202601docs/docs/vault/config/network.md

# Architecture Réseau

## Vue d'ensemble



## Composants

### Tailscale

VPN mesh reliant tous les appareils de la famille.

| Machine | IP Tailscale | OS |
|---------|--------------|-----|
| talloires | 100.116.198.105 | Raspberry Pi 5 (Debian) |
| annecy | 100.118.210.128 | Synology DS620slim |
| olympou | 100.125.242.58 | macOS |
| pentamodi | 100.78.237.78 | iOS |
| perce | 100.69.7.78 | tvOS (Apple TV) |

**Tailnet:** tailfd281f.ts.net

### dnsmasq

Serveur DNS local sur Talloires, résout les domaines internes.

**Config:** `/etc/dnsmasq.d/tailscale.conf`



**Commandes:**



### cloudflared

Proxy DNS-over-HTTPS vers AdGuard DNS avec profil personnel.

**Config:** `/etc/cloudflared/config.yml`



**Commandes:**



## Configuration Tailscale Admin

Dans Tailscale Admin Console → DNS → Nameservers :

- **Global nameserver:** 100.116.198.105 (Talloires)
- **Override local DNS:** activé

Cela force tous les appareils Tailscale à utiliser dnsmasq sur Talloires.

## Domaines

| Domaine | Usage |
|---------|-------|
| `*.talloires.local` | Services sur Talloires (recommandé) |
| `*.talloires.tailfd281f.ts.net` | Alternative Tailscale |
| `go` | Raccourcis Shlink |

## Dépannage

### Test résolution DNS

Server:		100.116.198.105
Address:	100.116.198.105#53

Name:	go
Address: 100.116.198.105

Server:		100.116.198.105
Address:	100.116.198.105#53

Name:	docs.talloires.local
Address: 100.116.198.105

Server:		100.116.198.105
Address:	100.116.198.105#53

Non-authoritative answer:
Name:	google.com
Address: 142.250.27.138
Name:	google.com
Address: 142.250.27.100
Name:	google.com
Address: 142.250.27.101
Name:	google.com
Address: 142.250.27.102
Name:	google.com
Address: 142.250.27.113
Name:	google.com
Address: 142.250.27.139

### Services ne répondent pas

1. Vérifier que dnsmasq tourne: `sudo systemctl status dnsmasq`
2. Vérifier que cloudflared tourne: `sudo systemctl status cloudflared-dns`
3. Vérifier que Caddy tourne: `docker ps | grep caddy`

### Cache DNS