202512docs/docs/config/network.md

# Architecture Réseau

## Vue d'ensemble

Tous les appareils Tailscale utilisent Talloires comme serveur DNS.

- `go` et `*.talloires.local` → résolus localement par dnsmasq
- Autres requêtes → cloudflared → AdGuard DoH (filtrage pub/tracking)

## Composants

### Tailscale

VPN mesh reliant tous les appareils.

| Machine | IP Tailscale | OS |
|---------|--------------|-----|
| talloires | 100.116.198.105 | Raspberry Pi 5 (Debian) |
| annecy | 100.118.210.128 | Synology DS620slim |
| olympou | 100.125.242.58 | macOS |
| pentamodi | 100.78.237.78 | iOS |
| perce | 100.69.7.78 | tvOS (Apple TV) |

**Tailnet:** tailfd281f.ts.net

### dnsmasq

Serveur DNS local sur Talloires.

**Config:** `/etc/dnsmasq.d/tailscale.conf`

```ini
address=/.talloires.tailfd281f.ts.net/100.116.198.105
address=/.talloires.local/100.116.198.105
address=/go/100.116.198.105
listen-address=127.0.0.1,100.116.198.105
bind-dynamic
server=127.0.0.1#5053
no-resolv
```

**Commandes:**

```bash
sudo systemctl status dnsmasq
sudo systemctl restart dnsmasq
sudo journalctl -u dnsmasq -f
```

### cloudflared

Proxy DNS-over-HTTPS vers AdGuard DNS.

**Config:** `/etc/cloudflared/config.yml`

**Commandes:**

```bash
sudo systemctl status cloudflared-dns
sudo systemctl restart cloudflared-dns
sudo journalctl -u cloudflared-dns -f
```

## Configuration Tailscale Admin

Dans Tailscale Admin Console, DNS, Nameservers :

- **Global nameserver:** 100.116.198.105 (Talloires)
- **Override local DNS:** activé

## Domaines

| Domaine | Usage |
|---------|-------|
| `*.talloires.local` | Services sur Talloires (recommandé) |
| `go` | Raccourcis Shlink |

## Dépannage

### Test résolution DNS

```bash
nslookup go 100.116.198.105
nslookup docs.talloires.local 100.116.198.105
nslookup google.com 100.116.198.105
```

### Cache DNS macOS

```bash
sudo dscacheutil -flushcache && sudo killall -HUP mDNSResponder
```