Ansible Roles, topology, etc
VMs? backups, filesystems? Other users? Monitoring, Wireguard. IPv6 block? Docker?
adding some brainstorming here, will probably move this to its own story / epic. please add any thoughts
Basic idea is to run Focal 20.04 and build on bare metal. Fore building a release (briefly tested it can easily produce 150 CLI images in 32m at once, probably we can push it a bit higher) it is crucial to have access to as much memory as possible. Dual 10GB NIC are hooked to private network and access to additional storage, other two for DMZ VMs. One VM for CI, other for users? How much fast space to give to those and how to deal with memory? Actually (more then) full is needed only when making a release …
Additional scripting should resist on so we can put it together in no time.
KVM images to local NAS, elsewhere?
git clone build
git clone scripts
only keys comes from our pockets
Current hw setup:
boot and root is on 64Gb SATA dom
2 x PCI4 1Tb drive are put into raid0
20G swap on SATA
water cooling keep CPU <65° (full load for 30m) so its a room for severe overclocking
currently no IPV6 configured but not simple to setup
moving to Estonia where different scenario comes into play. This option was already discussed and can be planned from 2/2021 when Lauri has more time. They can provide case and PSU, which means I will just leave temporal setup until then. If we choose to be a proper long term solution. What we are looking now is a temporal setup to support our releases and CI efficiently.
Current security concerns:
if I give direct access to bare metal I need to RFC network topology and hook machine off my 10Gb networking since is dumb only.
Is it easy for you to install Borg Backup on your freenas?
actually we can just expose an NFS mount to VM, and run Borg there, and then that can be accessed by VPN
My NAS is running Ubuntu so yes.