commit 96d08fa4ab83fba97d671cfebc3146fa7b0d25b0 Author: shockrah Date: Wed Nov 24 20:22:53 2021 -0800 ! Setting up baseline for project Athens Initial terraform code will be found in subsequent patches diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..248b460 --- /dev/null +++ b/.gitignore @@ -0,0 +1,4 @@ +msg +*.swp +infra/.terraform +infra/.terraform.lock.hcl diff --git a/readme b/readme new file mode 100644 index 0000000..0c93edb --- /dev/null +++ b/readme @@ -0,0 +1,110 @@ +Project Athens +============== + +Project Athens is an effort to consolidate my own online presence +onto a common platform that is not only easier to maintain +but also more managable from an operations pov. + +Most of the code in this repository has to do with the infrastructure +of the project which is used to host services that I host myself. + + +Section 1. Preamble/Abstract +============================ + +This explanation will take on a bottom up approach because the technical +goals/processes are what make up the deliverable value(to myself). + +Also this project is just for me so fuck off if you don't like it. + + +Section 2. The Hosts/Services +============================= + +Services to host are listed below with their respective roles: + +Docker host: + - Discord Chat Bots + - Lewdlad(Server Management Chat Bot) + - Musical Maurice(Music Voice Bot) + - My personal clippable instance + +Static Nginx server: + - Personal Website + Served under shockrah.xyz + - Resume Website + Served under resume.shockrah.xyz + - Frechat Documentation + Served under freechat.shockrah.xyz + +SSH/Ansible Host + This is the dev box that I use to patch things in the + VPC. This way we only accept internal SSH connections. + Rationale: To reduce surface area to the outside werld + +Section 3. Codenames +==================== + +Below are the codenames which Terraform code uses in order to + +Alpha - Docker host + +Beta - Static Nginx Server + +Gamma - Dev/Ansible host + +Crete - Primary Subnet used to host stuff + +Olympus - [not sure where this fits but doc'd for future] + (Potential) Secondary subnet used to host (bigger) projects + +Section 4. Network Layout +========================= + + +Crete + Refers to the primary subnet that most services live on. + +Subnet 10.0.0.128/25 + +Alpha + Public IP: not required + Internal IP: 10.0.1.1 + +Beta + Public IP: required for public websites + +Gamma + Ephemeral: only up when absolutely required + Will request Elastic IP when it needs one + however it will release the IP when not + required to reduce overall cost of running this system + +Section 5. Image's Used for Hosting +=================================== + +Primary Image Used + AMI - Ubuntu 20.04 + Rationale - It's the current LTS release so sec patches + will come in regularly and has good operability with + most of the tools I plan on using anyway. Most services + which are getting containerized rely on Alpine so + as long as Docker is properly updated maintaining + posture on this shouldn't be too bad. + +Firewall setup + Most of the firewall setup sits in AWS however they + should probably be mirrored on each host in case one + of these layers fails for some reason. + - TODO: This is going to have be be done via Ansible + +Instance Types with rationale + Alpa - t3.small(Maybe) + Slightly heavier because it must run multiple + chatbots and clippable but all are extremely + lightweight. This might have to be pushed later + to medium but for now it's fine. + Beta - t3.micro + Nginx server + Gamma - t3.micro + Ansible host