Skip to content

Skills & Technologies

Languages

Rust

My main language for anything where I care about correctness and performance. I use it for backend services, CLI tools, and systems code where compile-time guarantees earn their keep.

Go

My go-to (pun acknowledged) for services that need to be up and boring fast. Clean standard library, simple deployment, fast iteration.

TypeScript / React / Next.js

For web frontends and full-stack apps. I prefer Next.js for anything with any meaningful server-side component.

Python

For scripting, automation, and anything ML-adjacent. Not my favorite for large systems but great for glue.

Shell (bash, zsh)

Daily driver for system administration and one-off automation. zsh on the workstation, bash in CI and servers.

Other

C#, C, PowerShell, Markdown. Still in the toolbox, just not where I spend most of my time anymore.

Kubernetes & Platform

k0s

Single-binary Kubernetes distribution. I run a single-node cluster on bare metal — simple, reproducible, fast to reinstall.

FluxCD (GitOps)

All cluster state reconciled from a Git repository. No manual kubectl, no drift. See homelab-k8s-fluxcd.

Cilium

CNI with eBPF. I use Cilium's L2 announcement feature instead of MetalLB/kube-vip for load-balancer IPs — one fewer component to run.

Traefik

Ingress controller. Automatic TLS with Let's Encrypt, IngressRoute CRDs, middleware chains for security headers.

CloudNativePG

Postgres operator. Every app that needs Postgres gets its own CNPG Cluster — backups, failover, and connection pooling handled by the operator.

OpenEBS ZFS-LocalPV

CSI driver that provisions each PVC as its own ZFS dataset on the host. Snapshots, quotas, and ARC caching all come for free.

SOPS + Age

Secrets encrypted at rest in Git. No plaintext secrets anywhere in the repo, enforced by Git hooks and CI.

Storage & Filesystems

ZFS

All persistent data lives on ZFS pools: a RAIDZ1 tank for bulk storage, a mirrored backup pool, and an NVMe pool for latency-sensitive workloads. Snapshots, compression, and scrubs are non-negotiable at this point.

Linux Administration

  • Minimal server builds (stripped-down Ubuntu for the homelab, Artix for the workstation)
  • Service management with dinit (workstation) and systemd (where it's unavoidable)
  • Performance tuning, kernel parameters, network tuning
  • Security hardening and SSH configuration
  • Shell scripting for automation

Networking

  • VLAN segmentation and firewall rules on OpnSense
  • Home VPN / mesh networking with Headscale (self-hosted Tailscale control plane)
  • Cilium L2 announcements for Kubernetes load balancers
  • Reverse proxying and TLS termination with Traefik

DevOps & CI/CD

Git

Daily driver. Branches, rebase, bisect, the works.

GitLab CE (self-hosted)

Running on the cluster. Hosts my code, runs CI, serves a container registry.

CI/CD Pipelines

GitLab CI for builds, tests, image pushes, and FluxCD-triggered deployments.

Security

  • Firewall configuration and VLAN isolation
  • VPN / mesh networking
  • Secrets management with SOPS + Age
  • System hardening and update management
  • Ethical hacking practice on TryHackMe

Containers

Docker

Image building, multi-stage builds, Compose for local development.

Kubernetes (general)

Pods, Deployments, StatefulSets, Services, Ingress, RBAC, CRDs, Helm, Kustomize. Covered in more detail under the Platform section above.

Infrastructure as Code

My current IaC stack is FluxCD (GitOps). I previously used OpenTofu / Terraform and I can still work with them — same mental model, different reconciliation point — but they're no longer my daily tool.

Hardware

PC Building

Component selection, assembly, thermal and airflow design, BIOS tuning, troubleshooting. I offer PC building and servicing through cherkaoui.ch.

Server Hardware

Maintenance, monitoring, component upgrades, storage planning.