Berwn
33ac7e106b
control runs VictoriaMetrics (loopback) and Grafana; every machine exports node metrics and the nameservers export Knot stats (mod-stats + knot-exporter). Scraping and the Grafana UI ride the ZeroTier mesh only, scoped by nftables to the mesh /88; the public side stays closed by the Hetzner cloud firewall. The provisioned DNS dashboard includes a per-zone SOA serial table to catch primary/secondary drift. ZeroTier ULAs are centralised in mesh-hosts.nix.
15 lines
615 B
Nix
15 lines
615 B
Nix
# ZeroTier (clan mesh) addresses — the private IPv6 overlay every machine shares.
|
|
# DNS zone transfers and metrics scraping ride this mesh, never the public net.
|
|
rec {
|
|
hosts = {
|
|
control = "fd06:1bad:ece2:92ad:ba99:9306:1bad:ece2";
|
|
ns1 = "fd06:1bad:ece2:92ad:ba99:939d:766d:8974";
|
|
ns2 = "fd06:1bad:ece2:92ad:ba99:9323:61be:a09e";
|
|
};
|
|
|
|
# RFC 4193 /88 prefix of this ZeroTier network (fd + 8-byte network id + the
|
|
# 0x9993 marker). Covers every mesh peer — servers and admin laptops alike —
|
|
# and is used to scope mesh-only firewall rules.
|
|
subnet = "fd06:1bad:ece2:92ad:ba99:9300::/88";
|
|
}
|