nadtoka.dev

Senior DevOps • Platform • Reliability

Oleksandr Nadtoka

Oleksandr Nadtoka

I help teams ship faster and keep production stable: CI/CD, Terraform, cloud infrastructure, observability and pragmatic security.

Contact me Download CV LinkedIn GitHub
  • CI/CD
  • Terraform
  • Cloud (AWS/GCP/OpenStack)
  • Prometheus/Grafana
  • Security baseline

Now available for

  • Infrastructure audit (1–3 days) — quick health check + prioritized roadmap
  • Implementation projects — CI/CD, Terraform, monitoring, hardening
  • Monthly maintenance — patching, monitoring, incident support

Tools

Password Generator Base64 Encode/Decode CIDR Calculator HTTP Helper

Remote services • Kyiv, Ukraine • Small-to-mid projects • Clear runbooks and handover

Security & Reliability
Ops pulse
Provider updates + market snapshot (cached)
Loading…
Security headers
Quick snapshot of HTTPS response headers.
$ curl -I https://nadtoka.dev
HTTP/2 200
strict-transport-security: max-age=31536000
content-security-policy: default-src 'self' ...
x-content-type-options: nosniff
x-frame-options: DENY
Visitor diagnostics
Read-only snapshot of what your browser sends.
Loading…

Services

Practical DevOps services focused on uptime, delivery speed, and cost control.

CI/CD & Release Engineering

Fast, reliable releases with predictable pipelines.

  • GitHub Actions / GitLab CI pipelines (build, test, deploy)
  • Reusable templates, caching & parallelism
  • Runners setup & troubleshooting
  • Secure delivery: least-privilege + secrets hygiene

Infrastructure as Code (Terraform)

Reproducible environments with safe, reviewable changes.

  • Terraform modules, remote state, environment patterns
  • Provisioning automation: plan → review → apply
  • Drift control and lifecycle governance
  • Networking/IAM/security group baseline

Managed Infrastructure (Cloud + Hybrid)

Ongoing maintenance and production stability for small-to-mid projects.

  • AWS / GCP / OpenStack-based environments
  • Hybrid cloud + office/on-prem with clear runbooks
  • Upgrades, patching, capacity, incident response
  • Predictable changes, less drama

Observability (Prometheus / Grafana / Loki)

Actionable dashboards and alerts (signal > noise).

  • Metrics, dashboards, alert rules
  • SLO-aware alerting (pragmatic)
  • Log aggregation when needed
  • Runbooks so incidents become boring

Security & Networking Baseline

Reasonable security by default — without blocking delivery.

  • IAM/RBAC review, access governance
  • VPN/IPsec, secure gateways (pfSense), HAProxy routing
  • TLS automation and safe defaults
  • Secrets patterns (Vault when it makes sense)

Backups & Disaster Recovery

No-surprises recovery procedures.

  • Backup strategy (S3/restic/Proxmox Backup)
  • Restore tests, RPO/RTO planning
  • DR playbooks and periodic drills
  • Simple, documented recovery paths

AI-assisted DevOps workflows

Using LLM copilots to speed up delivery while keeping changes reviewable and safe.

  • Tools: ChatGPT (incl. Codex), Google Gemini
  • Use cases: troubleshooting, config drafts, PR summaries, runbook outlines
  • Safety: no secrets in prompts; review-before-apply; minimal context sharing
  • Local lab: Ollama (Llama 3.x 8B Instruct, GGUF Q4/Q5) on office server (CPU/RAM)

Containers (pragmatic)

Docker/Swarm/Kubernetes where it actually helps your workload.

  • Containerization, Compose/Swarm operations
  • Practical Kubernetes deployments (when needed)
  • GitOps delivery (optional)

What you get

Delivery

  • PR-based changes with review
  • Rollback plan for every change
  • Dashboards + alerts tuned (signal > noise)

Handover

  • Runbooks and handover documentation
  • Optional: a short handover call

Results

Experience
15+ years

DevOps, platform and reliability leadership across multiple domains.

Automation
−70% provisioning time

Achieved through workflow automation (IaC + configuration + pipelines).

Cloud cost
−30–40% cost reduction

Optimization and environment automation (especially non-prod).

Freelance track record
120+ projects • 8,000+ hours

Remote delivery for clients worldwide (small-to-enterprise).

Approach

Calm ops, predictable changes: read-only first, small blast radius, rollback always.

1

Triage (read-only first)

Quick read-only diagnostics and identify the top 1–2 risks.

2

Plan + rollback

Small change plan, blast radius, rollback steps, success criteria.

3

Implement via PRs

Reviewable changes in Git, automation-first, predictable deployments.

4

Operate + handover

Dashboards, alerts, runbooks, and calm day-2 operations.

Selected cases

A few examples of production work.

Ticket → CI/CD → Terraform automation

Automated provisioning with Jira ↔ GitLab CI ↔ Terraform ↔ configuration workflows.

  • Infrastructure lifecycle controlled by ticket status
  • Dynamic parameters (versions, IPs, tags)
  • Result: faster provisioning and fewer manual errors

Centralized Identity & Access (LDAP + Replication)

Single source of truth for internal authentication across cloud and office infrastructure.

  • Primary LDAP in cloud + office replica for local availability
  • LDAP auth for office Wi-Fi and Linux workstation logins
  • LDAP auth for HashiCorp Vault and SSH access to dev servers
  • Outcome: centralized access control and cleaner offboarding

Self-hosted ActiveCollab on Kubernetes

ActiveCollab in Kubernetes with MySQL + Elasticsearch + PHP-FPM + NGINX.

  • Persistent storage and health checks
  • CI/CD delivery pipeline
  • Production-grade maintainability

Office Virtualization Platform (Proxmox VE)

Built a secure virtualization baseline for an office server.

  • Storage + networking baseline (segmentation, templates)
  • RBAC roles and least-privilege access
  • Multi-VM dev/test platform with templates
  • Result: scalable layout and simpler admin

On-prem Observability Stack (Prometheus + Grafana + Alertmanager)

Monitoring for isolated networks with actionable dashboards and alert routing.

  • Coverage across 5 servers (LB, DB, core, maintenance, services)
  • IaC via Terraform + repeatable builds (Chef Kitchen)
  • Dashboards for Node Exporter, Blackbox, cAdvisor, PostgreSQL
  • Alert routing with clear ownership
  • Result: reliable visibility and faster triage

Cloud Security Gateway (pfSense + VPN + Reverse Proxy)

Hardened perimeter for cloud workloads.

  • VPN-only administrative access with restricted policies
  • HAProxy TLS termination and routing policies
  • IDS/IPS baseline with tuned rules
  • Result: reduced attack surface and safer access

Contact

The easiest way to reach me is email or LinkedIn.

Email

[email protected]

Prefer a short context: company, tech stack, what’s broken, and urgency.

Links

Security contact: security.txt

How to start

  1. Send a short context: your stack, what’s broken, urgency, and constraints.
  2. We’ll review diagnostics and align on a minimal plan with rollback.
  3. Implementation via PRs with clear handover and runbooks.