Tailored engagements, from targeted interventions to full projects. All solutions are built on open source tools proven in production.
Your organisation pays Microsoft licences that increase every year, your data is hosted in the United States, and you have no leverage if pricing policies or terms of service change.
There are mature open source alternatives, deployable on-premise, that cover the essential office use cases: collaborative file management (Nextcloud), online document editing (Collabora), video communication (Jitsi, eduMEET), instant messaging (Matrix/Element), email (Postfix, SOGo).
I assess your situation, design the migration, deploy the infrastructure and train your teams. Your data stays in your datacenter, under your control.
Your users access dozens of applications with different identities. You have SSO in place but it does not work everywhere. MFA is half-deployed. Rights management has become unmanageable.
I design and deploy centralised open source authentication systems β SSO, MFA, identity federation between organisations, integration with existing Active Directory. Solutions that work in production, not just in demos.
Your servers are ageing, your continuity plan relies on goodwill, and migrating to the public cloud raises questions about cost and data sovereignty.
I design and deploy on-premise high availability infrastructure β virtualisation (Proxmox), distributed storage (Ceph), automatic failover between sites. Your data stays with you, your services stay available.
Your network has grown by successive additions over 15 years. Nobody knows exactly what talks to what. A security incident reveals vulnerabilities nobody suspected.
I audit and restructure network architectures β segmentation, filtering, remote access, multi-site interconnections. I deploy reverse proxies and authentication gateways using proven open source tools (Traefik, Nginx, Fail2ban, Wazuh).
The NIS2 directive applies to your organisation and you are not sure where you stand or where to begin.
I assess your compliance level, identify priority gaps and help implement the required technical measures β logging, incident detection, vulnerability management, access control. Using auditable open source tools, not proprietary black boxes.
Your teams are already using AI tools β ChatGPT, Copilot, Claude β without anyone having defined what can be sent to them and what cannot. Or you want to deploy agents capable of automating business processes, without knowing how to isolate them from your critical systems.
I work on two areas: advice and usage policy (data classification, guardrails for cloud AI services) and on-premise deployment (open source models on your infrastructure β Ollama, vLLM, LiteLLM β for data that cannot leave your perimeter). In both cases, I design agents with the required isolation mechanisms.
Your deployments are manual, undocumented and non-reproducible. Every intervention takes twice as long as expected because the environment is never quite as expected.
I implement deployment and configuration automation β Ansible, Terraform, Python. What was a two-day operation becomes a repeatable 20-minute deployment.
LabStack is a pre-configured sovereign infrastructure stack designed for independent consultants and small teams who want to own their tools β without depending on Microsoft, Google, or any other SaaS vendor.
What’s included #
| Component | Tool | Role |
|---|---|---|
| Reverse proxy + TLS | Traefik | Automatic HTTPS, Let’s Encrypt |
| Directory & identity | lldap + Authelia | SSO, MFA, access management |
| Git | Forgejo | Private code hosting |
| Time tracking | Kimai | Time tracking, billing |
| Monitoring | Zabbix | Infrastructure monitoring |
| VPN | OpenVPN | Secure remote access |
Everything runs on actively maintained open source tools, deployed via Docker Compose.
Two options #
LabStack Solo β on-premise #
Deployed on your own server (OVH, Hetzner, or your own datacenter).
- Full installation and configuration
- Custom operational documentation
- 30 days email support included
- From β¬1,200
LabStack Hosted β managed #
A dedicated stack hosted on my infrastructure, accessible via VPN.
- Zero maintenance on your end
- Updates, backups and monitoring included
- Custom domain
- β¬49/month
Who it’s for #
- Independent consultants billing B2B clients who need to keep their data under control
- Small IT teams or firms (2-10 people) looking for a sovereign alternative to Microsoft 365
- Organisations subject to GDPR or NIS2 that cannot outsource their data to US cloud providers
What you get in practice #
A complete work environment, accessible from anywhere via VPN, with:
- One URL per service (
git.yourdomain.com,time.yourdomain.com, etc.) - A single login for everything (SSO + MFA)
- Your private Git repositories
- Your time tracking and billing reports
- Visibility on your infrastructure status