Infrastructure, automation & web engineering that ships.
We build and run production systems for tech companies and small businesses — Linux
infrastructure and secure hosting, modern websites, CI/CD and release automation, and
Ansible-driven configuration management. Reliable, secure, and documented work, from
first commit to live deploy.
Provisioning, web servers, TLS, and the operational glue that keeps sites up and secure.
Production Web Hosting
Apache · Let's Encrypt · security headers
A live site served from a hardened Apache virtual host: trusted Let's Encrypt TLS with
automatic renewal, forced HTTP→HTTPS, HSTS, a tuned Content-Security-Policy, and
the rest of the modern security-header set — all on a shared document root managed
without ever disturbing the neighbouring sites.
A privacy-respecting, historical traffic dashboard built on GoAccess with an on-disk
database. A custom ingestion script feeds only new log bytes (rotation-aware, no double
counting), a cron job refreshes it on a schedule, and the report is locked behind HTTP
Basic Auth with its own scoped CSP.
Hand-built front-ends with a real design system — no bloated frameworks, no tracking baggage.
Portfolio Platform
HTML5 · CSS3 · vanilla JS
A responsive marketing site built on a custom CSS design system: a data-driven project
catalog with tag filters, generated SVG artwork, complete SEO (JSON-LD, Open Graph,
sitemap, OG images) and accessibility baked in — skip links, focus states, and
reduced-motion support.
Source documents turned into polished, readable web pages — themed typography, sticky
tables of contents with scroll-spy, responsive tables, callouts and stat-block cards.
Great for documentation, handbooks, and long technical content.
Automated builds, automated checks, and one-command deploys that are safe to run again and again.
Safe Deploy Pipeline
Bash · rsync · release automation
An idempotent release script: per-item rsync with scoped ownership fixes (safe on a
shared host), config validation before reload, and post-deploy health checks. Deploying
is one command — and running it twice changes nothing it shouldn't.
A Python build pipeline that turns source documents into clean semantic HTML, paired
with a dependency-free resilience suite — 200+ checks covering markup integrity,
broken links and missing assets, security headers, path-traversal, and malformed-input
handling — gating every change before it goes live.
Reproducible infrastructure from version-controlled code — servers provisioned with Terraform and configured with Ansible, not tribal knowledge.
Server Provisioning & Hardening
Ansible · YAML · IaC
Idempotent Ansible playbooks that bring a fresh host to production: packages and users,
SSH and firewall hardening, web server and TLS, and automated certificate renewal. Run
them against one box or a fleet — the result is the same, every time, and reviewable in
git.
A minimal, reproducible Terraform configuration that provisions the smallest
free-tier-eligible AWS EC2 instance — the latest Amazon Linux 2023, a public IP, and a
security group open for SSH, HTTP and HTTPS — from version-controlled .tf files.
AWS-only and scoped to exactly one VM, with no credentials in the code: stand it up with
terraform apply and tear it all down with terraform destroy.
A reproducible Terraform configuration that provisions one Azure Linux VM running Ubuntu 24.04
LTS — and, because Azure has no default network, the whole stack it needs: resource group,
virtual network, subnet, public IP, security group and NIC. Scoped to exactly one VM, with no
credentials in the code: terraform apply to create it, terraform destroy
to tear it down.
A reproducible Terraform configuration that provisions one Always Free GCP e2-micro
VM running Ubuntu 24.04 LTS in its own self-contained VPC — a subnet, tag-targeted firewall
rules for SSH/HTTP/HTTPS, and an ephemeral public IP. Scoped to exactly one VM, with no
credentials in the code: terraform apply to create it, terraform destroy
to tear it down.
A reproducible Terraform configuration that provisions one Always Free Oracle Cloud VM running
Ubuntu 24.04 LTS — and, like Azure, the whole network stack it needs: VCN, internet gateway,
route table, security list and subnet. Scoped to exactly one VM, with no credentials in the
code: terraform apply to create it, terraform destroy to tear it down.
One Terraform configuration that stands up a VM in all four clouds at once — AWS, Azure, GCP and
OCI — by composing the four single-cloud modules as children. A single terraform apply
brings up all four; a single terraform destroy tears them down. Run with
-parallelism=1 so the clouds proceed one after another, with no cross-cloud races.
Ongoing care for the servers you depend on: scheduled patching, certificate and renewal
monitoring, log review, backups, and a documented runbook so the next person (or the
future you) can pick it up without guesswork.
Hardening
Backups
Monitoring
Documentation
Application Delivery
From four VMs to a running app, everywhere at once
Provisioning is only half the job — the other half is the software that runs on it. This configuration stands up the VMs and installs, configures and serves a real application on every one, all from the same terraform apply.
Multi-Cloud App Deployment with Terraform
Terraform · cloud-init · AWS / Azure / GCP / OCI
One Terraform configuration that provisions a free-tier VM in all four clouds
and installs the same web application on every one — cloned, dependency-installed, and served
over HTTPS on port 443 by a systemd-managed gunicorn, all via a shared
cloud-init bootstrap. It composes the four single-cloud modules and adds the one
new idea — app installation on first boot — so a single
terraform apply -parallelism=1 takes you from nothing to four running app servers,
and terraform destroy takes it all back down.