Architecture
Each layer serves a specific function in the infrastructure stack, from bare metal to applications.
Layer 1 → 6
Multi-layer infrastructure stack
Bare-metal / On-prem / Cloud VMs
Hetzner, OVH, On-prem, AWS, Azure, GCP
Network & Routing
VLAN segmentation, Tailscale/Headscale mesh (WireGuard), Proxmox firewall, fail2ban, knockd, optional VRRP failover IPs
Virtualization
Proxmox VE cluster on Debian, LUKS-encrypted data disks, LXC + KVM workloads
Distributed Storage & Cluster
Ceph on LUKS-encrypted OSDs, Proxmox HA cluster, automatic VM/LXC scheduling across nodes
Platform Services
Database, identity, mesh control plane, secrets, monitoring, bastion, loadbalancer, backup (PBS), firewall, storage
Applications
Internal apps, customer workloads, external traffic
Each layer serves a specific function in the infrastructure stack, from bare metal to applications.
Security is enforced at every layer with network isolation, encryption, and access controls.
Built-in redundancy and automated failover mechanisms ensure high availability.
Infrastructure Flow
Infrastructure Flow
All traffic encrypted with TLS, authenticated via PKI