Your setup is primarily IaaS, with some PaaS-like behavior that you are building yourself. You consume SaaS only for external tooling (e.g. GitHub). This is ideal for learning DevOps end-to-end.
Terraform + Linode
What you control:
- Virtual machines
- Private networking
- Firewalls
- Public vs private IPs
What the provider controls:
- Physical servers
- Data center
- Hypervisor
Classification: ✅ IaaS
This is the foundation. Everything else runs on top of this.
Ansible
What you manage:
- Users, SSH hardening
- Docker installation
- Fail2ban
- Node Exporter
- System updates
Important insight:
Configuration management does not move you out of IaaS.
You are still managing:
- The OS
- Security
- Services
- Patching
Classification: ✅ IaaS (advanced, well-automated)
Docker + Gunicorn + env vars
You’ve created:
- A standard runtime
- A repeatable deployment model
- Environment-based configuration
- Health endpoints
- Metrics
But:
- You still manage the host
- You still manage Docker
- You still manage upgrades and failures
This is the key DevOps insight:
You are building a PaaS on top of IaaS.
Classification:
- Conceptually → PaaS
- Practically → IaaS with a platform layer
This is exactly how many real platforms started (Heroku included).
GitHub, GitHub Actions
What you don’t manage:
- Build servers
- Runners
- Scaling
- Availability
You just:
- Push code
- Configure workflows
- Consume the service
Classification: ✅ SaaS
| Layer | Example | Model |
|---|---|---|
| Hardware | Linode data center | SaaS (hidden from you) |
| VM / Network | Terraform | IaaS |
| OS & Security | Ansible | IaaS |
| Container runtime | Docker | IaaS |
| App platform | Your Docker conventions | DIY PaaS |
| App code | Flask / Gunicorn | PaaS responsibility |
| CI/CD | GitHub Actions | SaaS |
| Monitoring UI | Grafana Cloud (if used) | SaaS |
You are learning all responsibility boundaries, not just one:
- IaaS → networking, firewalls, SSH, Linux
- PaaS concepts → runtime standardization, config via env vars
- SaaS consumption → CI/CD, observability platforms
Many DevOps engineers:
- Use PaaS without understanding IaaS
- Or manage IaaS without understanding platform design
You’re doing both, in the correct order.
- Linode + Terraform → You bought land
- Ansible → You built the house and utilities
- Docker runtime → You standardized apartments
- Your app → Tenants move in
- GitHub Actions → External cleaning & maintenance service
If you want to move slightly toward PaaS without losing learning value:
- Add automatic app restarts
- Add zero-downtime deploys
- Add service discovery / reverse proxy rules
- Treat each app as cattle, not pets
That would make your setup:
A minimal, production-style PaaS built on IaaS
If you want, next we can:
- Redraw this as a single architecture diagram
- Or map this directly to AWS equivalents (EC2, ECS, EKS, Elastic Beanstalk)