IT
Linux • open-source • networks • servers • programming and scripting
Data, operations and people’s time have value. When IT stops, it is not just a technical problem - work, business and company history stop with it. I design and operate infrastructure that makes technical and financial sense: protected data, regular backups, fast recovery and reasonable costs, including licences where appropriate.
This is not just about installing software. The important part is that people can work, data stays safe, outages do not last longer than necessary and costs make sense. For almost every operational problem or unusual requirement, there is a sensible solution to look for - from servers, networks and backups through CCTV, access control and GPS tracking to automation, web/intranet applications, helper scripts and monitoring. The key is to understand the operation, not just deploy another box or service.
A server should not be a black box that stops the organization for days when it fails. I design environments so services can be separated, backed up, versioned and restored quickly when something goes wrong. Technically this usually means Proxmox VE, Proxmox Backup Server, snapshots, incremental backups, HA scenarios, VMs and containers.
Users should not deal with ten passwords, and administrators should not manage access separately in every place. The goal is clear account, permission and data management. Technically this means Samba AD, LDAP, shared data, file recycle bins, file versions and user/group permissions.
People expect cloud convenience: web access, mobile access, file sharing and document editing. This can also be built on your own storage and connected to existing accounts, permissions and network shares. Technically this can use Nextcloud, OnlyOffice, external Samba storage, mobile access, a web UI and integration with the existing environment.
E-mail should be delivered reliably, filter junk and avoid ending up in spam because of poor configuration. A mail server is an operational service, not a one-time installation. Technically this means Postfix, Dovecot, Rspamd, Sieve, DKIM, SPF, DMARC, ARC, SRS, antivirus checks and domain management.
When the network misbehaves, users usually just see that “the internet” or “the system” does not work. The real cause may be topology, Wi‑Fi, routing, VLANs, firewall rules or a congested link. Technically this means MikroTik, UniFi, switches, VLANs, routing, firewalling, QoS, wireless and fibre routes.
The cheapest problem is the one you know about before it stops operations. Monitoring helps detect full disks, service outages, degraded connectivity and suspicious states early. Technically this means Nagios, custom plugins, logging, graphs, service maps, automated checks and scripts.
A well-designed firewall is not only about blocking traffic. It separates network parts, reduces unnecessary risk, protects services from brute-force attempts and still keeps normal work usable. Technically this can mean nftables, fail2ban, MikroTik firewall, service rules, network segmentation, VPN and monitoring of suspicious traffic.
Sensitive data should not be left unprotected where physical disk access or poorly configured permissions are enough to expose it. I handle encryption at rest, service separation, access rights and the practical balance between security and usability. Technically this can mean LUKS, native ZFS encryption, user/group permissions, separated storage and secure backups.
Sometimes an off-the-shelf system is not enough and a small tool tailored to real operations is needed: a register, overview, form, data import, log check or service integration. I build smaller web and intranet applications and helper scripts so they solve a concrete job without unnecessary complexity. Technically this can mean PHP, HTML, JavaScript, MySQL/MariaDB, Bash and Python depending on the purpose.
IT should serve operations, not the other way around. I use open-source where it reduces cost, improves data control and makes operational sense. If a Linux/Windows hybrid solution is the right path, I design a hybrid solution. The goal is not a fashionable label, but a working result, regular care and a system that does not collapse at the first serious incident.
Commercial products are not automatically wrong, but many organizations pay for licences, modules or complexity they do not really need. A sensible design can reduce cost significantly.
The ideal state is one account, one password and clear permissions across services. Even when perfect unification is impossible, chaos can usually be reduced.
Data can be priceless. Losing it can mean starting from zero, losing years of work, history, orders and operational overview. A backup without verified restore is just a good feeling; the solution must be able to return operations within hours where feasible.
IT is similar to health: neglected prevention comes back expensive later. Long-term supervision, updates, restore tests and log checks cost less than emergency work when users can no longer work.
Sometimes a full open-source transition is possible. Sometimes the right answer is to keep part of the Windows world and build the rest more openly and efficiently.
The stack can be built from proven components. The important part is that they work together, can be monitored, backed up and restored.
Management needs to know what is necessary, what is unnecessarily expensive and where the risks are. I map what you really use, what is critical and what can be replaced with open-source, a simpler operating model or a more sensible licence option.
In daily operations this creates confusion. During a failure it can mean losing years of work and starting from zero. I design central storage, permissions, versioning, file recycle bins and access from office, web and mobile.
I build a backup and recovery plan that makes sense after server failure, user error or an attack. The goal is not just to have a backup, but also to restore operations quickly.
Connect from a normal computer, notebook or tablet without complicated installations. Open a web browser, sign in and work with data or a remote desktop almost as if you were sitting in the office. Technically, this can be based on Nextcloud, web applications or Apache Guacamole.
VLANs, documentation, monitoring, maps, firewall rules, Wi‑Fi coverage and device supervision.
I have experience with ISP environments, servers, networks, users and non-standard requirements. I know IT not only from theory, but also hands-on: I studied automation technology, have overlap into electrical and mechanical environments, and hold professional electrical qualification under § 7 of Czech Regulation 194/2022. I do not solve only ideal lab conditions.
Contact me through the form. You do not need to know technology names - briefly describe what you need to solve.
IT