Hybrid Cloudflare plus on-prem architecture locked
The architecture split for the engagement is fixed. Neither pure-Cloudflare (Monday plan, rejected for sovereignty over email and inference) nor pure on-prem (rejected for public surface cost). Cloudflare owns DNS, R2, D1, MCP Worker, Pages and Access. A single Framework Desktop owns SMTP, IMAP, FTP, AI inference, voice transcription and the mail archive. Tailscale binds the box, the NAS, the laptops and Rani's phone.
Added
- Framework Desktop AMD Strix Halo 395+ with 128GB unified memory, ordered by Paul, ETA approximately 1 week
- Four R2 buckets planned:
sodimo-archive,sodimo-backup,sodimo-dashboards,sodimo-publicwith a 90d Standard → IA lifecycle - Credentials are self-managed — the master admin uses a personal Gmail account and the credentials that matter are written down on paper
- Second-node decision deferred to T+90 dashboard review — one Framework plus Synology backup plus 2-hour RTO bare-metal restore is sufficient
- Four domains inventoried (sodimo.eu, yallafood.eu, cavisteduliban.fr, sodimonet.fr) and Strato mailbox weights captured across 33 mailboxes totalling ~45.5 GB
Changed
- AI plan: cloud-only Anthropic → local inference on the Framework box, with cloud escalation reserved for high-stakes work
- Email plan: Strato (33 mailboxes, ~45.5 GB) → Postfix, Dovecot, rspamd and Piler on the Framework box — sovereignty and deletion guarantees Strato cannot give