# Infrastructure How we choose, run, and manage the services that power Makenot.work. ## Philosophy We self-host where practical. Every vendor is a dependency, a potential point of failure, and a cost passed to creators. When we do use external services, we choose carefully. ### Commodity Over Premium We go with the cheapest reliable option, not the one with the fanciest dashboard. ### No Lock-In We avoid services that make it hard to leave: - **Standard formats:** Data stored in formats that work anywhere - **Exportable configurations:** Settings we can move to another provider - **No proprietary APIs:** When possible, we use providers that implement open standards - **Multi-provider capability:** Critical infrastructure can run on multiple vendors If a provider doubles their prices or changes their terms, we can move. ### Open Source Where Possible We prefer open source for software we run ourselves. Managed services sometimes make sense, but open source is the default. ### Cost Transparency We can explain every line item in our infrastructure bill. See the economics documentation for the breakdown. --- ## Production Stack ### Hetzner - Application server + PostgreSQL: VPS in US-West (Oregon) - Object storage (S3-compatible), in the EU: user files in Germany, SyncKit blobs and OTA artifacts in Finland - Backup: bucket versioning enabled - Exit: standard S3 API, portable to any S3-compatible provider ### PostgreSQL - Self-hosted on Hetzner VPS - Daily backups with 30-day retention - Offsite backup replication to a separate machine on personal hardware in a different location - No external managed service dependency ### Stripe - Connect (creators onboard directly) - Creators keep their Stripe accounts if they leave - Exit: roadmap item (no backup processor integration yet) ### Postmark - Transactional email (password reset, verification, receipts) - Exit: self-hosted migration when scale justifies ### Fastmail - Business email (support@, legal@, max@) - Exit: self-hosted migration when scale justifies ### Cloudflare - DNS management - CDN for static assets and edge caching - DDoS protection - Free tier sufficient initially ### Domain Registrar (Cloudflare) - All domains registered and managed through Cloudflare --- ## Why These Choices **Hetzner over AWS/GCP:** 80% cost reduction, US and EU regions available, no vendor lock-in. **Self-hosted PostgreSQL over managed:** No external dependency, full control over configuration and backups. **Stripe Connect:** Direct payouts to creators without us touching funds. PCI compliance handled entirely by Stripe. **Cloudflare:** Free tier covers most needs. --- ## Redundancy - Database: Daily automated backups (30-day retention) - Files: Bucket versioning on object storage - Application: Single-server today; load balancer planned at scale - DNS: Cloudflare's anycast network ## Monitoring Handled by PoM, a self-hosted production operations monitor we built. See [Monitoring](./monitoring.md) for details. --- ## Cost Philosophy Infrastructure costs scale sub-linearly with creator count. We optimize for cost-efficiency, not impressive-sounding tech stacks. --- ## Trade-offs We Accept Doing things the hard way has costs: - **More operational work:** Self-hosted infrastructure means maintaining it - **Slower feature development:** Time on infrastructure is time not on features - **Learning curves:** Open source tools don't always have great documentation The alternative (expensive vendor lock-in with costs passed to creators) is worse. ## See Also - [Architecture](./architecture.md): system design and components - [Security](./security.md): how we protect data - [Monitoring](./monitoring.md): PoM and the health endpoint