#security
2 posts
Dotfiles, Part 4: Network-Aware Services — From Split Tunneling to Topology-Driven DNS
ProtonVPN with network namespace split tunneling, ad-blocking derived from VLAN topology, DHCP-to-DNS sync, and dynamic WireGuard peer onboarding — all as composable NixOS modules.
Dotfiles, Part 3: Secrets, Fleet Management, and the User Bridge
How I bootstrap 9 machines with sops-nix, clan-core, and a user module pattern that solves the secrets chicken-and-egg problem — plus service exposure via Caddy and Cloudflare Tunnel.