Operation: Engineering

The Workshop.

Production-grade infrastructure engineering, AI-powered operations, and full-stack web development. Built on real hardware, proven in production.

Open Project Blueprint architecture
precision_manufacturing INFRASTRUCTURE AS CODE
FILE_PATH: /INFRA/TERRAFORM/* 17 WORKSPACES
dns
PROXMOX
hub
TALOS K8S
lock
VAULT
$ terraform plan -out=infra.plan
Plan: 25 to add, 0 to change, 0 to destroy.
MODULE_01

Infrastructure as Code

Fully declarative infrastructure using Terraform with the bpg/proxmox provider. Function-scoped workspaces isolate blast radius. Ansible handles post-provision configuration. GitLab CI orchestrates the pipeline with Vault JWT authentication.

  • check_circle TERRAFORM + ANSIBLE PROVISIONING
  • check_circle VAULT-CENTRIC SECRETS MANAGEMENT
  • check_circle GITLAB CI/CD WITH 8-STAGE PIPELINES
  • check_circle PACKER GOLDEN IMAGE TEMPLATES
MODULE_02

AI & MCP Integration

Custom MCP servers that let AI agents query live infrastructure state in natural language. 5 ingestion workers keep the semantic index fresh. SSH execution with safety-gated patterns prevents destructive commands.

QUERY LATENCY < 100ms
INGESTION WORKERS 5
  • check_circle SEMANTIC SEARCH OVER INFRASTRUCTURE
  • check_circle SSH CONNECTION POOLING
  • check_circle PARALLEL TREE WALKS FOR VM LISTING
MCP_TOOL_INTERFACE
query_homelab(query: str)
→ Semantic search across Proxmox, Terraform, Ansible
→ Live VM status via parallel tree walks
→ Cached results with 30s TTL
execute_command(host, command)
→ SSH pooling with health checks
→ Dangerous pattern blocking (rm -rf, dd, mkfs)
→ 30s timeout enforcement
hub CILIUM
sync FLUX CD
lock EXT SECRETS
route INGRESS
monitoring PROMETHEUS
policy KYVERNO
MODULE_03

Kubernetes & Platform

Immutable Talos Linux nodes managed declaratively via Terraform. Flux 4-tier GitOps reconciliation model with Cilium CNI, External Secrets Operator, Kyverno policies, and Trivy security scanning. 11+ apps deployed, zero kubectl applies.

  • check_circle IMMUTABLE TALOS LINUX (NO SSH)
  • check_circle FLUX 4-TIER GITOPS MODEL
  • check_circle CANARY DEPLOYMENTS WITH FLAGGER
FULL STACK

Web Development

Modern static sites with Astro and React, backed by Payload CMS. Deployed on self-hosted Kubernetes with Flux GitOps and Traefik ingress.

SELF-HOSTED PLATFORM
Cloudflare Tunnel → Traefik → K8s
Frontend Stack web
Astro SSG
v5.x
React Islands
v19.x
Tailwind CSS v4
@theme
Backend & Hosting cloud
Payload CMS v3
PostgreSQL
Traefik Ingress
TLS + Tunnel
Flux GitOps Deploy
4-tier

Our Foundations

Non-Negotiable Technical Standards

bolt

Idempotent

Every Terraform apply and Ansible playbook can run multiple times safely. No manual steps, no side effects.

lock

Vault-First

Zero hardcoded credentials. Every secret lives in HashiCorp Vault with JWT auth for CI and K8s auth for workloads.

cloud

Self-Hosted

Run on real hardware. No cloud vendor lock-in. Full control over data, networking, and security boundaries.

api

API-Driven

Proxmox API, Vault API, GitLab API, MCP protocol. Every system is addressable and automatable.

Ready to enter the Workshop?

Let's discuss your next infrastructure challenge.

BOOK A CONSULTATION VIEW THE VAULT