|
|
|
|
@ -35,6 +35,9 @@ multi-instance, multi-user webapp that invokes the "base" as
|
|
|
|
|
needed. The "base" can be run separately from the webapp. The webapp
|
|
|
|
|
automatically generates the configs the "base" needs to run.
|
|
|
|
|
|
|
|
|
|
The Makefile at the root of this source tree is the point of interface
|
|
|
|
|
for everything and all commands are run via make.
|
|
|
|
|
|
|
|
|
|
** "Base" Terraform Layer
|
|
|
|
|
|
|
|
|
|
The project is designed so that if you want to just manage a single
|
|
|
|
|
@ -44,6 +47,43 @@ but also so that when developing the Terraform and Docker Compose
|
|
|
|
|
setup it can be done and tested without needing to deal with the web
|
|
|
|
|
app as well.
|
|
|
|
|
|
|
|
|
|
The "base" layer is made up of the following: Flatcar Linux, Docker
|
|
|
|
|
Compose, Terraform, and a Makefile with a set of BASH scripts.
|
|
|
|
|
|
|
|
|
|
*** Flatcar Linux
|
|
|
|
|
|
|
|
|
|
The deployed instance runs on Flatcar Linux. Flatcar is a "read only"
|
|
|
|
|
Linux distribution designed to only run containers and nothing
|
|
|
|
|
else. Flatcar is used because it provides a high-level of security and
|
|
|
|
|
the OS itself auto-updates on a two-week schedule. Also, being "read
|
|
|
|
|
only" it is much more difficult for an external attacker to attack and
|
|
|
|
|
much harder for a user that does not know what they are doing to "mess
|
|
|
|
|
up".
|
|
|
|
|
|
|
|
|
|
*** Docker Compose
|
|
|
|
|
|
|
|
|
|
Each individual supported web app (like NextCloud, Ghost, etc) runs
|
|
|
|
|
via Docker and is configured via Docker Compose. (The docker compose
|
|
|
|
|
files are all in the "all-apps" directory in this source tree).
|
|
|
|
|
|
|
|
|
|
The Flatcar Linux config contains a systemd unit (service file) that
|
|
|
|
|
runs "docker compose". The Makefile copies all selected apps' docker
|
|
|
|
|
compose files from all-apps/ to app/. The systemd unit runs all the
|
|
|
|
|
docker compose files in the app/ directory. (The app/ directory is
|
|
|
|
|
what actually gets copied to the Flatcar linux install, not the
|
|
|
|
|
all-apps/ directory.)
|
|
|
|
|
|
|
|
|
|
The docker compose setup is specific and needs further documentation
|
|
|
|
|
here (to cover things like the shared load-balancer network setup and
|
|
|
|
|
how persistent storage is handled).
|
|
|
|
|
|
|
|
|
|
*** Terraform
|
|
|
|
|
|
|
|
|
|
Terraform is used to actually manage the deployed instances. Currently
|
|
|
|
|
it is a static terraform config controlled only via terraform
|
|
|
|
|
variables (see config/production.tfvars.tmpl). The terraform commands
|
|
|
|
|
are run via the Makefile.
|
|
|
|
|
|
|
|
|
|
** Webapp
|
|
|
|
|
|
|
|
|
|
The webapp is used both to provide a more "user-friendly" interface
|
|
|
|
|
|
