# Infrastructure Setup

## 1. Terraform

```bash
cd infra
cp terraform.tfvars.example terraform.tfvars  # fill in your values
terraform init
terraform apply
```

## 2. SSH Key

```bash
terraform output -raw ssh_private_key > everytab-key && chmod 600 everytab-key
terraform output ssh_command  # prints the ssh command
```

## 3. Bootstrap EC2

```bash
scp -i everytab-key ec2-userdata.sh ec2-user@<IP>:~
ssh -i everytab-key ec2-user@<IP> 'bash ~/ec2-userdata.sh'
```

## 4. Clone Repo on EC2

```bash
git clone <your-repo-url> ~/everytab
cd ~/everytab
```

## 5. Database Instance (i3.large)

Spin up an i3.large in the same AZ as the compute instance. This provides 475GB local NVMe with 100K+ IOPS for Postgres — eliminates the EBS/RDS IOPS bottleneck.

```bash
# Launch i3.large (same subnet/AZ, same key pair, allow port 5432 from compute SG)
# Then SSH in and run:
bash ~/everytab/infra/db-setup.sh
```

This formats the NVMe, installs Postgres on it with aggressive write settings (`fsync=off`), creates the database, and applies the schema.

On the **compute instance** (c5.2xlarge):

```bash
# Use the private IP printed by db-setup.sh
echo "export DATABASE_URL='postgres://everytab@<i3-private-ip>:5432/everytab'" >> ~/.bashrc
source ~/.bashrc

# Test connectivity
psql $DATABASE_URL -c 'SELECT 1;'
```

Note: the i3's local NVMe is ephemeral — data is lost on stop/terminate. Always `pg_dump` before teardown.

## Pinning the EC2 AMI

The `data.aws_ami` lookup fetches the latest Amazon Linux 2023 AMI. If Amazon publishes a new one between applies, Terraform will want to replace your EC2 instance.

To prevent this, pin the AMI after initial creation:

```bash
# Get the current instance's AMI
aws ec2 describe-instances --filters "Name=tag:Name,Values=everytab" \
  --query "Reservations[0].Instances[0].ImageId" --output text

# Add to terraform.tfvars
echo 'ec2_ami = "ami-XXXXXXXXXXXX"' >> terraform.tfvars
```

Now `terraform apply` won't replace the instance for non-EC2 changes (like adding CloudFront logging).

Remove the `ec2_ami` line from tfvars when you want a fresh instance with the latest AMI (e.g., after teardown).

## Teardown (after backup)

```bash
# Back up the database first
pg_dump -U everytab -Fc everytab > ~/everytab_dump.pgfc

# Back up icons
rsync -avP ~/icons/ homelab:/backups/everytab/icons/
```

Switch to serving-only mode (destroys EC2, icons bucket):

```bash
terraform apply -var="scanning=false"
```

Full destroy (including the live site):

```bash
terraform destroy
```