Skip to content

Reproducing the Environment

Follow these steps in order to recreate the platform from scratch.

Step 1 — Install Proxmox on each host

# Boot Proxmox VE ISO on each machine

# During install: set management IP on VLAN 10 range

#   ando  → 10.42.10.11

#   ban   → 10.42.10.21

#   corbu → 10.42.10.31

# After install, cluster them (run on ando)

pvecm create cea-cluster

# On ban and corbu:

pvecm add 10.42.10.11

Step 2 — Configure networking

# Set /etc/network/interfaces on each host (see Section 2)

# Configure managed switch: all host ports as trunk (VLANs 1,10,20,30,40,100)

# Configure OpenWrt with VLANs and firewall zones (see Section 4)

Step 3 — Create Netbird LXC on ando

# Download Debian CT template in Proxmox

pct create 100 local:vztmpl/debian-12-standard.tar.zst \
  --hostname netbird-1a \
  --net0 name=eth0,bridge=vmbr0,tag=40,firewall=1 \
  --memory 512 --cores 1 --unprivileged 1

pct start 100
pct exec 100 -- bash -c "curl -fsSL https://pkgs.netbird.io/install.sh | sh"
pct exec 100 -- netbird up \
  --setup-key <KEY> \
  --advertise-routes 10.42.0.0/16

Step 4 — Create worker VMs

# On each host, create a worker VM from Ubuntu 24.04 cloud image

# Assign VLAN tag 30 to the network interface

# Install Docker

curl -fsSL https://get.docker.com | sh

# Clone and run the worker compose file

git clone https://github.com/your-org/cea-infra /opt/cea
cd /opt/cea/worker

# Edit .env with Redis URL and S3 credentials

docker compose up -d

Step 5 — Deploy app-1 (backend)

# Install Dokploy on app-1 VM (VLAN 20)

curl -sSL https://dokploy.com/install.sh | sh

# In Dokploy UI:

# 1. Create a new application from your GitHub repo

# 2. Set environment variables (S3, Redis, DB credentials)

# 3. Enable auto-deploy on push to main

Step 6 — Set up Hetzner edge

# On the Hetzner cloud server

apt install nginx certbot python3-certbot-nginx -y

# Install Netbird

curl -fsSL https://pkgs.netbird.io/install.sh | sh
netbird up --setup-key <KEY>

# Configure Nginx reverse proxy

# Upstream = http://10.42.20.11:8000 (via Netbird tunnel)

certbot --nginx -d your-domain.com

Step 7 — Configure Hetzner Object Storage

# Create a bucket in Hetzner Object Storage console

# Create S3 access credentials

# Set the following in all services that need S3 access:

S3_ENDPOINT=https://<region>.your-objectstorage.com
S3_BUCKET=cea-data
S3_ACCESS_KEY=<access-key>
S3_SECRET_KEY=<secret-key>

# (Optional) Create separate IAM credentials per worker VM

# with write access scoped to /projects/<project_id>/ prefix only

Step 8 — Publish docs with Cloudflare Pages and Access

# In Cloudflare Dashboard:

# 1) Workers & Pages -> Create application -> Pages

# 2) Connect this repository

# 3) Build settings:

#    build command: mkdocs build

#    output directory: site

# 4) Add custom domain (for example: infra-docs.user.com)

# 5) Zero Trust -> Access -> Applications

#    create Self-hosted app for infra-docs.user.com

# 6) Create second Access app for project-name.pages.dev

# 7) Add allow policy (for example emails ending with your org domain)

# 8) Validate login is required on both hostnames

Verification checklist

After setup: (1) submit a test simulation from the web UI, (2) confirm the job appears in Redis, (3) confirm a worker picks it up, (4) confirm Parquet files appear in S3, (5) confirm the dashboard shows results, and (6) confirm SocketIO events reach the browser during the run.