testsAndMisc/linux_configuration
Krzysztof kuhy Rudnicki 66272dc95a feat: add self-hosted WireGuard+SSH remote access from Android, across networks
Lets SSH terminal access reach this PC from a phone on a different network
(mobile data vs home broadband), using only FOSS/free software: self-hosted
WireGuard (no relay/coordination server), DuckDNS for the dynamic public IP,
and a default-drop nftables firewall so sshd is never exposed to the WAN
directly -- only the WireGuard UDP port is forwarded, SSH is reachable only
through the tunnel or LAN.

Verified fully end-to-end (phone on mobile data, real handshake + SSH login).
Several bugs only surfaced through live execution and were fixed in place:
a DNS=1.1.1.1 line that broke all phone DNS once the tunnel was active, a
require_root/sudo arg-forwarding bug, hostname/dig not being installed on a
minimal Arch system, a bash RETURN-trap scoping bug, and a DuckDNS cron-dedup
that would have deleted an unrelated pre-existing Joplin DuckDNS cron entry.

Also whitelists the WireGuard/F-Droid/ConnectBot apps (plus the todo app) in
phone_focus_mode's WHITELIST so the GPS-based focus daemon doesn't disable
them. Adds "iif" (nftables keyword) to the codespell ignore-list since it
was flagged as a false-positive typo of "if".

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Claude-Session: https://claude.ai/code/session_01TUSBRyujRMuGiUitGP8gET
2026-06-21 20:07:13 +02:00
..
.githooks feat: great beautiful fixes 2026-02-20 01:17:53 +01:00
.github style: prettier formatting fixes 2026-05-15 01:15:52 +02:00
C/atop_agg fix(usage_report): stop charging atop's HZ field as CPU; bundle since-last-report mode 2026-06-04 18:13:47 +02:00
docs refactor(linux_configuration/scripts): split all scripts into single_use/ and periodic_background/ 2026-05-15 00:32:35 +02:00
dwm style: apply prettier formatting to evidence JSON and dwm/gaming READMEs 2026-06-14 07:22:04 +02:00
scripts feat: add self-hosted WireGuard+SSH remote access from Android, across networks 2026-06-21 20:07:13 +02:00
tests feat: split oversized modules for 500-line limit, fix kasa coverage gap 2026-06-14 07:19:37 +02:00
zsh refactor: extract all inline Python from shell scripts into proper .py files 2026-06-06 10:31:48 +02:00
.gitignore feat: add self-hosted WireGuard+SSH remote access from Android, across networks 2026-06-21 20:07:13 +02:00
install_core_system.sh fix: PYTHONPATH in screen locker status check; sudo for steam enforcer install 2026-05-15 01:19:57 +02:00
test_results.log Add 'linux_configuration/' from commit '0762e3d07b90bac9256eb272de10bf9f42878094' 2026-02-06 21:43:26 +01:00