Expand description
Remote-access overlay awareness (open kernel platform feature; see docs/REMOTE-ACCESS.md).
A Heldar deployment is typically behind CGNAT (no inbound port-forward, DDNS useless). The supported way to reach it remotely is a WireGuard overlay — Tailscale for personal/dev use, NetBird self-hosted for shipped products — running as an EXTERNAL daemon on the host. The overlay is deliberately orthogonal to the media stack: MediaMTX and this API keep serving on their normal ports, now reachable over the overlay’s interface by authorized peers. Connections are P2P-first (direct hole-punched / IPv6 when possible) and end-to-end encrypted, so no relay can ever read camera video.
The kernel does not embed or manage WireGuard — that would duplicate mature daemons. It only observes the configured overlay interface and reports whether remote access is currently functional, so the dashboard/health surface can show it without log-diving. This keeps the capability fully open (Apache-2.0) and transport-agnostic.
Structs§
- Overlay
Status - Health of the remote-access overlay, surfaced via
/api/v1/system.
Functions§
- status
- Probe the configured overlay interface and report remote-access health. Dependency-free: reads
/sys/class/net/<iface>(Linux), so it is cheap enough to call per/systemrequest.