97 lines
2.5 KiB
Markdown
97 lines
2.5 KiB
Markdown
# Infrastructure Setup
|
|
|
|
## 1. Terraform
|
|
|
|
```bash
|
|
cd infra
|
|
cp terraform.tfvars.example terraform.tfvars # fill in your values
|
|
terraform init
|
|
terraform apply
|
|
```
|
|
|
|
## 2. SSH Key
|
|
|
|
```bash
|
|
terraform output -raw ssh_private_key > everytab-key && chmod 600 everytab-key
|
|
terraform output ssh_command # prints the ssh command
|
|
```
|
|
|
|
## 3. Bootstrap EC2
|
|
|
|
```bash
|
|
scp -i everytab-key ec2-userdata.sh ec2-user@<IP>:~
|
|
ssh -i everytab-key ec2-user@<IP> 'bash ~/ec2-userdata.sh'
|
|
```
|
|
|
|
## 4. Clone Repo on EC2
|
|
|
|
```bash
|
|
git clone <your-repo-url> ~/everytab
|
|
cd ~/everytab
|
|
```
|
|
|
|
## 5. Database Instance (i3.large)
|
|
|
|
Spin up an i3.large in the same AZ as the compute instance. This provides 475GB local NVMe with 100K+ IOPS for Postgres — eliminates the EBS/RDS IOPS bottleneck.
|
|
|
|
```bash
|
|
# Launch i3.large (same subnet/AZ, same key pair, allow port 5432 from compute SG)
|
|
# Then SSH in and run:
|
|
bash ~/everytab/infra/db-setup.sh
|
|
```
|
|
|
|
This formats the NVMe, installs Postgres on it with aggressive write settings (`fsync=off`), creates the database, and applies the schema.
|
|
|
|
On the **compute instance** (c5.2xlarge):
|
|
|
|
```bash
|
|
# Use the private IP printed by db-setup.sh
|
|
echo "export DATABASE_URL='postgres://everytab@<i3-private-ip>:5432/everytab'" >> ~/.bashrc
|
|
source ~/.bashrc
|
|
|
|
# Test connectivity
|
|
psql $DATABASE_URL -c 'SELECT 1;'
|
|
```
|
|
|
|
Note: the i3's local NVMe is ephemeral — data is lost on stop/terminate. Always `pg_dump` before teardown.
|
|
|
|
## Pinning the EC2 AMI
|
|
|
|
The `data.aws_ami` lookup fetches the latest Amazon Linux 2023 AMI. If Amazon publishes a new one between applies, Terraform will want to replace your EC2 instance.
|
|
|
|
To prevent this, pin the AMI after initial creation:
|
|
|
|
```bash
|
|
# Get the current instance's AMI
|
|
aws ec2 describe-instances --filters "Name=tag:Name,Values=everytab" \
|
|
--query "Reservations[0].Instances[0].ImageId" --output text
|
|
|
|
# Add to terraform.tfvars
|
|
echo 'ec2_ami = "ami-XXXXXXXXXXXX"' >> terraform.tfvars
|
|
```
|
|
|
|
Now `terraform apply` won't replace the instance for non-EC2 changes (like adding CloudFront logging).
|
|
|
|
Remove the `ec2_ami` line from tfvars when you want a fresh instance with the latest AMI (e.g., after teardown).
|
|
|
|
## Teardown (after backup)
|
|
|
|
```bash
|
|
# Back up the database first
|
|
pg_dump -U everytab -Fc everytab > ~/everytab_dump.pgfc
|
|
|
|
# Back up icons
|
|
rsync -avP ~/icons/ homelab:/backups/everytab/icons/
|
|
```
|
|
|
|
Switch to serving-only mode (destroys EC2, icons bucket):
|
|
|
|
```bash
|
|
terraform apply -var="scanning=false"
|
|
```
|
|
|
|
Full destroy (including the live site):
|
|
|
|
```bash
|
|
terraform destroy
|
|
```
|