111 lines
		
	
	
		
			2.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			111 lines
		
	
	
		
			2.9 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| Project Athens
 | |
| ==============
 | |
| 
 | |
| Project Athens is an effort to consolidate my own online presence
 | |
| onto a common platform that is not only easier to maintain
 | |
| but also more managable from an operations pov.
 | |
| 
 | |
| Most of the code in this repository has to do with the infrastructure
 | |
| of the project which is used to host services that I host myself.
 | |
| 
 | |
| 
 | |
| Section 1. Preamble/Abstract
 | |
| ============================
 | |
| 
 | |
| This explanation will take on a bottom up approach because the technical
 | |
| goals/processes are what make up the deliverable value(to myself).
 | |
| 
 | |
| Also this project is just for me so fuck off if you don't like it.
 | |
| 
 | |
| 
 | |
| Section 2. The Hosts/Services
 | |
| =============================
 | |
| 
 | |
| Services to host are listed below with their respective roles:
 | |
| 
 | |
| Docker host:
 | |
| 	- Discord Chat Bots
 | |
| 		- Lewdlad(Server Management Chat Bot)
 | |
| 		- Musical Maurice(Music Voice Bot)
 | |
| 	- My personal clippable instance
 | |
| 
 | |
| Static Nginx server:
 | |
| 	- Personal Website
 | |
| 		Served under shockrah.xyz
 | |
| 	- Resume Website
 | |
| 		Served under resume.shockrah.xyz
 | |
| 	- Frechat Documentation
 | |
| 		Served under freechat.shockrah.xyz
 | |
| 
 | |
| SSH/Ansible Host
 | |
| 	This is the dev box that I use to patch things in the
 | |
| 	VPC. This way we only accept internal SSH connections.
 | |
| 	Rationale: To reduce surface area to the outside werld
 | |
| 
 | |
| Section 3. Codenames
 | |
| ====================
 | |
| 
 | |
| Below are the codenames which Terraform code uses in order to 
 | |
| 
 | |
| Alpha - Docker host
 | |
| 
 | |
| Beta - Static Nginx Server
 | |
| 
 | |
| Gamma - Dev/Ansible host
 | |
| 
 | |
| Crete - Primary Subnet used to host stuff
 | |
| 
 | |
| Olympus - [not sure where this fits but doc'd for future]
 | |
| 	(Potential) Secondary subnet used to host (bigger) projects
 | |
| 
 | |
| Section 4. Network Layout
 | |
| =========================
 | |
| 
 | |
| 
 | |
| Crete
 | |
| 	Refers to the primary subnet that most services live on.
 | |
| 
 | |
| Subnet 10.0.0.128/25
 | |
| 
 | |
| Alpha
 | |
| 	Public IP: not required
 | |
| 	Internal IP: 10.0.1.1
 | |
| 
 | |
| Beta
 | |
| 	Public IP: required for public websites
 | |
| 
 | |
| Gamma
 | |
| 	Ephemeral: only up when absolutely required
 | |
| 	Will request Elastic IP when it needs one
 | |
| 	however it will release the IP when not
 | |
| 	required to reduce overall cost of running this system
 | |
| 
 | |
| Section 5. Image's Used for Hosting
 | |
| ===================================
 | |
| 
 | |
| Primary Image Used
 | |
| 	AMI - Ubuntu 20.04
 | |
| 	Rationale - It's the current LTS release so sec patches
 | |
| 	will come in regularly and has good operability with
 | |
| 	most of the tools I plan on using anyway. Most services
 | |
| 	which are getting containerized rely on Alpine so
 | |
| 	as long as Docker is properly updated maintaining
 | |
| 	posture on this shouldn't be too bad.
 | |
| 
 | |
| Firewall setup
 | |
| 	Most of the firewall setup sits in AWS however they
 | |
| 	should probably be mirrored on each host in case one
 | |
| 	of these layers fails for some reason.
 | |
| 		- TODO: This is going to have be be done via Ansible
 | |
| 
 | |
| Instance Types with rationale
 | |
| 	Alpa - t3.small(Maybe)
 | |
| 		Slightly heavier because it must run multiple
 | |
| 		chatbots and clippable but all are extremely
 | |
| 		lightweight. This might have to be pushed later
 | |
| 		to medium but for now it's fine.
 | |
| 	Beta - t3.micro
 | |
| 		Nginx server
 | |
| 	Gamma - t3.micro
 | |
| 		Ansible host
 | 
