dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

docs: Document the boxes

Browse Source 
Add a top-level `README.md` mapping the boxes and per-machine docs under
`docs/boxes/` (grouped `colony/`, `home/`, `misc/`), one file per host, VM and
container documenting role, services and networking with source pointers.

Also point `AGENTS.md` at the new docs.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Jack O'Sullivan
2026-06-14 22:40:13 +01:00
parent 90cc2d53f1
commit a7ea91f529
35 changed files with 986 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/boxes/colony/colony.md
+39
View File
@@ -0,0 +1,39 @@
# colony (host)
The physical dedicated server in Amsterdam and the VM host for everything in
this group.
- **Source:** [`nixos/boxes/colony/default.nix`](../../../nixos/boxes/colony/default.nix)
(VM instances in [`nixos/boxes/colony/vms/default.nix`](../../../nixos/boxes/colony/vms/default.nix))
- **nixpkgs:** `mine-stable`
## Role
Bare-metal AMD host. It does little application work itself — its job is to run
the VMs and provide them with storage, networking and backups.
- **Virtualisation:** QEMU/KVM (`kvm-amd`, IOMMU on) via the `my.vms` module. VM
disks are LVM logical volumes (`vm-<name>-<disk>`) in the `main` volume group;
`estuary` additionally gets a WAN NIC by PCI passthrough.
- **Storage:** LVM-thin (`services.lvm.boot.thin`), `/persist` for state,
`/mnt/backup` for the local borg repo. `smartd` + `rasdaemon` for health.
- **Backups:** `my.borgthin` snapshots the persist/data LVs of the host and its
VMs into `/mnt/backup/main`, which is then `rsync`'d (along with LVM metadata)
to rsync.net (`zh2855.rsync.net`).
- **Monitoring:** netdata (with freeipmi), smartd.
## Networking
- Two bridges: `base` (the colony "base" network, shared with `estuary`) and
`vms` (the VM network). Dummy interfaces keep the bridges up so dependent VMs
can start.
- Default gateway / edge is `estuary`; `colony` itself holds the `routing` and
`internal` (a.k.a. `vm`) assignments and routes container/OCI/Tailscale
prefixes to `shill` and `whale2`.
- `my.firewall` trusts the `vms` interface and forwards customer prefixes
(`vm-mail`, `vm-darts`) through.
## VMs hosted here
`estuary`, `shill`, `whale2`, `git` (all NixOS, documented in this directory),
plus the non-NixOS `mail` and `darts` (see [README](README.md#non-nixos-vms)).