Building reliable infrastructure, automation, and deployment workflows one practical system at a time.
I’m drawn to the parts of software delivery that sit below the interface: Linux, networking, infrastructure as code, CI/CD, and the steady operational habits that make systems easier to run and easier to trust.
I like poking around the weird layers underneath apps until I accidentally become emotionally attached to a Linux server.
The deeper I go into Linux, networking, containers, IaC, and deployment automation, the more I realize: complexity doesn’t disappear—it just gets distributed across layers you slowly learn to see.
I enjoy technical work that rewards curiosity, patience, and the ability to stare at logs until they eventually start making sense.
I also care about ownership—not in a buzzword sense, but in the practical DevOps way: if I build or touch a system, I want to understand it end-to-end, be responsible for how it behaves in production, and be the person who can actually debug it when it breaks at 2 AM.
I’m not trying to act like some 10x infrastructure wizard. I’m just out here slowly collecting practical skills, documenting what I learn, and trying to become the kind of engineer who can confidently say: “give me 20 minutes and I’ll probably figure it out."
Gated Proxmox Management via OPNsense
Strongest case studyPart-time infra projectA hardened virtualized network design that moves hypervisor administration behind a firewall VM and VPN-only access path.
Gated Proxmox Management via OPNsense
Strongest case studyPart-time infra projectA hardened virtualized network design that moves hypervisor administration behind a firewall VM and VPN-only access path.
The goal was to reduce direct management exposure while keeping rollback, baseline capture, and operator access clear enough for a risky network cutover.
What this project covers
- Designed a two-bridge Proxmox layout with a public WAN bridge and isolated private management bridge.
- Placed OPNsense between public ingress and private administration paths.
- Sequenced baseline capture, rollback prep, VPN validation, cutover, and post-cutover handover.
Compact schema
Sequence
Approve topology
Confirm bridge roles, address ownership, private subnet boundaries, and the VPN-first operator path.
Capture baseline
Record interfaces, routes, hostname behavior, access model, TLS state, and rollback requirements.
Build network base
Create public and private bridges, deploy OPNsense, enable private LAN services, and validate a test VM.
Validate VPN entry
Enable WireGuard, test external admin access, and keep management public until the private route works.
Cut over management
Move hypervisor administration to the private bridge and confirm the old public path is closed.
Harden and hand over
Document final access, certificate behavior, validation evidence, and recovery procedures.
What I learned
I learned that infrastructure hardening is mostly sequencing: prove recovery first, validate the new path second, and only then remove the old exposure.
Stack
Proxmox Provisioning Control Plane
ImplementedPart-time platform projectA containerized API and worker flow for requesting, validating, and provisioning virtual machines through a controlled interface.
Proxmox Provisioning Control Plane
ImplementedPart-time platform projectA containerized API and worker flow for requesting, validating, and provisioning virtual machines through a controlled interface.
This project turns manual VM creation into an API-backed workflow with validation, job tracking, and integration hooks for an internal low-code interface.
What this project covers
- Built a FastAPI service around Proxmox API operations and VM request validation.
- Used Docker Compose to run the API, database, and integration layer consistently.
- Separated request intake from provisioning work so failures can be tracked instead of hidden.
Compact schema
Sequence
Define request contract
Model VM inputs, environment values, and validation rules before touching the hypervisor API.
Containerize service
Package the API and supporting services with Docker Compose for repeatable local and server runs.
Add job handling
Track provisioning status through database-backed jobs instead of relying on one-shot scripts.
Integrate interface
Connect the request workflow to a low-code front end while keeping provisioning logic in the API.
What I learned
I learned how platform work changes when the goal is not just to create infrastructure, but to make the request path auditable and repeatable.
Stack
Proxmox Private VM Access with WireGuard
ActivePublic GitHub projectA public infrastructure lab that uses Ansible and Terraform to bootstrap private VM access behind WireGuard.
Proxmox Private VM Access with WireGuard
ActivePublic GitHub projectA public infrastructure lab that uses Ansible and Terraform to bootstrap private VM access behind WireGuard.
This project separates host preparation from VM lifecycle management: Ansible handles the Proxmox host baseline while Terraform manages VM resources.
What this project covers
- Used Ansible roles and playbooks for repeatable Proxmox host bootstrap.
- Used Terraform modules and environments for VM lifecycle boundaries.
- Added CI checks for Terraform formatting and Ansible syntax validation.
Compact schema
Sequence
Bootstrap host
Prepare Proxmox dependencies and baseline configuration with Ansible.
Define VM lifecycle
Use Terraform modules and environment folders to describe private VM resources.
Gate access
Use WireGuard as the administrative entry point for private resources.
Validate changes
Run CI checks before infrastructure definitions are treated as usable.
What I learned
I learned why IaC ownership boundaries matter: host state, VM state, and access paths should not be mixed into one unclear automation layer.
Stack
Web Security Chaos Toolkit
ActivePublic GitHub projectA DevSecOps-oriented CLI toolkit for orchestrating web audits, scanners, and controlled failure experiments.
Web Security Chaos Toolkit
ActivePublic GitHub projectA DevSecOps-oriented CLI toolkit for orchestrating web audits, scanners, and controlled failure experiments.
This project focuses on operational security workflows: repeatable scans, structured outputs, local lab services, and adapter-based tooling.
What this project covers
- Built a Python CLI with typed configuration and scanner orchestration.
- Used Docker Compose to run supporting security and chaos-testing services.
- Added tests, linting, typing, and pre-commit checks to keep the toolkit maintainable.
Compact schema
Sequence
Model audit workflows
Define CLI commands, configuration, and output formats before adding scanners.
Attach tool adapters
Wrap security tools behind consistent interfaces for repeatable execution.
Run local lab services
Use Compose-managed services for scanner and chaos-testing workflows.
Enforce quality gates
Use tests, linting, typing, and pre-commit checks to catch toolchain drift.
What I learned
I learned that security tooling becomes more useful when it produces consistent evidence instead of one-off terminal output.
Stack
Linux SysAdmin / System Engineer
Part-timeHelityEurope/BerlinDecember 2025 - Present
Linux SysAdmin / System Engineer
Part-timeDecember 2025 - Present
Supporting infrastructure and platform work across Proxmox-based systems, secure service deployment, and internal automation workflows.
- Designed and documented Proxmox VE networking around OPNsense, private VM bridges, DHCP/NAT boundaries, and WireGuard-based administrative access.
- Built a FastAPI provisioning worker that integrates Budibase, PostgreSQL, Docker Compose, and the Proxmox API for queued VM clone requests.
- Prepared Coolify, Traefik, CrowdSec, internal TLS, WAF verification, and operational notes for a secure self-hosted application platform.
- Created validation, rollback, and infrastructure collection scripts to make system changes easier to verify and recover.
Contributing to the team’s DevOps direction by improving development workflows, container practices, and security-focused automation.
- Introduced DevOps practices and alternative workflow approaches, including infrastructure as code, configuration as code, CI/CD, and documentation frameworks.
- Trimmed and optimized the team’s Docker-based PHP/Laravel development environment template to make local setup lighter and easier to maintain.
- Developed the Web Security Chaos Toolkit, a Python-based DevSecOps CLI for repeatable web audits, scanner orchestration, Docker Compose lab services, and structured security evidence.
Formal education entry
Degree or diplomaAdd your school or programAdd years attended
Formal education entry
Degree or diplomaAdd years attended
Replace this with your actual education background, concentration, and relevant coursework or capstone details.
- Mention any systems, networking, or software engineering coursework that supports your current goals.
- Note projects, labs, or group work that shaped your interest in infrastructure or automation.
Self-directed study path
Independent learningCourses, labs, and documentationOngoing
Self-directed study path
Independent learningOngoing
Acknowledge that practical lab work, documentation, and repeated experimentation are part of your education too.
- Study Terraform, Kubernetes, observability, and security-aware deployment practices through projects.
- Keep notes on what works, what breaks, and what needs deeper understanding.