firefrost-operations-manual/docs/architecture-decisions.md

Architecture Decisions Log

Decision Record: Infrastructure Role Assignments

Date: February 8, 2026
Status: APPROVED - Implementation in Progress

---

Context

Phase 0 Vanilla Reset completed. Need to decide where Phase 0.5 management services deploy:

• Option 1: Command Center (original plan)
• Option 2: TX1 Dallas (consolidation on underutilized dedi)
• Option 3: New VPS (additional cost)

After full infrastructure audit, we have:

• 4 VPS (modest specs)
• 2 Dedicated Servers (32 vCPU, 256GB RAM each - massively underutilized)

---

Decision: TX1 Dallas = Management Hub

Command Center (63.143.34.217 + /29):

• Role: Pure Frostwall Gateway ONLY
• Purpose: Game traffic proxy (Cloudflare → Command Center → GRE → Hidden servers)
• No management services - Optimized for bandwidth/forwarding
• Specs: 2 vCPU, 4GB RAM, 10TB bandwidth @ 1Gbps

TX1 Dallas (38.68.14.26):

• Role: Management Services Hub + Game Servers
• Current: 6 game servers, 1% RAM usage (2.9GB/256GB)
• Phase 0.5 Deploys HERE:
  • Gitea (migrate from Command Center)
  • Uptime Kuma (status.firefrostgaming.com)
  • BookStack (docs.firefrostgaming.com)
  • Netdata (analytics.firefrostgaming.com)
  • Vaultwarden (vault.firefrostgaming.com)
• Specs: 32 vCPU, 256GB RAM, 1TB disk
• Impact: +3GB RAM, +2.5 vCPU (negligible on 256GB system)

NC1 Charlotte (216.239.104.130):

• Role: Pure game server workload
• Current: 9 game servers, 7% RAM usage (18GB/256GB)
• No management services - All resources for games

Ghost VPS (64.50.188.14):

• Role: Marketing + Flex Capacity
• Decision: KEEP (not cancel)
• Purpose: Ghost CMS + future testing/staging/emergency failover
• Cost: $10/month justified for operational flexibility

---

Rationale

Why TX1 for Management:

• ✅ Already paying $160/month for dedis (zero additional cost)
• ✅ Massively underutilized (1% RAM, light CPU)
• ✅ Management services tiny compared to game servers (~3GB vs 256GB available)
• ✅ Clean separation: Gateway = Command Center, Operations = TX1
• ✅ Professional architecture without new VPS cost

Why Keep Command Center Pure:

• Frostwall Gateway is public-facing (different security posture)
• Mixing management + game proxy creates complex attack surface
• 2 vCPU sufficient for proxy, not ideal for dual-role

Why Keep Ghost VPS:

• Marketing site isolation (public-facing)
• Emergency failover capacity
• Future expansion flexibility
• $10/month = cheap insurance

---

Impact Analysis

Capacity:

• NC1: Can handle 20-25 game instances (currently 9)
• TX1: Can handle 18-23 game instances after management (currently 6)
• Total: 38-48 instances possible (currently 15 = 40% utilization)

Cost:

• Current: $207/month
• After: $207/month (no change)
• Savings from optimization: $0 (but better architecture)

Performance:

• Management services: <5% impact on TX1 capacity
• Command Center: Freed up for pure Frostwall focus
• NC1: Unchanged, dedicated to games

---

Related Fixes

ATM10 Performance Issue (NC1):

• Problem: Server ticks falling behind
• Root Cause: -Xms128M -XX:MaxRAMPercentage=95.0 (dangerous heap)
• Fix: Changed to -Xms12G -Xmx12G (fixed heap)
• Date: 2026-02-08 15:52
• Result: Consistent GC, no resizing pauses

---

Next Steps

1. ✅ ATM10 fix applied (testing in progress)
2. ⏳ Deploy Uptime Kuma on TX1 (Phase 0.5 Service 2/5)
3. ⏳ Deploy BookStack on TX1 (Phase 0.5 Service 3/5)
4. ⏳ Migrate Gitea: Command Center → TX1
5. ⏳ Deploy Netdata, Vaultwarden on TX1
6. ⏳ Future: Rebuild Frostwall GRE tunnels (post-Phase 0.5)

---

End of Decision Record