Projects

Current Projects

Self-Hosted Headscale/Tailscale Mesh Network

Ansible role to deploy a self-hosted Headscale coordination server and automatically connect Tailscale clients across the infrastructure, replacing an OpenVPN deployment. This creates a peer-to-peer mesh, eliminating increased latency from routing through a central server.

Status: In Progress

M1 Deploy Headscale server with Let’s Encrypt TLS, auto-renewal via certbot cron, and automated pre-auth key generation
M2 Build multi-distro Tailscale client Ansible role supporting Debian/Ubuntu, Fedora, Rocky, and Arch with per-distro package repos and tailscale up --reset registration
M3 Connect personal devices (phones, desktop)
M4 Connect infrastructure servers (dedicated server, Proxmox, dev/sandbox VM)
Cleanup and push role to its own git repo
M5 Configure ACLs (policy file currently empty)
M6 Deploy to all machines
M7 Deploy to K3s

0%   M1   M2   M3   M4   M5   M6   M7  100%
|----|----|----|----|----|----|----|----|
[######################-----------------]

Automated Pigeon Loft

Automating the pigeon loft’s doors using an ESP32 and ESPHome powered by a solar system. The goal is to automate the trap and aviary doors.

This is a fairly large writeup with multiple parts being drafted.

Completed:

Solar setup(M1)
Power enclosure(M2)
Proto board(M3)
3D printed proto board holder
3D printed RS232-TTL board holder(M4)
Idler pulley: Mount and pulley(3D printed)
Motor pulley(M4)
Trap door

electronics

TODO:

Rolling track for doors(M6)
Mount motors(M7)
Design and print motor enclosure(M7)
Door limit switches(M7)
Water level detector
Paint solar mount

0%   M1   M2   M3   M4   M5   M6   M7  100%
|----|----|----|----|----|----|----|----|
[###################--------------------]

Completed Projects

Automate K3s and Node Upgrades

Ansible playbooks for zero-downtime K3s binary upgrades and OS-level patching across a 5-node cluster (3 masters, 2 workers), processing one node at a time with proper pod eviction.

Status: Complete

Rolling K3s upgrade that checks current version, downloads target release from GitHub, replaces /usr/local/bin/k3s, cordons/drains the node, restarts the k3s or k3s-agent systemd service, uncordons, and verifies the new version one node at a time
OS patching with reboot runs yum check-update, skips nodes with no updates, drains the node, applies all package updates, reboots, polls node ready status, and then uncordons

Control K3s Deployments via Terraform

Status: Complete

5-node cluster (3 masters, 2 workers)
Longhorn for persistent storage
Cloudflare Tunnel (2 replicas) exposing services externally
ArgoCD for GitOps via Helm
System Upgrade Controller for automated K3s upgrades
kube-prometheus-stack (Grafana, Prometheus, Alertmanager)
InfluxDB v2 for time-series data
Blocky DNS (3 replicas) for ad-blocking
Self-hosted Docker registry with TLS
Applications: Navidrome, SearXNG, Rundeck, Health Tracker, Selenium Grid

Use Ansible for Personal Servers

Fully manages all personal infrastructure at the OS level using Ansible, covering Proxmox VMs, external VPS instances (Vultr, OVH), and Headscale mesh networking. A common role enforces standard configurations across all hosts, with per-type roles for specific server functions. In February 2026, a replacement dedicated server was provisioned and completely configured via Ansible with no manual setup.

Status: Complete