Ivan Savenko
11 KiB
Project Infrastructure
What's to improve
- Encourage Tow to transfer VCMI.eu to GANDI so it's can be also renewed without access.
- Centralized way to post news about game updates to all social media.
- Verify VCMI.eu domain name expiration date with Tow
- Verify VCMI.download domain name expiration date with SXX
- Verify Google Apps (G Suite) status with Tow
- Restore firewall which for some reason is disabled on DO
Services and accounts
Infrastructure
| Service | Details | Owner | Administrators | Notes |
|---|---|---|---|---|
| GitHub | Code hosting, bug tracker, pull requests, website hosting | - | Tow, AVS, Ivan, Warmonger, SXX | - |
| VCMI.eu domain name | Main domain for services | Tow | - | Renewal date unknown |
| VCMI.download domain name | Secondary domain name for downloads | SXX | - | Paid until November 2026. Registered on GANDI; can be renewed by anyone without account access |
| DigitalOcean | Hosting sponsor for all our self-hosted services | - | SXX, Warmonger, Ivan, AVS, Tow | - |
| CloudFlare | DNS & CDN for our web services | - | SXX, Ivan | All our web services are behind CloudFlare and use Cloudflare SSL certificates |
| Weblate | Game translations | - | Ivan | Hosts translations for VCMI itself (not including mods & website). Uses free "Gratis" plan |
| Google Play Console | VCMI Android App | SXX | Warmonger, AVS, Ivan, Fay | - |
| Google Apps (G Suite) | Email for vcmi.eu domain | - | Tow, SXX | Limited to 5 users; 500 emails/day limit per account. Includes: admin email (service registration), "noreply" (Wiki/Bug Tracker), "forum" (Forums authentication). Likely dead. Verify with Tow |
| Launchpad PPA | Ubuntu package repository | Mantas Kriaučiūnas | Ivan, SXX, AVS | Contains daily builds and latest releases PPA's for Ubuntu |
| Sonar Cloud | Code analysis | - | Shares credentials with Github | Integrated into Github pull requests |
| Discord Team | Discord app holder | Ivan | Laserlicht, dydzio, Warmonger | Holds ownership of Discord VCMI app that is used to display rich presence when people are playing VCMI |
| Snapcraft Dashboard | Snap package distribution | - | SXX | Abandoned in favor of Flatpaks and PPA |
| Coverity Scan | Code analysis | - | SXX, Warmonger, AVS | Abandoned in favor of Sonar Cloud |
| OpenHub | Code statistics | - | Tow | - |
| Docker Hub | Container registry | - | SXX | Abandoned and never used? |
| GitLab | Code repository | - | SXX | Reserve account, not used |
| BitBucket | Code repository | - | SXX | Reserve account, not used |
Note: "Owner" refers to services that require one (and only one) account to have special superuser-like status, potentially - with legal and/or biling information. If service has no such requirement, this field is left blanc.
When possible at least two of active core developers must have access to them in case of emergency.
Communities with page managed by VCMI Team
| Service Name | Owner | Administrators | Notes |
|---|---|---|---|
| Discord | dydzio | SXX, Warmonger, Ivan... | Main communication platform |
| Facebook page | — | SXX, Warmonger | Active |
| — | SXX | Abandoned in favor of general H3 subreddits | |
| Twitter account | — | SXX | Abandoned, User access via TweetDeck |
| VK / VKontakte page | SXX | AVS | Abandoned |
| Steam group | SXX | Dydzio | Abandoned |
| ModDB entry | — | SXX | Abandoned |
| Slack team | vmarkovtsev | SXX, Warmonger, AVS... | Abandoned in favor of Discord |
| Trello team | — | SXX | Abandoned |
Heroes 3 communities with VCMI Team presence
| Service Name | Active team members | Notes |
|---|---|---|
| VCMI thread on Heroes Community | Warmonger, Ivan, dydzio... | Very low player activity |
| Heroes 3 subreddit | Ivan, dydzio... | VCMI-related questions are rather common |
| HoMM subreddit | Ivan, dydzio... | Way less active than Heroes 3 subreddit, but sometimes posts about VCMI do appear |
Project Servers Configuration
This section dedicated to explain specific configurations of our servers for anyone who might need to improve it in future.
VPS configuration
At the moment, most our services are hosted by Digital Ocean. Current approach is to keep services on separate VPS (called "droplets" by Digital Ocean) for better isolation & to allow independent restarts / upgrades. This also allows us to measure performance & system load of each service independently. All droplets can only be accessed using ssh login with public key. Currently access to all droplets is granted to:
- Ivan Savenko
- Alexvins
- Warmonger
- Tow
- SXX
- kambala (
vcmi-artifactorydroplet)
Lobby is currently hosted on Hetzner, with migration of other services to Hetzner in plans. Login is via public key, currently granted to:
- Ivan Savenko
| VPS | Location | Specifications | Services |
|---|---|---|---|
vcmi-forum |
DO Droplet | 2 Gb / 1 CPU / 25 Gb / $12 (+20%) | Discourse forum. Note: 25 Gb droplet - ssd can be expanded, or we can downscale entire droplet to 1 Gb config |
vcmi-weblate |
DO Droplet | 2 Gb / 1 CPU / 50 Gb / $12 | Weblate |
vcmi-web |
DO Droplet | 512 Mb / 1 CPU / 10 Gb + 100 Gb / $4 (+20%) + $10 | Builds uploading from Github, Build download page, Legacy download page. Also contains nginx server for redirecting old bug tracker, old wiki, and old slack invite page |
vcmi-lobby |
Hetzner Server | 4 Gb / 2 CPU / 40 Gb / €4 (+20%) | Multiplayer lobby (lobby.vcmi.eu or beholder.vcmi.eu - deprecated) as we ll as API endpoint |
vcmi-artifactory |
DO Snapshot | 4 Gb / 2 CPU / 80 Gb / $24 | Conan Artifactory server |
vcmi-main |
DO Snapshot | ??? / $1 | Contains old bugtracker, forum, and wiki |
vcmi-second |
DO Snapshot | ??? / $1 | Contains old MP lobby and builds uploader |
Notes:
- All active VPS run Ubuntu 24.04
- VPS with deployed and tested services have backups enabled (+20% costs)
- In addition, we have separate 100 Gb volume for builds ($10 / month), currently attached to
vcmi-web
Rules to stick to
- SSH authentication by public key only.
- Incoming connections to all ports except SSH (22) must be blocked.
- Exception for HTTP(S) connection on ports 80 / 443 from CloudFlare IP Ranges.
- No one except core developers should ever know real server IPs.
- Droplet hostname should never be valid host. Otherwise it's exposed in reverse DNS.
- If some non-web service need to listen for external connections, it needs to use "Reserve IP" for it. If new services added firewall rules can be adjusted in DO control panel.
Domain names
| Domain | Content | Hosted on | Notes |
|---|---|---|---|
| vcmi.eu | Main page redirect | CNAME | No content, redirects to real main page |
| download.vcmi.eu | Public downloads & daily builds | vcmi-web |
- |
| upload.vcmi.eu | Domain name for uploading daily builds from Github | vcmi-web |
No http services |
| beholder.vcmi.eu | Multiplayer lobby | vcmi-lobby |
No http services. Used for VCMI 1.7.3 lobby and older. Deprecated in favor of lobby |
| lobby.vcmi.eu | Multiplayer lobby | vcmi-lobby |
No http services |
| api.vcmi.eu | Multiplayer lobby API endpoint | vcmi-lobby |
nginx acts as proxy to provide https wrapper for http-only REST API |
| forum.vcmi.eu | Discourse forum | vcmi-forum |
- |
| bugs.vcmi.eu | Bug tracker | vcmi-web |
Redirects to Github Issues |
| slack.vcmi.eu | Slack invite page | vcmi-web |
Redirects to main page |
| weblate.vcmi.eu | Weblate translation service | vcmi-weblate |
- |
| wiki.vcmi.eu | Wiki | vcmi-web |
Redirects to main page |
| vcmi.download | Main page redirect | CNAME | No content, redirects to main page |
| builds.vcmi.download | Public downloads | vcmi-second |
Redirects to download.vcmi.eu |
Self-hosted services
Currenly we have following services deployed:
Potential addition for the future:
- Conan Artifactory
- Crash reporter tool, such as GlitchTip
- (long-term) Expanded multiplayer lobby with cheat-proof game hosting
Web Hosting
For all web services we use Nginx, including websites that run on standalone servers. This allows to easily migrate more services onto another server that already has some services, and use nginx reverse proxy to host all such services on same 443 port.
For certificates all services use Cloudflare Origin certificates. These certificates are issued for free in Cloudflare web UI, have expiration period of 10 years (oldest VCMI certificate will expire in 2032), but can only be used by services that are located behind Cloudflare, which all VCMI services do. Client-facing certificates are managed and automatically updated by Cloudflare.
Configuration files
See scripts directory that contains most of customized configuration files used on our servers. For obvious reasons, sensitive parts that include password and other non-public data are excluded for it