# NC01 Reference NC01 is the current host registered as a UniDesk provider-gateway node. Host maintenance uses `trans NC01 ...`; Kubernetes maintenance uses `trans NC01:k3s ...`. ## Source Of Truth - Host k8s/provider config: `config/unidesk-host-k8s.yaml`. - Host proxy config: `config/platform-infra/host-proxy.yaml#targets.NC01`; NC01 host-proxy uses `/root/vpn-server` as the VPN server source. - HWLAB node/lane config: `config/hwlab-node-lanes.yaml#lanes.v03.targets.NC01`. - HWLAB control-plane config: `config/hwlab-node-control-plane.yaml#nodes.NC01`. - AgentRun config: `config/agentrun.yaml`, lane `nc01-v02`. - NC01 host PostgreSQL config: `config/platform-db/postgres-nc01.yaml`. ## Fixed Repos - HWLAB v0.3 fixed repo: `/root/hwlab`, branch `v0.3`. - AgentRun v0.2 fixed repo: `/root/agentrun`, branch `v0.2`. - UniDesk source/config authority remains `/root/unidesk`. ## Database Boundary NC01 databases run on host-native PostgreSQL, not Docker or Kubernetes. Kubernetes workloads that need PostgreSQL must use YAML-declared external PostgreSQL bridge objects and Secrets. For HWLAB v0.3, the Kubernetes Service `nc01-host-postgres` in namespace `hwlab-v03` points to host PostgreSQL at `10.42.0.1:5432`. Runtime database Secrets are sourced from `.state/secrets/hwlab/*` via YAML sourceRef and must only be reported as present/fingerprint metadata, never as full values. ## GitHub Token The local GitHub token source is `.env/gh_token.txt`. It must be stored as a bare token and consumed through controlled YAML/sourceRef or temporary non-printing credential helpers. Do not place the token in command argv, logs, committed files, or rendered manifests. ## Public Exposure NC01 HWLAB v0.3 does not require publicExposure unless YAML explicitly declares it and a real FRP token source is available. When publicExposure is absent, control-plane public probe is skipped and must not block runtime readiness. Web-probe sentinel deployments that need public ingress must declare their own YAML publicExposure and Secret sourceRef. Do not create placeholder FRP tokens; a missing `platform-infra/pk01-frp.env` token source is a deployment blocker for FRP-backed public exposure. ## Validation Entrypoints - Provider/trans: `scripts/trans NC01 argv true`. - NC01 k8s route: `scripts/trans NC01:k3s kubectl get nodes -o wide`. - HWLAB v0.3: `bun scripts/cli.ts hwlab nodes control-plane status --node NC01 --lane v03 --full`. - AgentRun v0.2: `bun scripts/cli.ts agentrun control-plane status --node NC01 --lane nc01-v02`.