Proxmox + ZFS Architecture
HA design, multi-site patterns, storage tuning, performance and capacity planning.
- Cluster health and upgrade strategy
- ZFS layout, tuning, scrubs, replication
- Backup/DR (PBS), recovery runbooks
CTO-level consulting that delivers.
Fast. Clean. Reliable.
I’m Adrian Jon Kriel. I help teams design, harden, and operate real infrastructure: Proxmox + ZFS clusters, cloud exit (moving away from hyperscalers), custom SaaS infrastructure, on-prem AI, DNS/email, automation, observability, and emergency recovery.
- 28+ years in Linux & hosting
- 50,000+ servers built, fixed, or optimized
- 1,000+ servers actively operated (automation-first)
- 50+ Proxmox clusters deployed • cloud exit • US & EU
BASEUK/ZA
SERVEGlobal (US/EU)
TZGMT/UTC (now —)
TRAVELBy arrangement
OPENConsulting + senior roles
What I do (and do well)
Linux Performance & Reliability
Kernel, I/O, network, and application tuning with measurable outcomes.
- Latency and throughput profiling
- Resource isolation and guardrails
- Root cause analysis, postmortems
Hosting Stack Modernization
Web, proxy, DB, and platform improvements that cut cost, reduce risk, and raise uptime.
- Nginx / HAProxy / Caddy patterns
- MySQL/MariaDB performance & HA
- cPanel / DirectAdmin / OpenPanel operations
Database Performance (MySQL/MariaDB)
Turn “slow and fragile” into “fast and boring” with safe tuning, observability, and HA patterns.
- Query performance, indexes, schema review
- Replication/Galera, backups, and recovery drills
- Operational tooling (PMM), guardrails, runbooks
Cloud Exit & SaaS Infrastructure
Move away from the cloud safely — and run a custom SaaS platform with predictable cost and performance.
- Repatriation plans, cutovers, egress reality checks
- Colo/on-prem designs (compute/storage/network)
- Multi-tenant patterns, guardrails, and SRE basics
DNS & Email Systems
Authoritative + recursive DNS, deliverability, anti-spam, and continuity.
- DNSControl, Unbound, BIND9, PowerDNS, gdnsd, dnsdist
- Postfix/Dovecot/Exim ops
- ClamAV/SpamAssassin hardening
Automation (Ansible/Bash)
Build once, run forever: provisioning, hardening, lifecycle ops, runbooks.
- Ansible roles and deployment pipelines
- Packer + cloud-init templates
- Docker, Coolify, Dockhand, repeatable ops
Embedded + Custom Automation
When the solution needs hardware: ESP32/Arduino projects and custom automation workflows.
- ESP32/Arduino firmware and integrations
- Sensors, telemetry, dashboards, alerting
- Automation glue between hardware + infra
Incident Response & On-Call Rescue
When it’s down, I get it back up — and make sure it stays up.
- Emergency triage and containment
- Stability fixes and hardening
- Monitoring + alerting improvements
Deliverables you can hold me to
- Architecture diagrams + decisions (ADRs)
- Action plan with risk + ROI order
- Automation and runbooks
- Performance baselines and KPIs
- Hardening checklist and evidence
- Postmortems and follow-ups
AI, agents & automations (private + production-ready)
Build AI that actually works in production: on-prem or private cloud, with guardrails, audit trails, and zero “mystery box” dependencies. Ideal for US/EU teams that care about data residency, cost, and reliability.
On-Prem / Private AI
Run modern LLM capabilities where your data lives — not the other way around.
- Model serving (CPU/GPU), networking, and capacity planning
- SSO/RBAC, secrets, logging, and change control
- Cost controls, caching, observability, and latency budgets
Agents + Automations
Automation that executes, documents, and escalates — with human approval where needed.
- n8n workflows + integrations (Slack/Jira/CRM) + voice-to-text ingestion
- Runbook-style agents for SRE/on-call support
- Guardrails: allowlists, approvals, and audit trails
RAG + Vector Stores
Turn internal docs into an answer engine (without leaking private data).
- Ingestion pipelines, chunking, embeddings, permissions
- Vector stores: pgvector, Qdrant, Weaviate (or what you already run)
- Evaluation + drift checks so it stays correct over time
AI deliverables (no fluff)
- Architecture + threat model
- Proof-of-value pilot (1–2 weeks)
- Production rollout plan + runbooks
- Monitoring, cost model, and SLOs
- Team training + handover
- Data residency and compliance notes
Platforms and tooling I ship with
This isn’t “buzzword consulting”. It’s the boring, production-grade stack I’ve used to build and operate clusters, hosting platforms, and custom SaaS infrastructure.
Virtualization / Storage
PVEProxmox VE
PBSProxmox Backup Server
PMGProxmox Mail Gateway
ZFSZFS
NASTrueNAS
LXCLXC containers
Linux / OS
UBUUbuntu
DEBDebian
ALMAlmaLinux
CLCloudLinux
ALPAlpine Linux
RHLRHEL / CentOS family
Automation / Delivery
ANSAnsible
BSHBash
PKRPacker
CINcloud-init
DOCDocker / Compose
CFYCoolify
DHKDockhand
RANRancher
Web / Proxy
NGXNginx
HAPHAProxy
CADCaddy
APAApache HTTPD
OLSOpenLiteSpeed / LiteSpeed
PHPPHP-FPM
Hosting / Apps
CPcPanel / WHM
DADirectAdmin
OPOpenPanel
MBMetabase
N8Nn8n automation
DNS / Email
DNSCDNSControl
UBDUnbound
B9BIND9
PDNSPowerDNS
GDNSgdnsd
DISTdnsdist
PFXPostfix
DOVDovecot
EXIExim
Databases / Caches
SQLMySQL / MariaDB / Galera
REDRedis
MEMMemcached
RMQRabbitMQ
Monitoring / Security
ZBXZabbix
PMMPercona PMM
F2BFail2ban
NFTnftables
UFWUFW
AVClamAV / SpamAssassin
Embedded
ESPESP32
ARDArduino
eCommerce platforms (performance, uptime, and revenue protection)
I specialize in the infrastructure behind stores that must stay online: performance tuning, scaling, hardening, migrations, and “it’s broken right now” recovery.
WordPress + WooCommerce
Speed, stability, and security for WooCommerce at scale.
- Cache strategy, PHP-FPM tuning, database performance
- Bot/abuse mitigation, WAF patterns, mail deliverability
- Safe plugin updates and rollback strategy
Magento (Adobe Commerce)
Production operations that keep checkout fast and predictable.
- MySQL/MariaDB tuning, indexing, and observability
- Queues/cron reliability, deployments, and staging discipline
- Scale patterns, HA, backups, and recovery drills
OpenCart + Other Stacks
Pragmatic ops and performance improvements for real-world stores.
- Hosting stack hardening (Nginx/HAProxy, TLS, headers)
- Monitoring + alerting to catch revenue-impacting issues
- Migrations: cloud → colo/on-prem, or broken → stable
What you get
- Performance baseline + bottleneck map
- Hardening checklist and rollout plan
- DB + cache tuning with verification steps
- Backup/restore drills and incident playbook
- Monitoring tuned to business impact
- Clear postmortems after incidents
Battle-tested, not theoretical
Signature outcomes
- Built and operated a full hosting platform end-to-end (compute, storage, mail, DNS, backups).
- Built, fixed, or optimized 50,000+ servers; 1,000+ actively operated with automation-first operations.
- Deployed 50+ Proxmox clusters (PVE/PBS/PMG) with repeatable automation and runbooks.
- Remediated major failures (e.g., SAN failure) and stabilized production fast.
Open-source footprint
- GitHub: github.com/extremeshok
- Docker Hub: hub.docker.com/u/extremeshok
- Blog/runbooks: extremeshok.com/blog
If you want to see how I think, the repos and runbooks are public.
Proxmox in production (screenshots)
Sanitized examples of Proxmox VE / Proxmox Backup Server dashboards from real deployments (50+ clusters). Drop
images into assets/screenshots/ and update manifest.json.
Tip: export as PNG/WebP and blur/redact hostnames, IPs, and client names.
4-year git worklog (sanitized)
This is a sanitized timeline generated from private repositories (last 4 years), filtered for Proxmox, clusters, deployments, storage, databases, and related infra work.
How engagements run
1) Triage
Quick intake call, define the problem, align on outcomes, and get access safely.
2) Audit
Baseline, risks, bottlenecks, and “what breaks next” — documented and prioritized.
3) Ship
Hands-on fixes, automation, hardening, and monitoring. Changes are reversible and tracked.
4) Handover
Runbooks, diagrams, and clear next steps so your team isn’t dependent on me.
5) Retainer (optional)
On-call, ongoing improvements, and “keep it boring” operations.
US & EU ready
- Remote-first, async-friendly, documented decisions
- NDA-friendly; least-privilege access patterns
- GDPR-aware and privacy-minimal approach
- Production change discipline (rollbacks, windows)
- Time-zone overlap planning (EU/UK, US mornings)
- Clear comms: what changed, why, and how to verify
Book a consultation
Quick message
Book a consultation
Email me and I’ll reply with available slots and next steps.
Email: admin@extremeshok.com
Send: a 2–3 sentence problem statement, your stack, urgency, and what “done” looks like.
Quick CLI
$ printf "Need help: %s\n" "your problem here" | mail admin@extremeshok.comQuestions I get a lot
Do you do short audits, or only big projects?
Both. A short audit can produce a high-ROI plan, and we can then execute the top items.
Can you work under NDA / security restrictions?
Yes. I prefer least-privilege access, audit trails, and explicit scopes. You’ll get documentation, not mystery.
Are you “cloud-only” or “on-prem only”?
Neither. I build the right mix: on-prem, colocated, cloud, hybrid — whatever makes sense for cost, latency, and risk.
Do you help with ongoing operations?
Yes. Retainers are ideal when you want stability, predictable improvements, and fast incident response.
Privacy & data handling
No trackers. No ad pixels. No “growth hacks”. If you contact me, I only use your details to reply and deliver the work.
- Collected: name, email, company (optional), region, urgency, message
- Purpose: respond, schedule, scope work, and provide ongoing support if requested
- Storage: stored on infrastructure controlled by eXtremeSHOK (lead log + optional email delivery)
- Retention: kept only as long as needed for the conversation and delivery; deletion on request
- Sharing: never sold; shared only with services you explicitly choose (e.g., your own email provider)
- EU/UK: GDPR-aware handling (minimal data, least-privilege access, audit trails)
Privacy questions or deletion requests: admin@extremeshok.com.