Pablo Bondesio
Home Assistant logo Home Assistant MQTT logo MQTT Espressif (ESP32) logo Espressif (ESP32) Shinobi logo Shinobi Proxmox logo Proxmox TrueNAS logo TrueNAS OpenVPN logo OpenVPN Windows logo Windows Linux logo Linux Red Hat logo Red Hat Ansible logo Ansible Apple logo macOS Veeam logo Veeam Dell logo Dell Zigbee logo Zigbee Home Assistant logo Home Assistant MQTT logo MQTT Espressif (ESP32) logo Espressif (ESP32) Shinobi logo Shinobi Proxmox logo Proxmox TrueNAS logo TrueNAS OpenVPN logo OpenVPN Windows logo Windows Linux logo Linux Red Hat logo Red Hat Ansible logo Ansible Apple logo macOS Veeam logo Veeam Dell logo Dell Zigbee logo Zigbee

Senior IT Consultant · 20+ years

Infrastructure, automation, and security you can trust.

I design and operate resilient systems: virtualization and storage platforms, secure remote access, monitoring, backups, and local-first automation—validated daily in my production-grade homelab.

What I deliver Proof of work
Core stacks
Proxmox · VMware/vCenter · TrueNAS · Linux/Windows
Focus
Local-first · Automation · Hardening · Backup/DR
Primary services
This is what clients usually come to me for first.

Home Assistant (local-first)

Design, recovery, and local-first integrations that work offline.

Alarm systems for motorhomes and homes

Intrusion + safety detection with secure remote access.

Security cameras with Shinobi

Local recording, retention, and optional offsite backup.

Reference architecture
A real environment I maintain, harden, and automate.
Diagram showing edge access through VPN and reverse proxy, core virtualization, storage, backups, automation and monitoring, and local-first IoT telemetry.
Public-facing materials are anonymized: no internal IPs, secrets, or customer identifiers.
Portrait of Pablo Bondesio Ruiz

Who I am

Pablo Bondesio Ruiz

Senior IT Consultant · Infrastructure, Automation & Security

I’m an IT consultant based in Reus, Spain, with 20+ years across enterprise IT: Windows and Linux administration, virtualization, storage, backups, monitoring, and automation. I’ve supported everything from datacenter operations to large-scale VMware environments and modern homelabs.

My current focus is local-first, resilient systems—especially Home Assistant, smart security for homes and RVs, and camera platforms like Shinobi. I build solutions that keep running without cloud dependencies, with clear runbooks and reliable recovery paths.

Fluent in Spanish, Catalan, and English. Comfortable leading teams, documenting processes, and shipping systems that are maintainable long after handoff.

LinkedIn Professional profile

Windows Server Linux VMware Proxmox TrueNAS Home Assistant Automation

Homelab as a living portfolio

This isn’t a toy setup: it’s an integrated environment where I validate architecture choices, hardening, backup strategies, and automation before applying the same discipline for clients.

Core compute

Virtualization platforms running production services and automation workloads.

  • Proxmox for VM/LXC operations
  • VMware/vCenter experience and interoperability mindset

Storage backbone

TrueNAS-backed storage exported to compute and application layers.

  • NFS storage for application data and backups
  • Practical permission models and predictable mount conventions

Backup and recovery

Proxmox Backup Server with restricted access and scheduled jobs.

  • Key-only SSH policies and tight firewalling on management ports
  • Repeatable backup jobs for critical datasets

Secure edge

Minimal exposure model: reverse proxy, VPN, log-based banning, and safe admin access.

  • Reverse proxy segmentation (admin paths restricted)
  • fail2ban jails based on real access logs (401/403 patterns)

Local-first smart home & telemetry

MQTT-centric integrations, designed to survive internet outages.

  • BLE → MQTT → Home Assistant → ESP32 dashboards
  • Headless services with auto-recovery goals

Surveillance + media

Local recording first; optional offsite backup as a second layer.

  • RTSP-based recording (no reliance on vendor cloud)
  • Backup sync via rclone to cloud storage / Nextcloud

Capabilities snapshot

What you can rely on me for, end-to-end—from design to day-2 operations.

Infrastructure

Linux (Debian/Armbian) Windows Server Proxmox VE VMware/vCenter TrueNAS NFS/SMB systemd

Security & access

SSH hardening Key-only auth 2FA/TOTP UFW nftables fail2ban Reverse proxy (Caddy) OpenVPN VLANs

Automation & observability

Ansible PowerShell Grafana Bash systemd timers Log-driven security controls Runbooks Change control

Local-first IoT

MQTT Home Assistant BLE Zigbee ESP32 Tuya (local patterns) Telemetry pipelines
Experience (CV)

Windows & Linux operations

Hands-on experience in enterprise environments, from directory services to automation and monitoring.

Windows Server & Microsoft stack

  • Active Directory: users, groups, OUs, trusts, sites, replication, RODC
  • GPO design, NTFS/share permissions, RBAC
  • DNS/DHCP, SCCM, WSUS, Exchange, Microsoft 365
  • PowerShell automation (bulk provisioning, reporting)
  • Ansible automation for cross-platform tasks (WinRM/SSH)
  • Veeam + Avamar backup tooling

Linux, virtualization & datacenter ops

  • Debian/Ubuntu administration, systemd services, Bash automation
  • Ansible playbooks for provisioning and patching
  • VMware vCenter/ESXi/vSAN, Proxmox, KVM
  • Storage: NFS, VMFS/iSCSI, RAID planning
  • Monitoring: SolarWinds Orion, Nagios; hardware health (iLO/iDRAC)
  • Datacenter operations (AWS): hardware, networking, cabling

Selected implementations

Real solutions built with maintainability in mind. Details are anonymized for safety.

Secure edge publishing for internal services

Reverse-proxied applications with protected admin endpoints, log-based banning, and strict SSH access controls.

  • Caddy reverse proxy, structured access logs
  • fail2ban filters and jails tuned to the proxy layer
  • Key-only SSH, restricted source IPs, and hardened configs

Backup platform with tight access policy

Proxmox Backup Server with restrictive firewall rules and scheduled backups for critical data paths.

  • Key-based auth with root restrictions
  • nftables policy: management access only from a jump host
  • Repeatable backup schedules for data sets and exports

Local-first surveillance recording and backups

RTSP-based camera recording to local storage, with optional rclone synchronization for offsite resilience.

  • Local recording independent of vendor cloud
  • Automated updates and logs for operational traceability

Automation pipelines for day-to-day ops

Headless scripts and timers for consistent operations: upgrades, sync jobs, notifications, and service lifecycle management.

  • systemd timers for scheduled maintenance
  • PowerShell automation integrating monitoring systems
  • Documented workflows: develop locally, deploy safely

Backup posture hardening

Backup server locked down with key-only access and strict firewall rules around management ports.

  • Least-privilege network exposure
  • Repeatable backup schedules for critical datasets

Reverse proxy + bans on real signals

Edge protection using structured access logs to drive automated bans and reduce noise.

  • fail2ban filters matching 401/403 patterns
  • Admin paths restricted by source and policy

Local-first IoT telemetry

BLE data collected and published to MQTT, consumed by Home Assistant, visualized on ESP32 dashboards.

  • Headless services designed for recovery
  • Cloud-free live operation
What I offer

Services

Engagements that produce measurable outcomes, clear documentation, and maintainable operations.

Home Assistant logo Home Assistant MQTT logo MQTT Espressif logo Espressif Shinobi logo Shinobi Proxmox logo Proxmox TrueNAS logo TrueNAS OpenVPN logo OpenVPN Windows logo Windows Linux logo Linux Red Hat logo Red Hat Ansible logo Ansible Apple logo macOS Veeam logo Veeam Dell logo Dell Zigbee logo Zigbee
Virtualization & platform ops

Proxmox builds, migrations, and automation-friendly virtual machine and container lifecycles.

I deliver clean host layouts, templates, patch plans, and predictable operations so your stack scales without surprises.

Workflow

  1. Baseline hardening, key-only SSH, and firewall policy.
  2. Template creation for consistent virtual machine and container provisioning.
  3. Monitoring hooks and service runbooks for day-2 ops.
Storage, backups & recovery

TrueNAS-backed storage with tested restore workflows.

Storage and backups are designed for recovery, not just for retention. I build the data paths, permissions, and backup cadence around real restore tests.

Workflow

  1. Define datasets and export strategy for network shares.
  2. Implement backup schedules and retention policy.
  3. Validate restores and document recovery steps.
Network security & remote access

Minimal exposure with secure remote access, reverse proxy, and log-driven bans.

Secure access patterns with strict SSH policy, reverse proxy segmentation, and automated blocking from real access logs.

Workflow

  1. Define ingress and trusted networks.
  2. Deploy secure remote access and reverse proxy with hardened headers.
  3. Configure fail2ban filters and monitor events.
Monitoring & automation

Visibility, alerting, and unattended automation for daily operations.

I automate repetitive work with scheduled timers and scripts, and integrate monitoring so issues are detected early.

Workflow

  1. Define monitoring scope and alert thresholds.
  2. Automate provisioning and patching with Ansible playbooks.
  3. Build scripts for patching, sync jobs, and notifications.
  4. Document operational steps for handoff.
Self-hosted apps & documentation

Deployment, hardening, and runbooks for long-term maintenance.

I deploy internal services, harden access paths, and deliver documentation so the system remains maintainable long after handoff.

Workflow

  1. Install and secure the application stack.
  2. Create backups, update plans, and recovery steps.
  3. Provide runbooks and change-control notes.
Custom websites & online stores

100% tailored design, admin tools, multilingual content, and reliable hosting.

I build bespoke websites and storefronts you own end-to-end: custom UI, admin tools for content and products, multilingual support, and email integrations. A recent example is a paintings storefront with admin user management, bulk actions, verification tokens, email settings, and manual locales with a cookie-driven language selector.

Workflow

  1. Define goals, content model, and UX flow (catalog, product details, admin operations).
  2. Design and build a fully custom UI plus admin features (create/edit, bulk actions).
  3. Set up multilingual content and reliable email delivery.
  4. Deploy on Proxmox containers with a system service and reverse proxy.
  5. Document operations, updates, and recovery steps.

How I work

Reliable outcomes come from repeatable process and clear operational ownership.

Local-first by default

Design systems that keep working without external dependencies. Use cloud only as an optional layer for backups and replication.

Security as a baseline

Harden SSH and admin surfaces, apply principle of least privilege, and use log-driven controls like fail2ban and rate limiting.

Operate what you build

Deliver runbooks, sane alerts, and automation for patching and backups—so the system remains maintainable long after handoff.

Want this level of discipline in your environment?

I can help you design, harden, migrate, document, and automate your infrastructure—whether it’s a homelab, a small business, or a growing production stack.

Back to top

Contact

If you want to discuss a project, I’ll share the right contact channels and references on request.