Sovereign Data Stack: Building an End-to-End Self-Hosted Digital Infrastructure Training Course

Sovereign Architecture Design for Government

• Threat modeling: Identifying cloud dependencies and data egress points to enhance security.
• Network topology: Implementing DMZ, internal zones, and management networks to ensure secure data flow.
• Hardware selection: Selecting appropriate servers, storage solutions, networking equipment, and uninterruptible power supplies (UPS) for reliable operations.
• Disaster recovery sites and air-gap requirements to maintain continuity of operations during emergencies.

Identity and Access Foundation for Government

• Authentik deployment for single sign-on (SSO) across all government services.
• LDAP directory and group policy design to manage user identities and access controls effectively.
• Step CA for service-to-service mutual Transport Layer Security (mTLS) to secure internal communications.
• YubiKey and hardware token enrollment to strengthen authentication mechanisms.

Communication and Collaboration Hub for Government

• Synapse/Element for secure chat and federation capabilities within government agencies.
• Jitsi Meet for secure video conferencing solutions.
• Roundcube/Nextcloud Mail for robust email services.
• Nextcloud for file synchronization, calendar management, and contact sharing.
• OnlyOffice integration for efficient document editing and collaboration.

Development and Operations Platform for Government

• Gitea for source code management and continuous integration/continuous deployment (CI/CD) pipelines.
• Woodpecker CI for automated build processes to streamline development workflows.
• Nexus or Harbor for artifact and container registry management to ensure secure software distribution.
• Wazuh for comprehensive security monitoring and compliance reporting.
• Uptime Kuma for real-time service health dashboards to enhance operational visibility.

AI and Knowledge Management for Government

• Ollama deployment with local language model serving to support government-specific applications.
• LibreChat for access to internal artificial intelligence (AI) assistants, enhancing productivity and decision-making.
• Obsidian or Logseq for personal knowledge base management, facilitating information retention and sharing.
• Hoarder/ArchiveBox for web content preservation, ensuring long-term access to critical information.

Security and Perimeter for Government

• pfSense or OPNsense firewall deployment to protect against external threats.
• Suricata IDS/IPS with custom rules to detect and prevent intrusions.
• WireGuard/OpenVPN for secure remote access, ensuring authorized personnel can work remotely.
• Pi-hole DNS filtering and local resolution to enhance network security and performance.
• Vaultwarden for team password management, enhancing credential security.

Backup, DR, and Operations for Government

• BorgBackup central repository for all government services to ensure data integrity and availability.
• Database dump automation and off-site replication to protect critical information from loss.
• Runbook documentation and incident response procedures to guide staff during emergencies.
• Capacity planning and scaling triggers to maintain optimal performance under varying loads.
• Quarterly sovereignty audit and dependency review to ensure ongoing compliance and security.

Capstone Project for Government

• Students present their fully operational sovereign stack, demonstrating its readiness for government use.
• Peer review of architecture decisions and tradeoffs to ensure best practices are followed.
• Load testing and failure injection to validate system resilience and reliability.
• Documentation handoff and operational readiness assessment to facilitate smooth transition and ongoing support.