Blog

Thoughts on engineering, leadership, and infrastructure.

Mar 16, 2026 NixOS from scratch · Part 2

Live theme switching on NixOS across 10 apps at once

I built a theme system in Nix that generates configs for waybar, dunst, kitty, neovim, tmux, Firefox, VSCode, Qt5 apps, swaylock, and the login greeter from a single color palette.

Feb 10, 2026

I built a monorepo template because I kept wasting the first two weeks

Every project starts the same way: auth, database, CI, Docker, tests. I got tired of redoing it, so I built a template. Here's what kept going wrong and how I fixed it.

Jan 20, 2026

Building a SaaS for radiation dosimetry in Go and React

Dosismart is a dose calculation platform I'm building for the French operational dosimetry market. Zitadel auth, OpenTelemetry tracing, 12 containers in the dev stack, and HDS certification ahead.

Dec 18, 2025

Using YAML as a database for a React app

I built a game codex viewer where all the data lives in YAML files. Singleton loader with concurrent fetching, React hooks, character creator with localStorage persistence, and PDF export.

Dec 2, 2025

Stop letting AI decide when to run your tests

I built an AI code generation orchestrator where the AI never gets to skip the test suite. Deterministic QA gates, plans in the database, and why prompt engineering won't fix this.

Oct 15, 2025

Tuning Elasticsearch for 40k events/sec on bare metal

Thread pools, shard strategy, custom analyzers, and the Logstash-to-Fluentd migration. How I got an NDR pipeline to handle Suricata at 100Gbps.

Sep 22, 2025 NixOS from scratch · Part 1

Managing 4 NixOS machines with one flake

My declarative setup for 2 desktops and 2 laptops. Overlays for custom packages, Home Manager for user configs, and why I stopped configuring things by hand.

Sep 2, 2025 Building stamusctl · Part 3

The daemon, observability, and testing

stamusd exposes the same CLI as a REST API. Priority-based shutdown, hot-reloading auth, rate limiting with Redis fallback, and testing with an in-memory filesystem.

Aug 26, 2025 Building stamusctl · Part 2

Docker plumbing and PCAP replay

Circuit breakers for Docker, binary protocol parsing for log streaming, and how readpcap spins up a temporary Suricata container to turn a PCAP file into indexed security data.

Aug 19, 2025 Building stamusctl · Part 1

Two commands to a working NDR stack

I wrote a Go CLI that pulls templates from an OCI registry, renders a Docker Compose config, and gives you a full Suricata-based network detection system in minutes.

Jun 12, 2025

Running Kubernetes across Scaleway, OVH, and a Proxmox box

Terraform for 4 providers, ArgoCD app-of-apps, Cilium network policies, CrunchyData PostgreSQL operator, and NixOS VMs for on-prem K3s. How I manage 5 clusters.