Basically all of my infrastructure code for stuff I host
82d039369c
This will be the web host reverse proxy (for alpha & beta) !+ More sec groups for port 80 for apt's request fallback Only because Apt blows * Renaming sec-group::basic_web_sec -> sec-group::general_web_req Should be clearer w/ this rename |
||
---|---|---|
infra | ||
playbooks | ||
.gitignore | ||
readme |
Project Athens ============== Project Athens is an effort to consolidate my own online presence onto a common platform that is not only easier to maintain but also more managable from an operations pov. Most of the code in this repository has to do with the infrastructure of the project which is used to host services that I host myself. Section 1. Preamble/Abstract ============================ This explanation will take on a bottom up approach because the technical goals/processes are what make up the deliverable value(to myself). Also this project is just for me so fuck off if you don't like it. Section 2. The Hosts/Services ============================= Services to host are listed below with their respective roles: Docker host: - Discord Chat Bots - Lewdlad(Server Management Chat Bot) - Musical Maurice(Music Voice Bot) - My personal clippable instance Static Nginx server: - Personal Website Served under shockrah.xyz - Resume Website Served under resume.shockrah.xyz - Frechat Documentation Served under freechat.shockrah.xyz SSH/Ansible Host This is the dev box that I use to patch things in the VPC. This way we only accept internal SSH connections. Rationale: To reduce surface area to the outside werld Section 3. Codenames ==================== Below are the codenames which Terraform code uses in order to Alpha - Docker host Beta - Static Nginx Server Gamma - Dev/Ansible host Crete - Primary Subnet used to host stuff Section 4. Network Layout ========================= Crete Refers to the primary subnet that most services live on. Contains its own internet gateway as services here basically require 24/7 internet access. > High number of web services Subnet 10.0.0.128/25 Alpha Public IP: not required Internal IP: 10.0.1.1 Beta Public IP: required for public websites Gamma Ephemeral: only up when absolutely required Will request Elastic IP when it needs one however it will release the IP when not required to reduce overall cost of running this system Section 5. Image's Used for Hosting =================================== Primary Image Used AMI - Ubuntu Impish 21.10 Rationale - Basically the latest release by cannonical which I'm kinda just trusting they got things right xd Firewall setup Most of the firewall setup sits in AWS however they should probably be mirrored on each host in case one of these layers fails for some reason. - TODO: This is going to have be be done via Ansible Instance Types with rationale Alpa - t3.small(Maybe) Slightly heavier because it must run multiple chatbots and clippable but all are extremely lightweight. This might have to be pushed later to medium but for now it's fine. Beta - t3.micro Nginx server Gamma - t3.micro Ansible host