// systems & full stack
// capabilities
Low-level GNU/Linux development -- custom kernel configurations, hardened initscripts, specialized device firmwares, and embedded builds. Every system is tuned from the toolchain up for its exact workload and threat model.
Gentoo · Sourcemage · Lunar · LEDE · ALFS/CLFS · Buildroot · Yocto · Custom ToolChainsEnd-to-end LLM pipeline construction. Model fine-tuning with PyTorch, LoRA/QLoRA via bitsandbytes and peft. Inference served through Ollama, vLLM, and llama.cpp with GPU partitioning and batch scheduling. RAG systems wired with LangChain over ChromaDB or Qdrant vector stores. Embedding generation with sentence-transformers, quantized export through ONNX Runtime for edge inference. Automated workflows connecting model outputs to production APIs and monitoring via MLflow.
Ollama · PyTorch · vLLM · llama.cpp · LangChain · ChromaDB · Qdrant · sentence-transformers · ONNX Runtime · bitsandbytes · peft · MLflowFull lifecycle management of libvirt/KVM, Proxmox, and Incus environments. Container workloads on LXC, Docker, and containerd with firecracker micro-VM isolation for untrusted codepaths. Scaling from single bare-metal hosts to distributed multi-node clusters.
libvirt · KVM · Proxmox · Incus · LXC · Docker · containerd · firecrackerFull observability stacks -- metrics ingestion with Prometheus and VictoriaMetrics, log aggregation with Loki, distributed tracing with Tempo, alert routing through Alertmanager. Dashboards in Grafana with quantitative analysis and data visualization for complete stack visibility. Long-term storage and horizontal scaling via Thanos.
Prometheus · Grafana · Loki · Tempo · Alertmanager · VictoriaMetrics · ThanosFull-stack web applications with a focus on eCommerce platforms. Laravel backends with Bagisto storefronts, real-time UI via Livewire and Alpine.js, and SPA architectures through Inertia.js. Database layer on PostgreSQL with Redis for session and cache. Caddy-terminated with automatic TLS from staging through production.
Laravel · Bagisto · Livewire · Alpine.js · Inertia.js · PostgreSQL · Redis · Caddycustom computer systems -- consumer workstations, enterprise servers, edge compute nodes, and AI training rigs. Component selection matched to workload profiles, thermal design, IPMI/BMC out-of-band management, PXE boot provisioning, and burn-in stress testing before deployment.
Server · Edge · AI/GPU · Workstation · IPMI/BMC · PXEOn-site NOC and datacenter services across Massachusetts and New Hampshire. Hardware provisioning, structured cabling, rack-and-stack, PDU and UPS management, fiber runs with SFP+ optics, cross-connects, thermal assessment, and incident response.
MA · NH · On-site · PDU · UPS · Fiber · SFP+ · Cross-connectsCisco Meraki dashboard-managed switching and wireless, Mikrotik RouterOS for BGP routing and traffic shaping, OPNsense and pfSense for stateful firewalling with custom rulesets. VPN tunnel orchestration, VLAN segmentation, IDS/IPS deployment, and DNS-level threat filtering.
Cisco Meraki · Mikrotik · OPNsense · pfSense · BGP · VPN · VLAN · IDS/IPSCaddy and Nginx orchestration with LAMP/LEMP stacks. Kernel-level hardening with NF-tables, eBPF for runtime syscall filtering, mandatory access controls via grsec/pax, and application-layer threat mitigation through CrowdSec and Fail2Ban. Automatic certificate rotation with ACME.
Caddy · Nginx · NF-tables · eBPF · ACLs · grsec/pax · CrowdSec · Fail2Ban · ACME// written
Technical deep-dives from the field
// reference
Checklists, spreadsheets, configs, and research
// live from forgejo
Auto-synced with git.dcos.net/dcosnet