Featured Projects
Proxmox Infrastructure as Code
A comprehensive Infrastructure-as-Code (IaC) solution orchestrating the full lifecycle of heterogenous compute resources (LXC, Linux VMs, Windows VMs, K3s).
Key Technical Highlights
- Three-Phase Workflow: Strict separation of concerns: Terraform (provisioning), Ansible (configuration), and GitLab CI/CD (deployment).
- Zero-Trust Security: Automatic generation of unique ED25519 SSH keys per host with strict RBAC and no-root-login policies.
- 9-Stage CI/CD Pipeline: Includes ShellCheck linting, pre-flight infrastructure checks, automated backups, and checksum-based idempotency to skip unchanged services.
- Scale: Manages a 6-node High-Availability K3s cluster, production-grade DNS/AdBlock services, and multi-OS environments.
Technologies
Architecture Overview
flowchart LR
A[Terraform
Phase 1] -->|Provisions| B[Ansible
Phase 2]
B -->|Configures| C[GitLab CI/CD
Phase 3]
A -->|Creates Infrastructure| A1["• LXC Containers
• Linux/Windows VMs
• Generate SSH keys
• Output inventory"]
B -->|One-Time Setup| B1["• Create users
• Install Docker/Podman
• Harden SSH
• Setup /srv/docker/"]
C -->|On Every Push| C1["• Auto-detect changes
• Validate configs
• Deploy services
• Health checks"]
Enterprise Kubernetes Homelab
A self-healing, production-grade Kubernetes platform implementing the "App-of-Apps" pattern to manage the entire cluster state declaratively.
Key Technical Highlights
- Advanced GitOps Pattern: Utilizes ArgoCD ApplicationSets with Git directory generators for "zero-touch" onboarding of new applications.
- Custom Tooling (kryptos): Developed a custom Go CLI to handle secret lifecycle management, generating SealedSecrets with strong encryption and validation.
- Resiliency: Features fully automated monitoring, ingress management (Traefik), and distributed storage (Longhorn).
- 100% Declarative: Every component, from system namespaces to the 11+ deployed applications, is defined in Git.
Technologies
Architecture Overview
flowchart TB
Git[Git Repository
argo-apps] --> ArgoCD[ArgoCD
GitOps Controller]
ArgoCD --> AppSet[ApplicationSet
Git Directory Generator]
AppSet --> |Auto-discovers| Apps[Applications
apps/*]
Apps --> Infra[Infrastructure Layer]
Apps --> Services[Application Layer]
Infra --> Traefik[Traefik Ingress]
Infra --> Cert[cert-manager]
Infra --> Storage[Longhorn Storage]
Services --> App1[Affine]
Services --> App2[Home Assistant]
Services --> App3[FreshRSS]
Services --> App4[More...]
OCI Helm Chart Registry
A production-ready OCI-compliant Helm chart registry designed for modularity, testing, and secure distribution.
Key Technical Highlights
- Modern Distribution: Charts are packaged and published to an OCI registry, following modern Helm v3 standards.
- Cluster-Free Testing: Innovative CI pipeline that validates charts using helm template and PyYAML to ensure correctness without requiring a live K8s cluster.
- Idempotent Publishing: Automated pipelines with smart version detection (Semantic Versioning) to prevent overwrite conflicts and ensure release integrity.
- Catalog: Maintains 11+ custom-built production charts including complex stateful applications (PostgreSQL, generic microservices).
Technologies
CI/CD Pipeline
flowchart LR
charts[charts/
Chart.yaml
values.yaml
templates/]
gitlab[GitLab CI
5-stage
pipeline]
validate[Validate
Package
Publish
helm template
+ PyYAML]
registry[OCI Registry
homelab/
helm-charts]
charts --> gitlab --> validate --> registry
