jackos1998
a7ea91f529
Add a top-level `README.md` mapping the boxes and per-machine docs under `docs/boxes/` (grouped `colony/`, `home/`, `misc/`), one file per host, VM and container documenting role, services and networking with source pointers. Also point `AGENTS.md` at the new docs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
1.9 KiB
1.9 KiB
estuary
The colony edge router and firewall — the machine that holds colony's public IPs and connects everything else to the internet.
- Source:
nixos/boxes/colony/vms/estuary/(default.nix,bgp.nix,dns.nix,bandwidth.nix) - nixpkgs:
mine - Host: VM on
colony(gets the WAN NIC by PCI passthrough)
Role
- Edge routing / firewall / NAT: owns the colony public IPv4/IPv6
(
94.142.241.x/2a02:898:0:20::), does NAT and port-forwarding for the internal services (my.firewall.nat.forwardPortsdriven byfirewallForwards). Forwards HTTP/S tomiddleman, git togit, game ports to the OCI game servers onwhale2, etc. - BGP: runs BIRD2 (
bgp.nix) announcing AS211024, over VLANs on the WAN link:- peers at the IXPs Frys-IX, NL-ix and FogIXP;
- plus iFog transit (
ifog-transit) — an upstream transit provider from iFog, not an IXP.
- DNS: authoritative/recursive DNS (
dns.nix), redirected to port 5353 locally. - VPNs:
- Part of the AS211024 L2 VXLAN mesh (
my.vpns.l2) withriver,streamandbritway. - WireGuard endpoints for the remote
keldersite,hillcrest, andjohn-valorant.
- Part of the AS211024 L2 VXLAN mesh (
- Misc: iperf3 server. (A bandwidth-accounting script,
bandwidth.py, exists but is legacy and not currently used.)
Networking
wan— the passed-through igb NIC (9000 MTU), carrying the upstream uplink and tagged IXP VLANs (ifog409 →frys-ix/nl-ix/fogixp/ifog-transit).base— colony base network; sends RAs and provides DNS to the base prefix, routes the VM/container/OCI/Tailscale prefixes back tocolony.as211024— the L2 mesh interface.- Assignments:
internal(public, alt namefw),base,as211024.