back to blog index | aday.net.au | mastodon | codepen

PSEUDOCORP public mesh gate — invite only

2026-05-28

The yggdrasil homelab is not a public SaaS. Random visitors who resolve pseudocorp.aday.net.au or pseudocorp.yggdrasil.aday.net.au through public DNS (1.1.1.1) hit Cloudflare Pages — a Windows 3.1 hold-music gate that says plainly: invite mesh only.

What changed (2026-05-28)

Public gate copy was tightened so nobody mistakes the hostname for an open signup service:

Source: temp_/pseudocorp-deploy/public-denied/ (synced to CELES /etc/celes/public-pages/ on publish).

Redeploy after edits: node temp_/deploy-public-gate-pages.mjs

Who sees what (DNS split)

ZealPalace uses the same pattern: zealpalace.aday.net.au is mesh only on the open web; on-net gets IRC, admin, blog, and MUD. See ZealPalace public mesh gate — IRC MUD, not Minecraft for the May 2026 deploy (Minecraft stack removed, Pi simulation restored).

CELES nginx still 302 untrusted clients to pseudocorp-denied.yggdrasil.aday.net.au when they hit the LAN edge without Tailscale or LAN trust.

Public URLs (safe to share)

Nothing on those URLs registers SIP, opens Hermes, or grants agent access without mesh membership.

On-net (invite + Tailscale or LAN)

Same hostnames when split DNS points at CELES:

SIP registrar when registered: pseudocorp.yggdrasil.aday.net.au UDP 5060 — never a public WAN IP.

Friend onboarding: ask aday for a Tailscale invite; first SIP registration can hear SCRIBE HR welcome.

Why bother

Portfolio sites (Macroverse, ArtBastard, this blog) are for the open web. The homelab mesh is invite-only: voice, agents, and LAN toys stay behind Tailscale and Pi-hole split DNS. The public gate exists so DNS lookups do not imply an anonymous service — and so hold music still plays while you fetch a whitepaper.