Uses

Tools, hardware, services, and infrastructure I use to build, think, and ship. The list is less about gear and more about what keeps earning a place.

Principles

Tools should make their state inspectable. If I cannot see what changed, I do not trust the automation.
Local-first wins when the data is personal, sensitive, or useful without a network.
Fast beats decorative. The best tools reduce friction without asking for attention back.
Automation should leave evidence: logs, diffs, commits, exported data, or a trail I can audit later.

Daily Drivers

The things that are open most days.

MacBook Pro 14" (2024): M4 Max, 128GB RAM, 2TB SSD.
Primary dev machine because local builds, containers, LLM tools, and browser-heavy work can all run at once without turning the day into resource management.
Ghostty: GPU-rendered terminal with zsh on a Nix-darwin managed system.
Earns the spot by disappearing. It is fast, plain, and does not make the terminal feel like an app pretending to be a terminal.
Chrome: Default browser for development, debugging, and extension work.
The DevTools ecosystem still wins. Browser choice is less ideological than practical here: I use the thing that makes web debugging fastest.
Obsidian: Local markdown notes, project context, and long-running thinking.
Local files matter. I want notes that survive product pivots, sync failures, and export flows.
1Password: Passwords, secrets, SSH agent, and secure notes.
It keeps secrets out of dotfiles and shell history, and it makes SSH key handling boring.

AI and Development

The stack shifts quickly, but these are the jobs I keep coming back to.

Codex: Primary tool for delegated implementation work.
Best when the task can be described, verified, and reviewed as a diff. I use it for scoped features, cleanup passes, tests, and PR follow-through.Public code review CLI
Claude Code: Interactive coding sessions, architecture passes, and refactors.
Strong at reasoning through a codebase while I stay in the loop. I reach for it when the shape of the work is still changing.Usage tracker
Cursor: Editor for day-to-day repo work.
It is still the fastest place for direct manipulation: inspect a file, make a surgical change, run the command, keep moving.
Kestrel: Context-aware AI desktop assistant I built. It reads screen context, records meetings, and runs MCP tools.
It exists because the assistant should understand the work in front of me without a paste ritual.Public repo
OCode: Terminal-native coding assistant I built for local, customizable codebase work.
Useful as a pressure test for what coding agents need when they are not wrapped in a polished product surface.Public repo
TypeScript, Go, Rust, Python: TypeScript for web and AI tooling, Go for backend services, Rust for performance-critical CLIs, Python for data and evaluation pipelines.
The order is pragmatic, not tribal. I pick for ecosystem fit, deployment path, and how painful the result will be to operate six months later.
AI eval tooling: Focused evaluation harnesses for prompts, model behavior, and product quality checks.
The sooner there is a test loop, the less the system depends on vibes.EvalOps

Services

GitHub: Code, review, issues, Actions, and public project distribution.
It is the shared surface for human review and agent work. The important part is not hosting code; it is keeping the evidence of change in one place.
Vercel: Hosting for this site and web projects.
The deploy path is short, previews are good, and edge functions are convenient for things like OG image generation.
Cloudflare: DNS, CDN, workers, and R2 object storage.
It is infrastructure glue: cheap, scriptable, and broad enough to replace a pile of one-off services.Workers repo
Tailscale: Mesh VPN connecting laptop, homelab, and cloud machines.
It lets me keep services private without turning networking into a weekend project every time I add a box.
Backblaze B2: Off-site backups for homelab data.
Cheap insurance. Local infrastructure is only comforting if restore paths exist outside the house.
Linear: Issue tracking for work that needs a queue.
Low ceremony, fast keyboard flow, and enough structure to hand tasks to agents or humans without writing a novel.

Network and Homelab

This setup replaced a cloud bill, but the better reason to run it is practice: networking, storage, backups, monitoring, capacity planning, and the recovery paths you only trust after testing them.

Topology

WAN
  -> Ubiquiti Dream Machine Pro Max
  -> Layer 3 Pro Max 24 PoE switch
      -> trusted / lab / media / IoT / guest / cameras VLANs
      -> 2x ASUS NUC 15 Pro+ Proxmox nodes
      -> Synology RS822+ storage
      -> cameras and access points over PoE
      -> Tailscale for private remote access

Core Decisions

Proxmox over Kubernetes: Kubernetes was too much orchestration for 15ish home services. LXC gives fast boots, per-service snapshots, resource limits, and less control-plane tax.
LXC for most services, VMs when hardware or isolation demands it: Jellyfin, Nextcloud, Paperless-ngx, monitoring, and app services fit LXC well. Proxmox Backup Server moved to a lightweight VM because direct block access matters.
Ubiquiti over pfSense or OPNsense: I wanted 10G, PoE, cameras, access points, VLANs, and usable defaults in one operational surface. The tradeoff is less low-level tinkering; I am fine with that here.
Synology over a fully DIY NAS: Storage is where I want boring. I am happy to experiment on compute, but backups and media should not depend on me enjoying ZFS maintenance that month.
Tailscale over exposed ingress: Most services are for me, not the public internet. Mesh access avoids punching holes in the firewall just to make a dashboard reachable from a hotel.

Running

Proxmox nodes: Jellyfin, Nextcloud, Paperless-ngx, Mealie, Prometheus, Grafana, Loki, GitHub Actions runner, and supporting LXC containers.
Storage: Synology handles backups, media, and security footage. The important split is compute can be rebuilt; storage needs boring retention and restores.
Network: UDM Pro Max routes, Layer 3 switch handles core switching, PoE powers cameras and APs, VLANs separate trusted devices from IoT, guests, media, and cameras.
Private access: Tailscale connects laptop, lab, and cloud machines without making internal services public.

Backups and Restore

Infrastructure is rebuilt from Git with Terraform and Ansible where practical.
Service data is backed up locally first, then important data goes off-site to Backblaze B2.
Backups are staggered instead of all running at 2 AM; backup storms caused real IO contention.
Restore tests are scheduled work, not a theoretical comfort blanket.
Security footage and media are lower priority than documents, notes, configs, and service databases.

Lessons Learned

Monitoring should be first, not a reward after everything else works.
Five VLANs on day one was over-engineering; start with trusted and untrusted, then add segmentation when the threat model is real.
Put hard memory limits on containers. One Jellyfin transcode spike should not take out Nextcloud.
Proxmox Backup Server does not belong in LXC if you care about efficient incremental backups.
Tailscale DNS inside LXC can get weird; make resolver behavior explicit and test restarts.
Dashboards are for visibility. Git is the source of truth.

Copy This If

Copy this if you want infrastructure practice, private services, and a lab that teaches production-shaped lessons.
Do not copy this if you only want Plex and a shared drive. Buy a NAS, run one mini PC, and stop there.
Start with one node, one storage target, one backup destination, and two VLANs. Add complexity only after you can restore from failure.

Desk and Hardware

Gaming PC: Ryzen 7 9800X3D, RTX 5090, 64GB RAM.
Mostly for games and GPU-heavy experiments. It is useful having a separate machine that can be loud, hot, and disposable in a way the laptop cannot.
Wooting 80HE: Hall effect keyboard with rapid trigger.
Bought for gaming, kept because typing on it feels immediate. Input latency matters more than it should.
Logitech MX Master 3: Mouse with horizontal scroll.
The horizontal wheel is the feature. Timelines, tables, traces, and wide dashboards all get better.
HiFiMAN HE1000 Stealth: Open-back planar magnetic headphones.
Good audio reduces fatigue during long work sessions. Open-back means they are for focused desk time, not airplanes.

Trying

Tools in this section have not fully earned permanence yet.

Design critique agents: MCP-driven visual review for composition, color, typography, and accessibility.
Promising because design feedback needs repeatable taste checks, not just screenshots and vibes.Public repo
PBS cloud backup experiments: Proxmox Backup Server cloud sync and related homelab backup work.
Backup tooling only matters if restores are boring. This is where I keep testing the boringness.Archived public repo
Proxmox OCI experiments: Experiments around running OCI-style workloads against Proxmox.
The question is whether homelab ergonomics can get closer to cloud deploy ergonomics without importing Kubernetes-sized overhead.Archived public repo

Retired or Demoted

A tool leaving the main list is usually about fit, not quality.

Kubernetes for the homelab: Demoted in favor of Proxmox, LXC, and simpler service boundaries.
Kubernetes is excellent when the organizational problem justifies it. For a personal lab, etcd and controller sprawl were overhead without enough return.
GUI-first infrastructure changes: Replaced by Git, Terraform, Ansible, and reviewed diffs wherever possible.
Clicks are hard to review, hard to replay, and easy to forget. I still use dashboards, but not as the source of truth.
One-model setups: Replaced by routing work to the model or tool that fits the task.
Claude, Codex, Gemini, local models, and deterministic tools all have different shapes. Treating them as one interchangeable assistant leaves performance on the table.