Basically all of my infrastructure code for stuff I host
86a0122042
* Updating naming scheme in gateway.tf & route-table.tf Should be more clear what each block is meant for |
||
---|---|---|
infra | ||
playbooks | ||
.gitignore | ||
readme |
Project Athens ============== Preamble ======== The whole project is being streamed at twitch.tv/shockrah in case your interested to see how I build this. Boring design work is done off stream so that the stream itself is filled with 100% coding. Abstract ======== Project Athens is an effort to consolidate my own online presence onto a common platform that is not only easier to maintain but also more managable from an operations pov. Most of the code in this repository has to do with the infrastructure of the project which is used to host services that I host myself. Section 1. Preamble/Abstract ============================ This explanation will take on a bottom up approach because the technical goals/processes are what make up the deliverable value(to myself). Also this project is just for me so fuck off if you don't like it. Section 2. The Hosts/Services ============================= Services to host are listed below with their respective roles: Docker host: - Discord Chat Bots - Lewdlad(Server Management Chat Bot) - Musical Maurice(Music Voice Bot) - My personal clippable instance Static Nginx server: - Personal Website Served under shockrah.xyz - Resume Website Served under resume.shockrah.xyz - Frechat Documentation Served under freechat.shockrah.xyz SSH/Ansible Host This is the dev box that I use to patch things in the VPC. This way we only accept internal SSH connections. Rationale: To reduce surface area to the outside werld Reverse Proxy This server is going to sit between Alpha & Beta as both are going to need need to take HTTP requests from the internet but I don't want to expose them. Section 3. Codenames ==================== Below are the codenames which Terraform code uses in order to Alpha - Docker host Beta - Static Nginx Server Gamma - Dev/Ansible host Sigma - Web App Reverse Proxy Crete - Primary Subnet used to host stuff Demeter - Name of the EIP which the NAT gateway will use Athens - Name of the project (and the VPC) Section 4. Network Layout ========================= Crete Subnet 10.0.0.128/26 Refers to the primary subnet that most services live on. Contains its own internet gateway as services here basically require 24/7 internet access. > High number of web services Alpha Internal IP: 10.0.0.151 Web Docker Host Beta Internal IP: 10.0.0.152 Static Web Server Gamma Internal IP: 10.0.0.153 Has an EIP bound however the server is only up when required. Sigma Internal IP: 10.0.0.154 Reverse Proxy for Alpha and Beta. Doing this means we don't have to assign EIP's for every single one. Demeter Special EIP which is used for the NAT which gives internal services internet access. Section 5. Image's Used for Hosting =================================== Primary Image Used AMI - Ubuntu Impish 21.10 Rationale - Basically the latest release by cannonical which I'm kinda just trusting they got things right xd Firewall setup Most of the firewall setup sits in AWS however they should probably be mirrored on each host in case one of these layers fails for some reason. - TODO: This is going to have be be done via Ansible - NOTE: This might not be necessary however I'm choosing to leave the playbook there for posterity. Instance Types with rationale Alpa - t3.small(Maybe) Slightly heavier because it must run multiple chatbots and clippable but all are extremely lightweight. This might have to be pushed later to medium but for now it's fine. Beta - t3.micro Nginx server Gamma - t3.micro Ansible host Sigma - t3.small Using a small since we only need enough power to supply a load balancer(of sorts). Also some of the workers behind this are kinda large which means we can't scrape by with something tiny