Overview
A self-hosted infrastructure platform I designed, built, and operate as my personal DevOps lab from the firewall up to deployment.
Edge & Perimeter
- OPNsense firewall as daily driver (3+ years) with Suricata IDS/IPS and ZenArmor application filtering.
- WireGuard VPN termination and Cloudflare-tunneled inbound access.
Compute & Services
- Multi-host Docker Compose topology across Debian and Alpine.
- Caddy reverse proxy fronting all internal services with automated ACME/Let’s Encrypt certificates.
- Encrypted DNS resolvers, a media stack, and rclone-backed cloud storage.
Custom Builds
- Compiled OpenWRT from source for Raspberry Pi-class edge nodes.
- Introductory Coreboot work on supported hardware.
What I Learned
- The importance of networking and security in implementation, regardless of the size of a project.
- The dangers of not having a separate development environment, and how this might upset potential clients.
- The costs associated with relying more on potential rather than practicality.