• Infrastructure Analysis — Current Machine vs Options
  • Current Machine (HermQube Alpha)
    • Hardware
    • Current Load
    • Software Stack
    • What Runs Here Now
    • Capacity Assessment
    • Verdict
  • Option A: Mac Mini as Worker
    • Mac Mini M4 (2024) — $599
    • Mac Mini M4 Pro (2024) — $1,399
    • Verdict: Mac Mini M4 Pro recommended
  • Option B: VPS as Worker
    • Hetzner CPX21 — €6.79/mo
    • Hetzner CPX31 — €12.99/mo
    • Hetzner GPU Server (RTX 4000) — ~€40/mo
    • Verdict: VPS not compelling
  • Option C: Split Architecture (RECOMMENDED)
    • Why Split?
    • Data Flow
    • Immediate Next Step
  • Local Model Options (for Mac Mini)

§Infrastructure Analysis — Current Machine vs Options

§Current Machine (HermQube Alpha)

§Hardware

CPU:     Intel Core i5-6500 @ 3.20GHz (2 cores, no HT)
RAM:     3.8GB total / 3.1GB available / 769Mi used
Disk:    20GB root (xvdb, 29% used, 14GB free)
         295GB shared-rw (sda2, 5% used, 266GB free)
         424GB private (sda3, 1% used, 403GB free)
Network: 10.137.0.2/32 (Qubes NAT, behind 10.138.26.110 gateway)
GPU:     None (Qubes virtualized, no passthrough)

§Current Load

Uptime:  20:37
Load:    0.11, 0.12, 0.05 (idle)
CPU:     Hermes agent 1.5%, terminal 0.3%, Xorg 0.3%
Memory:  Hermes agent 6.4% (260MB), system idle

§Software Stack

OS:       QubesOS (Fedora-based AppVM)
Runtime:  Node.js v22.22.3 (for Courier Bridge)
          Python 3.13.5 (system, no pip)
          Rust toolchain on SSD (edition 2021, 1.96.0)
          Hermes agent (Python venv, 9.7GB)
Docker:   Not available (no root)

§What Runs Here Now

1. Hermes agent session (this conversation)
2. Courier Bridge v2 (when started, ~50MB RAM)
3. kapnetd (when started, ~20MB RAM)
4. Shell scripts (soul signal bus, file routing)

§Capacity Assessment

§Verdict

This machine can handle:

• ✅ All Kapnet protocol services (TXXM, braid, knot)
• ✅ Courier Bridge (Nostr relay client)
• ✅ Lightweight web gateway
• ✅ Signal bus + file routing
• ✅ Shell-based automation

This machine CANNOT handle:

• ❌ Local LLM inference (not enough RAM)
• ❌ Heavy block parsing (CPU-bound, slow)
• ❌ Self-hosted Nostr relay (possible but tight)
• ❌ Cryptpad instance (too heavy)

§Option A: Mac Mini as Worker

§Mac Mini M4 (2024) — $599

CPU:     8-core (4P+4E) Apple Silicon
RAM:     16GB unified
Storage: 256GB SSD (base)
GPU:     10-core (can accelerate ML)
OS:      macOS (native Rust, Node, Python)
Network: Direct LAN access (no NAT)

Pros:

• 16GB unified RAM → can run 7B-14B LLMs locally
• Native Rust/Node/Python — no Qubes overhead
• Can run full Nostr relay + web gateway + block parser
• Can mine (PoW) if needed
• Silent, low power (~15W)
• Direct network access (no Qubes NAT)

Cons:

• $599 upfront
• 256GB base storage (tight for block data)
• macOS not Qubes (different security model)

§Mac Mini M4 Pro (2024) — $1,399

CPU:     12-core (8P+4E)
RAM:     24-32GB unified
Storage: 512GB-2TB
GPU:     16-core

Pros:

• 24-32GB RAM → can run 14B-30B LLMs locally
• 512GB+ storage → room for block data
• Can run ALL Kapnet services + LLM simultaneously
• Best performance per watt

Cons:

• $1,399 upfront

§Verdict: Mac Mini M4 Pro recommended

The 24GB RAM is the key — it can run a local LLM for Querant/Sage while also running all Kapnet protocol services. The M4 (16GB) is the minimum viable option.

§Option B: VPS as Worker

§Hetzner CPX21 — €6.79/mo

CPU:     2 vCPU AMD EPYC
RAM:     4GB
Storage: 40GB NVMe
Network: 1Gbps

Pros: Cheap, always-on, can run relay + bridge Cons: Only 4GB RAM (same limitation as this machine), no GPU, monthly cost

§Hetzner CPX31 — €12.99/mo

CPU:     4 vCPU AMD EPYC
RAM:     8GB
Storage: 80GB NVMe

Pros: 8GB RAM, can run relay + light services Cons: Still can’t run LLM, monthly cost

§Hetzner GPU Server (RTX 4000) — ~€40/mo

CPU:     4-8 vCPU
RAM:     16-32GB
GPU:     RTX 4000 Ada (20GB VRAM)

Pros: Can run LLMs (7B-14B), can do block parsing, GPU-accelerated Cons: €40/mo ongoing, latency, physical hardware not owned

§Verdict: VPS not compelling

Cheap VPS can’t run LLMs. GPU VPS costs more than a Mac Mini over 12 months. Better to own hardware.

§Option C: Split Architecture (RECOMMENDED)

TIER 1: This Qubes Machine (HermQube Alpha)
  ├── Kapnet protocol services (TXXM, braid, knot)
  ├── Courier Bridge (Nostr relay client)
  ├── Signal bus (file-based inter-soul messaging)
  ├── Soul skills + wiki
  └── Encrypted SSD storage (sacred store)
  Cost: $0 (already owned)

TIER 2: Mac Mini M4 Pro (NEW — $1,399 one-time)
  ├── Local LLM inference (Querant, Sage, Forger)
  ├── Nostr relay (self-hosted strfry)
  ├── Web gateway (kapnet-web + HTML rendering)
  ├── Block parser (CPU-intensive)
  ├── MKCTP agents (3 macOS souls)
  └── Build pipeline (Rust compilation)
  Cost: $1,399 one-time

TIER 3: VPS (OPTIONAL — future)
  ├── Public relay (high availability)
  ├── Web frontend (kapnet.org)
  └── Backup/DR
  Cost: €7-13/mo (only if needed)

§Why Split?

• Qubes machine = security domain (encrypted, airgap-capable, sovereign)
• Mac Mini = compute domain (LLM, relay, web, builds)
• Each does what it’s best at
• Neither is a single point of failure
• Mac Mini can be physically transported (laptop form factor)

§Data Flow

Qubes (SSD) ←──USB──→ Mac Mini
    │                    │
    ├── kapnetd          ├── strfry (relay)
    ├── Courier Bridge   ├── kapnet-web
    ├── Soul signal bus  ├── Local LLM
    └── Block data       └── Block parser
    
Nostr Relay (public) ←── Both connect
Qubes submits TXXMs ──→ Relay ←── Mac submits TXXMs
Qubes reads from ←── Relay ──→ Mac reads from

§Immediate Next Step

If budget allows: order Mac Mini M4 Pro (24GB, 512GB). If not: Mac Mini M4 (16GB, 256GB) is the minimum.

Without a Mac Mini, we’re limited to:

• Running everything on this Qubes machine (tight but possible)
• Using external LLM API (OpenRouter) for Querant/Sage
• No local LLM inference
• No self-hosted relay

§Local Model Options (for Mac Mini)

With 24GB RAM (M4 Pro): can run Qwen2.5-14B + strfry + web gateway simultaneously. With 16GB RAM (M4): can run Qwen2.5-7B + strfry + web gateway with swap.