Hadi Cherkaoui
I write Rust. Building Scolx — a full-stack SaaS — while operating the infrastructure it runs on. OSS advocate, AI/ML enthusiast, homelab operator, and competing in ICT Championships Switzerland.
I build full-stack in Rust.
Scolx
Scolx is a SaaS platform built entirely in Rust. Axum handles HTTP routing and authentication on the server; Leptos compiles to WebAssembly for the UI — one language from server to browser, no polyglot hot path.
It runs on a k0s cluster I built and operate myself. PostgreSQL for storage. The deployment pipeline is fully automated through FluxCD and a self-hosted GitLab instance.
Stack
I build tools I actually use.
Lockbox
Lockbox is my first Rust project — an open-source E2EE secrets manager built for k8s and automation. Ed25519 keypair auth (no master password, SSH-style), AES-256-GCM encryption, and a delta-sync API designed for controllers.
The companion Go controller watches your cluster, pulls changed secrets from Lockbox, decrypts them, and injects them as native k8s Secrets tagged lockbox.io/managed. No secrets in git. No manual kubectl apply.
Stack
I run my own infrastructure.
Network
Custom OpnSense router with a 10Gig NIC between the ISP and my network. Managed switch: 10Gig uplink, 8×2.5Gig downstream. VLAN segmentation between home and lab environments. WiFi 7 via UniFi U7 Lite.
Cluster & GitOps
AMD Ryzen 5 7600X, 64GB DDR5 RAM, k0s on Ubuntu Server. Deployments go through FluxCD, pulling manifests from a self-hosted GitLab instance. I wrote the CI pipelines. Everything is GitOps — no manual kubectl apply in production.
Identity & Privacy
I don't extend trust by convention. Every self-hosted service authenticates through Authentik — my self-hosted SSO. For cloud I use Proton: Swiss jurisdiction, open-source, E2EE by default. Proton Pass for passwords. Proton Drive for offsite backups. Nothing sensitive touches a vendor I can't audit.
I use my tools on purpose.
Operating System
I daily-drive Artix Linux — not for the aesthetic, but because I want every layer of my system to match what I mean. dinit instead of systemd, doas instead of sudo, Catppuccin Macchiato across the entire stack. Rolling releases, deliberate choices.
Languages & AI
I write Go when Rust is overkill: tooling, scripts, things that need to compile fast and get out of the way. I know TypeScript and React — but I reach for Leptos when the project shares a codebase with the server. I'm also exploring AI/ML tooling and building with LLM APIs.
Dev Environment
Alacritty terminal running Zsh with Powerlevel10k, Tmux for session management, JetBrains Mono everywhere code is displayed. Every tool is chosen, nothing is default.
I compete.
ICT Championships Switzerland
I compete in the ICT Championships Switzerland — Skill 53 (Cloud Computing). I recently won the regional championship with a perfect score of 120/120. The competition covers infrastructure, cloud platforms, and problem-solving under pressure.
I learn offense.
I'm working through TryHackMe's ethical hacking path — hands-on labs covering penetration testing, network exploitation, and security tooling. You don't really understand how to defend a system until you've tried to break one.
TryHackMe profileGet in Touch
If you want to work together, talk about Rust, or ask about the homelab — reach out.