about production lab skills contact [ resume ]

> systems & infrastructure

Jonathan
Funk

Self-taught systems generalist. I build things to understand them, then keep building until they're useful.

LOCATION
Philadelphia, PA
EMAIL
jfunk@jfunk.dev
GITHUB
github.com/jt-funk
LINKEDIN
linkedin.com/in/jonathan-funk
CERTIFICATIONS
CompTIA A+ — Aug 2026
CompTIA Security+ — Dec 2026
PRODUCTION
jfunk.ink — live
ABOUT

I spent seven years as a tattoo artist — building a small business, developing an eye for precision, and quietly learning every system that touched the operation. The IT work was always more interesting.

DNS, networking, Linux administration, and infrastructure got their hooks in me early. Now that's where I work full-time. I run Arch Linux as my daily driver, maintain a home lab I actually use, and approach systems the way I approached tattooing: with patience, documentation, and a low tolerance for guesswork.

I recently built and deployed a full self-hosted infrastructure stack for my business — booking, CRM, workflow automation, consent form collection — all running in production on a VPS I manage. That stack is documented below.

PRODUCTION
jfunk.ink — Production Infrastructure ● LIVE

Self-hosted business infrastructure running on a Hetzner VPS. Cal.com for booking, Twenty CRM for contact management, n8n for workflow automation, Formbricks for consent form collection, PostgreSQL and Redis as the data layer — all containerized with Docker Compose behind Caddy reverse proxy with automated TLS. Everything talks to everything else.

docker composecaddycal.com n8ntwenty crmpostgresql redisformbrickshetzner vps let's encrypt
Automated Client Intake Pipeline Workflow Automation

End-to-end automation built on n8n: booking confirmation emails, 24hr pre-appointment consent form delivery, and consent form data written back to CRM on an hourly schedule. Dedup logic uses GraphQL to check existing notes before writing — idempotent runs, no duplicate records regardless of how many times the sync fires.

n8nwebhooksgraphql rest apinode.jsidempotency
jfunk.ink — Client-Facing Site ● LIVE

Portfolio and booking site served as static HTML from the VPS. Mobile-responsive, age-gated with DOB verification, Cal.com booking iframe embedded and themed. Masonry photo gallery with lightbox. No framework, no build step — just Caddy serving files.

html/css/jscaddycal.com mobile-responsiveage verification
HOME LAB
Active Directory Domain — mooklaw.local Windows Server Core

Full AD domain built entirely via PowerShell — no GUI. Organizational units, security groups, user provisioning, SMB shares, and layered NTFS permissions applied and tested against real access scenarios.

powershellAD DSgroup policySMB/NTFS
TacticalRMM Remote Monitoring & Management

Self-hosted on a QEMU/KVM Debian VM. Configured remote agent monitoring, alerting, and script automation across Windows and Linux endpoints. Resolved QEMU NAT/WiFi bridging constraints and socat proxying to get the stack reachable externally.

QEMU/KVMdebiansocatNAT bridging
Wildcard SSL / DuckDNS DNS · PKI

Issued and automated renewal of wildcard TLS certs using Let's Encrypt ACME DNS-01 challenge via certbot-dns-duckdns. Managed TXT record propagation, certificate deployment, and renewal hooks.

certbotACME DNS-01TXT recordsDuckDNS
WireGuard VPN Networking

Configured WireGuard with a UFW killswitch for secure remote access. Managed peer keys, allowed IPs, and firewall rules on Linux hosts. Guest network segmentation applied to isolate point-of-sale traffic in real small-business environments.

wireguardUFWNATiptables
osTicket Helpdesk

Deployed and administered for internal request tracking. Configured SLA rules, ticket queues, staff assignments, and email piping. Used in practice, not just installed and forgotten.

osticketLAMP stackemail pipingSLA
Arch Linux / Sway Daily Driver

Not a VM — my main machine. Libreboot hardware, Sway WM, fully configured from scratch. Python and Bash scripting for automation, API integrations, and workflow tooling.

arch linuxswaylibrebootpythonbash
SKILLS
INFRASTRUCTURE
Docker · Docker Compose
Caddy · Nginx
Linux — Arch, Debian
QEMU / KVM
WireGuard VPN
SSH · UFW · iptables
WINDOWS & AD
Windows Server Core
Active Directory
PowerShell
Group Policy
SMB / NTFS permissions
User & OU provisioning
NETWORKING & DNS
A · CNAME · MX · TXT · SPF
ACME / DNS-01 challenges
Network segmentation
NAT · socat
CUPS / printing
VPN configuration
PLATFORMS
Cal.com · n8n
Twenty CRM · Formbricks
TacticalRMM · osTicket
PostgreSQL · Redis
Hetzner VPS
Vagaro / POS systems
SCRIPTING & WEB
Bash · Python
JavaScript (Node.js)
HTML / CSS
REST APIs · GraphQL
Webhooks
Git
SUPPORT & TOOLS
Remote & on-site support
Ticket management
Documentation
Client communication
Endpoint monitoring
Script automation
CONTACT
EMAIL jfunk@jfunk.dev GITHUB github.com/jt-funk LINKEDIN linkedin.com/in/jonathan-funk PORTFOLIO jfunk.ink RESUME jonathan_funk_resume.docx