New York City

Philip
Amendolia

Platform & cloud engineer. Nix enthusiast. Reads all the code. NYC. 🏄

Philip Amendolia
philip.amendolia@gmail.com philip-730 LinkedIn

about

Engineer with 9+ years shipping cloud-native data and platform infrastructure on GCP. Transitioned into engineering from product management — came up sitting next to strong engineers and never stopped learning. Comfortable owning the full stack from IaC and CI/CD through backend APIs and frontend tooling. Strong opinions on reproducibility, developer experience, and doing things right.

Every machine, environment, build, and OCI image is built with Nix.

stack

IaC / Systems
Terraform Nix / Nixpkgs NixOS home-manager Nix binary cache Kubernetes Bash Linux
CI / CD
GitHub Actions Cloud Build
Languages
TypeScript Python Nix HCL Go SQL
Frameworks
Next.js React FastAPI Flask
Cloud (GCP)
Cloud Run Cloud Functions Firebase Compute Engine BigQuery Firestore Cloud SQL Cloud Storage Pub/Sub Workflows Eventarc API Gateway Cloud Armor Load Balancing Serverless NEGs Secret Manager IAM Cloud Monitoring Cloud Logging Artifact Registry
AI / GenAI
LLM Integration Prompt Engineering MCP Development Claude API
Containers
dockerTools skopeo Docker
Other
Git REST / SSE SQLMesh gRPC / Protobuf uv uv2nix buildNpmPackage just

experience

EPL Digital

 ·  New York City

Staff Engineer Jul 2022 – Present  · 
  • Lead data and platform engineering across internal and client-facing systems
  • Own GCP org-level infrastructure and landing zone; drive IaC (Terraform, Nix) and CI/CD adoption across projects
  • Built and deployed internal bid optimization platform around a proprietary ML model — API microservice for automated execution, Next.js frontend for surfacing recommendations to users, full Cloud Run architecture and IaC
  • Architected and maintain K2, an event-driven ELT platform processing 40M+ rows/day across 10+ API integrations — Cloud Workflows, Pub/Sub, Eventarc, Cloud Tasks, parallel Cloud Functions execution; Firestore-backed job config with Next.js management frontend
  • Own the infrastructure for EPL's SQLMesh data modeling platform — Terraform, Cloud Build CI/CD, OCI builds with Nix, Cloud SQL (PostgreSQL) state backend, and a self-hosted Nix binary cache to accelerate builds
  • Built EPL's proprietary first-party measurement stack — epltag.js client-side JS tag and server-side Measurement Protocol API with SHA-256 PII hashing, deployed in production across client sites
  • Collaborate with leadership on product roadmaps, data strategies, and internal tooling
  • Drove data infrastructure reliability and platform scalability across all client and internal systems
Data Engineer Apr 2019 – Jun 2022
  • Architected and deployed foundational data infrastructure and internal tooling at EPL
  • Designed and implemented marketing tracking infrastructure for accurate, scalable measurement
  • Designed and built the original API Factory ELT platform — multi-tenant, multi-API pipeline architecture that evolved into K2, EPL's core data engine
  • Led deployment of first cloud-native internal applications for digital marketing optimization
  • Introduced modern DevOps practices and IaC: Terraform, CI/CD automation

Stack Blue

4 yrs 9 mos  ·  New York City

Product Manager Aug 2014 – Apr 2019
  • Managed end-to-end delivery for web and mobile product accounts
  • Coordinated cross-functional offshore teams across design, engineering, and deployment
  • Primary liaison between clients and engineering; scoped requirements and drove value
  • Came up alongside strong engineers — learned the SDLC, decided to cross the line

recent open source

programs.wezterm: add settings option merged

nix-community / home-manager  ·  #9050

★ maintainer — WezTerm module

Fully declarative WezTerm config via a Nix attribute set. Settings serialized to Lua via lib.generators.toLua; raw Lua expressions embeddable with lib.generators.mkLuaInline. Full backward compat with extraConfig via IIFE wrapping.

services.darkman: add unified scripts option merged

nix-community / home-manager  ·  #9066

Added a scripts option placing scripts in $XDG_DATA_HOME/darkman/. Legacy darkModeScripts / lightModeScripts options remain fully supported.

python3Packages.senzu: init at 0.3.1 open

NixOS / nixpkgs  ·  #507179

Packaging Senzu for nixpkgs. Builds and tests pass on x86_64-linux, aarch64-linux, x86_64-darwin, and aarch64-darwin. Includes maintainer registration.

installer: make --no-modify-profile work for multi-user installs open

NixOS / nix  ·  #15648

Fixed NIX_INSTALLER_NO_MODIFY_PROFILE being set but not exported in install-nix-from-tarball.sh, silently lost on exec into install-multi-user. Awaiting review.

projects

Senzu
PyPI GitHub

CLI + Python library for syncing secrets between GCP Secret Manager and local .env files. Built for teams already on Secret Manager who are still copy-pasting values by hand.

  • senzu pull — fetch all configured secrets into a local .env in one command
  • senzu push — push local changes back with remote conflict detection; blocks if remote changed since your last pull
  • senzu diff — see what changed without touching anything; CI-friendly
  • senzu generate — auto-generate a typed Pydantic settings class from your actual secrets
  • SenzuSettings — drop-in Pydantic BaseSettings subclass; reads Secret Manager directly in Cloud Run via SENZU_USE_SECRET_MANAGER=true
  • Dev environment and builds fully managed by Nix (uv2nix)
Python GCP Secret Manager Pydantic Nix
Groundwork
GitHub

Topology-aware GCP service scaffolding CLI. Define your org's GCP topology once and every scaffold resolves those values automatically — no placeholders to fill in by hand.

  • Inspired by shadcn/ui: tool is the delivery mechanism, files are yours once written
  • Template registry is a git repo your org maintains — Groundwork clones it locally
  • Templates are Go text/template with full access to topology values
  • --dry-run, interactive prompts, --var flags to skip them
Go Nix GCP
Hen-Wen
GitHub

Natural language chatbot that queries BigQuery and streams narrated responses with Claude-generated data visualizations. Named after the oracular pig from The Black Cauldron.

  • Two-phase backend: generate SQL → query BigQuery → stream narrated response via SSE
  • Service-to-service auth via GCP identity tokens; no API keys in transit
  • OCI images built entirely with Nix — no Docker daemon
  • Nix flakes end-to-end: uv2nix for Python, buildNpmPackage for Node, dockerTools for images
Next.js FastAPI BigQuery Claude API Nix Terraform
catchbong.com
GitHub

Social app for catching and rating stupid moments. Friends submit offenses, a Claude judge scores them 1–10 with streaming verdicts delivered character-by-character, and leaderboards track who's racked up the most bongs.

  • 3-node k3s cluster on Hetzner private network — control plane isolated, only one worker node internet-exposed on 80/443
  • PostgreSQL on a StatefulSet with local PVC on a dedicated worker to avoid cross-node volume scheduling issues; init container runs Alembic migrations before the app starts
  • Nginx ingress with custom SSE timeout annotations; cert-manager for TLS; Alembic managing schema migrations
  • OCI images built with Nix dockerTools.streamLayeredImage — no Docker daemon; pushed to registry via skopeo in GitHub Actions
Kubernetes Nix Next.js FastAPI PostgreSQL SQLAlchemy Alembic
Skeleton Island private

GCP landing zone managing project provisioning, shared IAM, and Workload Identity Federation across all GCP projects. No service account keys stored anywhere.

  • WIF pool scoped to specific GitHub repos — only those repos' CI can impersonate the deploy SA
  • Cross-project IAM lives in the LZ only; app repos never grant themselves cross-project access
  • Single GCS state bucket with prefixes mirroring directory structure
Terraform GCP IAM WIF GCS
phix
GitHub

Personal Nix flake managing reproducible system configurations across NixOS bare metal, NixOS-WSL, and macOS (nix-darwin).

  • mkNixosHost / mkDarwinHost factory helpers in lib/ for consistent host wiring
  • Modular structure: modules/common, modules/home, per-host entries, per-user identities
  • Daily driver: ASUS ROG Flow Z13, AMD Phoenix, Hyprland on Wayland, LUKS encryption
Nix NixOS nix-darwin home-manager