Network infrastructure
Self-hosted network and observability infrastructure. Multi-region WireGuard VPN, observability stack, alert routing.
VPN platform
- Multi-region WireGuard VPN.
- Obfuscation layer for restricted-network environments.
- VPN protocol experience across WireGuard, AmneziaWG, and xray-core (VLESS+Reality) — multiple generations evaluated for restricted-network operation.
- Production deployments across multiple geographies.
Provisioning & configuration
- Terraform for cloud-resource provisioning (DigitalOcean, AWS).
- Ansible playbooks for server-side configuration management.
- Per-region extension branches for jurisdiction-specific configuration.
Observability
- Self-hosted Prometheus + Alertmanager + Grafana stack.
- Loki for log aggregation.
- Per-service dashboards.
Edge and proxying
- Cloudflare proxy for DNS, SSL termination, edge cache.
- Nginx as reverse proxy.
- Let's Encrypt certificate automation via Certbot.
Tech stack
WireGuardAmneziaWGxray-core (VLESS+Reality)sing-boxHysteria2LinuxNginxCaddyCloudflareCloudflare WorkersWranglerTerraformAnsibleDigitalOceanAWSDockerOpenWrtPrometheusAlertmanagerGrafanaLokiPinoCertbot