the_information_nexus/tech_docs/single-box.md

Low-hanging fruit that fit the symmetry aesthetic and cost ≤ 1 extra binary / 1 config file each:

1. NTP + PTP (time symmetry)

   apt install chrony
   echo "allow 10.0.0.0/16" >> /etc/chrony/chrony.conf
   systemctl enable --now chrony
   

   Clients in every subnet now get the same stratum-1 time source (ns.infra.mycorp.net).

2. Central syslog + logrotate (single pane)

   apt install rsyslog
   echo '*.info @@ns.infra.mycorp.net:514' >> /etc/rsyslog.d/10-remote.conf
   systemctl restart rsyslog
   

   One file, logs flow to the host itself—no extra daemons.

3. mDNS repeater (Bonjour across VLANs)

   apt install avahi-daemon avahi-utils
   sed -i 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
   systemctl enable --now avahi-daemon
   

   Ensures printer-01.lan.mycorp.net is discoverable from dmz.mycorp.net.

4. TFTP/PXE “boot farm” (one-line DHCP option)
   Add to /etc/dnsmasq.d/30-pxe.conf:

   dhcp-option=66,10.0.255.1   # TFTP server
   dhcp-option=67,pxelinux.0
   

   Net-install any OS from the same box.

5. WireGuard hub (one interface, one key pair)

   apt install wireguard
   wg genkey | tee /etc/wireguard/wg0.key | wg pubkey > /etc/wireguard/wg0.pub
   

   Tunnel address: 10.254.0.0/24 (mirrors 10.0.x.0/24 pattern).
   Add peer configs via a single /etc/wireguard/wg0.conf.

6. Prometheus node exporter (metrics symmetry)

   apt install prometheus-node-exporter
   systemctl enable --now prometheus-node-exporter
   

   Metrics reachable at http://ns.infra.mycorp.net:9100/metrics.

Pick any two without breaking the “single-box, single-file” rule.