Core Lab Infrastructure
The foundations under everything else: edge networking, provisioning, Git, docs, monitoring, logging, and the registry.
Edge Networking with pfSense
The front door: NAT for the private subnet, HAProxy as a reverse proxy, and TLS termination with a wildcard certificate.
The SSH Bastion (Jump Host)
Why every internal box is reached through one hardened jump host, and how the ProxyJump pattern works in practice.
Golden-Image VM Provisioning
Cloning one cloud-init template into consistent VMs: per-VM config injection, grow-on-first-boot, and a clean teardown flow.
Ubuntu VM Baseline & Tuning
The common baseline every VM gets: swap, the I/O scheduler, periodic TRIM, TCP congestion control, and kernel housekeeping.
Self-hosted Git with Gitea
Running your own Git forge: the server, repositories, and the API the rest of the platform automates against.
Documenting with BookStack
The wiki you are reading, documented: the web stack behind it and how content is organised into shelves, books, and pages.
Monitoring with InfluxDB & Grafana
The metrics pipeline: host telemetry into a time-series database, visualised and alerted on through dashboards.
Centralized Logging with Loki
One place for every log line: Loki as the store and Promtail agents on every host shipping syslog, journald, and application logs.
Self-hosted Private Registry
A private container registry with a web UI, authentication, and a weekly garbage-collection routine that uses a read-only maint...
The Lab, End-to-End
The 10,000-foot view: every moving part of the lab, how traffic flows from the edge to a pod, and where each service lives. Sta...
Principles & Lessons Learned
The reasoning newcomers rarely see written down: least-privilege credentials, TLS at the edge, bastion-only access, capacity tr...