diff --git a/docs/config/caddy.md b/docs/config/caddy.md index 55e9de6..22382a7 100644 --- a/docs/config/caddy.md +++ b/docs/config/caddy.md @@ -7,7 +7,7 @@ Caddy gère le reverse proxy et les certificats SSL internes pour tous les servi ### Principes clés 1. **Domaines .local** : Utilisent Authelia pour l'authentification (réseau local) -2. **Domaines .1871.zt** : Accès ZeroTier sans Authelia (services ont leur propre auth) +2. **Domaines .tailfd281f.ts.net** : Accès ZeroTier sans Authelia (services ont leur propre auth) 3. **Certificats** : Auto-générés par Caddy (CA interne) ### Services sans Authelia diff --git a/docs/config/network.md b/docs/config/network.md new file mode 100644 index 0000000..94a5753 --- /dev/null +++ b/docs/config/network.md @@ -0,0 +1,92 @@ +# Architecture Réseau + +## Vue d'ensemble + +Tous les appareils Tailscale utilisent Talloires comme serveur DNS. + +- `go` et `*.talloires.local` → résolus localement par dnsmasq +- Autres requêtes → cloudflared → AdGuard DoH (filtrage pub/tracking) + +## Composants + +### Tailscale + +VPN mesh reliant tous les appareils. + +| Machine | IP Tailscale | OS | +|---------|--------------|-----| +| talloires | 100.116.198.105 | Raspberry Pi 5 (Debian) | +| annecy | 100.118.210.128 | Synology DS620slim | +| olympou | 100.125.242.58 | macOS | +| pentamodi | 100.78.237.78 | iOS | +| perce | 100.69.7.78 | tvOS (Apple TV) | + +**Tailnet:** tailfd281f.ts.net + +### dnsmasq + +Serveur DNS local sur Talloires. + +**Config:** `/etc/dnsmasq.d/tailscale.conf` + +```ini +address=/.talloires.tailfd281f.ts.net/100.116.198.105 +address=/.talloires.local/100.116.198.105 +address=/go/100.116.198.105 +listen-address=127.0.0.1,100.116.198.105 +bind-dynamic +server=127.0.0.1#5053 +no-resolv +``` + +**Commandes:** + +```bash +sudo systemctl status dnsmasq +sudo systemctl restart dnsmasq +sudo journalctl -u dnsmasq -f +``` + +### cloudflared + +Proxy DNS-over-HTTPS vers AdGuard DNS. + +**Config:** `/etc/cloudflared/config.yml` + +**Commandes:** + +```bash +sudo systemctl status cloudflared-dns +sudo systemctl restart cloudflared-dns +sudo journalctl -u cloudflared-dns -f +``` + +## Configuration Tailscale Admin + +Dans Tailscale Admin Console, DNS, Nameservers : + +- **Global nameserver:** 100.116.198.105 (Talloires) +- **Override local DNS:** activé + +## Domaines + +| Domaine | Usage | +|---------|-------| +| `*.talloires.local` | Services sur Talloires (recommandé) | +| `go` | Raccourcis Shlink | + +## Dépannage + +### Test résolution DNS + +```bash +nslookup go 100.116.198.105 +nslookup docs.talloires.local 100.116.198.105 +nslookup google.com 100.116.198.105 +``` + +### Cache DNS macOS + +```bash +sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder +``` diff --git a/docs/index.md b/docs/index.md index a6f4539..f5e9cef 100644 --- a/docs/index.md +++ b/docs/index.md @@ -14,64 +14,64 @@ Accès rapide via `https://go/xxx` : | [go/grafana](https://go/grafana) | Grafana | [go/dockge](https://go/dockge) | Dockge | | [go/shlink](https://go/shlink) | Admin Go Links | [go/auth](https://go/auth) | Authelia | -**Tous les go-links :** ha, homeassistant, jf, jellyfin, lw, linkwarden, docs, git, auth, grafana, dockge, portainer, transmission, netdata, uptime, cockpit, vikunja, outline, lt, languagetool, cryptpad, shlink +**Tous les go-links :** ha, homeassistant, jf, jellyfin, lw, linkwarden, docs, git, auth, grafana, dockge, portainer, transmission, netdata, uptime, cockpit, vikunja, outline, lt, languagetool, shlink, annecy -[Creer un nouveau go-link](https://go/shlink) +[Créer un nouveau go-link](https://go/shlink) --- ## Services ### Media -| Service | Go Link | URL complete | -|---------|---------|--------------| -| Jellyfin | [go/jf](https://go/jf) | jellyfin.talloires.1871.zt | -| Transmission | [go/transmission](https://go/transmission) | transmission.talloires.1871.zt | +| Service | Go Link | URL | +|---------|---------|-----| +| Jellyfin | [go/jf](https://go/jf) | jellyfin.talloires.local | +| Transmission | [go/transmission](https://go/transmission) | transmission.talloires.local | -### Productivite -| Service | Go Link | URL complete | -|---------|---------|--------------| -| Vikunja | [go/vikunja](https://go/vikunja) | vikunja.talloires.1871.zt | -| Outline | [go/outline](https://go/outline) | outline.talloires.1871.zt | -| Linkwarden | [go/lw](https://go/lw) | linkwarden.talloires.1871.zt | -| LanguageTool | [go/lt](https://go/lt) | languagetool.talloires.1871.zt | -| CryptPad | [go/cryptpad](https://go/cryptpad) | cryptpad.1871.zt | +### Productivité +| Service | Go Link | URL | +|---------|---------|-----| +| Vikunja | [go/vikunja](https://go/vikunja) | vikunja.talloires.local | +| Outline | [go/outline](https://go/outline) | outline.talloires.local | +| Linkwarden | [go/lw](https://go/lw) | linkwarden.talloires.local | +| LanguageTool | [go/lt](https://go/lt) | languagetool.talloires.local | ### Infrastructure -| Service | Go Link | URL complete | -|---------|---------|--------------| -| Portainer | [go/portainer](https://go/portainer) | portainer.talloires.1871.zt | -| Dockge | [go/dockge](https://go/dockge) | dockge.talloires.1871.zt | -| Gitea | [go/git](https://go/git) | git.talloires.1871.zt | -| MkDocs | [go/docs](https://go/docs) | docs.talloires.1871.zt | -| Shlink | [go/shlink](https://go/shlink) | shlink.talloires.1871.zt | +| Service | Go Link | URL | +|---------|---------|-----| +| Portainer | [go/portainer](https://go/portainer) | portainer.talloires.local | +| Dockge | [go/dockge](https://go/dockge) | dockge.talloires.local | +| Gitea | [go/git](https://go/git) | git.talloires.local | +| MkDocs | [go/docs](https://go/docs) | docs.talloires.local | +| Shlink | [go/shlink](https://go/shlink) | shlink.talloires.local | ### Monitoring -| Service | Go Link | URL complete | -|---------|---------|--------------| -| Grafana | [go/grafana](https://go/grafana) | grafana.talloires.1871.zt | -| Netdata | [go/netdata](https://go/netdata) | netdata.talloires.1871.zt | -| Uptime Kuma | [go/uptime](https://go/uptime) | uptime.talloires.1871.zt | -| Cockpit | [go/cockpit](https://go/cockpit) | cockpit.talloires.1871.zt | +| Service | Go Link | URL | +|---------|---------|-----| +| Grafana | [go/grafana](https://go/grafana) | grafana.talloires.local | +| Netdata | [go/netdata](https://go/netdata) | netdata.talloires.local | +| Uptime Kuma | [go/uptime](https://go/uptime) | uptime.talloires.local | +| Cockpit | [go/cockpit](https://go/cockpit) | cockpit.talloires.local | ### Domotique -| Service | Go Link | URL complete | -|---------|---------|--------------| -| Home Assistant | [go/ha](https://go/ha) | homeassistant.talloires.1871.zt | +| Service | Go Link | URL | +|---------|---------|-----| +| Home Assistant | [go/ha](https://go/ha) | homeassistant.talloires.local | -### Securite -| Service | Go Link | URL complete | -|---------|---------|--------------| -| Authelia | [go/auth](https://go/auth) | auth.talloires.1871.zt | +### Sécurité +| Service | Go Link | URL | +|---------|---------|-----| +| Authelia | [go/auth](https://go/auth) | auth.talloires.local | | CrowdSec | - | (service interne) | --- -## Acces rapide +## Accès rapide - [Vue ensemble des services](services/overview.md) +- [Architecture réseau](config/network.md) - [Configuration Shlink](services/shlink.md) - [Configuration SSO](services/authelia.md) - [Backup](services/backup.md) -- [Ports utilises](reference/ports.md) +- [Ports utilisés](reference/ports.md) - [Commandes utiles](reference/commands.md) diff --git a/docs/reference/ports.md b/docs/reference/ports.md index 81fd3a3..d819543 100644 --- a/docs/reference/ports.md +++ b/docs/reference/ports.md @@ -77,17 +77,17 @@ Acces rapide a tous les services via `https://go/xxx` | Cockpit | https://cockpit.talloires.local | Authelia | | Home Assistant | https://homeassistant.talloires.local | Authelia | -### Acces ZeroTier (.talloires.1871.zt) - sans Authelia +### Acces ZeroTier (.talloires.tailfd281f.ts.net) - sans Authelia Ces URLs sont accessibles depuis exterieur via le reseau ZeroTier. | Service | URL | Auth native | |---------|-----|-------------| | Go Links | https://go | Shlink | -| Vikunja | https://vikunja.talloires.1871.zt | Vikunja login | -| Outline | https://outline.talloires.1871.zt | OIDC Authelia | -| Linkwarden | https://linkwarden.1871.zt | Linkwarden login | -| LanguageTool | https://languagetool.talloires.1871.zt | Aucune (API) | +| Vikunja | https://vikunja.talloires.tailfd281f.ts.net | Vikunja login | +| Outline | https://outline.talloires.tailfd281f.ts.net | OIDC Authelia | +| Linkwarden | https://linkwarden.tailfd281f.ts.net | Linkwarden login | +| LanguageTool | https://languagetool.talloires.tailfd281f.ts.net | Aucune (API) | ## Reseau ZeroTier diff --git a/docs/services/authelia.md b/docs/services/authelia.md index 2d14b4a..b2ea775 100644 --- a/docs/services/authelia.md +++ b/docs/services/authelia.md @@ -32,7 +32,7 @@ Authelia fournit l authentification unique (SSO) pour tous les services Talloire | **vikunja** | ❌ | Auth propre | | **outline** | ❌ | Auth OIDC propre | -> **Note** : Cette protection s applique aux domaines `.local` ET `.1871.zt` +> **Note** : Cette protection s applique aux domaines `.local` ET `.tailfd281f.ts.net` ## Services avec OAuth/OIDC @@ -90,7 +90,7 @@ Grafana utilise l authentification par header via Authelia (pas OIDC) : ### Usage dans Caddyfile ``` -monservice.talloires.local, monservice.talloires.1871.zt { +monservice.talloires.local, monservice.talloires.tailfd281f.ts.net { import authelia reverse_proxy backend:port tls internal diff --git a/docs/services/shlink.md b/docs/services/shlink.md index dde2d29..0decd97 100644 --- a/docs/services/shlink.md +++ b/docs/services/shlink.md @@ -96,12 +96,12 @@ services: ## Caddy ``` -go, go.local, go.1871.zt { +go, go.local, go.tailfd281f.ts.net { reverse_proxy shlink:8080 tls internal } -shlink.talloires.local, shlink.talloires.1871.zt { +shlink.talloires.local, shlink.talloires.tailfd281f.ts.net { import authelia reverse_proxy shlink-web:8080 tls internal diff --git a/mkdocs.yml b/mkdocs.yml index a0718be..e9f88be 100644 --- a/mkdocs.yml +++ b/mkdocs.yml @@ -25,6 +25,7 @@ nav: - Authelia SSO: services/authelia.md - Backup: services/backup.md - Configuration: + - Réseau et DNS: config/network.md - Caddy: config/caddy.md - Docker Stacks: config/docker-stacks.md - Troubleshooting: config/troubleshooting.md