Engineer · Designer · Inventor

Hi, I'm

I craft thoughtful software — from full-stack products and self-hosted platforms to AI/ML systems — with care for detail and craft.

What I work with

Skills

highest to lowest competency

Languages

  • C#
  • Go
  • JavaScript, Typescript
  • SQL
  • CSS 3, SASS, LESS
  • HTML 5
  • Python
  • Java
  • Rust
  • C++

Frameworks & Libraries

  • React, NextJS
  • .NET, ASP.NET, ML.NET, WPF
  • NodeJs, ExpressJs, Fastify
  • Svelte, SvelteKit
  • Zustand, Redux
  • GraphQL, Apollo, Hasura
  • Selenium
  • Tensorflow
  • Websockets, SocketIO
  • Stripe, Square
  • WebRTC, PeerJS, PeerServer

Databases

  • Microsoft SQL
  • Postgres
  • Mongo
  • MySQL, MariaDB
  • Oracle
  • Redis, Redis-Cache

Systems

  • CI/CD
  • Git, GitHub, GitLab
  • GitHub Actions
  • Docker, Kubernetes
  • Webpack, Babel, Rollup
  • DigitalOcean, AWS, GCP, Azure

Things I've built

Works

Document Management Platform

A production-grade collaboration suite — file sync & share, document editing, SSO, and compliance-grade audit logging — built as modular containers behind a reverse proxy.

AI/ML - Image reader

Trained python Tensorflow model on images to extrapolate the text. Tuned upto 97% accuracy. Transferred to C# ML.NET for .NET app usage.

Data pipelines (ETL)

Built ETL pipelines that transform massive volumes of raw, messy data into clean, structured, query-ready datasets — giving data scientists a reliable foundation to build reports and train AI/ML models on.

Open source contributer and maintainer

Released and maintaining projects like schemez.

Helous

Order from the comfort of your bed

Hospital Food Order Demo App

Scrapers

Ever have repetitive tasks that involve navigating through a website, searching, downloading data, and uploading to another platform? That's the reality of many businesses and a waste of labor. By building scrapers, those processes can be automated, saving time and money.

Report generation and analysis

Created various reports to extrapolate various metrics, from KPIs to financial analysis. Required deep understanding of subjects.

Appointment reminder

Sent messages in voice (phone) and text (text messages and email) to end users that were dynamically generated based on clients' needs.

Kiosk

Automated various human data collection processes.

Document Management Platform

A production-grade collaboration suite — file sync & share, online document editing, single sign-on, and compliance-grade audit logging — built as modular containers behind a reverse proxy. Security hardening, automation, and disaster recovery are first-class concerns throughout.

Architecture

  • Microservices across four independent stacks (reverse proxy, identity, cloud drive, audit logging) wired together over isolated internal Docker networks
  • Reverse proxy terminating TLS with automatic wildcard certificate issuance and renewal (ACME / DNS-01)
  • Single sign-on via OpenID Connect — one identity provider fronting every app, with role-based access control driven by directory group membership
  • Shared LDAP directory backing both the identity provider and the cloud drive; users and roles live in one place
  • External identity federation — brokered enterprise login (Microsoft Entra ID / Microsoft 365) with automatic user and group provisioning

Core Technologies

  • Containerization & Orchestration: Docker, Docker Compose, container networking, health checks, dependency-ordered startup, named volumes & bind mounts
  • Identity & Access Management: Keycloak, OpenID Connect, OAuth2, SSO, OpenLDAP, RBAC, federated / brokered login, SCIM-style group sync
  • Custom Keycloak Extension (Java SPI): an authenticator plugin compiled and baked into the image — verifies account liveness and mirrors group membership against Microsoft Graph, authenticating with certificate-based private_key_jwt (no shared secrets)
  • Reverse Proxy & TLS / PKI: Caddy, automated Let's Encrypt certificates, DNS-01 challenge, dedicated ACME sidecar for LDAPS
  • Databases & Messaging: PostgreSQL, NATS (service registry / event bus)
  • Cloud & Collaboration: OpenCloud file platform, OnlyOffice / WOPI document editing, full-text search with Apache Tika (incl. OCR), antivirus scanning with ClamAV
  • Observability & Audit: Grafana, Loki, Grafana Alloy — a full log pipeline with SSO-gated dashboards, provisioned-as-code, and one-year retention
  • Custom Microservice (Python): a lightweight directory-lookup API that resolves audit actor IDs to human-readable identities on the fly
  • Frontend Extensions: custom OpenCloud web apps built in a pnpm/TypeScript monorepo and deployed as static assets

Engineering Highlights

  • Idempotent, domain-parameterized provisioning — a single script generates every network, data directory, config file, and secret from one input; safe to re-run
  • Automated encrypted backups & restore using restic — deduplicated, crash-consistent, off-host DR support, and configurable retention policies
  • Scheduled maintenance automation via systemd timers and cron (certificate reloads, dependency-aware periodic full restarts)
  • Security-hardened containers by design: least-privilege non-root users, dropped Linux capabilities, no-new-privileges, an internet-isolated document server as an SSRF safeguard, and much more
  • Secrets management: all credentials kept out of version control; certificate-based service-to-service authentication
  • Custom audit pipeline resolving every file/share/user action to a real identity for "who changed what" visibility, gated behind SSO and role checks
  • Infrastructure-as-Code approach: declarative realm and dashboard imports, version-controlled configuration, and pinned, reproducible image builds

Keywords

  • DevOps
  • Platform Engineering
  • Self-Hosting
  • Docker
  • Docker Compose
  • Linux
  • Keycloak
  • OIDC
  • OAuth2
  • SSO
  • LDAP
  • Microsoft Entra ID
  • Microsoft Graph API
  • Java
  • Python
  • TypeScript
  • Reverse Proxy
  • Caddy
  • TLS
  • PKI
  • ACME
  • PostgreSQL
  • NATS
  • Grafana
  • Loki
  • Observability
  • Audit Logging
  • Backup & Disaster Recovery
  • restic
  • Infrastructure-as-Code
  • Bash Scripting
  • systemd
  • RBAC
  • Security Hardening

Get in touch

Let's build
something together.

Have a project in mind or just want to say hello? Reach me on any of these.

© 2026 Dinesh