Uses

Hardware, software, and tools — homelab and daily driver.

Hardware

fw01 Firewall / Router

SuperMicro 1U, Intel E3-1230v2, 16GB ECC RAM. Running OPNsense (FreeBSD-based). Handles all pf firewall rules, VLANs, WireGuard VPN, unbound DNS, and reverse proxy. The critical piece everything else depends on.

srv01 Primary Services

Dell PowerEdge R720, dual Xeon E5-2600, 64GB RAM. Main workload server — runs Prometheus, Grafana, Gitea, OpenSMTPD, Matrix/Conduit. Loud and power-hungry, but handles everything without complaint.

srv02 Media / Secondary

Dell PowerEdge R710. Jellyfin media server, game server VMs, secondary storage, authoritative DNS (nsd). The workhorse for anything that doesn't need to be bulletproof.

ws01 Workstation

Desktop, AMD Ryzen. Daily driver for development, terminal sessions, and homelab management. Running Fedora Linux.

Operating Systems

  • FreeBSD — srv01, srv02. Chosen for ZFS, jails, pf, and a clean coherent base system.
  • OPNsense — fw01. FreeBSD-based firewall/router OS. pf, WireGuard, unbound all built in.
  • AlmaLinux / Rocky — Linux VMs on srv02. RHEL-compatible for workloads where SELinux and systemd are expected.
  • Fedora — Workstation. Stays close to bleeding-edge tooling without being Arch.

Networking

  • pf — FreeBSD/OPNsense packet filter. VLANs, NAT, geo-blocking, antispoof. The whole reason fw01 runs what it does.
  • WireGuard — VPN for remote access. Simple, fast, auditable.
  • unbound — Recursive DNS resolver on fw01. Validates DNSSEC, blocks ad/tracking domains.
  • nsd — Authoritative DNS on srv02 for the ridgwaysystems.org zone.
  • nginx — Reverse proxy in front of this site and internal services.

Infrastructure & Automation

  • Terraform — Cloud infrastructure (Azure, AWS). Anything that touches a cloud API gets IaC'd.
  • Ansible — Configuration management for Linux servers. Idempotent, no agent required.
  • Gitea — Self-hosted git at git.ridgwaysystems.org. Lightweight, fast, no subscription required.
  • Prometheus + Grafana — Metrics and dashboards for everything. Custom exporters for pf counters, ISP throughput, and hardware sensors.
  • Nagios — Service alerting. Opinionated but reliable — been running since before dashboards were cool.

Development

  • VS Code — Primary editor. Remote SSH extension makes working directly on servers seamless.
  • Go — Preferred language for infrastructure tooling and this site. Fast to compile, easy to deploy a single binary.
  • Python — Scripting, automation, quick data processing.
  • Bash — Shell scripts for anything that doesn't need to outlast the week.
  • tmux — Terminal multiplexer. Multiple panes across multiple SSH sessions, always.

Self-hosted Services

  • OpenSMTPD — Mail server. Handles inbound and outbound for ridgwaysystems.org.
  • Matrix / Conduit — Self-hosted chat. Federated, encrypted. Currently migrating.
  • Jellyfin — Media server. No subscription, no phone-home, streams anywhere on the LAN.