init: complete homelab mastery guide
Architecture overview, design decisions, Docker/networking/OAuth2/Linux concept deep-dives, cert roadmap for cloud engineering track, interview prep with model answers, and structured learning path. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
commit
ca9e8a7959
10 changed files with 1534 additions and 0 deletions
144
learning-path/README.md
Normal file
144
learning-path/README.md
Normal file
|
|
@ -0,0 +1,144 @@
|
|||
# Learning Path — From Where You Are to Cloud Engineer
|
||||
|
||||
## Your Advantage
|
||||
|
||||
You don't have a blank canvas. You have a live production system you built. Most people study networking in a textbook. You configured Cloudflare DNS, set up Tailscale, debugged a Docker networking ufw issue, and traced a distributed systems bug in OAuth2. That's hands-on experience that study alone can't replicate.
|
||||
|
||||
The goal now: attach the vocabulary, depth, and theory to things you've already done.
|
||||
|
||||
---
|
||||
|
||||
## Phase 1 — Complete A+ Core 2 (Now)
|
||||
|
||||
**Focus areas that directly map to your homelab:**
|
||||
|
||||
| A+ Core 2 Topic | Your Homelab Connection |
|
||||
|----------------|------------------------|
|
||||
| Linux command line | You've been using it — now learn the theory |
|
||||
| Security fundamentals | Cloudflare Tunnel, ufw, Tailscale private networking |
|
||||
| Scripting basics | The bash commands you've run |
|
||||
| Troubleshooting methodology | The `invalid_grant` debug process |
|
||||
| Remote access | SSH, SSH tunnels (you used `-L` forwarding) |
|
||||
|
||||
**Study approach:**
|
||||
- Professor Messer's Core 2 videos (free YouTube)
|
||||
- Jason Dion practice exams on Udemy — aim for 85%+ before scheduling
|
||||
- For each topic, ask: "Where did I see this in my homelab?"
|
||||
|
||||
---
|
||||
|
||||
## Phase 2 — CCNA (3–6 Months)
|
||||
|
||||
The CCNA will make everything in your homelab make deeper sense. After CCNA, re-read the networking.md file in this repo and you'll see how much more you understand.
|
||||
|
||||
**Study approach:**
|
||||
1. **Jeremy's IT Lab** (free YouTube + Anki flashcards) — start here
|
||||
2. **Packet Tracer labs** (free from Cisco) — build networks, don't just watch
|
||||
3. **Subnetting practice** — do it daily until it's instant. Use subnettingpractice.com
|
||||
4. **Week 1-4:** OSI model, TCP/IP, subnetting, Ethernet, switching
|
||||
5. **Week 5-8:** VLANs, Spanning Tree, inter-VLAN routing
|
||||
6. **Week 9-16:** IPv4 routing (OSPF, EIGRP), IPv6, ACLs, NAT
|
||||
7. **Week 17-20:** WAN, wireless, security, automation basics, practice exams
|
||||
|
||||
**Labs to build in Packet Tracer that map to your homelab:**
|
||||
- Build the monk + kscloud1 network topology
|
||||
- Simulate the Cloudflare Tunnel concept with a router acting as the "edge"
|
||||
- Set up ACLs that mimic your ufw rules
|
||||
|
||||
---
|
||||
|
||||
## Phase 3 — AWS SAA-C03 (After CCNA)
|
||||
|
||||
**Study approach:**
|
||||
1. **Stephane Maarek's course** (Udemy) — the industry standard
|
||||
2. **AWS Free Tier** — rebuild your homelab services as AWS equivalents:
|
||||
- Forgejo → CodeCommit
|
||||
- Custom portal → S3 static website + CloudFront
|
||||
- Prometheus/Grafana → CloudWatch
|
||||
- Authentik → Cognito
|
||||
- Docker Compose → ECS Fargate
|
||||
- Tailscale → VPC + PrivateLink
|
||||
3. **Tutorial Dojo practice exams** — Jon Bonso's exams are the most accurate
|
||||
|
||||
**For each AWS service you study, map it back to your homelab:**
|
||||
|
||||
| AWS | Your Homelab Equivalent |
|
||||
|-----|------------------------|
|
||||
| EC2 | Hetzner VPS (kscloud1) |
|
||||
| S3 | Static file storage |
|
||||
| VPC | Docker bridge network |
|
||||
| ALB + CloudFront | Cloudflare Tunnel + edge |
|
||||
| RDS | Authentik Postgres |
|
||||
| ElastiCache | Authentik Redis |
|
||||
| CloudWatch | Prometheus + Grafana |
|
||||
| Route 53 | Cloudflare DNS |
|
||||
| IAM | Authentik RBAC / groups |
|
||||
| Secrets Manager | .env files (what you'd replace) |
|
||||
| ECS / Fargate | Docker Compose (what you use) |
|
||||
| VPC Peering | Tailscale overlay |
|
||||
|
||||
---
|
||||
|
||||
## Phase 4 — Hands-On Learning Between Certs
|
||||
|
||||
Don't just study. Build.
|
||||
|
||||
**Projects to add to your homelab that teach real cloud concepts:**
|
||||
|
||||
1. **Add Terraform** — define your kscloud1 server in Terraform so you can destroy and recreate it in minutes. This is Infrastructure as Code, a core cloud skill.
|
||||
|
||||
2. **Add a CI/CD pipeline** — set up Forgejo Actions (Forgejo's built-in CI/CD) so that pushing to a repo automatically tests and deploys changes. This is what DevOps engineers do all day.
|
||||
|
||||
3. **Add Vault** — replace .env files with HashiCorp Vault for secrets management. Real production environments never use .env files.
|
||||
|
||||
4. **Add Kubernetes** — migrate one or two services from Docker Compose to a local k3s cluster. k3s is lightweight Kubernetes — you have enough RAM on monk.
|
||||
|
||||
5. **Add automated backups** — write a script that backs up your Docker volumes to an S3 bucket (or kscloud1) nightly.
|
||||
|
||||
Each of these is a cert objective AND a portfolio item.
|
||||
|
||||
---
|
||||
|
||||
## Daily Practice Habits
|
||||
|
||||
**15 minutes per day beats 3 hours on weekends.**
|
||||
|
||||
- **Subnetting:** Do 10 subnet calculations per day during CCNA study
|
||||
- **Flashcards:** Anki for networking concepts, AWS services
|
||||
- **Logs:** Check `docker logs` on a different service each day — understand what it's saying
|
||||
- **Break something:** Pick one service per week, deliberately misconfigure it, diagnose and fix it. Document what you broke and how you fixed it.
|
||||
- **Read error messages:** When something breaks, read the full error before Googling. Form a hypothesis first.
|
||||
|
||||
---
|
||||
|
||||
## Resources — Free First
|
||||
|
||||
| Topic | Resource | Cost |
|
||||
|-------|----------|------|
|
||||
| A+ Core 2 | Professor Messer (YouTube) | Free |
|
||||
| CCNA | Jeremy's IT Lab (YouTube) | Free |
|
||||
| CCNA labs | Cisco Packet Tracer | Free |
|
||||
| AWS SAA | AWS Skill Builder free tier | Free |
|
||||
| Python | automate the boring stuff (automatetheboringstuff.com) | Free |
|
||||
| Docker | docs.docker.com "Get Started" | Free |
|
||||
| Git | git-scm.com/book | Free |
|
||||
| Linux | linuxcommand.org | Free |
|
||||
| Networking deeper | tcpdump / Wireshark tutorials | Free |
|
||||
|
||||
**Worth paying for:**
|
||||
- Stephane Maarek's AWS SAA on Udemy ($15 on sale — never pay full price)
|
||||
- Tutorial Dojo AWS practice exams ($15)
|
||||
- Jason Dion A+/CCNA practice exams on Udemy ($15)
|
||||
|
||||
---
|
||||
|
||||
## How to Know You're Ready to Interview
|
||||
|
||||
You're ready when you can:
|
||||
1. Explain the OAuth2 authorization code flow from memory without notes
|
||||
2. Subnet any /24 or /25 network in under 30 seconds
|
||||
3. Describe what happens at each layer of the OSI model when you ping google.com
|
||||
4. Walk someone through what happens when a request hits www.kitestacks.com
|
||||
5. Explain the difference between authentication and authorization
|
||||
6. Describe what a VPC is and why it exists
|
||||
7. Answer "what would you do differently?" with a real answer (not "nothing")
|
||||
Reference in a new issue