network-security

Headscale v0.27.1 VPN and firewall for secure admin access. (Updated: January 2026). All scripts are idempotent - check state before applying changes.

Safety Notice

This listing is imported from skills.sh public index metadata. Review upstream SKILL.md and repository scripts before running.

Copy this and send it to your AI assistant to learn

Install skill "network-security" with this command: npx skills add nmime/infra-skills/nmime-infra-skills-network-security

Network Security

Headscale v0.27.1 VPN and firewall for secure admin access. (Updated: January 2026). All scripts are idempotent - check state before applying changes.

Responsibility

This Skill Other Skills

Headscale VPN setup Servers → hetzner-infra

VPN user management DNS → hetzner-infra

Firewall rules TLS → k8s-cluster-management

Bastion hardening LB → hetzner-infra

Architecture

INTERNET │ ├─ PUBLIC (via LB) ───▶ app, api, s3, registry │ └─ ADMIN (via VPN) ──▶ gitlab, argocd, grafana, vault, k8s │ └──▶ Bastion + Headscale

Setup

Run on bastion server. See reference files for detailed commands:

  • VPN server: references/headscale.md

  • User management: references/users.md

  • Firewall rules: references/firewall.md

VPN Client Access

Connect from any server or sandboxed environment:

curl -fsSL https://tailscale.com/install.sh | sh tailscale up --login-server https://vpn.example.com --authkey <KEY>

Reference Files

  • references/headscale.md - VPN server

  • references/netbird.md - NetBird alternative

  • references/users.md - User management

  • references/firewall.md - Firewall rules

  • references/bastion.md - Bastion hardening

  • references/architecture.md - Network architecture

Source Transparency

This detail page is rendered from real SKILL.md content. Trust labels are metadata-based hints, not a safety guarantee.

Open in GitHubOpen in ClawHub

Related Skills

Related by shared tags or category signals.

General

minio-storage

No summary provided by upstream source.

Repository SourceNeeds Review
7-nmime
General

k8s-observability

No summary provided by upstream source.

Repository SourceNeeds Review
6-nmime
General

k8s-cluster-management

No summary provided by upstream source.

Repository SourceNeeds Review
6-nmime
General

k8s-secrets

No summary provided by upstream source.

Repository SourceNeeds Review
6-nmime