Technical
Repository
Deployment guides, architecture patterns, and reference configurations from 25+ years of enterprise infrastructure work.
Identity and Access
Guides and patterns for SSO, MFA, OIDC, LDAP, Active Directory, and identity platform design.
Deploy Authentik as a centralized identity provider on Kubernetes with HA PostgreSQL, integrate it with Traefik for forward auth, and configure SSO for self-hosted services.
Lessons from building and inheriting Active Directory environments since NT 3.51 -- covering tiered administration, trust models, PAM, and why most AD deployments are still running designs from 2003.
Network and Security
Firewall architecture, segmentation, VPN, and zero trust network patterns.
A balanced architecture combining identity, next-gen firewall inspection, and EDR/XDR for east-west data center traffic.
Practitioner-focused strategies for implementing NIST 800-171 controls in enterprise environments, from architecture through CMMC preparation.
Everyone talks about implementing zero trust. Almost nobody describes what the architecture looks like after you've actually achieved it. Here's what changes, what stays, and what most people get wrong.
Platforms and Virtualization
Hypervisors, clusters, storage layouts, and platform reference designs.
A practical guide to deploying a production RKE2 Kubernetes cluster on bare metal with Ceph CSI for persistent storage, Cilium for networking, and separated storage and workload networks.
An honest assessment of what belongs in containers, what doesn't, and where the line actually falls -- based on migrating production workloads from VMs to Kubernetes.
An honest assessment of Proxmox VE for enterprise workloads, evaluated from three perspectives: the homelab operator, the SMB, and the regulated enterprise.
Automation and IaC
Ansible playbooks, CI pipelines, container strategies, and repeatable automation patterns.
Automate DISA STIG compliance hardening for Ubuntu and RHEL systems using Ansible -- covering baseline configuration, audit policy, and the gap between automated hardening and actual compliance.
How to implement GitOps on a self-hosted Kubernetes cluster using ArgoCD for continuous delivery and GitLab as the Git source of truth -- with no cloud dependencies.
Production-ready Ansible framework for baseline configuration and policy management of Palo Alto Networks firewalls.
Resiliency and DR
Backup, disaster recovery, and continuity patterns across platforms.
A framework for designing disaster recovery architecture around recovery tiers, not vendor features -- covering RPO/RTO definitions, tier models, and the organizational decisions that determine whether DR actually works.
A practical breakdown of what to back up in a Kubernetes cluster, what's recoverable without backups, and how to build automated backup pipelines with CronJobs and external storage.
War stories and patterns from real disaster recovery failures -- what went wrong, why the plan didn't hold up, and what the recovery actually looked like.