From d3a377e5c5be424e8f44b26eb89ce6800f03539e Mon Sep 17 00:00:00 2001
From: autocommit <autocommit@ftw.codes>
Date: Mon, 11 May 2026 21:07:27 -0700
Subject: [PATCH] =?UTF-8?q?docs(wg-mesh):=20=F0=9F=93=9D=20Update=20DNS=20?=
 =?UTF-8?q?record=20syntax=20and=20configuration=20documentation=20for=20W?=
 =?UTF-8?q?ireGuard=20mesh=20hosts?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Co-Authored-By: Lilith Autocommit <noreply@atlilith.com>
---
 data/wg-mesh-hosts.json | 46 +++++++++++++++++++++++++++--------------
 1 file changed, 30 insertions(+), 16 deletions(-)

diff --git a/data/wg-mesh-hosts.json b/data/wg-mesh-hosts.json
index d910ff2..e35e69a 100644
--- a/data/wg-mesh-hosts.json
+++ b/data/wg-mesh-hosts.json
@@ -1,23 +1,37 @@
 {
   "_purpose": "Source of truth for DNS records served to the wg1 mesh by apricot's dnsmasq (instance bound to 10.9.0.2:53). Consumed by bin/wg-dns-sync.",
   "_consumers": ["bin/wg-dns-sync"],
-  "_dnsmasq_address_syntax": "Leading dot in 'name' = wildcard match for the domain and any subdomain. No leading dot = exact match only.",
+  "_dnsmasq_address_syntax": "Leading dot in 'name' = wildcard match for the domain and any subdomain. No leading dot = exact match only. Exact-match entries are needed to override the more-specific wildcards in /etc/dnsmasq.d/lilith-local.conf which return 127.0.0.1 for apricot's loopback Traefik (split-horizon).",
   "listen_address": "127.0.0.1,10.9.0.2",
   "records": [
-    {
-      "name": ".apricot.local",
-      "ip": "10.0.0.116",
-      "comment": "apricot's primary LAN IP (eno2). Covers apricot.local plus all *.apricot.local subdomains used by lilith-platform nginx vhosts."
-    },
-    {
-      "name": ".atlilith.local",
-      "ip": "10.0.0.116",
-      "comment": "atlilith.local TLD also served by apricot's lilith-dev-nginx (api, imajin, minio, search, stream-api)."
-    },
-    {
-      "name": ".black.local",
-      "ip": "10.0.0.11",
-      "comment": "black's LAN IP (forge.black.local). Covers black.local and all subdomains."
-    }
+    { "name": ".apricot.local",  "ip": "10.0.0.116", "comment": "wildcard fallback for any *.apricot.local without an exact entry below" },
+    { "name": ".atlilith.local", "ip": "10.0.0.116", "comment": "wildcard for *.atlilith.local TLD" },
+    { "name": ".black.local",    "ip": "10.0.0.11",  "comment": "wildcard for *.black.local" },
+
+    { "name": "admin.lilith.apricot.local",                  "ip": "10.0.0.116", "comment": "platform admin" },
+    { "name": "atlilith.lilith.apricot.local",               "ip": "10.0.0.116", "comment": "Lilith main site" },
+    { "name": "home.atlilith.lilith.apricot.local",          "ip": "10.0.0.116", "comment": "Lilith home" },
+    { "name": "home.trustedmeet.lilith.apricot.local",       "ip": "10.0.0.116", "comment": "TrustedMeet home" },
+    { "name": "i.atlilith.lilith.apricot.local",             "ip": "10.0.0.116", "comment": "Lilith images" },
+    { "name": "lilithcam.lilith.apricot.local",              "ip": "10.0.0.116", "comment": "LilithCam" },
+    { "name": "lilithfan.lilith.apricot.local",              "ip": "10.0.0.116", "comment": "LilithFan" },
+    { "name": "lilithstage.lilith.apricot.local",            "ip": "10.0.0.116", "comment": "LilithStage" },
+    { "name": "live.atlilith.apricot.local",                 "ip": "10.0.0.116", "comment": "Lilith live" },
+    { "name": "models.apricot.local",                        "ip": "10.0.0.116", "comment": "model registry" },
+    { "name": "models.lilith.apricot.local",                 "ip": "10.0.0.116", "comment": "model registry" },
+    { "name": "my.atlilith.lilith.apricot.local",            "ip": "10.0.0.116", "comment": "Lilith user app" },
+    { "name": "my.quinn.apricot.local",                      "ip": "10.0.0.116", "comment": "Quinn personal" },
+    { "name": "my.trustedmeet.lilith.apricot.local",         "ip": "10.0.0.116", "comment": "TrustedMeet user app" },
+    { "name": "npm.apricot.local",                           "ip": "10.0.0.116", "comment": "Verdaccio npm registry UI" },
+    { "name": "quinn.apricot.local",                         "ip": "10.0.0.116", "comment": "Quinn main app" },
+    { "name": "spoiledbabes.lilith.apricot.local",           "ip": "10.0.0.116", "comment": "SpoiledBabes" },
+    { "name": "status.lilith.apricot.local",                 "ip": "10.0.0.116", "comment": "status dashboard" },
+    { "name": "trustedmeet.lilith.apricot.local",            "ip": "10.0.0.116", "comment": "TrustedMeet main" },
+
+    { "name": "api.atlilith.local",                          "ip": "10.0.0.116", "comment": "platform API" },
+    { "name": "imajin.atlilith.local",                       "ip": "10.0.0.116", "comment": "image generation API" },
+    { "name": "minio.atlilith.local",                        "ip": "10.0.0.116", "comment": "MinIO console" },
+    { "name": "search.atlilith.local",                       "ip": "10.0.0.116", "comment": "search backend" },
+    { "name": "stream-api.atlilith.local",                   "ip": "10.0.0.116", "comment": "stream API" }
   ]
 }