Daemonet/Platform/Infrastructure

Daemonet Infrastructure

Build a cloud from machines you already control.

Combine home servers, laptops, rented virtual machines, office hardware, colocated equipment, and edge devices into one identity-aware fabric without forcing every origin onto the public internet.

Remote access

Reach the machine without exposing the machine.

Authorize a specific service rather than publishing a permanent administrative port or flattening every device into one trusted network. A private name can continue to identify the service while its actual host changes.

DESKTOPS

Remote workstations

Use Remmina or another application through an approved private route with explicit device and service authority.

TERMINALS

Administration

Reach SSH and management interfaces without treating possession of a shared network password as universal trust.

STORAGE

Network drives

Mount private file services, handle large transfers, and recover cleanly after interruption or route change.

APPLICATIONS

Private HTTPS

Bind only to the Daemonet interface, terminate TLS at the customer host, and gate exact users before connection.

EDGE + IOT

Narrow device paths

Give cameras, sensors, and controllers cryptographic identities rather than placing their control plane on the open internet.

MULTI-PROVIDER

Replace hosts safely

Use stable service identity, signed leases, drain, canary, and rollback without making one cloud provider authoritative.

Stable service, replaceable host

Identity should outlive the machine carrying it.

A signed service definition binds the service key, origin TLS key, access modes, endpoints, and policy. A host lease says which approved machine serves it now; it does not become the service’s identity.

Attach a machine

The host creates its own key and receives a narrowly scoped approval from customer authority.

Publish a service

The owner signs name, endpoint identity, TLS authority, permitted modes, and application access policy.

Observe health

Use signed, bounded health evidence and customer-selected priorities rather than operator guesses.

Move without capture

Warm a replacement, canary it, drain the old host, revoke its lease, and retain the stable service name.

Origin boundary

HTTPS publication does not make 1Man a reverse proxy. For private access, the client resolves an authorized endpoint and connects directly through Daemonet; the customer host terminates TLS and serves the application bytes.

One fabric, explicit policies

Connect the service you need—not every port on every machine.