Open source tools extracted from production infrastructure work.

GitHub Actions

resolve-container-image — Resolve container images from explicit input, terraform state, or release branch. Prevents accidental image rollbacks during infra-only terraform applies. Priority chain with an update_images safety gate. Marketplace.

Terraform Modules

terraform-aws-headscale — Deploy Headscale (open-source Tailscale coordination server) on AWS. Two modules: coordination-server (Headscale + subnet router on one EC2) and subnet-router (Tailscale-only for additional VPCs/accounts). Replaced $489/mo in AWS Client VPN with a $3/mo t4g.nano. Blog post.

terraform-aws-unified-dns — Define DNS records once, create them in Route53 and Cloudflare. Format translation, NS mirroring, provider toggling via zone ID. Blog post.

Kubernetes Tooling

kwhy — Explain why a Kubernetes object keeps changing: owner chain, write managers, likely reconcilers, desired-state inputs, revert risk, and RBAC sanity checks. Built for incident response in controller-heavy clusters where manual child edits keep getting overwritten. Related post.