Selected projects, mostly held together with Terraform & patience.

Monitoring Linux on AWS EC2 — ELK + Grafana.

A self-hosted observability pipeline for a small EC2 fleet, running on a single t3.medium and quietly under $40/month.

Filebeat ships logs from each instance, Logstash parses and tags them by service, Elasticsearch indexes with strict ILM policies, and Grafana displays everything alongside CloudWatch system metrics.

The interesting part wasn't the wiring — it was figuring out which logs were worth keeping. Roughly 80% of disk savings came from dropping events nobody had read in 90 days.

Ansible Telegram Bot.

A chat-ops bridge that lets a small team trigger Ansible playbooks from a Telegram thread.

Role-gated commands, dry-run previews, structured output, and a small audit log. Playbooks register themselves as commands, so adding a new operation means writing a YAML file — no bot deploy required.

Used in production by a 4-person team for routine deploys, restarts, and "did that thing fail again" checks.

Zero-touch deploy pipeline.

A reusable GitHub Actions workflow that builds, signs, and rolls out Docker images to a small fleet — with a one-keystroke rollback.

Each repo includes a single workflow file; the heavy lifting lives in a shared composite action. Cosign signs every image, the deploy step verifies signatures before pulling, and rollback is a tagged commit away.

cluster-postcard.

A small Go CLI that prints a one-page health summary of any Kubernetes cluster — pods, certificates, disk, and surprises.

Designed for the 30-second daily skim, not for replacing a real dashboard. Useful when joining a new project or auditing a cluster you've inherited.

Self-hosted VPN ladder.

A small Terraform + Ansible setup that spins up a WireGuard mesh across three regions for under $15/month.

Born out of frustration with a particularly bad commercial VPN. Also doubles as a really useful sandbox for testing failover and DNS routing.

dotfiles & the long-running terminal.

My dotfiles, in their fourth incarnation, with a focus on reproducibility across Linux and macOS.

tmux, neovim, zsh, plus a small bootstrap script that turns a fresh box into a working environment in two minutes. Versioned, opinionated, and full of comments to my future self.