My Personal and Business Tech Stack

I’ve recently finished rebuilding both my AWS servers into this common containerised platform running in a single Spot instance. The final piece was getting my Git server instance in place. For anyone interested, it basically looks like this:

  • A dedicated VPC, and EC2 Spot instance spun up with Terraform (OpenTofu) running a Debian Sid AMI but encrypted. I use Debian Sid instead of Debian stable as it’s far more updated, and, as I enjoy running it on my home Linux laptop I know when it’s stable and when it’s not. Anytime I re-run my Terraform it will pluck the latest daily Sid AMI from AWS, and copy it to an encrypted AMI for myself.

  • The Root volume is small and remains mostly untouched. Only enough changes to to enable it to reboot without needing any configuration changes.

  • All important persistent data and configuration lives on a separate encrypted volume mounted at /volume. This gets backed up via a snapshot from AWS Data Lifecycle Manager.

  • I’ve open sourced all the Terraform/OpenTofu to create it all here.

  • Everything important is running as a Docker container via Docker Compose. There are 5 major Docker containers that need to remain up:

    • certbot: Mostly sleeping for 12 hours at a time but then checking for certs that need to be renewed
    • nginx: Powers all the static and tool sites.
    • php: Has the same mounts as nginx and runs any PHP needed
    • mariadb: Powers any needed mysql/mariadb databases.
    • gitea: powers Gitea separately. nginx reverse proxies it.
  • All Powering These Sites:

    • A Wordpress site powering a personal archive. (nginx and php)
    • bocan.dev - A 1 page CV site. (just nginx)
    • cfunder.me - A personal URL shortener. (nginx and php)
    • My personal blog (nginx and hugo), and tooling hidden underneath:
    • My business site (just nginx) - but soon to be my business blog (nginx and hugo)
    • My family tree site (just nginx)
  • There are 3 crontab jobs executing commands inside the docker containers:

    • Every 15 minutes, exec into php and update my TTRSS site to get check RSS feeds.
    • Every 31 minutes, exec into php and run the Nextcloud cron processing.
    • Every 5 minutes, use Git to pull all configuration from Github, then exec into the Hugo container and generate the static blogs.
  • Issues I still need to fix:

    • The Terraform is state is local on my laptop.
    • The Github repo that controls all of the content stores the web certificates so I can’t make it public.