Digital Products for DevOps and IT Pros
Templates, guides, and tools built from 25+ years of real-world systems engineering. Practical solutions you can use today.
Templates, guides, and tools built from 25+ years of real-world systems engineering. Practical solutions you can use today.
12 production Ansible playbooks for Linux sysadmins — annotated, tested, ready to run.
14 production-ready PowerShell 7 scripts for vSphere admins — built for Broadcom VCF.PowerCLI, ships-to-vCenter ready.
A read-only Bash toolkit + concise PDF runbook that produces a single Markdown report mapping every cron job on a Linux host — what runs, when, where it logs, and which schedules overlap. Translates cryptic cron expressions into plain English. No installs touched.
For sysadmins and SREs managing 1–10 domains who need a nightly heads-up when a record quietly changes under them.
A concise PDF + Bash-toolkit field manual for sysadmins managing 5–50 Mac endpoints WITHOUT a full MDM (Jamf/Kandji/Mosyle). Read-only inventory scripts (hardware, OS, FileVault, Gatekeeper, XProtect, login items, software updates) plus a triage workflow that produces a single Markdown fleet-health report per host.
A read-only Bash toolkit that inventories every listening TCP/UDP port on a Linux host, maps it to the owning process and unit, diffs against an expected baseline you declare once, and flags silent drift — new listeners, moved ports, processes that used to bind 127.0.0.1 but now bind 0.0.0.0, unit files whose ExecStart changed. Runs nightly, diffs visibly. Catches the 'who opened 8080?' question before the pen-tester does.
20 production-ready PowerShell scripts for the Windows sysadmin who automates everything.
Find every stale SSH key across your server fleet in under 10 minutes — read-only, agentless, Bash 3.2+ compatible.
A read-only Bash toolkit that maps every sudo privilege on a Linux host — who can run what, which NOPASSWD rules exist, which aliases resolve to root, and which include-files shadow the main sudoers. One Markdown report, zero writes. Finds the "we'll clean that up later" grants buried in /etc/sudoers.d/.
10 annotated Terraform/OpenTofu configs for AWS and Azure — get from zero to running infrastructure in one afternoon.
A read-only script that scans your fleet's listening TLS ports, extracts every cert in use, and produces a dated report ranking each by days-to-expiry, SANs, issuer, and chain health. Catches the self-signed cert your predecessor installed on the internal API three years ago before it breaks prod on a Sunday.
For Linux sysadmins and SREs who need a defensible account inventory before an audit, an offboarding sweep, or a compliance review — without touching a single file on the server.