domains · private networks · self-hosted services · hardware support

Systems I actually run.

I use this domain as a public record of the infrastructure work I do outside a formal job title. Most of it started as personal need: media libraries, remote access, file sharing, game servers, smart home sensors, backups, and computers I was responsible for fixing because there was no support line to call. Over time it turned into a private small-business-shaped environment: DNS, mail records, access control, service hosting, storage decisions, user support, and failure recovery.

Overview

The short version of what this site is meant to prove.

I am careful about not overstating personal projects as enterprise experience. I do not run a business network with client SLAs. I do run a real environment where people other than me use services, where access has to be understandable, and where bad storage or bad routing choices create real problems.

A home lab can become a toy very quickly if the only goal is to install more things. Mine is more practical than that. I care about whether the link makes sense to a non-technical user, whether the service comes back after a restart, whether data belongs on SSD or hard drive storage, whether a domain is sending mail correctly, and whether a private tool has any reason to be exposed to the public internet.

  • Domain and email administrationCloudflare DNS for two domains, Proton custom-domain mail, TXT verification, MX records, SPF, DKIM, DMARC, and external checks with MXToolbox.
  • Private access by defaultZeroTier for friend-facing services, Tailscale for personal/admin access, device approval, and segmentation between personal tools and shared tools.
  • Service ownershipPlex, MediaCMS, file sharing, Kasm, Audiobookshelf, Librum, ROMM, Immich, Home Assistant, and experimental server tooling across Windows, macOS, and Linux systems.
  • Support thinkingRemote hardware troubleshooting, PC build planning, non-technical user guidance, and reducing weird infrastructure into instructions someone else can follow.

Systems

Current machines and why each one exists.

Hardware is split by role, not by what looks most impressive on paper.
System Hardware OS Role
Primary workstation Ryzen 9800X3D, RTX 4070 Ti Super, 64 GB DDR5-6400 CL34, 2x 2 TB NVMe Windows Gaming, hardware testing, general workstation use, and anything that still effectively requires Windows because of anti-cheat or platform support.
Mac mini server M4 Pro, 24 GB unified memory, 500 GB internal storage, 8 TB NVMe over Thunderbolt 4, 2 TB USB HDD macOS Always-on low-power machine for CPU-heavy services, software work, AI work, Immich, SearXNG, and experimental tooling.
Portable terminal 13-inch M4 MacBook Air, 24 GB unified memory, 500 GB internal storage macOS Portable admin and software machine. Small enough to use anywhere, powerful enough that it does not feel like a compromise for terminal, browser, documentation, and remote work.
Main service host i5-8400, 32 GB DDR4, 1 TB NVMe, 8 TB HDD, 2.5 GbE NIC Windows with Arch Linux dual boot Main host for shared services. It has enough CPU for the work and user count, and enough storage for media and backups.
Parts and GPU host i3-10300, GTX 1070, 16 GB DDR4, 2x 500 GB SATA SSD, 1 TB SATA SSD Windows Older parts machine kept for workloads where a GPU matters or where spare SATA SSD capacity is useful. It is not the most efficient machine, so it runs only when the role justifies it.

Network note: I moved the main service host to 2.5 GbE because local transfers between NVMe-backed systems saturate a 1 Gb link badly enough to interfere with normal internet use. 10 GbE / dedicated local networking hardware is the planned future solution.

Services

What I maintain and what each service is for.

Internal hostnames and subdomains are intentionally not listed here.
Service Host Access Purpose
Plex Main service host Private network TV and movie library for me and a small group. ZeroTier keeps usage local from Plex's point of view without opening the service publicly.
MediaCMS Main service host Private network plus domain route Private video sharing without chat-app compression. It exists because I wanted something closer to a small private video site than a file dump.
Private file drop Mac mini or main service host Private network plus domain route Temporary file sharing with no practical size limit beyond my upload speed and storage. I am evaluating Erugo and SafeBucket for this role.
Kasm Workspaces Main service host Personal network only Remote browsers and VNC access into my machines, mainly for moving between systems without turning every machine into a separate workflow.
SearXNG Mac mini Personal network only Search endpoint for personal and agent-assisted research. It stays private because nobody else needs it.
Home Assistant Main service host Personal network only ESP32 and ESPHome sensor monitoring and automation for a grow tent: humidity, temperature, fan control, CO2, VPD, humidifier control, and light schedules.
Immich Mac mini Personal network only Phone photo backup and storage relief. This is part convenience and part keeping important photos in more than one place.
Audiobookshelf Main service host Private network plus domain route Audiobook server with progress syncing across devices. The library is large enough that centralizing it makes more sense than copying files around.
Librum server Main service host Private network plus domain route Ebook server, mostly for nonfiction where reading and re-reading works better than listening.
ROMM Mac mini Private network plus domain route ROM library management with browser play through EmulatorJS, mainly so saves and old playthroughs are not tied to whichever local machine I happen to be using.
Private automation tooling Mac mini and main service host Personal network only Research, planning, audit, and code-assistance workflows for personal projects. This stays off the shared network because it is not useful to anyone else.

Access model

How I keep things understandable without making them public.

I used to port-forward game servers and media services. I moved away from that because most of what I host is only meant for a few people. A private overlay network fits that reality better than a public door with more hardening layered on top.

ZeroTier is the shared network because onboarding is simple for non-technical users. Install the client, enter the network code, then wait for device approval. Tailscale is my personal/admin network because it fits my own devices and private tooling better.

The split is simple: shared services on ZeroTier, personal tools on Tailscale, public static pages on GitHub Pages, and no public port forwarding unless a service leaves me no reasonable alternative.

Layer Access Reason
Public Static sites only Public pages belong on GitHub Pages or similar hosting, not on my internal machines.
Shared private Approved ZeroTier devices Friends can access media, files, audiobooks, ebooks, ROMM, and other shared services without seeing personal/admin tools.
Personal/admin Tailscale devices Admin interfaces, AI tooling, search endpoints, and remote workspaces stay in a narrower trust boundary.
Local host Machine-local or LAN-only Some services do not need a domain or a private-network route at all.

Support notes

Informal support, but real troubleshooting.

Remote hardware diagnosis

A friend's desktop would boot, then crash or blue-screen under load. A local shop wanted more than $150 just to diagnose it before doing any repair work. I did not have the machine in front of me. Everything was done through text messages, rough phone photos, and instructions written for someone who did not already know what details mattered.

The first problem was information quality. I had to work from partial views of the motherboard, PSU cables, RAM, cooler, and a spare donor system, then turn each next step into plain language. We started with memory, moved through individual modules, then cross-tested power delivery with an older PSU and the correct cables.

In about an hour and a half, I narrowed it down to three separate issues that were masking each other: unstable memory behavior, a power-related problem, and a CPU cooler mount or paste issue that changed depending on the physical orientation of the case.

That is the kind of troubleshooting I enjoy. The value was not one clever guess. It was isolating variables, keeping the user calm, and turning a vague "my computer keeps dying" problem into a clear repair path without making him pay just to find out where to start.

ConstraintNo bench access, only text and user-supplied photos.
TimeAbout 1.5 hours of guided troubleshooting.
OutcomeThree interacting faults isolated before any shop diagnostic fee.

Hardware advice before the purchase

I get asked about upgrades and prebuilts often enough that I treat it like support work. A bad purchase becomes a support problem later.

When I compare systems, I look at more than the loudest part on the spec sheet. CPU platform, GPU class, VRAM, storage, power supply, motherboard quality, RAM configuration, upgrade path, and actual use case all matter.

The goal is not to build the most expensive machine. It is to keep someone from paying too much for a system that will age poorly, be difficult to upgrade, or hide weak parts behind one impressive number.

Private services that normal people can use

I used to send people IP addresses and ports for private services. It worked, but it was a bad interface. If someone does not already think in networks, that kind of link looks more like a game server than a website.

That is a big part of why I moved toward domains, reverse proxying, and private network access. Media, file sharing, audiobooks, ebooks, and private tools are easier to use when the access path looks normal.

The technical work is routing, naming, and access control. The support work is making sure the person using it does not need to care about any of that.

Reliability

What I do now because I learned the hard way.

I lost data to RAID 0 when I was younger. It was fast, and it taught the wrong lesson until it failed. Since then I have cared much more about what data deserves protection, what can be recreated, and where speed is not worth the risk.

My current backup setup is practical rather than perfect: local redundancy for important data, selective cloud/offsite storage for irreplaceable files, and paid backup options kept in mind for data that would actually justify the cost. Most media can be recreated. Photos, project files, and configuration deserve more care.

For monitoring, I use a lightweight approach: service logs, OS auto-start, scheduled restarts where appropriate, graceful recovery where the app supports it, and Tautulli for Plex statistics. I do not claim to run a formal monitoring stack yet.

  • Security habitsBitwarden, MFA, recovery keys stored offline, private overlay networks, Proton services where privacy matters, and SSH keys treated as secrets instead of convenience files.
  • Storage habitsI pay attention to drive type, heat, endurance, QLC versus TLC, DRAM-less tradeoffs, SMR concerns, and whether a workload actually needs SSD speed.
  • Change habitsFor sensitive areas like BIOS settings or access control, I verify before changing. Guessing is fine for a disposable test VM, not for a system other people rely on.

Experimental work

Things that are useful, but not the front door.

Some projects are not clean resume lines, but they still show how I think through systems.

One current project is a custom vanilla World of Warcraft server lab. The useful professional translation is not the game itself. It is server administration, database-backed configuration, scripting, custom web tooling, process management, content rules, and testing a large set of interlocking changes without breaking the whole environment.

I also use AI-assisted coding and planning for some experimental projects, with clear limits. I treat those tools as scratchpads for exploring approaches and finding stress points before I commit to an implementation, not as a substitute for understanding, testing, review, or ownership. The systems still have to run, and I still have to know what changed when they do not.