Infrastructure, 2022 Edition

By:
Pyrox

Published:

Reading Time: 5 minutes

As a nerd and geek, I run a lot of my own infrastructure. This post attempts to detail the infrastructure that I run, relative to the publish date. I’ll attempt to make a new post like this once a year, so that I keep this up to date.

General Info

All of my servers are named after Hitchhiker’s Guide to the Galaxy characters. They are all connected with a self-hosted Tailscale network. All of the servers that I own hardware for run NixOS Unstable, as I believe in being an early adopter of technology, and I also contribute to Nixpkgs myself.

Personal Hardware

This is hardware that I own and is located at my house. This does not include hardware that I rent or VPS servers.

Marvin

marvin is my main server. It runs most of my services, minus a few critical ones that I don’t run on a fairly unstable machine. The reason marvin is unstable is because I use it as a testbed for many new ideas that I have.

Hardware

  • CPU: Ryzen 7 5700G @3.8 Ghz
  • Motherboard: MSI MAG B550M Mortar WIFI
  • RAM: 32 GB(2x16GB) DDR4-3200 CL16
  • Boot Drive: 1TB Sabrent Rocket Q M.2-2280 NVME
  • Case: Fractal Design Node 804
  • Power Supply: EVGA SuperNOVA GA 550 W 80+Gold Fully Modular
  • Storage:
    • 2x WD Red 12TB 5400 RPM
    • 1x Seagate Ironwolf 7200 RPM

Software

  • Root Filesystem: BTRFS
  • Bulk Storage Filesystem: ZFS in a RAID-Z1 configuration
  • OS: NixOS Unstable
  • Public Services:
  • Semi-Public Services(not offered, just accessible):
    • Vaultwarden - Bitwarden Server
    • Jellyfin - Media Server
    • Dashy - Dashboard
    • Authentik - Central Auth System
    • Nix-Serve - NixOS Cache Server
    • Hydra CI - NixOS CI Server
    • Radicale - {Cal, Card, Web}Dav Server
    • Deemix
    • Gitea - Git Sever
    • Miniflux - RSS Reader
    • RSS-Bridge - RSS for websites without
    • Grafana - Dashboards
    • Syncthing - Cross-device syncing
    • Vikunja - ToDo app

Zaphod

zaphod is my personal laptop. It is a Framework Laptop, purchased during Batch 1. I consider myself an early adopter of the Framework Laptop, and I believe that it was a worthwhile purchase.

Hardware

  • Motherboard: Intel i5-1135G7 (4C/8T) @ 2.4 GHz
  • RAM: 32 GB RAM
  • Storage: 2TB NVMe SSD

Software

  • OS: NixOS Unstable
  • Filesystem: BTRFS

Prefect

prefect is my, so far, only production VPS. It is hosted at Hetzner, and runs a CPX-31 configuration. See Hetzner’s pages for more details on what that is, all you need to know is that they offer 20TB of free bandwidth with every VPS that you purchase. As a teenager, that had me hooked, since I can’t afford per-GB pricing when I’m streaming media from Jellyfin.

Software

  • OS: NixOS Unstable
  • Filesystem: EXT4
  • Services:
    • This Blog
    • NSD - This runs authoritative DNS for my 5 domains, soon to be more, most likely.
    • Caddy - Reverse proxys to all services hosted on marvin
    • Go-Jamming - Webmentions server

Overall, I’m pretty happy with this architecture. NixOS has made it really easy to define my configs, and I’m excited to see what happens over time.

Networking

I’m a big ol’ networking geek. It’s what I plant to focus on in college, and I consider it one of my strong suits. So how are my machines connected?

Tailscale

Tailscale is the big one. It is, simply put, a managed Wireguard solution that Just Works. I use it on all of my infrastructure to connect stuff together. I used to host a Headscale server, which is an open-source implementation of the Tailscale control plane, but that was too fragile and prone to breakage. Therefore, I’ve switched back to using vanilla Tailscale on the hosted service.

I believe that Tailscale should be the tool that you use to connect remote machines to eachother. It is simple, reliable, and very, very fast. I’ve had problems with it in the past, but that was when I hosted it myself, with the aforementioned Headscale server. The hosted service has been a stable and enjoyable experience.

DN42

I’m a participant in the DN42 network. I believe that it is a wonderful project, and I am excited to learn more and do more with it. I currently peer with 4 other nodes, and it has been a very easy experience so far. For more info on what DN42 is and why I’m interested in it, see my blogpost on the topic.

DN42 Peering

All my peering is done over Wireguard. This has been the standard for most new participants in the network, and continues to be adopted by older participants. These days, it’s much more common to find Wireguard peers than non-Wireguard peers, who use protocols such as OpenVPN and IPSec.

Current Peers List

This info can be found in the tunnels.nix file in my config repo here. This is also constantly up to date as well, while this blog post is not.

BGP Info

All of my BGP routing information is over Multiprotocol BGP, which is IPv6 only. All IPv6 addresses used to communicate with nodes are link-local. I also adhere to the standard set of BGP Communities that other participants in the network use.

Conclusion

That’s about it for this year’s infra roundup. I’ll see you in a few months to talk about what’s changed. In the meantime, expect a few posts on various computing-related topics!

- Pyrox