124 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			124 lines
		
	
	
		
			3.2 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| Project Athens
 | |
| ==============
 | |
| 
 | |
| Project Athens is an effort to consolidate my own online presence
 | |
| onto a common platform that is not only easier to maintain
 | |
| but also more managable from an operations pov.
 | |
| 
 | |
| Most of the code in this repository has to do with the infrastructure
 | |
| of the project which is used to host services that I host myself.
 | |
| 
 | |
| 
 | |
| Section 1. Preamble/Abstract
 | |
| ============================
 | |
| 
 | |
| This explanation will take on a bottom up approach because the technical
 | |
| goals/processes are what make up the deliverable value(to myself).
 | |
| 
 | |
| Also this project is just for me so fuck off if you don't like it.
 | |
| 
 | |
| 
 | |
| Section 2. The Hosts/Services
 | |
| =============================
 | |
| 
 | |
| Services to host are listed below with their respective roles:
 | |
| 
 | |
| Docker host:
 | |
| 	- Discord Chat Bots
 | |
| 		- Lewdlad(Server Management Chat Bot)
 | |
| 		- Musical Maurice(Music Voice Bot)
 | |
| 	- My personal clippable instance
 | |
| 
 | |
| Static Nginx server:
 | |
| 	- Personal Website
 | |
| 		Served under shockrah.xyz
 | |
| 	- Resume Website
 | |
| 		Served under resume.shockrah.xyz
 | |
| 	- Frechat Documentation
 | |
| 		Served under freechat.shockrah.xyz
 | |
| 
 | |
| SSH/Ansible Host
 | |
| 	This is the dev box that I use to patch things in the
 | |
| 	VPC. This way we only accept internal SSH connections.
 | |
| 	Rationale: To reduce surface area to the outside werld
 | |
| 
 | |
| Reverse Proxy
 | |
| 	This server is going to sit between Alpha & Beta as
 | |
| 	both are going to need need to take HTTP requests
 | |
| 	from the internet but I don't want to expose them.
 | |
| 
 | |
| Section 3. Codenames
 | |
| ====================
 | |
| 
 | |
| Below are the codenames which Terraform code uses in order to 
 | |
| 
 | |
| Alpha - Docker host
 | |
| 
 | |
| Beta - Static Nginx Server
 | |
| 
 | |
| Gamma - Dev/Ansible host
 | |
| 
 | |
| Sigma - Web App Reverse Proxy
 | |
| 
 | |
| Crete - Primary Subnet used to host stuff
 | |
| 
 | |
| Section 4. Network Layout
 | |
| =========================
 | |
| 
 | |
| 
 | |
| Crete
 | |
| 	Subnet 10.0.0.128/26
 | |
| 	Refers to the primary subnet that most services live on.
 | |
| 	Contains its own internet gateway as services here
 | |
| 	basically require 24/7 internet access.
 | |
| 		> High number of web services
 | |
| 
 | |
| 
 | |
| Alpha
 | |
| 	Internal IP: 10.0.0.151
 | |
| 	Web Docker Host
 | |
| 
 | |
| Beta
 | |
| 	Internal IP: 10.0.0.152
 | |
| 	Static Web Server
 | |
| 
 | |
| Gamma
 | |
| 	Internal IP: 10.0.0.153
 | |
| 	Has an EIP bound however the server is only up when required.
 | |
| 
 | |
| Sigma
 | |
| 	Internal IP: 10.0.0.154
 | |
| 	Reverse Proxy for Alpha and Beta. Doing this means we don't have
 | |
| 	to assign EIP's for every single one.
 | |
| 
 | |
| 
 | |
| Section 5. Image's Used for Hosting
 | |
| ===================================
 | |
| 
 | |
| Primary Image Used
 | |
| 	AMI - Ubuntu Impish 21.10
 | |
| 	Rationale - Basically the latest release by cannonical
 | |
| 	which I'm kinda just trusting they got things right xd
 | |
| 
 | |
| Firewall setup
 | |
| 	Most of the firewall setup sits in AWS however they
 | |
| 	should probably be mirrored on each host in case one
 | |
| 	of these layers fails for some reason.
 | |
| 		- TODO: This is going to have be be done via Ansible
 | |
| 
 | |
| Instance Types with rationale
 | |
| 	Alpa - t3.small(Maybe)
 | |
| 		Slightly heavier because it must run multiple
 | |
| 		chatbots and clippable but all are extremely
 | |
| 		lightweight. This might have to be pushed later
 | |
| 		to medium but for now it's fine.
 | |
| 	Beta - t3.micro
 | |
| 		Nginx server
 | |
| 	Gamma - t3.micro
 | |
| 		Ansible host
 | |
| 	Sigma - t3.small
 | |
| 		Using a small since we only need enough power
 | |
| 		to supply a load balancer(of sorts). Also some
 | |
| 		of the workers behind this are kinda large which
 | |
| 		means we can't scrape by with something tiny
 | 
