Sovereign infrastructure for EU SMEs.

What I do for you

Most European SMEs run their operations on a sprawl of US-hosted SaaS — half a dozen tools that don't talk to each other, costs that creep every year, vendor lock-in that gets noticed only when a customer asks pointed questions about Schrems II. The default response is to add another tool. The alternative is to build infrastructure you actually own.

That's what I do. I design and build EU-resident, open-source-first, sovereign infrastructure for European SMEs — replacing the SaaS sprawl with an integrated stack that lives where your data should live: on hardware in jurisdictions you trust, under software you can audit, operated by people you employ. The deliverable isn't a long contract. It's a stack your team owns, documented well enough that I'm not the bottleneck.

I'm a full-stack developer with deep DevOps roots, which means the systems I build, I also run. That matters: it means I design for operability from day one — not architecture diagrams that look good in slides but break under real conditions. The same person writes the application code, configures the database, sets up the monitoring, and answers the pager. That's how things actually work end to end.

Who I work with

The companies I work with are usually small-to-mid European manufacturers, professional services firms, and similar SMEs — fifty to two hundred staff, family-owned or partner-led, exporting to EU customers who are getting increasingly specific about where supplier data lives. The person I work with is usually their IT manager or operations lead: technically competent, alone or with one helper, holding together a hybrid of on-prem legacy and creeping SaaS, getting asked harder questions every quarter about cost, compliance, and continuity.

If your Microsoft bill has crept past five digits, your largest customer just sent a supply-chain security questionnaire, your previous contractor quoted six figures for a "discovery phase," or your Industria 4.0 budget is sitting unused because nothing on offer is what you actually need — we should talk.

What I do

1. Sovereignty audit & TCO analysis

   Inventory of your current stack, mapping of data flows, identification of US-hosted touchpoints and audit exposure, total-cost-of-ownership projection against an open-source alternative.

2. Architecture design

   A phased sovereign-stack design tailored to your size, internal skills, and production-continuity constraints. Open-source-first. Operable by your team, not by a vendor.

3. Implementation & migration

   Build, deploy, integrate with your existing ERP and MES, migrate data with minimal-to-zero downtime windows.

4. Documentation & handoff

   Operator-level runbooks, in-house IT training, a clean escalation path. The handoff is the deliverable.

5. Managed support — optional

   A monthly retainer for monitoring, scheduled updates, and incident response, with industrial SLAs for production-critical stacks.

How I work

Every engagement follows the same arc, scaled to the project: audit → architect → implement → document → hand off.

The audit is short and unvarnished — I don't pretend uncertainty I don't have, and I don't manufacture complexity to justify scope. The architecture is phased, because production systems don't tolerate big-bang cutovers. The implementation prioritises operability: the team that has to live with the stack is in the room when it's designed. The documentation is the deliverable that distinguishes a contractor from a partner. The handoff is real — I'm not interested in being permanently in your loop. Optional managed support exists for the things that genuinely need a specialist on call.

Selected work

Since 2023 I've been the sole infrastructure engineer for Synapser, an Italian non-profit and University of Trieste student group of about fifteen members. Over three years I've built out a fully self-hosted production stack — identity (Authentik with SCIM), mail (mailcow), git and CI (GitLab), file sync and office (Nextcloud), helpdesk (Zammad), knowledge base (BookStack), data science (JupyterHub), monitoring (Netdata), backups (Restic with BackRest), and more — across a Xeon-class on-prem server and an IONOS VPS edge with WireGuard transport. Cloudflare for DNS only. Let's Encrypt per domain. Docker Compose orchestration, Portainer for ops. Custom channels alerting. Nothing the project pays per-seat for.

Personally, I run a separate stack at home: a Raspberry Pi network running nginx, pi-hole, SFTP, and various Docker services — including the page you're reading right now. Both stacks are operated and maintained as if they were customer infrastructure: documented, monitored, backed up, and built to outlast the people running them today.

About

I'm Lorenzo Moscati, based in Trieste, Italy. I've been writing code for about ten years, increasingly focused on production systems and infrastructure as I went deeper. I'm finishing a Bachelor's degree in AI & Data Analytics at the University of Trieste, with thesis planned for late 2026 or early 2027.

I work in the spaces between development and operations because that's where most software actually goes wrong. I prefer open-source where the option exists, EU hosting where data sensitivity demands it, and standard, idiomatic tools over clever ones. I treat every project — including the volunteer work — as if it were portfolio-grade, because that's how you actually learn.

Get in touch

If any of this resonates — if you're an IT manager tired of being a SaaS shopper, or a director who'd like to understand what owning your infrastructure actually means — get in touch.

• Email lorenzo@moscati.page
• LinkedIn linkedin.com/in/lorenzo-moscati/
• GitHub github.com/Fly7113