diff --git a/readme b/readme deleted file mode 100644 index f599065..0000000 --- a/readme +++ /dev/null @@ -1,143 +0,0 @@ -Project Athens -============== - -Preamble -======== - -The whole project is being streamed at twitch.tv/shockrah in -case your interested to see how I build this. Boring design work -is done off stream so that the stream itself is filled with 100% -coding. - -Abstract -======== - -Project Athens is an effort to consolidate my own online presence -onto a common platform that is not only easier to maintain -but also more managable from an operations pov. - -Most of the code in this repository has to do with the infrastructure -of the project which is used to host services that I host myself. - - -Section 1. Preamble/Abstract -============================ - -This explanation will take on a bottom up approach because the technical -goals/processes are what make up the deliverable value(to myself). - -Also this project is just for me so fuck off if you don't like it. - - -Section 2. The Hosts/Services -============================= - -Services to host are listed below with their respective roles: - -Docker host: - - Discord Chat Bots - - Lewdlad(Server Management Chat Bot) - - Musical Maurice(Music Voice Bot) - - My personal clippable instance - -Static Nginx server: - - Personal Website - Served under shockrah.xyz - - Resume Website - Served under resume.shockrah.xyz - - Frechat Documentation - Served under freechat.shockrah.xyz - -SSH/Ansible Host - This is the dev box that I use to patch things in the - VPC. This way we only accept internal SSH connections. - Rationale: To reduce surface area to the outside werld - -Reverse Proxy - This server is going to sit between Alpha & Beta as - both are going to need need to take HTTP requests - from the internet but I don't want to expose them. - -Section 3. Codenames -==================== - -Below are the codenames which Terraform code uses in order to - -Alpha - Docker host - -Beta - Static Nginx Server - -Gamma - Dev/Ansible host - -Sigma - Web App Reverse Proxy - -Crete - Primary Subnet used to host stuff - -Demeter - Name of the EIP which the NAT gateway will use - -Athens - Name of the project (and the VPC) - - -Section 4. Network Layout -========================= - - -Crete - Subnet 10.0.0.128/26 - Refers to the primary subnet that most services live on. - Contains its own internet gateway as services here - basically require 24/7 internet access. - > High number of web services - - -Alpha - Internal IP: 10.0.0.151 - Web Docker Host - -Beta - Internal IP: 10.0.0.152 - Static Web Server - -Gamma - Internal IP: 10.0.0.153 - Has an EIP bound however the server is only up when required. - -Sigma - Internal IP: 10.0.0.154 - Reverse Proxy for Alpha and Beta. Doing this means we don't have - to assign EIP's for every single one. - -Demeter - Special EIP which is used for the NAT which gives internal - services internet access. - -Section 5. Image's Used for Hosting -=================================== - -Primary Image Used - AMI - Ubuntu Impish 21.10 - Rationale - Basically the latest release by cannonical - which I'm kinda just trusting they got things right xd - -Firewall setup - Most of the firewall setup sits in AWS however they - should probably be mirrored on each host in case one - of these layers fails for some reason. - - TODO: This is going to have be be done via Ansible - - NOTE: This might not be necessary however I'm - choosing to leave the playbook there for posterity. -Instance Types with rationale - Alpa - t3.small(Maybe) - Slightly heavier because it must run multiple - chatbots and clippable but all are extremely - lightweight. This might have to be pushed later - to medium but for now it's fine. - Beta - t3.micro - Nginx server - Gamma - t3.micro - Ansible host - Sigma - t3.small - Using a small since we only need enough power - to supply a load balancer(of sorts). Also some - of the workers behind this are kinda large which - means we can't scrape by with something tiny diff --git a/readme.md b/readme.md new file mode 100644 index 0000000..afe24ca --- /dev/null +++ b/readme.md @@ -0,0 +1,113 @@ +# Project Athens + +## Preamble + +The development of this project is being stream on my +[Twitch channel](twitch.tv/shockrah). Design work is mostly done off stream +however to keep the coding work for the stream itself. + + +## Section 1. Abstract + +Project Athens is an effort to collate my web based projects onto a more +manageable infrastructure. The goal is to provide some structure that makes +the operations & management easier as previously I had projects on +GCP, AWS, IONOS and others. + +## Section 2. The Hosts/Services + +### Docker Host + +This _internal_ host will serve to host some containerized applications: + +* Lewdlad - [Repo Link](https://gitlab.com/shockrah/left-coast-server-bot) + +This is the Left Coast communities server management bot. It's in charge +of managing _another VPC_ of game servers which currently serves a community +of just over 100 people. This bot sits outside the VPC however because it +uses Lambda based API for control. + +* Musical Maurice - [Link to Muse Discord Bot](https://github.com/codetheweb/muse) + +This is the Left Coast Discord community's music bot. We used to use Groovy +however due to the recent DMCA's we have began to host our own music bot. + +* Personal Clippable Instance - [Repo Link](https://gitlab.com/shockrah/clippable) + +This is my own personal Clippable instance where I try to post fun/interesting +clips. + + +### Static Nginx Server + +This host is serving a few different pages that I use for my own online persona: + +* Blog - [link](https://shockrah.xyz) + +* Portfolio - [link](https://resume.shockrah.xyz) + +* Freechat Reference - [link](https://freechat.shockrah.xyz) + +At some point this link may become stale as the official docs are currently +being constructed and will be hosted under its own domain. + +### Ansible Host/Jump Host + +This is the dev box that I use to patch services running in the VPC. +Typically this server is only up when requested to reduce attack surface. + +### Web Reverse Proxy + +This server sits between the internal _Static Nginx server_ and the internal +_Docker host_. Many of my websites live in a subdomain so this server +diverts traffic to the appropriate internal server. + +## Section 3. Codenames + +_Below are the codenames which are used to references major parts of _Project +Athens_. + +| Codename | Role/Purpose | +|:--------:|:------------:| +| Alpha | Docker Host | +| Beta | Nginx Host | +| Gamma | Jump Box | +| Sigma | Reverse Proxy| +| Crete |Private Subnet| +| Olympus | Public Subnet| +| Demeter | EIP for NAT | +| Athens | Project Name | + + +## Section 4. Network Layout + +### Crete + +Network: `10.0.1.0/24` + +The internal subnet wherein none of the hosts are given public IP address's. + +Mostly web services however there are a few chat bots which connect to the +internet via NAT gateway. + +### Olympus + +Public Subnet wherein all members have an Elastic IP. + +### Demeter + +EIP which is used for the NAT gateway allocated to Olympus. This is used by +members of the Crete subnet for internet access(patching / system updates). + + +### Addressing + +| Name | IP | +|:----:|:--:| +| Alpha| 10.0.1.10 | +| Beta | 10.0.1.11 | +| Gamma | 10.0.2.10 | +| Sigma | 10.0.2.11 | + + +