Uses

Hardware, software, and tools — homelab and daily driver.

Hardware

fw01 Firewall / Router

SuperMicro 1U, Intel E3-1230v2, 16GB ECC RAM. Running OpenBSD. Handles all pf firewall rules, VLANs, WireGuard VPN, unbound DNS, and relayd reverse proxy. The critical piece everything else depends on.

srv01 Primary Services

Dell PowerEdge R720, dual Xeon E5-2600, 64GB RAM. Main workload server — runs Prometheus, Grafana, Gitea, OpenSMTPD, Matrix/Conduit. Loud and power-hungry, but handles everything without complaint.

srv02 Media / Secondary

Dell PowerEdge R710. Jellyfin media server, game server VMs, secondary storage, authoritative DNS (nsd). The workhorse for anything that doesn't need to be bulletproof.

ws01 Workstation

Desktop, AMD Ryzen. Daily driver for development, terminal sessions, and homelab management. Running Fedora Linux.

Operating Systems

  • OpenBSD — fw01, this web server. Chosen for its security defaults, pf, and the fact that it does exactly what it says on the tin.
  • AlmaLinux / Rocky — srv01, srv02. RHEL-compatible for production workloads where SELinux and systemd are expected.
  • Fedora — Workstation. Stays close to bleeding-edge tooling without being Arch.

Networking

  • pf — OpenBSD packet filter. VLANs, NAT, geo-blocking, antispoof. The whole reason fw01 runs OpenBSD.
  • WireGuard — VPN for remote access. Simple, fast, auditable.
  • unbound — Recursive DNS resolver on fw01. Validates DNSSEC, blocks ad/tracking domains.
  • nsd — Authoritative DNS on srv02 for the ridgwaysystems.org zone.
  • relayd — OpenBSD reverse proxy in front of this site and internal services.

Infrastructure & Automation

  • Terraform — Cloud infrastructure (Azure, AWS). Anything that touches a cloud API gets IaC'd.
  • Ansible — Configuration management for Linux servers. Idempotent, no agent required.
  • Gitea — Self-hosted git at git.ridgwaysystems.org. Lightweight, fast, no subscription required.
  • Prometheus + Grafana — Metrics and dashboards for everything. Custom exporters for pf counters, ISP throughput, and hardware sensors.
  • Nagios — Service alerting. Opinionated but reliable — been running since before dashboards were cool.

Development

  • VS Code — Primary editor. Remote SSH extension makes working directly on servers seamless.
  • Go — Preferred language for infrastructure tooling and this site. Fast to compile, easy to deploy a single binary.
  • Python — Scripting, automation, quick data processing.
  • Bash / ksh — Bash on Linux, ksh on OpenBSD. Shell scripts for anything that doesn't need to outlast the week.
  • tmux — Terminal multiplexer. Multiple panes across multiple SSH sessions, always.

Self-hosted Services

  • OpenSMTPD — Mail server. Handles inbound and outbound for ridgwaysystems.org.
  • Matrix / Conduit — Self-hosted chat. Federated, encrypted. Currently migrating.
  • Jellyfin — Media server. No subscription, no phone-home, streams anywhere on the LAN.