Personal VPS Infrastructure (IaC)

A complete Infrastructure as Code (IaC) solution to provision, configure, and manage a production-ready personal server. This project automates the entire lifecycle of a VPS—from spinning up hardware on DigitalOcean to deploying a secure container orchestration platform using Dokploy and Traefik.

🏗 System Architecture

The infrastructure is built on two main pillars: Provisioning (Terraform) and Configuration (Ansible), leading to a state where services are managed via Docker Compose.

graph TD
    User([User / DevOps]) -->|1. Provisions| TF[Terraform]
    User -->|2. Configures| ANS[Ansible]
    
    subgraph "DigitalOcean Cloud"
        TF -->|Creates| Droplet[Ubuntu 24.04 VPS]
        ANS -->|Bootstraps| Droplet
        
        subgraph "Droplet Software Stack"
            Docker[Docker Engine]
            
            subgraph "Public Network"
                Traefik[Traefik Reverse Proxy]
            end
            
            subgraph "Service Mesh"
                Dokploy[Dokploy Platform]
                n8n[n8n Automation]
                Postgres[(Postgres DB)]
                Ollama[Ollama AI]
                WebUI[Open WebUI]
                Grafana[Grafana Monitor]
            end
            
            Traefik -->|Routes HTTPS| Dokploy
            Traefik -->|Routes HTTPS| n8n
            Traefik -->|Routes HTTPS| WebUI
            Traefik -->|Routes HTTPS| Grafana
            
            n8n -.->|Persists Data| Postgres
            WebUI -.->|Internal API| Ollama
        end
    end

Loading

🚀 Key Features

• One-Command Provisioning: Spin up a full server with associated SSH keys and static IPs using Terraform.
• Security First: Automated UFW firewall configuration, root login disabled, and SSH hardening.
• Automated SSL: Zero-config HTTPS for all services via Traefik and Let's Encrypt.
• Service Isolation: Dedicated Docker networks for multi-container stacks (e.g., AI stack is isolated from Monitoring).
• Self-Hosted AI: Runs LLMs locally with Ollama and Open WebUI without reliance on external APIs.

🛠 Prerequisites

• Terraform installed locally.
• Ansible installed locally.
• DigitalOcean API Token (Read/Write access).

📦 Installation & Deployment

1. Provision Hardware (Terraform)

Navigate to the terraform directory and initialize the provider.

cd terraform
export DIGITALOCEAN_TOKEN="your_token_here"
terraform init
terraform apply

Output: This will display the new server's IP address.

2. Configure System (Ansible)

Update the inventory file (or use the IP from step 1) and run the playbook.

cd ansible
# Ensure your SSH key is added to your agent
ssh-add ~/.ssh/id_rsa
ansible-playbook -i "1.2.3.4," playbook.yml -u root

3. Deploy Services (Dokploy/Docker)

Once the server is ready, Dokploy will be running on port 3000. You can also manaually deploy services defined in services/:

# Example: Deploying n8n
scp -r services/n8n adcon@1.2.3.4:~/services/
ssh adcon@1.2.3.4
cd ~/services/n8n && docker-compose up -d

📂 Project Structure

• terraform/: Definitions for Droplets, Firewalls, and Project resource assignment.
• ansible/: Playbooks for OS setup, Docker installation, and security rules.
• services/: Docker Compose files for individual applications.
  • dokploy/: Traefik dynamic configuration and middleware.
  • n8n/: Automation platform with PostgreSQL.
  • open-webui/: LLM chat interface + Ollama backend.

🤝 Contributing

1. Fork the repository.
2. Create a feature branch (git checkout -b feature/NewService).
3. Commit your changes (git commit -m 'Add new service').
4. Push to the branch (git push origin feature/NewService).
5. Open a Pull Request.

📄 License

This project is licensed under the MIT License - see the LICENSE file for details.