Our Stack - blame None – An Otter Wiki

Blame

dbfc72	Anonymous	2026-04-13 07:00:10	1	# ISN Innovations Stack
			2
			3	ISN Innovations looks after a software development at ISN.
			4
			5	## Machines
			6	We have the following machines:
44eb28	Anonymous	2026-04-14 06:21:26	7	* SHIVA - a TrueNAS physical machine:
			8	* physical location: 115 Cotham Rd
			9	* local IP: `192.168.40.20`
1ceaa9	Anonymous	2026-05-05 00:31:34	10	* Wireguard VPN IP: `10.13.13.8`
44eb28	Anonymous	2026-04-14 06:21:26	11	* KRISHNA - a TrueNAS physical machine:
			12	* physical location: 35 Cotham Rd
46129a	Anonymous	2026-04-27 02:07:29	13	* local IP: `192.168.20.145`
1ceaa9	Anonymous	2026-05-05 00:31:34	14	* Wireguard VPN IP: `10.13.13.9`
44eb28	Anonymous	2026-04-14 06:21:26	15	* INDRA - a physical machine:
			16	* physical location: 115 Cotham Rd
			17	* local IP: `192.168.40.40`
			18	* Wireguard VPN IP: `10.13.13.6`
32ad2b	Anonymous	2026-04-14 06:39:13	19	* Has 8 L40S GPUs
44eb28	Anonymous	2026-04-14 06:21:26	20	* KRYPTON - a physical machine:
			21	* physical location: 115 Cotham Rd
			22	* local IP: `192.168.40.60`
			23	* Wireguard VPN IP: `10.13.13.3`
32ad2b	Anonymous	2026-04-14 06:39:13	24	* Has 4 L40S GPUs
44eb28	Anonymous	2026-04-14 06:21:26	25	* RAMA - a GCP virtual machine
			26	* GCP IP: `10.152.0.3`
			27	* public IP: `34.116.65.212`
			28	* Wireguard VPN IP: `10.13.13.7`
			29	* GANESHA a GCP virtual machine:
			30	* GCP IP: `10.152.0.2`
			31	* public IP: `34.40.255.123`
			32	* Wireguard VPN IP: `10.13.13.1`
			33
97faf5	Anonymous	2026-05-05 01:00:31	34	### How to Connect
			35	```sh
			36	PEER=nathan
			37	ssh ganesha "docker exec wireguard /app/show-peer $PEER"
			38	ssh ganesha "sudo cat /var/lib/docker/volumes/infrastructure-setup_wireguard_config/_data/peer_$PEER/peer_$PEER.conf"
			39	```
			40
			41	```powershell
			42	$PEER = "nathan"
			43	ssh ganesha "docker exec wireguard /app/show-peer $PEER"
			44	ssh ganesha "sudo cat /var/lib/docker/volumes/infrastructure-setup_wireguard_config/_data/peer_$PEER/peer_$PEER.conf"
			45	```
			46
			47	```cmd
			48	set PEER=nathan
			49	ssh ganesha "docker exec wireguard /app/show-peer %PEER%"
			50	ssh ganesha "sudo cat /var/lib/docker/volumes/infrastructure-setup_wireguard_config/_data/peer_%PEER%/peer_%PEER%.conf"
			51	```
			52
44eb28	Anonymous	2026-04-14 06:21:26	53	### Recommended Developer SSH Configuration
			54
			55	Assuming your `~/.ssh/config` includes the entries below, you will be able to simply run:
			56	* `ssh indra`
			57	* `ssh krypton`
			58	* `ssh rama`
			59	* `ssh ganesha`
c36029	Anonymous	2026-05-05 00:37:38	60	* `ssh shiva`
			61	* `ssh krishna`
22c114	Anonymous	2026-05-05 02:10:52	62	* `git add remote origin git@10.152.0.2:2222:REPO-OWNER/REPO-NAME.git`
2282d8	Anonymous	2026-05-05 00:38:05	63	* `git add remote origin git@isn-gitea:REPO-OWNER/REPO-NAME.git`
44eb28	Anonymous	2026-04-14 06:21:26	64
			65	```
			66	Host indra
			67	HostName 10.13.13.6
			68	User YOUR_USER_ON_INDRA
			69	IdentityFile ~/.ssh/id_ed25519_indra
			70	IdentitiesOnly yes
			71
			72	Host krypton
			73	HostName 10.13.13.3
			74	User YOUR_USER_ON_KRYPTON
			75	IdentityFile ~/.ssh/id_ed25519_krypton
			76	IdentitiesOnly yes
			77
			78	Host ganesha
ebdd9a	Anonymous	2026-05-05 02:16:12	79	HostName 10.13.13.1
44eb28	Anonymous	2026-04-14 06:21:26	80	User YOUR_USER_ON_GANESHA
			81	IdentityFile ~/.ssh/id_ed25519_ganesha
			82	IdentitiesOnly yes
			83
			84	Host rama
ebdd9a	Anonymous	2026-05-05 02:16:12	85	HostName 10.13.13.6
44eb28	Anonymous	2026-04-14 06:21:26	86	User YOUR_USER_ON_RAMA
			87	IdentityFile ~/.ssh/id_ed25519_rama
			88	IdentitiesOnly yes
			89
			90	Host isn-gitea
			91	HostName 10.13.13.1
			92	Port 2222
			93	User YOUR_USER_ON_GANESHA
			94	IdentityFile ~/.ssh/id_ed25519_ganesha
			95	IdentitiesOnly yes
c153cd	Anonymous	2026-05-05 00:36:21	96
			97	Host shiva
			98	HostName 10.13.13.8
			99	User mtamassia
			100	IdentityFile ~/.ssh/id_ed25519_shiva
			101	IdentitiesOnly yes
			102
			103	Host krishna
			104	HostName 10.13.13.9
			105	User mtamassia
			106	IdentityFile ~/.ssh/id_ed25519_krishna
			107	IdentitiesOnly yes
44eb28	Anonymous	2026-04-14 06:21:26	108	```
dbfc72	Anonymous	2026-04-13 07:00:10	109
			110	## Apps
			111	We look after the following software:
0f3af6	Anonymous	2026-05-05 06:47:57	112	* VISNA, an AI chat app for students:
dbfc72	Anonymous	2026-04-13 07:00:10	113	* Backend in Kotlin + Spring Boot 3, frontend in Typescript + Vue 3
			114	* It is deployed on RAMA in Docker containers
			115	* RAMA runs VISNA's `staging`, `sandbox` and `production` environments
			116	* The deployment uses blue-green deployment, with routing handled via a containerized Nginx instance running on GANESHA
22c114	Anonymous	2026-05-05 02:10:52	117	* The source code is on this machine at [https://gitea.dev.isn.edu.au/ISN-Innovations/Visna](https://gitea.dev.isn.edu.au/ISN-Innovations/K-VISNA)
dbfc72	Anonymous	2026-04-13 07:00:10	118	* The pipeline runs on a Gitea instance hosted on GANESHA (origin: `ganesha`)
			119	* The public URL is https://visna.isn.edu.au, which reaches GANESHA
			120	* A Nginx instance running on GANESHA routes requests to the correct port on RAMA
			121	* It is deployed by simply pushing the branches `production`, `sandbox` and `staging`
0f3af6	Anonymous	2026-05-05 06:47:57	122	* THRIVE, a course generation app for staff:
dbfc72	Anonymous	2026-04-13 07:00:10	123	* Backend in Typescript + Express 4, frontend in Typescript + React 19
			124	* It is deployed on RAMA in Docker containers
			125	* RAMA runs THRIVE's `staging`, `sandbox` and `production` environments
			126	* The deployment uses blue-green deployment, with routing handled via a containerized Nginx instance running on GANESHA
22c114	Anonymous	2026-05-05 02:10:52	127	* The source code is on this machine at [https://gitea.dev.isn.edu.au/ISN-Innovations/Thrive](https://gitea.dev.isn.edu.au/ISN-Innovations/Thrive)
dbfc72	Anonymous	2026-04-13 07:00:10	128	* The deployment pipeline is in the relative folder `.gitea/`
			129	* The pipeline runs on a Gitea instance hosted on GANESHA(origin: `origin`)
			130	* The public URL is https://thrive.isn.edu.au, which reaches GANESHA
			131	* A Nginx instance running on GANESHA routes requests to the correct port on RAMA
			132	* It is deployed by simply pushing the branches `production`, `sandbox` and `staging`
0f3af6	Anonymous	2026-05-05 06:47:57	133	* Modelix, an AI gateway app used behind the scenes by THRIVE and soon by VISNA
dbfc72	Anonymous	2026-04-13 07:00:10	134	* Backend in Rust + Axum + Tower, frontend in Typescript + Vue 3
			135	* It is deployed on GANESHA, in a Docker container
			136	* The deployment is configured together with all the other services running on GANESHA (see below)
22c114	Anonymous	2026-05-05 02:10:52	137	* The source code is on this machine at [https://gitea.dev.isn.edu.au/ISN-Innovations/Modelix](https://gitea.dev.isn.edu.au/ISN-Innovations/Modelix)
dbfc72	Anonymous	2026-04-13 07:00:10	138	* The deployment pipeline is in the relative folder `.gitea/`
			139	* The pipeline runs on a Gitea instance hosted on GANESHA (origin: `origin`)
			140	* This is only reachable using local IPs, so I use a VPN, while THRIVE and VISNA are in the same network
			141	* Pushing the branch `main` builds an image, stored in Gitea's imnage registry
			142	* Deployment on GANESHA is done via git pull ganesha main && docker-compose pull modelix && docker-compose up -d --force-recreate modelix-caddy
			143
			144
0f3af6	Anonymous	2026-05-05 06:47:57	145	## Services
dbfc72	Anonymous	2026-04-13 07:00:10	146	GANESHA runs a host of services:
22c114	Anonymous	2026-05-05 02:10:52	147	* The services are set up using a long Docker Compose stack defined at [https://gitea.dev.isn.edu.au/ISN-Innovations/Infrastructure-Setup](https://gitea.dev.isn.edu.au/ISN-Innovations/Infrastructure-Setup)
dbfc72	Anonymous	2026-04-13 07:00:10	148	* This lives on GANESHA in `/Users/mtamassia/Projects/Infrastructure-Setup`
1fe959	Anonymous	2026-05-05 00:47:30	149	* The folder containes a .env file, too
dbfc72	Anonymous	2026-04-13 07:00:10	150	* GANESHA uses Docker Compose v1, so the right commands start with `docker-compose` (with a dash)
			151	* Among the services, there are:
0f3af6	Anonymous	2026-05-05 06:47:57	152	* Grafana and Kibana, which I use to monitor VISNA and THRIVE.
			153	* Gitea, where we host all of our code, is reachable at [https://gitea.dev.isn.edu.au](https://gitea.dev.isn.edu.au)
			154	* Keycloak, which THRIVE and Modelix use for authorisation and identity management, and is reachable at [https://iam.isn.edu.au](https://iam.isn.edu.au)
			155	* Garage, which offers a S3-compatible API, which THRIVE uses to store assets, and is reachable at [https://s3.isn.edu.au](https://s3.isn.edu.au)
			156	* Otterwiki, where we collect our knowledge, is reachable at [https://wiki.dev.isn.edu.au](https://wiki.dev.isn.edu.au)
			157	* Prometheus and Elasticsearch, where the data used by Grafana and Kibana transits
			158	* Various other utilities, which we ourseleves use, such as NextCloud, Infisical, Homarr, Portainer.
			159	* Nginx, which is used to route requests to VISNA, THRIVE (on RAMA) but also to Keycloak and Garage
			160	* Modelix, our AI gateway, is reachable at [https://ai.isn.edu.au](https://ai.isn.edu.au)
			161	* Open WebUI, an AI chat app, is reachable at [https://chat.staff.isn.edu.au](https://chat.staff.isn.edu.au)
dbfc72	Anonymous	2026-04-13 07:00:10	162
			163	## Directory
817e80	Anonymous	2026-05-05 02:14:49	164	* Garage UI @ http://10.152.0.2:3909/ \| https://s3.isn.edu.au
			165	* Gitea @ http://10.152.0.2:3000/ \| https://gitea.dev.isn.edu.au
dbfc72	Anonymous	2026-04-13 07:00:10	166	* Grafana @ http://10.152.0.2:4444/
			167	* Homarr @ http://10.152.0.2:5005/
			168	* Infisical @ http://10.152.0.2:12080/
817e80	Anonymous	2026-05-05 02:14:49	169	* Keycloak @ http://10.152.0.2:8180/ \| https://iam.isn.edu.au
dbfc72	Anonymous	2026-04-13 07:00:10	170	* Kibana @ http://10.152.0.2:5601/
817e80	Anonymous	2026-05-05 02:14:49	171	* Modelix @ https://10.152.0.2:9999 \| https://ai.isn.edu.au
dbfc72	Anonymous	2026-04-13 07:00:10	172	* Nextcloud @ http://10.152.0.2:15080/
817e80	Anonymous	2026-05-05 02:14:49	173	* Open WebUI @ http://10.152.0.2:3001/ \| https://chat.staff.isn.edu.au
			174	* OtterWiki @ http://10.152.0.2:8082/ \| https://wiki.dev.isn.edu.au
dbfc72	Anonymous	2026-04-13 07:00:10	175	* Portainer (GANESHA) @ https://10.152.0.2:9443/
			176	* Portainer (RAMA) @ https://10.152.0.3:9443/
			177	* Prometheus @ http://10.152.0.2:9090/
			178	* THRIVE (production) @ https://thrive.isn.edu.au/
			179	* THRIVE (sandbox) @ https://sandbox.dev.thrive.isn.edu.au/
			180	* THRIVE (staging) @ https://staging.dev.thrive.isn.edu.au/
			181	* VISNA (production) @ https://visna.isn.edu.au/
			182	* VISNA (sandbox) @ https://sandbox.dev.visna.isn.edu.au/
			183	* VISNA (staging) @ https://staging.dev.visna.isn.edu.au/
b7186b	Anonymous	2026-05-05 06:38:24	184
			185	## Setup Client
			186
			187	1. Build config
3e2e11	Anonymous	2026-05-05 06:41:31	188	```sh
			189	ssh ganesha "sudo bash -c 'V=/var/lib/docker/volumes/infrastructure-setup_wireguard_config/_data && printf \"[Interface]\nAddress = 10.13.13.9\nPrivateKey = \$(cat \$V/peer_$PEER/privatekey-peer_$PEER)\n\n[Peer]\nPublicKey = jI0naHt99LeIcbZUBXW4Q25Lhksxsjl7fdoWiOlMXF0=\nPresharedKey = RPEETrKWpDcJsFiMahBYJY5+nOisRavqaNGoaN81xNM=\nEndpoint = 34.40.255.123:51820\nAllowedIPs = 10.152.0.0/24, 10.13.13.0/24\nPersistentKeepalive = 25\n\"'" > /tmp/$PEER_wg0.conf
			190	```
b7186b	Anonymous	2026-05-05 06:38:24	191
			192	2. Copy to /tmp
3e2e11	Anonymous	2026-05-05 06:41:31	193	```sh
			194	scp -i ~/.ssh/id_ed25519_$PEER /tmp/$PEER_wg0.conf $SSH_USER@$SSH_HOST:/tmp/wg0.conf && rm /tmp/$PEER_wg0.conf
			195	```
b7186b	Anonymous	2026-05-05 06:38:24	196
			197	3. Install
			198	a. Server Setup
3e2e11	Anonymous	2026-05-05 06:41:31	199	```sh
			200	ssh -i ~/.ssh/id_ed25519_$PEER -t $SSH_USER@$SSH_HOST "sudo install -m 600 -o root -g root /tmp/wg0.conf /etc/wireguard/wg0.conf && rm /tmp/wg0.conf && sudo systemctl enable --now wg-quick@wg0"
			201	```
b7186b	Anonymous	2026-05-05 06:38:24	202
			203	b. Desktop Setup
3e2e11	Anonymous	2026-05-05 06:41:31	204	```sh
			205	ssh ganesha "sudo cat /var/lib/docker/volumes/infrastructure-setup_wireguard_config/_data/peer_$PEER/peer_$PEER.conf"
			206	```
b7186b	Anonymous	2026-05-05 06:38:24	207
			208	d. Mobile Setup
3e2e11	Anonymous	2026-05-05 06:41:31	209	```sh
			210	ssh ganesha "docker exec wireguard /app/show-peer $PEER"
			211	```