Role: Critical Infrastructure.
Hardware: 3x Hetzner Cloud VPS (Cluster).
Services: OpenLDAP (Identity Root), Grafana/Loki (Observability), Tailscale Gateway (Ingress).
Role: Owner's Private Suite.
Hardware: Isolated Bare Metal (Auction Server).
Security: Local Authentication Only. Air-gapped from Learner traffic.
Services: n8n (Logic Brain), Nextcloud, Finance.
Role: Management Plane.
Hardware: Hetzner Dedicated AX52.
Services: Authentik (SSO Federation), Proxmox VE Host.
Role: Collaborative Workspace.
Access: Authenticated via Zone 2 SSO.
Services: GitLab CE, Jitsi, Discourse, HumHub.
Role: Untrusted Sandbox.
Network: Internal Simulation (RFC-Compliant Mail/DNS). Egress Blocked.
Services: Learner VMs (Root Access).
