! New readme which is more presentable
This commit is contained in:
parent
93db017030
commit
29a753f192
143
readme
143
readme
@ -1,143 +0,0 @@
|
|||||||
Project Athens
|
|
||||||
==============
|
|
||||||
|
|
||||||
Preamble
|
|
||||||
========
|
|
||||||
|
|
||||||
The whole project is being streamed at twitch.tv/shockrah in
|
|
||||||
case your interested to see how I build this. Boring design work
|
|
||||||
is done off stream so that the stream itself is filled with 100%
|
|
||||||
coding.
|
|
||||||
|
|
||||||
Abstract
|
|
||||||
========
|
|
||||||
|
|
||||||
Project Athens is an effort to consolidate my own online presence
|
|
||||||
onto a common platform that is not only easier to maintain
|
|
||||||
but also more managable from an operations pov.
|
|
||||||
|
|
||||||
Most of the code in this repository has to do with the infrastructure
|
|
||||||
of the project which is used to host services that I host myself.
|
|
||||||
|
|
||||||
|
|
||||||
Section 1. Preamble/Abstract
|
|
||||||
============================
|
|
||||||
|
|
||||||
This explanation will take on a bottom up approach because the technical
|
|
||||||
goals/processes are what make up the deliverable value(to myself).
|
|
||||||
|
|
||||||
Also this project is just for me so fuck off if you don't like it.
|
|
||||||
|
|
||||||
|
|
||||||
Section 2. The Hosts/Services
|
|
||||||
=============================
|
|
||||||
|
|
||||||
Services to host are listed below with their respective roles:
|
|
||||||
|
|
||||||
Docker host:
|
|
||||||
- Discord Chat Bots
|
|
||||||
- Lewdlad(Server Management Chat Bot)
|
|
||||||
- Musical Maurice(Music Voice Bot)
|
|
||||||
- My personal clippable instance
|
|
||||||
|
|
||||||
Static Nginx server:
|
|
||||||
- Personal Website
|
|
||||||
Served under shockrah.xyz
|
|
||||||
- Resume Website
|
|
||||||
Served under resume.shockrah.xyz
|
|
||||||
- Frechat Documentation
|
|
||||||
Served under freechat.shockrah.xyz
|
|
||||||
|
|
||||||
SSH/Ansible Host
|
|
||||||
This is the dev box that I use to patch things in the
|
|
||||||
VPC. This way we only accept internal SSH connections.
|
|
||||||
Rationale: To reduce surface area to the outside werld
|
|
||||||
|
|
||||||
Reverse Proxy
|
|
||||||
This server is going to sit between Alpha & Beta as
|
|
||||||
both are going to need need to take HTTP requests
|
|
||||||
from the internet but I don't want to expose them.
|
|
||||||
|
|
||||||
Section 3. Codenames
|
|
||||||
====================
|
|
||||||
|
|
||||||
Below are the codenames which Terraform code uses in order to
|
|
||||||
|
|
||||||
Alpha - Docker host
|
|
||||||
|
|
||||||
Beta - Static Nginx Server
|
|
||||||
|
|
||||||
Gamma - Dev/Ansible host
|
|
||||||
|
|
||||||
Sigma - Web App Reverse Proxy
|
|
||||||
|
|
||||||
Crete - Primary Subnet used to host stuff
|
|
||||||
|
|
||||||
Demeter - Name of the EIP which the NAT gateway will use
|
|
||||||
|
|
||||||
Athens - Name of the project (and the VPC)
|
|
||||||
|
|
||||||
|
|
||||||
Section 4. Network Layout
|
|
||||||
=========================
|
|
||||||
|
|
||||||
|
|
||||||
Crete
|
|
||||||
Subnet 10.0.0.128/26
|
|
||||||
Refers to the primary subnet that most services live on.
|
|
||||||
Contains its own internet gateway as services here
|
|
||||||
basically require 24/7 internet access.
|
|
||||||
> High number of web services
|
|
||||||
|
|
||||||
|
|
||||||
Alpha
|
|
||||||
Internal IP: 10.0.0.151
|
|
||||||
Web Docker Host
|
|
||||||
|
|
||||||
Beta
|
|
||||||
Internal IP: 10.0.0.152
|
|
||||||
Static Web Server
|
|
||||||
|
|
||||||
Gamma
|
|
||||||
Internal IP: 10.0.0.153
|
|
||||||
Has an EIP bound however the server is only up when required.
|
|
||||||
|
|
||||||
Sigma
|
|
||||||
Internal IP: 10.0.0.154
|
|
||||||
Reverse Proxy for Alpha and Beta. Doing this means we don't have
|
|
||||||
to assign EIP's for every single one.
|
|
||||||
|
|
||||||
Demeter
|
|
||||||
Special EIP which is used for the NAT which gives internal
|
|
||||||
services internet access.
|
|
||||||
|
|
||||||
Section 5. Image's Used for Hosting
|
|
||||||
===================================
|
|
||||||
|
|
||||||
Primary Image Used
|
|
||||||
AMI - Ubuntu Impish 21.10
|
|
||||||
Rationale - Basically the latest release by cannonical
|
|
||||||
which I'm kinda just trusting they got things right xd
|
|
||||||
|
|
||||||
Firewall setup
|
|
||||||
Most of the firewall setup sits in AWS however they
|
|
||||||
should probably be mirrored on each host in case one
|
|
||||||
of these layers fails for some reason.
|
|
||||||
- TODO: This is going to have be be done via Ansible
|
|
||||||
- NOTE: This might not be necessary however I'm
|
|
||||||
choosing to leave the playbook there for posterity.
|
|
||||||
Instance Types with rationale
|
|
||||||
Alpa - t3.small(Maybe)
|
|
||||||
Slightly heavier because it must run multiple
|
|
||||||
chatbots and clippable but all are extremely
|
|
||||||
lightweight. This might have to be pushed later
|
|
||||||
to medium but for now it's fine.
|
|
||||||
Beta - t3.micro
|
|
||||||
Nginx server
|
|
||||||
Gamma - t3.micro
|
|
||||||
Ansible host
|
|
||||||
Sigma - t3.small
|
|
||||||
Using a small since we only need enough power
|
|
||||||
to supply a load balancer(of sorts). Also some
|
|
||||||
of the workers behind this are kinda large which
|
|
||||||
means we can't scrape by with something tiny
|
|
113
readme.md
Normal file
113
readme.md
Normal file
@ -0,0 +1,113 @@
|
|||||||
|
# Project Athens
|
||||||
|
|
||||||
|
## Preamble
|
||||||
|
|
||||||
|
The development of this project is being stream on my
|
||||||
|
[Twitch channel](twitch.tv/shockrah). Design work is mostly done off stream
|
||||||
|
however to keep the coding work for the stream itself.
|
||||||
|
|
||||||
|
|
||||||
|
## Section 1. Abstract
|
||||||
|
|
||||||
|
Project Athens is an effort to collate my web based projects onto a more
|
||||||
|
manageable infrastructure. The goal is to provide some structure that makes
|
||||||
|
the operations & management easier as previously I had projects on
|
||||||
|
GCP, AWS, IONOS and others.
|
||||||
|
|
||||||
|
## Section 2. The Hosts/Services
|
||||||
|
|
||||||
|
### Docker Host
|
||||||
|
|
||||||
|
This _internal_ host will serve to host some containerized applications:
|
||||||
|
|
||||||
|
* Lewdlad - [Repo Link](https://gitlab.com/shockrah/left-coast-server-bot)
|
||||||
|
|
||||||
|
This is the Left Coast communities server management bot. It's in charge
|
||||||
|
of managing _another VPC_ of game servers which currently serves a community
|
||||||
|
of just over 100 people. This bot sits outside the VPC however because it
|
||||||
|
uses Lambda based API for control.
|
||||||
|
|
||||||
|
* Musical Maurice - [Link to Muse Discord Bot](https://github.com/codetheweb/muse)
|
||||||
|
|
||||||
|
This is the Left Coast Discord community's music bot. We used to use Groovy
|
||||||
|
however due to the recent DMCA's we have began to host our own music bot.
|
||||||
|
|
||||||
|
* Personal Clippable Instance - [Repo Link](https://gitlab.com/shockrah/clippable)
|
||||||
|
|
||||||
|
This is my own personal Clippable instance where I try to post fun/interesting
|
||||||
|
clips.
|
||||||
|
|
||||||
|
|
||||||
|
### Static Nginx Server
|
||||||
|
|
||||||
|
This host is serving a few different pages that I use for my own online persona:
|
||||||
|
|
||||||
|
* Blog - [link](https://shockrah.xyz)
|
||||||
|
|
||||||
|
* Portfolio - [link](https://resume.shockrah.xyz)
|
||||||
|
|
||||||
|
* Freechat Reference - [link](https://freechat.shockrah.xyz)
|
||||||
|
|
||||||
|
At some point this link may become stale as the official docs are currently
|
||||||
|
being constructed and will be hosted under its own domain.
|
||||||
|
|
||||||
|
### Ansible Host/Jump Host
|
||||||
|
|
||||||
|
This is the dev box that I use to patch services running in the VPC.
|
||||||
|
Typically this server is only up when requested to reduce attack surface.
|
||||||
|
|
||||||
|
### Web Reverse Proxy
|
||||||
|
|
||||||
|
This server sits between the internal _Static Nginx server_ and the internal
|
||||||
|
_Docker host_. Many of my websites live in a subdomain so this server
|
||||||
|
diverts traffic to the appropriate internal server.
|
||||||
|
|
||||||
|
## Section 3. Codenames
|
||||||
|
|
||||||
|
_Below are the codenames which are used to references major parts of _Project
|
||||||
|
Athens_.
|
||||||
|
|
||||||
|
| Codename | Role/Purpose |
|
||||||
|
|:--------:|:------------:|
|
||||||
|
| Alpha | Docker Host |
|
||||||
|
| Beta | Nginx Host |
|
||||||
|
| Gamma | Jump Box |
|
||||||
|
| Sigma | Reverse Proxy|
|
||||||
|
| Crete |Private Subnet|
|
||||||
|
| Olympus | Public Subnet|
|
||||||
|
| Demeter | EIP for NAT |
|
||||||
|
| Athens | Project Name |
|
||||||
|
|
||||||
|
|
||||||
|
## Section 4. Network Layout
|
||||||
|
|
||||||
|
### Crete
|
||||||
|
|
||||||
|
Network: `10.0.1.0/24`
|
||||||
|
|
||||||
|
The internal subnet wherein none of the hosts are given public IP address's.
|
||||||
|
|
||||||
|
Mostly web services however there are a few chat bots which connect to the
|
||||||
|
internet via NAT gateway.
|
||||||
|
|
||||||
|
### Olympus
|
||||||
|
|
||||||
|
Public Subnet wherein all members have an Elastic IP.
|
||||||
|
|
||||||
|
### Demeter
|
||||||
|
|
||||||
|
EIP which is used for the NAT gateway allocated to Olympus. This is used by
|
||||||
|
members of the Crete subnet for internet access(patching / system updates).
|
||||||
|
|
||||||
|
|
||||||
|
### Addressing
|
||||||
|
|
||||||
|
| Name | IP |
|
||||||
|
|:----:|:--:|
|
||||||
|
| Alpha| 10.0.1.10 |
|
||||||
|
| Beta | 10.0.1.11 |
|
||||||
|
| Gamma | 10.0.2.10 |
|
||||||
|
| Sigma | 10.0.2.11 |
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user