What We Actually Do

Self-Hosted LLM Deployment

Running language models on your hardware. Open WebUI, LM Studio, and Ollama on bare-metal or virtualized hosts. RAG pipelines with Qdrant or ChromaDB. Inference stays on-premises — no API calls leaving your network.

Linux Systems Architecture

RHEL, Rocky Linux, Ubuntu Server, Proxmox VE, and VMware vSphere. Storage with TrueNAS (ZFS). SELinux hardening, user/group management, and ongoing maintenance. Systems designed to be operated, not just installed.

Infrastructure Automation

Ansible playbooks for repeatable deployments. Docker Compose and Kubernetes for containerized workloads. CI/CD pipelines with GitHub Actions. Infrastructure-as-code that your team can read, version, and own.

Network Design & Monitoring

OPNsense firewalls, VLAN segmentation, WireGuard VPNs. Grafana dashboards backed by Prometheus and Loki. Alertmanager for on-call routing. Networks built to be observable from day one, not retrofitted later.

Data Pipelines & Civic Tech

Python-based ETL pipelines. FastAPI backends with SQLite or PostgreSQL. Cloudflare Pages for static front-ends. SHA256 hash chains for audit integrity. Projects built for transparency and correctness, not scale-up narratives.

Tools We Actually Use

AI / LLM

  • Ollama
  • LM Studio
  • Open WebUI
  • Qdrant
  • ChromaDB
  • LangChain
  • RAG pipelines

Automation

  • Ansible
  • Docker / Compose
  • Kubernetes
  • Helm
  • Terraform
  • GitHub Actions

Systems

  • RHEL / Rocky Linux
  • Ubuntu Server
  • Proxmox VE
  • VMware vSphere
  • TrueNAS (ZFS)
  • SELinux

Network

  • OPNsense
  • pfSense
  • WireGuard
  • NGINX
  • Cloudflare
  • VLANs / 802.1Q

Observability

  • Grafana
  • Prometheus
  • Loki
  • Alertmanager
  • Uptime Kuma
  • Node Exporter

Development

  • Python
  • FastAPI
  • Bash / YAML
  • SQLite / PostgreSQL
  • Semgrep CE
  • JavaScript

Things We've Built

GroundTruth

groundtruth.ca ↗

Civic accountability platform correlating environmental sensor readings and health metrics with municipal and federal policy decisions. Record integrity via SHA256 hash chain. Designed to be auditable, not just searchable.

Python SQLite Cloudflare Pages SHA256 ledger

DiscordGuard

Firefox-first browser extension for family network content filtering. Community-maintained blocklists. No cloud calls, no telemetry, no account required. Runs entirely client-side.

Firefox extension JavaScript content filtering blocklists

SuperPowersWUI

Agentic development workflow with self-improving validation loops. Integrates CodeGuard static analysis and Semgrep CE security scanning. Catches regressions before they ship rather than after.

Python Semgrep CE CodeGuard agentic workflow

Get in Touch

Email is the best way to reach us. Describe what you're working on and we'll respond within a business day.

info@helpdeskpro.ca