Hybrid Cloudflare plus on-prem architecture locked
The architecture split for the engagement is fixed. Neither pure-Cloudflare (Monday plan, rejected for email sovereignty and LLM economics) nor pure on-prem (rejected for public surface cost). Cloudflare owns DNS, R2, D1, MCP Worker, Pages and Access. A single Framework Desktop owns SMTP, IMAP, FTP, LLM inference, Whisper and the Piler archive. Tailscale binds the box, the NAS, the laptops and Rani's phone.
Added
- Framework Desktop AMD Strix Halo 395+ with 128GB unified memory, ordered by Paul (€3,583 HT), ETA approximately 1 week
- Four R2 buckets planned:
sodimo-archive,sodimo-backup,sodimo-dashboards,sodimo-publicwith a 90d Standard → IA lifecycle - Bitwarden Teams EU adopted for credentials, 4 seats, €16/month, admin on admin@sodimo.eu, 2FA backup codes and LUKS passphrase in Paul's fire-safe
- Second-node decision deferred to T+90 dashboard review — one Framework plus Synology backup plus 2-hour RTO bare-metal restore is sufficient
- Four domains inventoried (sodimo.eu, yallafood.eu, cavisteduliban.fr, sodimonet.fr) and Strato mailbox weights captured across 33 mailboxes totalling ~45.5 GB
Changed
- LLM plan: cloud-only Opus (€1,640–2,500/month) → local Gemma 4 plus Qwen 3.5 MoE on the Framework box (~€210/month electricity), payback month 2
- Email plan: Strato (33 mailboxes, ~45.5 GB) → Postfix, Dovecot, rspamd and Piler on the Framework box — sovereignty and deletion guarantees Strato cannot give