myron/infra
1
0
Fork 0
mirror of https://github.com/myronblair/infra synced 2026-06-30 17:50:10 -05:00
Code Issues Packages Projects Releases Wiki Activity

Update MediaStack: NordVPN tunnel via CT110, exit IP 2.56.190.69

Browse Source
This commit is contained in:
Myron Blair
2026-06-29 13:22:24 -05:00
parent a467a1de8f
commit 79db9f1a55
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ai-memory/project_mediastack.md
+3 -2
View File
@@ -30,14 +30,15 @@ All services run as root (NFS ACL requires root for writes).
### wg0 — Internet kill-switch (primary VPN)
- **Interface:** `wg0` | **VPN IP:** `10.200.0.4/24`
- **Endpoint:** CT110 at `10.48.200.67:51821`DO server (165.22.1.228) → internet
- **Exit IP:** `165.22.1.228` (DO server, verified 2026-06-24)
- **Endpoint:** CT110 at `10.48.200.67:51821`NordVPN (us9156, 2.56.190.66:51820) → internet
- **Exit IP:** `2.56.190.69` (NordVPN US, verified 2026-06-29)
- **Kill-switch:** iptables rules — REJECT all non-wg0 non-fwmark traffic; LAN 10.48.200.0/24 always allowed
- **Config:** `/etc/wireguard/wg0.conf` — fwmark hardcoded as `51820` (not dynamic, avoids PostDown race)
- **Auto-start:** `systemctl enable wg-quick@wg0` (enabled 2026-06-24)
- **DNS:** `10.48.200.90` (PVE1 dnsmasq)
- **MediaStack pubkey:** `CaG79S1fJeJDlYCMhHz8BrDfizBq+OiGnO5VzFIk3gE=`
- **CT110 pubkey:** `Fqb1KLfHe1r3+Hwhem7YGZB2KikGYy/8pPsOIP4rn18=` (updated 2026-06-29 — old key was RXxD...)
- **NordVPN exit IP:** 2.56.190.69 (us9156.nordvpn.com) — verified 2026-06-29
### wg1 — Jellyfin media access (NOT internet VPN)
- MediaStack is WireGuard server on `wg1` (port 51820, 10.200.0.1/24)