Add VictoriaMetrics + Grafana DNS monitoring over the mesh
control runs VictoriaMetrics (loopback) and Grafana; every machine exports node metrics and the nameservers export Knot stats (mod-stats + knot-exporter). Scraping and the Grafana UI ride the ZeroTier mesh only, scoped by nftables to the mesh /88; the public side stays closed by the Hetzner cloud firewall. The provisioned DNS dashboard includes a per-zone SOA serial table to catch primary/secondary drift. ZeroTier ULAs are centralised in mesh-hosts.nix.
This commit is contained in:
Berwn
@@ -1,8 +1,9 @@
|
||||
{ config, pkgs, ... }:
|
||||
let
|
||||
# ZeroTier addresses — zone transfers run over the mesh, not the public net.
|
||||
ns1zt = "fd06:1bad:ece2:92ad:ba99:939d:766d:8974";
|
||||
ns2zt = "fd06:1bad:ece2:92ad:ba99:9323:61be:a09e";
|
||||
mesh = import ../mesh-hosts.nix;
|
||||
ns1zt = mesh.hosts.ns1;
|
||||
ns2zt = mesh.hosts.ns2;
|
||||
in
|
||||
{
|
||||
# Shared TSIG key, generated once and copied to every machine that imports
|
||||
|
||||
Reference in New Issue
Block a user