Berwn
dc21348727
Pure formatting (nixfmt/prettier/yamlfmt); no behavior change. These files predate the current treefmt config and were failing nix flake check; reformatting them makes the gate green again.
1.4 KiB
1.4 KiB
Overview
This is the operational runbook for the cnx-network clan. Everything here is
managed declaratively from the clan repo;
this book is built from docs/ and served on control over the ZeroTier mesh.
Machines
| Machine | Role | Public IPv4 | Public IPv6 |
|---|---|---|---|
control |
ZeroTier controller, monitoring, docs | 77.42.68.181 |
2a01:4f9:c013:e6d0::1 |
ns1 |
Knot DNS primary (master) | 46.224.170.206 |
2a01:4f8:c014:b5c5::1 |
ns2 |
Knot DNS secondary (slave) | 157.180.70.82 |
2a01:4f9:c014:6d87::1 |
mx1 |
Mail server (MX for cnx.email) | 5.223.65.38 |
2a01:4ff:2f0:1963::1 |
Access
- Admin SSH and all internal services ride the ZeroTier mesh, not the public net. Public SSH (22) is intentionally closed at the Hetzner cloud firewall.
- clan reaches machines by their public IPs first (the
internetinstance), with the mesh and Tor as automatic fallbacks.
Editing these docs
Commit-to-edit: change the markdown under docs/src/, commit, and redeploy
control. There is no in-browser editor by design — the docs are versioned and
reviewed alongside the config that they describe.