LIVE atabany.net
// DevOps & platform · IaC · Kubernetes · AWS · Open to roles

Omar
Atabany

I make infra reviewable, observable, and safe to change_

I'm targeting DevOps, platform, or cloud-adjacent engineering roles. I build and run real systems at home and on AWS: Terraform and Ansible for provisioning, Docker Compose and Kubernetes (K3s) with GitOps, serverless pipelines on AWS with Lambda and API Gateway, Cloudflare Tunnel for zero-trust access, and Prometheus/Grafana for metrics. Comfortable in CI/CD, Linux, and reading cluster and pipeline failures under pressure.

Live Grafana · homelab AWS ingest demo GitOps cluster write-up GxP platform (milestone)
GitHub LinkedIn Email Download CV (PDF)
// 01

PROJECTS INFRA & PLATFORM

I'm not asking you to hire a keyword list — if you want traceability, DevOps proof documents the bare-metal GitOps stack end to end, AWS platform exposes a live POST /ingest demo, and GxP BioInfra is a milestone regulated-platform architecture and virtual lab (PH-00–01 complete; PH-02–03 in progress on the lab cluster, reconciled 2026-05-14).

IN PROGRESS

GxP BioInfra Platform

Regulated Kubernetes Architecture & Virtual Lab for Bioinformatics Workloads

A GxP-aligned Kubernetes platform design and virtual lab implementation for reproducible bioinformatics workloads. The project documents the target architecture, GitOps workflow, security controls, observability stack, risk register, disaster recovery procedures, incident response, secrets management, ISO 27001 mapping, and IQ/OQ/PQ-style validation evidence.

Design complete · Virtual lab implementation in progress

  • Designed and currently prototyping — honest milestone work, not a claim of external audit or production certification
  • Virtual lab implementation in progress to exercise GitOps, policy-as-code, runtime audit trails, and validation-style documentation
  • Shows how infrastructure choices connect to change control, access management, risk, and GxP-style evidence — not just deploying tools
KubernetesGitOpsTalos OSArgoCDOPA GatekeeperFalcoMinIOGxPISO 27001IQ/OQ/PQDevSecOpsNextflow
RUNNING

AWS Serverless Ingestion Platform

Serverless event ingestion pipeline on AWS: API Gateway → Lambda (Python 3.12) → S3 data lake. Full Terraform modular IaC, S3 remote state with DynamoDB locking, OIDC-based GitHub Actions CI/CD — zero static credentials.

  • Five Terraform modules: storage, IAM, Lambda, API Gateway, observability — each independently testable
  • GitHub Actions authenticates via OIDC federation — no AWS keys stored anywhere in CI
  • CloudWatch alarms on error rate and duration; log retention policy enforced by Terraform
  • Every AWS resource tagged for compliance: Project, Owner, Environment, ManagedBy, Repository
AWSTerraformLambdaAPI GatewayS3IAMCloudWatchGitHub ActionsOIDCPython
RUNNING

Home Lab Infrastructure as Code

Three-layer IaC stack: Terraform (Cloudflare DNS/Tunnel/Zero Trust + Docker), Ansible (6 roles for host provisioning), Docker Compose (6 stacks + full monitoring). CI with 4 parallel jobs.

  • State tracked in Git; plans and applies reviewed like application code
  • Ansible idempotent roles for users, SSH, Docker, and stack bootstrap
  • Monitoring stack co-located: Prometheus scrapes exporters only on the LAN
TerraformAnsibleDockerCloudflarePrometheusGrafana
RUNNING

Homelab Kubernetes K3s Cluster

K3s cluster on a dedicated Debian 12 node (Intel i7-7700 + GTX 1050 Ti) — isolated from the Unraid media/IaC stack. Full GitOps bootstrap with ArgoCD, kube-prometheus-stack monitoring, ingress-nginx, cert-manager TLS, and real internal workloads including Fabricode print job tracker.

  • GitOps-first: every cluster resource and app config lives in Git; ArgoCD is the only path to apply
  • Ansible provisions the K3s node from scratch — cluster is fully reproducible from a single playbook
  • Observability stack: Prometheus scraping cluster + app metrics, Grafana dashboards, Alertmanager configured
  • Ingress, TLS, and namespace isolation aligned with how production clusters expose services safely
KubernetesK3sArgo CDHelmAnsible
RUNNING

Cloudflare Zero Trust Home Lab Access

Full zero-trust remote access behind CGNAT using Cloudflare Tunnel. DNS + WAF policies managed entirely via Terraform. Domain: onetwork.cc.

  • No inbound ports on home router; outbound-only tunnel to Cloudflare
  • DNS, tunnel routes, and access policies codified in Terraform
CloudflareTerraformZero TrustNetworking
RUNNING

SIEM Stack Wazuh + Splunk

Self-hosted security monitoring across VLAN-segmented network. Wazuh for EDR/XDR and Splunk for log aggregation and dashboards, integrated with UniFi network telemetry.

  • Segmented VLANs with centralized visibility into endpoints and network flow
  • Correlation between host telemetry (Wazuh) and log analytics (Splunk)
WazuhSplunkSecuritySIEMUniFi
RUNNING

Self-Hosted Media Stack

Full Arr suite (Radarr, Sonarr, SABnzbd, Bazarr) with Plex + Jellyfin parallel serving, Tdarr HEVC transcoding via Intel Quick Sync (QSV), and Overseerr/Jellyseerr request management.

  • GPU/QSV-accelerated transcoding pipelines tuned for library size vs quality
  • Compose-based stack with persistent volumes and upgrade discipline
DockerPlexJellyfinTdarrQuick Sync
RUNNING

Fabricode 3D Printing & Fabrication

Separate business: FDM/SLA and laser cutting with institutional clients. Shows ownership, production discipline, and client delivery not my target DevOps stack, but the same mindset: uptime, queues, and measurable quality.

  • End-to-end ownership: requirements → production → QC under real deadlines
  • Parametric CAD/OpenSCAD where repeatability matters
3D PrintingOpenSCADOperationsClient delivery
// 02

SKILLS

Infrastructure & IaC
TerraformAnsibleDockerDocker ComposeKubernetesK3sHelmArgo CDGitOps
CI/CD & delivery
GitHub ActionsGitYAMLMakefilePipeline designOIDC federationLint / validate in CI
Observability
PrometheusGrafanaNode ExportercAdvisorUptime KumaLokiCloudWatchMetrics-as-signal
Networking & Security
UniFiVLANCloudflare TunnelZero TrustWazuhSplunkpfSenseTailscale
Cloud & Linux
AWSAPI GatewayLambdaS3IAMCloudflareProxmoxVMware VCFLinuxUnraid
Automation & code
PythonBashJavaScriptREST APIsCloudflare Workersboto3
Also
3D printing / fabrication (side business)OpenSCADCAD
// HOW I OPERATE
Platform & infrastructure
  • Treat infrastructure as code: Terraform, Ansible, Compose; peer review before apply
  • Ship changes through CI (GitHub Actions): validate, lint, tests, parallel jobs
  • Design for operability: metrics, logs, health checks not afterthought dashboards
  • Secrets out of Git; least privilege; document how to rotate and break glass
Kubernetes & runtime
  • K3s in production-like patterns: GitOps (Argo CD), Helm, ingress, TLS
  • Comfortable reading pod events, probes, and controller logs under failure
  • Bridge "app works locally" to "app runs reliably on a cluster"
How I work with teams
  • Pre-sales background: turn vague requirements into architectures stakeholders can buy
  • Small-business operator: same skills as on-call prioritize, communicate, finish
  • Looking for junior / platform engineer roles where I can deepen Linux, K8s, and SRE practice
// 03

EXPERIENCE

Fabricode
Founder & Technical Lead
2026 – Present Dubai, UAE
  • Own technical and operational outcomes: uptime, throughput, and client SLAs in a production environment
  • Translate vague requirements into specs, timelines, and measurable acceptance (same muscle as ticket → deployable work)
  • Design parametric parts in OpenSCAD; manage FDM/SLA/laser workflows end-to-end
  • Build and maintain equipment; tune firmware hands-on reliability, not only desk work
iNetwork Solutions
Cybersecurity & Pre-Sales Consultant
2025 – Present Remote
  • Lead technical pre-sales: discovery, sizing, and solution design for enterprise networking and security
  • Produce architectures and documentation that implementation teams can actually deploy and run
  • Work across Cisco, Fortinet, Kaspersky, and VMware stacks comfortable with complex, regulated environments
  • Map vendor capabilities to customer constraints: capacity, compliance, change windows, and operational maturity
PRECISE 3D HUB
3D Printing Technician
2024 – 2025 Dubai, UAE
  • Operated and maintained a fleet of FDM and SLA printers for commercial production runs
  • Handled client CAD-to-print workflows and post-processing (sanding, painting, coating)
TechZone
Technical Support Specialist
2021 – 2022 Dubai, UAE
  • Worked on front end development and internal systems management
// 04

LIVE OBSERVABILITY

Production-style posture at homelab scale — Node Exporter on the MS-01, Prometheus internal, Grafana as the read path. Hardware: Minisforum MS-01 · Unraid · ~62TB DAS · UniFi

What you're seeing: real time series from this stack (Node Exporter → Prometheus → Grafana), embedded over HTTPS via Cloudflare Tunnel. It's the same shape I'd run with a team — metrics first, Prometheus never public, Grafana gated at the edge. Panels refresh on a short interval; if one is blank, the tunnel or host may be in maintenance.

LIVE Uptime
LIVE CPU
LIVE Disk I/O
LIVE Network Traffic
LIVE Memory
DATA PATH · PROMETHEUS STAYS INTERNAL

Browsers only talk to Grafana over HTTPS (Cloudflare Tunnel → Unraid :3101). Grafana queries Prometheus via an internal Docker network URL. Prometheus never needs a public hostname.

Visitor / CV iframe Cloudflare Grafana (tunnel) Prometheus (LAN only) Exporters / targets
// architecture diagrams (SVG)
Infra overview

High-level homelab / network diagram.

Infra overview
Open full size Download SVG
IaC repository structure

How the infra-as-code repo is organized (stacks, roles, modules).

IaC repository structure
Open full size Download SVG