mirror of
https://github.com/kuhyx/testsAndMisc.git
synced 2026-07-04 14:43:01 +02:00
Lets SSH terminal access reach this PC from a phone on a different network (mobile data vs home broadband), using only FOSS/free software: self-hosted WireGuard (no relay/coordination server), DuckDNS for the dynamic public IP, and a default-drop nftables firewall so sshd is never exposed to the WAN directly -- only the WireGuard UDP port is forwarded, SSH is reachable only through the tunnel or LAN. Verified fully end-to-end (phone on mobile data, real handshake + SSH login). Several bugs only surfaced through live execution and were fixed in place: a DNS=1.1.1.1 line that broke all phone DNS once the tunnel was active, a require_root/sudo arg-forwarding bug, hostname/dig not being installed on a minimal Arch system, a bash RETURN-trap scoping bug, and a DuckDNS cron-dedup that would have deleted an unrelated pre-existing Joplin DuckDNS cron entry. Also whitelists the WireGuard/F-Droid/ConnectBot apps (plus the todo app) in phone_focus_mode's WHITELIST so the GPS-based focus daemon doesn't disable them. Adds "iif" (nftables keyword) to the codespell ignore-list since it was flagged as a false-positive typo of "if". Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01TUSBRyujRMuGiUitGP8gET |
||
|---|---|---|
| .. | ||
| contracts | ||
| evidence | ||
| memory | ||
| plans | ||
| sessions | ||
| specs | ||
| workflows | ||