Platform Developer · Zurich

Hadi Cherkaoui

I write Rust. Building Scolx — a full-stack SaaS — while operating the infrastructure it runs on. OSS advocate, AI/ML enthusiast, homelab operator, and competing in ICT Championships Switzerland.

Builds

I build full-stack in Rust.

Scolx

Scolx is a SaaS platform built entirely in Rust. Axum handles HTTP routing and authentication on the server; Leptos compiles to WebAssembly for the UI — one language from server to browser, no polyglot hot path.

It runs on a k0s cluster I built and operate myself. PostgreSQL for storage. The deployment pipeline is fully automated through FluxCD and a self-hosted GitLab instance.

scolx.com

Stack

RustPrimary language

AxumHTTP layer

LeptosUI / WebAssembly

PostgreSQLStorage

k0sProduction cluster

Tools

I build tools I actually use.

Lockbox

Lockbox is my first Rust project — an open-source E2EE secrets manager built for k8s and automation. Ed25519 keypair auth (no master password, SSH-style), AES-256-GCM encryption, and a delta-sync API designed for controllers.

The companion Go controller watches your cluster, pulls changed secrets from Lockbox, decrypts them, and injects them as native k8s Secrets tagged lockbox.io/managed. No secrets in git. No manual kubectl apply.

Lockbox on GitLab Controller on GitLab

Stack

RustCore language

Ed25519Keypair auth

AES-256-GCMEncryption

GoController

kubebuilderk8s API

Infrastructure

I run my own infrastructure.

Network

Custom OpnSense router with a 10Gig NIC between the ISP and my network. Managed switch: 10Gig uplink, 8×2.5Gig downstream. VLAN segmentation between home and lab environments. WiFi 7 via UniFi U7 Lite.

OpnSense10GigVLANWiFi 7UniFi

Cluster & GitOps

AMD Ryzen 5 7600X, 64GB DDR5 RAM, k0s on Ubuntu Server. Deployments go through FluxCD, pulling manifests from a self-hosted GitLab instance. I wrote the CI pipelines. Everything is GitOps — no manual kubectl apply in production.

k0sFluxCDGitOpsGitLab CIDocker

Identity & Privacy

I don't extend trust by convention. Every self-hosted service authenticates through Authentik — my self-hosted SSO. For cloud I use Proton: Swiss jurisdiction, open-source, E2EE by default. Proton Pass for passwords. Proton Drive for offsite backups. Nothing sensitive touches a vendor I can't audit.

AuthentikSSOProtonE2EEZero-trust

Homelab Documentation GitLab

Tools

I use my tools on purpose.

Arch Linux

I daily-drive Arch Linux — not for the aesthetic, but because I got tired of not understanding what my OS was doing. Rolling releases, KDE Plasma with Kvantum theming, and shell scripts for anything repetitive.

Setup documentation

Go, TypeScript & AI

I write Go when Rust is overkill: tooling, scripts, things that need to compile fast and get out of the way. I know TypeScript and React — but I reach for Leptos when the project shares a codebase with the server. I'm also exploring AI/ML tooling and building with LLM APIs.

GitHub

Competition

I compete.

ICT Championships Switzerland

I'm competing in the ICT Championships Switzerland in the Cloud and Cybersecurity track — a regional-level technical competition that covers infrastructure, cloud platforms, and offensive security under pressure.

Track

Cloud & Cyber

Level

Regional

Country

Switzerland

Security

I learn offense.

I'm working through TryHackMe's ethical hacking path — hands-on labs covering penetration testing, network exploitation, and security tooling. You don't really understand how to defend a system until you've tried to break one.

TryHackMe profile

Contact Me

Get in Touch

If you want to work together, talk about Rust, or ask about the homelab — reach out.

Send a Message

Find me here

GitHubHadiCherkaoui GitLabgitlab.cherkaoui.ch Documentationdocs.cherkaoui.ch Homelab Docsdocs.cherkaoui.ch/homelab TryHackMeHadiCherkaoui Emailcontact@hadi.cherkaoui.ch ServicesPC & Server Services

Location

Zurich, Switzerland