Linux Administration

Linux is the backbone of modern IT infrastructures. In my daily work, I plan, install, and operate server and network systems based on Linux—from small environments to highly available clusters with Kubernetes. I rely on stable, maintainable, and traceable configurations that can be fully documented and automated.

My focus is on a traceable, automated, and secure Linux infrastructure that adapts to the requirements of modern companies—independent of proprietary platforms or licensing models.

The goal is always: A secure, high-performance, and long-term manageable system landscape—without dependencies on manufacturers or expensive licensing models.

Comeli dragon with diagram and checklist as a symbol for structured Linux administration and system operation.

Configuration & Automation

For me, the best approach is to work directly with code—whether with Ansible, Helm, Docker Compose, Bash scripts, or Python source code.

This results in reproducible, secure, and scalable systems that can be operated transparently and efficiently in the long term.

  • Infrastructure as code with Ansible and Git
  • Automated deployments and maintenance
  • Script-based provisioning and configuration management
  • Versioned documentation, e.g., with Markdown and Bookstack

Security & System Hardening

In addition to the actual administration, I place particular emphasis on security. I implement consistent hardening measures and regularly check systems for vulnerabilities.

  • SELinux, AppArmor, SSH hardening
  • Firewall and VPN management with OPNsense and WireGuard
  • OpenSCAP audits, ClamAV, ESET, Rspamd
  • Security monitoring and log correlation

Monitoring & Stability

Long-term stable systems can only be achieved through transparency and monitoring.

I implement comprehensive monitoring and alerting solutions to identify problems early on and maximize uptime.

  • Prometheus, Grafana, Node Exporter
  • Log management and analysis (e.g., Journalctl, Loki)
  • Performance measurements and trend analyses
  • Hardware monitoring via SNMP and IPMI

Backup, Recovery & Sustainability

I consider data backup and recoverability to be part of the architecture, not an afterthought. My backup concepts are versioned, comprehensively documented, and regularly tested.

  • Bacula / Bareos
  • BorgBackup, Restic, Ceph snapshots
  • PITR backups for PostgreSQL/MariaDB
  • Automated recovery tests
  • Emergency and recovery processes

Documentation & Knowledge Transfer

Maintainable systems can only be created when knowledge is recorded in a structured manner.

I write technical documentation in such a way that it can be used directly by colleagues, clients, and successors.

  • Markdown-based documentation with Bookstack
  • Automatically generated system overviews and playbook explanations
  • Clear handovers and operating manuals
  • Integration of training and lessons learned in projects

Architecture & Self-Hosting

I see administration as a multifaceted process – from the network to the application. Many of my solutions are developed in our own data center and tested there in a practical environment.

  • Setting up our own KVM/Kubernetes clusters with Ceph storage
  • Operation of central services such as Mailcow, Bookstack, OpenProject, OpenCloud
  • Implementation of multi-tenant setups and isolation strategies
  • Documented best practices for self-hosting and resource efficiency

Trainings

You can find specific trainings and current topics in the Comelio GmbH training catalog.
Available in-house at your company, as a webinar, or as an open training—designed to meet different requirements.

View trainings

Frequently asked questions about Linux Administration

In this FAQ, you will find the topics that come up most frequently in consultations and training sessions. Each answer is kept brief and refers to further content where necessary. Can’t find your question? Feel free to contact me.

Comeli dragon leans against a ‘FAQ’ sign and answers questions about Linux Administration.

Debian/Ubuntu, RHEL/Alma/Rocky, or SLES—which is right for you?

Debian/Ubuntu: flexible, large community, quickly available. RHEL/Alma/Rocky: conservative, stable lifecycle/support ecosystem. SLES: enterprise tooling (zypper/SUSE Manager). Support, lifecycle, hardening, and compliance requirements are decisive factors – not “sympathy.”

SELinux or AppArmor?

Both are MAC hardening tools. SELinux (default on RHEL/Alma/Rocky) is very granular and requires clean policies/labels; AppArmor (default on Ubuntu/SLES) is easier to get started with. Recommendation: use the distribution’s native default engine – with documented exceptions and CI checks.

iptables or nftables (with firewalld)?

nftables is the successor and offers better performance. On modern distros, firewalld usually controls nftables underneath. In practice: define central zones/services, open only the ports you need, use logging sparingly, version rules as code – no more “hand-iptables.”

How do I deal with configuration deviations (“drift”) during operation?

Deviations are detected through regular comparisons with the defined target state. Versioned configurations and controlled changes ensure that systems remain consistent and unwanted deviations are identified at an early stage.