Accomplishments

Piedmont Hosting — Full Cloud Platform (2025–Present)

Designed, built, and operate a production cloud hosting platform end-to-end: VPS, game servers, and web hosting with email. Every layer is my own work — from the colocated R730/R320 hypervisors and OPNsense network fabric up through the Stripe-backed Next.js customer portal and public REST API.

Platform: Next.js 14 App Router, Prisma, PostgreSQL, NextAuth with TOTP 2FA and recovery codes, multi-domain middleware routing, ~95 API endpoints.

Billing: Live Stripe integration with metered per-resource VPS subscriptions, fixed tiers for games and web hosting, promo codes, $10 signup credit via Stripe setup mode, automated dunning (3-day reminder, 7-day auto-termination), and idempotent webhook-driven order finalization.

VPS Provisioning: Custom mkvm pipeline (KVM + libvirt + cloud-init) supporting 9 Linux distros, dual-stack IPv4/IPv6, per-VM bandwidth QoS via tc, nftables-based cloud firewalls, snapshots, virtnbdbackup full backups, and hot-attachable VPC private networks on isolated Linux bridges.

Game Hosting: Pterodactyl API integration for 8 titles (Minecraft Java/Bedrock, Rust, Valheim, ARK, CS2, Palworld, Hytale) with free customer subdomains provisioned via the Cloudflare API.

Web Hosting: CloudPanel-backed shared hosting (WordPress, PHP, Node.js, Python, static) with automated Let's Encrypt SSL; mailcow for email with DKIM/SPF/DMARC.

App Marketplace: 24 one-click Docker Compose apps deployed over SSH on customer VPS, backed by a local Docker Hub pull-through cache.

Observability: Prometheus + Grafana with libvirt, SNMP, Blackbox, and node exporters; internal and external Uptime Kuma (off-site on a BisectHosting VPS so alerts fire even when the cabinet is down); self-hosted ntfy for mobile push.

Edge: Cloudflare Tunnel so the control plane has no inbound exposed ports.

Technologies: Next.js 14, Prisma, PostgreSQL, Stripe, KVM/libvirt, cloud-init, nftables, tc, Pterodactyl API, CloudPanel, mailcow, Cloudflare Tunnel, Cloudflare API, Prometheus, Grafana, Blackbox, Uptime Kuma, ntfy, nginx, Docker Compose, BGP/IPv6

Impact: Running production customer workloads today on owner-operated infrastructure, demonstrating end-to-end ownership of a real hosting business.

Links: piedmonthosting.com

High Heat Forge — Django E-Commerce Platform (2024–Present)

Built a complete custom Django 5.2 e-commerce platform from scratch for my father's bladesmithing instruction business. Full-stack solution with PostgreSQL, live Stripe checkout with server-side webhook finalization (survives customer browser close), atomic inventory decrements via SELECT FOR UPDATE, dynamic tax/shipping from an admin-configurable settings model, and comprehensive order management.

Integrated Calendly API for automated class booking across the course catalog. Implemented transactional email through a self-hosted mailcow (order confirmations, shipping notifications with USPS tracking, booking confirmations). Hardened with Django security headers (HSTS, secure cookies, SSL redirect), rate-limited auth/contact endpoints, honeypot spam protection, and email verification on signup.

Technologies: Python, Django 5.2, PostgreSQL, Stripe, Calendly, django-ratelimit, Tailwind CSS (compiled locally, no CDN), mailcow, nginx, Let's Encrypt

Impact: Taking real payments, booking real classes. Now runs on the web hosting tier of my own Piedmont Hosting platform.

Links: highheatforge.com

Automated VM Provisioning System (2024–Present)

Built and iteratively hardened the mkvm script that powers every Piedmont VPS. Parses concise resource specs (e.g. VR4x2x40 = 4 GB RAM / 2 vCPU / 40 GB disk), clones distro cloud images, generates cloud-init NoCloud seeds with SSH keys and network config, creates the libvirt domain, waits for cloud-init to finish, and applies bandwidth QoS via tc.

Supports Ubuntu 22/24, Debian 12, Rocky/Alma/CentOS 9, Fedora 42, openSUSE 15.6, and Arch. Distribution-specific quirks handled inline (Debian generic vs genericcloud, Fedora root-dir mode for StrictModes SSH, openSUSE nameserver injection, Arch's slower cloud-init).

Technologies: Bash, KVM/libvirt, cloud-init, qcow2, tc, nftables

Impact: End-to-end provisioning in under 60 seconds for most distros; Arch within 3 minutes. Consistent, repeatable, and fully automated.

Enterprise Monitoring Stack (2024–Present)

Built a full observability pipeline: Prometheus with a libvirt exporter for per-VM CPU/RAM/disk/network metrics, SNMP jobs for the Juniper EX3400 and OPNsense, Blackbox probes for WAN gateway latency and DNS provider reachability, and node exporters on every VM. Custom Grafana dashboards for the AceHost upstream latency, hypervisor health, customer VM usage, storage, and backup status.

Dual Uptime Kuma deployments — internal for ops and external on a BisectHosting VPS for the public status page — so a cabinet outage doesn't blind the alerting. Self-hosted ntfy pushes mobile alerts for failed provisioning, stuck services, backup failures, and webhook errors.

Technologies: Prometheus, Grafana, libvirt-exporter, Blackbox, SNMP, node_exporter, Uptime Kuma, ntfy

Impact: Every layer of the platform has a dashboard and an alert path.

Colocation Migration & Multi-Hypervisor Architecture (2023–Present)

Migrated from a home network to a proper colocation cabinet with a /27 of public IPv4 and a /64 of IPv6 delegated via BGP. Designed a clean three-VLAN layout: infrastructure (10.10.1.0/24 on the R320), DMZ / customer workloads (10.10.50.0/24 on the R730 with 1:1 NAT to public), and out-of-band management (10.10.100.0/24 for iDRACs). Customer VPC private networking lives on isolated Linux bridges (10.68.X.0/24) with hot-attach support on running VMs.

Keeping customer workloads physically separate from the portal/monitoring means maintenance on the R730 doesn't interrupt billing, docs, or observability.

Technologies: OPNsense, Juniper EX3400, KVM/libvirt, VLAN tagging, 1:1 NAT, BGP, IPv6 NDP proxy

Impact: Separation of concerns that survives individual host reboots and maintenance windows.

Comprehensive Infrastructure Documentation (2024–Present)

Every production system is documented in a self-hosted BookStack — 7 books covering architecture, the R730 tooling, the application stack, provisioning flows, monitoring, runbooks, and the public REST API. Updated continuously after every significant change so onboarding a future operator (or future me at 3 AM) is a matter of reading, not archaeology.

Technologies: BookStack, technical writing, network diagrams, runbooks

Impact: Institutional knowledge that survives context switches.

Professional Certifications

2024 Certification Achievement

Earned four professional networking and security certifications in a single year while working full-time:

All certifications remain current through 2027. Currently pursuing RHCSA (Red Hat Certified System Administrator) for Infrastructure Engineering and DevOps advancement.

Career Progression

Rapid Professional Growth (2023–2025)

Advanced from Network Engineer Tier 1 to NOC Engineer at a tier-1 network provider within 18 months:

Created training documentation at Segra that was used to onboard future hires.

Technical Skills Demonstrated