Projects & Builds
Personal Project
Auto-Updating Resume Pipeline
CI/CD pipeline that rebuilds and publishes a polished resume every single day via GitHub Actions. Containerized LaTeX rendering produces a versioned PDF artifact — the pipeline itself is the portfolio piece.
DevOps Infrastructure
Self-Hosted GitLab with CI Runners & TLS
Full GitLab Omnibus deployment with registered CI runners and automated TLS certificate management. Provides a private, fully-controlled CI/CD platform independent of any third-party SaaS.
Security Infrastructure
Authentik SSO with Traefik ForwardAuth
Full SSO layer using Authentik on a Docker MacVLAN bridge, enabling Traefik to delegate auth via ForwardAuth without network collisions. Supports OAuth token exchange across isolated container networks.
Personal Project
Astro Portfolio Theme
Content-first portfolio template where every page is driven by plain JSON files — no CMS, no database. Astro static builds with Tailwind CSS, multi-stage Docker CI, and one-command deploy to GitHub Pages, GitLab, Cloudflare, or self-hosted VPS.
Security Infrastructure
Transparent Nginx WAF on OPNsense
Transparent Web Application Firewall using Nginx on OPNsense with Caddy and Traefik failover — layer-7 inspection and active threat blocking for self-hosted services, with zero changes required at the application layer.
Personal AI Project
Automated Job Search AI Assistant
AI-powered agent that autonomously scrapes job listings, scores relevance against a target profile using an LLM, and delivers prioritized alerts. Removes the noise from job hunting entirely.
Personal Project
Hidden VPN That Looks Like a Website
Docker setup that deploys an HTTPS proxy disguised as a legitimate tech-company landing page. XRAY VLESS over WebSocket/TLS routes traffic through a convincing decoy site — six industry presets, browser-based terminal via ttyd, zero-SSH management.
Personal Project
VPN over Port 53
WireGuard VPN tunneled through port 53, iodine DNS tunnel as fallback, and CrowdSec as a behavioral DNS firewall. Bypasses carrier-level VPN blocking — nftables routes traffic, CrowdSec bans probers at the kernel level.
Security Infrastructure
Geofiltered IP Blocklist Aggregator
Aggregates multiple public IP blocklists into a single optimized firewall-ready list with VLSM compression and country-level geolocation filtering. Runs twice daily via GitHub Actions, compatible with OPNsense, pfSense, iptables, and OpenWRT.
Home Lab / Infrastructure
Proxmox Disaster Recovery System
Enterprise-grade automated backup and disaster recovery for Proxmox clusters. ZFS snapshots managed by Sanoid, VM-level backups via cv4pve, and off-site replication to Proxmox Backup Server 2 — fully hands-off.
Monitoring Infrastructure
Grafana + Alloy + Loki Observability Stack
Containerized full-stack observability: Grafana for dashboards, Loki for log aggregation, and Grafana Alloy as the OpenTelemetry-compatible collector — Docker Compose deployed with persistent storage and alerting rules.
Home Lab / Automation
After-Hours Network Lockdown — WiFi, Firewall & SSO on a Schedule
Three-layer automated network curfew: OpenWRT kills the WiFi radio, OPNsense firewall rules lock down VLANs, and Authentik time-based Python policies block app logins — all on schedule. Bonus: daily SSID rotation pulled from Voltaire with the password hidden in a math puzzle, and WAN MAC spoofing to reset DHCP identity on demand.
DevOps / Security
Docker Secrets & Vault Management
Secure secrets injection pipeline using Docker Secrets integrated with GitLab CI. Eliminates plaintext credentials from pipelines and repositories — secrets never touch disk unencrypted.
Systems Administration
Zammad Helpdesk Backup Automation
Self-contained Docker tool that exports a Zammad Knowledge Base entirely to a directory tree of Markdown files. Scheduled exports, compression, and off-site transfer — zero manual intervention.
Privacy Infrastructure
Cloudflare Email Routing & Aliasing
Privacy-first email alias system using Cloudflare Email Routing. Infinite unique inbound aliases route to a single private mailbox — no third-party dependency, no data leakage, fully automated.
Personal Project
Reticulum Mesh Network Demo
Self-contained Docker demo for Reticulum — a cryptographic mesh networking stack where your address is the hash of your public key. Runs encrypted shells, file transfers, and LoRa mesh radio demos from a browser terminal.
Privacy / Security
Tor Hidden Service with Vanity .onion
Automated Docker setup to host services on the Tor network with a custom vanity .onion address — no open ports required. Uses mkp224o for address generation and X25519 client auth for private access control.
DevOps / Automation
Traefik Docker Cron Scheduler
Toggles Traefik reverse proxy services on and off based on a configurable cron schedule. Useful for shutting down non-critical services during off-hours without removing their configuration.
Security Infrastructure
nzyme Wireless Security Monitoring
Deploys nzyme — a Java-based WiFi threat detection system using libpcap packet capture — to identify and physically locate rogue devices and attacks on wireless networks, with PostgreSQL backend and web dashboards.
Systems Administration
Proxmox 8→9 Upgrade Script
Safe, automated upgrade script for Proxmox VE 8 to 9 with pre-flight safety checks, cluster awareness, and Proxmox Backup Server compatibility — no manual steps, no surprises.
Personal Project
Animated Boot Screen Creator for Linux
Converts any MP4 video to a PNG sequence and packages it as a custom Plymouth boot theme for Linux. Automates frame extraction, theme config, and initramfs integration.
Storage Engineering
ZFS Storage & Snapshot Architecture
Optimal ZFS datastore design for Proxmox — pool layout, compression, deduplication, snapshot scheduling, and cluster-friendly dataset naming conventions that survive live migrations without I/O storms.
Network Engineering
OPNsense Multi-Site HAProxy + Unbound
Visual guide to routing multiple domains through a single OPNsense box using HAProxy for layer-7 traffic splitting, Unbound for split-DNS, DNSCrypt for encrypted upstream, and WireGuard for secure remote access.
Network Engineering
HAProxy Proxy Protocol to Traefik
Configures HAProxy on OPNsense to forward real client IPs through multiple proxy layers to Traefik using Proxy Protocol v2 — domain-based routing with full client metadata preserved end-to-end.
Network Engineering
OPNsense WireGuard Site-to-Site VPN
Full WireGuard VPN deployment on OPNsense for site-to-site tunnels and remote access — cryptographic key routing, firewall rules, DNSCrypt for encrypted resolution, and multi-site subnet routing.
Network Engineering
PowerDNS + Unbound DNS Infrastructure
Authoritative and recursive DNS infrastructure using PowerDNS with a web GUI for internal zones, and Unbound for DNSSEC-validating recursive resolution — fully self-hosted, no upstream provider dependency.
Monitoring Infrastructure
Docker MacVLAN Traefik Analytics
Docker MacVLAN network that gives Traefik direct physical interface access with real source IPs. Feeds un-NAT'd access logs through Promtail → Loki → Grafana for full visitor analytics without exposing the host network.
Home Lab / Infrastructure
Immich Self-Hosted Photo Platform
Complete Immich deployment on UnRAID with Docker — self-hosted Google Photos replacement with ML-powered photo analysis, duplicate detection, multi-user support, video compression, and NetBird VPN for remote access.
Privacy / Security
Piping Server — Ephemeral Secure Sharing
Self-hosted Piping Server that creates one-time-use encrypted data channels over plain HTTP. Used for secure file transfers, encrypted chat, and remote command execution — no special client software needed.
Security / DevOps
WAF Smoke Test Script
Lightweight shell script that tests Web Application Firewall effectiveness and fingerprinting by firing a battery of attack patterns — SQLi, XSS, path traversal, and more — to verify blocking rules are actually working.
Personal Project
DNS Image Transfer
Converts an image to Base64, splits it across multiple DNS TXT records, and stores the retrieval script in DNS itself. Download and reconstruct the image anywhere with just `dig` — no server, no HTTP.
Personal Project
Unique Password Hash Script
Generates repeatable, unique passwords for every service or website from a single master secret — no password manager required. Deterministic hashing means you can always reproduce the same password without storing it.
Client Project
Eclipse — Interactive Tourism Event Map
Custom web application for a tourism client featuring an interactive JavaScript-powered event map with filterable overlays, responsive layout, and client-branded design delivered to production.
Client Project
Chef Clash — Non-Profit Donor Platform
Full fundraising platform for a live charitable event — distinct donor and recipient user flows, event management, real-time updates, and custom branding. Designed and deployed end-to-end.
Client Project
Clearwave — Technology Company Site
Professional web presence for a technology sector client. Clean architecture, fast load times, conversion-focused layout — designed to communicate technical credibility and drive enterprise inquiries.
Client Project
Carterville — Municipal Government Site
Full municipal website for the City of Carterville. Resident-facing services portal, parks and recreation sections with aquatics and adult programming, ADA-compliant and mobile-first.
Personal Project
WheelSpin — Self-Hosted Random Selector
Self-hosted spinning wheel web application for randomly selecting outcomes. Fully configurable with custom entries, deployed via Docker for easy self-hosting.
Personal Project
Self-Hosted Interactive Map
Self-hosted web application for drawing and labeling geographic areas with persistent storage. Used for network maps, infrastructure diagrams, and geographic planning — no cloud dependency.
Personal Project
Zammad Browser Time Tracker Extensions
Chrome and Firefox browser extensions for tracking and submitting time directly to Zammad helpdesk tickets — eliminates context-switching, lets you log time without leaving the page you're working on.
Public Talk — SFS, Littleton CO
OpenWRT Network Infrastructure
Public presentation on custom router firmware ecosystems — comparing OpenWRT, DD-WRT, Tomato, and Gargoyle across 1,500+ supported devices. Covers build systems, package management, and network hardening.
Public Talk — BLUG, Boulder CO · May 2024
Web Confidentiality, Privacy & Security
Presentation at Boulder Linux User Group on safeguarding browsing experiences — covering fingerprinting vectors, tracker evasion, DNS-over-HTTPS, compartmentalization strategies, and hardened browser profiles for everyday use.
Public Talk — SFS, Littleton CO · August 2023
Automate Custom Deployments with Cloud-init
Demonstrated reusable Cloud-init templates for automating fleet system deployments — provisioning users, packages, SSH keys, and services from a single declarative config at first boot.
Public Talk — SFS, Littleton CO · December 2022
Self-Hosted Social Networking Services
Presented software solutions for running connected social networking services — Mastodon, ActivityPub federation, and self-hosted alternatives to corporate social platforms on private infrastructure.
Public Talk — SFS, Littleton CO
Homelab: Introduction to Self-Hosting
Beginner-to-intermediate guide on running personal infrastructure you own and control. Covers motivations (privacy, learning, custom solutions), a 4-step framework for getting started, hardware choices from Raspberry Pi to rack servers, and real-world use cases: home automation, media streaming, file storage, and password management.
Public Talk — SFS, Littleton CO
Enterprise Security Across All Devices
Five-part deep dive into open-source home network security: auditing Android traffic (TrackerControl, PCAPdroid, cert-pinning bypass), per-app outbound firewalls on every OS (OpenSnitch, Little Snitch, WFC), router-level visibility with ntopng and Suricata IDS/IPS, anonymous exit strategies (Tor, I2P, XRAY), and a hardened home network stack built on OpenWRT and OPNsense.
No projects in this category yet.