jackos1998
a7ea91f529
Add a top-level `README.md` mapping the boxes and per-machine docs under `docs/boxes/` (grouped `colony/`, `home/`, `misc/`), one file per host, VM and container documenting role, services and networking with source pointers. Also point `AGENTS.md` at the new docs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
colony (host)
The physical dedicated server in Amsterdam and the VM host for everything in this group.
- Source:
nixos/boxes/colony/default.nix(VM instances innixos/boxes/colony/vms/default.nix) - nixpkgs:
mine-stable
Role
Bare-metal AMD host. It does little application work itself — its job is to run the VMs and provide them with storage, networking and backups.
- Virtualisation: QEMU/KVM (
kvm-amd, IOMMU on) via themy.vmsmodule. VM disks are LVM logical volumes (vm-<name>-<disk>) in themainvolume group;estuaryadditionally gets a WAN NIC by PCI passthrough. - Storage: LVM-thin (
services.lvm.boot.thin),/persistfor state,/mnt/backupfor the local borg repo.smartd+rasdaemonfor health. - Backups:
my.borgthinsnapshots the persist/data LVs of the host and its VMs into/mnt/backup/main, which is thenrsync'd (along with LVM metadata) to rsync.net (zh2855.rsync.net). - Monitoring: netdata (with freeipmi), smartd.
Networking
- Two bridges:
base(the colony "base" network, shared withestuary) andvms(the VM network). Dummy interfaces keep the bridges up so dependent VMs can start. - Default gateway / edge is
estuary;colonyitself holds theroutingandinternal(a.k.a.vm) assignments and routes container/OCI/Tailscale prefixes toshillandwhale2. my.firewalltrusts thevmsinterface and forwards customer prefixes (vm-mail,vm-darts) through.
VMs hosted here
estuary, shill, whale2, git (all NixOS, documented in this directory),
plus the non-NixOS mail and darts (see README).