This repository is the production deployment record for noc-agent,
hyrule-mcp, hyrule-cloud, hyrule-web, and hyrule-network-proxy. App repos do not deploy
production on merge.
After an app repo's ci workflow succeeds on main, its
request-promotion workflow asks this repo to open or update the promotion PR
that pins exact SHAs in inventory. Actions -> promote-apps remains the
manual fallback when a promotion request needs to be replayed or coordinated by
hand. After the promotion PR merges, app-promotion-deploy automatically
calls apply.yml for the affected playbooks and waits at the GitHub
production environment approval gate. The human operator's normal job is to
review the promotion PR, merge it, approve the production gate, and review the
Icinga snapshot diff.
Full runbook: docs/ci/deploy-runbook.md.
Public operations repository for Hyrule Networks (AS215932) — building a complete Internet Service Provider from scratch.
AS215932 is a solo project to build and operate a full-stack ISP with modern BGP routing, multi-homing, and IPv6-first architecture. This repository tracks infrastructure work, configuration management, and operational decisions.
Working in public to share knowledge with the networking community and demonstrate real-world ISP operations.
- ASN: AS215932
- Network Name: Hyrule / Servify
- NOC: noc@as215932.net
- Peering Policy: Open (see PeeringDB)
- PeeringDB: AS215932
- Multiple BGP transit providers
- Presence at multiple Internet Exchange Points (IXPs)
- IPv6-only (for now, hopefully forever unless I can't avoid it)
- RPKI ROA configured
- IRR objects registered (RIPE Database)
AGENTS.md is the canonical domain-policy reference for this repo. In short:
hyrule.host is customer-facing Hyrule Cloud identity, servify.network is
infrastructure identity, and as215932.net is AS215932 overlay/routing identity
only.
Active IXP presence at multiple locations - see PeeringDB for current list
- Core Routers: FreeBSD + FRRouting (
cr1-nl1,cr1-de1,cr1-ch1) - Edge Router: Debian 13 + FRRouting (
rtrat OVH) - Overlay Network: full-mesh WireGuard tunnels
- Protocols: BGP, OSPFv3
- Virtualization: XCP-NG w/ Xen Orchestra
cr1-nl1 ===== cr1-de1
| \\ / |
| \\ / |
| cr1-ch1 |
| | |
+----- rtr ---+
- IPv6-first design with IPv4 transition mechanisms (NAT64/DNS64, 464XLAT)
- Multi-homed BGP (with ECMP load balancing)
- Stateless overlay for asymmetric routing
- Distributed routing architecture with OSPF internal connectivity
Rendered diagrams are intentionally not embedded until their source files and image artifacts are committed together. Planned additions:
| Planned asset | Description |
|---|---|
docs/diagrams/topology.mmd / docs/img/topology.png |
Full mesh of core routers (cr1-nl1, cr1-de1, cr1-ch1) with OSPFv3 internal connectivity and the edge router (rtr) at OVH. BGP multi-homing provides transit and IXP peering; WireGuard overlays stitch the stateless fabric together. |
docs/diagrams/bgp-overview.mmd / docs/img/bgp-overview.png |
External BGP sessions to transit providers and IXPs; internal BGP policies for route filtering, RPKI validation, and ECMP load balancing. |
docs/diagrams/deploy-flow.mmd / docs/img/deploy-flow.png |
App repositories (noc-agent, hyrule-mcp, hyrule-cloud, hyrule-web) run CI on main, then request promotion via this repo. A promotion PR pins exact SHAs in inventory; after merge, apply.yml deploys through a GitHub environment approval gate. |
When adding diagrams, commit both the text source and rendered image so the public README never points at missing assets.
Production screenshots are also tracked as TODOs until sanitized image files are
committed under docs/img/screenshots/. Keep sensitive data (passwords, keys,
full IP ranges) out of frame.
| Planned asset | Description |
|---|---|
docs/img/screenshots/icinga-dashboard.png |
Icinga monitoring overview for core routers and services |
docs/img/screenshots/frr-cli.png |
Sample FRRouting vtysh output showing BGP summary |
docs/img/screenshots/peeringdb.png |
AS215932 PeeringDB page and contact details |
docs/img/screenshots/weathermap.png |
Network weathermap from https://as215932.net |
Want to add one? Open a PR with the image and a short caption.
network-operations/
├── autoinstall/ # OS autoinstall configs and QMP tools
├── configs/ # Configuration templates (Jinja2)
├── docs/ # Architecture and deployment documentation
├── scripts/ # Bootstrap and operational scripts
└── .github/ # Issue templates and workflows
I maintain an open peering policy and welcome peering requests at any of my IXP locations.
Peering Requirements:
- Valid entry in PeeringDB
- IRR objects registered
- 24/7 NOC contact
- RPKI ROA configured
Contact via PeeringDB or open an issue in this repository with the peering label.
Key documentation:
This is a living list of what we're building. Completed items are checked; ongoing work is tracked in GitHub Issues.
- Obtain AS number and IP allocations
- Establish BGP transit agreements
- Deploy at Internet Exchange Points
- Complete PeeringDB and IRR registration
- Implement core routing infrastructure (
cr1-nl1,cr1-de1,cr1-ch1,rtr) - Expand IXP presence
- Grow peering relationships
- Deploy additional services (Tor / I2PD / Yggdrasil relays, public resolvers)
- Implement x402 one-time service usage (e.g., pay-per-request)
- Automate configuration management
- Build comprehensive monitoring stack
- Publish live Looking Glass
- Stabilize automated promotion and deployment runbooks.
- Expand IXP peering in Western Europe.
- Ship public DNS resolvers over IPv6.
- Open-source reusable FRRouting policy templates.
This repository serves as:
- Issue tracker for infrastructure work and bugs
- Configuration library for reusable network configs
- Documentation hub for architecture and procedures
- Public record of network operations and decisions
Feel free to:
- Browse issues to see ongoing work
- Learn from configuration examples
- Open issues for peering requests or questions
- Contribute suggestions or report issues
hyrule-mcp— Live MCP diagnostic substrateengineering-loop— Autonomous infrastructure change loopnoc-agent— Alert intake and incident analysisas215932.net— Public website and weathermaphyrule-cloud— Agentic VPS hosting API with x402 paymentshyrule-web— Main branded website
- NOC Email: noc@as215932.net
- PeeringDB: https://www.peeringdb.com/asn/215932
- Issues: Use GitHub Issues for operational questions or peering requests
License: Configuration examples and documentation in this repository are provided as-is for educational purposes.
Building the Internet, one BGP session at a time.