sync 2026-03-31

.obsidian/workspace.json

@@ -13,12 +13,12 @@
             "state": {
               "type": "markdown",
               "state": {
-                "file": "30 - Resources/Tech/Server IPs & Ports.md",
+                "file": "30 - Resources/Tech/Torrents To Do.md",
                 "mode": "source",
                 "source": false
               },
               "icon": "lucide-file",
-              "title": "Server IPs & Ports"
+              "title": "Torrents To Do"
             }
           }
         ]
@@ -186,13 +186,15 @@
   },
   "active": "7f5335dedff3052d",
   "lastOpenFiles": [
+    "inbox.md~",
+    "30 - Resources/Tech/Server IPs & Ports.md",
+    "30 - Resources/Tech/aws-projects.md",
     "daily/2026-03-31.md",
     "20 - Areas/Writing/Essay ideas.md",
     "30 - Resources/Tech/Setup Optimization.md",
     "daily/2026-03-30.md",
     "daily/2026-03-31.md~",
     "routine.md",
-    "inbox.md~",
     "daily/2026-03-30.md~",
     "30 - Resources/Tech/Useful Commands.md",
     "30 - Resources/Tech/Torrents To Do.md",
@@ -207,7 +209,6 @@
     "30 - Resources/Tech/Questions.md",
     "30 - Resources/Tech/Resend.md",
     "20 - Areas/Writing",
-    "30 - Resources/Tech/Server IPs & Ports.md",
     "30 - Resources/Tech/Notes on Hardware.md",
     "30 - Resources/Tech/Phone Optimization.md",
     "20 - Areas/Job/BIS Safety Software Interview.md",
@@ -215,7 +216,6 @@
     "20 - Areas/Gaming/Steam Auth.md",
     "20 - Areas/Gaming/Starsector.md",
     "20 - Areas/Gaming/Launch Command.md",
-    "10 - Projects/CSC/Chapter 7/00 - Overview.md",
     "9999 - Media",
     "30 - Resources",
     "20 - Areas",

30 - Resources/Tech/Torrents To Do.md

@@ -47,6 +47,7 @@
 * ~~Black Label Society~~
 * ~~Soolking~~
 * ~~My something valentine~~
+* Kings of Leon
 
 * Rick & Morty
 * Arcane (both English and French)

30 - Resources/Tech/aws-projects.md

@@ -0,0 +1,167 @@
+# AWS Projects List
+
+A comprehensive list of AWS projects organized by domain, roughly ordered by complexity within each category.
+
+---
+
+## Where to Start
+
+Billing alarm → S3 backup bucket with IAM role → VPC from scratch in Terraform. Those three in sequence will teach you the three most foundational AWS concepts (cost awareness, IAM, networking) in a hands-on way before you touch anything else.
+
+---
+
+## Networking & VPC
+
+- Build a VPC from scratch with Terraform — subnets, route tables, internet gateway, security groups, no console clicking
+- Multi-tier VPC: public subnet (bastion/NAT), private subnet (app), isolated subnet (DB)
+- VPC Peering between two VPCs in the same account
+- Transit Gateway connecting multiple VPCs
+- Site-to-site VPN between your Proxmox homelab and AWS
+- AWS Client VPN for remote access (replace or complement Tailscale)
+- VPC Flow Logs into CloudWatch or S3 for network analysis
+- PrivateLink to expose a service privately across VPCs
+- IPv6 dual-stack VPC setup
+
+---
+
+## IAM & Security
+
+- Billing alarm via CloudWatch on day one — do this first, always
+- Multi-account setup with AWS Organizations and SCPs (Service Control Policies)
+- IAM Identity Center (SSO) across your accounts
+- Least-privilege IAM roles for every service — no root, no wildcard policies
+- AWS Config rules to detect drift from your security baseline
+- CloudTrail across all accounts logging to a central S3 bucket
+- GuardDuty for threat detection
+- AWS Secrets Manager for rotating credentials (replace any hardcoded secrets)
+- KMS customer-managed keys for encrypting S3, EBS, RDS
+- Security Hub aggregating findings across services
+
+---
+
+## Storage & Backup
+
+- S3 bucket for rclone backups from your Proxmox homelab with proper IAM roles
+- S3 lifecycle policies — transition to Glacier Instant Retrieval after 30 days, Glacier Deep Archive after 90
+- S3 versioning and Object Lock for immutable backups
+- S3 replication across regions for disaster recovery
+- AWS Backup for centralized backup policy across EC2, RDS, EFS
+- EFS (Elastic File System) shared across multiple EC2 instances
+- DataSync to migrate data from your TrueNAS to S3
+- S3 Intelligent-Tiering for your Immich photo archive offload
+
+---
+
+## Compute
+
+- EC2 instance Terraform-managed, no manual console setup
+- Auto Scaling Group with launch templates and scaling policies
+- Spot Instances for interruptible workloads to cut costs
+- EC2 Image Builder to create custom AMIs (like your NixOS or Fedora configs)
+- Systems Manager Session Manager instead of SSH (no open port 22)
+- Run your Ghost blog on EC2 behind an ALB
+- Run your open.mp GTA:SA server on EC2
+- Graviton (ARM) instances — cheaper, good for your Linux workloads
+
+---
+
+## Containers & Orchestration
+
+- Dockerize one of your existing services (Ghost, Navidrome, anything)
+- ECR (Elastic Container Registry) to host your Docker images
+- ECS Fargate — run containers without managing servers
+- ECS with EC2 launch type — more control, cheaper at scale
+- EKS (Kubernetes) cluster — the full platform engineering path
+- Helm chart deployment onto EKS
+- Migrate your Nginx reverse proxy pattern to an ALB + ECS setup
+- Service mesh with AWS App Mesh on EKS
+
+---
+
+## Serverless
+
+- Lambda function in Python or Node.js — start with something trivial
+- API Gateway + Lambda REST API
+- Serverless contact/order form for Nairi Café — API Gateway + Lambda + SES
+- Stripe webhook handler in Lambda for Nairi Café payments
+- Lambda@Edge for CloudFront request manipulation
+- EventBridge scheduled rules to trigger Lambda (replace cron jobs)
+- Step Functions for multi-step workflow orchestration
+- SQS queue between services for decoupling
+- SNS topic for fan-out notifications
+- DynamoDB + Lambda for a simple serverless backend
+
+---
+
+## Databases
+
+- RDS PostgreSQL in a private subnet, accessed via bastion
+- RDS Multi-AZ for high availability
+- RDS Read Replica for read scaling
+- Aurora Serverless v2 — scales to zero, good for Nairi Café
+- DynamoDB table with on-demand billing
+- DynamoDB Streams + Lambda for event-driven data processing
+- ElastiCache Redis in front of RDS for caching
+- Database Migration Service (DMS) to migrate an existing DB to RDS
+
+---
+
+## CDN & DNS
+
+- Route 53 hosted zone for one of your domains
+- Route 53 health checks and failover routing
+- CloudFront distribution in front of Nairi Café
+- CloudFront + S3 for a static site (could be a Ghost export)
+- CloudFront + ALB with custom cache behaviors
+- ACM (Certificate Manager) SSL cert for your CloudFront distribution
+- Route 53 latency-based routing between regions
+- WAF (Web Application Firewall) attached to CloudFront
+
+---
+
+## CI/CD & DevOps
+
+- GitHub Actions pipeline deploying to EC2 or ECS
+- CodePipeline + CodeBuild for a fully AWS-native CI/CD pipeline
+- CodeDeploy for blue/green deployments
+- Terraform Cloud or S3 remote state for your AWS Terraform (mirrors your Proxmox MinIO setup)
+- Terragrunt for DRY multi-account Terraform
+- AWS CDK in TypeScript as an alternative to Terraform
+- Atlantis on EC2 for GitOps-driven Terraform PRs
+
+---
+
+## Monitoring & Observability
+
+- CloudWatch dashboards mirroring your Grafana homelab setup
+- CloudWatch Logs for centralized log aggregation
+- CloudWatch Alarms + SNS email notifications (mirrors your Prometheus alerting)
+- AWS Managed Grafana pulling from CloudWatch
+- X-Ray distributed tracing on a Lambda or ECS workload
+- Container Insights for ECS/EKS metrics
+- AWS Distro for OpenTelemetry (ADOT) — bridge to your existing Prometheus stack
+
+---
+
+## AI & ML Infrastructure
+
+- SageMaker endpoint serving a pre-trained model
+- Bedrock API call from Lambda — easiest AI integration on AWS
+- S3 + Textract to extract text from scanned documents
+- Rekognition for image analysis (interesting given your photography)
+- Translate API — Armenian language translation pipeline, relevant to your wiki
+- Comprehend for NLP on your blog content
+- OpenSearch (managed Elasticsearch) for full-text search on your Ghost blog
+
+---
+
+## Real Projects Tied to Things You Already Run
+
+- Full AWS mirror of your homelab architecture — VPC, EC2s, ALB, Route 53 — Terraform-managed
+- Disaster recovery target for yeghiasargis.com on AWS
+- Nairi Café fully migrated to AWS — Aurora Serverless + ECS Fargate + CloudFront
+- Immich photo offload to S3 with lifecycle policies to Glacier
+- Armenian tech wiki search layer using OpenSearch
+- Multi-region Ghost deployment with RDS Aurora Global and CloudFront
+- Self-hosted Nextcloud backup to S3 (complement your existing VM 108)
+- AWS landing zone for a simulated startup — full multi-account, Organizations, SSO, CloudTrail, GuardDuty

inbox.md

@@ -1,8 +1,18 @@
 ~~make terminal animation smoother~~
 storefront publishable API:
 pk_444004f6709c8fbdfa54168bbd9e4bad6dc4b8c96063fefb8f6f0928556068a1
-what kind of online business can I do?
-time for workout blocks, showering included
+~~what kind of online business can I do?~~ = plan to make a startup, just needs time to find a need
+PRIORITY: time for workout blocks, showering included
 calendar:
 https://calendar.armstream.stream/dav.php/calendars/yeghiasargis@yahoo.com/default/
-add "yesterday" alias
+~~add "yesterday" alias~~ = mod+zd, you can already choose the date, unnecessary
+
+subsonic: sonic analysis through beets
+fix the damn volume info for headphone on nixOS
+consider domains hayteq.org and nairibakery.com
+remember to add tailscale IPs for remaining VMs and all devies
+what is RDP and kVM? (in detail) also ask other questions
+update GitHub READMEs as necessary
+VPCs?
+map $mod, I, to new terminal with inbox
+*nrXH!7%