Infrastructure-as-Code monorepo for the All Things Linux 501(c)(3) non-profit organization
π Quick Start β’ π Structure β’ π§ Development β’ π Documentation
This infrastructure monorepo contains the complete platform-as-code for All Things Linux, a 501(c)(3) non-profit organization. We manage infrastructure for 10,000+ community members using modern GitOps practices and infrastructure-as-code principles.
Infrastructure Only - Applications live in separate repositories:
- ποΈ Infrastructure Provisioning - Terraform for Hetzner Cloud resources
- βοΈ Configuration Management - Ansible for server configuration
- π Monitoring & Observability - Prometheus, Grafana, and alerting
- π Network & Security - Load balancing, SSL, firewalls
- π¦ Platform Services - Shared services (databases, caching, etc.)
Applications deploy to this infrastructure but live independently:
- Discord Bot (Tux) - Community automation and moderation
- ATL Wiki - Educational resources and documentation
- ATL Tools - Self-hosted applications suite
- ATL Chat - Multi-platform communication bridging
- ATL Dev - Developer pubnix and hosting platform
The atl CLI provides a unified interface for all infrastructure operations:
# Install dependencies
poetry install
# Quick operations
atl plan # Plan infrastructure changes
atl apply -y # Apply changes with auto-approve
atl lint --fix # Run linting with auto-fix
atl docs build --serve # Build and serve documentation
# Organized commands
atl infra plan # Infrastructure planning
atl infra apply # Infrastructure deployment
atl infra destroy # Infrastructure destruction
atl quality lint # Code quality checks
atl docs build # Documentation generation
atl utils update-collections # Ansible collections update
# Get help
atl info # Show available commands
atl status # Check tool availability
atl <command> --help # Detailed help for any command- Python 3.11+ with Poetry for dependency management
- Terraform for infrastructure provisioning
- Ansible for configuration management
- Hetzner Cloud account and API token
- Cloudflare account and API token
-
Clone and setup:
git clone <repository-url> cd infra # Install dependencies poetry install poetry run ansible-galaxy collection install -r ansible/collections/requirements.yml
-
Configure secrets:
# Copy secrets template cp configs/secrets.example.yml configs/secrets.yml # Edit with your actual credentials (never commit this!) edit configs/secrets.yml
-
Set up development environment:
# Install pre-commit hooks ./scripts/setup/setup-hooks.sh # Run validation atl lint
-
Deploy infrastructure:
# Plan changes first cd terraform/environments/staging terraform plan # Apply infrastructure terraform apply # Configure servers cd ../../../ansible ansible-playbook -i inventories/dynamic.py playbooks/site.yml
infra/ # ποΈ Infrastructure Monorepo
βββ π README.md # This file
βββ π§ configs/ # π― Configuration Management
β βββ domains.yml # Domain configurations
β βββ environments.yml # Environment definitions
β βββ secrets.example.yml # Secrets template (never commit secrets.yml!)
β
βββ ποΈ terraform/ # Infrastructure Provisioning
β βββ modules/ # Reusable Terraform modules
β β βββ network/ # VPC, subnets, security groups
β β βββ compute/ # Servers, load balancers
β β βββ security/ # SSL, firewalls, monitoring
β βββ environments/ # Environment-specific configs
β β βββ production/ # Production infrastructure
β β βββ staging/ # Staging environment
β β βββ development/ # Development environment
β βββ shared/ # Cross-environment resources (DNS, etc.)
β
βββ βοΈ ansible/ # Configuration Management
β βββ ansible.cfg # Ansible configuration
β βββ inventories/ # Dynamic and static inventories
β β βββ dynamic.py # Dynamic inventory from Terraform
β βββ playbooks/ # Ansible playbooks
β β βββ site.yml # Main deployment playbook
β β βββ infrastructure/ # Infrastructure setup playbooks
β β βββ security/ # Security hardening
β β βββ domains/ # Domain-specific deployments
β βββ roles/ # Reusable Ansible roles
β β βββ system/ # Base system configuration
β β βββ docker/ # Docker and containers
β β βββ monitoring/ # Monitoring agents
β βββ group_vars/ # Group variables
β βββ host_vars/ # Host-specific variables
β βββ collections/ # Ansible collections requirements
β
βββ π monitoring/ # Observability Stack
β βββ prometheus/ # Metrics collection
β βββ grafana/ # Dashboards and visualization
β βββ alerting/ # Alert rules and notifications
β
βββ π§ scripts/ # Automation and Tooling
β βββ deploy.py # Modern Python deployment CLI
β βββ lint.py # Code quality and validation
β βββ docs.py # Documentation generation
β βββ common/ # Shared utilities
β βββ setup/ # Environment setup scripts
β
βββ π docs/ # Infrastructure Documentation
β βββ guides/ # How-to guides
β βββ architecture/ # Architecture decisions
β βββ runbooks/ # Operational procedures
β βββ setup/ # Setup and configuration
β
βββ π .github/workflows/ # CI/CD Pipelines
β βββ terraform.yml # Infrastructure validation
β βββ ansible.yml # Configuration validation
β βββ docs.yml # Documentation deployment
β
βββ π Python Environment # Development Environment
βββ pyproject.toml # Poetry dependencies & CLI tools
βββ poetry.lock # Locked dependencies
βββ mise.toml # Development environment
This monorepo follows modern platform engineering patterns:
- π GitOps - Infrastructure changes via git workflows
- π¦ Modular - Reusable Terraform modules and Ansible roles
- π Multi-environment - Consistent dev/staging/production
- π Observable - Built-in monitoring and alerting
- π Secure - Security hardening and secrets management
- π± App-agnostic - Applications deploy independently
A single, powerful CLI that consolidates all infrastructure operations into an intuitive interface:
The atl CLI provides a single interface for all infrastructure operations:
| Command Group | Purpose | Key Features |
|---|---|---|
atl infra |
Infrastructure management | Terraform + Ansible deployment with rich output |
atl quality |
Code quality validation | Multi-format linting, auto-fix capabilities |
atl docs |
Documentation generation | Automated docs from infrastructure code |
atl utils |
Utility operations | Collection updates, maintenance tasks |
# Quick access commands
atl plan # Preview infrastructure changes
atl apply # Apply infrastructure changes
atl lint # Run validation checks
# Organized commands
atl infra plan --environment staging
atl infra apply --environment production
atl quality lint --fix # Auto-fix common issues
atl docs build --serve # Generate and serve documentation
# Get help and status
atl info # Show all available commands
atl status # Check tool availabilityComprehensive team access management:
- π§ Platform Engineering: Full infrastructure access
- βοΈ Cloud Operations: Environment management and monitoring
- π Security: Security policies and compliance
- π Site Reliability: Monitoring and incident response
- π₯οΈ Backend Engineers: API and service deployment
- π¨ Frontend Engineers: Web application deployment
- π Python Developers: Discord bot and tools deployment
- π± Mobile Developers: Mobile app infrastructure
- π¨βπΌ Management: Oversight and resource allocation
- π‘οΈ Moderation: Community management tools
- π¨ Creative: Content and brand management
| Environment | Purpose | Infrastructure |
|---|---|---|
| Production | Live services | High-availability, monitoring, backups |
| Staging | Pre-production testing | Production-like, automated testing |
| Development | Feature development | Lightweight, rapid iteration |
- π Load Balancing: HAProxy with automatic failover
- ποΈ Databases: PostgreSQL clusters with Redis caching
- π Monitoring: Prometheus + Grafana + AlertManager
- π Logging: Centralized log aggregation and analysis
- π Security: Automated security scanning and hardening
- πΎ Backups: Automated backup and disaster recovery
# Install development dependencies
poetry install
# Set up pre-commit hooks
./scripts/setup/setup-hooks.sh
# Validate your setup
atl lint- πΏ Branch: Create feature branch from
main - π» Develop: Make infrastructure changes
- β
Validate: Run
atl lint - π§ͺ Test: Deploy to development environment
- π Document: Update relevant documentation
- π PR: Create pull request for review
- π Deploy: Merge triggers deployment pipeline
# Syntax validation
atl lint
# Infrastructure planning
cd terraform/environments/development
terraform plan
# Configuration testing
cd ansible
ansible-playbook --syntax-check playbooks/site.ymlComprehensive documentation available in docs/:
- π Setup Guide - Installation and configuration
- ποΈ Architecture - System design and decisions
- π Runbooks - Operational procedures
- π§ Development - Development workflow
- π Read the development guide
- π΄ Fork this repository
- πΏ Create a feature branch
- β Test your changes thoroughly
- π Document any new features
- π Submit a pull request
This infrastructure code is licensed under the MIT License. See LICENSE for details.
All Things Linux β’ A 501(c)(3) Non-Profit Organization
Empowering the Linux ecosystem through education, collaboration, and open infrastructure