jackos1998
a7ea91f529
Add a top-level `README.md` mapping the boxes and per-machine docs under `docs/boxes/` (grouped `colony/`, `home/`, `misc/`), one file per host, VM and container documenting role, services and networking with source pointers. Also point `AGENTS.md` at the new docs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
2.0 KiB
2.0 KiB
shill
The colony NixOS container host. Most colony applications run as
systemd-nspawn containers on shill.
- Source:
nixos/boxes/colony/vms/shill/(default.nix,containers-ext.nix,hercules.nix,containers/) - nixpkgs:
mine - Host: VM on
colony(large: 12 cores, 40 GiB RAM)
Role
- Runs the colony NixOS containers via
my.containers.instances, each attached to thectrsbridge with its own address. - Provides shared data volumes to those containers via bind mounts from
LVM-backed disks:
/mnt/media(→middleman,jackflix),/mnt/minioand/mnt/nix-cache(→object). - Acts as the router between the
vmsnetwork and thectrscontainer network (sends RAs onctrs, routes Tailscale prefixes viawaffletailand theqclkprefix viaqclk). Includes an nftablesct markhack to make internal DNAT return paths work. - Tuned sysctls for high connection counts / torrent traffic; netdata.
Containers
Defined in shill/containers/
and wired up in shill's my.containers.instances:
| Container | Role |
|---|---|
middleman |
Front-end nginx reverse proxy, ACME, nginx-sso, librespeed |
colony-psql |
Shared PostgreSQL |
vaultwarden |
Password manager |
chatterbox |
Matrix homeserver + bridges |
toot |
Bluesky PDS (Mastodon disabled) |
jackflix |
Media stack |
object |
MinIO / Harmonia / HedgeDoc / wastebin |
waffletail |
Tailscale subnet router |
qclk |
Clock service |
gam |
Game servers |
Notes
- Container systems set
my.deploy.enable = false(they are deployed as part ofshill's container profiles, not as standalone deploy nodes) and render viamy.asContainer. hercules.nixconfigures Hercules CI agent bits;containers-ext.nixholds extra per-container host wiring.