Systems & Infrastructure

Jonathan
Funk

Self-taught systems generalist. I build things to understand them, then keep building until they're useful.

About

I spent seven years as a tattoo artist — building a small business, developing an eye for precision, and quietly learning every system that touched the operation. The IT work was always more interesting.

DNS, networking, Linux administration, and infrastructure got their hooks in me early. Now that's where I work full-time. I run Arch Linux as my daily driver, maintain a home lab that I actually use, and approach systems the way I approached tattooing: with patience, documentation, and a low tolerance for guesswork.

Outside of tech — ukiyo-e prints, Korean cooking, Go (the board game). My aesthetic sensibilities inform how I think about structure and detail more than you'd expect.

Home Lab
Active Directory Domain Windows Server Core

Full AD domain (mooklaw.local) built entirely via PowerShell — no GUI. Organizational units, security groups, user provisioning, SMB shares, and layered NTFS permissions applied and tested against real access scenarios.

powershell · AD DS · group policy · SMB/NTFS

TacticalRMM Remote Monitoring & Mgmt

Self-hosted on a QEMU/KVM Debian VM. Configured remote agent monitoring, alerting, and script automation across Windows and Linux endpoints. Resolved QEMU NAT/WiFi bridging constraints and socat proxying to get the stack reachable externally.

QEMU/KVM · debian · socat · NAT bridging

Wildcard SSL / DuckDNS DNS · PKI

Issued and automated renewal of wildcard TLS certs using Let's Encrypt ACME DNS-01 challenge via certbot-dns-duckdns. Managed TXT record propagation, certificate deployment, and renewal hooks.

certbot · ACME DNS-01 · TXT records · DuckDNS

WireGuard VPN Networking

Configured WireGuard with a UFW killswitch for secure remote access. Managed peer keys, allowed IPs, and firewall rules on Linux hosts. Guest network segmentation applied to isolate point-of-sale traffic in real small-business environments.

wireguard · UFW · NAT · iptables

osTicket Helpdesk

Deployed and administered for internal request tracking. Configured SLA rules, ticket queues, staff assignments, and email piping. Used in practice, not just installed and forgotten.

osticket · LAMP stack · email piping · SLA

Arch Linux / Sway Daily Driver

Not a VM — my main machine. Libreboot hardware, Sway WM, fully configured from scratch. Python and Bash scripting for automation, API integrations, and workflow tooling. The environment teaches you something new every week whether you want it to or not.

arch linux · sway · libreboot · python · bash

Skills

Networking & DNS

  • A, CNAME, MX, TXT, SPF records
  • ACME / DNS-01 challenges
  • Network segmentation
  • WireGuard VPN
  • NAT, iptables, UFW
  • CUPS / printing

Systems

  • Linux — Arch, Debian (daily)
  • Windows Server Core
  • Active Directory / PowerShell
  • QEMU / KVM
  • Docker
  • SMB / NTFS permissions

Support & Tooling

  • TacticalRMM
  • osTicket
  • Vagaro / POS systems
  • Remote & on-site support
  • Documentation

Development

  • Python (scripting, automation)
  • Bash
  • Git
  • MongoDB
  • Next.js / React
  • PostgreSQL
Contact

Get in touch.

Email jfunk@jfunk.dev LinkedIn linkedin.com/in/jonathanfunk