HeckIT.dev logo

Projects

A living portfolio of experiments, from blinking LEDs to full enterprise stacks.

Enterprise Homelab

In Progress

Windows like enterprise stack on Debian/Proxmox with zero trust access.

ProxmoxMikroTikpfSenseFreeIPAAnsibleCloudflare Tunnel
  • VLAN segmentation for DMZ, Infra, Clients, IoT
  • Zero inbound; admin plane over VPN only
  • Selected admin UIs gated by Cloudflare Access MFA
View

Proxmox + Cloudflare Zero Trust

Active

Secure remote Proxmox management via Cloudflare Tunnel (pve.heckit.dev) with Access MFA.

ProxmoxCloudflare TunnelCloudflare Access
  • Per app Access policy with identity challenge

GNS3 VLAN + Inter VLAN Routing Lab

Completed

Cisco + Aruba switches with pfSense firewall for routed VLANs and policy filtering.

GNS3Cisco IOSvL2ArubaOS CXpfSense
  • DHCP per VLAN; routed access via pfSense
  • Resolved ICMP to default gateway with ACL + rule audit

Lumenoxic LED Art

Active

Interactive LED installations using FastLED with wireless control and on device UI.

FastLEDESP8266/ESP32OLED UI
  • Animations with palette blending
  • UI on microcontroller no laptop required
View

Nextcloud Personal Cloud

Active

Self-hosted platform for private file sharing, photo storage, and calendar collaboration — a secure, privacy-focused alternative to commercial clouds.

Nextcloud
  • Shared photo galleries and documents through private user accounts
  • Collaborative calendar sharing and integrated password vault
  • Object storage backend for durable and scalable media storage
View

Build a Modern Website on a Minimal Budget

Active

Next.js + Tailwind on Vercel with Cloudflare DNS for a fast, secure site you can host for about $12 per year.

Next.jsTailwind CSSVercelCloudflareUmami
  • Modern stack built collaboratively with ChatGPT for efficiency and simplicity
  • Zero-cost hosting on Vercel’s free tier; domain-only expense
  • Cloudflare DNS with HTTPS, caching, and CDN security features
  • Responsive design, accessible UI components, and clean typography
  • Privacy-friendly analytics via Umami (no cookies, no tracking bloat)
View

Remote ID Drone Detector (DIY)

Planned

Low cost receiver for FAA Remote ID using SDR with real time map and alerts.

SDR (Software-Defined Radio)ESP32Python
  • Decode RID beacons; parse and display telemetry
  • Local alerting; optional privacy respecting map

FreeIPA Identity & SSO

Planned

Centralized auth for Linux services with Kerberos/LDAP; exploring Windows trust for mixed env.

FreeIPAKerberosLDAP
  • SUDO, HBAC, and SSH key distribution via IPA
  • Service accounts + host enrollment workflow

LAN Print Server (CUPS + Samba)

Planned

Network print service for mixed clients via CUPS/IPP with SMB sharing, isolated on IoT VLAN.

DebianCUPS (IPP)Samba (SMB)Avahi/mDNS
  • IPP Everywhere for driver light setup; Bonjour/mDNS discovery
  • Samba share for legacy Windows clients; per user ACLs
  • Printer isolated on IoT VLAN; egress-only rules to print host

Privacy First Apartment Cameras

Planned

Vendor free, local only IP cams with segmented VLAN access and encrypted remote viewing.

Reolink (local)WireGuardReverse Proxy
  • Cameras isolated on IoT VLAN with egress controls
  • Remote access via WireGuard + HTTP auth proxy

Uptime Kuma + Prometheus + Grafana

Planned

Observability for homelab services and network endpoints.

Uptime KumaPrometheusGrafana
  • HTTP/DNS/ICMP probes with alerts
  • System metrics and dashboards per service