Real work on my own gear, written up honestly — including what broke. Each project links to its full post.

pfSense containment lab

A pfSense VM firewalling the Debian VM where my Claude Code agents run — egress rules allow internet-out and block every private range. Includes diagnosing a full outage caused by a Windows update silently re-enabling the hypervisor.

Read: Debugging a Dead VMware NAT and Hardening My pfSense Containment Lab →

Home network hardening

Baseline hardening and guest segmentation on an ISP-issued Arcadyan HWG2025: WPA3, WPS off, remote management off, two isolated zones, and the ISP-locked DNS workaround.

Read: Hardening and Segmenting My Home Network on an Arcadyan HWG2025 →

Virtual VLAN segmentation on pfSense

Three firewall-isolated zones — Trusted, IoT, and Guest — built entirely in VMs with no managed switch: an 802.1Q trunk into pfSense, per-VLAN subnets and DHCP, and least-privilege rules a single client proves by changing one tag. Includes the read-only Virtual Network Editor bug that silently ate every DHCP lease.

Read: Virtual VLAN Segmentation on pfSense — Three Isolated Zones, No Managed Switch →

BiggerBang — SPT mod port (TypeScript → C#)

An abandoned Single Player Tarkov trader mod, ported from the SPT 3.x TypeScript API to a compiled C#/.NET DLL for SPT 4.0 — five bugs fixed, released to the community.

Read: Porting a TypeScript Game Mod to C# and Hardening It for Community Release →

FoxWeaponSound — SPT mod port via Claude Fable 5

A 2022 JavaScript weapon-sound mod rebuilt as a .NET 9 DLL for SPT 4.0.13, driven end-to-end through Claude Fable 5 — which surfaced five bugs the original had shipped with for four years.

Read: Porting a Mod Through Claude Fable 5 →

Spec Grabber — system info desktop tool

A native desktop GUI (Python, customtkinter, psutil) that collects system and hardware info into a styled, self-contained HTML report. Security-hardened; packaged for Linux and Windows with PyInstaller.

Read: Created a SystemInfo Grabber Program with Claude AI →

LaMetric TIME on an isolated network

Live home-lab stats on a LaMetric Time display, bridged over MQTT through a cloud broker — the publisher VM and the display can’t reach each other on the LAN by design, so both connect outbound and the isolation stays intact.

Read: Implementing LaMetric TIME to Network →

LaMetric display — real WAN throughput over SNMP

A follow-up that polls the lab’s pfSense firewall over SNMP for real WAN in/out rates and adds them to the display — reading a host’s own gateway without breaking the isolation, plus the counter that proves the numbers are live.

Read: Implementing LaMetric TIME to Network Part 2 →

Prometheus + Grafana observability stack

The dashboard layer under the LaMetric glance: Prometheus scraping the Debian VM and the pfSense firewall, Grafana drawing live graphs with history — all on one isolated VM, bound to localhost, reusing the SNMP work from the previous project.

Read: Building a Prometheus and Grafana Observability Stack for My Home Lab →

Cross-device Claude Code sync — MCP hub over Tailscale

A custom MCP server on the home-lab VM that a roaming laptop’s Claude Code can push notes to from any network — linked over a Tailscale mesh with no inbound ports opened, a deliberately narrow tool surface, and the lab’s isolation left intact.

Read: Syncing Claude Code Across Devices with a Custom MCP Hub over Tailscale →

Hardening the Debian lab VM

An honest security audit of my own automation VM — even behind pfSense — and the fixes: automatic updates, cutting exposed services, an nftables default-deny firewall with SSH and the MCP hub reachable only over Tailscale, and systemd sandboxing for the custom daemons.

Read: Hardening My Debian Home-Lab VM — Even Behind pfSense →

This blog

Hugo + PaperMod on GitHub Pages with a Claude Code publishing pipeline: raw notes in, finished post out — filed, committed, and deployed by one command.

Read: Self-Hosting a Hugo Blog with a Claude Code Publishing Pipeline →