cnx-network-clan

B4L/cnx-network-clan

Fork 0

Commit Graph

Author	SHA1	Message	Date
Berwn	044891927b	Back up Knot DNSSEC keystore from ns1 to control via borgbackup clan borgbackup instance: control serves repos, ns1 backs up its clan.core.state (the KASP keystore at /var/lib/knot) nightly over the mesh with repokey encryption. ns1 maps the control machine name to its ZeroTier address so the borg@control repo resolves. Run `clan vars generate ns1` before deploy to mint the borg keypair.	2026-06-17 15:06:58 +07:00
Berwn	4c7c74836d	Add vmalert alerting rules for DNS and host health vmalert on control evaluates rules (declared in git) against VictoriaMetrics and remote-writes alert state back, so firing alerts show as the ALERTS series in Grafana. Covers SOA divergence between ns1/ns2, secondary zone expiry, scrape target down, and root disk full. No notifier yet (notifier.blackhole). Also adds TODO.md roadmap.	2026-06-17 14:49:32 +07:00

Author

SHA1

Message

Date

Berwn

044891927b

Back up Knot DNSSEC keystore from ns1 to control via borgbackup

clan borgbackup instance: control serves repos, ns1 backs up its
clan.core.state (the KASP keystore at /var/lib/knot) nightly over the
mesh with repokey encryption. ns1 maps the control machine name to its
ZeroTier address so the borg@control repo resolves.

Run `clan vars generate ns1` before deploy to mint the borg keypair.

2026-06-17 15:06:58 +07:00

Berwn

4c7c74836d

Add vmalert alerting rules for DNS and host health

vmalert on control evaluates rules (declared in git) against VictoriaMetrics and
remote-writes alert state back, so firing alerts show as the ALERTS series in
Grafana. Covers SOA divergence between ns1/ns2, secondary zone expiry, scrape
target down, and root disk full. No notifier yet (notifier.blackhole). Also adds
TODO.md roadmap.

2026-06-17 14:49:32 +07:00

2 Commits