Cloud Infrastructure

Since www.sommerfeld.io and the corresponding website image(s) experienced refactoring, …

… this config does no longer works because the docs-website image does not exist anymore (ditched in favour of a more complete website image)
… the docs.cloud subdomain is no longer part of the website setup (ditched in favour of a docs subdirectory because there is no need to pay money to digital ocean to serve a static website)

This is the latest and up-to-date Terraform configuration for all *.sommerfeld.io services running in the cloud (meaning every service/subdomain outside www.sommerfeld.io). The cloud provider of choice is DigitalOcean although some services might run at Linode.

For further information on the decision process take a look at ADR: Cloud Provider.

For information when to use which DigitalOcean object / platform, take a look at the "Guidelines and Conventions" page.

Building Block View / Whitebox Overall System

The domain provider needs some DNS settings to ensure the name resoulution for all subdomains for sommerfeld.io point to the right cloud provider. Each cloud provider has its own subdomain and for which the proper NS recores are set. The NS records need to be added under the DNS zone of the main (sub-) domain. This way name resolution for further subdomains is delegated to the respective cloud provider.

These basic subdomains are configured for the domain "sommerfeld.io" through the domain providers management console. This initial setup takes place once for each subdomain.

Domain Provider Target

Domain	Provider	Target
apps.sommerfeld.io	tbd	Reserved for different cloud (similar to `cloud`)
cloud.sommerfeld.io	DigitalOcean	Used for DNS settings → NS records point to http://ns1.digitalocean.com, http://ns2.digitalocean.com and http://ns3.digitalocean.com.
digitalocean.sommerfeld.io	DigitalOcean	DNS config is exactly the same config as `cloud` → used for temporary and testing purposes
linode.sommerfeld.io	Linode	Reserved for Linode (similar to `cloud`) - no running service yet
www.sommerfeld.io	All-Inkl	Classic webhosting - no cloud

apps.sommerfeld.io

tbd

Reserved for different cloud (similar to cloud)

cloud.sommerfeld.io

DigitalOcean

Used for DNS settings → NS records point to http://ns1.digitalocean.com, http://ns2.digitalocean.com and http://ns3.digitalocean.com.

digitalocean.sommerfeld.io

DigitalOcean

DNS config is exactly the same config as cloud → used for temporary and testing purposes

linode.sommerfeld.io

Linode

Reserved for Linode (similar to cloud) - no running service yet

www.sommerfeld.io

All-Inkl

Classic webhosting - no cloud

The subdomain cloud.sommerfeld.io with correct NS records (configured at the domain hosters web ui) takes care of name resolution. A domain record inside DigitalOcean, which has the same name and NS records, ensures apps can use CNAME records and subdomains inside DigitalOcean. This way the cloud.sommerfeld.io subdomain "controls" the name resolution for all subdomains nested under cloud.sommerfeld.io without the need for additional configs at the domain providers management console. These subdomains / CNAME records (<xyz>.cloud.sommerfeld.io) point to a services <random>.ondigitalocean.app URL.

Services

This configuration is currently running across all service providers (as set up by Terraform) for all *.sommerfeld.io cloud services (subdomains other than www.sommerfeld.io).

terraform configs sommerfeld io

Usage

Use src/main/terraform/tf.sh to control the setup hosted in the cloud.

Requirements

Name	Version
digitalocean	~> 2.0
linode	1.27.1

Name

Version

digitalocean

~> 2.0

linode

1.27.1

Providers

Name	Version
digitalocean	2.21.0
linode	1.27.1

Name

Version

digitalocean

2.21.0

linode

1.27.1

Modules

No modules.

Resources

Name	Type
digitalocean_app.docs-page	resource
digitalocean_domain.cloud	resource
digitalocean_record.CNAME-docs	resource
digitalocean_account.do_account	data source
digitalocean_app.docs-page-data	data source
linode_account.linode_account	data source

Name

Type

digitalocean_app.docs-page

resource

digitalocean_domain.cloud

resource

digitalocean_record.CNAME-docs

resource

digitalocean_account.do_account

data source

digitalocean_app.docs-page-data

data source

linode_account.linode_account

data source

Inputs

Name Description Type Default Required

Name	Description	Type	Default	Required
do_base_domain	Domain used for DigitalOcean → all Services will be subdomains of this base domain	`string`	`"cloud.sommerfeld.io"`	no
do_instance_smallest	Smallest DigitalOcean instance type	`string`	`"basic-xxs"`	no
do_region	Default location for DigitalOcean resources (= Frankfurt)	`string`	`"fra"`	no
do_subdomain_docs	Subdomain for docs-page	`string`	`"docs"`	no
do_token	Access token for DigitalOcean API (`tf.sh` reads token from local file which is not pushed to the remote git repo)	`string`	n/a	yes
linode_base_domain	Domain used for Linode → all Services will be subdomains of this base domain	`string`	`"linode.sommerfeld.io"`	no
linode_instance_smallest	Linode resources size: `Nanode 1GB`	`string`	`"g6-nanode-1"`	no
linode_region	Default location for Linode resources (= Frankfurt)	`string`	`"eu-central"`	no
linode_token	Access token for Linode API (`tf.sh` reads token from local file which is not pushed to the remote git repo)	`string`	n/a	yes

do_base_domain

Domain used for DigitalOcean → all Services will be subdomains of this base domain

string

"cloud.sommerfeld.io"

do_instance_smallest

Smallest DigitalOcean instance type

string

"basic-xxs"

do_region

Default location for DigitalOcean resources (= Frankfurt)

string

"fra"

do_subdomain_docs

Subdomain for docs-page

string

"docs"

do_token

Access token for DigitalOcean API (tf.sh reads token from local file which is not pushed to the remote git repo)

string

n/a

yes

linode_base_domain

Domain used for Linode → all Services will be subdomains of this base domain

string

"linode.sommerfeld.io"

linode_instance_smallest

Linode resources size: Nanode 1GB

string

"g6-nanode-1"

linode_region

Default location for Linode resources (= Frankfurt)

string

"eu-central"

linode_token

Access token for Linode API (tf.sh reads token from local file which is not pushed to the remote git repo)

string

n/a

yes

Outputs

Name	Description
do_account_email	The email address of the DigitalOcean account in use
do_docs_page_default_url	The <random-subdomain>.ondigitalocean.app domain
do_docs_page_live_url	The <subdomain>.cloud.sommerfeld.io domain
linode_account_email	The email address of the Linode account in use

Name

Description

do_account_email

The email address of the DigitalOcean account in use

do_docs_page_default_url

The <random-subdomain>.ondigitalocean.app domain

do_docs_page_live_url

The <subdomain>.cloud.sommerfeld.io domain

linode_account_email

The email address of the Linode account in use

Take a look at https://api.linode.com/v4/linode/types for Linode resource types (node sizes to use with Terraform).
For DigitalOcean resource types take a look at https://slugs.do-api.dev (the slugs are the node sizes to use with Terraform).

Architecture Decisions

ADR: Cloud Provider

Risks and Technical Debts

Scale for Probability and Impact: Low, Medium and High

#	Title	Description	Probability	Impact	Response
1	none	none	none	none	none

Title

Description

Probability

Impact

Response

none

Further Information

For docs on DigitalOcean with Terraform see https://docs.digitalocean.com/reference/terraform and https://registry.terraform.io/providers/digitalocean/digitalocean/latest/docs.
Also see the Tutorial Series: How To Manage Infrastructure with Terraform on the DigitalOcean website.