Builds practical systems for infrastructure, automation, and deployment workflows.
A Linux system administrator working toward DevOps and platform engineering, with a strong interest in Linux, networking, Infrastructure as Code (IaC), CI/CD, and automation.
Most recent work revolves around Proxmox infrastructure, image pipelines, platform IaC, and building repeatable deployment workflows, with a growing focus on secure access, network boundaries, and reliable operations.
Outside of work, time is usually spent tinkering with side projects, exploring new technologies, or training in calisthenics.
Gated Proxmox Management via OPNsense
Implemented · HelityInfraOps projectA hardened virtualized network design that moves hypervisor administration behind a two-node OPNsense HA pair and VPN-only access path.
Gated Proxmox Management via OPNsense
Implemented · HelityInfraOps projectA hardened virtualized network design that moves hypervisor administration behind a two-node OPNsense HA pair and VPN-only access path.
The goal was to reduce direct management exposure while keeping OPNsense HA, firewall policy, rollback, baseline capture, and operator access clear enough for a risky network cutover.
What this project covers
- Designed a two-bridge Proxmox layout with a WAN bridge and isolated private management bridge.
- Placed OPNsense between external ingress and private administration paths.
- Deployed a two-node OPNsense HA pair with CARP virtual IPs (VIPs) on both the LAN and WAN so gateway and firewall failover stays transparent to clients.
- Built a dedicated isolated sync bridge for XMLRPC configuration sync and pfsync state synchronization, kept off the data paths to reduce blast radius and keep HA control traffic in its own fault domain.
- Kept WireGuard as the private administrative access path through the HA design.
- Handled firewalling on the OPNsense pair with policy governing ingress and inter-zone paths.
- Sequenced baseline capture, rollback prep, VPN validation, cutover, and post-cutover handover.
Compact schema
Sequence
Approve topology
Confirm bridge roles, address ownership, private subnet boundaries, and the VPN-first operator path.
Capture baseline
Record interfaces, routes, hostname behavior, access model, TLS state, and rollback requirements.
Build network base
Create WAN and private bridges, deploy OPNsense, enable private LAN services, and validate a test VM.
Stand up HA pair
Deploy the second OPNsense node, add the isolated XMLRPC and pfsync sync bridge, and validate CARP failover across LAN and WAN VIPs.
Validate VPN entry
Enable WireGuard, test external admin access, and keep the original management path until the private route works.
Cut over management
Move hypervisor administration to the private bridge and confirm the old exposed path is closed.
Harden and hand over
Document final access, certificate behavior, validation evidence, and recovery procedures.
Stack
Zabbix Monitoring Service
Implemented · HelityCustomer deploymentA monolithic Zabbix monitoring service deployed as a single-node control point for metrics and alerting across a customer fleet.
Zabbix Monitoring Service
Implemented · HelityCustomer deploymentA monolithic Zabbix monitoring service deployed as a single-node control point for metrics and alerting across a customer fleet.
Stood up the all-in-one Zabbix server and onboarded 8 client servers, rolling out Zabbix Agent 2 across them with Ansible for repeatable and consistent installation and configuration.
What this project covers
- Deployed a monolithic Zabbix server with the server, database, and web frontend on one node as the monitoring control point.
- Rolled out Zabbix Agent 2 to 8 client servers using an Ansible playbook for repeatable, uniform installation and registration.
- Standardized host and agent configuration so monitoring coverage is consistent and easy to extend to new hosts.
Compact schema
Sequence
Stand up Zabbix
Deploy the monolithic Zabbix server with the server, database, and web frontend on one node.
Define agent rollout
Create the Ansible path for repeatable Zabbix Agent 2 installation and configuration.
Roll out Agent 2
Use Ansible to install and configure Zabbix Agent 2 across the 8 client servers.
Verify monitoring
Onboard the hosts into Zabbix and confirm that the fleet reports into monitoring consistently.
Stack
Proxmox Platform Infrastructure as Code
Established · GitHubPlatform IaC projectA production-style Proxmox platform repository that separates image creation, network control-plane contracts, workload lifecycle, and guest configuration into explicit boundaries.
Proxmox Platform Infrastructure as Code
Established · GitHubPlatform IaC projectA production-style Proxmox platform repository that separates image creation, network control-plane contracts, workload lifecycle, and guest configuration into explicit boundaries.
This repository is designed as a secure multi-tier private cloud baseline on Proxmox, using Packer for immutable image construction, Terraform for layered infrastructure lifecycle, and Ansible for post-boot guest configuration.
What this project covers
- Split Terraform into `network`, `image-factory`, and `workloads` states to control blast radius and review scope.
- Defined a four-zone platform model with Proxmox Linux bridges at L2 and OPNsense as the routing and policy control plane.
- Published a Terraform-to-Ansible handoff contract and validation-only GitHub Actions pipeline instead of mixing deployment logic into CI.
Compact schema
Sequence
Establish platform contracts
Document architecture, scope, ADRs, naming, and lifecycle ownership before expanding implementation.
Build image factory
Use Packer to produce the reusable Debian-based image and template contract for downstream platform layers.
Split infrastructure states
Separate shared network fabric, template lifecycle, and workload provisioning into independent Terraform roots.
Provision zoned workloads
Model admin, edge, application, and data workloads against the OPNsense-backed four-zone network contract.
Hand off to configuration
Publish an Ansible-ready inventory output and keep CI focused on validation, formatting, and syntax safety.
Stack
Web Security Chaos Toolkit
Implemented · InfosoftInternal DevSecOps toolAn internal DevSecOps-oriented CLI toolkit built during my Infosoft internship for repeatable web audits, scanner orchestration, and controlled failure experiments.
Web Security Chaos Toolkit
Implemented · InfosoftInternal DevSecOps toolAn internal DevSecOps-oriented CLI toolkit built during my Infosoft internship for repeatable web audits, scanner orchestration, and controlled failure experiments.
This internship task focused on giving the team an internal security workflow tool: repeatable scans, structured outputs, local lab services, and adapter-based tooling.
What this project covers
- Built a Python CLI for internal audit workflows with typed configuration and scanner orchestration.
- Used Docker Compose to run supporting security and chaos-testing services.
- Added tests, linting, typing, and pre-commit checks to keep the toolkit maintainable.
Compact schema
Sequence
Model audit workflows
Define CLI commands, configuration, and output formats before adding scanners.
Attach tool adapters
Wrap security tools behind consistent interfaces for repeatable execution.
Run local lab services
Use Compose-managed services for scanner and chaos-testing workflows.
Enforce quality gates
Use tests, linting, typing, and pre-commit checks to catch toolchain drift.
Stack
Linux SysAdmin / System Engineer
Part-timeHelityGermany, EuropeDecember 2025 - Present
Linux SysAdmin / System Engineer
Part-timeDecember 2025 - Present
Supporting infrastructure and platform work across Proxmox-based systems, secure service deployment, and internal automation workflows.
- Designed and documented Proxmox VE networking around OPNsense, private VM bridges, DHCP/NAT boundaries, and WireGuard-based administrative access.
- Built a FastAPI provisioning worker that integrates Budibase, PostgreSQL, Docker Compose, and the Proxmox API for queued VM clone requests.
- Prepared Coolify, Traefik, CrowdSec, internal TLS, WAF verification, and operational notes for a secure self-hosted application platform.
- Created validation, rollback, and infrastructure collection scripts to make system changes easier to verify and recover.
Contributing to the team’s DevOps direction by improving development workflows, container practices, and security-focused automation.
- Introduced DevOps practices and alternative workflow approaches, including infrastructure as code, configuration as code, CI/CD, and documentation frameworks.
- Trimmed and optimized the team’s Docker-based PHP/Laravel development environment template to make local setup lighter and easier to maintain.
- Developed the Web Security Chaos Toolkit, a Python-based DevSecOps CLI for repeatable web audits, scanner orchestration, Docker Compose lab services, and structured security evidence.
Bachelor of Science in Information Technology
GraduateAugust 2023 - July 2026
Bachelor of Science in Information Technology
GraduateAugust 2023 - July 2026
Graduated with a focus on Linux, web development, cybersecurity, and machine learning while building a stronger foundation for DevOps and platform engineering work.
- Built fundamentals across programming, systems, web application development, and security-aware software practices.
- Used coursework and self-directed projects to connect Linux, infrastructure, automation, and practical deployment workflows.




