We're updating the issue view to help you get more done. 

Plan for new build server


Ansible Roles, topology, etc

  • VMs? backups, filesystems? Other users? Monitoring, Wireguard. IPv6 block? Docker?

  • user management?


Lane Jennison
November 16, 2020, 4:15 PM

adding some brainstorming here, will probably move this to its own story / epic. please add any thoughts

Igor Pecovnik
November 17, 2020, 7:18 AM

Basic idea is to run Focal 20.04 and build on bare metal. Fore building a release (briefly tested it can easily produce 150 CLI images in 32m at once, probably we can push it a bit higher) it is crucial to have access to as much memory as possible. Dual 10GB NIC are hooked to private network and access to additional storage, other two for DMZ VMs. One VM for CI, other for users? How much fast space to give to those and how to deal with memory? Actually (more then) full is needed only when making a release …

Additional scripting should resist on so we can put it together in no time.

KVM images to local NAS, elsewhere?
The rest:
git clone build
git clone scripts
only keys comes from our pockets

Current hw setup:

  • boot and root is on 64Gb SATA dom

  • 2 x PCI4 1Tb drive are put into raid0

  • 20G swap on SATA

  • water cooling keep CPU <65° (full load for 30m) so its a room for severe overclocking

  • currently no IPV6 configured but not simple to setup

Possible setup:

  • moving to Estonia where different scenario comes into play. This option was already discussed and can be planned from 2/2021 when Lauri has more time. They can provide case and PSU, which means I will just leave temporal setup until then. If we choose to be a proper long term solution. What we are looking now is a temporal setup to support our releases and CI efficiently.

Current security concerns:

  • if I give direct access to bare metal I need to RFC network topology and hook machine off my 10Gb networking since is dumb only.

Lane Jennison
November 20, 2020, 9:04 AM

Is it easy for you to install Borg Backup on your freenas?

actually we can just expose an NFS mount to VM, and run Borg there, and then that can be accessed by VPN

Igor Pecovnik
November 20, 2020, 10:22 AM

My NAS is running Ubuntu so yes.


Igor Pecovnik


Lane Jennison