Sovereign Data Stack: Building an End-to-End Self-Hosted Digital Infrastructure 培训

Sovereign Architecture Design

• Threat modeling: identifying cloud dependencies and data egress points.
• Network topology: DMZ, internal zones, management network.
• Hardware selection: server, storage, networking, UPS.
• Disaster recovery sites and air-gap requirements.

Identity and Access Foundation

• Authentik deployment for SSO across all services.
• LDAP directory and group policy design.
• Step CA for service-to-service mTLS.
• YubiKey and hardware token enrollment.

Communication and Collaboration Hub

• Synapse/Element for chat and federation.
• Jitsi Meet for video conferencing.
• Roundcube/Nextcloud Mail for email.
• Nextcloud for file sync, calendars, and contacts.
• OnlyOffice integration for document editing.

Development and Operations Platform

• Gitea for source code and CI/CD.
• Woodpecker CI for automated builds.
• Nexus or Harbor for artifact and container registry.
• Wazuh for security monitoring and compliance.
• Uptime Kuma for service health dashboards.

AI and Knowledge Management

• Ollama deployment with local LLM serving.
• LibreChat for internal AI assistant access.
• Obsidian or Logseq for personal knowledge bases.
• Hoarder/ArchiveBox for web content preservation.

Security and Perimeter

• pfSense or OPNsense firewall deployment.
• Suricata IDS/IPS with custom rules.
• WireGuard/OpenVPN for remote access.
• Pi-hole DNS filtering and local resolution.
• Vaultwarden for team password management.

Backup, DR, and Operations

• BorgBackup central repository for all services.
• Database dump automation and off-site replication.
• Runbook documentation and incident response procedures.
• Capacity planning and scaling triggers.
• Quarterly sovereignty audit and dependency review.

Capstone Project

• Students present their fully operational sovereign stack.
• Peer review of architecture decisions and tradeoffs.
• Load testing and failure injection.
• Documentation handoff and operational readiness assessment.