New York City

Philip
Amendolia

Platform & cloud engineer. Nix enthusiast. Reads all the code. NYC. 🏄

Philip Amendolia
philip.amendolia@gmail.com philip-730 LinkedIn

about

Engineer with 9+ years shipping cloud-native data and platform infrastructure on GCP. Transitioned into engineering from product management — came up sitting next to strong engineers and never stopped learning. Comfortable owning the full stack from IaC and CI/CD through backend APIs and frontend tooling. Strong opinions on reproducibility, developer experience, and doing things right.

Every machine, environment, build, and OCI image is built with Nix.

stack

IaC / Systems
Terraform Nix / Nixpkgs NixOS home-manager Bash Linux
CI / CD
GitHub Actions Cloud Build
Languages
TypeScript Python Go Nix HCL
Frameworks
Next.js React FastAPI Node.js
Cloud (GCP)
Cloud Run Cloud Functions Firebase Compute Engine BigQuery Firestore Cloud SQL Cloud Storage Pub/Sub Workflows Eventarc API Gateway Cloud Armor Load Balancing Secret Manager IAM Cloud Operations Suite Artifact Registry
AI / GenAI
LLM Integration Prompt Engineering MCP Development Claude API
Containers
dockerTools buildLayeredImage streamLayeredImage skopeo OCI (no daemon) Docker
Other
Git REST / SSE gRPC / Protobuf PostgreSQL Pydantic

experience

EPL Digital

 ·  New York City

Manager of Data Engineering Jul 2022 – Present  · 
  • Lead data and platform engineering across internal and client-facing systems
  • Own GCP org-level infrastructure and landing zone; drive IaC (Terraform, Nix) and CI/CD adoption across projects
  • Architect and deploy secure multi-tenant cloud applications for internal ML and analytics tooling
  • Build and maintain proprietary ETL platform and tracking infrastructure
  • Lead development of custom client/server-side measurement tracking solution and backend APIs
  • Collaborate with leadership on product roadmaps, data strategies, and internal tooling
  • Drove data infrastructure reliability and platform scalability across all client and internal systems
Data Engineer Apr 2019 – Jun 2022
  • Architected and deployed foundational data infrastructure and internal tooling at EPL
  • Designed and implemented marketing tracking infrastructure for accurate, scalable measurement
  • Developed EPL's proprietary multi-tenant, multi-API ETL platform
  • Led deployment of first cloud-native internal applications for digital marketing optimization
  • Introduced modern DevOps practices and IaC: Terraform, CI/CD automation

Stack Blue

4 yrs 9 mos  ·  New York City

Product Manager Aug 2014 – Apr 2019
  • Managed end-to-end delivery for web and mobile product accounts
  • Coordinated cross-functional offshore teams across design, engineering, and deployment
  • Primary liaison between clients and engineering; scoped requirements and drove value
  • Came up alongside strong engineers — learned the SDLC, decided to cross the line

recent open source

programs.wezterm: add settings option merged

nix-community / home-manager  ·  #9050

★ maintainer — WezTerm module

Fully declarative WezTerm config via a Nix attribute set. Settings serialized to Lua via lib.generators.toLua; raw Lua expressions embeddable with lib.generators.mkLuaInline. Full backward compat with extraConfig via IIFE wrapping.

services.darkman: add unified scripts option merged

nix-community / home-manager  ·  #9066

Added a scripts option placing scripts in $XDG_DATA_HOME/darkman/. Legacy darkModeScripts / lightModeScripts options remain fully supported.

python3Packages.senzu: init at 0.3.1 open

NixOS / nixpkgs  ·  #507179

Packaging Senzu for nixpkgs. Builds and tests pass on x86_64-linux, aarch64-linux, x86_64-darwin, and aarch64-darwin. Includes maintainer registration.

installer: make --no-modify-profile work for multi-user installs open

NixOS / nix  ·  #15648

Fixed NIX_INSTALLER_NO_MODIFY_PROFILE being set but not exported in install-nix-from-tarball.sh, silently lost on exec into install-multi-user. Awaiting review.

projects

Senzu
PyPI GitHub

CLI + Python library for syncing secrets between GCP Secret Manager and local .env files. Built for teams already on Secret Manager who are still copy-pasting values by hand.

  • senzu pull — fetch all configured secrets into a local .env in one command
  • senzu push — push local changes back with remote conflict detection; blocks if remote changed since your last pull
  • senzu diff — see what changed without touching anything; CI-friendly
  • senzu generate — auto-generate a typed Pydantic settings class from your actual secrets
  • SenzuSettings — drop-in Pydantic BaseSettings subclass; reads Secret Manager directly in Cloud Run via SENZU_USE_SECRET_MANAGER=true
  • Dev environment and builds fully managed by Nix (uv2nix)
Python GCP Secret Manager Pydantic Nix
Groundwork
GitHub

Topology-aware GCP service scaffolding CLI. Define your org's GCP topology once and every scaffold resolves those values automatically — no placeholders to fill in by hand.

  • Inspired by shadcn/ui: tool is the delivery mechanism, files are yours once written
  • Template registry is a git repo your org maintains — Groundwork clones it locally
  • Templates are Go text/template with full access to topology values
  • --dry-run, interactive prompts, --var flags to skip them
Go Nix GCP
Hen-Wen
GitHub

Natural language chatbot that queries BigQuery and streams narrated responses with Claude-generated data visualizations. Named after the oracular pig from The Black Cauldron.

  • Two-phase backend: generate SQL → query BigQuery → stream narrated response via SSE
  • Service-to-service auth via GCP identity tokens; no API keys in transit
  • OCI images built entirely with Nix — no Docker daemon
  • Nix flakes end-to-end: uv2nix for Python, buildNpmPackage for Node, dockerTools for images
Next.js FastAPI BigQuery Claude API Nix Terraform
Skeleton Island private

GCP landing zone managing project provisioning, shared IAM, and Workload Identity Federation across all GCP projects. No service account keys stored anywhere.

  • WIF pool scoped to specific GitHub repos — only those repos' CI can impersonate the deploy SA
  • Cross-project IAM lives in the LZ only; app repos never grant themselves cross-project access
  • Single GCS state bucket with prefixes mirroring directory structure
Terraform GCP IAM WIF GCS
phix
GitHub

Personal Nix flake managing reproducible system configurations across NixOS bare metal, NixOS-WSL, and macOS (nix-darwin).

  • mkNixosHost / mkDarwinHost factory helpers in lib/ for consistent host wiring
  • Modular structure: modules/common, modules/home, per-host entries, per-user identities
  • Daily driver: ASUS ROG Flow Z13, AMD Phoenix, Hyprland on Wayland, LUKS encryption
Nix NixOS nix-darwin home-manager