Mini infrastructure Debian built in VirtualBox to practice real-world basics:
- Router with NAT + nftables firewall
- SSH bastion (single entrypoint) using ProxyJump
- Storage server with RAID1 (mdadm) + LVM and persistent mount
- NFSv4 and Samba shares (Linux/Windows)
- Permissions hardening (SGID, sticky bit, ACL, immutable files)
- Automated backups with restore validation
- Infra hygiene: persistent logs (journald), NTP (chrony), basic CLI monitoring
Host-Only LAN: 192.168.56.0/24
gw-bastion (192.168.56.10)
- NAT router (WAN: NAT adapter, LAN: Host-Only)
- nftables default-drop firewall
- SSH bastion (keys-only)
srv-storage (192.168.56.11)
- RAID1 (mdadm) + LVM
- Mounted data volume under /srv/storage
- NFSv4 and Samba exports
- Backup target and automation
cli-client (192.168.56.12)
- Administration and testing workstation
- Git repository and documentation
configs/ Versioned configuration files (sanitized, no secrets)
scripts/ Automation scripts (backup, monitoring)
docs/proofs/ Short command outputs used as evidence of each milestone
docs/decisions/ Design choices and small notes (why a setting was chosen)
- No passwords, private keys or sensitive material are committed.
- Local credential helpers (if any) must stay untracked and ignored via .gitignore.