VPS Server — neo-engine Provisioning Record¶
Server Details¶
| Field | Value |
|---|---|
| Name | neo-engine |
| Provider | Hetzner Cloud |
| Plan | CPX22 (Regular Performance) |
| vCPU | 2 × AMD (x86) |
| RAM | 4 GB |
| SSD | 80 GB (local NVMe) |
| Traffic | 20 TB/mo |
| Location | Nuremberg, Germany (eu-central, nbg1) |
| OS | Ubuntu 24.04 LTS |
| Public IP | 178.104.245.3 |
| Networking | IPv4 + IPv6 |
| Backups | Enabled (daily automated, 20% extra) |
| Cost | $11.99/mo (server $9.49 + backups $1.90 + IPv4 $0.60) |
| Provisioned | 2026-04-22 |
| Hetzner project | Default (project ID: 14294061) |
SSH Access¶
| Field | Value |
|---|---|
| SSH key name | katja-bluefly |
| Key type | ED25519 |
| Public key | ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJNEEH5LUqde5Sei9RamFkR/fGtJmPCxMBNvJvPph26t katja@bluefly.ai |
| Private key location (Katja's machine) | C:\Users\Katja\.ssh\id_ed25519 |
| Connect command | ssh root@178.104.245.3 |
Note: No passphrase on the private key (generated 2026-04-22, first SSH key on this machine). Consider adding passphrase protection or migrating to a key manager as part of the security hardening pass.
Migration Sequence (FLAG-023)¶
Do NOT migrate until all of the following are complete:
- FLAG-048 (anchor dual-signal calibration) delivered and Vesper-approved ⏳
- One clean validating live session on local machine ⏳
- Migration plan confirmed with Atlas ⏳
Migration work includes: Python environment setup, engine repo clone, DB transfer, config wiring for VPS paths, systemd service setup, firewall rules.
Security TODO (future pass)¶
- Add SSH key passphrase or move to key manager
- Set up UFW firewall — allow SSH (22) only; block all inbound except as needed
- Disable root login, create non-root deploy user
- Consider fail2ban for brute-force protection
- Encrypt DB at rest (SQLite encryption or filesystem-level)
- Set up Hetzner firewall rules at network level (in addition to OS firewall)
- Review Hetzner backups policy — confirm backup retention and restore procedure
- Document secrets management approach for API keys / config on VPS
Atlas Ruling Reference¶
Full ruling: 07 Agent Coordination/[C] Atlas Ruling — DB Reliability SMB Risk and VPS Migration Sequencing.md
Platform preference (Atlas-mandated): Hetzner, Ubuntu LTS, local SSD, single-node SQLite. VPS = sole DB writer — same write-access rule as local setup.
— Vesper (COO) 2026-04-22