hermit-Ī¼DC

Isolated Micro-Datacenter for Secure Compute & Instrumentation

šŸ”’ Airgapped āš” Low Power šŸ“Š DAQ Ready šŸ”§ Bare Metal
Get Started AI Configurator

What is hermit-Ī¼DC?

A self-contained, airgapped compute environment designed for isolated workloads, instrumentation, and sensitive data processing.

šŸ›”ļø

Complete Isolation

No default route to external networks. All egress blocked by firewall. Only controlled data input via sneakernet, data diode, or gated VPN.

šŸ”

Secure Access

Single ingress via WireGuard VPN. Peer whitelist authentication. All connections audited and logged.

šŸ“”

Instrumentation

Built-in support for DAQ systems, sensors, and measurement data. GPS/PTP timing reference. High-speed data streaming.

šŸ–„ļø

Bare Metal

PXE boot provisioning. Ansible configuration management. No Kubernetes overhead. Docker for containerized workloads.

šŸ“

Formally Modeled

Complete SysML 2.0 textual model. Requirements traceability. Part definitions, state machines, and deployment configurations.

šŸ’”

Low Power

Designed for 30-150W total. Runs on Raspberry Pi, NUC, or mini PCs. PoE support for clean cabling.

Architecture

hermit-Ī¼DC Architecture Diagram

Subsystems

šŸŒ Network Domain

  • Gateway (firewall, NAT)
  • WireGuard VPN server
  • Local DNS resolver
  • DHCP for PXE boot

šŸ’» Compute Domain

  • Bare metal nodes
  • Docker containers
  • Ansible managed
  • Prometheus metrics

šŸ’¾ Storage Domain

  • MinIO object storage
  • NFS for shared files
  • LUKS encryption
  • Measurement data archive

šŸ“Š Instrumentation

  • DAQ controllers
  • Signal conditioning
  • GPS/PTP timing
  • Sensor interfaces

Deployment Scenarios

Pre-configured hardware layouts for common use cases. Prices are estimates and may vary.

Minimal

2 nodes
~$250 ~30W

Development, testing, single workload. Gateway + hybrid compute/storage node.

2Ɨ RPi 4B 64GB Storage

Lab Bench

4 nodes
~$600 ~80W

Laboratory instrumentation with compute and DAQ. Separate storage node.

RPi + CM4 BeagleBone DAQ

Research Cluster

6 nodes
~$5,600 ~150W

Multi-node compute cluster with GPU and dedicated storage. For ML workloads.

4Ɨ Mini PC Jetson AGX NAS

Industrial OT

5 nodes
~$3,400 ~120W

Factory/SCADA environment with industrial-grade components and DAQ.

Siemens IPC DAQ Storage

GDPR Isolated LLM

4 nodes
~$7,600 ~350W

Local AI inference for schools, medical offices, legal firms. Data never leaves premises.

2Ɨ RTX 4070 Synology NAS GPU

AI Rendering Studio

5 nodes
~$20,500 ~800W

GPU cluster for Stable Diffusion, AI video, and content creation workflows.

2Ɨ RTX 4090 RTX 4070 TrueNAS

Lab Testing (DUT)

6 nodes
~$3,200 ~150W

Hardware test lab with data acquisition, measurement automation, and DUT control.

NUC + Mini PC 2Ɨ DAQ QNAP NAS

AI Configurator

Design your hermit-Ī¼DC deployment with an AI-guided wizard.

Launch Configurator

šŸ§™

6-Step Wizard

Guided configuration through form factor, scenario selection, network setup, nodes, services, security, and review.

šŸ–„ļø

Form Factors

Choose delivery method: 18" rack (recommended), 42U rack, desktop, container, or embedded. Hardware options curated accordingly.

šŸŽ®

GPU Support

Full NVIDIA and AMD GPU catalog. From Jetson edge devices to RTX 4090, L40, and datacenter accelerators.

šŸ¤–

AI Assistant

Context-aware chat for recommendations. Understands airgap architecture, scenarios, and security requirements.

šŸ§ 

AI/LLM Services

Pre-configured services: Ollama, LocalAI, ComfyUI, Stable Diffusion WebUI, and more for local AI workloads.

šŸ“Š

Config Analysis

AI-powered scoring across security, reliability, performance, power, and network. Actionable recommendations.

šŸ—ŗļø

Network Topology

Interactive visualization of your datacenter network. Drag-and-drop node positioning with React Flow.

šŸ“¦

Container Layout

Full container floor plan with racks, workspace furniture, insulation, partitions, and structural elements.

šŸ“¤

Multiple Exports

Generate SysML 2.0 models, Ansible inventory, Bill of Materials, WireGuard configs, and JSON backups.

šŸ”Œ

Multi-Project Gateway

AI backend supports multiple projects: hermit-Ī¼DC, SysML modeling, BeagleBone, Kiosk systems, and Velux automation.

SysML 2.0 Model

Formally modeled using SysML 2.0 textual notation with full requirements traceability.

Browse the complete model →

šŸ“¦ Part Definitions

System components: Gateway, ComputeNode, StorageNode, DAQController

šŸ”Œ Port Definitions

Interface types for network, power, data, and instrumentation

šŸ“‹ Requirements

17 requirements with formal constraints (FR, SR, PR)

šŸ”„ State Machines

Node lifecycle and data ingestion workflows

āš™ļø Configurations

4 deployment scenarios with concrete instances

šŸ‘ļø Views

Operator, Security, Architect, Instrumentation viewpoints

Key Requirements

ID Requirement Priority
FR-001 No default route to external networks Critical
SR-001 All egress traffic blocked by default Critical
SR-002 VPN authentication via public key Critical
FR-005 Container images from local registry only Critical
SR-003 All admin actions audited High

Getting Started

Recommended: Use the AI Configurator

The fastest way to design and deploy your hermit-Ī¼DC.

1

Launch Configurator

Open the AI-guided wizard to design your deployment.

Open Configurator
2

Configure with AI Assistance

Walk through scenario, network, nodes, services, and security. The AI assistant helps with recommendations.

3

Export Configurations

Download Ansible inventory, WireGuard configs, Bill of Materials, and SysML model.

4

Deploy

Use the generated Ansible playbooks to provision your nodes.

ansible-playbook -i inventory.yml site.yml
5

Connect via VPN

Use the generated WireGuard config to access your hermit-Ī¼DC.

sudo wg-quick up hermit

Alternative: Manual Configuration

For advanced users who prefer direct YAML editing.

1

Choose a Scenario

Pick a hardware configuration that matches your needs.

cp scenarios/minimal/config.yml my-hermit.yml
2

Customize Configuration

Set MAC addresses, IPs, and VPN peers.

vim my-hermit.yml
3

Generate Configs

Create preseed files, Ansible inventory, and WireGuard configs.

./scripts/generate-configs.sh my-hermit.yml
4

Deploy Gateway

Flash SD card, boot, run initial Ansible playbook.

ansible-playbook -i inventory.yml site.yml --limit gateway
5

PXE Boot Nodes

Power on remaining nodes - they auto-provision via PXE.

6

Connect via VPN

Use WireGuard to access your hermit-Ī¼DC.

sudo wg-quick up hermit

Controlled Data Input

Three methods for getting data into your airgapped environment.

šŸ’¾

Sneakernet

Physical USB transfer with cryptographic verification. Best for large datasets and initial setup.

  • Prepare signed package externally
  • Transfer via encrypted USB
  • Verify signature at air gap boundary
  • Import to internal storage
āž”ļø

Data Diode

Hardware-enforced one-way transfer. Highest security for continuous data feeds.

  • No return path possible
  • Streaming data ingest
  • Tamper-evident
  • Compliance-friendly
šŸ”

Gated VPN

Time-limited, operator-approved transfer over VPN. Best for frequent small transfers.

  • Operator approves each transfer
  • Time-boxed window
  • Full audit trail
  • Encrypted in transit