The Realm of Hades

Gate I

⚒️The Foundation

The bedrock upon which the Underworld rests

Before any soul could be judged, the earth itself had to be shaped. An Oracle Cloud citadel was raised from silicon and wire — ARM-forged, Ubuntu-tempered, built to endure.

Citadel

OCI ARM A1.Flex

Soul

Ubuntu 24.04 LTS

True Name

hades-vnic

Realm Address

152.69.172.49

Gate II

🕳️The Passage

Headscale — the self-sovereign tunnel between realms

Once we relied on Tailscale's distant coordination servers. No longer. Headscale now runs within Hades itself — a self-hosted mesh that bends to no external authority. The iPhone and the server speak directly, through an encrypted tunnel only the worthy may traverse. DERP and STUN run from Sydney, never leaving the underworld.

Coordination

headscale.kevinpaul.au

Hades IP

100.64.0.2

iPhone IP

100.64.0.1

DERP Region

900 — Sydney (Hades)

SSH Access

Headscale only

Public SSH

Denied

Gate III

⚙️The Engine Room

Docker — the container forge of the Underworld

Deep in the belly of Hades, the forges burn eternal. Each soul is bound to its own container — isolated, restartable, unable to corrupt its neighbours. The homelab network connects them all, a river of packets flowing between the damned.

Soul	Purpose	Port
caddy	The Gatekeeper — reverse proxy, TLS terminator	80, 443
headscale	The Passage — self-hosted mesh VPN coordination	3478/udp
dice-signaling	The Oracle — WebSocket signaling for P2P dice	8080
deploy-webhook	The Ferryman — carries new code across the river	9000
agora	The Meeting Place — Orthodox event finder for Sydney	3000
gorgon	The Scribe of Heaven — Byzantine chant notation writer	3000
haggle	The Marketplace — AI-assisted negotiation tool	3000
wikigame	The Race — speedrun Wikipedia to a target article	3000
gatus	The Watchtower — monitors all vital signs	3001
portainer	The Scribe — container management UI	9443

Gate IV

🛡️The Gatekeeper

Caddy — guardian of all who seek entry

Cerberus had three heads; Caddy has ten virtual hosts. Every request that arrives at the gates is inspected, sorted, and sent to its rightful destination — or cast into the void with a 404. TLS certificates are conjured automatically. No mortal need manage them.

headscale.kevinpaul.au → headscale:8080
dice.kevinpaul.au
  ├── /deploy → deploy-webhook:9000
  ├── /ws*   → dice-signaling:8080
  ├── /health → dice-signaling:8080
  └── /*     → /srv/dice (SPA)
hades.kevinpaul.au → /srv/hades (this page)
styx.kevinpaul.au → /srv/styx
haggle.kevinpaul.au → haggle:3000
wiki.kevinpaul.au   → wikigame:3000
japan.kevinpaul.au → /srv/japan (static)
orthodoxy.au       → /srv/orthodoxy (static)
agora.orthodoxy.au → agora:3000
gorgon.orthodoxy.au → gorgon:3000

Gate V

👁️The Watchtower

Gatus — the all-seeing eye of the Underworld

Argus Panoptes had a hundred eyes; Gatus has fifteen monitors. Every 60 seconds, it peers into the darkness and reports what it finds. If a soul goes silent, the watchtower knows. Its vigil is accessible only to those on the Headscale mesh.

Dice Frontend

● 60s

Signaling Health

● 60s

WS Health

● 60s

Signaling Internal

● 60s

Agora Frontend

● 60s

Agora Internal

● 60s

Gorgon Frontend

● 60s

Gorgon Internal

● 60s

Haggle Frontend

● 60s

Haggle Internal

● 60s

Wiki Frontend

● 60s

Wiki Internal

● 60s

Headscale Internal

● 60s

Headscale API

● 120s

Deploy Webhook

● 300s

Gate VI

🎲The Dice Halls

dice.kevinpaul.au — the game that started it all

In the Fields of Asphodel, the shades gather to roll dice for eternity. A P2P signaling server routes their WebSocket whispers, connecting host to player through ephemeral rooms that vanish like morning mist. No database. No persistence. Just the eternal now.

Protocol

v0.5 switchboard

Architecture

Stateless, host-authoritative

Transport

WebSocket → WebRTC

Dependency

ws@^8.16.0

git push → GitHub webhook → deploy-webhook → git pull → restart
// Charon ferries the code across in ~5 seconds

Gate VII

☦️The Sacred Arts

Three works in service of the Orthodox Faith

Not all souls in Hades are damned. Some are sanctified. Three projects serve the Orthodox Church of Sydney and Australia — a roster of events, a writer of ancient chant, and a gateway to the jurisdictions of this land.

Name	Purpose	Domain
agora	Orthodox event finder for Sydney — AI-powered, sourced from parish websites	agora.orthodoxy.au
gorgon	Byzantine chant notation writer — compose and export Gorgon-notation scores	gorgon.orthodoxy.au
orthodoxy.au	iOS picker wheel launcher — choose your jurisdiction, open its website	orthodoxy.au

Gate VIII

⚔️The Arenas

Two games for the living and the restless

The shades need entertainment. Two arenas were built within the walls of Hades — one for those who wish to haggle their way to a better deal, another for those who race through the labyrinth of human knowledge.

Name	Purpose	Domain
haggle	AI negotiation practice — roleplay price negotiations against Claude	haggle.kevinpaul.au
wikigame	Wikipedia speedrun — navigate from a random article to a target using only links	wiki.kevinpaul.au

Gate IX

☁️The Cloudflare Gate

The outermost veil between mortals and the Underworld

Before any mortal's request can reach Hades, it must pass through the orange clouds of Cloudflare — DNS resolved, SSL terminated, cached and proxied. But no Workers toil here. We learned that lesson the hard way. The clouds are for routing only. All thinking happens in the depths.

Zone

kevinpaul.au

SSL Mode

Full

Workers

None (by decree)

WebSockets

Passthrough

Gate X

🔥The Wall

Two layers of fire — OCI Security List & UFW

The walls of Tartarus are said to be impenetrable. Ours come close: a double firewall — the OCI Security List blocks at the cloud, UFW blocks at the host. SSH from the public internet? Cast into the pit. fail2ban watches for those who try the gates too many times.

Layer 1 — OCI

TCP 80/443, UDP 3478/41641

Layer 2 — UFW

tailscale0 + 80/443 + 3478/udp

Public SSH

Denied

fail2ban

3 strikes, 24h ban

The Chronicle

📜What Was Done

The deeds recorded by the Fates

From a barren Oracle Cloud instance to a fully operational underworld — these are the events inscribed upon the walls of Tartarus.

16 Mar 2026 — The Foundation was laid — OCI ARM instance provisioned, packages installed, the ground prepared

16 Mar 2026 — The Passage was opened — Tailscale mesh VPN established, SSH secured through the tunnel

16 Mar 2026 — The Forges were lit — Docker installed, the homelab network woven between containers

16 Mar 2026 — The Gatekeeper took position — Caddy reverse proxy with automatic TLS via Let's Encrypt

16 Mar 2026 — The Archive was migrated — dice.kevinpaul.au moved from cPanel to Hades, served through Cloudflare

16 Mar 2026 — The Ferryman was summoned — GitHub webhook auto-deploys on every push to main

16 Mar 2026 — The Watchtower was raised — Gatus monitoring deployed, replacing Uptime Kuma

16 Mar 2026 — The Wall was sealed — double firewall (OCI + UFW), fail2ban, Tailscale-only SSH

16 Mar 2026 — The scrolls were written — GATES.md, CLAUDE.md, and the first telling of this page

17 Mar 2026 — The Agora was opened — agora.orthodoxy.au deployed; Orthodox events for Sydney, scraped and AI-enriched

17 Mar 2026 — Gorgon was awakened — Byzantine chant notation writer deployed at gorgon.orthodoxy.au

17 Mar 2026 — The Arenas were built — haggle.kevinpaul.au (AI negotiation) and wiki.kevinpaul.au (Wikipedia speedrun) deployed

18 Mar 2026 — The Passage was seized — Headscale v0.28 deployed; coordination server brought within Hades itself. Official Tailscale retired.

18 Mar 2026 — The Gate was opened to all — hades.kevinpaul.au made public, sealed behind the name of the uncrossable river