Real work on my own gear, written up honestly — including what broke. Each project links to its full post.
pfSense containment lab
A pfSense VM firewalling the Debian VM where my Claude Code agents run — egress rules allow internet-out and block every private range. Includes diagnosing a full outage caused by a Windows update silently re-enabling the hypervisor.
Read: Debugging a Dead VMware NAT and Hardening My pfSense Containment Lab →
Home network hardening
Baseline hardening and guest segmentation on an ISP-issued Arcadyan HWG2025: WPA3, WPS off, remote management off, two isolated zones, and the ISP-locked DNS workaround.
Read: Hardening and Segmenting My Home Network on an Arcadyan HWG2025 →
Virtual VLAN segmentation on pfSense
Three firewall-isolated zones — Trusted, IoT, and Guest — built entirely in VMs with no managed switch: an 802.1Q trunk into pfSense, per-VLAN subnets and DHCP, and least-privilege rules a single client proves by changing one tag. Includes the read-only Virtual Network Editor bug that silently ate every DHCP lease.
Read: Virtual VLAN Segmentation on pfSense — Three Isolated Zones, No Managed Switch →
BiggerBang — SPT mod port (TypeScript → C#)
An abandoned Single Player Tarkov trader mod, ported from the SPT 3.x TypeScript API to a compiled C#/.NET DLL for SPT 4.0 — five bugs fixed, released to the community.
Read: Porting a TypeScript Game Mod to C# and Hardening It for Community Release →
FoxWeaponSound — SPT mod port via Claude Fable 5
A 2022 JavaScript weapon-sound mod rebuilt as a .NET 9 DLL for SPT 4.0.13, driven end-to-end through Claude Fable 5 — which surfaced five bugs the original had shipped with for four years.
Read: Porting a Mod Through Claude Fable 5 →
Spec Grabber — system info desktop tool
A native desktop GUI (Python, customtkinter, psutil) that collects system and hardware info into a styled, self-contained HTML report. Security-hardened; packaged for Linux and Windows with PyInstaller.
Read: Created a SystemInfo Grabber Program with Claude AI →
LaMetric TIME on an isolated network
Live home-lab stats on a LaMetric Time display, bridged over MQTT through a cloud broker — the publisher VM and the display can’t reach each other on the LAN by design, so both connect outbound and the isolation stays intact.
Read: Implementing LaMetric TIME to Network →
LaMetric display — real WAN throughput over SNMP
A follow-up that polls the lab’s pfSense firewall over SNMP for real WAN in/out rates and adds them to the display — reading a host’s own gateway without breaking the isolation, plus the counter that proves the numbers are live.
Read: Implementing LaMetric TIME to Network Part 2 →
Prometheus + Grafana observability stack
The dashboard layer under the LaMetric glance: Prometheus scraping the Debian VM and the pfSense firewall, Grafana drawing live graphs with history — all on one isolated VM, bound to localhost, reusing the SNMP work from the previous project.
Read: Building a Prometheus and Grafana Observability Stack for My Home Lab →
Cross-device Claude Code sync — MCP hub over Tailscale
A custom MCP server on the home-lab VM that a roaming laptop’s Claude Code can push notes to from any network — linked over a Tailscale mesh with no inbound ports opened, a deliberately narrow tool surface, and the lab’s isolation left intact.
Read: Syncing Claude Code Across Devices with a Custom MCP Hub over Tailscale →
Hardening the Debian lab VM
An honest security audit of my own automation VM — even behind pfSense — and the fixes: automatic updates, cutting exposed services, an nftables default-deny firewall with SSH and the MCP hub reachable only over Tailscale, and systemd sandboxing for the custom daemons.
Read: Hardening My Debian Home-Lab VM — Even Behind pfSense →
This blog
Hugo + PaperMod on GitHub Pages with a Claude Code publishing pipeline: raw notes in, finished post out — filed, committed, and deployed by one command.
Read: Self-Hosting a Hugo Blog with a Claude Code Publishing Pipeline →