{{define "title"}}Projects — Ridgway Systems{{end}}
{{define "meta-desc"}}Infrastructure projects and builds by Blake Ridgway — homelab, monitoring systems, security tooling, and more.{{end}}

{{define "content"}}
<div class="projects-page">
  <div class="page-header">
    <h1>Projects</h1>
    <p class="page-desc">Things built, broken, and rebuilt.</p>
  </div>

  <div class="project-list">

    <div class="project-item">
      <div class="project-header">
        <h2 class="project-title">ridgwaysystems.org</h2>
        <div class="project-tags">
          <span class="tag">Go</span>
          <span class="tag">OpenBSD</span>
          <span class="tag">self-hosted</span>
        </div>
      </div>
      <p>This site. A single Go binary serving a blog, status page, hire page, and admin panel &mdash; no database, no Docker, no external dependencies at runtime. Flat Markdown files on disk, HMAC-signed sessions, chroma syntax highlighting. Deployed on OpenBSD behind relayd. The build log covers the whole thing.</p>
      <div class="project-links">
        <a href="/blog">Build log &rarr;</a>
        <a href="https://git.ridgwaysystems.org">Source &rarr;</a>
      </div>
    </div>

    <div class="project-item">
      <div class="project-header">
        <h2 class="project-title">Policy-as-Code Firewall Framework</h2>
        <div class="project-tags">
          <span class="tag">pf</span>
          <span class="tag">IaC</span>
          <span class="tag">security</span>
        </div>
      </div>
      <p>A policy-as-code system for managing pf firewall rules across multiple OpenBSD hosts. Rules defined in structured configuration, rendered to pf.conf via templating, with automated geo-location blocking and rule validation before deployment. Deployed at Triangle Insurance to manage ~200 rules across three firewall segments.</p>
      <div class="project-links">
        <a href="/blog/pf-vlans">Related post &rarr;</a>
      </div>
    </div>

    <div class="project-item">
      <div class="project-header">
        <h2 class="project-title">ISP Network Monitoring</h2>
        <div class="project-tags">
          <span class="tag">Prometheus</span>
          <span class="tag">Grafana</span>
          <span class="tag">Go</span>
        </div>
      </div>
      <p>Custom Prometheus exporter that continuously measures ISP throughput, latency, and packet loss across multiple WAN connections. Exports to Grafana for real-time dashboards and alerting. Replaced manual speed tests that only caught outages after users complained. Cut time-to-detect WAN degradation from hours to minutes.</p>
    </div>

    <div class="project-item">
      <div class="project-header">
        <h2 class="project-title">Homelab Infrastructure</h2>
        <div class="project-tags">
          <span class="tag">OpenBSD</span>
          <span class="tag">Ansible</span>
          <span class="tag">Terraform</span>
          <span class="tag">homelab</span>
        </div>
      </div>
      <p>The homelab: fw01 running OpenBSD with pf and WireGuard, two Dell rack servers, VLAN-segmented network (management, servers, IoT, guest), self-hosted Gitea, Matrix, Jellyfin, Prometheus, and Grafana. Fully documented, IaC'd where possible, and used as a test bed before anything touches production.</p>
      <div class="project-links">
        <a href="/infrastructure">Infrastructure diagram &rarr;</a>
        <a href="/uses">What I run &rarr;</a>
      </div>
    </div>

    <div class="project-item">
      <div class="project-header">
        <h2 class="project-title">Zero-Touch Provisioning System</h2>
        <div class="project-tags">
          <span class="tag">PXE</span>
          <span class="tag">Ansible</span>
          <span class="tag">automation</span>
        </div>
      </div>
      <p>PXE boot + Ansible-based provisioning pipeline for deploying standardized workstation images across Air Force Training bases. Reduced per-machine setup time by 75% and eliminated configuration drift between deployments. Machines boot, pull config from the server, and are production-ready without a human touching them after the initial PXE boot.</p>
    </div>

  </div>
</div>
{{end}}