Architecture
flowchart LR
DEV["You (home IP)"] -- "SSH 22 / 8002 (IP-locked)" --> SL{{"Security List"}}
subgraph OCI["OCI · Always-Free"]
SL --> VM["Compute instance"]
VM --> BRK["Firney broker :8002 (Docker)"]
end
ANS["Ansible install.yml"] -. configures .-> VM
CI["GitLab CI · deploy.sh"] -. provisions .-> OCIComponents
Compartment · VCN 10.0.0.0/16 + Internet Gateway · Security List (SSH/8002 from home IP only, egress all) · Compute instance · Ansible (Docker + broker) · GitLab CI.
Decisions
- IP-allowlist inbound (home IP → 22/8002) instead of the zero-port + Tailscale + tunnel model used on GCP — simpler to stand up, but ties access to a fixed IP and exposes ports (narrowly).
Related
Compiled from
wiki/projects/oracle-mcp-infrastructure/HLD.md · git is the source of truth