Skip to content

Instantly share code, notes, and snippets.

View lfsmoura's full-sized avatar
🏠
Working from home

Leonardo Moura lfsmoura

🏠
Working from home
41 followers · 53 following
View GitHub Profile
@lfsmoura
lfsmoura / sonarqube-wireguard-internet-closed-vps.md
Created June 28, 2026 15:21
Running SonarQube on a WireGuard-only, internet-closed VPS (and scanning it from GitHub Actions)

Running SonarQube on a WireGuard-only, internet-closed VPS (and scanning it from GitHub Actions)

How to self-host SonarQube Community Build on a VPS that has no public HTTP exposure — reachable only through a WireGuard tunnel — and still run automated analysis from GitHub-hosted runners by bringing each CI run onto the tunnel as a scoped, temporary peer.

This is the "private by default" pattern: nothing about SonarQube is on the public internet, no domain, no TLS termination, no reverse proxy rule. The only public-facing port on the box is the WireGuard UDP port. Everything else lives behind the tunnel.

Conventions in this guide:

  • 203.0.113.10 — the VPS public IP (replace with yours; this is a TEST-NET address used only for illustration).
  • 10.0.0.1 — the WireGuard server's tunnel IP (private, RFC 1918).
  • 10.0.0.0/24 — the tunnel subnet.
@lfsmoura
lfsmoura / README.md
Created June 13, 2026 17:35
Verify a deploy actually went live: bake the git commit into your build, expose it at /api/version, and poll until it matches

Did my deploy actually go live? A tiny version-probe pattern

When you git push and your CI/CD picks it up automatically, there's an awkward gap: the push succeeded, but is the new code actually serving traffic yet? Builds take minutes, CDNs cache, rollouts are gradual. Refreshing the page and squinting at it doesn't prove anything.

This is a three-part pattern that turns "I think it deployed" into a single command that exits 0 only when the exact commit you pushed is live.

@lfsmoura
lfsmoura / hindsight-osaurus-setup.md
Last active June 4, 2026 18:07
Hindsight + Osaurus local LLM setup

Hindsight + Osaurus local LLM setup

Hindsight + Osaurus local LLM setup

This note shows how to run Hindsight in Docker while using an Osaurus-hosted local OpenAI-compatible model for LLM calls.

Assumptions

  • Osaurus is running on the host machine.
  • Osaurus exposes an OpenAI-compatible API on http://127.0.0.1:1337.
@lfsmoura
lfsmoura / deploying-hermes-agent-on-dokploy.md
Last active June 23, 2026 08:22
Deploying Hermes Agent (NousResearch) on Dokploy — step-by-step guide

Deploying Hermes Agent on Dokploy

A step-by-step guide to deploying NousResearch Hermes Agent on a VPS using Dokploy, secured with Tailscale and a locked-down firewall.

Prerequisites

  • A VPS with Dokploy installed
  • Dokploy API token (Settings → API Keys in Dokploy UI)
  • A Telegram bot token from @BotFather
  • An LLM API key (OpenAI-compatible endpoint)
@lfsmoura
lfsmoura / README.md
Created December 25, 2025 20:55
Biome GritQL plugin to enforce browserLogger instead of console in React components

Biome Plugin: no-console-in-tsx

A custom Biome GritQL plugin that prevents direct console.* usage in React components (.tsx files).

Why?

I use OpenObserve for centralized log aggregation. To ensure all browser logs are captured and sent to OpenObserve, I created a browserLogger utility that wraps console methods and forwards logs to my observability backend.

This plugin enforces that pattern by flagging any direct console.log, console.error, console.warn, console.info, or console.debug calls in React components as errors.

@lfsmoura
lfsmoura / quicksort.cpp
Created September 15, 2021 16:18
Quicksort in C++ three lines
#include <iostream>
#include <algorithm>
#include <vector>
using namespace std;
void q(std::vector<int>::iterator b, std::vector<int>::iterator e) {
auto d = std::partition(b, e, [&](int s) { return s <= *b; });
if (b < e) q(b, d - 1), q(d, e);
}