torjus/nixos-servers
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects 1 Releases Wiki Activity

docs: replace ASCII diagram with mermaid in remote-access plan
Some checks failed
Run nix flake check / flake-check (push) Has been cancelled
Details

Browse Source 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Torjus Håkestad
2026-02-19 16:28:57 +01:00
parent 59f0c7ceda
commit fcc410afad
1 changed files with 19 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

42
docs/plans/remote-access.md
View File

@@ -24,29 +24,25 @@ After evaluating WireGuard gateway vs Headscale (self-hosted Tailscale), the **W
## Architecture
```
┌─────────────────────────────────┐
│ VPS (OpenStack) │
Laptop/Phone ──→ │ WireGuard endpoint │
(WireGuard) │ Client peers: laptop, phone │
│ Routes 10.69.13.0/24 via tunnel│
└──────────┬──────────────────────┘
│ WireGuard tunnel
┌─────────────────────────────────┐
│ extgw01 (gateway + bastion) │
│ - WireGuard tunnel to VPS │
│ - Firewall (allowlist only) │
│ - SSH + 2FA (full access) │
└──────────┬──────────────────────┘
allowed traffic only
┌─────────────────────────────────┐
│ Internal network 10.69.13.0/24 │
│ - monitoring01:3000 (Grafana) │
│ - jelly01:8096 (Jellyfin) │
│ - *-jail hosts (arr stack) │
└─────────────────────────────────┘
```mermaid
graph TD
clients["Laptop / Phone\n(WireGuard clients)"]
vps["VPS (OpenStack)\nWireGuard endpoint\nClient peers: laptop, phone\nRoutes 10.69.13.0/24 via tunnel"]
extgw["extgw01 (gateway + bastion)\nWireGuard tunnel to VPS\nFirewall (allowlist only)\nSSH + 2FA (full access)"]
internal["Internal network 10.69.13.0/24"]
grafana["monitoring01:3000\nGrafana"]
jellyfin["jelly01:8096\nJellyfin"]
arr["*-jail hosts\narr stack"]
clients -->|"WireGuard"| vps
vps -->|"WireGuard tunnel"| extgw
extgw -->|"allowed traffic only"| internal
internal --- grafana
internal --- jellyfin
internal --- arr
```
### Existing path (unchanged)