Skip to content

LRON Infrastructure

Personal R&D cloud environment on Hetzner applying HDCP (Defence Hybrid Datacenter Cloud Partnership) principles.

LRON is a 3-VM K3s cluster managed by Rancher, running on Hetzner Cloud for EUR ~12.56/month. It serves as a proving ground for Defence datacenter concepts -- sovereign infrastructure, cattle-not-pets lifecycle, WAN emulation for degraded networks, and full-stack observability -- all at hobby-lab scale.

The domain vdhome.be hosts all services behind Caddy reverse proxy with Authelia TOTP authentication.

Quick Start

  1. Provision infrastructure -- cd tofu/ && tofu apply (creates VMs WITHOUT firewall, network, DNS)
  2. Bootstrap nodes -- cd ansible/ && ansible-playbook site.yml (K3s v1.34.6, CrowdSec, WireGuard)
  3. Attach firewalls -- tofu apply again after SSH on port 2222 is confirmed
  4. Install Rancher -- Helm install cert-manager 1.17.1 + Rancher 2.14.0 on cx33 Hub
  5. Deploy workloads -- Fleet 0.15.0 GitOps watches fleet/ directory for changes
  6. Spin up Beast -- ./scripts/beast-up.sh when burst x86 compute is needed

Architecture

flowchart TB
    Internet((Internet))

    subgraph Hetzner["Hetzner Cloud - FSN1"]
        subgraph PrivNet["Private Network 10.0.0.0/16"]
            Hub["cx33 Hub<br/>4 vCPU / 8 GB (51% used)<br/>91.98.121.97<br/>Rancher 2.14.0 + Observability"]
            DMZ["cx23 DMZ<br/>2 vCPU / 4 GB<br/>178.104.134.113<br/>Caddy + Authelia + ttyd"]
            Beast["cx53 Beast<br/>16 x86 vCPU / 32 GB<br/>Ephemeral Dev Node"]
        end

        Hub <-->|"Cilium pod network"| DMZ
        Hub <-->|"Cilium pod network"| Beast
        DMZ <-->|"Private 10.0.0.x"| Beast
    end

    Internet -->|"443/tcp (HTTPS)"| DMZ
    Internet -->|"51820/udp (WireGuard)"| Hub
    Hub -.->|"WireGuard tunnel"| Home["Home Workstation"]

    style Hub fill:#1a5276,stroke:#2980b9,color:#fff
    style DMZ fill:#7b241c,stroke:#c0392b,color:#fff
    style Beast fill:#1e8449,stroke:#27ae60,color:#fff
    style PrivNet fill:#1c2833,stroke:#566573,color:#fff

Budget Summary

Resource Spec Monthly Cost
cx33 Hub 4 vCPU / 8 GB / 80 GB EUR 6.49
cx23 DMZ 2 vCPU / 4 GB / 40 GB EUR 3.99
cx53 Beast 16 vCPU / 32 GB / 160 GB EUR 0.00 (hourly, ~EUR 1.44 for 40h)
Hetzner S3 etcd + tofu state (~1 GB) EUR 1.08
Private Network 10.0.0.0/16 EUR 0.00
Primary IPv4 (x2) Included with VMs EUR 0.00
Total (steady state) EUR 11.56
Total (Beast 40h/mo) ~EUR 12.56

Key Sections

  • Architecture -- VM topology, network design, Kubernetes setup
  • Operations -- Beast lifecycle, secrets, backups, sync
  • Security -- DMZ design, hardening, access workflows
  • Observability -- Monitoring, logging, alerting, uptime
  • HDCP Alignment -- How this lab maps to Defence datacenter concepts
  • Reference -- Costs, repo structure, risk register