Node A — Falcon
AI / ML Compute
Ollama · OpenWebUI · ComfyUI · AnythingLLM
View Specifications →
Systems Engineer · Infrastructure & Security · Automation & Cloud
Seven years in IT operations taught me what keeps systems alive under pressure. Now I'm building it myself. The Alliance Fleet is a 25+ service, 3-node Proxmox cluster where I recreate enterprise infrastructure to learn by doing.
| Domain | Enterprise Experience | Alliance Implementation |
|---|---|---|
| Identity (IAM) | Active Directory, Google Workspace, user access governance across 200+ users. | Authentik SSO — centralized OIDC/SAML with MFA enforcement across 15+ services. Full audit trail. |
| Infrastructure | Backup solutions, patching, enterprise imaging, macOS/Windows fleet management via JAMF Pro & Intune. | 3-node Proxmox VE cluster with Corosync quorum, ECC memory for data integrity, NVMe Gen4 storage. |
| Networking | Enterprise VPN, firewall policies, DNS management, WAN optimization. | 4-VLAN segmentation (Mgmt/Services/IoT/DMZ) via UniFi Dream Machine with static-only trust zones and inter-VLAN firewall rules. |
| Security | Endpoint protection, compliance audits, Tier III incident triage and escalation. | Wazuh SIEM — brute-force detection, FIM, log aggregation. Automated threat response via n8n orchestration. |
| Observability | Monitoring dashboards, SLA reporting, alerting thresholds, capacity planning. | Telegraf → InfluxDB → Grafana pipeline. 10-second metric resolution. Used for real incident forensics (VFIO lockup RCA). |
| Remote Access | Enterprise VPN, Zscaler, conditional access policies. | Tailscale zero-trust mesh with subnet routing, ACL policies, and no exposed ports. |
AI / ML Compute
Ollama · OpenWebUI · ComfyUI · AnythingLLM
View Specifications →
Data & Operations
PostgreSQL · Authentik · InfluxDB · Grafana · n8n · Vaultwarden
View Specifications →
Network & Security
Wazuh SIEM · AdGuard DNS · Nginx Proxy Manager · UptimeKuma
View Specifications →
Each content type has a different purpose and voice. Projects show what I built. Writeups show how I think under pressure. The blog shows where I'm headed.
Projects
Architecture & implementation
Writeups
Incident forensics & postmortems
Blog
The Holocron Logs
Projects
Security
Automated threat detection, alerting, and auto-blocking using Wazuh + n8n + Discord webhooks. Manual monitoring doesn't scale.
Identity
Eliminated password sprawl with Authentik OIDC/SAML. 15+ services under SSO with 100% MFA enforcement and full audit logging.
AI/ML
Local LLM inference via Ollama on RTX 4000 Ada with VFIO passthrough. 50 tok/s, 500+ document RAG pipeline. Zero data egress.
Incident Response
Diagnosed a silent hard lockup with zero local logs. Used external telemetry to trace root cause to a PCIe bus stall from an NVIDIA GPU under passthrough.
3-Node Proxmox VE Cluster · Corosync Quorum · 25+ Services
Why This Exists
"I built this to learn by doing. Every design decision mirrors production standards I saw across three enterprise environments. The goal is to understand why infrastructure works, not just how to configure it."
Carries the GPU for AI/ML inference — 20 GB VRAM handles 70B parameter models via Ollama in the Tantive-III VM.
ECC memory because it runs InfluxDB, PostgreSQL, and Wazuh — silent bit-flip corruption in time-series or auth data would poison monitoring and identity.
Network-edge services and Tailscale subnet router — keeping the security control plane on a dedicated node.
| VLAN | Name | Subnet | DHCP | Strategy |
|---|---|---|---|---|
| 10 | Management | 192.168.1.0/24 | Disabled | Hypervisors, switch, gateway UI. Static-only — prevents rogue device access. |
| 20 | Services | 192.168.20.0/24 | .100-.200 | All application workloads — AI models, SIEM, databases, identity, automation. |
| 30 | IoT | 192.168.30.0/24 | .100-.200 | Fully isolated — cannot initiate connections to Management or Services. |
| 40 | DMZ | 192.168.40.0/24 | Disabled | Public-facing reverse proxy ingress only. Static-only — every host explicitly provisioned. |
Network hardware: UniFi Dream Machine (gateway/firewall/routing), UniFi US-8-150W (PoE managed switch, VLAN trunking), UniFi Beacon HD (wireless).
External Request Path
Remote Access: Tailscale
Zero-trust mesh VPN with Node-C as the subnet router. No ports exposed to the public internet. ACL policies enforce least-privilege access per device and user.
Wazuh SIEM
Brute-force detection, file integrity monitoring, and log aggregation across all nodes. Custom detection rules being expanded. Alerts piped to Discord via n8n.
Authentik SSO/IAM
All 15+ internal services sit behind Authentik with OIDC/SAML integration and MFA enforcement. Every login logged. Zero-trust gateway enforced via Nginx Proxy Manager in the DMZ.
Telegraf → InfluxDB → Grafana
Observability pipeline. Telegraf agents on all nodes push CPU, memory, disk, network, and kernel metrics at 10-second intervals to InfluxDB. Grafana dashboards provide cluster-wide visibility.
n8n: Tactical Orchestration
API orchestrator for fleet maintenance, threat response, and notification pipelines.
// n8n workflow logic { "trigger": "Wazuh Webhook (POST)", "filter": "Reject if srcip ∈ 192.168.*", "action_1": "Block IP via firewall alias", "action_2": "Discord webhook alert" }
Tantive-III VM — Node A
Local LLM inference running Ollama and AnythingLLM on the RTX 4000 Ada (20 GB VRAM) via VFIO passthrough. 50 tok/s on 70B models. 500+ document RAG pipeline with OpenWebUI and ComfyUI for image generation. Zero data egress, all inference on-premises.
In Progress
Planned
Engineering documentation: incident forensics, infrastructure hardening, and systems troubleshooting from a working homelab.
Full blog at holocron-labs.tima.dev
Fetching transmissions...
Connecting to Ghost CMS
Node-A (Millennium Falcon) suffered a complete hard lockup with zero local crash artifacts — no kernel panic, no pstore dump, no journal entries. The culprit: log2ram held all logs in RAM and the instantaneous failure prevented disk sync, destroying 9 days of logs.
Investigation Timeline
journalctl -b -1 showed logs ending Jan 31. log2ram confirmed as the blind spotResolution
pcie_aspm=off pci=noaer — disables PCIe power state transitions and AER recovery attempts that can stall the busKey Takeaways
cat /proc/cmdline after reboot.
7+ years in IT operations. Now leveling up into systems engineering.
At Team Liquid, Stagwell, and Creative Artists Agency, I was the person who got the call when things broke. Tier III escalation across identity, endpoints, and infrastructure for globally distributed teams. That work taught me what resilience actually looks like in production.
The Alliance Fleet is where I put that experience to work. I recreate enterprise operations in my homelab to design, break, diagnose, and document real infrastructure. Every VLAN, every firewall rule, every monitoring pipeline exists because I wanted to understand why it works, not just how to configure it.
The proof is in the projects, the writeups, and the blog.
What I'm Building Toward
The principles I hold myself to:
These come from enterprise environments where outages had real consequences. I apply them daily in the Fleet.
Operational Record
2023 — Present
Team Liquid
Operate production systems for competitive gaming and corporate environments. Tier III escalation across identity, endpoints, and infrastructure. Manage access for 200+ users.
2021 — 2023
Stagwell
Kept enterprise IT systems and cloud applications reliable across a distributed agency network. Managed macOS and Windows fleets via JAMF Pro and Intune. Enforced security policy compliance.
2019 — 2021
Creative Artists Agency (CAA)
Managed asset lifecycle and procurement for the Los Angeles office and West Coast. Maintained Active Directory infrastructure. Led service desk operations and improved identity and escalation workflows.