$ cat ~/.status
Last updated: 2026-05-03
Location: Vermont, USA
Building
- FreeBSD pf router — A self-built edge router and firewall at the heart of my homelab. ZFS root, pf, unbound, dhcpd, and WireGuard, all on a fanless 4-port mini PC. Tour the setup.
- Jail-isolated services — Moving DNS, monitoring, and VPN out of the router host and into VNET jails. One service, one dataset, one ZFS snapshot before every change.
- NixOS + K8s lab — A 3-node bare-metal Kubernetes cluster on Proxmox, configured declaratively in a private nix-config flake.
Running
- FreeBSD 14.x edge router with pf, unbound, dhcpd, ntpd
- NixOS on Proxmox — 3-node Kubernetes cluster, bare metal
- Monitoring: Prometheus, Grafana, Alertmanager
- WireGuard for road-warrior VPN back into the LAN
- ZFS everywhere with hourly snapshots and offsite send/recv
Learning
- Cilium eBPF networking — replacing kube-proxy on the cluster
- Talos Linux — immutable OS for k8s nodes
- FreeBSD VNET internals and bhyve
- IPv6 design for residential networks (real prefix delegation, not 6to4)
Writing About
- FreeBSD pf router build and operations
- pf.conf design — rules, NAT, anti-spoofing, logging
- FreeBSD jails for network services
- NixOS in production
- Kubernetes on bare metal
- AWS cost optimization (real numbers, not fluff)
Stack
$ cat ~/.stack
Edge: FreeBSD 14.x + pf + unbound
Servers: NixOS 24.11 (declarative)
Cluster: kubeadm + Cilium
Hypervisor: Proxmox + ZFS
Editor: Neovim
Shell: Zsh + Starship
Terminal: Wezterm
Monitoring: Prometheus + Grafana
Reading
- Re-reading The Design and Implementation of the FreeBSD Operating System end to end
- Working through Designing Data-Intensive Applications patterns in production
- Following NixOS RFCs and the Lix project
Not Doing
- Social media (mostly)
- Chasing every new framework
- Premature optimization
$ echo "Ship fast. Ship often. Ship boring."