Landscape — engineering-readable one-pager¶

A single-page overview of the application + infrastructure estate. For deeper detail follow the links into the per-app docs and other overview pages.

For the executive version of this material — costs, self-hosting savings analysis, business-language risks, continuity & access, decisions needed — see overview/executive-summary.md. This landscape.md is the lighter engineering-aware view.

Last reviewed: 2026-05-07.

At a glance¶

32 services across 4 owned domains running on 3 OCI VPSes + 5 Oracle Autonomous Databases in 2 OCI tenancies (uk-london-1).
GoDaddy for domain registration and Microsoft 365 mailboxes (≥3 separate M365 tenants).
Microsoft Azure (Entra) is used for app registrations only (no Azure compute / storage / databases) and lives across two different M365 tenants we don't all administer:
- Our own Project Eidos M365 tenant — Teams Bot via Bot Framework; SSO + Microsoft Graph (calendar / leave) for the Eidos TnE Connect tenant. We administer this directly.
- Fourway's own M365 tenant — SSO + Microsoft Graph (calendar / leave) for the Fourway TnE Connect tenant. Registrations live in Fourway's tenant; Fourway's tenant administrator manages consent, not us. We hold only the client ID + secret needed by APEX.
Two Caddy proxies + one Traefik (Dokploy) front the 32 services. Subdomain DNS → Caddy on E1 → E2; WordPress apex DNS → E2 Traefik direct.
Caddyfiles are not in Git — already caused one full outage.

graph TB
    Net((Internet)) -->|subdomain DNS| CaddyE1[Caddy on E1<br/>140.238.97.163<br/>1 vCPU / 6 GB Free]
    Net -->|WP apex DNS| TraefikE2[Traefik on E2<br/>145.241.230.130<br/>3 vCPU / 18 GB Free]
    Net --> CaddyO1[Caddy on O1<br/>140.238.90.91<br/>Free A1]
    CaddyE1 --> E2Dokploy[Dokploy on E2<br/>same host as Traefik]
    CaddyE1 --> E5[(Paid ADB E5<br/>Parallax + apex-ur)]
    CaddyE1 --> E3[(Free ADB E3<br/>TnE Connect Eidos<br/>+ apex1.PE)]
    CaddyE1 --> E4[(Free ADB E4<br/>Fourway tenant<br/>+ apex2.PE)]
    E2Dokploy --> Apps9[GitLab · Teams Bot · 3 WordPress<br/>· 3 Twenty CRMs · Dokploy itself]
    TraefikE2 --> Apps9
    CaddyO1 --> Apps15[15 internal `*.448.global` apps<br/>incl. Vault · Authentik · MinIO · n8n · SQLcl]
    CaddyO1 --> O2[(Free ADB O2<br/>apex1.448)]
    CaddyO1 --> O3[(Free ADB O3<br/>apex2.448)]
    AZ_PE[Project Eidos M365 tenant<br/>App registrations:<br/>· Bot Framework<br/>· SSO + Graph for Eidos tenant]
    AZ_FW[Fourway M365 tenant<br/>App registrations:<br/>· SSO + Graph for Fourway tenant<br/><i>administered by Fourway, not us</i>]
    AZ_PE -.->|Bot Framework| E2Dokploy
    AZ_PE -.->|SSO + Graph| E3
    AZ_FW -.->|SSO + Graph| E4

Who's who¶

Person	Role
Stacy Carpenter	Company owner — Vault unseal-key holder; manages GoDaddy account
Adam Pitt-Stanley	Company owner — Vault unseal-key holder; manages GoDaddy account
Tracey Weetman (traceyweetman@projecteidos.com)	Oracle Lead — admin on EIDOSDev1, primary contact with Oracle
Bradley Leggett (BradleyLeggett@projecteidos.com)	DBA — Oracle databases admin; Vault unseal-key holder
Vishnu Kant (vishnukant@projecteidos.com)	Solutions Architect — additional admin on ORA448Global (Adam is owner), manages all 32 apps; Vault unseal-key holder
Sergiu Pop	IT assets (laptops, office networking) + Oracle APEX development consultant — primary contact for endpoint provisioning, VPN client rollout, and the UK / India office leased-line setup

Estate by audience¶

pie title Apps by audience
    "Customer-facing (13)" : 13
    "Shared infra (10)" : 10
    "Internal tools (9)" : 9

Layer	Count	Why it matters
Customer-facing	13	Direct revenue / brand impact when down.
Shared infrastructure	10	Failure cascades to everything that depends on them.
Internal tools	9	Productivity loss but no customer impact.

Domains & where they live¶

Domain	Role	Hosting tenancy
`projecteidos.com`	Public product + corp	EIDOSDev1 (Caddy E1 + Dokploy E2 + Paid + Free ADBs)
`eidos-global.com`	Corporate / CRM	EIDOSDev1 (Dokploy E2: WordPress + 2 Twenty CRMs)
`tneconnect.app`	Workforce product	EIDOSDev1 (Dokploy E2 for WordPress + CRM; Free ADBs E3/E4 for tenants)
`448.global`	Internal infrastructure estate	ORA448Global (single VPS O1 + 2 Free ADBs)

Full domain registry, DNS records, registrar credentials and renewal status: domains.md.

Where the risk concentrates (concrete read)¶

These are the top operational risks, ranked, with the active known-issues entries. Treat as the Phase-2 agenda.

Caddyfile not in Git (KI-001) — already caused a full outage. Highest priority.
O1 single-VPS SPOF — 13 internal apps including Vault and Authentik on one Free Tier Ampere A1. A reboot or instance reclaim takes the entire *.448.global estate down.
E2 single-VPS SPOF — 9 PE-side apps (including GitLab and 3 customer-visible WordPress sites) on one 3-vCPU Free VPS. GitLab alone is normally sized at 8 GB RAM dedicated. WP + CRMs + Bot + GitLab on a 3-vCPU box is aggressive resource packing.
Parallax prod + pre-prod share one ADB (KI-005) — paying-customer system with no environment isolation.
Fourway tenant on Free Tier auto-pausing ADB (KI-006, KI-035) — a paying client (~150 users, heavy staff PII) on infra Oracle can pause and disclaim SLA on. Compounded by Oracle 19c → 26ai migration pending (KI-036) — major-version upgrade with no rollback path.
Single region (uk-london-1) for both tenancies — no cross-region DR.
Bradley's personal Bitwarden (KI-007) — shared credentials outside Vault.
No auto-update on Dokploy apps (KI-004) — including 3 public WordPress sites and self-hosted GitLab.
GoDaddy keystone risk — domains + email + DNS in one provider.
Custom SQLcl image not in Git or registry (KI-003); IP volatility breaks n8n CI/CD pipelines (KI-002).

Reading order for a new leader¶

This file (landscape.md).
infra/known-issues.md — what's on fire today.
infra/cloud-accounts.md — who pays / who has root.
infra/servers.md — every machine.
infra/proxies.md — every URL → server map.
risk-heatmap.md — where to invest.
Per-app docs in apps/ — drill in as needed.