medusa/the_information_nexus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
fbc49b5aa97ed1457d568b9fa0c7fc4b377e5dd7
the_information_nexus/tech_docs/single-box.md
medusa fbc49b5aa9 Add tech_docs/single-box.md
2025-08-04 01:07:46 -05:00

50 lines
1.7 KiB
Markdown
Raw Blame History

Low-hanging fruit that **fit the symmetry aesthetic** and **cost ≤ 1 extra binary / 1 config file each**:
1. NTP + PTP (time symmetry)
```
apt install chrony
echo "allow 10.0.0.0/16" >> /etc/chrony/chrony.conf
systemctl enable --now chrony
```
Clients in every subnet now get the *same* stratum-1 time source (`ns.infra.mycorp.net`).
2. Central syslog + logrotate (single pane)
```
apt install rsyslog
echo '*.info @@ns.infra.mycorp.net:514' >> /etc/rsyslog.d/10-remote.conf
systemctl restart rsyslog
```
One file, logs flow to the host itself—no extra daemons.
3. mDNS repeater (Bonjour across VLANs)
```
apt install avahi-daemon avahi-utils
sed -i 's/#enable-reflector=no/enable-reflector=yes/' /etc/avahi/avahi-daemon.conf
systemctl enable --now avahi-daemon
```
Ensures `printer-01.lan.mycorp.net` is discoverable from `dmz.mycorp.net`.
4. TFTP/PXE “boot farm” (one-line DHCP option)
Add to `/etc/dnsmasq.d/30-pxe.conf`:
```
dhcp-option=66,10.0.255.1 # TFTP server
dhcp-option=67,pxelinux.0
```
Net-install any OS from the same box.
5. WireGuard hub (one interface, one key pair)
```
apt install wireguard
wg genkey | tee /etc/wireguard/wg0.key | wg pubkey > /etc/wireguard/wg0.pub
```
Tunnel address: `10.254.0.0/24` (mirrors `10.0.x.0/24` pattern).
Add peer configs via a **single** `/etc/wireguard/wg0.conf`.
6. Prometheus node exporter (metrics symmetry)
```
apt install prometheus-node-exporter
systemctl enable --now prometheus-node-exporter
```
Metrics reachable at `http://ns.infra.mycorp.net:9100/metrics`.
Pick **any two** without breaking the “single-box, single-file” rule.
Reference in New Issue View Git Blame Copy Permalink