nadtoka.dev

Senior DevOps • Platform • Reliability

Oleksandr Nadtoka

I help teams ship faster and keep production stable: CI/CD, Terraform, cloud infrastructure, observability and pragmatic security.

Contact me LinkedIn GitHub
  • CI/CD
  • Terraform
  • Cloud (AWS/GCP/OpenStack)
  • Prometheus/Grafana
  • Security baseline

Remote services • Kyiv, Ukraine • Small-to-mid projects • Clear runbooks and handover

Experience
15+ years
Upwork
120+ projects / 8,000+ hours
Automation impact
−70% provisioning time
security-check 
$ curl -I https://nadtoka.dev
HTTP/2 200
strict-transport-security: max-age=31536000
content-security-policy: default-src 'self' ...
x-content-type-options: nosniff
x-frame-options: DENY

Minimal by design: no trackers, no heavy frameworks, safe defaults.

Primary strength
reliable production operations
Principle
read-only diagnostics first
Change style
risk check + rollback plan

Services

A practical mix of “personal site” and “service offering” — focused on outcomes and reliability.

CI/CD & Release Engineering

Fast, reliable releases with predictable pipelines.

  • GitHub Actions / GitLab CI pipelines (build, test, deploy)
  • Reusable templates, caching & parallelism
  • Runners setup & troubleshooting
  • Secure delivery: least-privilege + secrets hygiene

Infrastructure as Code (Terraform)

Reproducible environments with safe, reviewable changes.

  • Terraform modules, remote state, environment patterns
  • Provisioning automation: plan → review → apply
  • Drift control and lifecycle governance
  • Networking/IAM/security group baseline

Managed Infrastructure (Cloud + Hybrid)

Ongoing maintenance and production stability for small-to-mid projects.

  • AWS / GCP / OpenStack-based environments
  • Hybrid cloud + office/on-prem with clear runbooks
  • Upgrades, patching, capacity, incident response
  • Predictable changes, less drama

Observability (Prometheus / Grafana / Loki)

Actionable dashboards and alerts (signal > noise).

  • Metrics, dashboards, alert rules
  • SLO-aware alerting (pragmatic)
  • Log aggregation when needed
  • Runbooks so incidents become boring

Security & Networking Baseline

Reasonable security by default — without blocking delivery.

  • IAM/RBAC review, access governance
  • VPN/IPsec, secure gateways (pfSense), HAProxy routing
  • TLS automation and safe defaults
  • Secrets patterns (Vault when it makes sense)

Backups & Disaster Recovery

No-surprises recovery procedures.

  • Backup strategy (S3/restic/Proxmox Backup)
  • Restore tests, RPO/RTO planning
  • DR playbooks and periodic drills
  • Simple, documented recovery paths

Containers (pragmatic)

Docker/Swarm/Kubernetes where it actually helps your workload.

  • Containerization, Compose/Swarm operations
  • Practical Kubernetes deployments (when needed)
  • GitOps delivery (optional)

Engagement options

Audit (1–3 days)

  • Infrastructure review + priority roadmap
  • CI/CD hygiene + quick wins
  • Security baseline recommendations

Implementation

  • Terraform modules / pipelines / monitoring stack
  • Hands-on changes via PRs with rollback plan
  • Handover docs and runbooks

Monthly maintenance

  • Proactive monitoring and patching
  • Incident response support
  • Continuous improvements

Impact

Automation
−70% provisioning time

Achieved through workflow automation (IaC + configuration + pipelines).

Cloud cost
−30–40% cost reduction

Optimization and environment automation (especially non-prod).

Freelance track record
120+ projects • 8,000+ hours

Remote delivery for clients worldwide (small-to-enterprise).

Approach

1

Discovery

Clarify constraints, risks and what hurts most in production.

2

Plan + risk check

Propose minimal, safe changes with a rollback plan. Read-only diagnostics first.

3

Implement

Changes via PRs, reviews, clean automation, and predictable deployments.

4

Handover

Runbooks, dashboards and documentation so your team can operate independently.

Selected cases

A few examples of production work.

Ticket → CI/CD → Terraform automation

Automated provisioning with Jira ↔ GitLab CI ↔ Terraform ↔ configuration workflows.

  • Infrastructure lifecycle controlled by ticket status
  • Dynamic parameters (versions, IPs, tags)
  • Result: faster provisioning and fewer manual errors

Self-hosted app on Kubernetes

ActiveCollab in Kubernetes with MySQL + Elasticsearch + PHP-FPM + NGINX.

  • Persistent storage and health checks
  • CI/CD delivery pipeline
  • Production-grade maintainability

On-prem monitoring stack

Prometheus + Grafana + Alertmanager across multiple servers.

  • Dashboards + alert routing
  • Works in isolated networks
  • Operational visibility

pfSense security gateway

VPN, IPsec, HAProxy routing, IDS integration and monitoring.

  • Multiple VPN endpoints + IPsec tunnels
  • Traffic inspection and routing policies
  • Centralized visibility

Contact

The easiest way to reach me is email or LinkedIn.

Email

alex.nadtoka@gmail.com

Prefer a short context: company, tech stack, what’s broken, and urgency.

Links

Security contact: security.txt