Jeff Emmett
2c8614e01e
Replace Movies/Shows/Music/Live Sports buttons with Request/Watch/Upload flow. Update request-access page with clear requests.jefflix.lol and movies.jefflix.lol instructions plus install-as-app tips. Clean up README, remove @vercel/analytics, add backlog tasks and vpn-setup. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com> |
||
|---|---|---|
| .. | ||
| README.md | ||
| cutover.sh | ||
| onboard-user.sh | ||
| rollback.sh | ||
| setup.sh | ||
README.md
Jefflix VPN Setup — Headscale + Tailscale
Protects all *.jefflix.lol services behind the existing Headscale VPN at vpn.jeffemmett.com.
How It Works
Before (public):
Browser → Cloudflare → Tunnel → Traefik → Jellyfin/etc
After (VPN-only):
Browser → Tailscale (WireGuard) → Traefik → Jellyfin/etc
(Only works if connected to the tailnet)
Traefik still routes by Host header — the only change is how traffic reaches it.
Quick Start
SSH into the server and follow the phases in order:
ssh netcup
Then run setup.sh (or follow the manual steps below).
Files
| File | Purpose |
|---|---|
setup.sh |
Full setup script (run on Netcup) |
coredns/Corefile |
CoreDNS config — resolves *.jefflix.lol to Tailscale IP |
coredns/docker-compose.yml |
CoreDNS container definition |
headscale-config-patch.yaml |
Split DNS addition for Headscale config |
cloudflared-config-clean.yml |
Cloudflare tunnel config with jefflix entries removed |
rollback.sh |
Emergency rollback script |