lionel/202601docs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
202601docs/site/services/transmission/index.html
Lionel 0b8061460c Auto-sync Tue 13 Jan 16:05:02 CET 2026
2026-01-13 16:05:02 +01:00

1689 lines
35 KiB
HTML
Raw Permalink Blame History

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="Infrastructure documentation for Talloires homelab">
<meta name="author" content="Lionel">
<link rel="prev" href="../overview/">
<link rel="next" href="../servarr/">
<link rel="icon" href="../../assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.7.1">
<title>Transmission - Talloires Documentation</title>
<link rel="stylesheet" href="../../assets/stylesheets/main.484c7ddc.min.css">
<link rel="stylesheet" href="../../assets/stylesheets/palette.ab4e12ef.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL("../..",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="slate" data-md-color-primary="blue" data-md-color-accent="cyan">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#transmission" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="../.." title="Talloires Documentation" class="md-header__button md-logo" aria-label="Talloires Documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
Talloires Documentation
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
Transmission
</span>
</div>
</div>
</div>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--integrated" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="../.." title="Talloires Documentation" class="md-nav__button md-logo" aria-label="Talloires Documentation" data-md-component="logo">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 8a3 3 0 0 0 3-3 3 3 0 0 0-3-3 3 3 0 0 0-3 3 3 3 0 0 0 3 3m0 3.54C9.64 9.35 6.5 8 3 8v11c3.5 0 6.64 1.35 9 3.54 2.36-2.19 5.5-3.54 9-3.54V8c-3.5 0-6.64 1.35-9 3.54"/></svg>
</a>
Talloires Documentation
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../.." class="md-nav__link">
<span class="md-ellipsis">
Home
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_2" >
<label class="md-nav__link" for="__nav_2" id="__nav_2_label" tabindex="">
<span class="md-ellipsis">
Infrastructure
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_2">
<span class="md-nav__icon md-icon"></span>
Infrastructure
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../infra/overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../infra/network/" class="md-nav__link">
<span class="md-ellipsis">
Réseau & Accès
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../infra/issues-2025-12-31/" class="md-nav__link">
<span class="md-ellipsis">
Problèmes 2025-12-31
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../infra/recommendations/" class="md-nav__link">
<span class="md-ellipsis">
Recommandations
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../infra/ssd-migration/" class="md-nav__link">
<span class="md-ellipsis">
Migration SSD
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--active md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle " type="checkbox" id="__nav_3" checked>
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Services
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="true">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Services
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../overview/" class="md-nav__link">
<span class="md-ellipsis">
Overview
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
Transmission
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="./" class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
Transmission
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#acces" class="md-nav__link">
<span class="md-ellipsis">
Accès
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#architecture-de-securite" class="md-nav__link">
<span class="md-ellipsis">
Architecture de sécurité
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#pourquoi-cette-configuration" class="md-nav__link">
<span class="md-ellipsis">
Pourquoi cette configuration ?
</span>
</a>
<nav class="md-nav" aria-label="Pourquoi cette configuration ?">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#1-vpn-obligatoire-wireguard-protonvpn" class="md-nav__link">
<span class="md-ellipsis">
1. VPN obligatoire (WireGuard → ProtonVPN)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#2-acces-tailscale-uniquement" class="md-nav__link">
<span class="md-ellipsis">
2. Accès Tailscale uniquement
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#3-pourquoi-pas-dacces-lan" class="md-nav__link">
<span class="md-ellipsis">
3. Pourquoi pas d'accès LAN ?
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#risques-residuels" class="md-nav__link">
<span class="md-ellipsis">
Risques résiduels
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#configuration-technique" class="md-nav__link">
<span class="md-ellipsis">
Configuration technique
</span>
</a>
<nav class="md-nav" aria-label="Configuration technique">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#wireguard-kill-switch" class="md-nav__link">
<span class="md-ellipsis">
WireGuard kill switch
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#caddy-configuration" class="md-nav__link">
<span class="md-ellipsis">
Caddy configuration
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#docker-network" class="md-nav__link">
<span class="md-ellipsis">
Docker network
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#utilisation" class="md-nav__link">
<span class="md-ellipsis">
Utilisation
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#verification-vpn" class="md-nav__link">
<span class="md-ellipsis">
Vérification VPN
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#fichiers" class="md-nav__link">
<span class="md-ellipsis">
Fichiers
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="../servarr/" class="md-nav__link">
<span class="md-ellipsis">
Servarr
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../helmarr/" class="md-nav__link">
<span class="md-ellipsis">
Helmarr
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../homarr/" class="md-nav__link">
<span class="md-ellipsis">
Homarr
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Changelog
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Changelog
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../changelog/2026-01-12/" class="md-nav__link">
<span class="md-ellipsis">
2026-01-12
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/2026-01-03/" class="md-nav__link">
<span class="md-ellipsis">
2026-01-03
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../changelog/2025-12-31/" class="md-nav__link">
<span class="md-ellipsis">
2025-12-31
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5" >
<label class="md-nav__link" for="__nav_5" id="__nav_5_label" tabindex="">
<span class="md-ellipsis">
Vault
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_5_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5">
<span class="md-nav__icon md-icon"></span>
Vault
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../vault/" class="md-nav__link">
<span class="md-ellipsis">
README
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_2" >
<label class="md-nav__link" for="__nav_5_2" id="__nav_5_2_label" tabindex="0">
<span class="md-ellipsis">
Config
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_2_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_2">
<span class="md-nav__icon md-icon"></span>
Config
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../vault/config/caddy/" class="md-nav__link">
<span class="md-ellipsis">
Caddy
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../vault/config/docker-stacks/" class="md-nav__link">
<span class="md-ellipsis">
Docker Stacks
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../vault/config/network/" class="md-nav__link">
<span class="md-ellipsis">
Network
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../vault/config/troubleshooting/" class="md-nav__link">
<span class="md-ellipsis">
Troubleshooting
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_5_3" >
<label class="md-nav__link" for="__nav_5_3" id="__nav_5_3_label" tabindex="0">
<span class="md-ellipsis">
Reference
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="2" aria-labelledby="__nav_5_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_5_3">
<span class="md-nav__icon md-icon"></span>
Reference
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="../../vault/reference/commands/" class="md-nav__link">
<span class="md-ellipsis">
Commands
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../vault/reference/ports/" class="md-nav__link">
<span class="md-ellipsis">
Ports
</span>
</a>
</li>
<li class="md-nav__item">
<a href="../../vault/reference/scripts/" class="md-nav__link">
<span class="md-ellipsis">
Scripts
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<h1 id="transmission">Transmission</h1>
<p>Service BitTorrent sécurisé via VPN ProtonVPN.</p>
<h2 id="acces">Accès</h2>
<table>
<thead>
<tr>
<th>Méthode</th>
<th>URL</th>
<th>Statut</th>
</tr>
</thead>
<tbody>
<tr>
<td><strong>Tailscale</strong></td>
<td><a href="https://transmission.talloires.tailfd281f.ts.net" target="_blank">transmission.talloires.tailfd281f.ts.net</a></td>
<td>✅ Autorisé</td>
</tr>
<tr>
<td><strong>LAN</strong></td>
<td>transmission.talloires.local</td>
<td>❌ Bloqué</td>
</tr>
<tr>
<td><strong>Go-link</strong></td>
<td><a href="https://go.talloires.local/torrent" target="_blank">go/torrent</a></td>
<td>✅ Redirige vers TS</td>
</tr>
</tbody>
</table>
<h2 id="architecture-de-securite">Architecture de sécurité</h2>
<div class="highlight"><pre><span></span><code>┌─────────────────────────────────────────────────────────────────┐
│ INTERNET │
└─────────────────────────────────────────────────────────────────┘
│ ▲
│ Torrent traffic │ VPN tunnel
▼ │
┌─────────────────┐ ┌─────────────────┐
│ ProtonVPN LU │◄───────────────►│ WireGuard │
│ 5.253.204.x │ encrypted │ container │
└─────────────────┘ └────────┬────────┘
┌────────┴────────┐
│ Transmission │
│ container │
│ (network_mode: │
│ wireguard) │
└────────┬────────┘
┌──────────────┴──────────────┐
│ │
┌─────────┴─────────┐ ┌────────┴────────┐
│ Tailscale DNS │ │ LAN DNS │
│ .ts.net résolu │ │ .local résolu │
│ uniquement sur │ │ sur réseau │
│ devices TS │ │ local │
└─────────┬─────────┘ └────────┬────────┘
│ │
▼ ▼
┌─────────────────┐ ┌─────────────────┐
│ Authelia │ │ 403 Blocked │
│ + Transmission │ │ &quot;Use Tailscale&quot;
└─────────────────┘ └─────────────────┘
</code></pre></div>
<h2 id="pourquoi-cette-configuration">Pourquoi cette configuration ?</h2>
<h3 id="1-vpn-obligatoire-wireguard-protonvpn">1. VPN obligatoire (WireGuard → ProtonVPN)</h3>
<p>Transmission utilise <code>network_mode: service:wireguard</code>. Tout le trafic réseau passe par le conteneur WireGuard, qui :</p>
<ul>
<li>Chiffre tout le trafic vers ProtonVPN Luxembourg</li>
<li>Applique un <strong>kill switch</strong> : si le VPN tombe, aucun trafic ne sort</li>
<li>Masque l'IP réelle du serveur aux trackers et peers</li>
</ul>
<p><strong>IP publique visible</strong> : <code>5.253.204.x</code> (ProtonVPN LU)</p>
<h3 id="2-acces-tailscale-uniquement">2. Accès Tailscale uniquement</h3>
<table>
<thead>
<tr>
<th>Risque</th>
<th>Mitigation</th>
</tr>
</thead>
<tbody>
<tr>
<td>Quelqu'un sur le LAN voit les torrents</td>
<td>Accès LAN bloqué (403)</td>
</tr>
<tr>
<td>Quelqu'un sur le LAN ajoute des torrents</td>
<td>Accès LAN bloqué (403)</td>
</tr>
<tr>
<td>Quelqu'un hors Tailscale accède</td>
<td>DNS <code>.ts.net</code> non résolvable hors TS</td>
</tr>
<tr>
<td>Quelqu'un sur Tailscale non autorisé</td>
<td>Authelia (login requis)</td>
</tr>
</tbody>
</table>
<p><strong>Principe</strong> : Le DNS <code>*.tailfd281f.ts.net</code> n'est résolvable que par les devices connectés au tailnet. C'est une première couche de sécurité "gratuite". Authelia ajoute l'authentification.</p>
<h3 id="3-pourquoi-pas-dacces-lan">3. Pourquoi pas d'accès LAN ?</h3>
<p>Le LAN est considéré <strong>moins sûr</strong> que Tailscale pour Transmission :</p>
<ul>
<li>Un appareil compromis sur le LAN pourrait scanner les ports</li>
<li>Les guests WiFi pourraient potentiellement accéder</li>
<li>Pas de logs d'authentification côté LAN</li>
</ul>
<p>Tailscale garantit que seuls les <strong>devices explicitement autorisés</strong> dans le tailnet peuvent même résoudre le nom DNS.</p>
<h2 id="risques-residuels">Risques résiduels</h2>
<table>
<thead>
<tr>
<th>Risque</th>
<th>Probabilité</th>
<th>Impact</th>
<th>Mitigation</th>
</tr>
</thead>
<tbody>
<tr>
<td>Compromission d'un device TS</td>
<td>Faible</td>
<td>Moyen</td>
<td>Authelia 2FA recommandé</td>
</tr>
<tr>
<td>Fuite IP si WireGuard crash</td>
<td>Très faible</td>
<td>Élevé</td>
<td>Kill switch iptables</td>
</tr>
<tr>
<td>Contenu illégal téléchargé</td>
<td>Variable</td>
<td>Élevé</td>
<td>Responsabilité utilisateur</td>
</tr>
<tr>
<td>DMCA notice</td>
<td>Faible (VPN)</td>
<td>Faible</td>
<td>ProtonVPN no-logs policy</td>
</tr>
</tbody>
</table>
<h2 id="configuration-technique">Configuration technique</h2>
<h3 id="wireguard-kill-switch">WireGuard kill switch</h3>
<div class="highlight"><pre><span></span><code><span class="c1"># /home/lionel/lake/p2p/wireguard/wg_confs/wg0.conf</span>
<span class="nv">PostUp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span>iptables<span class="w"> </span>-I<span class="w"> </span>OUTPUT<span class="w"> </span>-o<span class="w"> </span>eth0<span class="w"> </span>-d<span class="w"> </span><span class="m">5</span>.253.204.162<span class="w"> </span>-j<span class="w"> </span>ACCEPT
<span class="nv">PostUp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span>iptables<span class="w"> </span>-I<span class="w"> </span>OUTPUT<span class="w"> </span>-o<span class="w"> </span>eth0<span class="w"> </span>-d<span class="w"> </span><span class="m">172</span>.18.0.0/16<span class="w"> </span>-j<span class="w"> </span>ACCEPT
<span class="nv">PostUp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span>iptables<span class="w"> </span>-I<span class="w"> </span>OUTPUT<span class="w"> </span>-o<span class="w"> </span>eth0<span class="w"> </span>-d<span class="w"> </span><span class="m">172</span>.19.0.0/16<span class="w"> </span>-j<span class="w"> </span>ACCEPT
<span class="nv">PostUp</span><span class="w"> </span><span class="o">=</span><span class="w"> </span>iptables<span class="w"> </span>-A<span class="w"> </span>OUTPUT<span class="w"> </span>-o<span class="w"> </span>eth0<span class="w"> </span>-j<span class="w"> </span>REJECT
</code></pre></div>
<p>Seuls autorisés :
- L'endpoint VPN ProtonVPN
- Les réseaux Docker internes (pour que Caddy puisse atteindre Transmission)</p>
<h3 id="caddy-configuration">Caddy configuration</h3>
<div class="highlight"><pre><span></span><code># LAN - Bloqué
transmission.talloires.local {
respond &quot;Access denied - Use Tailscale&quot; 403
}
# Tailscale - Authelia + Transmission
transmission.talloires.tailfd281f.ts.net {
import authelia
reverse_proxy wireguard:9091
}
</code></pre></div>
<h3 id="docker-network">Docker network</h3>
<div class="highlight"><pre><span></span><code><span class="c1"># Transmission utilise le réseau de WireGuard</span>
<span class="nt">transmission</span><span class="p">:</span>
<span class="w"> </span><span class="nt">network_mode</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">service:wireguard</span>
<span class="w"> </span><span class="nt">depends_on</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">wireguard</span>
<span class="c1"># WireGuard est sur lake_net pour être joignable par Caddy</span>
<span class="nt">wireguard</span><span class="p">:</span>
<span class="w"> </span><span class="nt">networks</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">lake_net</span>
</code></pre></div>
<h2 id="utilisation">Utilisation</h2>
<ol>
<li>Aller sur <a href="https://go.talloires.local/torrent" target="_blank">go/torrent</a> (depuis un device Tailscale)</li>
<li>S'authentifier via Authelia</li>
<li>Ajouter un torrent via l'interface web (magnet link ou fichier .torrent)</li>
<li>Les téléchargements arrivent dans <code>/mnt/mediaserver/transmission/downloads/</code></li>
</ol>
<h2 id="verification-vpn">Vérification VPN</h2>
<p>Pour confirmer que le trafic passe bien par le VPN :</p>
<div class="highlight"><pre><span></span><code><span class="c1"># IP publique vue par Transmission</span>
docker<span class="w"> </span><span class="nb">exec</span><span class="w"> </span>wireguard<span class="w"> </span>curl<span class="w"> </span>-s<span class="w"> </span>https://ifconfig.me
<span class="c1"># Devrait retourner 5.253.204.x (ProtonVPN LU)</span>
</code></pre></div>
<h2 id="fichiers">Fichiers</h2>
<table>
<thead>
<tr>
<th>Fichier</th>
<th>Description</th>
</tr>
</thead>
<tbody>
<tr>
<td><code>~/lake/p2p/docker-compose.yml</code></td>
<td>Config Docker WireGuard + Transmission</td>
</tr>
<tr>
<td><code>~/lake/p2p/wireguard/wg_confs/wg0.conf</code></td>
<td>Config WireGuard + kill switch</td>
</tr>
<tr>
<td><code>~/lake/p2p/transmission/settings.json</code></td>
<td>Config Transmission</td>
</tr>
<tr>
<td><code>/mnt/mediaserver/transmission/downloads/</code></td>
<td>Dossier téléchargements</td>
</tr>
</tbody>
</table>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"annotate": null, "base": "../..", "features": ["navigation.instant", "navigation.sections", "navigation.expand", "toc.integrate"], "search": "../../assets/javascripts/workers/search.2c215733.min.js", "tags": null, "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}, "version": null}</script>
<script src="../../assets/javascripts/bundle.79ae519e.min.js"></script>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink