Welcome to my sovereign cloud

Wed, Jun 24, 2026

Right, so Hetzner increased its prices yet again. Little did I know that this move would be come as urgent as it did. Let it be said, however, that I have zero operational reason to leave Hetzner at all. They’ve been more than excellent over the past more than 20 years that I’ve done business with them. This move? All about financial priorities, and the current AI-driven hardware crunch is just speeding that along. The interesting end result is that I am now the proud owner of a fully sovereign cloud. On my desk.

The setup at Hetzner consisted of a triplet of VM’s that ran Talos Linux with Kubernetes on top and a dedicated networking-VM with OPNSense on it, so that Hetzner’s somewhat grungy idea of “private networking” could be tamed. At home this translates into three mini-PC systems also running Talos, and my existing old APU2c4 firewall also running OPNSense.

Sovereign cloud?

Of course I’m not running a hyperscaler from my desk, but there really isn’t anything that would stop you from scaling this concept up. Put three control plane servers in three datacenters reasonably far apart from one another. Sprinkle some worker nodes around them. Use Talos' out-of-the-box WireGuard overlay VPN for cluster communications and you’re all set. Sure you’d want to fiddle a bit with node affinity here and there to ensure workloads don’t stretch out geographically, but you could run an enterprise on a setup like this.

Did this cost me an arm and a leg? Well, yes. With the current RAM prices this setup was expensive but I’ll recover the cost in a little over a year. Given that I can power these little machines with free energy from my own roof and will have battery-backed UPS in the near future, things are looking good. The 1Gbps KPN fiber has been more than reliable enough for the past 9 years here, so I’m betting on that. Don’t let me down guys!

Backups

For storage, my nodes have their own 1TB SSD each. They send backups out to my old NAS which runs Garage, making it act like AWS S3 for cheap. The NAS, in turn, sends periodic snapshots of everything I really can’t lose out to the actual AWS S3. All fully encrypted of course.

Future plans

I’m all set to go back to a fully self-hosted setup again. Next step? E-mail! I’m looking forward to evaluating Stalwart. It looks a lot more modern than my existing Postfix/Dovecot combination that I’ve been lugging around and slowly improving since around 2004.