# Overview

This is the operational runbook for the **cnx-network** clan. Everything here is
managed declaratively from the [clan repo](https://git.b4l.co.th/B4L/cnx-network-clan);
this book is built from `docs/` and served on `control` over the ZeroTier mesh.

## Machines

| Machine   | Role                                  | Public IPv4      | Public IPv6             |
| --------- | ------------------------------------- | ---------------- | ----------------------- |
| `control` | ZeroTier controller, monitoring, docs | `77.42.68.181`   | `2a01:4f9:c013:e6d0::1` |
| `ns1`     | Knot DNS **primary** (master)         | `46.224.170.206` | `2a01:4f8:c014:b5c5::1` |
| `ns2`     | Knot DNS **secondary** (slave)        | `157.180.70.82`  | `2a01:4f9:c014:6d87::1` |
| `mx1`     | Mail server (**MX** for cnx.email)    | `5.223.65.38`    | `2a01:4ff:2f0:1963::1`  |

## Access

- Admin SSH and all internal services ride the **ZeroTier mesh**, not the public
  net. Public SSH (22) is intentionally closed at the Hetzner cloud firewall.
- clan reaches machines by their public IPs first (the `internet` instance), with
  the mesh and Tor as automatic fallbacks.

## Editing these docs

Commit-to-edit: change the markdown under `docs/src/`, commit, and redeploy
`control`. There is no in-browser editor by design — the docs are versioned and
reviewed alongside the config that they describe.