layered-soul/memories/curated/tailscale-network.md

# Tailscale Network

All Clawdie hosts communicate over Tailscale with zero public exposure.

| Host    | Tailscale IP   | OS         | Role                                   |
| ------- | -------------- | ---------- | -------------------------------------- |
| debby   | ${DEBBY_TS_IP}  | Debian 13  | Primary dev machine, Hermes agent home |
| domedog | ${DOMEDOG_TS_IP} | Linux      | Claude agent, secondary builder        |
| osa     | ${OSA_TS_IP}  | FreeBSD 15 | FreeBSD validation, ISO builder        |

SSH between hosts uses Tailscale IPs, never public IPs. Each host has its own SSH key. No key sharing between hosts. Config in `~/.ssh/config` with `HostName` pointing to Tailscale IPs and `IdentitiesOnly yes`.