diff options
| author | Craig Jennings <c@cjennings.net> | 2026-06-30 13:30:07 -0400 |
|---|---|---|
| committer | Craig Jennings <c@cjennings.net> | 2026-06-30 13:30:07 -0400 |
| commit | 324a52b511b8c54ec0e4e706df7a1d4568447efc (patch) | |
| tree | a9952955e6323c6e3072fc3951dd3dca70563e29 | |
| parent | d0ab04751fe437b6c9509a2ff3217cda0f624edc (diff) | |
| download | rulesets-324a52b511b8c54ec0e4e706df7a1d4568447efc.tar.gz rulesets-324a52b511b8c54ec0e4e706df7a1d4568447efc.zip | |
docs: reframe daily-drivers around direct tailscale reach
The rule claimed the agent can't reach the other daily driver, so the only move was to flag the drift. That's false: both machines are on the same tailnet, and this session repaired ratio's dotfiles over tailscale ssh. So the rule now says reach the other box directly to sync, verify, or repair, with flag-it kept as the fallback for when tailscale is down.
I added a section on the connection mechanics: tailscale status lists the nodes, the tailscale IP and MagicDNS name always resolve, a bare hostname only resolves when MagicDNS is configured locally, and the first connection needs StrictHostKeyChecking=accept-new.
| -rw-r--r-- | claude-rules/daily-drivers.md | 28 | ||||
| -rw-r--r-- | docs/design/2026-06-30-daily-drivers-tailscale-correction.org | 9 |
2 files changed, 33 insertions, 4 deletions
diff --git a/claude-rules/daily-drivers.md b/claude-rules/daily-drivers.md index eeda33f..a891c13 100644 --- a/claude-rules/daily-drivers.md +++ b/claude-rules/daily-drivers.md @@ -14,9 +14,17 @@ config, a systemd unit, a credential, a one-time bootstrap step — consider whether the *other* daily driver needs the same change, and flag it. Don't assume a change made on the current machine is live everywhere. -This is a prompt to think, not a script to run. The agent can't reach the other -machine; the point is to surface "the other daily driver may need this too" at -the moment the change lands, so it doesn't silently drift to one box. +Both machines are on the same tailnet, so the agent can usually reach the other +one directly over tailscale ssh — it can sync, verify, or repair the other daily +driver, not just flag the drift. Reach for that when a change needs to land on +both boxes now. (This session repaired ratio's dotfiles and verified the fix +over tailscale; the .emacs.d side has driven ratio the same way — `git fetch` + +`reset --hard` and an `scp` across.) + +When tailscale is down or the other machine is offline, fall back to the +original discipline: this is a prompt to think, and the point is to surface "the +other daily driver may need this too" at the moment the change lands, so it +doesn't silently drift to one box. ## How the sync actually happens @@ -34,11 +42,23 @@ The mechanism depends on what changed: When the change is the one-time kind, say so explicitly: name the manual step the other machine still needs. +## Reaching the other machine over tailscale + +`tailscale status` lists every node with its tailscale IP and online state. +Connect by tailscale IP (e.g. `100.71.182.1`) or MagicDNS name (e.g. +`ratio.tailf3bb8c.ts.net`) — both always resolve and connect. A bare hostname +(`ssh ratio`) works only when MagicDNS is configured on the local machine; +without it the bare name can fail to resolve, which makes the box look +unreachable when it isn't. Prefer the IP or the full MagicDNS name when in +doubt. The first connection from a new address fails host-key verification under +`BatchMode`; add `-o StrictHostKeyChecking=accept-new` to clear it. + ## Knowing which machine you're on `uname -n` returns the hostname (`ratio` or `velox`). Use it when a reminder is machine-specific ("on ratio, you still need to …") so the note is actionable -rather than abstract. +rather than abstract — and after an ssh hop, to confirm which machine you landed +on. ## Current open instance diff --git a/docs/design/2026-06-30-daily-drivers-tailscale-correction.org b/docs/design/2026-06-30-daily-drivers-tailscale-correction.org new file mode 100644 index 0000000..9e2bb52 --- /dev/null +++ b/docs/design/2026-06-30-daily-drivers-tailscale-correction.org @@ -0,0 +1,9 @@ +#+TITLE: Correction to claude-rules/daily-drivers.md: it states 'the +#+SOURCE: from .emacs.d +#+DATE: 2026-06-30 13:20:30 -0400 + +Correction to claude-rules/daily-drivers.md: it states 'the agent can't reach the other machine; the point is to surface...'. That assumption is now demonstrably false. On 2026-06-30, from velox, I drove ratio directly over tailscale ssh — git fetch + reset --hard to repair ratio's .emacs.d after a history rewrite, plus scp'd a file across. Both daily drivers are on the same tailnet and reachable from each other. + +Gotcha worth capturing in the rule: the BARE hostname does not resolve (ssh ratio -> 'Could not resolve hostname'), which makes it look unreachable. The tailscale IP (e.g. 100.71.182.1) and the MagicDNS name (ratio.tailf3bb8c.ts.net) DO resolve and connect. First connection from a given address fails host-key verification under BatchMode; -o StrictHostKeyChecking=accept-new clears it. 'tailscale status' lists every node's IP + online state. + +Suggested rule change: reframe daily-drivers.md from 'can't reach, so surface it' to 'CAN reach over tailscale ssh — so the agent can directly sync/verify/repair the other daily driver, not just flag it'. Keep the flag-it guidance as the fallback for when tailscale is actually down. Add the bare-hostname-doesn't-resolve / use-tailscale-IP-or-MagicDNS gotcha. uname -n still tells you which machine you're on. |
