sididev
DevOps Infrastructure
PersonalCompleted

DevOps Infrastructure

← Back

Self-hosted infrastructure with reverse proxy, monitoring, automated backups and workflow automation.

Design and operation of production infrastructures on managed cloud platforms (Google Kubernetes Engine, DigitalOcean Kubernetes) and self-hosted (Docker Swarm on VPS), serving e-commerce, SaaS and API client projects.

Orchestration. Kubernetes workloads deployed on GKE and DOKS via Helm and manifests, Ingress management (Nginx, Traefik), horizontal autoscaling, ConfigMaps and Secrets, resource policies, rolling updates and health probes. Equivalent self-hosted stack operated on Docker Swarm for cost-controlled environments.

Runtime & images. Alpine-based image registry published on GHCR (PHP-FPM 8.3, Nginx, Node.js 20, Python 3.13, Bun, Sylius), versioned, built with GitHub Actions using GHA cache and Trivy scanning. Centralized patch management pipeline propagating CVE updates to all consuming projects.

Delivery. Shared GitHub Actions templates per stack (Laravel, Next.js, Sylius, mobile): dependency audit, static analysis, linters, tests, build, registry push, targeted deployment (SSH for Swarm, kubectl/Helm for K8s). Release Please versioning, immutable SHA tags, isolated staging/prod environments.

Edge & traffic. Traefik v3 on Swarm, Nginx Ingress on Kubernetes, Let's Encrypt via cert-manager or native ACME, security middlewares (headers, HSTS, rate limiting), automated TLS termination.

Observability. Prometheus for metrics, Loki + Promtail for log aggregation, Grafana for dashboards, cAdvisor and node-exporter on the host, Uptime Kuma for synthetic probes, Portainer for runtime management. Replicable pattern on Kubernetes clusters via kube-prometheus-stack.

Provisioning. Ansible playbooks for VPS bootstrap (SSH hardening, UFW, Fail2ban, systemd, Docker, users, volumes). Kubernetes provisioning via Terraform and official cloud provider modules.

Data protection. Idempotent backup jobs: compressed MySQL dumps, persistent volume exports (application storage, JWT and encryption keys), Cloudflare R2 replication via rclone, 30-day offsite retention, 2-day local. Kubernetes equivalent via Velero or dedicated CronJobs.

Security. Non-root execution, cap_drop: ALL with explicit capabilities, CPU/memory quotas, NetworkPolicies on K8s, segmented Docker networks on Swarm, automated image scanning, log rotation.

Internal services. Mailcow (SMTP), n8n (workflow orchestration, dedicated PostgreSQL), Umami (self-hosted analytics).

Repositories

traefik-dashboarddevops
DockerGitLab CI/CDGitHub ActionsTraefikGitGitLabNginxShell / BashLet's EncryptLinuxUbuntuRelease PleaseDocker SwarmGHCR
uptime-monitoringdevops
DockerGitLab CI/CDGitHub ActionsTraefikGitGitLabDocker ComposeGrafanaPrometheusUptime KumaPortainerLokiRelease PleasePromtailcAdvisorNode ExporterDocker SwarmGHCR
mailcowdevops
MySQLDockerNginxDocker ComposeFail2banUFWCloudflare R2MailcowRcloneDocker Swarm
devops
DockerGitLab CI/CDGitHub ActionsTraefikGitGitLabPostgreSQLDocker Composen8nRelease PleaseDocker SwarmGHCR
docker-imagesdevops
Open Source
PHPNode.jsSyliusDockerGitHub ActionsGitNginxPythonShell / BashComposerBunDocker ComposeAlpine LinuxTrivyRelease PleaseGHCR
View
ci-templatesdevops
Open Source
DockerGitHub ActionsGitShell / BashPestPHPStanComposerLaravel PintpnpmESLintPrettierTrivy
View
ansibledevops
Open Source
DockerGitShell / BashAnsibleFail2banUFWsystemdLinuxUbuntuDocker Swarm
View
backupdevops
Open Source
MySQLDockerGitShell / BashsystemdcronCloudflare R2Rclone
View
kubernetes-labdevops
DockerKubernetesHelmTerraformRancherDigitalOceanGoogle GKEAlpine Linux