JW · Josh Weir
← Sovereign Infrastructure
Spoke · Sovereign Infrastructure

A bill of materials for a sovereign-infrastructure operator

2026-05-08By Josh Weir

People ask for the parts list. They are right to. The architecture matters, the philosophy matters, but at some point you have to assemble specific things in a specific order and turn them on. This piece is the bill of materials we use, in the rough sequence we deploy it, with honest notes on what each component costs and what it replaces.

Two caveats up front. First, the components are described in functional terms — the categories of software, not the specific products. Vendor names are deliberately omitted because the right specific choice changes faster than this article will be updated, and the architectural shape is more durable than any single brand. Second, the list is sized for a one-to-twenty-person operation. Smaller and you can collapse layers; larger and you start to want redundancy in places we do not bother with.

Hardware: three machines, three roles

The spine is three machines. Each has a single dominant role.

  • The always-on box. A small low-power mini-PC or single-board computer with at least eight gigabytes of memory and a hundred-and-twenty-eight gigabytes of solid-state storage. Job: never go down. Runs the home automation hub, a small Postgres-class database for hot operational state, and the local time-series store for sensor telemetry. Capital cost: a few hundred pounds. Power draw: under fifteen watts.
  • The workhorse. An Apple Silicon workstation with sixty-four gigabytes of unified memory and a terabyte of internal storage, supplemented by a four-terabyte external array for media and document archives. Job: heavy compute. Runs local language model inference, video rendering, document processing, embedding generation, the development environment. Capital cost: low single thousands. Replaceable in three years.
  • The gateway. A small public virtual server, two cores, four gigabytes of memory, fifty gigabytes of storage. Job: be the only public-facing IP, terminate inbound TLS, route into the private mesh. Operating cost: under fifteen pounds a month. Replaceable in fifteen minutes from a single configuration.

Total capital expenditure for the spine: under two thousand five hundred pounds, depreciating over three years, which works out to under seventy pounds a month all-in.

Network and identity

The three machines are joined by an encrypted-mesh network. Every device gets a stable hostname, every link between them is encrypted end-to-end, and there are no public ports open on the workhorse or the always-on box. The mesh runs on a free tier of an open-protocol service for personal use, with the option to self-host the coordination plane if we ever want to.

For inbound public traffic, the gateway runs a reverse proxy that handles ACME-protocol TLS issuance and renewal automatically, terminates HTTPS, and forwards by hostname into the private mesh. Every public hostname has a current certificate without us thinking about it.

For identity inside the stack, every internal service that needs authentication uses a single shared credential store. We avoid the complexity of a full single-sign-on for an operation this size; the discipline is that no service has its credentials stored anywhere except the credential store, and the credential store is backed up to encrypted offsite storage on a daily schedule.

Data layer

Three data stores serve the entire operation, each chosen for the shape of data it is best at.

  • Postgres-class relational store. Customer state, deal pipeline, content metadata, document templates, automation history. Open source, runs on the always-on box, backed up nightly to encrypted offsite storage with point-in-time recovery for the previous fourteen days.
  • Time-series store. System metrics, sensor telemetry, financial telemetry, social-platform engagement, message volumes. Open source, runs on the workhorse, retains everything for at least two years, exports cleanly to flat files for cold archive.
  • Vector store. Embeddings for retrieval against the knowledge base, transcripts of internal voice notes, scraped competitive intelligence. Open source, runs on the workhorse, rebuilds from source if the index is corrupted.

None of the three has an upstream vendor we have to call when something breaks. The complete state of any of them can be exported to a file, walked across to a new machine, and restored in minutes.

Workflow, observability, and the boring middle

The orchestration layer is open-source workflow software running on the workhorse. Every commercial workflow is expressed as a directed graph of steps. Every step is reversible. Every error routes to a single dead-letter queue with exponential backoff. Every execution writes a measurement to the time-series store recording duration, AI cost, and human-time-equivalent saved.

Observability runs on the workhorse: a metrics-collection daemon scraping the orchestration layer, the data stores, and the host operating systems; a dashboard layer for human-readable views; an uptime checker that pings the gateway and the always-on box every minute and alerts via the messaging stack if anything fails three checks in a row.

The version control and code-hosting layer runs on the workhorse. Every configuration file, every infrastructure-as-code definition, every workflow export, every internal note is version-controlled. The whole repository mirrors to a public hosted service nightly as a disaster-recovery measure, encrypted before it leaves.

Edge services we deliberately rent

The edges of the stack are rented because the specialisation genuinely compounds.

  • Transactional email delivery: a specialist deliverability service. Self-hosting email outbound is a full-time job and we are not in that business.
  • DNS at the registrar level: a managed registrar with API access. We control the records via infrastructure-as-code; the registrar runs the resolvers.
  • Public CDN for anonymous static traffic: a free-tier CDN in front of the gateway. Reduces load and gives us a basic geographic distribution we would not bother with otherwise.
  • Frontier model inference: paid endpoints, called only by the model router when a local model has failed the quality bar. Cost is low because the router does its job.
  • Cold offsite backups: an object-storage service with a region we do not operate in. Encrypted, versioned, and cycled monthly.

What the bill actually comes to

For an operation of our size, the all-in monthly operating cost of the sovereign stack — including amortised hardware, the gateway VPS, DNS, deliverability, CDN, AI inference, and offsite backups — is under three hundred pounds. The closest equivalent rented stack we have priced, with vaguely comparable capability across the same workflows, sits north of two thousand pounds a month and rises every year.

The difference is the capital expenditure on the workhorse and the always-on box, paid up front and depreciated over three years, against the time spent assembling and maintaining the stack. We have written that time off as a fixed-rate engineering investment because the resulting infrastructure is also our most reusable client deliverable. For an operator who is not in the consulting business, the labour is real and worth pricing honestly into the calculation.

The takeaway

The bill of materials is unsentimental: three machines, an encrypted mesh, three data stores, an orchestration layer, an observability layer, a credential store, version control, and a small list of deliberately rented edges. None of it is exotic. All of it is documented, replaceable, and operator-readable. The architectural value is in the discipline of keeping the spine sovereign and the edges rented, and in writing the whole thing down in a form that another competent operator could rebuild in a week.

If you are evaluating a sovereign rebuild, start with the parts list. The architecture follows. The opinions follow. The parts list is concrete, costs real money, and forces the conversation away from theology and back into operations.

Working on this?

For operators evaluating sovereign-infrastructure architecture for a business of meaningful scale, we run a quarterly cohort of stack-design engagements.

Get in touch

Search terms this article addresses

self-hosted infrastructure parts list uksovereign infrastructure setup guideoperator-grade self-hosting stacksmall business self-hosted setupapple silicon home serverself-hosted database stack ukprivate mesh network setupopen source business software stack

Related under Sovereign Infrastructure

Sovereign Infrastructure

The compounding tax of renting your operational stack

Sovereign Infrastructure

Zero-trust networking patterns: encrypted-mesh ACLs in practice

Sovereign Infrastructure

Self-hosted observability without the SaaS lock-in