Uses

My digital toolbox — the stuff that's survived real-world use. What started with a $50 Raspberry Pi in 2015 has evolved into a homelab and workflow that actually works for me. Living document. I update it when I change something significant.

The physical layer

Hardware

Desktop PC 2019 · self-built

Intel i9-9900K, 64 GB RAM, RTX 3090, 1TB NVMe + 8TB HDD. The 24GB VRAM handles 7B–34B LLMs comfortably. Killed a 2080 Ti overclocking for inference in 2020 — taught me to respect thermal limits.

Framework Laptop 2022 · DIY Edition

i7-1260P, 32 GB RAM, 1 TB NVMe, Ubuntu 24.04 LTS. After three laptops became e-waste because one component failed, the modular design won me over. More expensive than a Dell with similar specs — I value the right-to-repair philosophy.

LG 34WK95U 34″ ultrawide · 3440×1440

One seamless ultrawide beats dual 27″ monitors. Three vertical code panes side-by-side, no bezel gap. Game changer for monitoring dashboards.

Wooting 80HE keyboard · ~$185

Analog hall-effect keys. Thought it was marketing hype until I tried it. Per-key actuation points and analog input changed how I interact with my machine. Can't go back to mechanical.

Glorious Model O mouse · ~$50

67 grams. After years of heavy gaming mice and wrist pain, going ultralight was a revelation.

SteelSeries Arctis 7X+ headset · ~$150

Wireless that actually works. 30+ hour battery, comfortable for all-day wear, and the mic doesn't sound like I'm in a cave.

Chemex 10-cup + Baratza Encore coffee · $50 + $170

Good security engineering requires good coffee. Non-negotiable. The ritual of manual pour-over gives me time to think through problems.

The server rack

Homelab

Ubiquiti UDM Pro firewall · ~$380

Spent years with pfSense on repurposed hardware. UDM Pro isn't as flexible, but it's stable, fast, and I don't maintain another box. VLAN segmentation, IDS/IPS, DPI. Handles gigabit without breaking a sweat.

Dell PowerEdge R910 2017 · ~$800 used

Main hypervisor. 4× Xeon E7540 (48 threads), 256 GB RAM, ~400 GB ZFS pool. Runs Incus on Ubuntu 24.04 with BOSH-managed Cloud Foundry and Concourse CI. Sounds like a jet engine at full throttle. ~$150/month at idle — cheaper than equivalent cloud.

Raspberry Pi 5 ×3 · $80 each

Dual Pi-hole for DNS, Authentik for SSO, assorted auxiliary services. The ARM tax is real but power draw is negligible.

Raspberry Pi 4 2015 · the OG

The one that started it all. Still running after ten years. Handles Chrony NTP for the lab. Won't retire it out of principle.

The editor

Software & Development

Ubuntu 24.04 LTS daily driver

Tried Fedora for six months, kept breaking after updates. Ubuntu LTS is boring, which is exactly what I want on machines I depend on.

Incus virtualization

Fork of LXD after Canonical's licensing changes. Cleaner virtualization than ESXi for a homelab, less overhead than KVM alone.

Neovim editor

Switched from VSCode in 2023 after getting fed up with Electron memory usage. Lua config, LSP integration, terminal-native. Steep curve, worth it.

Astro static site framework

What this site is built with. Islands architecture, zero JS by default, excellent Markdown and MDX support. The sweet spot between Jekyll and Next.js.

Git + GitHub version control

Everything lives in git. Dotfiles, homelab configs, blog posts, scripts. If it's not in git, it might as well not exist.

Terraform infrastructure as code

Managed firewall rules as code. Best investment I made in automation. Turned "click 20 things in Ubiquiti's UI" into a reviewable pull request.

The perimeter

Security & Monitoring

Wazuh SIEM · self-hosted

Self-hosted SIEM for the homelab. Open source, integrates with CISA KEV and AlienVault OTX threat feeds. Detects real things, not just noise.

Bitwarden password manager · self-hosted

Self-hosted via Vaultwarden. Integrated with YubiKey for 2FA. If a service doesn't support 2FA, it doesn't get my data.

YubiKey 5C NFC hardware token · $55

Hardware-backed 2FA for everything that supports it. Two keys — one on my keychain, one in a safe as backup.

Pi-hole DNS filter · ×2 for HA

Network-wide ad and tracker blocking. Blocks ~40,000 malicious or privacy-invasive domains. Caught a smart bulb trying to phone home 47,000 times in one day.

Prometheus + Grafana + Loki observability stack

Metrics, dashboards, and log aggregation. Alertmanager pushes to ntfy for mobile notifications.

The assistants

AI & Coding Tools

Claude Code daily driver

Primary AI coding assistant. Strong at architecture, long-context reasoning, and multi-file refactors. Most of my AI-assisted work runs through this.

Codex / Gemini / OpenCode multi-model

Different models for different tasks — routed via Nexus Agents. Gemini for research, Codex for deep code analysis, OpenCode for privacy-sensitive work.

Ollama local LLM runner

Runs Llama, Qwen, and Mistral models locally on the 3090. Privacy-sensitive work never leaves my machine.

GitHub Copilot inline autocomplete

Inline completion in Neovim. Good for boilerplate, comments, and small refactors. Never trust it with business logic.

The subscriptions

Services

GitHub ~$4/mo · Pro

Where my code lives. Pro tier for private repos and Actions minutes. This site auto-deploys from GitHub Pages.

Cloudflare free tier

DNS, DDoS protection, edge caching. Free tier covers everything I need for personal projects.

Backblaze B2 ~$50/mo · off-site backup

Off-site backup for homelab. 3-2-1 strategy. Cheaper than S3, fast enough for nightly restores when needed.

SimpleLogin ~$3/mo

Email aliases for every service signup. When a company gets breached, I know who leaked my address. Compartmentalization reduces blast radius.

Running on my metal

Self-Hosted

Vaultwarden Bitwarden-compatible

Rust rewrite of Bitwarden server. Lighter than the official container, same clients, same features I actually use.

Authentik SSO / identity provider

Self-hosted SSO for homelab services. OIDC, SAML, LDAP. Integrates with everything that speaks standard identity protocols.

BookStack wiki · documentation

Homelab wiki. Procedures, runbooks, and "why did I configure this like that" notes. Future-me always thanks past-me for writing things down.

ntfy push notifications

Self-hosted push notification service. Alertmanager, cron jobs, and scripts all send alerts through it.

The shell

CLI Tools

Zsh + Starship shell + prompt

Modern shell, fast prompt. Starship is written in Rust and stays out of my way. Git status, exit codes, runtime indicators at a glance.

ripgrep (rg) replaces grep

Faster than grep, respects .gitignore by default, sensible defaults. I've genuinely forgotten how to use plain grep.

fd replaces find

Faster than find, friendlier syntax, respects .gitignore. The find command's argument order has haunted me for years.

bat replaces cat

Syntax-highlighted cat with line numbers. Looks better piped into less or used directly. Small quality-of-life win.

eza replaces ls

Modern ls with git integration and tree view. The successor to exa.

zoxide replaces cd

Directory jumper that learns your habits. z proj to jump to your most-used "proj*" directory. Saves hundreds of keystrokes a day.

fzf fuzzy finder

Fuzzy finder for everything — files, command history, git branches, process lists. Ctrl-R will never feel the same again.

tmux terminal multiplexer

Sessions survive SSH disconnects, split panes for parallel work, shared sessions for pair debugging. Can't work without it.

htop + btop + ncdu system monitoring

htop for process monitoring, btop when I want the pretty view, ncdu when I need to find what's eating my disk.

Last updated April 2026.