Redesigned Data Portal

Significant update to data warehouse portal.

Portable Stack

Once upon a time, I was sitting in front of my laptop with an IDE where hundreds of different Kubernetes manifests were opened and I was thinking: “how come I am in this moment? I need to add a new service, but to do it, I have to keep in my mind zillions of details and configure dozens of files instead promised by marketing ’little changes’”. It wasn’t my first frustrating time: I have always been thinking that the current practice of how to set up an environment is slightly more complicated than needed for micro/small businesses especially for pet projects.


Delay request before redirect to the original URL

USD rates

Rates to USD from different world-wide currencies. Updates once per day from Philippines Central Bank.

How to get SSL certificates on Synology

I have been working with Synology Disk Station products for SOHO for a long time now. It’s a costly NAS but worth it because of: the combination of high-quality software (DSM) and hardware, and it is friendly for newcomers and professionals alike.

By default, Synology offers access to the NAS UI via HTTPS or HTTP protocol.

While HTTP is the simplest option, HTTPS (if done properly) is much more secure. However, the self-signed certificate, provided by Synology is not good neither in terms of security or user experience (ie: RED alerts in browsers and etc).

In general, in DSM 7 you may issue a certificate by two methods:

  • request a free certificate from Let’s Encrypt
  • import already existing certificate

The first option is available only in case you exposed your Synology to the public internet which might not be the best idea in terms of security.

In this article, I would like to share an approach on how to secure a connection to the Synology by issuing a valid (!) certificate without exposing NAS to the outer world.

Kubernetes Ingress Dashboard

Automatic dashboard generation for Ingress objects.


  • No JS
  • Supports OIDC (Keycloak, Google, Okta, …) and Basic authorization
  • Automatic discovery of Ingress objects, configurable by annotations
  • Supports static configuration (in addition to Ingress objects)
  • Multiarch docker images: for amd64 and for arm64

Git Pipe

Hassle-free minimal CI/CD for git repos for docker-based projects.


  • zero configuration for repos by default
  • optional automatic TLS by Let’s Encrypt
  • optional automatic domain registration by supported providers


Provides a platform for automation with code-first approach, with embedded batteries:

  • Tracing (journals)
  • Internal and user-defined API
  • Ultra-light but rich mobile-first UI
  • Embedded key-value storage

Nano Run

A simplified version of trusted-cgi designed for async processing extreme amount of requests.

  • DevOps friendly - plain YAML configuration per subject
  • Low memory footprint
  • Can handle any size of request (limited by disk only)

Trusted CGI

Lightweight self-hosted lambda/applications/cgi/serverless-functions engine.

  • No specific requirements: just one binary. Working “as-is”
  • Rich API
  • Scheduler: run actions in cron-tab like style