Personal infrastructure documentation. I run a distributed self-hosted environment across 10+ nodes and 40+ containerised services — this repo is where I document what I build, how it works, and why certain decisions were made.
Not polished tutorials. Real notes from real setups, including the mistakes.
Infrastructure-focused engineer with 4.5 years of experience across QA, systems analysis, and hands-on infrastructure work.
Previous role (3 years, US-based company, remote): Worked across a broad scope — release testing (smoke, regression, server/client stack), Linux server administration via CLI, Discord bot development and automation in JavaScript/Node.js, API analysis with Postman, and daily cross-functional communication in English with an international engineering team.
Current role — Systems Analyst (since Dec 2024): Acting as the de facto infrastructure owner. Migrated all services from broken legacy shell scripts to Docker Compose, achieving 100% environment reproducibility across all factory nodes. Write Docker Compose files from scratch, debug failing containers in production under time pressure, configure container networking for internal service routing. Also cover technical documentation (API references, integration specs, release notes), functional and integration testing of industrial software releases, and requirements gathering with business stakeholders.
Outside of work, I operate a self-hosted infrastructure of ~100 containerised services across 5 nodes (2× Proxmox bare-metal + 3× VPS) as my primary learning environment — everything documented here.
Currently working through a structured DevOps course covering Docker, Ansible, GitLab CI/CD, Kubernetes, Kafka, Monitoring, and Terraform. Course homework tracked at github.com/eshkq/devops-homework.
Targeting a DevOps / Infrastructure Engineer role at a European company (remote or relocation).
Core stack: Linux · Docker · Proxmox VE · Traefik · WireGuard · Ansible · GitLab CI · Zabbix · Grafana · Bash
| Document | Description |
|---|---|
| restic-backup.md | Encrypted backups to S3-compatible storage with restic — PostgreSQL via stdin pipe + Docker volume directory |
| zabbix-monitoring.md | Zabbix 7.0 LTS monitoring over WireGuard mesh — Server + Proxy + Agents + Telegram alerts |
| gitlab-ci-pipeline.md | Modular GitLab CI/CD for Docker Compose stacks — shared pipeline repo, per-server runner tags, auto deploy + manual image update |
Full setup from bare-metal installation to the internal VM/LXC topology. See proxmox/README.md for the node overview and hardware specs.
| Document | Description |
|---|---|
| proxmox/01-install.md | Proxmox VE 9.1 installation via qemu on rescue system — ZFS Mirror, network interface fix, repository setup, firewall |
| proxmox/02-lxc-gateway.md | LXC gateway — Traefik v3 bare-metal, Cloudflare DNS-01 wildcard certs, DNAT from host |
| proxmox/03-crowdsec.md | CrowdSec IPS — local plugin bouncer for Traefik, AppSec WAF, global middleware on websecure |
| proxmox/04-vm-docker-gitlab.md | Docker VM — GitLab EE behind WireGuard mesh, Traefik reverse proxy, memory tuning |
| proxmox/05-vm-kasm.md | Kasm Workspaces VM — containerized browser and desktop sessions, mesh-only access |
More coming as I build and document things.
Proxmox bare-metal (home)
├── VMs and LXC containers
└── Docker host — Authentik, Immich, Grafana, Traefik,
CrowdSec, Vaultwarden, n8n, OpenWebUI,
Miniflux, SearXNG, Siyuan, Cloudreve,
qBittorrent, Dozzle, Diun, ...
(some containers egress via WireGuard tunnel
through the Eastern Europe VPS)
Proxmox bare-metal (dedicated, EU)
├── LXC gateway — Traefik, CrowdSec
├── Docker host — GitLab EE, GitLab Runner,
│ Container Registry, ...
└── VM — Kasm Workspaces
VPS (Eastern Europe)
└── Docker host — Mailcow, Matrix, Ente (2FA),
VictoriaMetrics, Traefik, ...
VPS (Central Europe)
└── Docker host — Zabbix Server, ...
VPS (Western Europe)
└── WireGuard mesh hub, Zabbix Proxy, Traefik
All nodes connected via WireGuard overlay mesh
Zabbix Agent 2 installed on every node
- Self-hosted over SaaS where it makes sense
- Privacy-first — data stays on infrastructure I control
- Everything in Git — configs, compose files, docs
- Document as you go — if it took time to figure out, write it down
- Explain decisions where possible — not just what, but why