Skip to content
View phanmanhcuongdev's full-sized avatar

Highlights

  • Pro

Block or report phanmanhcuongdev

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
phanmanhcuongdev/README.md

Everything as Code, from Backend Logic to Operated Infrastructure

Profile views Focus Mindset PTIT

Email Facebook Instagram GitHub

About Me

I am Phan Manh Cuong, a 3rd-year Information Systems student at PTIT and a Backend Intern working across .NET and Java.

I do not see software as isolated source code. I see it as a system that has to be designed, deployed, secured, observed, recovered, and improved over time.

My direction is clear:

From backend development to DevSecOps — not by theory alone, but by operating real systems.

I care about what happens after the code leaves the IDE: how services are deployed, how traffic reaches them, how logs and metrics expose problems, how failures are recovered, and how security decisions shape the entire architecture.

Outside engineering, I am also a regular apheresis donor. That long-term habit shapes the way I work: steady, consistent, and committed to building value that lasts.

What I Actually Operate

My homelab is my personal engineering ground. It is not only a collection of machines, but a small environment where I practice infrastructure, networking, observability, and security under real constraints.

Core Infrastructure

My homelab runs on a Dual Xeon E5-2676 v3 platform (24 Cores / 48 Threads) with 64GB RAM and a GTX 1050Ti, combining both physical networking gear and hypervisor infrastructure. This environment is where I test real problems before bringing solutions to production mindsets.

The environment includes:

  • Hybrid Networking & Routing: Operating physical switches and routers (Cisco, Mikrotik RB450G, RB2011) alongside virtualized VyOS instances for deep packet routing, VLAN segmentation, and access control.
  • Secure Access & Overlay Networks: Managing a self-hosted VPN mesh network using Headscale & Tailscale (with custom domain routing via headscale.cuongdso.id.vn) and enforcing strict WireGuard policies across device cohorts.
  • Proxmox Virtualization: Orchestrating multiple VMs and LXC containers (Ubuntu Server, Kali Linux) for strict service isolation, security testing, and self-hosted workflows (RabbitMQ, MinIO, databases).
  • Full-Stack Observability: Instrumenting the entire infrastructure with Prometheus, InfluxDB, Loki, and Grafana to capture metrics, aggregate logs, and monitor system health in real-time.

This is where theory becomes operational skill, debugging deep into how packets travel and how systems recover.

Engineering Mindset

Many developers stop when the feature works.

I want to understand the full path around that feature:

  • How the request enters the system.
  • How traffic moves across Layer 2 and Layer 3.
  • How services are isolated and exposed.
  • How logs, metrics, and alerts help during failure.
  • How access is controlled.
  • How recovery works when SSH, VPN, or routing breaks.
  • How documentation prevents the system from becoming tribal knowledge.

That is the kind of engineering I am building toward: backend logic with infrastructure awareness, security thinking, and operational maturity.

Operational Lessons I Care About

My homelab has taught me that infrastructure is not only about tools. It is about discipline.

Some principles I try to follow:

  • Always keep a recovery path. VPN, SSH, and reverse proxy are useful, but console access can save the system when networking fails.
  • Expose less by default. Private mesh access is often better than public exposure.
  • Monitor for understanding, not decoration. Dashboards should help explain system behavior during incidents.
  • Document the network. If the topology only exists in your head, it will eventually become a problem.
  • Treat security as part of design. Hardening, access control, and logs should not be added only at the end.
  • Respect physical constraints. Power, heat, and cost are also architecture concerns.

Featured Work

Project / System What it represents
CoreAuth 🔐 NEW Android FIDO2/U2F Security Key framework (Rust daemon + Kotlin/Compose UI). Implements Legacy U2F over USB HID with transactional lifecycle, independent biometric modes (Fingerprint, Face, NFC), and zero-trust protocol isolation. Security Key does not invoke Android BiometricPrompt—it's a hardware-grade authenticator in your pocket.
roadmap-to-devsecops My personalized learning journey, homelab notes, and system hardening guides as I move from backend toward DevSecOps. Evidence-based labs with formal methodology for each phase.
student-feedback-system An enterprise-style academic project: Java 21 + Spring Boot 4 backend with Hexagonal Architecture, Reactor async patterns, and modular API design—how backend architecture should feel at scale.
translation-ai-worker A backend worker service consuming RabbitMQ translation requests, generating bilingual (Vietnamese/English) content using FastAPI, and demonstrating async patterns in a real-world integration.
FaizGear 🤖 NEW A Faiz Phone (Kamen Rider 555) simulator built with Jetpack Compose and Kotlin. Acts as a Zero-Trust IoT remote controller for Proxmox homelab—blending mobile UI, hardware control, and security in one experimental package.
Homelab Mesh Infrastructure A private network environment using Headscale/Tailscale, Proxmox, VyOS, Prometheus/Grafana stack, and security layers including network segmentation and access control. The operational ground where backend meets infrastructure.
headscale-infra Documentation and configuration for self-hosted Headscale + Nginx overlay network infrastructure. Includes architecture decisions, failure recovery, and real-world ConfigFS/UDC management.
distributed-systems-lab SQL Server replication lab combining Publisher–Distributor–Subscriber topology with Headscale mesh networking for geographic distribution testing.
sqlserver-replication-lab Docker Compose setup for SQL Server replication testing—how data moves, where it breaks, and how to recover.
IOT-v-ng-d-ng IoT / embedded systems experimentation ground—extending the security-key and device-controller paradigm into real-world hardware challenges.

Tech Stack

Backend Engineering

.NET C# Java Spring Boot FastAPI REST API SQL Server

Mobile & Systems Programming

Kotlin Jetpack Compose Rust Python

Infrastructure, Networking & Operations

Proxmox VyOS Ubuntu Server Windows Server Tailscale Headscale NetBox

Networking & Security Infrastructure

Cisco MikroTik VyOS WireGuard Tailscale Headscale Kali Linux

Containers, Delivery & Observability

Docker Portainer MinIO Ansible GitHub Actions Prometheus Grafana Loki

Observability & Data

Prometheus Grafana InfluxDB Loki RabbitMQ PostgreSQL

Engineering Map

flowchart LR
    A[Backend Engineering]
    B[Infrastructure]
    C[Networking]
    D[Security]
    E[Observability]
    F[Homelab Cyber Range]
    G[DevSecOps Direction]

    A --> F
    B --> F
    C --> F
    D --> F
    E --> F
    F --> G

    A <--> B
    B <--> C
    C <--> D
    D <--> E
    E <--> A

    style F fill:#dcfce7,stroke:#15803d,stroke-width:2px,color:#0f172a
    style G fill:#fee2e2,stroke:#dc2626,stroke-width:2px,color:#0f172a
    style A fill:#dbeafe,stroke:#1d4ed8,color:#0f172a
    style B fill:#f8fafc,stroke:#475569,color:#0f172a
    style C fill:#f8fafc,stroke:#475569,color:#0f172a
    style D fill:#f8fafc,stroke:#475569,color:#0f172a
    style E fill:#f8fafc,stroke:#475569,color:#0f172a
Loading

Current Direction

I am currently focusing on:

  1. Backend architecture Building maintainable services with clear boundaries, practical API design, and database-aware thinking. Currently implementing enterprise patterns: Hexagonal Architecture, Ports & Adapters, JWT/OAuth flows, and async message processing.

  2. Infrastructure as Code Reducing manual drift and making environments reproducible. Exploring OpenTofu and Ansible for infrastructure provisioning, and Kubernetes orchestration with K3s for production-mindedness.

  3. Private networking and secure access Using mesh VPN patterns (Headscale, Tailscale) and network segmentation to reduce unnecessary public exposure. Implementing zero-trust principles and strict VPN ACLs.

  4. CI/CD and security in delivery Moving security checks closer to the development workflow instead of treating them as a final gate. Exploring SonarQube, Trivy scanning, and container image validation.

  5. Observability and incident readiness Building systems that can explain themselves when something goes wrong. Instrumenting with Prometheus, Grafana, Loki for metrics, logs, and visibility. Creating operational dashboards for understanding system behavior during failures.

  6. Security-first system design Recently diving into FIDO2/U2F protocol implementation (CoreAuth), understanding hardware-grade authentication, and exploring how security decisions cascade through architecture—from daemon privilege boundaries to USB gadget lifecycle management.

Contribution & Stats

📊 On GitHub

GitHub Profile

GitHub Followers Total Repositories

🛠️ Main Technology Languages

Java C# Python Kotlin Rust TypeScript Other

🎯 Key Metrics

Pinned Repos Public Contributions

Closing Note

I am building toward a version of engineering where backend, infrastructure, networking, observability, and security are not separate tracks.

They are one system.

"Security is not a gate at the end. It is a property of systems designed with discipline from the start."

Popular repositories Loading

  1. TRR-PTIT TRR-PTIT Public

    C++ 5

  2. student-feedback-system student-feedback-system Public

    A production-ready Student Feedback System built with Hexagonal Architecture, DevSecOps CI/CD, and secure Hybrid Cloud networking.

    Java 2 1

  3. translation-ai-worker translation-ai-worker Public

    Python 1

  4. hotel-management-system hotel-management-system Public

    Java

  5. phanmanhcuongdev phanmanhcuongdev Public

    Sinh viên Hệ thống thông tin PTIT | Đam mê DevSecOps và tối ưu hóa Homelab.

    Python

  6. identity_number identity_number Public

    Python