Sovereign, High-Availability Bare-Metal Infrastructure.
This repository serves as the central Source of Truth for the IRONVAULT project's architecture, strategic mandates, and risk management framework.
IRONVAULT is a mission-critical infrastructure designed to host sovereign services (FinTech, HealthData, and State Systems). By rejecting public cloud dependencies, it ensures total hardware-to-software control, high-availability through 3-node clustering, and immutable security.
- Operating System: NixOS (Declarative & Immutable)
- Provisioning: Nix Flakes (Hermetic Reproducibility)
- Orchestration: K3s / Kubernetes (Self-healing Cluster)
- Storage: ZFS / Ceph (Data Integrity & Snapshots)
- Security: LUKS (Encryption at Rest) & WireGuard (Zero-Trust Networking)
This project follows the ADR (Architecture Decision Record) standard to document every strategic pivot:
- /docs/adr: Rationale behind infrastructure, networking, and security choices.
- /docs/risk-analysis: Threat modeling and mitigation strategies (MRI).
- /docs/compliance: Roadmap for ISO/IEC 27001 and GDPR alignment.
- Phase 1: Governance (ADR-001, Risk Matrix, Repo Structure)
- Phase 2: Core Hardening (NixOS Bare-metal, Disk Encryption, SSH Zero-Trust)
- Phase 3: Cluster Formation (Multi-node Networking, K3s Orchestration)
- Phase 4: Service Deployment (High-Availability Database, Private Cloud API)
- Implementation (IaC): IRONVAULT-infra
