project — infrastructure
a production-grade data plane running entirely on Oracle's free ARM tier — Docker, Postgres, monitoring, backups, and secure remote access. zero monthly cost.
4 OCPU / 24 GB RAM — free forever on Oracle Cloud's always-free tier.
standard Postgres with vector search support. binds to localhost only — never public.
outbound-only tunnel — zero inbound ports open on the public IP.
WireGuard mesh for SSH. public SSH on port 22 restricted to the tailnet only.
nightly encrypted Postgres backups to B2. 7 daily + 4 weekly + 3 monthly snapshots.
persistent AI coding sessions reachable from any device over Tailscale.
every component is proven open source — official Docker images, published binaries, standard tools. the only custom code is thin glue: a compose file, a backup script, small configs.
nothing listens on the public IP. all service ports bind to 127.0.0.1. Cloudflare Tunnel dials outbound. SSH is Tailscale-only. the box is invisible to the public internet.
all credentials live in .env files on the box, chmod 600, gitignored. passwords are generated on the box — never echoed or sent over the network in plaintext.
a service can bind 0.0.0.0 on the host and still pass an on-box check. every network change is verified with an external port scan from a remote machine — not just inspecting local bindings.
| hostname | routes to |
|---|---|
| elevenbaselab.com | Cloudflare Pages — this site |
| monitor.elevenbaselab.com | Cloudflare Tunnel → Uptime Kuma on Oracle |
| api.elevenbaselab.com | Cloudflare Worker → Oracle backends |
| models.elevenbaselab.com | Cloudflare Tunnel → Ollama on Mac Mini |