joe/everytab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
everytab/infra/README.md

2.5 KiB
Raw Blame History

Infrastructure Setup

1. Terraform

cd infra
cp terraform.tfvars.example terraform.tfvars  # fill in your values
terraform init
terraform apply

2. SSH Key

terraform output -raw ssh_private_key > everytab-key && chmod 600 everytab-key
terraform output ssh_command  # prints the ssh command

3. Bootstrap EC2

scp -i everytab-key ec2-userdata.sh ec2-user@<IP>:~
ssh -i everytab-key ec2-user@<IP> 'bash ~/ec2-userdata.sh'

4. Clone Repo on EC2

git clone <your-repo-url> ~/everytab
cd ~/everytab

5. Database Instance (i3.large)

Spin up an i3.large in the same AZ as the compute instance. This provides 475GB local NVMe with 100K+ IOPS for Postgres — eliminates the EBS/RDS IOPS bottleneck.

# Launch i3.large (same subnet/AZ, same key pair, allow port 5432 from compute SG)
# Then SSH in and run:
bash ~/everytab/infra/db-setup.sh

This formats the NVMe, installs Postgres on it with aggressive write settings (fsync=off), creates the database, and applies the schema.

On the compute instance (c5.2xlarge):

# Use the private IP printed by db-setup.sh
echo "export DATABASE_URL='postgres://everytab@<i3-private-ip>:5432/everytab'" >> ~/.bashrc
source ~/.bashrc

# Test connectivity
psql $DATABASE_URL -c 'SELECT 1;'

Note: the i3's local NVMe is ephemeral — data is lost on stop/terminate. Always pg_dump before teardown.

Pinning the EC2 AMI

The data.aws_ami lookup fetches the latest Amazon Linux 2023 AMI. If Amazon publishes a new one between applies, Terraform will want to replace your EC2 instance.

To prevent this, pin the AMI after initial creation:

# Get the current instance's AMI
aws ec2 describe-instances --filters "Name=tag:Name,Values=everytab" \
  --query "Reservations[0].Instances[0].ImageId" --output text

# Add to terraform.tfvars
echo 'ec2_ami = "ami-XXXXXXXXXXXX"' >> terraform.tfvars

Now terraform apply won't replace the instance for non-EC2 changes (like adding CloudFront logging).

Remove the ec2_ami line from tfvars when you want a fresh instance with the latest AMI (e.g., after teardown).

Teardown (after backup)

# Back up the database first
pg_dump -U everytab -Fc everytab > ~/everytab_dump.pgfc

# Back up icons
rsync -avP ~/icons/ homelab:/backups/everytab/icons/

Switch to serving-only mode (destroys EC2, icons bucket):

terraform apply -var="scanning=false"

Full destroy (including the live site):

terraform destroy