Solidblocks is a collection of components, patterns and best practices to deliver cloud infrastructures and application deployments. With a focus on the Hetzner Cloud as deployment target it leans towards simple and easy to maintain architectures based on battle-tested open source components.
Many components are available as open source components. As an infrastructure specialist, I am happy to provide you with hands on help and support for your application deployment needs, ranging from turnkey ready-to-use solutions to partially or fully managed environments for your applications.
Features
Detailed runbooks for day-to-day operations
Battle proven PostgreSQL solutions with integrated backups
Tested blueprints for common infrastructure setups
Hosting
Open Source
Host open source solutions like Keycloak, PostgreSQL, GitLab, Grafana, HashiCorp Vault, and many more. Based on common and proven deployment patterns, custom open-source hosting on top of Solidblocks combines a stable hosting solution with the option to taylor the solution to your specific needs.
Custom Applications
From greenfield JVM or .NET Core projects, over Python and Ruby-based solutions, to matured PHP applications. Solidblocks extendability makes it the perfect platform to host your bespoke business applications, or give legacy applications a new life and a stable environment.
Maintenance & Overhaul
Depending on the underlying ecosystem or framework of your application, Solidblocks components, such as Keycloak or Woreguard, can be retrofitted to strengthen the security of your application. This will secure your application, thereby extending its lifetime.
Simplicity
Your Code
You have complete ownership of the code for your solution; there are no proprietary components, you can fork it anytime you want if necessary. Depending on the scope and goal of the solution, pairing and/or co-creating on your code can ensure that the knowledge and the routines necessary to maintain and operate your applications are well distributed.
Your Servers & Data
For managed solutions, all resources can be hosted in your own cloud accounts, ensuring you always have access to all VMs and data. This applies to all services used to build your solution, such as AWS, Hetzner Cloud, Elastic.co, and more. Since you own the accounts, you can take over control at any time.
Virtual Maschines & Servers
Although a full-fledged container orchestration like Kubernetes has its benefits, sometimes a simpler solution based on Virtual Machines (VMs) or even bare metal can be more cost-effective, and easier to handle, maintain, and operate. If available, deploying to on-premise hardware is also an option, to better utilize already existing gear.
Infrastructure as Code
All deployed resources are described and deployed with infrastructure-as-code solutions such as Terraform, OpenTofu, and Ansible. For applications lacking an automation front-end, custom solutions can be implemented and integrated into the deployment lifecycle.
Developer experience
The deployment process is designed for ease of use on developer machines and for integration into common CI/CD systems like GitHub, GitLab, Jenkins, and others. Each solution comes with a developer-friendly build system, facilitating the deployment and interaction with the deployed resources.
Security & Data Safety
Updates
All components like operating systems and software packages are regularly updated. Where applicable, tools like renovate are integrated into the deployment process to ensure everything is always up-to-date.
Encryption
All data stored outside the cloud, such as backups, is encrypted by default to protect against accidental exposure of sensitive information.
Secret Rotation
All secrets and user credentials can be rotated at anytime to mitigate the risk of long-lived credentials that may leak over time. This also allows for a quick deprecation of existing secrets and credentials in case of a leak.
Backups
Encrypted data backups to other clouds like AWS or GCP provide an extra layer of security for your data and reduce the blast radius in case of accidental data deletion or configuration mistakes.
CVE Scans
Automated CVE scans, coupled with an always up-to-date SBOM, make it easy to discover security-critical bugs early on and to mitigate them.
IDP/IAM
IDM solutions like Keycloak can easily be integrated to secure your application or, in combination with Hashicorp Vault, to secure SSH access to your VMs with short-lived secrets.
Deployment Lifecycle
Environments
Multi-environment support is a first-class citizen. It can be used to support your application lifecycle and to provide different test environments.
Bootstrapping
Deletion and bootstrapping of environments is systematically tested to ensure there are no hidden cyclic dependencies in the infrastructure setup. This method also confirms that the code which is only executed during the initial setup continues to function correctly.
Disaster Recovery
Restoring environments from backups is tested regularly and is included in both the playbooks and developer briefings. All components are designed in a way, that the entire environment can be destroyed at any time, and then fully rebuilt from the backups.
Logging & Monitoring
Logs
Logging platforms like Elastic.co can be used to ingest all application and VM logs and help to detect and resolve errors early on. Also haveing central logs can help to and debug bugs.
Metrics
Application and VM metrics can be gathered on analytics platforms, such as Grafana or Elastic.co. These platforms are useful for detecting and visualizing application usage, performance, long-term trends, and can help in sizing decisions.
Tagging
All logs and metrics are tagged with information about the environment, service, version, etc., and are also enriched with events such as deployments. This makes it easy to correlate issues and bugs with different application versions and deployments.
CI/CD
Deployment
The deployment can easily be integrated into all major CI/CD systems or into already existing application build pipelines.
Testing
Infrastructure integration tests in the deployment process ensure that the deployment is successful. They also serve as a canary to warn when parts of the infrastructure or application are broken or in a degraded state.
Documentation & Support
Playbooks
Playbooks are a crucial part of every solution and provide detailed procedures for scenarios like disaster recovery or secret rotation during emergencies. They also provide information for general operation and maintenance.
Fire Drills
Regular exercises ensure that crucial steps that are seldom used still work as intended, and that developers are comfortable with executing them.
Support
In the event of critical errors, such as system crashes or data loss, German and English emergency support is available via email, phone, or chat.