Build Log
An engineer's build log. The real infrastructure work I do, with client and employer details kept out, alongside the labs I build to understand the big systems from the inside. I write up the why, not just the what.
Rebuilding Remote Access
The old OpenVPN setup wasn't broken. It was a pile of per-user certificates and a manual onboarding ritual. Here's the case for replacing it with a self-hosted WireGuard mesh tied to the directory, and the one rule that keeps the swap from becoming an outage.
- 1Why we're tearing out a VPN that worksMay 30, 2026
- 2The identity spine: Keycloak in front of an existing directoryJune 4, 2026
- 3The gateway: self-hosted NetBird behind Caddy, with a relayJune 8, 2026
- 4Routes and policy: giving the mesh the keys, one team at a timeJune 11, 2026
- 5Cutover without downtime: migrating users while the old VPN stays upJune 13, 2026
HPC Lab
Strip away the marketing and a supercomputer is five roles wired to a private network. Here's the mental model, and the groundwork for rebuilding a Sherlock-style HPC cluster on one Linux box.
- 1What an HPC cluster actually is (and how to fake one on a single box)June 9, 2026
- 2The two networks bare-metal guides skip, and booting the head nodeJune 10, 2026
- 3OpenHPC, Munge, and Slurm: wiring the cluster's brainJune 11, 2026
- 4Warewulf 4 and the art of treating servers as cattleJune 12, 2026
- 5The condo model and the money shot: watching Slurm preempt a jobJune 13, 2026
How to run a maintenance window without losing sleep
Eight VMs decommissioned, four teams consolidated, one new Windows server stood up. The window ran a day early, hit one real incident, and the post-window verify script passed clean. Here's the full story.