diff --git a/infrastructure/IDEAS.md b/infrastructure/IDEAS.md
new file mode 100644
index 0000000..d8ada94
--- /dev/null
+++ b/infrastructure/IDEAS.md
@@ -0,0 +1,36 @@
+# Infrastructure Ideas & Improvements
+
+Deferred infrastructure improvements tracked here. Items graduate to proper issues/tasks when prioritized.
+
+## Active
+
+### GlitchTip Error Tracking (ready to deploy)
+- **What**: Self-hosted Sentry-compatible error tracking on black (10.0.0.11:8800)
+- **Why**: No application error tracking exists — status-dashboard covers host metrics/health, not exceptions
+- **Status**: Docker Compose + systemd unit ready at `deployments/docker/services/glitchtip/`
+- **Next**: Deploy on black, create org/project, distribute DSNs to services
+- **RAM**: 256-512MB, PostgreSQL for storage, all-in-one mode (web + worker + beat)
+
+## Backlog
+
+### Redis Sentinel / Clustering
+- Current: standalone Redis per feature (SSO, marketplace, messaging, etc.)
+- Goal: High-availability Redis with automatic failover
+- Blocker: Not needed until production traffic justifies complexity
+
+### Database Connection SSL Enforcement
+- Current: Unencrypted connections within VPN (acceptable for LAN)
+- Goal: TLS for all PostgreSQL connections, even internal
+- Priority: Low while all traffic stays within WireGuard tunnel
+
+### Centralized Log Aggregation
+- Current: Per-service stdout logs, `./run dev:logs [service]`
+- Options: Loki + Grafana, or Seq, or Vector + ClickHouse
+- Goal: Searchable, correlated logs across all services
+- Pairs well with: GlitchTip (errors) + status-dashboard (metrics)
+
+### CDN for Static Assets
+- Current: Nginx serves static files directly from VPS
+- Goal: Edge caching for media, fonts, JS/CSS bundles
+- Options: Cloudflare (free tier), BunnyCDN
+- Blocker: Not needed until geographic distribution matters