Executive Summary
hermit-ΞDC (hermit micro-datacenter) is a turnkey solution for deploying fully airgapped compute environments. It addresses the growing need for isolated computing infrastructure in scenarios where data sovereignty, security compliance, and network isolation are non-negotiable requirements.
Complete Isolation
From external networks by design
Modular Configs
2-node PoC ($300) to GPU clusters ($50k+)
AI Configurator
Design deployments without expertise
Infrastructure-as-Code
SysML 2.0 modeling + Ansible
Problem Statement
Organizations face critical challenges when deploying sensitive workloads:
| Challenge | Impact |
|---|---|
| Data exfiltration risk | Regulatory penalties, IP theft, privacy breaches |
| Complex security hardening | Requires specialized expertise, prone to misconfiguration |
| Vendor lock-in | Cloud dependencies create long-term cost and control issues |
| Compliance requirements | GDPR, HIPAA, ITAR demand provable data isolation |
Current solutions (air-gapped VPNs, enterprise firewalls) are:
- Expensive ($100k+ for enterprise solutions)
- Complex to configure correctly
- Still connected to the internet at some layer
Solution: hermit-ΞDC
Core Principles
1
Airgap by Default
No internet route exists. Period.
2
Single Point of Entry
WireGuard VPN with public-key authentication only
3
Local Everything
DNS, container registry, package mirrors all local
4
Verifiable Isolation
SysML model proves security constraints
Network Architecture
âââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â hermit-ΞDC Network â
â 192.168.200.0/24 â
â â
â ââââââââââââ ââââââââââââ ââââââââââââ â
â â Gateway ââââââ Compute ââââââ Storage â â
â â .1 â â .10-.19 â â .20-.29 â â
â â VPN/DNS â â Docker â â MinIO â â
â â DHCP/PXE â â K3s â â Registry â â
â ââââââŽââââââ ââââââââââââ ââââââââââââ â
â â â
â â WireGuard (only external access) â
âââââââââžââââââââââââââââââââââââââââââââââââââââââââââââââââââ
â
ââââââīâââââ
â Operator â (Pre-authorized VPN peer)
âââââââââââ
Network Segmentation (Subscription Model)
Support for managed deployment models with clear separation:
| Network | VLAN | Access | Purpose |
|---|---|---|---|
| Administration | 200 | Provider | Provisioning, management, updates |
| User Data | 201 | Customer | Workloads, data processing |
| Monitoring | 202 | Provider | Metrics, logs, alerting |
Target Use Cases
GDPR-Compliant AI
Schools, Medical, Legal
- Local LLM inference (Ollama, LocalAI)
- Patient records never leave premises
- Student data stays in-country
4 nodes, 2Ã RTX 4070, ~$7,600
Industrial OT/SCADA
Factory Floor Compute
- Isolated from IT network
- PLC data acquisition and processing
- Historian and analytics local
5 nodes, industrial-grade, ~$3,400
Research & Simulation
ML Training, Physics
- ML training on sensitive datasets
- Physics simulations with proprietary models
- High-performance GPU compute
6 nodes, GPU cluster, ~$20,000+
Hardware Test Labs
DUT Automation
- Device-under-test (DUT) automation
- Measurement data acquisition
- Isolated test environments
6 nodes with DAQ, ~$3,200
Managed Deployment
Subscription Model
- Provider manages infrastructure
- Customer owns data network completely
- Clear separation of responsibilities
Any config with multi-network
Technical Stack
| Layer | Technology | Rationale |
|---|---|---|
| Container Runtime | Docker + K3s | Lightweight, airgap-compatible |
| Networking | WireGuard | Modern, auditable, key-based |
| Provisioning | PXE + Ansible | Bare-metal automation |
| Storage | MinIO + NFS | S3-compatible object store |
| Monitoring | Prometheus + Grafana | Industry standard |
| Configurator | React + TypeScript + Zustand | Modern, type-safe frontend |
| AI Backend | Ollama + Express | Local LLM inference |
| System Model | SysML 2.0 | Formal verification |
Competitive Advantages
| Feature | hermit-ΞDC | Enterprise Solutions | DIY |
|---|---|---|---|
| True airgap | Yes | Partial | Manual |
| Cost (entry) | $300 | $100k+ | $500+ |
| Setup time | Hours | Weeks | Days |
| Configuration | AI-guided | Expert required | Expert required |
| Formal model | SysML 2.0 | Rarely | Never |
| Subscription support | Built-in | Complex | N/A |
Business Model Options
1. Open Source + Support
- Core platform free (GitLab)
- Paid support contracts
- Training and consulting
2. Managed Deployment
- Provider deploys and manages
- Monthly per-node or per-rack
- Admin/Monitoring provider-controlled
- User Data customer-exclusive
3. Hardware + Software Bundle
- Pre-configured hardware kits
- Ready-to-deploy systems
- Premium for turnkey solution
4. Enterprise License
- Extended hardware catalog
- Priority support
- Custom integrations
Risk Assessment
| Risk | Probability | Impact | Mitigation |
|---|---|---|---|
| Hardware supply chain | Medium | High | Multi-vendor support, BOM flexibility |
| Complexity for end users | Medium | Medium | AI-guided configurator, documentation |
| Security vulnerabilities | Low | Critical | Formal model verification, audits |
| Adoption resistance | Medium | Medium | Clear ROI, case studies |
| Maintenance burden | Medium | Medium | Automation, self-healing design |
Success Metrics
500+
GitHub/GitLab stars
100+
Deployments tracked
20+
Community contributors
5+
Enterprise customers
95%+
Documentation coverage
80%+
Test coverage