Quick Tide Check
WaveTrader moved its entire backend from Google Cloud to an $80 a month bare metal server running Coolify. The bill dropped 73%, usable capacity grew roughly 20x, and the migration was executed by an AI agent with a human approving every gate. Cutover downtime: about 13 minutes, with zero data loss verified table by table.
Illustration: WaveTrader
How a solo founder moved a live iOS trading platform off GCP with an AI agent as the DevOps engineer, cut infrastructure cost by 73%, and bought 20x growth headroom in the process.
🔑 Key Takeaways
- The cloud baseline adds up fast: a small managed-services stack cost $300 a month before real traffic, and modeled out to roughly $6,000 a month at 20x load.
- Bare metal flips the math: $80 a month buys 24 EPYC cores, 128 GB of ECC RAM, and NVMe RAID1, roughly 20x the capacity for 73% less money.
- Coolify closes the PaaS gap: git-based deploys, automatic TLS, private networking, scheduled backups, and one dashboard make bare metal feel like Cloud Run.
- The AI agent operating model works: the agent executes and verifies with hard checklists, the human decides and owns every irreversible gate.
- Own the compute, rent the edge: keep Cloudflare, object storage for backups, and managed DNS where cloud economics still win.
Every cloud journey starts the same way. You get a year of free credits, you spin up managed services, and everything feels effortless. Then the honeymoon ends, the first real invoice lands, and you find out what your architecture actually costs.
For WaveTrader, that number was about $300 a month. Not for a scaled system. For the baseline. One mobile API, one agent API, an auth server, a small PostgreSQL database, a Redis instance, and two background workers. No meaningful traffic spikes, no autoscaling doing real work. $300 a month just to keep the lights on.
This is the story of how we moved all of it to bare metal for $80 a month, why we picked Coolify to run it, why our DevOps engineer for the migration was an AI agent, and what we learned about when the cloud stops making sense.
The setup we were paying for
WaveTrader's backend on GCP looked like a textbook managed-services architecture:
- • Cloud Run for the mobile API, the agent API, and the auth server
- • Cloud SQL for PostgreSQL
- • Memorystore for Redis
- • GKE Autopilot running one Celery worker and one scheduler
- • A global HTTPS load balancer in front of it all
Illustration: WaveTrader
Each piece is excellent in isolation. Together, for an early-stage product, they add up fast. The load balancer alone has a fixed monthly floor. Cloud SQL charges you whether users show up or not. GKE Autopilot bills per pod resource request, so even a scheduler that fires a few tasks an hour carries a steady cost.
The real problem was not the $300. It was the growth math. We modeled what the same architecture would cost at roughly 20x our current load: more API instances, a larger database tier, bigger Redis, more workers. The estimate came out around $6,000 a month before we would genuinely need horizontal scale. That is the point where cloud pricing stops being a convenience fee and starts being a tax on growth.
The $80 alternative
For $80 a month, dedicated hardware from a major European provider gives us this spec:
- • AMD EPYC, 24 cores and 48 threads
- • 128 GB of ECC RAM
- • 2x NVMe drives in software RAID1
- • Unmetered bandwidth on a serious network backbone
Compare that with what $300 bought us on GCP: fractional vCPUs across a handful of managed services and a database instance that would struggle to use 4 GB of RAM. The bare metal setup is not 20% cheaper for the same capacity. It is 73% cheaper for roughly 20x the capacity.
That headroom is the real purchase. WaveTrader processes market data, computes wave states across hundreds of crypto symbols, and generates trading signals continuously. On this hardware, we can grow the user base, the symbol coverage, and the agent traffic by an order of magnitude before infrastructure becomes a conversation again. On GCP, every one of those growth steps had a line item attached.
Why Coolify
Bare metal used to mean trading your cloud bill for a sysadmin job. That trade is much better now.
We evaluated the options and picked Coolify, an open source, self-hosted platform that gives you the parts of a PaaS you actually miss:
- • Git-based deployments from a private GitHub repository, triggered by merges to main after CI passes
- • Automatic TLS through Traefik and Let's Encrypt
- • Private Docker networking between services, so the databases never touch a public port
- • Built-in scheduled backups with local retention plus encrypted offsite copies in object storage
- • One dashboard for logs, health checks, environment secrets, and rollbacks
The result feels closer to Cloud Run than to a 2010 VPS. Push to main, CI runs, the new image builds and deploys, health checks gate the rollout. The difference is that the compute underneath is ours, fixed-price, and enormous relative to what we need today.
Our DevOps engineer was an AI agent
Here is the part that would have sounded like science fiction two years ago. The migration was executed by GPT 5.6 SOL, an AI agent working as our DevOps engineer, with a human in the loop for every irreversible decision. The whole move took 2 days of elapsed work.
The division of labor was clear. The agent did the engineering: it wrote the migration scripts with preflight, export, restore, and verification gates, streamed encrypted database dumps between environments, executed version-by-version upgrades of the auth server, ran checksum and schema comparisons after every stage, configured the firewall and reverse proxy, and produced verification evidence at each step. The human did the judgment: approving each cutover gate, reviewing the evidence before any writer freeze, and holding the authority to stop or roll back at any point.
Illustration: WaveTrader
Two things made this work in practice:
- • Gates, not vibes. Every phase ended with a checklist of verifiable facts: table counts, constraint hashes, sequence states, checksum matches. The agent could not proceed on "looks good". It had to produce numbers, and the human approved numbers.
- • Rehearsal as the default. The agent rehearsed every stateful step against disposable targets before touching production. When something failed, like a health check probe missing a dependency in the container image, it failed in rehearsal, got fixed, and never reached the cutover.
The honest assessment: the agent was excellent at this job. Migration work is exactly the shape of task where AI agents shine today. It is procedural, verifiable, and unforgiving of skipped steps. A human DevOps engineer would have taken longer, cost more, and been tempted to skip the fourth verification pass at 11pm. The agent ran the same discipline at step 1 and step 400.
What the agent did not do was decide. Provider selection, cost modeling, risk appetite, maintenance windows, and the go or no-go at each gate stayed human. That split, agent executes and verifies, human decides and owns, is the operating model we would recommend to anyone attempting this.
How we actually moved
A live trading platform with paying users does not get a "big bang" weekend migration. We ran this like a series of sets, each one rehearsed before we paddled into it.
Illustration: WaveTrader
1. Rehearse everything before it counts. Every stateful migration was executed at least once against a disposable target before production. Auth data, application data, all of it. Dumps were streamed through encryption in transit, never written as plaintext, and verified by checksum on both ends.
2. Verify like the data is money. Because it is. After each restore we compared the source and target down to the boring details: every table count, every constraint, every index, sequence state, and timestamp maxima. Our final production restore matched the source on all 27 tables, including 19,465 trading signals and 487 tracked symbols, with zero drift.
3. Move auth first, alone. The auth server migrated a full two days before the APIs, complete with a multi-version upgrade executed release by release with verification after every step. Isolating the riskiest stateful component meant that when API cutover day came, identity was already proven stable on the new platform.
4. Keep the old shoreline visible. During transition, the new environment temporarily proxied traffic to the still-authoritative GCP services, so DNS could move early with zero behavior change. The mobile app was updated to a permanent API domain and shipped through the App Store before cutover. Old hardcoded cloud URLs got a lightweight stateless compatibility proxy so users on older app builds never hit a wall.
5. Freeze, snapshot, switch, verify. The final cutover froze writers, took a last encrypted snapshot, restored it, verified an exact match, and flipped routing. From writer freeze to the new environment becoming authoritative took about 13 minutes, well inside our 30-minute maintenance budget. GCP stays intact as a rollback snapshot for now, scaled to zero, costing close to nothing.
What we kept from the cloud
This is not a cloud-is-bad story. We kept the pieces where cloud economics still win:
- • Cloudflare in front of the APIs. DDoS absorption, TLS at the edge, and origin lockdown so the server only accepts traffic from Cloudflare's network. Our public agent endpoint gets constant automated scanning. Filtering that at the edge is worth every cent of the $0 it costs.
- • Object storage for backups. Encrypted database backups ship offsite on a schedule, with restore tests to prove they are real backups and not just files.
- • Managed DNS and a CDN layer that cost pennies.
The pattern: own the compute, rent the edge.
The honest trade-offs
Bare metal is not free lunch. Three things you accept:
You are the SRE. No managed failover, no automatic node replacement. We mitigate with RAID1 storage, tested backups with a 6-hour recovery point objective, health-checked deployments, and a rollback environment that stays warm during the observation window. For a system of our size, that is a manageable on-call surface for one person with good tooling.
Hardware has a ceiling. Bare metal means the blast radius is yours to manage. Our answer is that the ceiling is roughly 20x away, and by the time we approach it, revenue will fund more hardware and a proper HA setup. Paying $6,000 a month today to avoid an architecture decision in two years is not risk management. It is prepaying for a problem we do not have.
Rehearsal takes real time. The migration itself, done safely, ran as multiple rehearsed phases across 2 days. An AI agent doing the execution compressed what would have been weeks of human DevOps work, but human review time at each gate is not optional and should not be. The payback period on the total effort is measured in weeks, not months.
The numbers, one more time
| GCP (before) | Bare metal (after) | |
|---|---|---|
| Monthly cost | ~$300 | ~$80 |
| Capacity headroom | ~1x | ~20x |
| Cost of 20x | ~$6,000/mo | included |
| Migration duration | 2 days, AI agent with human in the loop | |
| Cutover downtime | ~13 minutes | |
| Data loss | zero, verified table by table | |
The cloud honeymoon is real, and so is the morning after. If your workload is steady, your team is small, and your growth curve is measured in months rather than minutes, bare metal with a modern deployment platform on top is not a step backward. It is reading the conditions and picking the right wave.
WaveTrader now runs on hardware we can name, at a price we can predict, migrated by an AI agent in 2 days, with room to grow 20x before we think about infrastructure again. That is the whole trade.


