Available for Linux & SRE consulting

Hi, I'm Andrew.

Senior Site Reliability Engineer based in St. Louis, Missouri. I architect resilient Kubernetes platforms, ship everything through GitHub Actions, automate the rest with Ansible and Terraform, and keep production humming for thousands of servers across multiple datacenters.

Hire me via BoPag → Download résumé (PDF) View GitHub
Andrew Paglusch
// 01 · About

A decade-plus in the Linux trenches.

Fifteen-plus years of caring deeply about systems that stay up, stay observable, and stay yours. My day job runs production at enterprise scale; my evenings run the homelab. I write things down obsessively so I never solve the same problem twice.

15+ Years in ops & platform
1,000+ Technical notes archived
Since '09 Running my consulting practice
Multi-DC AWS & on-prem production scope
35 Open-source repositories
500+ GitHub stars earned
// 02 · Experience

Where I've worked.

A chronological tour through ops, platform, and infrastructure roles.

Senior Site Reliability Engineer / DevOps Engineer
May 2021 · Present
SS&C Technologies
  • The team's go-to escalation engineer. Pulled in across teams to untangle gnarly production incidents and weird systems behavior when no one else can figure it out.
  • Built and maintain extensive GitHub Actions CI/CD pipelines covering automated testing, image builds, security scans, and Kubernetes rollouts for every internal application.
  • Architected a multi-tenant observability stack on Kubernetes with Mimir, Loki, Grafana, Tempo, Alertmanager, and Blackbox, covering metrics and logs for thousands of production servers spanning AWS and multiple on-prem datacenters.
  • Deployed production Keycloak authentication clusters powering single sign-on across internal tooling.
  • Built a Python-based Kubernetes vulnerability scanner used to triage CVE exposure in production workloads.
Kubernetes AWS GitHub Actions Helm Ansible Python Grafana Loki Mimir Tempo Keycloak
Owner & Principal Linux Consultant
Sep 2009 · Present
BoPag Computer Services, LLC
  • Provide white-glove managed hosting and Linux infrastructure consulting to small and mid-sized businesses, with a fleet of client servers under active management.
  • Run hosted services for clients including secure business file sharing, work-from-home VPNs, and hosted QuickBooks deployments.
  • Handle network infrastructure (firewalls, wired and wireless), Active Directory and Microsoft 365 / Google Workspace administration, cybersecurity monitoring, and managed backups.
  • Local St. Louis support with 24/7 helpdesk coverage. No retainers, no contracts, pay as you go.
Managed hosting Linux consulting Hosted QuickBooks File sharing WFH VPN M365 Active Directory Cybersecurity Backups
Hire me through BoPag →
DevOps Engineer
May 2019 · May 2021
Contegix
  • Operated CentOS/RHEL infrastructure as a Tier 4 escalation point for the most complex production incidents.
  • Developed Jenkins pipelines and Ansible automation to replace manual change processes, cutting toil and surfacing config drift.
  • Managed Docker container infrastructure underpinning customer-hosted applications.
RHEL/CentOS Jenkins Ansible Docker
Linux Engineer
Aug 2017 · May 2019
Contegix
  • Supported managed Atlassian stacks (Jira, Confluence, Bamboo) as Tier III, handling deep app and database troubleshooting for enterprise customers.
  • Wrote Ruby scripts and Puppet manifests to automate maintenance and configuration.
  • Worked across RHEL/CentOS, networking, and virtualization (VMware ESXi, KVM).
Puppet Ruby Atlassian VMware KVM
NOC Technician
Mar 2016 · Aug 2017
Contegix
  • Provided Tier I and II support, monitoring Linux servers and Atlassian products, triaging alerts, and routing escalations.
Monitoring Linux Incident triage
Network & Systems Administrator
Jul 2013 · Mar 2016
CPO Technology Solutions
  • Owned firewall management, CentOS 7 backup infrastructure, and FreeBSD-based OpenVPN deployments.
  • Managed workstation imaging with FOG and Windows Group Policy for client environments.
FreeBSD OpenVPN Group Policy FOG
// 03 · The Homelab

Where the experiments live.

What I run when no one is paying me to. The lab is my prototype rack, my safe-to-break playground, and the proof that the patterns I push at work actually hold up.

10 Node Kubernetes cluster
IaC Terraform + Ansible, top to bottom
24/7 Production-grade uptime mindset

Everything is provisioned declaratively with Terraform and Ansible, instrumented with the same Grafana / Loki / Mimir stack I run at scale during the day, and reached over a Nebula VPN overlay. Workloads include a self-hosted media stack, secrets sharing, dashboards, and the test environments for most of my open-source projects.

Proxmox Kubernetes Terraform Ansible Nebula VPN WireGuard Grafana Loki Mimir Traefik Cloudflare Self-hosted apps
// 04 · Skills

The toolkit.

What I reach for on most days, grouped by where it lives in the stack.

Orchestration & IaC

Kubernetes Helm Terraform Ansible Puppet Docker

CI/CD & Automation

GitHub Actions Jenkins Reusable workflows Self-hosted runners Container builds Release automation

Cloud & Platform

AWS Proxmox VMware ESXi KVM Keycloak Cloudflare

📊Observability

Grafana Loki Mimir Tempo Alertmanager Blackbox Munin Zabbix

💻Languages

Python Bash Ruby PHP JavaScript HCL Jinja C

🌐Linux & Networking

RHEL / CentOS Debian / Ubuntu FreeBSD iptables / nftables WireGuard Nebula VPN OpenVPN

🔒Security & Identity

Vulnerability scanning SSO / Keycloak SSH hardening Encrypted secrets GrapheneOS / avbroot
// 05 · Open Source

Things I've built in public.

A selection of repositories I've authored at github.com/AndrewPaglusch. I also contribute to projects across the Linux, Ansible, observability, and self-hosting ecosystems. Star counts update live from GitHub when available.

FlashPaper 498

One-time, end-to-end encrypted password and secret sharing. Messages self-destruct after reading. My most-starred project.

PHP
Nebula-Ansible-Role 14

Opinionated Ansible role to install and configure a Nebula VPN overlay network across mixed-OS fleets.

Jinja / Ansible
Plex-Duplicate-Stream-Killer 10

Detects and bans Plex users who share accounts by spotting concurrent streams from different IPs.

Python
SIM7080G GPS Tracker 6

A homebrew GPS tracker built around the SIMCOM SIM7080G modem. Cellular-connected location reporting.

Python
Proxmox → Cloudflare Sync 5

Keeps Cloudflare DNS records in sync with VM IP addresses pulled from a Proxmox cluster.

Python
Traefik → Pangolin Sync 4

Automatically provisions Pangolin resources to match active Traefik routes, gluing two reverse-proxy stacks together.

Python
IPTables-Easy-Drop 4

Streamlined firewall rule management for iptables. Maintain a single drop list and apply it everywhere.

Shell
terraform-proxmox-vm

A reusable Terraform module for declarative VM provisioning against Proxmox. The IaC backbone of my homelab.

HCL
auto-avbroot 3

Automates re-signing of GrapheneOS OTA updates with avbroot for installation on rooted devices.

Python

Let's build something reliable.

Open to interesting SRE and platform engineering conversations, contract work through BoPag, or just a friendly note about open source.

Hire me via BoPag → Email me Download résumé GitHub LinkedIn