← Tags

#security

2 posts

Dotfiles, Part 4: Network-Aware Services — From Split Tunneling to Topology-Driven DNS

ProtonVPN with network namespace split tunneling, ad-blocking derived from VLAN topology, DHCP-to-DNS sync, and dynamic WireGuard peer onboarding — all as composable NixOS modules.

nixnetworkingsecurityinfrastructure

Dotfiles, Part 3: Secrets, Fleet Management, and the User Bridge

How I bootstrap 9 machines with sops-nix, clan-core, and a user module pattern that solves the secrets chicken-and-egg problem — plus service exposure via Caddy and Cloudflare Tunnel.

nixsecurityinfrastructure