2021-11-25 04:22:53 +00:00
|
|
|
Project Athens
|
|
|
|
==============
|
|
|
|
|
2021-11-27 06:01:52 +00:00
|
|
|
Preamble
|
|
|
|
========
|
|
|
|
|
|
|
|
The whole project is being streamed at twitch.tv/shockrah in
|
|
|
|
case your interested to see how I build this. Boring design work
|
|
|
|
is done off stream so that the stream itself is filled with 100%
|
|
|
|
coding.
|
|
|
|
|
|
|
|
Abstract
|
|
|
|
========
|
|
|
|
|
2021-11-25 04:22:53 +00:00
|
|
|
Project Athens is an effort to consolidate my own online presence
|
|
|
|
onto a common platform that is not only easier to maintain
|
|
|
|
but also more managable from an operations pov.
|
|
|
|
|
|
|
|
Most of the code in this repository has to do with the infrastructure
|
|
|
|
of the project which is used to host services that I host myself.
|
|
|
|
|
|
|
|
|
|
|
|
Section 1. Preamble/Abstract
|
|
|
|
============================
|
|
|
|
|
|
|
|
This explanation will take on a bottom up approach because the technical
|
|
|
|
goals/processes are what make up the deliverable value(to myself).
|
|
|
|
|
|
|
|
Also this project is just for me so fuck off if you don't like it.
|
|
|
|
|
|
|
|
|
|
|
|
Section 2. The Hosts/Services
|
|
|
|
=============================
|
|
|
|
|
|
|
|
Services to host are listed below with their respective roles:
|
|
|
|
|
|
|
|
Docker host:
|
|
|
|
- Discord Chat Bots
|
|
|
|
- Lewdlad(Server Management Chat Bot)
|
|
|
|
- Musical Maurice(Music Voice Bot)
|
|
|
|
- My personal clippable instance
|
|
|
|
|
|
|
|
Static Nginx server:
|
|
|
|
- Personal Website
|
|
|
|
Served under shockrah.xyz
|
|
|
|
- Resume Website
|
|
|
|
Served under resume.shockrah.xyz
|
|
|
|
- Frechat Documentation
|
|
|
|
Served under freechat.shockrah.xyz
|
|
|
|
|
|
|
|
SSH/Ansible Host
|
|
|
|
This is the dev box that I use to patch things in the
|
|
|
|
VPC. This way we only accept internal SSH connections.
|
|
|
|
Rationale: To reduce surface area to the outside werld
|
|
|
|
|
2021-11-26 04:45:15 +00:00
|
|
|
Reverse Proxy
|
|
|
|
This server is going to sit between Alpha & Beta as
|
|
|
|
both are going to need need to take HTTP requests
|
|
|
|
from the internet but I don't want to expose them.
|
|
|
|
|
2021-11-25 04:22:53 +00:00
|
|
|
Section 3. Codenames
|
|
|
|
====================
|
|
|
|
|
|
|
|
Below are the codenames which Terraform code uses in order to
|
|
|
|
|
|
|
|
Alpha - Docker host
|
|
|
|
|
|
|
|
Beta - Static Nginx Server
|
|
|
|
|
|
|
|
Gamma - Dev/Ansible host
|
|
|
|
|
2021-11-26 04:45:15 +00:00
|
|
|
Sigma - Web App Reverse Proxy
|
|
|
|
|
2021-11-25 04:22:53 +00:00
|
|
|
Crete - Primary Subnet used to host stuff
|
|
|
|
|
2021-11-27 06:01:52 +00:00
|
|
|
Demeter - Name of the EIP which the NAT gateway will use
|
|
|
|
|
|
|
|
Athens - Name of the project (and the VPC)
|
|
|
|
|
|
|
|
|
2021-11-25 04:22:53 +00:00
|
|
|
Section 4. Network Layout
|
|
|
|
=========================
|
|
|
|
|
|
|
|
|
|
|
|
Crete
|
2021-11-26 04:45:15 +00:00
|
|
|
Subnet 10.0.0.128/26
|
2021-11-25 04:22:53 +00:00
|
|
|
Refers to the primary subnet that most services live on.
|
2021-11-25 08:14:03 +00:00
|
|
|
Contains its own internet gateway as services here
|
|
|
|
basically require 24/7 internet access.
|
|
|
|
> High number of web services
|
2021-11-25 04:22:53 +00:00
|
|
|
|
|
|
|
|
|
|
|
Alpha
|
2021-11-26 05:28:03 +00:00
|
|
|
Internal IP: 10.0.0.151
|
2021-11-26 04:45:15 +00:00
|
|
|
Web Docker Host
|
2021-11-25 04:22:53 +00:00
|
|
|
|
|
|
|
Beta
|
2021-11-26 05:28:03 +00:00
|
|
|
Internal IP: 10.0.0.152
|
2021-11-26 04:45:15 +00:00
|
|
|
Static Web Server
|
2021-11-25 04:22:53 +00:00
|
|
|
|
|
|
|
Gamma
|
2021-11-26 05:28:03 +00:00
|
|
|
Internal IP: 10.0.0.153
|
2021-11-26 04:45:15 +00:00
|
|
|
Has an EIP bound however the server is only up when required.
|
|
|
|
|
|
|
|
Sigma
|
2021-11-26 05:28:03 +00:00
|
|
|
Internal IP: 10.0.0.154
|
2021-11-26 04:45:15 +00:00
|
|
|
Reverse Proxy for Alpha and Beta. Doing this means we don't have
|
|
|
|
to assign EIP's for every single one.
|
|
|
|
|
2021-11-27 06:01:52 +00:00
|
|
|
Demeter
|
|
|
|
Special EIP which is used for the NAT which gives internal
|
|
|
|
services internet access.
|
2021-11-25 04:22:53 +00:00
|
|
|
|
|
|
|
Section 5. Image's Used for Hosting
|
|
|
|
===================================
|
|
|
|
|
|
|
|
Primary Image Used
|
2021-11-25 08:14:03 +00:00
|
|
|
AMI - Ubuntu Impish 21.10
|
|
|
|
Rationale - Basically the latest release by cannonical
|
|
|
|
which I'm kinda just trusting they got things right xd
|
2021-11-25 04:22:53 +00:00
|
|
|
|
|
|
|
Firewall setup
|
|
|
|
Most of the firewall setup sits in AWS however they
|
|
|
|
should probably be mirrored on each host in case one
|
|
|
|
of these layers fails for some reason.
|
|
|
|
- TODO: This is going to have be be done via Ansible
|
2021-11-27 06:01:52 +00:00
|
|
|
- NOTE: This might not be necessary however I'm
|
|
|
|
choosing to leave the playbook there for posterity.
|
2021-11-25 04:22:53 +00:00
|
|
|
Instance Types with rationale
|
|
|
|
Alpa - t3.small(Maybe)
|
|
|
|
Slightly heavier because it must run multiple
|
|
|
|
chatbots and clippable but all are extremely
|
|
|
|
lightweight. This might have to be pushed later
|
|
|
|
to medium but for now it's fine.
|
|
|
|
Beta - t3.micro
|
|
|
|
Nginx server
|
|
|
|
Gamma - t3.micro
|
|
|
|
Ansible host
|
2021-11-26 04:45:15 +00:00
|
|
|
Sigma - t3.small
|
|
|
|
Using a small since we only need enough power
|
|
|
|
to supply a load balancer(of sorts). Also some
|
|
|
|
of the workers behind this are kinda large which
|
|
|
|
means we can't scrape by with something tiny
|