Coder Admin Console Infrastructure #

This document describes the infrastructure setup and management procedures for the Coder admin console at coder.internal.gotofu.com.

Overview #

The Coder admin console provides a cloud development environment platform for developers. It runs on AWS infrastructure in the Tokyo region (ap-northeast-1) and is isolated in its own VPC.

Key Components #

EC2 Instance: t3.large instance running Ubuntu 22.04
VPC: Isolated network (10.100.0.0/16) separate from main infrastructure
Database: Local PostgreSQL on the EC2 instance
DNS: Managed via Cloudflare
- Main: coder.internal.gotofu.com
- Wildcard: *.coder.internal.gotofu.com (for workspace URLs)
Security: Direct HTTPS access with SSL certificates

Infrastructure Management #

All infrastructure is managed via Terraform with tasks available through mise.

Available Commands #

Command	Description
`mise coder-init`	Initialize Terraform backend
`mise coder-plan`	Preview infrastructure changes
`mise coder-apply`	Apply infrastructure changes
`mise coder-refresh`	Refresh Terraform state
`mise coder-admin-ssh`	SSH into Coder instance
`mise coder-logs`	View Coder service logs
`mise coder-backup-db`	Backup PostgreSQL database
`mise coder-update`	Update Coder to latest version
`mise coder-down`	DESTROY all infrastructure
`mise coder-down-check`	Preview what would be destroyed

Initial Setup #

Ensure you have Doppler access to the coder project

Initialize the infrastructure:

mise coder-init
mise coder-plan
mise coder-apply

Daily Operations #

Accessing the Instance #

mise coder-admin-ssh

Viewing Logs #

mise coder-logs

Database Backup #

mise coder-backup-db

Backups are stored in:

Local: tools/coder/scripts/backups/
S3: s3://coder-backups-dev/

Updating Coder #

To update Coder to the latest version:

mise coder-update

This will:

SSH into the instance
Stop the Coder service
Update the Coder binary
Restart the service

Security Configuration #

Network Access #

The Coder instance is accessible via:

HTTP (80) and HTTPS (443) - Direct access with SSL certificates
Coder API (7080) - Direct access
SSH (22) - VPC internal only

Authentication #

Coder is configured with Google OAuth (OIDC) for authentication:

Only @gotofu.com email addresses can sign in
Configuration is managed via Doppler secrets

SSH Access #

SSH keys are stored in AWS Secrets Manager. Administrative access is available via:

mise coder-admin-ssh

Secrets Management #

All secrets are managed through Doppler in the coder project:

Secret	Description
`AWS_*`	AWS credentials for infrastructure
`CLOUDFLARE_API_TOKEN`	Cloudflare DNS management
`CODER_LICENSE_KEY`	Coder enterprise license
`CODER_OIDC_*`	Google OAuth configuration

Disaster Recovery #

Backup Strategy #

Database: Daily backups to S3
Infrastructure: All configuration in Terraform
Secrets: Stored in Doppler

Recovery Procedure #

Restore infrastructure:
```
mise coder-init
mise coder-apply
```

Restore database (if needed):

# Download backup from S3
aws s3 cp s3://coder-backups-dev/coder_backup_TIMESTAMP.sql.gz ./

# Restore on instance
mise coder-admin-ssh
gunzip coder_backup_TIMESTAMP.sql.gz
sudo -u postgres psql coder < coder_backup_TIMESTAMP.sql

Infrastructure Teardown #

⚠️ WARNING: This will permanently delete all resources!

Backup the database:
```
mise coder-backup-db
```
Check what will be destroyed:
```
mise coder-down-check
```
Destroy infrastructure:
```
mise coder-down
```

Troubleshooting #

Service Issues #

Check service status:

mise coder-admin-ssh
sudo systemctl status coder

View logs:
```
mise coder-logs
```

Restart service:

mise coder-admin-ssh
sudo systemctl restart coder

Database Issues #

Check PostgreSQL status:

mise coder-admin-ssh
sudo systemctl status postgresql

Connect to database:

mise coder-admin-ssh
sudo -u postgres psql coder

DNS Issues #

DNS is managed via Cloudflare. Check:

A record for coder.internal.gotofu.com
A record for *.coder.internal.gotofu.com

Both should point to the Elastic IP of the Coder instance.

Cost Optimization #

Current monthly costs (approximate):

EC2 t3.large: ~$60
EBS 50GB: ~$5
Elastic IP: ~$3
Data transfer: Variable

Total: ~$70/month + data transfer

Workspace Templates #

Dev Template #

The dev template is the primary template for development workspaces. It’s located at tools/coder/templates/dev/.

Features #

Automatic Repository Setup: Clones the bonsai repository if not present
Tool Installation: Automatically installs Docker, mise, zsh, and Oh My Zsh
Project Initialization: Runs mise install and mise run init
Subdomain Format: Workspaces are accessible at {workspace}-{owner}.coder.internal.gotofu.com

Template Updates #

To update the dev template:

# Make changes to tools/coder/templates/dev/main.tf
# Then push the updated template
mise coder-template-push dev

Or using the Coder CLI directly:

cd tools/coder/templates/dev
coder templates push --directory . dev

Workspace Access #

Each workspace gets:

Code Server: VS Code in the browser
Tmux Sessions: Terminal multiplexing with saved sessions
Swagger Editor: API documentation editor on port 8000
Swagger UI: Internal API docs on port 8001
BonsAI Proxy: Unified nginx proxy for all services at the workspace subdomain

User Setup Requirements #

After workspace creation, users need to:

Wait for cloud-init to complete: Even if you can SSH into the workspace, the initial configuration may still be running. Check the status with:
```
cloud-init status
```
Wait until it shows status: done before proceeding.
Authenticate with Doppler: mise run doppler-init
Authenticate with Atlas: mise run atlas-init
Start development: mise dev

Future Improvements #

Implement automated daily backups
Add monitoring and alerting
Consider RDS for database (higher availability)
Implement auto-scaling for workspaces
Add CloudWatch logs integration