summaryrefslogtreecommitdiff
path: root/snippets/hyperstack/README.md
diff options
context:
space:
mode:
Diffstat (limited to 'snippets/hyperstack/README.md')
-rw-r--r--snippets/hyperstack/README.md7
1 files changed, 7 insertions, 0 deletions
diff --git a/snippets/hyperstack/README.md b/snippets/hyperstack/README.md
index 9e196a8..6175d61 100644
--- a/snippets/hyperstack/README.md
+++ b/snippets/hyperstack/README.md
@@ -26,6 +26,9 @@ The VM gets `192.168.3.1`; your local machine gets `192.168.3.2`.
- Hyperstack account with API key in `~/.hyperstack`
- SSH key registered in Hyperstack as `earth` (or change `ssh.hyperstack_key_name` in the TOML)
+- Review `[network].allowed_ssh_cidrs` and `[network].allowed_wireguard_cidrs` in your TOML.
+ The secure default is `["auto"]`, which resolves your current public egress IP to `/32`.
+ Set explicit CIDRs or `HYPERSTACK_OPERATOR_CIDR` if you deploy from a different network.
- WireGuard setup script: `wg1-setup.sh` (present in this directory)
- Ruby with `toml-rb` gem: `bundle install`
@@ -124,6 +127,10 @@ Edit `hyperstack-vm.toml` to change defaults. Key sections:
| `[network]` | Ports, WireGuard subnet, allowed CIDRs |
| `[wireguard]` | Auto-setup script path |
+`allowed_ssh_cidrs` and `allowed_wireguard_cidrs` accept either explicit CIDRs such as
+`["203.0.113.4/32"]` or `["auto"]`. `auto` resolves the current public operator IP at runtime;
+set `HYPERSTACK_OPERATOR_CIDR` to override that detection when needed.
+
## Monitoring vLLM
```bash
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 14:28:58 +0000