Skip to main content

Tailored engagements, from targeted interventions to full projects. All solutions are built on open source tools proven in production.

πŸ”„

Digital sovereignty & Microsoft 365 alternatives

Your organisation pays Microsoft licences that increase every year, your data is hosted in the United States, and you have no leverage if pricing policies or terms of service change.

There are mature open source alternatives, deployable on-premise, that cover the essential office use cases: collaborative file management (Nextcloud), online document editing (Collabora), video communication (Jitsi, eduMEET), instant messaging (Matrix/Element), email (Postfix, SOGo).

I assess your situation, design the migration, deploy the infrastructure and train your teams. Your data stays in your datacenter, under your control.

πŸ”

Authentication & access management

Your users access dozens of applications with different identities. You have SSO in place but it does not work everywhere. MFA is half-deployed. Rights management has become unmanageable.

I design and deploy centralised open source authentication systems β€” SSO, MFA, identity federation between organisations, integration with existing Active Directory. Solutions that work in production, not just in demos.

☁️

Private cloud & high availability

Your servers are ageing, your continuity plan relies on goodwill, and migrating to the public cloud raises questions about cost and data sovereignty.

I design and deploy on-premise high availability infrastructure β€” virtualisation (Proxmox), distributed storage (Ceph), automatic failover between sites. Your data stays with you, your services stay available.

🌐

Network architecture & perimeter security

Your network has grown by successive additions over 15 years. Nobody knows exactly what talks to what. A security incident reveals vulnerabilities nobody suspected.

I audit and restructure network architectures β€” segmentation, filtering, remote access, multi-site interconnections. I deploy reverse proxies and authentication gateways using proven open source tools (Traefik, Nginx, Fail2ban, Wazuh).

πŸ“‹

NIS2 compliance

The NIS2 directive applies to your organisation and you are not sure where you stand or where to begin.

I assess your compliance level, identify priority gaps and help implement the required technical measures β€” logging, incident detection, vulnerability management, access control. Using auditable open source tools, not proprietary black boxes.

πŸ€–

Agentic AI β€” deployment & secure isolation

Your teams are already using AI tools β€” ChatGPT, Copilot, Claude β€” without anyone having defined what can be sent to them and what cannot. Or you want to deploy agents capable of automating business processes, without knowing how to isolate them from your critical systems.

I work on two areas: advice and usage policy (data classification, guardrails for cloud AI services) and on-premise deployment (open source models on your infrastructure β€” Ollama, vLLM, LiteLLM β€” for data that cannot leave your perimeter). In both cases, I design agents with the required isolation mechanisms.

βš™οΈ

Automation & infrastructure as code

Your deployments are manual, undocumented and non-reproducible. Every intervention takes twice as long as expected because the environment is never quite as expected.

I implement deployment and configuration automation β€” Ansible, Terraform, Python. What was a two-day operation becomes a repeatable 20-minute deployment.

βš™οΈ

LabStack β€” Sovereign infrastructure, ready to run

LabStack is a pre-configured sovereign infrastructure stack designed for independent consultants and small teams who want to own their tools β€” without depending on Microsoft, Google, or any other SaaS vendor.

What’s included #

Component Tool Role
Reverse proxy + TLS Traefik Automatic HTTPS, Let’s Encrypt
Directory & identity lldap + Authelia SSO, MFA, access management
Git Forgejo Private code hosting
Time tracking Kimai Time tracking, billing
Monitoring Zabbix Infrastructure monitoring
VPN OpenVPN Secure remote access

Everything runs on actively maintained open source tools, deployed via Docker Compose.

Two options #

LabStack Solo β€” on-premise #

Deployed on your own server (OVH, Hetzner, or your own datacenter).

  • Full installation and configuration
  • Custom operational documentation
  • 30 days email support included
  • From €1,200

LabStack Hosted β€” managed #

A dedicated stack hosted on my infrastructure, accessible via VPN.

  • Zero maintenance on your end
  • Updates, backups and monitoring included
  • Custom domain
  • €49/month

Who it’s for #

  • Independent consultants billing B2B clients who need to keep their data under control
  • Small IT teams or firms (2-10 people) looking for a sovereign alternative to Microsoft 365
  • Organisations subject to GDPR or NIS2 that cannot outsource their data to US cloud providers

What you get in practice #

A complete work environment, accessible from anywhere via VPN, with:

  • One URL per service (git.yourdomain.com, time.yourdomain.com, etc.)
  • A single login for everything (SSO + MFA)
  • Your private Git repositories
  • Your time tracking and billing reports
  • Visibility on your infrastructure status

Get in touch