My 2024: homelabs, pentesting, networking and more
What is this about
Like every year since I enter this field, I made a lot of progress. I’m a person who likes to have always a goal in mind and look for new heights, building more complex stuff, changing my thinking, meeting more incredible people.
I’m going to make a brief summary about my 2024, things that I enjoyed spending time, build and play with it.
Homelab
The most important and probably the thing with more changes than anything is my homelab here at home, in my last post regarding this I had only one (https://blog.jonathan.com.ar/build-your-own-homelab-with-a-raspberry-pi-zero-2-w-and-cloudflare-zero-trust) machine! And it was a tiny one
Now, you may ask how I ended like this?
Well everything started with only one of these smaller ones, I started by deploying some of my apps there and testing self hosteable products
I have some apps that I wrote in the past when I was learning web development and I’ll always use them for experiments I add random tools or concepts to that apps and adjust them for whatever I want to learn, some of them even got thought entire re-writes in other languages like TS → Golang.
Some of the apps are these
These projects help me not only learn new stuff for my daily experiments but to be a more competent professional in my current job, where I started as a JR DevOps, and now I’m SR DevOps/Consultant.
The jd-bun project reflects the actual quality of my project while I’m not even a developer anymore, these include
quality gate workflows, deployments, documentation
templates for pull_requests, issues, features, codeowners
pre-commit conventions in each of the projects
unit + integration testing for each of my projects
multiple ways to dockerize an app, hardening, arm7 + arm64 + x86_64
apparmor, seccomp, base + intermediary images, scratch, distroless
secrets as a service, error handling, schema validations
models, middlewares, code styling
Now across everything I had done in my homelab, most of the things were documented and explained + related in a private GitHub project that I have
Whereas you can see I have more than 100 issues closed in the past 2024, which some of them include a lot of work and explanations of how I ended up doing X, here is an example
Each issue maybe has more than 10 comments explaining what I had done there, which screenshots and stuff.
Right now I have multiple things running in here, these are only internal
Whenever I need to access to those things from outside my LAN, I have a WireGuard server running on my MikroTik
The internal things are encrypted via SSL with Let’s encrypt CA, via a DNS challenge and no need to expose ports or things to the internet. Before this, I had self-signed certs with my own CA, but having to load the cert in every decide on my network was not optimal.
For things that are exposed to the internet like for example my links page, they are protected with Cloudflare and exposed with Cloudflare tunnels
Page in action
About how these apps are running inside the machines well there were a lot of experiments there, I tried
pm2
docker standalone
docker swarm
k3s + rancher
systemd services
Also before my minipc arrived I tried proxmox inside one of the raspberry pies and used vm’s and LXC
What about deployments?
My repository with stuff looks something like this
Well I had also tried a lot of things, I’m going to list some of them
manual ssh to servers
bash scripts
ansible
ansible + terraform
github actions + ansible + terraform
argo cd / flush cd
I had even created a repository for some of my most frequent workflows https://github.com/jd-apprentice/jd-workflows/tree/main/.github/workflows, so I don’t have to modify them everywhere
I even have some frequent cronjobs that monitor performance, security and more.
Stress Testing
Vulnerability Scanning
SAST Scanning
Most of these actions are sent to either my gotify server
Or to a telegram chat where I also send stuff
What about backups?
Things are simple, I’m running cronjobs on each machine that save random stuff to telegram and sensitive stuff to a storage server I have + 2 separate disks with rsync.
And about the GitHub stuff that I have since there is a lot of issues and code there, I’m running a full clone to Gitea first 1 of each month
Also, there are some backups from my arch running in these servers but not part of the homelab hehe
What about monitors/alerts?
Alerts are at discord
There are alerts from
Cloudflare
Uptimekuma
Netdata
Gotify
For infra I’m using netdata since I have a few machines, but I’m thinking about migrating to ELK
For apps there is the kuma itself mentioned before.
At there are some handmade scripts that I made in the past when I only ran the small raspberries and I had no way to monitor outside stuff like dashdot that I’m still running in the ingress server
And the Cloudflare part?
Well in Cloudflare there are a few things. Let’s go there, foremost my main domain with his traffic
What I’m using from cloudflare?
dns
emails
waf
cache
r2
tunnels
Since at the beginning I was running everything including local things in Cloudflare I had a lot of applications rules to hide/protect things that I don’t wanted to expose to everyone
My reliable tunnel for exposing things to the internet safely
improve
And inside the servers?
What things I improve here?
Hardening
Scripting
Networking
Containers
Cronjobs
Systemd services
Troubleshooting
Well there are apps running in k3s like I mention before (Ignore the fact that these are running in the default namespace, I already move them properly the picture is old LMAO)
ofc there are also things running in docker standalone and swarm still, not everything needs to be inside k3s
And of course there is my worth proxmox
Here the PROD one (4c/4t, 16gb, 512gb storage)
And the development one which I was using for experiments and moving things to the production one right now
Everything here is managed with Terraform, and I’m saving the state inside a PG on the storage server + a backup on a R2 from Cloudflare.
One of the machines is acting as an Ingress and exposing things via Nginx Proxy Manager
This one is temporal but is Storage
What about networking?
Things that I got in touch in the last month
DNS
Subnets
Firewall filtering
VLANs
Interfaces
Bridges
Routing
DHCP Servers
VPN’s
I had at least broke everything like 7 times, which broke I mean I had no internet because of misconfigurations. Thank god I had backups every time I changed 1 thing, also MikroTik documentation is awesome.
Right now, the thing is something like this. Excluding the fact that I used other ranges
I have 4 VLANs, 3 tagged and 1 untagged, running with the MikroTik in a dual NAT (for now)
VLAN’s can still communicate to each other once I decide where I’m going to move the ingress machine or If I’m going to use one ingress for each VLAN
The k3s cluster only is there for the apps exposed to the internet, and I’m using these apps to monitor the load on the servers and get some metrics.
Pentesting
Why pentesting?
Good question, I can say that pentesting is not 100% related about what I’m currently doing (DevOps/SRE) but I say in my head, Hey! I want to understand how people can attack my apps and ended up expending around 3-4 months doing machines in HTB
The repository with everything is right here
Also, there is this MkDocs that contains every markdown
I managed to be invited as a Guest in a meeting of the HTB Argentinian community solving a machine live
Can be seen here https://www.youtube.com/watch?t=4479&v=zxmCYEddfeU&feature=youtu.be
Went to some events (and meet coworkers)
Made some appearances in global CTF’s
Also, some local ones
And the most important thing for me, I joined one of the best teams in Latin America https://d1stinct.com/ which at the time I’m writing this is the Top 1 in Argentina, outside of that I made some great friends that I love to be part of their lives.
My career growth
My entire 2024 was on the same company, so I’m going to use that as a reference
Moving along from my Software Developer role last year, I enter this company as a DevOps Engineer JR, which is my first Infrastructure experience, I’m really thankful for the opportunity, but I believe that my hardwork ended un being a good decision since I had the most growth of the entire team, thanks to the time I spent with my experiments and people around me always pushing me to be better every day.
Now let’s talk about my current role, currently I’m the referent of the DevOps team in one of the clients, being part of the architecture had expanded my mind and knowledge in a way that I’ll say no other role has the opportunity to do so, this because while being in touch with the developers and knowing the day by day problems, I’m also in contact with the executives and see the business needs and I can align my ideals to benefit everyone.
My responsibilities currently are beyond the DevOps, sometimes I act as a software architect since the role is needed, here are some of the things I do in my daily basis. (Copying and expanding from the linkedin)
1. Build guidelines for teams to follow best practices in development, infrastructure, and testing.
2. Design infrastructure, implementation, and technical documentation.
3. Ensure projects completion and build reports for stakeholders.
4. Enforce quality and security in the development process.
5. Satisfy applications architecture and business needs.
6. Technical interviews and seniority review.
7. Assistance and mentor of team members.
8. Code review and pair programming.
- First point
I wrote more than 50 pages of documentation (in a few months), videos and code examples, templates, PoCs about how everything should be done, from how commits should be done, names for repositories, process on how to request for X, how teams must behave in X situation, every time a new person entered the team we done our regular onboarding process and once I found something that was not “expected” I added that exception to the documentation.
- Second point
Even thought my initial role was not responsible for these sort of that those things I really enjoyed them and started doing it by myself but in later stages I ended up being asked or at least got considerated for an opinion for everything, which is some cases is not optimal but I’m glad people valuate my opinion.
- Third point
While my boss is the one who is asked to dates related to finish things, after being a referrer I started to understand the importante of ensuring completions in established deadlines and started focusing these things, while also helping in reporting stuff to the superiors of him.
- Four point
When I arrived here the CI/CD process only contain the build stage for the app and sonarqube report (without coverage). Now the entire CI/CD process contains
Testing (Unit, Integration, E2E if applies)
SAST (coverage included, stops the pipeline if quality gate is not passed)
Vulnerability scan (stops the pipeline if high+ vulnerabilities are discovered)
Secret managment for sensitive values
Re-usable workflow (templates)
- Fifth point
While most of the people/roles focus on their only task given, I’m doing that plus looking for that the business needs, speaking with executives, stakeholders and listening to them to ensure that I’m aligned with them.
- Six point
Although this was not part of my initial contract neither never mentioned, the client that I’m working on decided to invite me to the interviews because he belives in me (Happy Joni). Also I’m giving feedback for new people and helping to found/decide their seniority.
- Seven point
Whenever there is a new people on the team I always got call with thems (if they are technical) and do a quick tour about everything we have and provide them with documentation links, videos, documents, and everything needed, some of them are directly in my charge so I’m continuous work to make them improve and ensure they fell safe and can operate well.
Every 2 weeks I usually give meets/talks about new concepts that I’m including in the development process so developers can get in touch faster with things I’m adding.
- Eight point
Thanks to my hardwork and background as a developer, people often ask me to review their work because of my high quality for every process that I’m part of it. I’m also often in call to help people with their problems when they are stuck for too long.
Not current job related
Well I had done a lot of things but one of the most cool ones or at least my favorites were joining the RustlangES (https://rustlang-es.org/) community in which I become a active contributor
In which I gave a talk in the last few months https://www.youtube.com/watch?v=B9WX3VC9TG4
And I’m publishing blogs whenever I learn something cool https://blog.rustlang-es.org/articles/cargo-generate
Currently I’m helping with these things
- Build automations with GitHub Actions (reusable workflows)
- Create content for the community (blogs, talks, workshops)
- Networking management (waf, cache, analytics, etc)
- Advisories (vulnerable dependencies)
- Code quality and testing enforcement
Rustlang is not the only org I’m part of it :)
Certifications
Got github foundations at speedrun level (went into the exam with no prep and took me around 11 minutes) this is why I’m using github non stop for the past 4 years so this was no issue at all.
I’m thinking about taking the actions one and maybe security
Also I’ll give a shot to some of the kubernetes certs in this 2025.
Some of the random certs from Cloud Guru, also speed run level.
Also got in Completed some cool labsHTB and Tryhackme there is a lot of things like
Events
Not only I was part of the ekoparty that I showed a picture in the Pentesting section but also I participed in the nerdearla this year
but also the AWS cloud experience
and the global game jam (https://globalgamejam.org/games/2024/one-more-chance-2)
Conclusion
If you are here thank you so much for taking the time to read everything!
There is 100% a lot of things I’m missing but I tried my best haha
I’m still going to keep being a better version of me every day once I have no more room to improve, not only tecnical but as a person itself, while also helping others. Things are more fun when you have company to travel that path.
