPU, memory, disk, network with historical metrics
✅ Docker Container Management - Start/stop/restart/logs for all containers
✅ Systemd Service Management - Control system services
✅ Package Management - Update systems, install packages
✅ Security Auditing - AI-powered security log analysis
✅ File Operations - Read, search, and analyze system files
✅ Network Diagnostics - Interface status, connectivity tests

🔒 Security First

⚠️ Read the Security Advisory before production deployment

✅ Tailscale Required - Encrypted transport mandatory (no built-in TLS)
✅ OAuth 2.1 with TSIDP - Tailscale Identity Provider authentication
✅ Non-Root Service - Runs as dedicated systemmanager user
✅ Systemd Hardening - Full sandboxing with ProtectSystem, ProtectHome
✅ Audit Logging - Complete tracking of all operations
✅ Scope-Based Access - Fine-grained permission control
⚠️ Approval Gates - Requires external webhook (not built-in)

🔮 Roadmap (See HOMELAB_FEATURES.md)

🔄 LXC Network Auditing - Review and audit container network configs
🔄 Backup & Snapshots - Automated backups with verification
🔄 Certificate Management - Let's Encrypt automation
🔄 Reverse Proxy Management - Traefik/Nginx/Caddy configuration
🔄 Proxmox API Integration - Full VM/container management
🔄 Security Scanning - Container vulnerability detection

🏗️ Architecture

┌─────────────────────────────────────────────────┐
│  AI Assistant (Claude/ChatGPT/etc)             │
│  - Natural language commands                   │
│  - Context-aware suggestions                   │
└──────────────────┬──────────────────────────────┘
                   │ MCP Protocol
┌──────────────────▼──────────────────────────────┐
│  TailOpsMCP MCP Server                          │
│  ┌──────────────────────────────────────────┐  │
│  │ OAuth/OIDC (Tailscale Identity)         │  │
│  └──────────────────────────────────────────┘  │
│  ┌──────────────────────────────────────────┐  │
│  │ AI-Powered Analysis                      │  │
│  │ - Log analysis with root cause detection│  │
│  │ - Security auditing                      │  │
│  │ - Performance recommendations            │  │
│  └──────────────────────────────────────────┘  │
└──────────────────┬──────────────────────────────┘
                   │
    ┌──────────────┼──────────────┬──────────────┐
    │              │              │              │
┌───▼────┐  ┌─────▼─────┐  ┌────▼─────┐  ┌────▼─────┐
│Proxmox │  │  Docker   │  │ Systemd  │  │Tailscale │
│  LXC   │  │ Compose   │  │ Services │  │  Network │
└────────┘  └───────────┘  └──────────┘  └──────────┘

🚀 Quick Start

Method 1: Proxmox LXC (Recommended)

Use the automated Proxmox installer script (inspired by tteck's scripts):

bash -c "$(wget -qLO - https://raw.githubusercontent.com/mdlmarkham/TailOpsMCP/master/ct/build.func)"

This will:

Create a Debian 12 LXC container (2GB RAM, 2 CPU cores, 4GB disk)
Install Python 3.12, Docker, and all dependencies
Walk you through Tailscale OAuth setup
Configure and start the systemd service
Provide complete installation summary

Method 1b: Proxmox Multi-Container (Deploy to Multiple LXCs)

Deploy TailOpsMCP to multiple LXC containers from your Proxmox host in a single operation:

# On your Proxmox host
curl -fsSL https://raw.githubusercontent.com/mdlmarkham/TailOpsMCP/main/scripts/install/install-proxmox-multi.sh -o install-proxmox-multi.sh
chmod +x install-proxmox-multi.sh

# Quick deploy to existing containers
./install-proxmox-multi.sh --containers 101,102,103 --auth token

# Or use a configuration file for complex setups
wget https://raw.githubusercontent.com/mdlmarkham/TailOpsMCP/main/scripts/install/templates/proxmox-multi.conf
nano proxmox-multi.conf  # Edit configuration
./install-proxmox-multi.sh --config proxmox-multi.conf

Features:

✅ Deploy to multiple containers (existing or create new ones)
✅ Sequential or parallel deployment strategies
✅ Auto-configure container features (nesting, TUN device)
✅ Per-container configuration overrides
✅ Comprehensive validation and health checks

See PROXMOX_MULTI_CONTAINER_INSTALL.md for complete documentation.

Method 2: Manual Installation (Any Linux)

Prerequisites

OS: Linux (Ubuntu 22.04+, Debian 11+, Proxmox LXC)
Python: 3.11 or higher
Docker: For container management features (optional)
Tailscale: For secure OAuth authentication (optional but recommended)

Installation Steps

# 1. Download and run the installer
curl -fsSL https://raw.githubusercontent.com/mdlmarkham/TailOpsMCP/master/install.sh | sudo bash

# Or clone and run manually
git clone https://github.com/mdlmarkham/TailOpsMCP.git
cd TailOpsMCP
sudo bash install.sh

The interactive installer will:

✅ Check system requirements (Python, Docker, Tailscale)
🔧 Choose authentication method (OAuth or Token)
🔐 Configure Tailscale OAuth (with step-by-step guide)
📦 Install TailOpsMCP and dependencies
⚙️ Create systemd service
🚀 Start and verify the server

Post-Installation

# Check service status
sudo systemctl status systemmanager-mcp

# View logs
sudo journalctl -u systemmanager-mcp -f

# Test the server
curl http://localhost:8080/.well-known/oauth-protected-resource/mcp

One-Shot Installation

# Download and run the installer
curl -fsSL https://raw.githubusercontent.com/mdlmarkham/TailOpsMCP/master/install.sh | sudo bash

The installer will:

✅ Check system requirements
✅ Install Python dependencies
✅ Set up systemd service
✅ Configure Tailscale OAuth (if available)
✅ Create secure environment file
✅ Start the server

Manual Installation

# 1. Clone repository
git clone https://github.com/mdlmarkham/TailOpsMCP.git
cd TailOpsMCP

# 2. Install dependencies
pip install -r requirements.txt

# 3. Configure authentication (choose one)

# Option A: Tailscale OAuth (Recommended)
cp deploy/.env.template .env
nano .env  # Add your TSIDP credentials
chmod 600 .env

# Option B: Token-based auth (Simpler)
export SYSTEMMANAGER_AUTH_MODE=token
export SYSTEMMANAGER_SHARED_SECRET="your-secret-here"

# 4. Start the server
python -m src.mcp_server

🔐 Tailscale Integration

TailOpsMCP supports Tailscale Identity Provider (TSIDP) for OAuth 2.1 authentication.

Setup TSIDP

Enable TSIDP in your Tailscale admin console:

Settings → OAuth → Identity Provider → Enable

Register OAuth client:
- Navigate to OAuth applications
- Create new application
- Set redirect URI: https://vscode.dev/redirect
- Note the Client ID and Secret

Configure TailOpsMCP:

# Edit /opt/systemmanager/.env
SYSTEMMANAGER_AUTH_MODE=oidc
TSIDP_URL=https://tsidp.tail12345.ts.net
TSIDP_CLIENT_ID=your-client-id
TSIDP_CLIENT_SECRET=your-client-secret
SYSTEMMANAGER_BASE_URL=http://your-server.tail12345.ts.net:8080

Restart service:

sudo systemctl restart systemmanager-mcp

Tailscale ACLs

Add to your tailscale-acl.json:

{
  "acls": [
    {
      "action": "accept",
      "src": ["group:admins"],
      "dst": ["tag:infrastructure:8080"]
    }
  ],
  "tagOwners": {
    "tag:infrastructure": ["group:admins"]
  }
}

🐳 Proxmox Integration

LXC Container Detection

TailOpsMCP automatically detects when running inside a Proxmox LXC container:

{
  "virtualization": {
    "type": "lxc",
    "method": "systemd-detect-virt"
  }
}

Recommended LXC Configuration

# /etc/pve/lxc/103.conf
arch: amd64
cores: 2
memory: 2048
net0: name=eth0,bridge=vmbr0,firewall=1,ip=dhcp
rootfs: local-lvm:vm-103-disk-0,size=8G

# Enable Docker in LXC
features: nesting=1,keyctl=1
lxc.apparmor.profile: unconfined
lxc.cgroup2.devices.allow: c 10:200 rwm  # /dev/net/tun for Tailscale

Network Auditing (Coming Soon)

# Audit LXC network configuration
audit_lxc_network(container_id=103)

# Output:
# - Network interfaces and bridges
# - Firewall rules
# - Port forwards
# - Security recommendations

📦 Application Inventory

TailOpsMCP can track what applications are running directly on your LXC container (not just Docker), providing context-aware assistance.

Initial Setup

Use the interactive setup_inventory prompt to configure your system:

You: "Let's set up the inventory for this system"

AI will guide you through:
1. System identification (hostname, container ID, type)
2. Auto-scan for installed applications
3. Manual additions if needed
4. Review and save

Auto-Detection

TailOpsMCP can auto-detect these applications:

Media Servers: Jellyfin, Plex
Network Services: Pi-hole, AdGuard Home, WireGuard
Databases: PostgreSQL, MySQL, MariaDB, MongoDB, Redis
Web Servers: Nginx, Apache
Home Automation: Home Assistant
Monitoring: Prometheus, Grafana
AI/LLM: Ollama
Other: Nextcloud, Portainer, and more

API Examples

# Scan for installed applications
scan_installed_applications(save_to_inventory=True)

# View complete inventory
get_inventory()
# Returns: system identity, applications, Docker stacks

# Manually add an application
add_application_to_inventory(
    name="ollama",
    app_type="ai-llm",
    version="0.1.14",
    port=11434,
    service_name="ollama",
    config_path="/etc/ollama",
    notes="Running Llama 3.2 model"
)

# Update system identity (for multi-system setups)
set_system_identity(
    hostname="dev1",
    container_id="103",
    container_type="lxc",
    mcp_server_name="dev1-103"  # Unique name for this MCP instance
)

Multi-System Management

When managing multiple LXC containers with a single AI:

Each system gets a unique identifier: hostname-containerID (e.g., dev1-103)
The inventory tracks what's running on each system
AI provides context-aware suggestions based on what you have installed
Inventory stored in /var/lib/systemmanager/inventory.json per system

Benefits

✓ Context-Aware Help: AI knows what apps you're running
✓ Better Troubleshooting: Targeted recommendations based on your stack
✓ Documentation: Auto-generated infrastructure documentation
✓ Security Audits: Application-specific security checks
✓ Performance Analysis: Understanding resource usage by app

🐋 Docker Integration

Docker Compose Stack Management

Deploy and manage stacks like Portainer/Komodo:

# Deploy stack from GitHub
deploy_stack(
    stack_name="monitoring",
    repo_url="https://github.com/user/prometheus-stack",
    branch="main",
    env_vars={"DOMAIN": "metrics.home.lab"}
)

# Update stack (git pull + docker compose up)
update_stack("monitoring")

# List all stacks
list_stacks()

Container Management

# AI-powered log analysis
analyze_container_logs(
    name_or_id="nginx",
    context="Why is it restarting?"
)

# Start/stop/restart
manage_container(action="restart", name_or_id="nginx")

# Get container list with status
get_container_list()

📊 Usage Examples

With Claude Desktop

Add to your claude_desktop_config.json:

{
  "mcpServers": {
    "tailopsmcp": {
      "type": "http",
      "url": "http://your-server.tail12345.ts.net:8080/mcp"
    }
  }
}

Then ask Claude:

"Show me system status"
"What are the top processes by CPU usage?"
"Analyze the syslog for security issues"
"Check if my web server container is running"
"Test connectivity to database.home.lab:5432"
"Pull the latest nginx image"

With GitHub Copilot Chat (VS Code)

The MCP protocol is supported natively - just install and reload VS Code.

Example prompts:

"@tailopsmcp what containers are running?"
"@tailopsmcp analyze Docker logs for my app container"
"@tailopsmcp check system resource usage"

Programmatic Access (Python)

import requests

# Token-based auth
headers = {"Authorization": f"Bearer {token}"}

# OAuth-based auth
# (OAuth flow handled by MCP client)

response = requests.post(
    "http://your-server:8080/mcp",
    json={
        "method": "tools/call",
        "params": {
            "name": "get_system_status",
            "arguments": {"format": "json"}
        }
    },
    headers=headers
)

print(response.json())

🔧 Configuration

Environment Variables

TailOpsMCP is configured via /opt/systemmanager/.env:

# Authentication Mode (oidc or token)
SYSTEMMANAGER_AUTH_MODE=oidc
SYSTEMMANAGER_REQUIRE_AUTH=true

# Tailscale OAuth (TSIDP)
TSIDP_URL=https://tsidp.tail12345.ts.net
TSIDP_CLIENT_ID=your_client_id
TSIDP_CLIENT_SECRET=your_client_secret
SYSTEMMANAGER_BASE_URL=http://server.tail12345.ts.net:8080

# Or Token-based
# SYSTEMMANAGER_SHARED_SECRET=your_secret_here

# Logging
LOG_LEVEL=INFO  # DEBUG, INFO, WARNING, ERROR

Service Management

# Check status
sudo systemctl status systemmanager-mcp

# View logs
sudo journalctl -u systemmanager-mcp -f

# Restart
sudo systemctl restart systemmanager-mcp

# Enable/disable auto-start
sudo systemctl enable systemmanager-mcp
sudo systemctl disable systemmanager-mcp

Update to Latest Version

# Run the update script (Proxmox LXC only)
pct exec 103 -- bash -c "$(wget -qLO - https://raw.githubusercontent.com/mdlmarkham/TailOpsMCP/master/ct/build.func)" -s --update

# Or manually
cd /opt/systemmanager
sudo systemctl stop systemmanager-mcp
git pull
source venv/bin/activate
pip install --upgrade pip
pip install -r requirements.txt
sudo systemctl start systemmanager-mcp

🛠️ Advanced Usage

Custom Scopes and Permissions

TailOpsMCP supports fine-grained scope-based authorization:

# Define scopes for different users/teams
SCOPES = {
    "system:read": "Read system status",
    "system:write": "Modify system settings",
    "docker:read": "View containers",
    "docker:write": "Manage containers",
    "network:read": "View network info",
    "network:write": "Modify network settings"
}

Configure in TSIDP OAuth application or token claims.

AI-Powered Log Analysis

TailOpsMCP uses MCP sampling for intelligent log analysis:

# Analyze container logs
analyze_container_logs(
    name_or_id="nginx",
    lines=500,
    context="Why is the container crashing?",
    use_ai=True
)

# Analyze system logs (syslog, journal)
analyze_container_logs(
    name_or_id="/var/log/syslog",
    context="Find security issues"
)

Returns:

Summary: Overview of log contents
Errors: Identified errors with severity
Root Cause: AI-determined likely causes
Recommendations: Actionable fixes

Docker Compose GitOps Workflow

# Deploy stack from GitHub repo
deploy_stack(
    stack_name="monitoring",
    repo_url="https://github.com/user/prometheus-stack",
    branch="main",
    compose_file="docker-compose.yml",
    env_vars={
        "GRAFANA_DOMAIN": "grafana.home.lab",
        "PROMETHEUS_RETENTION": "30d"
    }
)

# Update stack (git pull + redeploy)
update_stack("monitoring")

# Remove stack
remove_stack("monitoring", remove_volumes=False)

Systemd Service Management (Roadmap)

# Manage systemd services
manage_service(
    action="restart",  # start, stop, restart, enable, disable
    service_name="nginx"
)

# Get service status
get_service_status("nginx")

🐛 Troubleshooting

Service Won't Start

# Check logs for errors
sudo journalctl -u systemmanager-mcp -n 100 --no-pager

# Common issues:
# 1. Python not found - check venv path in service file
# 2. Missing dependencies - reinstall: pip install -r requirements.txt
# 3. Port already in use - check: sudo lsof -i :8080

OAuth Authentication Failing

# Verify TSIDP configuration
curl https://tsidp.tail12345.ts.net/.well-known/openid-configuration

# Test token introspection
curl -X POST https://tsidp.tail12345.ts.net/api/v2/oauth/introspect \
  -u "client_id:client_secret" \
  -d "token=your_access_token"

# Check server logs
sudo journalctl -u systemmanager-mcp -f | grep -i oauth

Container Management Not Working

# Verify Docker socket permissions
ls -la /var/run/docker.sock

# If permission denied, add systemmanager user to docker group
# (Current version runs as root, but for non-root:)
sudo usermod -aG docker systemmanager

# Test Docker access
docker ps

Tailscale Connectivity Issues

# Check Tailscale status
tailscale status

# Verify DNS resolution
dig server.tail12345.ts.net

# Test local access first
curl http://localhost:8080/.well-known/oauth-protected-resource/mcp

# Then test via Tailscale hostname
curl http://server.tail12345.ts.net:8080/.well-known/oauth-protected-resource/mcp

High Memory Usage

TailOpsMCP is lightweight but Docker containers add up:

# Check memory usage
free -h

# Limit systemmanager memory (edit service file)
sudo nano /etc/systemd/system/systemmanager-mcp.service

# Add under [Service]:
MemoryMax=512M
MemoryHigh=384M

sudo systemctl daemon-reload
sudo systemctl restart systemmanager-mcp

🗺️ Roadmap

✅ Current Features (v1.0)

System monitoring (CPU, memory, disk, network)
Docker container management
AI-powered log analysis (Docker + system logs)
Network diagnostics (ping, traceroute, port testing)
SSL certificate checking
Tailscale OAuth (TSIDP) authentication
Token-based authentication
HTTP streaming transport (MCP)
Proxmox LXC detection

🚧 Phase 2 (Q1 2025)

Docker Compose stack management (deploy/update/remove)
Systemd service management
LXC network auditing
Package management (apt/yum update/install)
File operations (read/write/search)
Enhanced security scopes

🔮 Phase 3 (Q2 2025)

Proxmox API integration (VM/CT management)
Backup and snapshot management
Resource usage alerts and notifications
Multi-node cluster support
Web UI dashboard (optional)

💡 Phase 4 (Future)

Ansible playbook execution
Infrastructure-as-Code validation
Cost tracking and optimization
Security scanning and compliance
Integration with Home Assistant
Mobile app for emergency access

See HOMELAB_FEATURES.md for detailed roadmap.

🤝 Contributing

We welcome contributions from the home lab community!

Ways to Contribute

Report Bugs: Open an issue with details about the problem
Feature Requests: Suggest new tools or improvements
Code Contributions: Submit pull requests
Documentation: Help improve docs and examples
Share Your Setup: Tell us how you're using TailOpsMCP

Development Setup

# Clone the repository
git clone https://github.com/mdlmarkham/TailOpsMCP.git
cd TailOpsMCP

# Create virtual environment
python3 -m venv venv
source venv/bin/activate  # On Windows: venv\Scripts\activate

# Install dependencies
pip install -r requirements.txt

# Run tests
pytest

# Run server in development mode
python -m src.mcp_server

Code Style

Follow PEP 8 guidelines
Add type hints to all functions
Write docstrings for new tools
Include tests for new features

Pull Request Process

Fork the repository
Create a feature branch (git checkout -b feature/amazing-feature)
Make your changes
Run tests (pytest)
Commit with clear message (git commit -m 'Add amazing feature')
Push to branch (git push origin feature/amazing-feature)
Open a Pull Request

📜 License

MIT License - see LICENSE file for details.

🙏 Acknowledgments

Proxmox VE - Best open-source hypervisor for home labs
Tailscale - Zero-config VPN that just works
FastMCP - Python framework for MCP servers
Model Context Protocol - Standard for AI assistant integrations
Community Scripts - Inspiration for the installer
Home Lab Community - For all the inspiration and support

📞 Support

Documentation: https://github.com/mdlmarkham/TailOpsMCP
Issues: GitHub Issues
Discussions: GitHub Discussions

Built with ❤️ for the Home Lab Community

If you find this useful, please ⭐ star the repo!

Usage

MCP Client Connection

import asyncio
from mcp import Client

async def main():
    async with Client.connect("http://localhost:8080") as client:
        # Get system status
        status = await client.call_tool("get_system_status", {})
        print("System Status:", status)
        
        # List Docker containers
        containers = await client.call_tool("get_container_list", {})
        print("Containers:", containers)

asyncio.run(main())

Available MCP Tools (22 Total)

Note: Tool access controlled by scopes. See Security Documentation for authorization requirements.

System Monitoring (5 tools) - Scope: `system:read`

get_system_status — CPU, memory, disk, uptime, load average
get_top_processes — Top processes by CPU/memory (supports format="toon")
get_network_status — Network interfaces with addresses and stats
get_network_io_counters — Network I/O statistics summary
health_check — Server health status (no auth required)

Docker Management (6 tools)

get_container_list — List containers (scope: container:read, supports format="toon")
manage_container — Start/stop/restart/logs (scope: container:write, HIGH RISK)
analyze_container_logs 🆕 — AI-powered log analysis with root cause detection (scope: container:read)
list_docker_images — List images (scope: container:read)
update_docker_container — Update with latest image (scope: container:admin, CRITICAL, requires approval)
pull_docker_image — Pull from registry (scope: docker:admin, CRITICAL, requires approval)

File Operations (1 consolidated tool) - Scope: `file:read`

file_operations — List/read/tail/search files (HIGH RISK - path restrictions apply)

Network Diagnostics (8 tools)

ping_host — Ping with latency (scope: network:diag, supports format="toon")
test_port_connectivity — TCP connectivity (scope: network:diag)
dns_lookup — DNS resolution (scope: network:diag)
check_ssl_certificate — SSL cert validation (scope: network:diag)
http_request_test — HTTP testing (scope: network:diag, HIGH RISK, requires approval)
get_active_connections — Network connections (scope: network:read, supports format="toon")
get_docker_networks — Docker networks (scope: container:read)
traceroute — Route tracing (scope: network:diag)

System Administration (3 tools) - Scope: `system:admin`

check_system_updates — Check for updates (scope: system:read)
update_system_packages — Update all packages (CRITICAL, requires approval)
install_package — Install packages (CRITICAL, requires approval)

Risk Levels:

🟢 Low: Read-only operations, safe for monitoring
🟡 Moderate: Network diagnostics, limited impact
🟠 High: Write operations, requires scoped access
🔴 Critical: Destructive operations, requires approval + scoped access

Deployment

Security Checklist

Before deploying to production:

✅ Deploy behind Tailscale (NEVER expose to public internet)
✅ Configure Tailscale ACLs to limit access to tagged devices
✅ Enable authentication (SYSTEMMANAGER_REQUIRE_AUTH=true)
✅ Generate scoped tokens with appropriate TTLs
✅ Enable audit logging to track operations
✅ Review Security Documentation

Deployment Options

Standard Linux Deployment

# Systemd service
sudo cp deploy/systemd/systemmanager-mcp.service /etc/systemd/system/
sudo systemctl enable systemmanager-mcp
sudo systemctl start systemmanager-mcp

Tailscale Services (Zero-Config Service Discovery)

Tailscale Services provides enterprise-grade service discovery and high availability:

# Quick setup (interactive)
sudo /opt/systemmanager/scripts/setup_tailscale_service.sh

# Manual setup
tailscale serve \
  --service=svc:systemmanager-mcp \
  --tls-terminated-tcp=8080 \
  tcp://localhost:8080

# Then approve in admin console:
# https://login.tailscale.com/admin/services

Benefits:

🌐 Stable Names: Access via http://systemmanager-mcp.yourtailnet.ts.net:8080
🔄 High Availability: Multiple hosts with automatic failover
🔍 Auto-Discovery: DNS SRV records for service discovery
🔐 Service ACLs: Granular access control per service
🚀 Zero Reconfiguration: Move hosts without updating clients

Documentation: See TAILSCALE_SERVICES.md for complete guide

ProxMox LXC Containers

Deploy as a lightweight container with minimal resource requirements.

Development

Project Structure

src/
├── models/          # Data models
├── services/        # Business logic
├── cli/            # Command-line interface
└── lib/            # Utilities and helpers

tests/              # Test suite
deploy/             # Deployment configurations
docs/               # Documentation

Testing

# Run tests
pytest tests/

# Run with coverage
pytest --cov=src tests/

# Run specific test categories
pytest tests/unit/
pytest tests/integration/
pytest tests/contract/

Contributing

Fork the repository
Create a feature branch
Make your changes
Add tests
Submit a pull request

Please ensure all changes adhere to the project constitution and include appropriate tests.

License