diff --git a/src/index.html b/src/index.html index 6bcb637..a253e54 100644 --- a/src/index.html +++ b/src/index.html @@ -1,11 +1,13 @@ + Reese Wells - Self-Hosting & Infrastructure + @@ -30,452 +32,559 @@ -
- -
-
-

- Hi, I'm Reese Wells
- I build and maintain self-hosted systems -

-

- A systems-focused developer passionate about self-hosting, infrastructure automation, - and building reliable services that just work. From container orchestration to local AI, - I manage a full homelab stack from DNS to deployment. -

-
- - See My Projects - - - Get In Touch -
-
-
- - -
-
-
-
-
- Reese Wells -
-
-
-
-

About Me

-

Infrastructure, automation, and self-hosting

+
+ +
+
+

+ Hi, I'm Reese Wells
+ I build and maintain self-hosted systems +

- I'm a systems developer who thrives on building and maintaining self-hosted infrastructure. - My work spans the full stack of homelab operations: from OS image building with osbuild - and Ansible-driven deployments, to container orchestration with Podman quadlets and Kubernetes, - to local AI inference and observability. + A systems-focused developer passionate about self-hosting, infrastructure automation, + and building reliable services that just work. From container orchestration to local AI, + I manage a full homelab stack from DNS to deployment.

-

- I maintain two main repositories: one for documentation, notes, and tutorials on - self-hosted services, and another for the automation layer that deploys and manages - services across a fleet of servers. Every service runs as a rootless container with - dedicated systemd user sessions, backed by centralized BorgBackup. +

+ + See My Projects + + + + + Get In Touch +
+
+
+ + +
+
+
+
+
+ Reese Wells +
+
+
+
+

About Me

+

Infrastructure, automation, and self-hosting

+

+ I'm a systems developer who thrives on building and maintaining self-hosted infrastructure. + My work spans the full stack of homelab operations: from OS image building with osbuild + and Ansible-driven deployments, to container orchestration with Podman quadlets and Kubernetes, + to local AI inference and observability. +

+

+ I maintain two main repositories: one for documentation, notes, and tutorials on + self-hosted services, and another for the automation layer that deploys and manages + services across a fleet of servers. Every service runs as a rootless container with + dedicated systemd user sessions, backed by centralized BorgBackup. +

+
+
+
80+
+
Services
+
+
+
2
+
Domains
+
+
+
100%
+
Self-Hosted
+
+
+
+
+
+ + +
+

Experience

+

Where I've worked

+
+
+
+
+
+

DevOps Manager

+ Nimbis Services +
+ Jan 2022 – Present +
    +
  • Lead a high-performing DevOps team building microelectronics design services and + integrating cloud partner architectures with AWS.
    • +
  • Recruited and led an engineering team to deliver a machine learning platform in <1 + year, utilizing Langchain, PyTorch, and BERT to identify government contract patterns. +
    • +
  • Reduced new feature QA latency from one week to under 24 hours by containerizing complex + infrastructure and developing a custom CLI sandbox.
    • +
  • Led modernization of legacy Django systems using Pydantic, Vue 3, and DRF within strict + Authority to Operate boundaries.
    • +
  • Resolved critical SSSD bugs in collaboration with Red Hat and AWS regarding remote + authentication protocols via smart cards.
    • +
  • Developed management frameworks that enabled identification of "shadow teams," leading + to three successful organizational restructures.
    • +
+
+
+
+
+
+
+

DevSecOps Senior Engineer

+ Nimbis Services +
+ Mar 2021 – Jan 2022 +
    +
  • Engineered a novel version control system using Python for efficient S3 object + retrieval, enforcing malware scanning (ClamAV), data signing/chain of custody, and large + binary file branching.
    • +
  • Built an integrated SPA interface in Vue 3 with TypeScript/Vuetify to interact with the + proprietary version control system.
    • +
  • Utilized Terraform to define and deploy compliant, scalable cloud environments for DoD + Impact Level 5+ high-security requirements.
    • +
+
+
+
+
+
+
+

DevOps Engineer

+ Nimbis Services +
+ Jan 2020 – Jan 2021 +
    +
  • Implemented asynchronous malware scanning pipelines using AWS Lambda (containerized) to + process and secure files uploaded by engineering teams in real time via ClamAV.
    • +
  • Achieved significant reduction in file management upload overhead through + multi-threading, custom indexing solutions, and mtime validation.
    • +
+
+
+
+
+
+
+

Specialist, Information Risk Management

+ Nationwide +
+ May 2018 – Dec 2020 +
    +
  • Developed a web application leveraging BFG Repo-Cleaner to scan/remediate secrets in + internal Git repositories; prevented an estimated $500k+ in auditing fines.
    • +
  • Modified "PrivacyScanner" tools to detect and alert on leaked PII data within log + aggregators, preventing unauthorized exposure of sensitive user information.
    • +
  • Engineered a Django web platform that automated third-party assessment processes; + reduced cycle time from weeks to days through strict field validation.
    • +
+
+
+
+
+ + +
+
+

Skills & Expertise

+

What I work with

+

+ A broad toolkit focused on infrastructure, automation, and self-hosted services.

-
-
-
80+
-
Services
+
+
+
+

Container Orchestration

+

Rootless containers managed via Podman quadlets, Docker Compose, and Kubernetes clusters with + Helm charts.

+
+ Podman + Docker + Kubernetes + k3s +
-
-
2
-
Domains
+
+
+

Infrastructure Automation

+

Ansible playbooks drive deployments across a multi-server fleet with strict SOP ordering and + centralized configuration.

+
+ Ansible + osbuild + systemd + BorgBackup +
-
-
100%
-
Self-Hosted
+
+
+

Networking & DNS

+

AWS Route53 powers all DNS management with DDNS auto-updating, Caddy reverse proxy with + Route53 DNS-validated TLS, and dual-domain strategy.

+
+ Route53 + Caddy + Nginx + WireGuard +
+
+
+
🤖
+

Local AI & ML

+

Full local AI stack: Ollama, LiteLLM, LocalAI for inference, Langfuse for observability, with + CUDA and ROCm support.

+
+ Ollama + LocalAI + Langfuse + ROCm +
+
+
+
+

Python

+

Python is the backbone of the homelab: DDNS updates, fleet-wide deployment scripts, AWS + integration, and automation tooling with boto3, rich, and uv.

+
+ Python + boto3 + uv + mypy +
-
- -
-

Experience

-

Where I've worked

-
-
-
-
-
-

DevOps Manager

- Nimbis Services -
- Jan 2022 – Present -
    -
  • Lead a high-performing DevOps team building microelectronics design services and integrating cloud partner architectures with AWS.
    • -
  • Recruited and led an engineering team to deliver a machine learning platform in <1 year, utilizing Langchain, PyTorch, and BERT to identify government contract patterns.
    • -
  • Reduced new feature QA latency from one week to under 24 hours by containerizing complex infrastructure and developing a custom CLI sandbox.
    • -
  • Led modernization of legacy Django systems using Pydantic, Vue 3, and DRF within strict Authority to Operate boundaries.
    • -
  • Resolved critical SSSD bugs in collaboration with Red Hat and AWS regarding remote authentication protocols via smart cards.
    • -
  • Developed management frameworks that enabled identification of "shadow teams," leading to three successful organizational restructures.
    • -
-
-
-
-
-
-
-

DevSecOps Senior Engineer

- Nimbis Services -
- Mar 2021 – Jan 2022 -
    -
  • Engineered a novel version control system using Python for efficient S3 object retrieval, enforcing malware scanning (ClamAV), data signing/chain of custody, and large binary file branching.
    • -
  • Built an integrated SPA interface in Vue 3 with TypeScript/Vuetify to interact with the proprietary version control system.
    • -
  • Utilized Terraform to define and deploy compliant, scalable cloud environments for DoD Impact Level 5+ high-security requirements.
    • -
-
-
-
-
-
-
-

DevOps Engineer

- Nimbis Services -
- Jan 2020 – Jan 2021 -
    -
  • Implemented asynchronous malware scanning pipelines using AWS Lambda (containerized) to process and secure files uploaded by engineering teams in real time via ClamAV.
    • -
  • Achieved significant reduction in file management upload overhead through multi-threading, custom indexing solutions, and mtime validation.
    • -
-
-
-
-
-
-
-

Specialist, Information Risk Management

- Nationwide -
- May 2018 – Dec 2020 -
    -
  • Developed a web application leveraging BFG Repo-Cleaner to scan/remediate secrets in internal Git repositories; prevented an estimated $500k+ in auditing fines.
    • -
  • Modified "PrivacyScanner" tools to detect and alert on leaked PII data within log aggregators, preventing unauthorized exposure of sensitive user information.
    • -
  • Engineered a Django web platform that automated third-party assessment processes; reduced cycle time from weeks to days through strict field validation.
    • -
-
-
-
-
- - -
-
-

Skills & Expertise

-

What I work with

+ +
+

Featured Projects

+

What I've built

- A broad toolkit focused on infrastructure, automation, and self-hosted services. + A selection of projects from my homelab and deployment infrastructure.

-
-
-
-

Container Orchestration

-

Rootless containers managed via Podman quadlets, Docker Compose, and Kubernetes clusters with Helm charts.

-
- Podman - Docker - Kubernetes - k3s +
+
+
+
+
version: '3.8'
+
services:
+
  caddy:
+
    image: + caddy:2-alpine
+
    networks: +
+
      - default
+
    labels: +
+
      - "caddy.*.reeseapps.com"
+
+
+
+

Reverse Proxy Infrastructure

+

Caddy and Nginx reverse proxies serving all *.reeseapps.com domains with AWS Route53 + DNS-validated TLS. DDNS auto-updates IPv4/IPv6 records across the fleet.

+
+
+ Caddy + Nginx + Route53 + Podman +
+
+ + + + + +
+
-
-
-

Infrastructure Automation

-

Ansible playbooks drive deployments across a multi-server fleet with strict SOP ordering and centralized configuration.

-
- Ansible - osbuild - systemd - BorgBackup +
+
+
+
def update_record(domain):
+
  ipv4 = get_public_ip()
+
  record = route53.find(domain)
+
  if record.value != + ipv4:
+
    route53.update(record, ipv4)
+
    log(f"Updated {domain}")
+
 
+
# Run every 5 minutes
+
+
+
+

Dynamic DNS Service

+

Automated DDNS keeping AWS Route53 records updated for all servers. Manages dual-domain + strategy: reeseapps.com for public services and reeselink.com for internal + machine-to-machine connections.

+
+
+ Python + AWS CLI + Route53 + Podman +
+
+ + + + + +
+
-
-
-

Networking & DNS

-

AWS Route53 powers all DNS management with DDNS auto-updating, Caddy reverse proxy with Route53 DNS-validated TLS, and dual-domain strategy.

-
- Route53 - Caddy - Nginx - WireGuard +
+
+
+
from ollama import Client
+
 
+
client = Client("http://localhost:11434")
+
response = client.chat(
+
  model="llama3",
+
  messages=[...]
+
)
+
 
+
# LiteLLM proxy for unified API +
+
+
+
+

Local AI Stack

+

Complete local AI infrastructure: Ollama and LocalAI for inference, LiteLLM as a unified API + proxy, Bifrost for model routing, and Langfuse for observability. Supports both CUDA and + ROCm.

+
+
+ Ollama + LocalAI + LiteLLM + Langfuse +
+
+ + + + + +
+
-
-
🤖
-

Local AI & ML

-

Full local AI stack: Ollama, LiteLLM, LocalAI for inference, Langfuse for observability, with CUDA and ROCm support.

-
- Ollama - LocalAI - Langfuse - ROCm -
-
-
-
-

Python

-

Python is the backbone of the homelab: DDNS updates, fleet-wide deployment scripts, AWS integration, and automation tooling with boto3, rich, and uv.

-
- Python - boto3 - uv - mypy -
-
-
-
-
+
+
+
+
# Ansible playbook
+
- name: Deploy Gitea
+
  hosts: gitea
+
  tasks:
+
  - docker_compose_v2: +
+
    project_src: /opt/gitea
+
    state: + present
+
+
+
+

Deployment Automation

+

Ansible-driven deployment pipeline with strict SOP ordering (osbuild -> ddns -> caddy -> + nginx -> ntfy -> gitea). Each service runs as a rootless container with dedicated systemd + user sessions and centralized BorgBackup.

+
+
+ Ansible + Podman + systemd + Borg +
+
+ + + + + +
+
+
+
+
+
+
+
# Self-hosted services
+
- Immich # Photo/video management
+
- Jellyfin # Media streaming
+
- Nextcloud # Cloud storage & sync
+
- Gitea # Git service
+
- Matrix # Chat protocol
+
- Home Assistant # Smart home
+
- Pi-hole # DNS ad blocking
+
+
+
+

Self-Hosted Services

+

A diverse fleet of self-hosted services: Immich for photos, Jellyfin for media, Nextcloud for + storage, Matrix for chat, Home Assistant for IoT, and more. Each running as rootless Podman + containers with SELinux awareness.

+
+
+ Immich + Jellyfin + Nextcloud + Matrix +
+
+ + + + + +
+
+
+
+
+
+
+
# Kubernetes with k3s
+
- metallb # L2 load balancer
+
- longhorn # Distributed storage
+
- traefik # Ingress gateway
+
- external-dns # Route53 integration
+
- grafana # Metrics dashboards
+
- minecraft # Game server
+
+
+
+

Kubernetes Cluster

+

k3s and k0s Kubernetes clusters with MetalLB for L2 failover, Longhorn for distributed + storage, Traefik/Nginx ingress, cert-manager with Route53 DNS challenge, and Helm charts for + service deployment.

+
+
+ k3s + Kubernetes + Helm + MetalLB +
+
+ + + + + +
+
+
+
+
+
- -
-

Featured Projects

-

What I've built

-

- A selection of projects from my homelab and deployment infrastructure. -

-
-
-
-
-
version: '3.8'
-
services:
-
  caddy:
-
    image: caddy:2-alpine
-
    networks:
-
      - default
-
    labels:
-
      - "caddy.*.reeseapps.com"
-
-
-
-

Reverse Proxy Infrastructure

-

Caddy and Nginx reverse proxies serving all *.reeseapps.com domains with AWS Route53 DNS-validated TLS. DDNS auto-updates IPv4/IPv6 records across the fleet.

-
-
- Caddy - Nginx - Route53 - Podman -
-
- - - -
-
-
+ +
+

Get In Touch

+

Let's connect

+

+ Always open to discussing self-hosting, infrastructure, open source, or just sharing homelab stories. +

+
+ + + Email + + + + + + + + Gitea + + + in + LinkedIn +
-
-
-
-
def update_record(domain):
-
  ipv4 = get_public_ip()
-
  record = route53.find(domain)
-
  if record.value != ipv4:
-
    route53.update(record, ipv4)
-
    log(f"Updated {domain}")
-
 
-
# Run every 5 minutes
-
-
-
-

Dynamic DNS Service

-

Automated DDNS keeping AWS Route53 records updated for all servers. Manages dual-domain strategy: reeseapps.com for public services and reeselink.com for internal machine-to-machine connections.

-
-
- Python - AWS CLI - Route53 - Podman -
-
- - - -
-
-
-
-
-
-
-
from ollama import Client
-
 
-
client = Client("http://localhost:11434")
-
response = client.chat(
-
  model="llama3",
-
  messages=[...]
-
)
-
 
-
# LiteLLM proxy for unified API
-
-
-
-

Local AI Stack

-

Complete local AI infrastructure: Ollama and LocalAI for inference, LiteLLM as a unified API proxy, Bifrost for model routing, and Langfuse for observability. Supports both CUDA and ROCm.

-
-
- Ollama - LocalAI - LiteLLM - Langfuse -
-
- - - -
-
-
-
-
-
-
-
# Ansible playbook
-
- name: Deploy Gitea
-
  hosts: gitea
-
  tasks:
-
  - docker_compose_v2:
-
    project_src: /opt/gitea
-
    state: present
-
-
-
-

Deployment Automation

-

Ansible-driven deployment pipeline with strict SOP ordering (osbuild -> ddns -> caddy -> nginx -> ntfy -> gitea). Each service runs as a rootless container with dedicated systemd user sessions and centralized BorgBackup.

-
-
- Ansible - Podman - systemd - Borg -
-
- - - -
-
-
-
-
-
-
-
# Self-hosted services
-
- Immich # Photo/video management
-
- Jellyfin # Media streaming
-
- Nextcloud # Cloud storage & sync
-
- Gitea # Git service
-
- Matrix # Chat protocol
-
- Home Assistant # Smart home
-
- Pi-hole # DNS ad blocking
-
-
-
-

Self-Hosted Services

-

A diverse fleet of self-hosted services: Immich for photos, Jellyfin for media, Nextcloud for storage, Matrix for chat, Home Assistant for IoT, and more. Each running as rootless Podman containers with SELinux awareness.

-
-
- Immich - Jellyfin - Nextcloud - Matrix -
-
- - - -
-
-
-
-
-
-
-
# Kubernetes with k3s
-
- metallb # L2 load balancer
-
- longhorn # Distributed storage
-
- traefik # Ingress gateway
-
- external-dns # Route53 integration
-
- grafana # Metrics dashboards
-
- minecraft # Game server
-
-
-
-

Kubernetes Cluster

-

k3s and k0s Kubernetes clusters with MetalLB for L2 failover, Longhorn for distributed storage, Traefik/Nginx ingress, cert-manager with Route53 DNS challenge, and Helm charts for service deployment.

-
-
- k3s - Kubernetes - Helm - MetalLB -
-
- - - -
-
-
-
-
-
+ - -
-

Get In Touch

-

Let's connect

-

- Always open to discussing self-hosting, infrastructure, open source, or just sharing homelab stories. -

-
- - - Email - - - - - - Gitea - - - in - LinkedIn - -
-
- - -
-

Trust

-

Public GPG Keys

-

- Use these keys to verify signed commits and communications. Both keys belong to Reese Wells. -

-
-
-
- 🔒 -
-

Primary Key

-

reese.wells@ducoterra.net

-
-
-
- Fingerprint: - 7FC1 B297 0011 4F4F C589 E706 5FDD CFA5 44D7 7B8C -
- 
-----BEGIN PGP PUBLIC KEY BLOCK-----
+        
+        

+            
Trust

+            
Public GPG Keys

+            

+                Use these keys to verify signed commits and communications. Both keys belong to Reese Wells.
+            

+            

+                

+                    

+                        🔒
+                        

+                            
Primary Key

+                            
reese.wells@ducoterra.net

+                        

+                    

+                    

+                        Fingerprint:
+                        7FC1 B297 0011 4F4F C589 E706 5FDD CFA5 44D7 7B8C
+                    

+                    
-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mDMEaE5XjhYJKwYBBAHaRw8BAQdAURfgqa4xpT9tTtRETfknsq8UacTcUeXd2P+N
 CmdSxw+0IVJlZXNlIFdlbGxzIDxyZWVzZUBkdWNvdGVycmEubmV0PoiPBBMWCAA3
@@ -525,20 +634,20 @@ pONgYKHcXyh0UkEKz1ufAQDKmC4MEH0My+HFiCmbgYlaZrL1kCAkhSk6SQ1D0k7S
 BQ==
 =U3eP
 -----END PGP PUBLIC KEY BLOCK-----

-             

-

-                  

-                      🔒
-                      

-                          
Git Signing Key

-                         
git@ducoterra.net

-                     

-                 

-                 

-                     Fingerprint:
-                     2FF3 619F A6CA 2A4C FA2D 3532 816E 5FE7 8271 602B
-                 

-                 
-----BEGIN PGP PUBLIC KEY BLOCK-----
+                

+                

+                    

+                        🔒
+                        

+                            
Git Signing Key

+                            
git@ducoterra.net

+                        

+                    

+                    

+                        Fingerprint:
+                        2FF3 619F A6CA 2A4C FA2D 3532 816E 5FE7 8271 602B
+                    

+                    
-----BEGIN PGP PUBLIC KEY BLOCK-----
 
 mDMEaPWJEBYJKwYBBAHaRw8BAQdAkbMCw8vlCTSyvxCnaWvFwvvlm7wW94Fgsj47
 3NeMC9a0MVJlZXNlIFdlbGxzIChHaXQgU2lnbmluZyBLZXkpIDxnaXRAZHVjb3Rl
@@ -557,30 +666,36 @@ DAAKCRCBbl/ngnFgK7kQAQDOnSYe0XO4Hw7QAAo2VhOUHvOjj4c2WSlLuIkyG4n2
 XwEAnes79w4eYeMUjIytQWACEvy4QoO7X2MLTKliSqc4Ag8=
 =9aAm
 -----END PGP PUBLIC KEY BLOCK-----

-             

-         

-     

+
+
+
- - + + - +
-