# My 2024: homelabs, pentesting, networking and more

# What is this about

Like every year since I enter this field, I made a lot of progress. I’m a person who likes to have always a goal in mind and look for new heights, building more complex stuff, changing my thinking, meeting more incredible people.

I’m going to make a brief summary about my 2024, things that I enjoyed spending time, build and play with it.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736648425054/0113f7c2-b55a-4ed7-aa88-54e3091b1525.jpeg align="center")

# Homelab

The most important and probably the thing with more changes than anything is my homelab here at home, in my last post regarding this I had only **one** (https://blog.jonathan.com.ar/build-your-own-homelab-with-a-raspberry-pi-zero-2-w-and-cloudflare-zero-trust) machine! And it was a tiny one

Now, you may ask how I ended like this?

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736648405456/2944a9fc-77c2-4e57-9896-8c3ee5ceb096.jpeg align="center")

Well everything started with only one of these smaller ones, I started by deploying some of my apps there and testing self hosteable products

I have some apps that I wrote in the past when I was learning web development and I’ll always use them for experiments I add random tools or concepts to that apps and adjust them for whatever I want to learn, some of them even got thought entire re-writes in other languages like TS → Golang.

Some of the apps are these

* [https://github.com/jd-apprentice/waifuland-api](https://github.com/jd-apprentice/waifuland-api)
    
* [https://github.com/jd-apprentice/waifuland-fe](https://github.com/jd-apprentice/waifuland-fe)
    
* [https://github.com/jd-apprentice/infobae-api](https://github.com/jd-apprentice/infobae-api)
    
* [https://github.com/jd-apprentice/libritos](https://github.com/jd-apprentice/libritos)
    
* [https://github.com/jd-apprentice/jd-bun](https://github.com/jd-apprentice/jd-bun)
    

These projects help me not only learn new stuff for my daily experiments but to be a more competent professional in my current job, where I started as a JR DevOps, and now I’m SR DevOps/Consultant.

The jd-bun project reflects the actual quality of my project while I’m not even a developer anymore, these include

* quality gate workflows, deployments, documentation
    
* templates for pull\_requests, issues, features, codeowners
    
* pre-commit conventions in each of the projects
    
* unit + integration testing for each of my projects
    
* multiple ways to dockerize an app, hardening, arm7 + arm64 + x86\_64
    
* apparmor, seccomp, base + intermediary images, scratch, distroless
    
* secrets as a service, error handling, schema validations
    
* models, middlewares, code styling
    

Now across everything I had done in my homelab, most of the things were documented and explained + related in a private GitHub project that I have

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736649263966/696642fa-c9ce-4669-954d-5fbc29d872fd.png align="center")

Whereas you can see I have more than 100 issues closed in the past 2024, which some of them include a lot of work and explanations of how I ended up doing X, here is an example

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736649881274/8c144223-751e-4ff6-95f3-aef87dadafaf.png align="center")

Each issue maybe has more than 10 comments explaining what I had done there, which screenshots and stuff.

Right now I have multiple things running in here, these are only internal

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736650029225/d3b0854f-5e4d-4318-9a23-200079ae9cf7.png align="center")

Whenever I need to access to those things from outside my LAN, I have a WireGuard server running on my MikroTik

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736655327575/15857c6b-580c-4f32-a622-08e234e19a77.png align="center")

The internal things are encrypted via SSL with Let’s encrypt CA, via a DNS challenge and no need to expose ports or things to the internet. Before this, I had self-signed certs with my own CA, but having to load the cert in every decide on my network was not optimal.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736650139152/63443e51-8393-442a-abda-d649110ec257.png align="center")

For things that are exposed to the internet like for example my links page, they are protected with Cloudflare and exposed with Cloudflare tunnels

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736650218914/07ba22cb-841b-406f-8ab9-64047f7b16a4.png align="center")

Page in action

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736650264698/3a2b534e-8405-47a0-b093-df246ed4108a.png align="center")

About how these apps are running inside the machines well there were a lot of experiments there, I tried

* pm2
    
* docker standalone
    
* docker swarm
    
* k3s + rancher
    
* systemd services
    

Also before my minipc arrived I tried proxmox inside one of the raspberry pies and used vm’s and LXC

## What about deployments?

My repository with stuff looks something like this

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651487819/b8180f78-1148-4f79-810a-ce7aabde8f41.png align="center")

Well I had also tried a lot of things, I’m going to list some of them

* manual ssh to servers
    
* bash scripts
    
* ansible
    
* ansible + terraform
    
* github actions + ansible + terraform
    
* argo cd / flush cd
    

I had even created a repository for some of my most frequent workflows [https://github.com/jd-apprentice/jd-workflows/tree/main/.github/workflows](https://github.com/jd-apprentice/jd-workflows/tree/main/.github/workflows), so I don’t have to modify them everywhere

I even have some frequent cronjobs that monitor performance, security and more.

### Stress Testing

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736650996131/27734a08-0da8-4482-b9aa-e8dd3c4b116c.png align="center")

### Vulnerability Scanning

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651024358/b8e8357b-46e7-4e6e-a6cb-032493f94cde.png align="center")

### SAST Scanning

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651109621/22a84ff4-a1b6-40a8-8563-34747f1a110d.png align="center")

Most of these actions are sent to either my gotify server

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651172404/97954732-65df-4c94-be49-5c79c91d552c.png align="center")

Or to a telegram chat where I also send stuff

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651264970/2ce6e5c1-fdf3-43e7-85c9-5bd4c2c641d2.png align="center")

## What about backups?

Things are simple, I’m running cronjobs on each machine that save random stuff to telegram and sensitive stuff to a storage server I have + 2 separate disks with rsync.

And about the GitHub stuff that I have since there is a lot of issues and code there, I’m running a full clone to Gitea first 1 of each month

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651553420/6a8dbbf8-d36e-4f4d-8a2c-d10de630bd6f.png align="center")

Also, there are some backups from my arch running in these servers but not part of the homelab hehe

## What about monitors/alerts?

Alerts are at discord

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736654758801/44de13e2-ead9-4532-8d47-d95b732cbac9.png align="center")

There are alerts from

* Cloudflare
    
* Uptimekuma
    
* Netdata
    
* Gotify
    

For infra I’m using netdata since I have a few machines, but I’m thinking about migrating to ELK

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651763176/167c9b82-5dcf-415e-8fdb-f1d043a6de6e.png align="center")

For apps there is the kuma itself mentioned before.

At there are some handmade scripts that I made in the past when I only ran the small raspberries and I had no way to monitor outside stuff like dashdot that I’m still running in the ingress server

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736654589419/d9140e97-56d9-46f6-a8dd-a09e2e00a7eb.png align="center")

## And the Cloudflare part?

Well in Cloudflare there are a few things. Let’s go there, foremost my main domain with his traffic

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736651979553/3dc6f8cd-f2e0-4356-9829-39816ab8295a.png align="center")

What I’m using from cloudflare?

* dns
    
* emails
    
* waf
    
* cache
    
* r2
    
* tunnels
    

Since at the beginning I was running everything including local things in Cloudflare I had a lot of applications rules to hide/protect things that I don’t wanted to expose to everyone

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736652243306/305a921e-70f8-41be-ba6a-8f7f29b54fc5.png align="center")

My reliable tunnel for exposing things to the internet safely

improve

## And inside the servers?

What things I improve here?

* Hardening
    
* Scripting
    
* Networking
    
* Containers
    
* Cronjobs
    
* Systemd services
    
* Troubleshooting
    

Well there are apps running in k3s like I mention before (Ignore the fact that these are running in the default namespace, I already move them properly the picture is old LMAO)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736652516198/8e4f2d54-6a90-4fec-bc7c-f98251a807be.png align="center")

ofc there are also things running in docker standalone and swarm still, not everything needs to be inside k3s

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736652583707/8f67127f-36cd-40ac-880b-5d284d3ef637.png align="center")

And of course there is my worth proxmox

Here the PROD one (4c/4t, 16gb, 512gb storage)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736652999880/0c669005-7760-4b80-8a3e-c1a5b9b6cb3e.png align="center")

And the development one which I was using for experiments and moving things to the production one right now

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736653075751/37b6c6d1-fa4f-49a5-8d12-8b51855a1d89.png align="center")

Everything here is managed with Terraform, and I’m saving the state inside a PG on the storage server + a backup on a R2 from Cloudflare.

One of the machines is acting as an **Ingress** and exposing things via Nginx Proxy Manager

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736653891062/305160b3-fe8d-4cdb-9a9d-fc9533563304.png align="center")

This one is temporal but is **Storage**

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736654006993/49b155ec-4627-4934-a562-223edb483759.png align="center")

## What about networking?

Things that I got in touch in the last month

* DNS
    
* Subnets
    
* Firewall filtering
    
* VLANs
    
* Interfaces
    
* Bridges
    
* Routing
    
* DHCP Servers
    
* VPN’s
    

I had at least broke everything like 7 times, which broke I mean I had no internet because of misconfigurations. Thank god I had backups every time I changed 1 thing, also MikroTik documentation is awesome.

Right now, the thing is something like this. Excluding the fact that I used other ranges

I have 4 VLANs, 3 tagged and 1 untagged, running with the MikroTik in a dual NAT (for now)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736654144064/fd222fcc-c4be-42de-b99b-7f1e7fa1ee8a.png align="center")

VLAN’s can still communicate to each other once I decide where I’m going to move the ingress machine or If I’m going to use one ingress for each VLAN

The k3s cluster only is there for the apps exposed to the internet, and I’m using these apps to monitor the load on the servers and get some metrics.

# Pentesting

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736660536053/c65ff4dc-cd6b-4c26-a0cc-5ee9538883ba.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736660598194/78462d56-de1a-4c2e-9c28-8ededa4ecebb.png align="center")

## Why pentesting?

Good question, I can say that pentesting is not 100% related about what I’m currently doing (DevOps/SRE) but I say in my head, Hey! I want to understand how people can attack my apps and ended up expending around 3-4 months doing machines in HTB

The repository with everything is right here

* [https://github.com/jd-apprentice/hack-the-box](https://github.com/jd-apprentice/hack-the-box)
    
* [https://pentest.jonathan.com.ar/](https://pentest.jonathan.com.ar/)
    

Also, there is this MkDocs that contains every markdown

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736655964682/916b6215-cc38-4e10-b530-2598d1bfb013.png align="center")

I managed to be invited as a Guest in a meeting of the HTB Argentinian community solving a machine live

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656220901/2b397889-6160-4990-ae4f-63e2a286b401.jpeg align="center")

Can be seen here [https://www.youtube.com/watch?t=4479&v=zxmCYEddfeU&feature=youtu.be](https://www.youtube.com/watch?t=4479&v=zxmCYEddfeU&feature=youtu.be)

Went to some events (and meet coworkers)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656685236/c85c682c-31fd-45d7-9365-70f384c02f95.jpeg align="center")

Made some appearances in global CTF’s

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656161433/08e8801e-3bd5-4988-86a2-f2762df57804.jpeg align="center")

Also, some local ones

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656274830/84d61b29-5407-49f7-9dda-8a4423f0a0a0.jpeg align="center")

And the most important thing for me, I joined one of the best teams in Latin America [https://d1stinct.com/](https://d1stinct.com/) which at the time I’m writing this is the Top 1 in Argentina, outside of that I made some great friends that I love to be part of their lives.

# My career growth

My entire 2024 was on the same company, so I’m going to use that as a reference

Moving along from my Software Developer role last year, I enter this company as a DevOps Engineer JR, which is my first Infrastructure experience, I’m really thankful for the opportunity, but I believe that my hardwork ended un being a good decision since I had the most growth of the entire team, thanks to the time I spent with my experiments and people around me always pushing me to be better every day.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656994338/9f4902fd-ddf9-4334-a5c2-86cc7246898f.png align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656963065/a5af95d7-90b5-4376-92a8-a4d8bf512629.png align="center")

Now let’s talk about my current role, currently I’m the referent of the DevOps team in one of the clients, being part of the architecture had expanded my mind and knowledge in a way that I’ll say no other role has the opportunity to do so, this because while being in touch with the developers and knowing the day by day problems, I’m also in contact with the executives and see the business needs and I can align my ideals to benefit everyone.

My responsibilities currently are beyond the DevOps, sometimes I act as a software architect since the role is needed, here are some of the things I do in my daily basis. (Copying and expanding from the linkedin)

1\. Build guidelines for teams to follow best practices in development, infrastructure, and testing.  
2\. Design infrastructure, implementation, and technical documentation.  
3\. Ensure projects completion and build reports for stakeholders.  
4\. Enforce quality and security in the development process.  
5\. Satisfy applications architecture and business needs.  
6\. Technical interviews and seniority review.  
7\. Assistance and mentor of team members.  
8\. Code review and pair programming.

1. First point
    

I wrote more than 50 pages of documentation (in a few months), videos and code examples, templates, PoCs about how everything should be done, from how commits should be done, names for repositories, process on how to request for X, how teams must behave in X situation, every time a new person entered the team we done our regular onboarding process and once I found something that was not “expected” I added that exception to the documentation.

2. Second point
    

Even thought my initial role was not responsible for these sort of that those things I really enjoyed them and started doing it by myself but in later stages I ended up being asked or at least got considerated for an opinion for everything, which is some cases is not optimal but I’m glad people valuate my opinion.

3. Third point
    

While my boss is the one who is asked to dates related to finish things, after being a referrer I started to understand the importante of ensuring completions in established deadlines and started focusing these things, while also helping in reporting stuff to the superiors of him.

4. Four point
    

When I arrived here the CI/CD process only contain the build stage for the app and sonarqube report (without coverage). Now the entire CI/CD process contains

* Testing (Unit, Integration, E2E if applies)
    
* SAST (coverage included, stops the pipeline if quality gate is not passed)
    
* Vulnerability scan (stops the pipeline if high+ vulnerabilities are discovered)
    
* Secret managment for sensitive values
    
* Re-usable workflow (templates)
    

5. Fifth point
    

While most of the people/roles focus on their only task given, I’m doing that plus looking for that the business needs, speaking with executives, stakeholders and listening to them to ensure that I’m aligned with them.

6. Six point
    

Although this was not part of my initial contract neither never mentioned, the client that I’m working on decided to invite me to the interviews because he belives in me (Happy Joni). Also I’m giving feedback for new people and helping to found/decide their seniority.

7. Seven point
    

Whenever there is a new people on the team I always got call with thems (if they are technical) and do a quick tour about everything we have and provide them with documentation links, videos, documents, and everything needed, some of them are directly in my charge so I’m continuous work to make them improve and ensure they fell safe and can operate well.

Every 2 weeks I usually give meets/talks about new concepts that I’m including in the development process so developers can get in touch faster with things I’m adding.

8. Eight point
    

Thanks to my hardwork and background as a developer, people often ask me to review their work because of my high quality for every process that I’m part of it. I’m also often in call to help people with their problems when they are stuck for too long.

## Not current job related

Well I had done a lot of things but one of the most cool ones or at least my favorites were joining the RustlangES ([https://rustlang-es.org/](https://rustlang-es.org/)) community in which I become a active contributor

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736659638830/8f5bec0d-9665-47f2-b341-da2c84cd95dd.png align="center")

In which I gave a talk in the last few months [https://www.youtube.com/watch?v=B9WX3VC9TG4](https://www.youtube.com/watch?v=B9WX3VC9TG4)

And I’m publishing blogs whenever I learn something cool [https://blog.rustlang-es.org/articles/cargo-generate](https://blog.rustlang-es.org/articles/cargo-generate)

Currently I’m helping with these things

\- Build automations with GitHub Actions (reusable workflows)  
\- Create content for the community (blogs, talks, workshops)  
\- Networking management (waf, cache, analytics, etc)  
\- Advisories (vulnerable dependencies)  
\- Code quality and testing enforcement

Rustlang is not the only org I’m part of it :)

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736659861889/78e7e8d6-e149-48b9-bdb6-8e6093df9be4.png align="center")

## Certifications

Got github foundations at speedrun level (went into the exam with no prep and took me around 11 minutes) this is why I’m using github non stop for the past 4 years so this was no issue at all.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736660016241/a2e102de-83c5-4525-b81f-926b2410c6d5.png align="center")

I’m thinking about taking the actions one and maybe security

Also I’ll give a shot to some of the kubernetes certs in this 2025.

Some of the random certs from Cloud Guru, also speed run level.

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736660203287/df03936b-7005-4ada-8fa4-999354bd1d98.webp align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736660249165/b6666415-dfaa-4e4a-bfb2-6bbf29b1cd46.webp align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736660293987/bc6a5fb3-b7c5-424d-9e38-1529a1441d5a.webp align="center")

Also got in Completed some cool labsHTB and Tryhackme there is a lot of things like

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736656122252/ed242330-7f34-4310-a3e0-5a29401b6cbc.jpeg align="center")

## Events

Not only I was part of the ekoparty that I showed a picture in the Pentesting section but also I participed in the nerdearla this year

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736661397142/4f472faa-f509-447d-8f89-9d9285843fd4.jpeg align="center")

but also the AWS cloud experience

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736661461041/a1eae7ce-c501-4a85-bc2f-fef4a1037901.jpeg align="center")

and the global game jam ([https://globalgamejam.org/games/2024/one-more-chance-2](https://globalgamejam.org/games/2024/one-more-chance-2))

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736661563366/2e22dcf3-1ba5-48ae-b276-490e2ba1179e.jpeg align="center")

![](https://cdn.hashnode.com/res/hashnode/image/upload/v1736661578717/cb6e4fc2-7093-46bd-8c20-61ffa63a4d58.jpeg align="center")

# Conclusion

If you are here thank you so much for taking the time to read everything!

There is 100% a lot of things I’m missing but I tried my best haha

I’m still going to keep being a better version of me every day once I have no more room to improve, not only tecnical but as a person itself, while also helping others. Things are more fun when you have company to travel that path.
