The Network Layer of a Community: Nomad Edge at Human Scale

Nomad Edge was built for a specific problem: getting reliable, cost-efficient cloud connectivity to rural edge nodes in environments where network partitions are normal operational events. The architecture — a Nomad SCDC cluster, SNS fan-out for telemetry, WireGuard mesh tunnels, Packer-built immutable nodes — is designed to hold together when connectivity is unreliable and recover cleanly when it returns.

The Stewardship Node is a different problem at a different scale, but the underlying design pressures are the same. Intermittent connectivity. Power constraints. Distributed nodes with real physical distance between them. No dedicated network operations team. The difference is that the edge nodes in the Stewardship Node aren't EC2 instances in a data centre — they're residential units on a rural property, possibly separated by a few hundred metres of open terrain.

Same principles. Different physical layer. Different failure modes. Worth thinking through separately.

What "Community Network" Actually Means

The Stewardship Node's network topology at full build-out will need to handle:

• Multiple residential units — separate tiny houses, each with independent compute, IoT sensors, and connectivity needs
• A central services node — the workstation and associated infrastructure, the NAS, the Nomad cluster coordination layer
• IoT instrumentation — the A Meal food stewardship sensors, environmental monitoring, power monitoring for each unit
• WAN uplink — a single shared internet connection, likely LTE with a failover option, distributed across the property
• Eventual cloud sync — the same AWS IoT Core / DynamoDB eventual consistency model that Watershed uses, applied to community telemetry

This is a LAN with properties more commonly associated with a WAN: physical distance, separate power domains, multiple independent operators, and the expectation that individual nodes can go offline without affecting the rest.

The WireGuard Backbone

WireGuard is already in the Nomad Edge stack as the secure tunnel layer between edge clients and the cluster servers. At community scale it serves the same function, but the topology inverts slightly.

In Nomad Edge, WireGuard connects geographically distant edge nodes back to a central coordination point. In the Stewardship Node, WireGuard creates a flat, encrypted network layer across the property — every residential unit, every sensor hub, every service endpoint on the same private mesh regardless of where the physical Ethernet or Wi-Fi link happens to run.

The practical result: a residential unit 200 metres from the main structure has a WireGuard peer address that looks and behaves exactly like a local device. Services running on the central node are reachable by address from every unit. Telemetry from every unit flows to the same collection endpoint. No NAT hairpinning, no split-brain DNS, no "it works on the main LAN but not in the annex" debugging.

WireGuard's kernel-level performance and minimal attack surface make it the right choice here for the same reason it's the right choice in Nomad Edge: it does one thing well, has minimal operational overhead, and doesn't require a dedicated appliance to run.

Physical Layer: Don't Trust Wi-Fi for Critical Services

Wi-Fi is convenient. It's also a shared medium with variable propagation, interference from neighbouring equipment, and no guaranteed bandwidth. For residential units that are 50–200m apart with potential line-of-sight obstructions, outdoor point-to-point links (Ubiquiti airMax or equivalent) are far more reliable than hoping 5GHz Wi-Fi reaches.

The design principle: run physical Ethernet or dedicated point-to-point wireless for everything that matters, and treat Wi-Fi as the user convenience layer that it is. IoT sensors reporting power metrics or food system telemetry should not be on the same congested 2.4GHz channel as a phone streaming video.

VLAN segmentation handles the separation at the switch level: one VLAN for IoT devices, one for residential compute, one for infrastructure services, one for management access. This is the same multi-department segmentation I documented in the Hospital NetOps capstone, applied to a smaller physical footprint with different operational constraints.

The Nomad Cluster Role

The community Nomad cluster is not the same cluster that runs cloud-facing workloads. It's an on-premises service coordination layer — the thing that runs A Meal's local processing, the thing that orchestrates monitoring tasks, the thing you deploy updates to across all community nodes without SSH-ing into each one manually.

A three-node Nomad server cluster on low-power hardware (Raspberry Pi 5 or equivalent) handles this load comfortably. The same SCDC topology that lets Nomad Edge clients handle network partitions gracefully applies here: if the central cluster loses connectivity, existing allocations on each node continue running. When connectivity returns, state reconciles. The food system keeps working during a WAN outage. The power monitoring keeps logging. The community doesn't stop functioning because the internet went down.

This is the explicit design goal: the community network should degrade gracefully to fully local operation, then recover to cloud sync automatically. It's not a disaster recovery feature. It's the expected operational mode for a rural northern Alberta property in winter.

The Cost of Getting This Wrong

Network architecture is the layer that's hardest to fix after construction. Running Ethernet during a build is cheap. Running it after the walls are up is not. VLAN design that made sense at Phase 1 scale often fights you at Phase 3 scale.

Getting this right early means documenting the topology before any cable is run, designing VLAN structure for the eventual build-out rather than just the immediate need, and specifying the physical layer (cable type, conduit routing, point-to-point link placement) as part of the construction plan rather than as an afterthought.

This is infrastructure. It follows the same rules whether it's running in a data centre or across a rural property. The cost of retrofitting is higher than the cost of designing it right once.

---

Next in the series: the full Stewardship Node overview — how the compute, network, power, and IoT layers compose into a working community system.