mirror of
https://github.com/myronblair/proxmox-config
synced 2026-06-30 15:59:57 -05:00
Add VM configs, WireGuard, and MSP360 setup
- vm-configs/fstab/: fstab snapshots for JARVIS, NPM, NovaCPX, Jellyfin, MediaStack - vm-configs/network-reference.md: full IP/service/NAS/WireGuard reference - wireguard/: MediaStack wg0/wg1 and WireGuard CT nord0/wg-clients configs - msp360/: install and setup scripts + staggered backup schedule Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01X8tDRrQqgLjqXebMCBNcP3
This commit is contained in:
@@ -0,0 +1,17 @@
|
||||
# MediaStack (10.48.200.35) WireGuard client config
|
||||
# Tunnels all internet traffic through WireGuard CT (10.48.200.67)
|
||||
# Kill-switch: iptables blocks any non-WireGuard internet traffic
|
||||
# File: /etc/wireguard/wg0.conf
|
||||
|
||||
[Interface]
|
||||
PrivateKey = UAaoNldLsxWJerLJAjGlncrm41Ay9QMsK3O1XaTlxmg=
|
||||
Address = 10.200.0.4/24
|
||||
DNS = 10.48.200.90
|
||||
PostUp = iptables -I OUTPUT ! -o wg0 -m mark ! --mark 51820 -m addrtype ! --dst-type LOCAL -j REJECT; iptables -I OUTPUT -d 10.48.200.0/24 -j ACCEPT
|
||||
PostDown = iptables -D OUTPUT -d 10.48.200.0/24 -j ACCEPT; iptables -D OUTPUT ! -o wg0 -m mark ! --mark 51820 -m addrtype ! --dst-type LOCAL -j REJECT
|
||||
|
||||
[Peer]
|
||||
PublicKey = Fqb1KLfHe1r3+Hwhem7YGZB2KikGYy/8pPsOIP4rn18=
|
||||
Endpoint = 10.48.200.67:51821
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
PersistentKeepalive = 25
|
||||
@@ -0,0 +1,16 @@
|
||||
# MediaStack (10.48.200.35) WireGuard server config (for Jellyfin peer)
|
||||
# Serves as internal VPN hub for Jellyfin to reach MediaStack NFS exports
|
||||
# File: /etc/wireguard/wg1.conf
|
||||
|
||||
[Interface]
|
||||
PrivateKey = UPTGveBLFZLGcimi80npmrEB3tOfE8GjQEl4aTPOWV0=
|
||||
Address = 10.200.0.1/24
|
||||
ListenPort = 51820
|
||||
PostUp = sysctl -w net.ipv4.ip_forward=1; iptables -A FORWARD -i wg1 -o nordlynx -j ACCEPT; iptables -A FORWARD -i nordlynx -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -A POSTROUTING -o nordlynx -s 10.200.0.0/24 -j MASQUERADE
|
||||
PostDown = iptables -D FORWARD -i wg1 -o nordlynx -j ACCEPT; iptables -D FORWARD -i nordlynx -o wg1 -m state --state RELATED,ESTABLISHED -j ACCEPT; iptables -t nat -D POSTROUTING -o nordlynx -s 10.200.0.0/24 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
# Jellyfin
|
||||
PublicKey = T+mr/+Z+9F0FXG/8AxJClH7kgxvqFVeSouJQo2+D82M=
|
||||
AllowedIPs = 10.200.0.3/32
|
||||
PersistentKeepalive = 25
|
||||
@@ -0,0 +1,17 @@
|
||||
# WireGuard CT (LXC 110, 10.48.200.67) NordVPN tunnel config
|
||||
# Connects to NordVPN server at 2.56.190.66:51820 (Clouvider UK)
|
||||
# Policy routes 10.200.0.0/24 (MediaStack tunnel clients) through NordVPN
|
||||
# File: /etc/wireguard/nord0.conf
|
||||
|
||||
[Interface]
|
||||
PrivateKey = Ebk+g1cMK14ured/u+QLvHPYxmoh9dCmeq65qbS/Aqg=
|
||||
Address = 10.5.0.2/32
|
||||
Table = off
|
||||
PostUp = sysctl -w net.ipv4.conf.all.rp_filter=0 || true; ip route add default dev nord0 table 201 || true; ip rule add from 10.200.0.0/24 lookup 201 prio 100 || true; iptables -t nat -A POSTROUTING -o nord0 -j MASQUERADE || true
|
||||
PostDown = ip route del default dev nord0 table 201 2>/dev/null; ip rule del from 10.200.0.0/24 lookup 201 2>/dev/null; iptables -t nat -D POSTROUTING -o nord0 -j MASQUERADE 2>/dev/null
|
||||
|
||||
[Peer]
|
||||
PublicKey = 8pRFH/FfMBs3eBJCM2ABFoOs/13n78LYQvoovZVLdgI=
|
||||
Endpoint = 2.56.190.66:51820
|
||||
AllowedIPs = 0.0.0.0/0
|
||||
PersistentKeepalive = 25
|
||||
@@ -0,0 +1,15 @@
|
||||
# WireGuard CT (LXC 110, 10.48.200.67) client-server config
|
||||
# Accepts connections from MediaStack and Jellyfin
|
||||
# File: /etc/wireguard/wg-clients.conf
|
||||
|
||||
[Interface]
|
||||
Address = 10.200.0.1/24
|
||||
ListenPort = 51821
|
||||
PrivateKey = uMdYzpGScR4D8cIm7WNbTJ5KHZQGAIFUInMI+4MZjkU=
|
||||
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE; sysctl -w net.ipv4.ip_forward=1
|
||||
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
|
||||
|
||||
[Peer]
|
||||
# MediaStack (10.48.200.35)
|
||||
PublicKey = CaG79S1fJeJDlYCMhHz8BrDfizBq+OiGnO5VzFIk3gE=
|
||||
AllowedIPs = 10.200.0.4/32
|
||||
Reference in New Issue
Block a user