Have you looked at AgentMail.to? It's a neat agent focused email service, generous free tier, but no custom domain support until you pay $20/month which is steep. But for free, with 3 emails, it's really nifty. MCP, API and skills.
Are you sure that the tailscale ACL isolation test is correct? I'm finding `tailscale ping <host>` will work but `tailscale ping --icmp <host>` will fail. I think by default tailscale ping uses TSMP, not ICMP, which means that it can form a path to the host but doesn't mean it can connect to it.
Have you looked at AgentMail.to? It's a neat agent focused email service, generous free tier, but no custom domain support until you pay $20/month which is steep. But for free, with 3 emails, it's really nifty. MCP, API and skills.
Are you sure that the tailscale ACL isolation test is correct? I'm finding `tailscale ping <host>` will work but `tailscale ping --icmp <host>` will fail. I think by default tailscale ping uses TSMP, not ICMP, which means that it can form a path to the host but doesn't mean it can connect to it.
From Claude:
⏺ You're absolutely right. The tailscale ping verification test in the docs is misleading. By default, tailscale ping
uses TSMP (Tailscale Message Protocol), which tests whether a WireGuard path can be established between two nodes — it
operates below the ACL layer. A successful TSMP ping does not mean the node can actually send traffic to the
destination; it just means the nodes can find each other on the mesh.
So the current test:
# From agent Mac (should FAIL/timeout):
tailscale ping your-main-mac
...will likely succeed even with correct ACLs, giving a false sense that isolation isn't working.
The test should use --icmp or an actual TCP connection attempt instead. Let me fix both files.
VERY very cool! Thanks for documenting your journey. I use Home Assistant and think HomeClaw could be ported that direction as well — thoughts?
Love this and will replicate your setup and add. Thanks Omar!
“What actually moved the needle was reliability in the small things”!!!