7.4 KiB
Side Hustle PRD — Iron Legion Templates
Goal: Earn first $1,000 in 30 days selling digital templates derived from Iron Legion infrastructure. Time budget: 1h/day M–F, up to 4h Sat/Sun (18h/week max). No audience required. Cold traffic via Reddit + Discord.
Path A: "Iron Stack Blueprint" — $149
What You Are Selling
Your swarm topology decisions as a deployable reference for homelabers: sanitized compose files, network diagram, port allocation table, Technitium DNS resolution logic, and the "deploy in this exact order or it breaks" decision tree. Homelabers fail at the intersection of DNS, reverse proxy, and monitoring — you solved it.
Why It Sells
- Homelab subreddit has 2M+ members. Every week someone posts: "What do you use for reverse proxy + DNS + monitoring?" You hand them the answer for $149.
- No config is unique, but the sequence matters. You documented the exact order that prevents port 53 collisions, socket permission errors, and DNS forwarding loops.
30-Day Math
7 sales × $149 = $1,043
48-Hour Path to First Sale
| Hour | Action |
|---|---|
| 0–2 | Sanitize compose files to generic hostnames, placeholder env vars |
| 2–4 | Write "Why This Order Matters" PDF — 20 pages max |
| 4–6 | Commander review + revise |
| 6–8 | Package on Gumroad with Stripe connect |
| 8–10 | Record 2-min Loom walkthrough of the stack running |
| 10–12 | Post in r/homelab "Show Your Stack" Saturday thread + 3 Discord servers |
Path B: "Fleet Bootstrap Toolkit" — $99
What You Are Selling
Your ansible-pull CI/CD pattern as a standalone template: systemd auto-update timers, node-join wrapper scripts, Docker Engine provisioning playbook, and the "add a new node in 10 minutes" checklist.
Why It Sells
- Any nerd with 2+ boxes manually updates everything and knows they should automate.
- The playbook exists. You need only remove Iron Legion-specific tokens and add a 1-page "replace these 5 variables" header.
30-Day Math
11 sales × $99 = $1,089
48-Hour Path to First Sale
| Hour | Action |
|---|---|
| 0–2 | Extract ansible-pull patterns. Generic hostnames, placeholder vars |
| 2–4 | Build "Fleet Bootstrap README" — Debian → auto-updating node in 30 min |
| 4–6 | Commander review + revise |
| 6–8 | Package on Gumroad with Stripe connect |
| 8–10 | Create before/after architecture diagram |
| 10–12 | Drop in r/sysadmin "What do you use for config management?" threads |
Execution Schedule
Week 1 — Build (Tue–Sun, ~8h)
- Tue: Sanitize Path A configs + draft PDF skeleton
- Wed: PDF content + Commander review
- Thu: Revise PDF + Gumroad setup
- Fri: Screencast + product page copy
- Sat: Post in r/homelab + 3 Discord servers
- Sun: Monitor first 24h, answer comments, DMs
Weeks 2–4 — Promote (~1h/day, 4h weekends)
- M–F: Answer one question on r/homelab or r/selfhosted. Mention the Blueprint only if relevant (no spam).
- Sat: Record a short "tip" video (5 min) based on a question you answered. Drop link in comments.
- Sun: Check sales, iterate product page if under 1% click-to-buy.
Revenue Checkpoints
| Day | Checkpoint | Action if Missed |
|---|---|---|
| 7 | ≥2 sales | Keep going. If 0, pivot positioning or subreddit |
| 14 | ≥4 sales | On track. Consider "Bundle both for $199" tier |
| 21 | ≥6 sales | Healthy. Start Path B if bandwidth allows |
| 30 | ≥7 sales (A) or ≥11 (B) | Milestone hit — evaluate update tier ($19/mo) |
Content Checklist
Path A: Iron Stack Blueprint
- Sanitized compose files (Traefik, Technitium, Prometheus, Node Exporter, Beszel Hub, Portainer CE, Dozzle, Homepage)
- Port allocation table (reserved + why)
- Deploy order decision tree (with rollback steps)
- DNS resolution diagram (Technitium authoritative → upstream)
- "Common failure modes" appendix (port collision,
systemd-resolveddisable, socket permissions, label constraints) - 2-min Loom walkthrough
Explicitly NOT in this blueprint:
- Media stack (Jellyfin, Sonarr, Radarr, Prowlarr) — hosted on a separate storage device outside the swarm
- Nextcloud AIO — runs on Neo (Nebuchadnezzar), exposed via NetBird, not part of the swarm
- Vaultwarden — runs on Neo (Nebuchadnezzar), exposed via NetBird, not part of the swarm
- Dockhand — runs on Neo (Nebuchadnezzar), exposed via NetBird, not part of the swarm
- Trilium Notes — runs on Neo (Nebuchadnezzar), exposed via NetBird, not part of the swarm
Path B: Fleet Bootstrap Toolkit
- Ansible-pull playbook (generic)
- Node-join wrapper script
- Systemd timer templates (auto-update + health check)
- Docker Engine provisioning playbook
- "Add node in 10 min" checklist
- Before/after architecture diagram
Network Topology Note
The Iron Legion fleet runs two completely separate mesh VPN overlays managed by different companies, on different coordination servers, with zero interoperability between them.
| Overlay | Technology | Company | IP Range | Use Case |
|---|---|---|---|---|
| Admin/Management | Tailscale | Tailscale Inc. (Canada) | 100.64.0.0/10 (CGNAT) |
SSH access, monitoring, agent orchestration between Artemis, Mark44, Mark5, and MK7. Called a "tailnet" in Tailscale terminology. |
| User-facing services | NetBird | WireTrustee SA (Latvia/EU) | 100.64.0.0/10 (CGNAT, configurable) |
Access to Nextcloud AIO, Vaultwarden, Dockhand, and Trilium Notes on Neo. Called a "NetBird network" in NetBird terminology. |
| LAN backbone | Beryl router (OpenWrt) | N/A | 192.168.0.0/18 |
Internal swarm node-to-node traffic (MK33–42, MK7). No VPN involved. |
Critical clarifications:
-
"Tailnet" is Tailscale's proprietary term. NetBird does not call its mesh a "tailnet" — it uses "network." These are separate, non-interoperable systems from different vendors.
-
Same CGNAT range does not mean same network. Both Tailscale and NetBird default to
100.64.0.0/10for overlay addressing, but devices on one cannot reach devices on the other. The coordination servers (Tailscale Inc. cloud vs. NetBird cloud/self-hosted) are completely isolated. -
Neo is dual-homed but services are intentionally isolated. Neo runs the Tailscale client so Artemis can SSH-manage the node. Neo also runs the NetBird client — but the services (Nextcloud, Vaultwarden, Dockhand, Trilium) are exposed only through NetBird. They are intentionally unreachable via Tailscale or LAN. This is the boundary between admin and user planes.
-
The Swarm stack (Path A) is LAN-contained. Traefik on MK7 routes HTTP internally. Technitium handles LAN DNS. Neither Tailscale nor NetBird is required for the blueprint buyer's stack to function.
Buyer implication: If a homelaber wants the Iron Legion admin/management pattern (Tailscale) AND the user-facing services pattern (NetBird), those are two separate deployments, two separate vendor accounts, and two separate documentation paths. Path A covers only the LAN self-contained stack.
Notes
- All content derived from live Iron Legion fleet. Sanitized before publication per Commander approval.
- One-and-done digital products. No support obligation. Optional $19/mo update tier if demand confirmed.
- Payment: Stripe via Gumroad. No business entity required.
Drafted by Artemis. Subject to Commander review and sign-off before build.