B4L/cnx-network-clan
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add VictoriaMetrics + Grafana DNS monitoring over the mesh

Browse Source 
control runs VictoriaMetrics (loopback) and Grafana; every machine exports
node metrics and the nameservers export Knot stats (mod-stats + knot-exporter).
Scraping and the Grafana UI ride the ZeroTier mesh only, scoped by nftables to
the mesh /88; the public side stays closed by the Hetzner cloud firewall. The
provisioned DNS dashboard includes a per-zone SOA serial table to catch
primary/secondary drift. ZeroTier ULAs are centralised in mesh-hosts.nix.
This commit is contained in:
Berwn
2026-06-17 10:17:27 +07:00
parent 63446173bc
commit 33ac7e106b
8 changed files with 402 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/mesh-hosts.nix
+14
View File
@@ -0,0 +1,14 @@
# ZeroTier (clan mesh) addresses — the private IPv6 overlay every machine shares.
# DNS zone transfers and metrics scraping ride this mesh, never the public net.
rec {
hosts = {
control = "fd06:1bad:ece2:92ad:ba99:9306:1bad:ece2";
ns1 = "fd06:1bad:ece2:92ad:ba99:939d:766d:8974";
ns2 = "fd06:1bad:ece2:92ad:ba99:9323:61be:a09e";
};
# RFC 4193 /88 prefix of this ZeroTier network (fd + 8-byte network id + the
# 0x9993 marker). Covers every mesh peer — servers and admin laptops alike —
# and is used to scope mesh-only firewall rules.
subnet = "fd06:1bad:ece2:92ad:ba99:9300::/88";
}