Aimed at developers shipping small applications to a single internet-facing host rather than to a managed PaaS. Currently focused on Flask behind Caddy; will expand with other stacks as they earn their own walk-throughs. Read this after host-hardening and edge-hardening — the deployment recipes assume the box and the edge are already configured to a defensible baseline.