Basically all of my infrastructure code for stuff I host
8b1d576bfb
With this patch members of the Crete subnet will be able to properly access the outside world which is required for these services to function as intended. |
||
|---|---|---|
| infra | ||
| .gitignore | ||
| readme | ||
Project Athens ============== Project Athens is an effort to consolidate my own online presence onto a common platform that is not only easier to maintain but also more managable from an operations pov. Most of the code in this repository has to do with the infrastructure of the project which is used to host services that I host myself. Section 1. Preamble/Abstract ============================ This explanation will take on a bottom up approach because the technical goals/processes are what make up the deliverable value(to myself). Also this project is just for me so fuck off if you don't like it. Section 2. The Hosts/Services ============================= Services to host are listed below with their respective roles: Docker host: - Discord Chat Bots - Lewdlad(Server Management Chat Bot) - Musical Maurice(Music Voice Bot) - My personal clippable instance Static Nginx server: - Personal Website Served under shockrah.xyz - Resume Website Served under resume.shockrah.xyz - Frechat Documentation Served under freechat.shockrah.xyz SSH/Ansible Host This is the dev box that I use to patch things in the VPC. This way we only accept internal SSH connections. Rationale: To reduce surface area to the outside werld Section 3. Codenames ==================== Below are the codenames which Terraform code uses in order to Alpha - Docker host Beta - Static Nginx Server Gamma - Dev/Ansible host Crete - Primary Subnet used to host stuff Olympus - [not sure where this fits but doc'd for future] (Potential) Secondary subnet used to host (bigger) projects Section 4. Network Layout ========================= Crete Refers to the primary subnet that most services live on. Subnet 10.0.0.128/25 Alpha Public IP: not required Internal IP: 10.0.1.1 Beta Public IP: required for public websites Gamma Ephemeral: only up when absolutely required Will request Elastic IP when it needs one however it will release the IP when not required to reduce overall cost of running this system Section 5. Image's Used for Hosting =================================== Primary Image Used AMI - Ubuntu 20.04 Rationale - It's the current LTS release so sec patches will come in regularly and has good operability with most of the tools I plan on using anyway. Most services which are getting containerized rely on Alpine so as long as Docker is properly updated maintaining posture on this shouldn't be too bad. Firewall setup Most of the firewall setup sits in AWS however they should probably be mirrored on each host in case one of these layers fails for some reason. - TODO: This is going to have be be done via Ansible Instance Types with rationale Alpa - t3.small(Maybe) Slightly heavier because it must run multiple chatbots and clippable but all are extremely lightweight. This might have to be pushed later to medium but for now it's fine. Beta - t3.micro Nginx server Gamma - t3.micro Ansible host