blackroad-os/alexa-amundson-resume
9
0
Fork 0
mirror of https://github.com/blackboxprogramming/alexa-amundson-resume.git synced 2026-03-18 06:34:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
faa680f831fe1ebfdb8f6f3cc268ed109920f33a
alexa-amundson-resume/roles/13-network-engineer.md
Alexa Amundson ec7b1445b5 kpi: auto-update metrics 2026-03-13 
RoadChain-SHA2048: c645c1292ab1555e
RoadChain-Identity: alexa@sovereign
RoadChain-Full: c645c1292ab1555ebe6982915536d1c94701ff6bb16c20ed6ef4144eb50c9f984b4bfe5b9902109e8defd958d6be43ced8ec11cf95d6241536cd4da0b75f8fb48cbeb1b9f450c8f665b73d39e837d23e73e2ba4201af4dc40c02a34283efb04b39c612083465536f194f16adfadb1b56f714a65b918f40750f54eebf7724236861de173ec31963ff3b1b988d712be7e5acc3fe391eb804d3fdcfb9ccf77afc732660d23fff801f894318327eabf775eb4f4e67f7f22d07f23b0e17f6594cfe95b83b275fb7baaa97115e86562604fc5b47cc8024574b61396924e0ee2b7e454b0a1480c3076c7ad72408ceb4a75360d2d49c7d805c37ac5315af00e4a8ca2262
2026-03-13 23:16:12 -05:00

2.0 KiB
Raw Blame History

Alexa Amundson

Network Engineer

amundsonalexa@gmail.com | github.com/blackboxprogramming

Summary

Connecting 7 nodes across 3 physical locations with zero open ports. Built a multi-layer network: WireGuard mesh for encryption, Cloudflare tunnels for zero-trust access, RoadNet WiFi mesh for local coverage, and Pi-hole DNS for control.

Experience

BlackRoad OS | Founder & Network Engineer | 2025Present

The Layers: Defense in Depth

  • Layer 1 — WireGuard mesh VPN (10.8.0.x): encrypted tunnels between all nodes. Every packet between nodes is encrypted, period
  • Layer 2 — Cloudflare tunnels (4 active): 48+ domains routed to fleet with zero open ports. External traffic never touches a public IP
  • Layer 3 — Tailscale overlay (9 peers): management access from anywhere. MagicDNS for node resolution. Exit nodes for remote debugging
  • Layer 4 — RoadNet WiFi mesh: 5 APs on non-overlapping channels, 5 subnets, NAT, auto-failover — local devices talk to fleet directly

The DNS: Names, Not Numbers

  • Pi-hole for ad blocking and local DNS resolution. PowerDNS Docker for custom authoritative zones
  • Custom DNS zones: .cece, .blackroad, .entity, .soul, .dream — edge services discoverable by domain name within the network
  • 48 Nginx reverse proxy sites with health checking — each domain routes to the right backend on the right node

Technical Skills

WireGuard, Tailscale, Nginx, Cloudflare Tunnels, Pi-hole, PowerDNS, UFW, iptables

Metrics

Metric Value Source
Nginx Sites live services.sh — /etc/nginx/sites-enabled via SSH
Tailscale Peers live services.sh — tailscale status via SSH
Fleet Nodes live fleet.sh — SSH probe to all nodes
CF Pages live cloudflare.sh — wrangler pages list
Net Connections live services.sh — ss -tun via SSH
Systemd Services live services.sh — systemctl list-units via SSH
Reference in New Issue View Git Blame Copy Permalink