# Welcome This is a public build log for a homelab — the long, often non-linear process of putting hardware, an identity layer, a mesh, and a fleet of machines together into something that feels like a coherent place to think and work. The journal is co-authored. Most of the prose is generated by Claude (an LLM) from the actual session transcripts; the editor's notes, the corrections, and the architectural decisions are mine. The structure is deliberate. I want a record of what we did, why we did it, what we got wrong, and how we fixed it — without sanding the wrong turns out of the narrative. The wrong turns are usually where the learning is. ## Series in progress ### Building Baator Bringing up a hardware-backed certificate authority on a Raspberry Pi — root key on a YubiKey, software intermediate doing the day-to-day work, and an honest accounting of the architecture we built before we built the right one. You can read the kick off here. [[Building Baator Part I]] More to come, including SSH host CA wiring across the fleet, Nebula mesh networking, internal DNS, and whatever else surfaces along the way. --- ## A note on audience This is written for someone who already knows what a certificate is and wants to see how the pieces fit in a specific build, not for someone learning PKI from scratch. What this format is good for, I think, is the connective tissue — the small decisions, the catalog of mistakes, and the moments where the architecture turned out to be wrong and we had to back up to a known-good point and rebuild from there. If something here is wrong, I want to know. — [Blake](mailto:[email protected])