Stack Overview
Yamoria's infrastructure is built on a fully open-source stack: Linux (CachyOS/Arch-based) as the base OS, btrfs on LUKS for encrypted copy-on-write storage with atomic snapshots, WireGuard for encrypted mesh networking between nodes, nginx for edge serving, and systemd for service management. Container workloads use Docker and containerd with rootless configurations where possible. No component requires a foreign licensing server or API call to function.
Air-Gapped AI Deployment
Sovereign AI models must operate without external network dependencies. Yamoria's deployment process builds reproducible container images with all model weights, tokenizers, and inference engines baked in. Images are transferred to air-gapped environments via physical media or secure one-way data diodes. Once deployed, the inference stack operates entirely offline — no telemetry, no license checks, no calls home. Model updates follow the same physical transfer process with cryptographic verification.
Infrastructure as Code
Every Yamoria node is reproducible from a declarative configuration. Operating system, packages, firewall rules, service configurations, and monitoring are all version-controlled. A destroyed node can be rebuilt from configuration and backup within hours. BorgBackup with per-subvolume archives handles data protection, with manifests and subvolume layout documentation stored alongside every backup. pg_dumpall captures database state before each backup cycle.
Networking
WireGuard tunnels form a mesh network between all Yamoria nodes. External access routes through reverse proxy tunnels to static IP endpoints. DNS is distributed across multiple registrars and providers to avoid single points of failure. TLS certificates are managed by certbot for homelab nodes and by platform-native CAs for externally hosted services, ensuring diverse certificate authority coverage across the infrastructure.