[{"content":"Every personal site is a small exercise in taste. Here is how this one is put together and why.\nStatic, on purpose There is no database here and no server-side code. The whole site is plain HTML, CSS, and a little JavaScript, generated ahead of time. Static sites are fast, cheap to host, hard to break, and have almost no attack surface. For a portfolio and a blog, nothing else is needed.\nBeing static also means the site is not tied to any one host. I can build it once and serve it from anywhere, and move it later without a rewrite. That decoupling shapes every other choice below.\nHugo I build the site with Hugo, a static site generator written in Go. That suits me: one binary, no toolchain to babysit, and builds that finish before I can look away. The theme is PaperMod, which gives a clean reading experience, dark mode that follows the system setting, and a tidy landing page out of the box.\nContent is Markdown. A new post is a new file. That is the whole workflow.\nCloudflare Pages For now the site is hosted on Cloudflare Pages. It watches the Git repository, runs hugo on every push, and serves the result from a global network with HTTPS handled for me. It is free for a site this size, and there is nothing to keep running.\nThe Synology in the wings I run a Synology NAS at home, and part of the fun is hosting my own things. The plan is to serve this same site from the NAS through a Cloudflare Tunnel. A tunnel means no open ports on my router and no exposed home IP address, with TLS still terminated at the edge. Because the site is static, moving it there is just a matter of pointing the tunnel at the built files. Same site, different roof.\nThat is the payoff of keeping things simple. The site does not care where it runs, so I get to choose based on what I feel like maintaining that week.\nWhat is next More writing, mostly about Go, distributed systems, and the operational tooling I spend my days in. If any of that sounds interesting, the projects page is a good place to start, and the code is all on GitHub.\n","permalink":"https://douglasadolph.com/posts/standing-up-this-site/","summary":"How this site is built and hosted, and why a Synology is waiting in the wings.","title":"Standing up this site with Hugo and Cloudflare Pages"},{"content":"I\u0026rsquo;m Douglas Adolph, a Senior Software Engineer in Austin, Texas. I work in Go on platform and infrastructure software: the systems that let large fleets of machines deploy, secure, and observe themselves. I go after the hard problems where one well-built tool turns a recurring fire drill into a boring, repeatable process.\nWhat I do I\u0026rsquo;m a lead engineer on a major US retailer\u0026rsquo;s edge and store Kubernetes platform, a fleet in the thousands of clusters that other platform teams build on every day. I designed and wrote the deployment engine at the center of it: every team\u0026rsquo;s rollouts run through it, and it reconciles application config across the whole fleet, taking store rollouts from weeks or months down to seconds.\nAround that core, my work spans a few areas:\nDeployment and customization. A composable middleware pipeline, driven by a declarative per-application spec, tailors every rollout to its target: Vault-backed secrets, templated configuration, smart builds, target matching, validation, and cost-showback metadata. Access control and identity. I designed one model that governs who can deploy an application, delete it, reach it in-cluster, and read its secrets, enforced end to end by a group-based JWT identity layer. Identity-provider groups ride inside signed tokens that the platform verifies and turns into both deployment permissions and in-cluster role bindings, and the same tokens issue the kubeconfigs engineers use to reach their clusters. One identity, everywhere. Security and secrets. I helped stand up the organization\u0026rsquo;s HashiCorp Vault and designed its path and precedence model, and I wrote the JWT, SOPS, and secret-store libraries the platform depends on. I also turned a fleet-wide secret-scanning emergency into a repeatable, measurable cleanup across thousands of repositories. Cluster intelligence. Statistical tooling that right-sizes resource quotas across the fleet from real usage data, alongside Prometheus-based observability and fleet inventory. Delivery. A pipeline that tests against real, on-demand throwaway clusters rather than mocks, with optional chaos and stress stages, release and supply-chain automation, and a secure-flow CI baseline standardized across many repositories. The work I\u0026rsquo;m proudest of is a deterministic Kubernetes flight recorder: it captures everything about an incident, every resource change, event, metric, audit row, and log, into one portable file, replays it, and emits a cited root-cause postmortem that names the exact field that changed. No LLM and no SaaS in the path, read-only, runs anywhere.\nNearly all of it is Go.\nHow I work I write standard-library-first Go with a serious testing discipline: single-method interfaces, middleware composition, and tools that are honest about their own confidence instead of guessing. I care most about turning recurring manual work into repeatable, measurable processes.\nI also work fluently with AI coding agents, using them to ship at high volume while holding the same bar on tests and review.\nTools of the trade Go, Kubernetes, FluxCD, Google Cloud and GKE, Prometheus, Terraform, Ansible and AWX, GitHub Actions, SOPS, JWT and OIDC, Docker, and Helm.\nOpen source My public projects are the open-source side of the same work: programmatic SOPS in Go, JWT tooling, multi-cluster fleet drift detection, single-binary Ansible orchestration, and more. See Projects.\nEducation B.S. in Computer Science and Engineering, Texas State University (2014 to 2018), with a minor in Applied Mathematics.\nElsewhere Code lives on GitHub. Reach me at dc.adolph.atx@gmail.com.\n","permalink":"https://douglasadolph.com/about/","summary":"About Douglas Adolph, a senior platform and infrastructure engineer in Austin, TX.","title":"About"},{"content":"These are my public, open-source projects, mostly Go. They\u0026rsquo;re the open counterpart to my day job in platform and security engineering: the same class of tools, built in the open. My largest professional work is internal, but the themes below are the same. Everything here is on GitHub.\nfleetsweeper Multi-cluster Kubernetes drift detection. The cluster that drifted is the one that pages you at 3am. Fleetsweeper finds it first. It makes the fleet its own baseline, using a modified z-score across your clusters, so there are no rules or thresholds to tune. One scan returns a 0-to-100 Fleet Score, the cluster least like the rest with the exact fields that flagged it, and ranked fixes that rate a change touching ten clusters above the same change on one. It ships an optional admission webhook that denies pods deviating from the fleet\u0026rsquo;s actual norm, and folds AlertManager, Falco, Trivy, and Kyverno/Gatekeeper reports into one signal stream.\nRepo · Go\ncipher Programmatic SOPS for Go. One library and one CLI to encrypt, decrypt, rotate, walk, edit, and audit secret files, drop-in next to your existing sops files. Backends for age, AWS KMS, GCP KMS, Vault Transit, Azure Key Vault, and PGP. Edit encrypted files in $EDITOR and they re-encrypt on save, rotate keys on demand or by age, add or drop recipients without re-encrypting the payload, and walk a whole tree in parallel. It also gives you a git pre-commit hook that blocks plaintext, net/http middleware, and OpenTelemetry traces. Every release is exercised end to end against real Vault Transit, AWS KMS through LocalStack, and a fresh PGP keyring.\nRepo · Go\njwtmint JWTs for Go, batteries included. A JWT library wrapping golang-jwt/jwt/v5 with a daemon, a Kubernetes controller, an admission webhook, and HTTP/gRPC middleware. It adds context propagation, configurable clock skew, multi-key rotation, JWKS publishing, revocation, and an opt-in OIDC discovery endpoint. Sign and verify benchmarks sit beside the code, across every supported algorithm.\nRepo · Go\nyardmaster Ansible orchestration in a single binary. A self-hostable alternative to AWX and Semaphore that runs the same playbooks with none of the standup. AWX wants a Kubernetes operator, Postgres, Redis, and Receptor before it runs a line. Yardmaster is one process and one SQLite file, live in seconds. Every run is a host-by-task status matrix you read like a dashboard instead of a scrolling text log, big jobs split across parallel shards, and results merge back into one view.\nSite · Repo · Go\nwhodar Find who to talk to about X. Someone at your company already knows the answer. Whodar tells you who. Point it at the tools your org already uses, ask in plain words, and get back the people and channels to ask, each with the reason and a confidence score behind it. Local by default, and it works with or without an LLM. It ships a CLI and a local web UI where every answer is shareable by URL.\nRepo · Go\nslop-chop Strip the AI tells out of text. Paste in writing and get back something that reads like a person wrote it. A fast, deterministic rules pass swaps the giveaway characters, cuts the stock phrases, fixes spelling to one dialect, and tidies punctuation, all markdown-aware so fenced code blocks pass through untouched. An optional model pass handles the rewrites rules can\u0026rsquo;t, like reworking a sentence toward a voice you picked. Bring your own list of things to cut.\nSite · Repo · Go\nvamoose Calendar workflows, minus the tedium. Route time off through an approval chain and fan it out to the team without touching a scheduling tool by hand. One workflow engine drives four calendar backends, Microsoft Graph, Google, Apple iCloud, and any CalDAV host, so you switch providers and change nothing. The approval rides the calendar invite itself, so there is no second tool to check. It cuts both ways: the same yes that clears your time off can fire the manager\u0026rsquo;s own follow-on steps, posting an alert, logging a note, or handing off coverage, since guards, delays, branching, and notifications are plain JSON you can read and share. Drive it from the CLI, Claude over MCP, or Slack with Approve and Decline buttons.\nSite · Repo · Go\nbattlesight An interactive visual encyclopedia of human conflict, from 3000 BC to today. A 3D globe with hand-crafted phase replays of the iconic battles and an auto-stepping war cinematic that walks any conflict end to end. The catalog covers more than 13,000 battles imported from Wikipedia and Wikidata, with a curated layer on top that adds narrative, tactical reconstructions, territory-control snapshots, and war casualty totals. Built with Go, React, MapLibre, and deck.gl.\nRepo · TypeScript · Go\nmidden A journal kept as plain markdown. Append timestamped, tagged entries from the terminal or a Claude Code skill, then grep across years. Small, local, and yours.\nRepo · Go\ngus A messy working tree into clean commits. Point it at a pile of uncommitted changes and it splits them into ordered, human-looking commits that read like you made them one step at a time, instead of one dump labeled \u0026ldquo;wip\u0026rdquo;. A Claude Code skill, so it runs inside the assistant you already use.\nRepo · Claude Code skill\n","permalink":"https://douglasadolph.com/projects/","summary":"Open-source projects by Douglas Adolph: Kubernetes, security, and developer tooling in Go.","title":"Projects"}]