freyjagp/blog.raer.me
1
0
Fork 0
Code Actions Packages Releases Activity

Compare commits

base: freyjagp:drafts
Branches Tags
freyjagp:main freyjagp:drafts
..
compare: freyjagp:08380ee33dcdc17b5b4f236664ae623383259925
Branches Tags
freyjagp:main freyjagp:drafts

25 Commits
drafts ... 08380ee33d

Author SHA1 Message Date
Freyja Odinthrir
08380ee33d Add new entry to blog
All checks were successful
/ Build static site, docker image, upload artifact... (push) Successful in 6m49s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Successful in 45s
Details 
- Revisit entry from may 12th
 2024-09-27 14:02:43 -07:00
Freyja Odinthrir
66a91927fc Add toc to old blog 2024-09-27 14:02:12 -07:00
Freyja Odinthrir
b357ab14b4 Add table of contents to old blogs 2024-09-27 13:56:48 -07:00
Freyja Odinthrir
a93700b334 Add copyright notice. 2024-09-27 13:56:10 -07:00
Freyja Odinthrir
67310f0f7a fix bad dag
All checks were successful
/ Build static site, docker image, upload artifact... (push) Successful in 3m44s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Successful in 22s
Details
2024-09-26 06:28:10 -07:00
Freyja Odinthrir
ccb0ddff24 update workflow
Some checks failed
/ Connect to deployment host, update, and redeploy docs website. (push) Has been skipped
Details
/ Build static site, docker image, upload artifact... (push) Failing after 2m57s
Details
2024-09-26 06:19:31 -07:00
Freyja Odinthrir
d3dadb5170 Configuration maangement blog entry. 2024-09-26 06:18:49 -07:00
Freyja Odinthrir
fc6b7f0217 Change to arm architecture
All checks were successful
/ Build static site, docker image, upload artifact... (push) Successful in 4m5s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Successful in 1m57s
Details
2024-09-21 19:22:43 -07:00
Freyja Odinthrir
87244e2545 blog update 20240906
Some checks failed
/ Connect to deployment host, update, and redeploy docs website. (push) Blocked by required conditions
Details
/ Build static site, docker image, upload artifact... (push) Has been cancelled
Details
2024-09-06 03:37:13 -07:00
Freyja Odinthrir
aa54a8f2cd Force ci
All checks were successful
/ Build static site, docker image, upload artifact... (push) Successful in 1m0s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Successful in 22s
Details
2024-09-06 02:12:11 -07:00
Freyja Odinthrir
7f08d3b380 Update to rootless nginx. 2024-09-06 02:11:20 -07:00
Freyja Odinthrir
17b7098bcc Finalize changes to gitea workflow. 2024-09-06 00:20:21 -07:00
Freyja Odinthrir
70b474da99 FIX WORKFLOW FINALLY?
All checks were successful
/ Build static site, docker image, upload artifact... (push) Successful in 1m2s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Successful in 20s
Details
2024-09-06 00:02:48 -07:00
Freyja Odinthrir
8d3eb79baf Fix workflow variable issue
Some checks failed
/ Build static site, docker image, upload artifact... (push) Successful in 1m50s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Failing after 22s
Details
2024-09-05 23:54:39 -07:00
Freyja Odinthrir
41339fd8d2 FIX PIPFLE FUCK ME
Some checks failed
/ Build static site, docker image, upload artifact... (push) Successful in 1m10s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Failing after 21s
Details
2024-09-05 23:49:38 -07:00
Freyja Odinthrir
3def5b025a fix pipfile
Some checks failed
/ Connect to deployment host, update, and redeploy docs website. (push) Has been skipped
Details
/ Build static site, docker image, upload artifact... (push) Failing after 41s
Details
2024-09-05 23:47:52 -07:00
Freyja Odinthrir
631e14720c fix pipfile
Some checks failed
/ Connect to deployment host, update, and redeploy docs website. (push) Has been skipped
Details
/ Build static site, docker image, upload artifact... (push) Failing after 39s
Details
2024-09-05 23:46:15 -07:00
Freyja Odinthrir
08b0c2fc09 Fix actions maybe?
Some checks failed
/ Connect to deployment host, update, and redeploy docs website. (push) Has been skipped
Details
/ Build static site, docker image, upload artifact... (push) Failing after 1m46s
Details
2024-09-05 22:07:44 -07:00
Freyja Odinthrir
ef1756df5e Update blag version, improve workflow for new deployment host. 2024-09-05 21:46:21 -07:00
Freyja Odinthrir
39ccd1c97f new blog entry
Some checks failed
/ Build static site, docker image, upload artifact... (push) Failing after 4s
Details
/ Connect to deployment host, update, and redeploy docs website. (push) Has been skipped
Details
2024-05-12 22:22:33 -07:00
Freyja Odinthrir
63a6ef1152 Fix spelling on last blog entry 2024-01-31 19:05:56 -08:00
Freyja Odinthrir
fbaeb7f56d Add new rice recipe to blog. 2024-01-31 18:46:14 -08:00
Freyja Odinthrir
75ee536bd3 New blog post. 2024-01-19 05:59:21 -08:00
Freyja Odinthrir
e4aabe4188 Update blog 2024-01-18 12:14:20 -08:00
Freyja Odinthrir
584eb7dec8 New blogpost 2024-01-18 12:12:27 -08:00
17 changed files with 911 additions and 70 deletions
Expand all files Collapse all files

2
.conf/nginx/nginx.conf
View File

@@ -1,5 +1,5 @@
worker_processes 4;
pid /run/nginx.pid;
pid /tmp/nginx.pid;
error_log /dev/stderr info;

2
.conf/supervisor/supervisord.conf
View File

@@ -2,7 +2,7 @@
nodaemon=true
logfile=/dev/null
logfile_maxbytes=0
pidfile=/run/supervisord.pid
pidfile=/tmp/supervisord.pid
[program:nginx]

78
.gitea/workflows/production/build-deploy-docs.yml
View File

@@ -1,9 +1,9 @@
on:
push:
paths:
- "content/**"
- "static/**"
- "templates/**"
# paths:
# - "content/**"
# - "static/**"
# - "templates/**"
branches:
- "main"
@@ -19,17 +19,17 @@ jobs:
run: echo "::set-output name=date::$(date +'%Y%m%d%H%M%S')"
-
name: Checkout the git repo...
uses: actions/checkout@v3
uses: https://github.com/actions/checkout@v3
-
name: Set up docker buildx...
uses: docker/setup-buildx-action@v3
uses: https://github.com/docker/setup-buildx-action@v3
-
name: Login to gitea registry
uses: docker/login-action@v3
uses: https://github.com/docker/login-action@v3
with:
registry: gitea.raer.me
username: ${{ secrets.PRODUCTION_REGISTRY_USERNAME }}
password: ${{ secrets.PRODUCTION_REGISTRY_TOKEN }}
username: ${{ secrets.REGISTRY_USERNAME }}
password: ${{ secrets.REGISTRY_TOKEN }}
-
name: Install required system packages...
run: |
@@ -40,8 +40,8 @@ jobs:
-
name: Install pipenv, build blog...
env:
PIPENV_USER: ${{ secrets.PRODUCTION_REGISTRY_USERNAME }}
PIPENV_PASS: ${{ secrets.PRODUCTION_REGISTRY_TOKEN }}
PIPENV_USER: ${{ secrets.REGISTRY_USERNAME }}
PIPENV_PASS: ${{ secrets.REGISTRY_TOKEN }}
run: |
pip install pipenv
pipenv install
@@ -51,37 +51,30 @@ jobs:
run: 7z a -mx=9 ./artifact.7z build
-
name: Upload artifact...
uses: actions/upload-artifact@v3
uses: https://github.com/actions/upload-artifact@v3
with:
name: artifact_${{ steps.date.outputs.date }}
path: ./artifact.7z
retention-days: 7
-
name: Build and push docker image to gitea package store
uses: docker/build-push-action@v5
uses: https://github.com/docker/build-push-action@v5
with:
context: .
push: true
platforms: linux/amd64
platforms: linux/arm64
tags: gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}
job2:
needs: job1
name: Connect to deployment host, update, and redeploy docs website.
runs-on: ubuntu-latest
steps:
-
name: Install required system packages...
run: |
export DEBIAN_FRONTEND=noninteractive
apt update
apt upgrade -y
apt install -y iputils-ping
-
name: Configure SSH...
env:
SSH_USER: ${{ secrets.PRODUCTION_SSH_USER }}
SSH_KEY: ${{ secrets.PRODUCTION_SSH_KEY }}
SSH_HOST: ${{ secrets.PRODUCTION_SSH_HOST }}
SSH_USER: ${{ secrets.DEPLOYMENT_USER }}
SSH_KEY: ${{ secrets.DEPLOYMENT_KEY }}
SSH_HOST: ${{ secrets.DEPLOYMENT_HOST }}
run: |
mkdir -p ~/.ssh/
echo "$SSH_KEY" > ~/.ssh/staging.key
@@ -95,38 +88,5 @@ jobs:
END
cat ~/.ssh/config
-
name: Test SSH Host...
env:
SSH_HOST: ${{ secrets.PRODUCTION_SSH_HOST }}
run: |
ping -c 3 $SSH_HOST
ssh staging 'ls'
-
name: Safety check (ensure dirs exist and repo has been cloned)...
run: |
echo "Adding ci dir if it doesn't exist..."
ssh staging 'bash -c "[ -d ci ] || mkdir ci"'
echo "Cloning git repo if it isn't already cloned..."
ssh staging 'cd ci; bash -c "[ -d ${{ gitea.event.repository.name }} ] || git clone https://${{ secrets.PRODUCTION_API_TOKEN }}@gitea.raer.me/${{ gitea.repository }}.git"'
-
name: Deploy testing script on remote...
run: |
ssh staging '\
cd ci/${{ gitea.event.repository.name }}; \
git remote remove origin; \
git remote add origin https://${{ secrets.PRODUCTION_API_TOKEN }}@gitea.raer.me/${{ gitea.repository} }.git; \
git checkout ${{ gitea.ref_name }}; \
git reset --hard HEAD; \
git pull origin ${{ gitea.ref_name }}; \
git remote remove origin;'
-
name: Pull new image and redeploy...
run: |
ssh staging '\
echo "${{ secrets.PRODUCTION_REGISTRY_TOKEN }}" | docker login --password-stdin --username ${{ secrets.PRODUCTION_REGISTRY_USERNAME }} gitea.raer.me; \
docker stop blog.raer.me-prod; \
docker rm blog.raer.me-prod; \
docker pull gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}; \
docker run -d --name blog.raer.me-prod -p ${{ secrets.PRODUCTION_DEPLOYMENT_HOST }}:4020:80 gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}; \
docker logout gitea.raer.me;'
name: Run deploy script.
run: ssh staging

7
Dockerfile
View File

@@ -4,12 +4,17 @@
## Used by automation. Can be built manually for testing.
##
####
FROM alpine:3.17
FROM alpine:3.20
RUN apk add nginx supervisor
RUN mkdir -p /var/www
RUN rm -rf /etc/nginx
COPY build /var/www/build
COPY .conf/nginx /etc/nginx
COPY .conf/supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
RUN chown -R nobody /var/www
RUN chown -R nobody /etc/nginx
RUN chown -R nobody /var/www/build
RUN chown -R nobody /etc/supervisor/conf.d/
USER nobody
CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
EXPOSE 80

3
Pipfile
View File

@@ -9,7 +9,8 @@ verify_ssl = true
name = "gitea"
[packages]
blag = {version = "==2.3.0", index = "gitea"}
blag = {version = "==2.4.0", index = "gitea"}
pymdown-extensions = {version = "==10.9", index = "pypi"}
[dev-packages]

18
content/2024/01/17/post-01.md
View File

@@ -2,7 +2,17 @@ Title: First blog post built with blag
Description: Because every new blog needs a new post.
Date: 2024-01-17 10:28
Tags: personal, gitops, devops, technical
Edited: 2024-01-18 00:18
Edited: 2024-09-27 13:50
# Table of Contents <!-- omit in toc -->
- [A new post for a new blog](#a-new-post-for-a-new-blog)
- [Fixing that old mess](#fixing-that-old-mess)
- [Static Site Generation](#static-site-generation)
- [Using blag](#using-blag)
- [Automation](#automation)
- [Conclusion](#conclusion)
# A new post for a new blog
@@ -14,13 +24,13 @@ Previously, <https://blog.raer.me/> was an html-only website. The pages were cre
That's terribly inconvenient. To boot, the thing wasn't version managed and it was deployed entirely manually directly to a folder on my reverse proxy server ([see more...](../../../2023/06/28/automating-some-things.md)) Yikes! None of this was ideal at all!
## Fixing that old mess
# Fixing that old mess
So building the blog with html manually was a pain in the ass. But doing something like an MVC framework or a CMS for a simple blog seemed like too much hassle as well. I don't want a WYSIWYG, or something that's browser-based. I hate dealing with browser frontends. Afterall, a blog is mostly - if not *entirely* - text-based. Why should I have to deal with the overhead of a server-side scripted website? I just want to write my blog in markdown - like i do with all my documentation already. Then I could even keep it in a git repo, backed up to my private gitea instance.
The answer to all of that, is `static site generation`. Turns out, there are plenty of other people out there who have looked at available tools, thought something similar to me, then built their own new tool that can take markdown, then generate a whole-ass website with it. Simple, and clean. You write content, maybe tweak some CSS/HTML templates, then the generator handles all the dirty work. No more searching for dozens of instances of a link when I change something in the navbar. That navbar is now a single template file that's reused by the generator.
## Static Site Generation
# Static Site Generation
This all sounds very complicated, yes? Well, sure. But really, its not.
@@ -187,6 +197,8 @@ jobs:
```
# Conclusion
Bear in mind, this all required a bit of setup and learning to self-host. But, when the hosts & runners are all set up and running properly, with the above workflow, updating this blog is a simple matter of committing to a git repo then pushing it to my remote. The runners handle everything else.
Ain't gitops grand?

73
content/2024/01/18/baja-tacos.md Normal file
View File

@@ -0,0 +1,73 @@
title: Baja-style tacos
description: Some seafood tacos.
tags: cooking, recipes
date: 2024-01-19 05:59
# Table of Contents <!-- omit in toc -->
- [Baja Tacos](#baja-tacos)
- [Ingredients](#ingredients)
- [Fresh](#fresh)
- [Spices](#spices)
- [Protein](#protein)
- [Directions](#directions)
- [Prep](#prep)
- [Slaw](#slaw)
- [Sauce](#sauce)
- [Rub](#rub)
- [Assemble](#assemble)
# Baja Tacos
## Ingredients
- Street taco size tortillas
- Mayo
- Sour Cream
### Fresh
- 12x limes (some for juicing, some for serving)
- shredded coleslaw mix (or cabbage for shredding)
### Spices
- chili powder
- kosher salt
- black pepper
- garlic powder
- cumin
### Protein
- 1lb large prawns, shrimp, or fish filets
## Directions
### Prep
- Butterfly the protein.
- Mix spices in order most to least: Chili powder, cumin, garlic powder, salt, black pepper
- Preheat and oil a large skillet
- halve some limes. Cut some halves into quarters, save some for juicing.
### Slaw
Toss shredded slaw veggie mix with the juice of 1-2 lime halves, season lightly with salt and pepper
### Sauce
Mix 60:40 sour cream to mayo. Make about 2 cups worth. Give generous pinch of salt. few generous shakes of coarse black pepper and garlic powder. Mix juice of 2-4 lime halves. Sauce should be tangy with a hint of garlic.
### Rub
Rub the protein liberally with the spice mixture. Cook in hot oil until tender. (Butterflied shrimp/fish cook very fast this way)
## Assemble
1. Taco shell
2. Dallop and smear of sauce
3. generous helping of slaw
4. 2x prawns/shrimp OR 1x fish filet
5. Drizzle with sauce, serve with lime slice

87
content/2024/01/18/cheesecake-recipe.md Normal file
View File

@@ -0,0 +1,87 @@
title: Cheesecake
description: My birthday is soon, here's a cheesecake recipe.
tags: baking, cooking, cheesecake, recipes
date: 2024-01-18 12:05
edited: 2024-09-27 13:52
# Table of Contents <!-- omit in toc -->
- [New York style cheesecake](#new-york-style-cheesecake)
- [Ingredients](#ingredients)
- [For the Crust](#for-the-crust)
- [For the Filling](#for-the-filling)
- [Directions](#directions)
- [How to Slice Cheesecake](#how-to-slice-cheesecake)
# New York style cheesecake
Shamelessly stolen from [martha stewart dot com](https://www.marthastewart.com/865202/new-york-style-cheesecake). Thanks `Lucinda Scala Quinn` for a great recipe!
Converted to markdown and posted here to preserve for my own purposes.
## Ingredients
### For the Crust
- 4 ounces graham crackers, broken into pieces
- ¼ teaspoon coarse salt
- ⅓ cup sugar
- 4 tablespoons unsalted butter, melted
### For the Filling
- 2 ½ pounds cream cheese (five 8-ounce packages), room temperature
- 4 ounces unsalted butter, room temperature
- 8 ounces sour cream, room temperature
- 1 ¾ cups granulated sugar
- 5 large eggs, plus 2 egg yolks
- Zest of 1 lemon
- 1 teaspoon vanilla extract
## Directions
1. **Preheat oven and prepare pan:**
- Preheat oven to 375°F with rack in the lower third of the oven.
- Butter bottom and sides of a 9-inch springform pan.
- Line sides of the pan with 4-inch-high strips of parchment and butter parchment.
2. **Combine graham crackers and sugar for crust:**
- In a food processor, pulse graham crackers with salt and sugar to fine crumbs.
- Add butter and pulse until fully incorporated.
3. **Bake and cool crust:**
- Press evenly into the bottom of the prepared springform pan and bake until the crust is golden brown and set (15 minutes).
- Remove from oven and transfer to a wire rack to cool for 10 minutes.
- Use the bottom of a measuring cup or the flat side of a drinking glass to press the crumbs into a compact layer.
> Other cookies, like chocolate disks, gingersnaps, or Biscoff wafers, can be used instead of graham crackers.
4. **Mix cheesecake filling:**
- In a large stand mixer fitted with the paddle attachment, beat cream cheese, butter, and sour cream with sugar until light and smooth.
- Add eggs, yolks, zest, and vanilla:
- Beat in eggs one at a time until fully incorporated.
- Beat in remaining egg yolks, zest, and vanilla extract.
5. **Line pan with foil and parchment:**
- Crisscross two long pieces of foil and place a piece of parchment on top.
6. **Wrap exterior of pan in foil:**
- Place the springform in the center of the foil and wrap the foil tightly around the bottom and sides of the pan.
> Lining the pan with foil helps keep water from seeping into the cheesecake, which causes the crust to become soggy.
7. **Place pan in water bath; transfer to oven and bake:**
- Transfer to a roasting pan, pour filling into the springform pan, and smooth the top.
- Pour boiling water into the roasting pan to come halfway up the sides of the springform pan and carefully transfer to the oven.
- Bake for 1 hour until the top of the cheesecake is golden brown, edges are set, and the center jiggles slightly.
8. **Remove from water bath and foil; chill:**
- Lift cheesecake from the water bath, remove foil and parchment from outside of springform, and chill cheesecake in the refrigerator for at least 8 hours.
9. **Slice the cheesecake and serve:**
- To serve, remove the side of the springform pan and parchment strips.
- Cut the cheesecake with a long, thin-bladed knife.
### How to Slice Cheesecake
For perfect slices every time, run a long thin-bladed knife under hot tap water, wiping it clean between cuts.

11
content/2024/01/18/increasing-complexity.md
View File

@@ -2,6 +2,13 @@ title: Increasing complexity
description: A small issue snowballs because I want independence
tags: technical, gitops, devops
date: 2024-01-18 01:09
edited: 2024-09-27 13:52
# Table of Contents <!-- omit in toc -->
- [Increasing Complexity](#increasing-complexity)
- [Actually doing the thing](#actually-doing-the-thing)
- [Getting my fork on my package repo](#getting-my-fork-on-my-package-repo)
# Increasing Complexity
@@ -88,11 +95,11 @@ This isn't my first rodeo with setting these things up, though. I've got a simil
Okay. Enough talk, already! Lets do this!
## Actually doing the thing
# Actually doing the thing
So all that stuff I was talking about before was more-or-less me brainstorming what I needed to do. Here's some reporting back from me doing the stuff.
### Getting my fork on my package repo
## Getting my fork on my package repo
Turns out, the makefile is fine. Super easy. Just gotta hit it with a `make` command and its primo. So what I did, was I made the mirrors org and moved my blag mirror over there. Then I forked it to my personal gitea account. Then I cloned the fork, and made a `v2.3.0` branch because it was on `v2.2.x`. I updated the version in the source. Then I added the dependency for the new package `pymdown-extensions` in the appropriate files. Then I modified the `markdown.py` file to include the `footnotes` and `pymdownx.tilde` (strikethrough) extensions. Then I ran the makefile, which did its magic and made the stuff. Then I simply run twine to upload to my personal gitea package repo. Done. Version 2.3.0 is on my repo.

45
content/2024/01/31/mediterranean-rice.md Normal file
View File

@@ -0,0 +1,45 @@
title: Mediterranean-style rice
description: A very tasty rice and veggies recipe.
tags: cooking
date: 2024-01-31 18:45
# Table of Contents <!-- omit in toc -->
- [Mediterranean style rice](#mediterranean-style-rice)
- [Ingredeints](#ingredeints)
- [Spices](#spices)
- [Cooking fat](#cooking-fat)
- [Cooking instructions](#cooking-instructions)
# Mediterranean style rice
This recipe is inspired by a rice dish served by a mediterranean restaurant I used to go to in my hometown.
## Ingredeints
- 2 cups cooked basmati rice
- 1x medium to large sweet onion, diced
- 2x roma tomatoes, cut into 1cm thick slices and then strips.
- 1x green bell pepper, diced
- 2-3 cloves minced garlic
- 1 cup pickled banana peppers, diced.
- 0.5-1.0 cups banana pepper brine.
### Spices
- kosher salt
- black pepper
- turmeric
- oregano
- dill
- nutmeg
### Cooking fat
- olive oil
## Cooking instructions
In a hot cast iron skillet with near smoking olive oil, sweat the onions and bell peppers until all are soft and starting to brown/darken. Add minced garlic and stir into still sizzling onions/pepper until fragrent. Add generous pinch of kosher salt and coarse black pepper. A tablespoon or two of oregano. A teaspoon or two of dill. A teaspoon of turmeric. And half a teaspoon of nutmeg. Add roma tomato and banana peppers and a glug of olive oil and mix until tomatoes are soft. Add the brine and bring to a boil.
Serve heaping spoonful of vegetables over rice, with a splash of banana pepper brine on top.

36
content/2024/05/01/20240512.md Normal file
View File

@@ -0,0 +1,36 @@
title: Using passwords in script, securely!
description: Keeping passwords inside of scripts safe from prying eyes.
tags: security, scripting, unix, linux
date: 2024-05-12 21:35
# Storing passwords in plaintext (sorta)
I came across an issue recently wherein I wanted to automate a backup process that requires three different passwords. I had just discovered [borg backup](https://borgbackup.readthedocs.io/en/stable/) and wanted to use it in place of the periodic `rsync -azvh --delete` that I was doing. The rsync method would just sync my home folder to a USB ssd, and one of my two fileservers. This worked, but didn't have the deduplication or archiving benefits of borg. It also required me to mount my fileservers vis nfs which is another manual step in the backup process.
Borg backup works by copying data in blocks. Its much smarter than rsync, and you can encrypt the backups on the fly. For remote backups, they recommend using ssh. They allow you to put the encryption passphrase in an environment variable for automation. I wanted to use borg to backup to three different locations at the push of a button, without storing the backup encryption passphrases in plaintext or entering them every time I run a backup.
Through some trial and error, I settled upon writing my script - passhprases and all - then writing *another* script that encrypts it with my gpg key, and sticks it into *yet another* script that will first decrypt the encrypted script then pipe it directly to bash. That looks like this:
```bash
#!/bin/bash
## This will stop the script if there's no script.sh file in the root dir.
set -e
mv script.sh script.sh
GPG_ID='ENTER_YOUR_GPG_ID'
cat script.sh | gpg --encrypt --armor -r $GPG_ID | base64 --wrap 0 > script.gpg.b64
printf "#!/bin/bash\n\nSCRIPT=\"$(cat script.gpg.b64)\"\n\necho \$SCRIPT | base64 -d | gpg --decrypt --quiet | bash\n\n" > script.obf
chmod +x script.obf
rm script.gpg.b64
```
Now I can take *any* script with passwords in it, and obfuscate it behind a gpg passphrase! How neat!

38
content/2024/09/06/2024090601.md Normal file
View File

@@ -0,0 +1,38 @@
title: Some changes have ocurred
tags: servers, server layout, gitops, devops
date: 2024-09-06 03:27
edited: 2024-09-27 13:53
# Table of Contents <!-- omit in toc -->
- [Some changes have ocurred](#some-changes-have-ocurred)
- [Pi os](#pi-os)
- [How I do gitops](#how-i-do-gitops)
- [How the deployment server works.](#how-the-deployment-server-works)
# Some changes have ocurred
Server layout has undergone some changes, most notably:
- the OS on my pi
- how i do gitops
- how the deployment works
# Pi os
I needed docker on my pi, so i abandoned freebsd. It was a good run and taught me a lot about unix. But implementing a custom freebsd server is just. not my thing anymore. Docker is so much easier for versioning. And if i want to compile from scratch? I have that option, too, with docker.
The pi now runs openSUSE Leap 15.6.
# How I do gitops
I've more or less solidified how I do gitops. When I need to version control files on a remote server, I make a local git repo with those files that also contains a script which is used to deploy any of said files on the remote server. This is achieved over SSH. A bare git repo is initialized on the remote server, and added as a remote in the gitops repo. Then, that remote is pushed to in a way that it is always synced perfectly with the local copy. Then, a script in the git repo can SSH into the remote, clone the repo from the local copy, and do stuff with the files.
# How the deployment server works.
Before, i used rootless docker and usernames to sort of namespace things in an ineffective way. I was also using gitea actions configs to do things on the deployment server with an ssh key that had unlimited access to the user account. This provided a false sense of security.
Now, I'm just running a single rootful docker instance. I'm mindful of network segregation, ensuring no unsafe directories are given to containers, and I'm also not allowing any privileged containers.
I'm also doing CI a different way. An SSH keypair is made for each CI repository on gitea. Then, the private key is stored as a secret in the repo's actions settings. Then, a script is written and pushed to the deployment server that is called by the SSH public key. This ensures that no rogue activity happens, essentially locking each SSH key to a specific deployment script.

43
content/2024/09/26/configuration-management.md Normal file
View File

@@ -0,0 +1,43 @@
title: Managing configs on my homeservers.
description: Managing configuration files - some lessons I've learned over the years.
tags: post, git, gitops, devops, cicd, tech, scripting
date: 2024-09-26 05:21
edited: 2024-09-27 13:53
# Table of Contents <!-- omit in toc -->
- [Managing homeserver configs](#managing-homeserver-configs)
- [So how do I do things?](#so-how-do-i-do-things)
- [conclusion](#conclusion)
# Managing homeserver configs
I've run my home services a number of different ways over the years. I've split things between multiple virtual machines, I've set up a 'bare metal ' kubernetes cluster distributed between multiple VMs and hardware devices on my home network. I've used FreeBSD and its Jails to run things I compiled by scratch in an effort to lower attack surface. I ran (and run) VMs and containers on proxmox, truenas core and truenas scale. Each method brings its pros & cons, security tradeoffs, and configuration complexity. Though I've practiced more complex enterprise-level user & permission management (ldap/active directory) techniques, I've settled on "good enough" security practices for my uses/needs (I don't have multiple people accessing things over ssh, for example, so I do the unthinkable and - gasp - ssh directly into root with an ed25519 keypair to administer servers). No SSH ports are exposed directly to the internet anyway - well, except for gitea. But that's also protected with keypairs.
Similarly, I seek to reduce complexity of my configuration management. I like to do as much work as possible, in my text editor of choice (that's VScode. I know, I know. I use the microsoft text editor. Controversial opinion: its good. Shoot me, emacs and vim nerds). That means using things like webuis to enter configs is out the window (looking at you, truenas scale kubernetes bullshit). Doing things in the text editor means I'm using git to version manage. I also like to use a combination of custom shell scripts and gitea actions config files to automate workflows. Any commands I run frequently get stuck into a shell script, no matter how mundane. I spent a long time manually deploying configs for docker - I know how that tool works. Hell, I know how *all* my tools work. I want to spend less time entering `ssh host "docker compose down;docker compose up -d;"` and more time doing a `./sripts/docker-down-up`. I don't want to enter an ever-changing esoteric webui for some haphazard k3s deployment to look for/edit a hacky series of docker-compose configs rearranged into different parts of said webui. That stuff just annoys me when I have to change things.
> __Speaking of k3s/k8s - Fuck that noise entirely in a home environment. Unless you're doing it to learn, I recommend staying away from kubernetes. Its just docker with extra steps and its far more trouble than its worth for the home - in my very strong opinion.__
# So how do I do things?
Well, as I alluded to earlier - I work in my text editor, out of git repositories. All of my services are deployed with docker - its just... easier, this way. I've run services so many different ways over the years and docker is simply the easiest to deal with. I can grab premade containers. Or I can make my own, push them to my gitea deployment, and pull them for use later. Its great. And its distro agnostic. Sure there are some security issues associated with it. But there are also well documented methods to nullify them. I can also use docker volumes to store everything in `/opt/{container_name}` which is super handy when it comes time to archive/back up the host since all I need to do to grab any important data is backup `/opt`!
Most things get pushed directly to my gitea server. If there are actions that need to be run (such as building and pushing docker containers or other packages), I write a gitea actions config to handle that - its for all intents and puposes exactly the same as github actions. Which is nice. It simply uses a privilaged docker container to spin up other docker containers to do stuff that I would normally do by hand or with a script called `build` or `deploy`.
Though, there are some things that have to be managed manually. one of them is the repo for all the config files for services run on the deployment host. The other, is the repo for my nginx reverse proxy - because if I use gitea to deploy that docker container, it will... turn off the reverse proxy. Which is a link between gitea and the act runner. So... Yeah... can't do that. Cus it causes issues.
These manually managed repos are pushed directly to a bare repo on the deployment host. Then, a script is run that SSHs into the host and runs some commands.
In the case of the main config repo, there also resides an ssh authorized_keys file, some scripts in a folder called `ci`, docker configs, and a big folder of scripts to deploy the thing, manually run actions on the docker configs, and more. The authorized_keys file and `ci` folder allow me to use gitea actions to deploy docker images on the host. I generate an ssh keypair, I store the private key as a secret in each individual repo that deploys to the host, then i put the public key in the authorized_keys file with a command that points to a script in `ci` that pulls and redeploys docker images.
# conclusion
This is more or less some rambling about how I manage configs in git. I hope any amount of this made sense.

106
content/2024/09/27/scripts-with-passwords-revisited.md Normal file
View File

@@ -0,0 +1,106 @@
title: Using passwords in script, revisited!
description: Another look at my entry from 12th May, 2024 where I explore a method for obfuscating scripts to keep borg passphrases secure while automating my backup process.
tags: security, scripting, unix, linux
date: 2024-09-27 12:11
# Table of Contents <!-- omit in toc -->
- [Revisiting an old topic](#revisiting-an-old-topic)
- [The process](#the-process)
- [Obfuscation](#obfuscation)
- [Deobfuscation](#deobfuscation)
- [Conclusion](#conclusion)
# Revisiting an old topic
[In this blog entry dated 12th May, 2024](https://blog.raer.me/2024/05/01/20240512.html) I discuss a method where I'm able to keep passphrases stored inside of a bash script, while still being able to execute the bash script. Its been a few months and I've improved the process for obfuscating/deobfuscating scripts, since I'm now using this method as part of my process in writing/editing backup scripts. Thus I'd like to retouch the topic since rereading the previous blogpost leaves me a bit undersatisfied.
# The process
You start by writing a script, and don't forget to include your sensitive data. I'll include an example below of one of my backup scripts:
```bash
#!/usr/bin/env bash
NAME=pi_$(date +'%Y%m%d%H%M%S')
DIR="/home/freyja/.mnt/pi"
tmux new-session -d -s borg-pi-archive "sshfs pi:/opt $DIR; \
export BORG_PASSPHRASE=yesthisistotallymyrealpassphraseyougotmeididanoopsie; \
borg create --stats --progress --compression lz4 /home/freyja/Documents/.borg/pi::$NAME $DIR; \
export BORG_PASSPHRASE=''; \
rclone sync -P -v /home/freyja/Documents/.borg/pi proton:/borg/pi; \
umount $DIR; \
"
```
## Obfuscation
Obviously, saving this as plaintext would be insecure. It has a whole encryption passphrase in there! But remembering all that and typing it in every time isn't ideal either. That's where the `obfuscate` script comes in. That looks a 'lil somethin' like this:
```bash
#!/bin/bash
##
# obfuscate script. This will encrypt any script with a gpg id,
# then stick it into the body of a variable in a new script that can
# decrypt the variable and pipe the original script directly to bash.
#
##
if [ -z "$1" ]; then
read -p "Please enter the filename: " filename
else
filename="$1"
fi
GPG_ID='my-gpg-identity'
printf "#!/bin/bash\n\nSCRIPT=\"$(cat $filename | gpg --encrypt --armor -r $GPG_ID | base64 --wrap 0)\"\n\necho \$SCRIPT | base64 -d | gpg --decrypt --quiet | bash\n\n" > $filename.obf
chmod +x $filename.obf
```
calling that with `obfuscate script` will spit out a file called `script.obf` that is just as easy to execute as the script you obfuscated. In fact, it is literally that exact script! Except its been encrypted with your supplied `GPG_ID`, turned into base64, then stuck inside a variable called `SCRIPT` inside of the `script.obf` file - along with some other stuff that allows `script.obf` to decrypt the data stored in `SCRIPT` variable then pipe it directly into bash.
The obfuscated script will look a bit like this:
```bash
#!/bin/bash
SCRIPT="LS0tLS1CRUdJTiBQR1AgTUVTU0FHRS0tLS0tCgpoUUlNQXhCRUVPVU9vQ1JEQVEvL1EvM29FOHBoeUlQSFN6bVFjSWtpUzFDR1pCQU1oWFY3RU9ld2ZaSVhpcDZOClZHM1lDMGQ5QjVwRjZ6emFQVUZmVkJPQzZSV2NPR1pHQU91QW83bXVSSmZNVU5YVWpYbDRrVFRIRnFpdE8ydFIKVHQ3d0lyVm5YMnJjVUNHR0Iva29lSDdsVG9xeG00TEtiZUkvSis2VVpCejNMSlBEQ2hkcXhtQURkbjlIRCtBMwpJT2pMNW5mbVZoRzRRUXBIa01KVFZyOUVoVXNsanJzNXRJNWNUMmg5NEZyaHBnbHE1OVhIOEJCOTJKQ25jSVo0Cis2eW1hZVdSRXBLOGFXRkF6aFVEZUd6bDdhV1VzMUs4NXRraUszdnFwRkYxUDZLdjZQb3dJOU9RRERHNmtLL08KaXlaRFNtTTNIVUJOQ3lEK29SKzBRRGJneG1TTGdUdkdkbW9xUUxCcm9ESVNLMkRiRWNBWkVqR3RwM25ienhwNwo2T1d6cDZLUzhGZURvTGZtMzdBdnpreTBMQ2ZTUGlZQm1QcFVEZzg1NlJOMytSQWlPeTgydkU0TFd4Mm14N3FZCmVCN1dQS3FNbTlhZDNnTVJUVEpUUGhzSUZrTWc4bEtEeW5uenhnUGFyQStFcnlyMUhnZVBqaThFRUZMVk44cmIKYlVtUE1BL3d6UVVFRFNyaXBBTE5WQ3lXOFF0eHh5QmtYWW9ERldTc2w5RXRCNDRCWHk4amozbHlKcXV6TzFZZgpTTjJmZThRdW9FMk1JTHM1MmRxbjBvdlFBZUN6RVF3Z29udC9hcXpzRUZ4b29tSFRPa1dVT1BUeGVoTXFhRjZKCjlKSnk2aUs0MEMrUHFTbVNVaktQMmtBZDRRQ3YzYXlabU8zaTZyRHZIM25hN0g1OHFLRlkwb2NoRWI4Qzh6blUKY0FFSkFoQk56bm5zRmNrTlVpOUhEQ05hcG1ubkxzb0xycDNWVE9yMFhZQUpyYUFZYStZZDh2RHJsYUNaeFNxTQpOYW1kUFZkc3J4K2JPTTdkbk1VbXFldm1GRzVPUm5nSUF0KytxdkNzaGNmRk42V01qcUpyYStBdWZRMFRldUZzClZZNHRVY3JzRU90REFrWHUxWDEzZVh3PQo9WENRdgotLS0tLUVORCBQR1AgTUVTU0FHRS0tLS0tCg=="
echo $SCRIPT | base64 -d | gpg --decrypt --quiet | bash
```
## Deobfuscation
As you can see, the encrypted script is stored as base64. To run it, that script is decoded, decrypted, then piped into bash. So long as the machine you're on has the private key for the gpg key you used to encrypt the script, it will simply ask you for your gpg passphrase before proceeding~~! How neat! But what if we want to edit the script? Seems like a bit of a pain to get your original script back, right? Well... to a degree. If you wanted to, you could lop of that pipe and `bash` command at the end of the last script, replace it with `>> script.deobfuscated`, and you'd have your original script back. But, that's also kind of annoying to do every time. So I just made a `deobfuscate` script that'll do the job for you. Its just like the `obfuscate` script but in reverse. It takes a file as input, looks for a variable called `script`, then decodes, decrypts, and dumps it into a file appended with `.deobfuscated`. Here's the deobfuscate script:
```bash
#!/bin/bash
if [ -z "$1" ]; then
read -p "Please enter the filename: " SCRIPT_FILE
else
SCRIPT_FILE="$1"
fi
if [ ! -f "$SCRIPT_FILE" ]; then
echo "$SCRIPT_FILE not found!"
exit 1
fi
cat $SCRIPT_FILE | xargs | awk -F 'SCRIPT=' '{print $2}' | awk -F ' ' '{print $1}' | base64 -d | gpg --decrypt --quiet > $SCRIPT_FILE.deobfuscated
if [ $? -eq 0 ]; then
echo "$SCRIPT_FILE has been deobfuscated."
else
echo "Failed to decrypt the script. Ensure you have the correct GPG key and it's available."
exit 1
fi
```
# Conclusion
That's about it, I don't have anything else. This section is simply a formality. I hope that if you're reading this, you find it interesting. <3

425
content/copyright.md Normal file
View File

@@ -0,0 +1,425 @@
title: copyright notice
description: coyright notice
# Copyright notice for content hosted on blog.raer.me
Copyright © 2024 Freyja R. L. Odinthrir
Code written inside code blocks on this website, is published under the [BSD 3-clause license](#bsd-3-clause-license). This license applies *ONLY* to code published in code blocks on this website.
All other content on this website - all original copy, images, stuff that isn't code, etc. - is distributed under and protected by the [Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International license](#creative-commons-by-nc-nd-40).
Full text of both licenses will be provided below.
## BSD 3-clause license
Copyright © 2024 Freyja R. L. Odinthrir
Redistribution and used in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
3. Neither the name of the copyright holder nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS “AS IS” AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
## Creative Commons BY-NC-ND 4.0
Copyright © 2024 Freyja R. L. Odinthrir
Attribution-NonCommercial-NoDerivatives 4.0 International
=======================================================================
Creative Commons Corporation ("Creative Commons") is not a law firm and
does not provide legal services or legal advice. Distribution of
Creative Commons public licenses does not create a lawyer-client or
other relationship. Creative Commons makes its licenses and related
information available on an "as-is" basis. Creative Commons gives no
warranties regarding its licenses, any material licensed under their
terms and conditions, or any related information. Creative Commons
disclaims all liability for damages resulting from their use to the
fullest extent possible.
Using Creative Commons Public Licenses
Creative Commons public licenses provide a standard set of terms and
conditions that creators and other rights holders may use to share
original works of authorship and other material subject to copyright
and certain other rights specified in the public license below. The
following considerations are for informational purposes only, are not
exhaustive, and do not form part of our licenses.
Considerations for licensors: Our public licenses are
intended for use by those authorized to give the public
permission to use material in ways otherwise restricted by
copyright and certain other rights. Our licenses are
irrevocable. Licensors should read and understand the terms
and conditions of the license they choose before applying it.
Licensors should also secure all rights necessary before
applying our licenses so that the public can reuse the
material as expected. Licensors should clearly mark any
material not subject to the license. This includes other CC-
licensed material, or material used under an exception or
limitation to copyright. More considerations for licensors:
wiki.creativecommons.org/Considerations_for_licensors
Considerations for the public: By using one of our public
licenses, a licensor grants the public permission to use the
licensed material under specified terms and conditions. If
the licensor's permission is not necessary for any reason--for
example, because of any applicable exception or limitation to
copyright--then that use is not regulated by the license. Our
licenses grant only permissions under copyright and certain
other rights that a licensor has authority to grant. Use of
the licensed material may still be restricted for other
reasons, including because others have copyright or other
rights in the material. A licensor may make special requests,
such as asking that all changes be marked or described.
Although not required by our licenses, you are encouraged to
respect those requests where reasonable. More considerations
for the public:
wiki.creativecommons.org/Considerations_for_licensees
=======================================================================
Creative Commons Attribution-NonCommercial-NoDerivatives 4.0
International Public License
By exercising the Licensed Rights (defined below), You accept and agree
to be bound by the terms and conditions of this Creative Commons
Attribution-NonCommercial-NoDerivatives 4.0 International Public
License ("Public License"). To the extent this Public License may be
interpreted as a contract, You are granted the Licensed Rights in
consideration of Your acceptance of these terms and conditions, and the
Licensor grants You such rights in consideration of benefits the
Licensor receives from making the Licensed Material available under
these terms and conditions.
Section 1 -- Definitions.
a. Adapted Material means material subject to Copyright and Similar
Rights that is derived from or based upon the Licensed Material
and in which the Licensed Material is translated, altered,
arranged, transformed, or otherwise modified in a manner requiring
permission under the Copyright and Similar Rights held by the
Licensor. For purposes of this Public License, where the Licensed
Material is a musical work, performance, or sound recording,
Adapted Material is always produced where the Licensed Material is
synched in timed relation with a moving image.
b. Copyright and Similar Rights means copyright and/or similar rights
closely related to copyright including, without limitation,
performance, broadcast, sound recording, and Sui Generis Database
Rights, without regard to how the rights are labeled or
categorized. For purposes of this Public License, the rights
specified in Section 2(b)(1)-(2) are not Copyright and Similar
Rights.
c. Effective Technological Measures means those measures that, in the
absence of proper authority, may not be circumvented under laws
fulfilling obligations under Article 11 of the WIPO Copyright
Treaty adopted on December 20, 1996, and/or similar international
agreements.
d. Exceptions and Limitations means fair use, fair dealing, and/or
any other exception or limitation to Copyright and Similar Rights
that applies to Your use of the Licensed Material.
e. Licensed Material means the artistic or literary work, database,
or other material to which the Licensor applied this Public
License.
f. Licensed Rights means the rights granted to You subject to the
terms and conditions of this Public License, which are limited to
all Copyright and Similar Rights that apply to Your use of the
Licensed Material and that the Licensor has authority to license.
g. Licensor means the individual(s) or entity(ies) granting rights
under this Public License.
h. NonCommercial means not primarily intended for or directed towards
commercial advantage or monetary compensation. For purposes of
this Public License, the exchange of the Licensed Material for
other material subject to Copyright and Similar Rights by digital
file-sharing or similar means is NonCommercial provided there is
no payment of monetary compensation in connection with the
exchange.
i. Share means to provide material to the public by any means or
process that requires permission under the Licensed Rights, such
as reproduction, public display, public performance, distribution,
dissemination, communication, or importation, and to make material
available to the public including in ways that members of the
public may access the material from a place and at a time
individually chosen by them.
j. Sui Generis Database Rights means rights other than copyright
resulting from Directive 96/9/EC of the European Parliament and of
the Council of 11 March 1996 on the legal protection of databases,
as amended and/or succeeded, as well as other essentially
equivalent rights anywhere in the world.
k. You means the individual or entity exercising the Licensed Rights
under this Public License. Your has a corresponding meaning.
Section 2 -- Scope.
a. License grant.
1. Subject to the terms and conditions of this Public License,
the Licensor hereby grants You a worldwide, royalty-free,
non-sublicensable, non-exclusive, irrevocable license to
exercise the Licensed Rights in the Licensed Material to:
a. reproduce and Share the Licensed Material, in whole or
in part, for NonCommercial purposes only; and
b. produce and reproduce, but not Share, Adapted Material
for NonCommercial purposes only.
2. Exceptions and Limitations. For the avoidance of doubt, where
Exceptions and Limitations apply to Your use, this Public
License does not apply, and You do not need to comply with
its terms and conditions.
3. Term. The term of this Public License is specified in Section
6(a).
4. Media and formats; technical modifications allowed. The
Licensor authorizes You to exercise the Licensed Rights in
all media and formats whether now known or hereafter created,
and to make technical modifications necessary to do so. The
Licensor waives and/or agrees not to assert any right or
authority to forbid You from making technical modifications
necessary to exercise the Licensed Rights, including
technical modifications necessary to circumvent Effective
Technological Measures. For purposes of this Public License,
simply making modifications authorized by this Section 2(a)
(4) never produces Adapted Material.
5. Downstream recipients.
a. Offer from the Licensor -- Licensed Material. Every
recipient of the Licensed Material automatically
receives an offer from the Licensor to exercise the
Licensed Rights under the terms and conditions of this
Public License.
b. No downstream restrictions. You may not offer or impose
any additional or different terms or conditions on, or
apply any Effective Technological Measures to, the
Licensed Material if doing so restricts exercise of the
Licensed Rights by any recipient of the Licensed
Material.
6. No endorsement. Nothing in this Public License constitutes or
may be construed as permission to assert or imply that You
are, or that Your use of the Licensed Material is, connected
with, or sponsored, endorsed, or granted official status by,
the Licensor or others designated to receive attribution as
provided in Section 3(a)(1)(A)(i).
b. Other rights.
1. Moral rights, such as the right of integrity, are not
licensed under this Public License, nor are publicity,
privacy, and/or other similar personality rights; however, to
the extent possible, the Licensor waives and/or agrees not to
assert any such rights held by the Licensor to the limited
extent necessary to allow You to exercise the Licensed
Rights, but not otherwise.
2. Patent and trademark rights are not licensed under this
Public License.
3. To the extent possible, the Licensor waives any right to
collect royalties from You for the exercise of the Licensed
Rights, whether directly or through a collecting society
under any voluntary or waivable statutory or compulsory
licensing scheme. In all other cases the Licensor expressly
reserves any right to collect such royalties, including when
the Licensed Material is used other than for NonCommercial
purposes.
Section 3 -- License Conditions.
Your exercise of the Licensed Rights is expressly made subject to the
following conditions.
a. Attribution.
1. If You Share the Licensed Material, You must:
a. retain the following if it is supplied by the Licensor
with the Licensed Material:
i. identification of the creator(s) of the Licensed
Material and any others designated to receive
attribution, in any reasonable manner requested by
the Licensor (including by pseudonym if
designated);
ii. a copyright notice;
iii. a notice that refers to this Public License;
iv. a notice that refers to the disclaimer of
warranties;
v. a URI or hyperlink to the Licensed Material to the
extent reasonably practicable;
b. indicate if You modified the Licensed Material and
retain an indication of any previous modifications; and
c. indicate the Licensed Material is licensed under this
Public License, and include the text of, or the URI or
hyperlink to, this Public License.
For the avoidance of doubt, You do not have permission under
this Public License to Share Adapted Material.
2. You may satisfy the conditions in Section 3(a)(1) in any
reasonable manner based on the medium, means, and context in
which You Share the Licensed Material. For example, it may be
reasonable to satisfy the conditions by providing a URI or
hyperlink to a resource that includes the required
information.
3. If requested by the Licensor, You must remove any of the
information required by Section 3(a)(1)(A) to the extent
reasonably practicable.
Section 4 -- Sui Generis Database Rights.
Where the Licensed Rights include Sui Generis Database Rights that
apply to Your use of the Licensed Material:
a. for the avoidance of doubt, Section 2(a)(1) grants You the right
to extract, reuse, reproduce, and Share all or a substantial
portion of the contents of the database for NonCommercial purposes
only and provided You do not Share Adapted Material;
b. if You include all or a substantial portion of the database
contents in a database in which You have Sui Generis Database
Rights, then the database in which You have Sui Generis Database
Rights (but not its individual contents) is Adapted Material; and
c. You must comply with the conditions in Section 3(a) if You Share
all or a substantial portion of the contents of the database.
For the avoidance of doubt, this Section 4 supplements and does not
replace Your obligations under this Public License where the Licensed
Rights include other Copyright and Similar Rights.
Section 5 -- Disclaimer of Warranties and Limitation of Liability.
a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE
EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS
AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF
ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS,
IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION,
WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS,
ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT
KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT
ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU.
b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE
TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION,
NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT,
INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES,
COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR
USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN
ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR
DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR
IN PART, THIS LIMITATION MAY NOT APPLY TO YOU.
c. The disclaimer of warranties and limitation of liability provided
above shall be interpreted in a manner that, to the extent
possible, most closely approximates an absolute disclaimer and
waiver of all liability.
Section 6 -- Term and Termination.
a. This Public License applies for the term of the Copyright and
Similar Rights licensed here. However, if You fail to comply with
this Public License, then Your rights under this Public License
terminate automatically.
b. Where Your right to use the Licensed Material has terminated under
Section 6(a), it reinstates:
1. automatically as of the date the violation is cured, provided
it is cured within 30 days of Your discovery of the
violation; or
2. upon express reinstatement by the Licensor.
For the avoidance of doubt, this Section 6(b) does not affect any
right the Licensor may have to seek remedies for Your violations
of this Public License.
c. For the avoidance of doubt, the Licensor may also offer the
Licensed Material under separate terms or conditions or stop
distributing the Licensed Material at any time; however, doing so
will not terminate this Public License.
d. Sections 1, 5, 6, 7, and 8 survive termination of this Public
License.
Section 7 -- Other Terms and Conditions.
a. The Licensor shall not be bound by any additional or different
terms or conditions communicated by You unless expressly agreed.
b. Any arrangements, understandings, or agreements regarding the
Licensed Material not stated herein are separate from and
independent of the terms and conditions of this Public License.
Section 8 -- Interpretation.
a. For the avoidance of doubt, this Public License does not, and
shall not be interpreted to, reduce, limit, restrict, or impose
conditions on any use of the Licensed Material that could lawfully
be made without permission under this Public License.
b. To the extent possible, if any provision of this Public License is
deemed unenforceable, it shall be automatically reformed to the
minimum extent necessary to make it enforceable. If the provision
cannot be reformed, it shall be severed from this Public License
without affecting the enforceability of the remaining terms and
conditions.
c. No term or condition of this Public License will be waived and no
failure to comply consented to unless expressly agreed to by the
Licensor.
d. Nothing in this Public License constitutes or may be interpreted
as a limitation upon, or waiver of, any privileges and immunities
that apply to the Licensor or You, including from the legal
processes of any jurisdiction or authority.
=======================================================================
Creative Commons is not a party to its public
licenses. Notwithstanding, Creative Commons may elect to apply one of
its public licenses to material it publishes and in those instances
will be considered the “Licensor.” The text of the Creative Commons
public licenses is dedicated to the public domain under the CC0 Public
Domain Dedication. Except for the limited purpose of indicating that
material is shared under a Creative Commons public license or as
otherwise permitted by the Creative Commons policies published at
creativecommons.org/policies, Creative Commons does not authorize the
use of the trademark "Creative Commons" or any other trademark or logo
of Creative Commons without its prior written consent including,
without limitation, in connection with any unauthorized modifications
to any of its public licenses or any other arrangements,
understandings, or agreements concerning use of licensed material. For
the avoidance of doubt, this paragraph does not form part of the
public licenses.
Creative Commons may be contacted at creativecommons.org.

4
templates/article.html
View File

@@ -19,8 +19,8 @@
<a href="/tags/{{ tag }}.html">#{{ tag }}</a>
{%- endfor %}
{% endif %}
</p>
<p>published on {{ date.date() }} </p>
</p>
<p>published on {{ date.date() }} at {{ date.time() }}</p>
<p>{%- if edited %} edited on {{ edited }}{% endif -%}</p>
</aside>

3
templates/base.html
View File

@@ -23,6 +23,7 @@
<h2>{{ site.description }}</h2>
<ul>
<li><h2><a href="/">Home</a></h2></li>
<li><h2><a href="/copyright.html">Copyright Notice</a></h2></li>
<li><h2><a href="/love.html">A love note</a></h2></li>
<li><h2><a href="/tags/">Tags</a></h2></li>
<li><h2><a href="/archive.html">Archive</a></h2></li>
@@ -38,8 +39,10 @@
</main>
<footer>
Copyleft 🄯 Freyja R. L. Odinthrir 2024 all wrongs reserved.
Subscribe to the <a href="/atom.xml">atom feed</a>.
<br>
Copyright
<!-- Contact me via
<a rel="me" href="https://mastodon.social/[FIXME]">[FIXME] Mastodon</a> or
<a href="https://github.com/[FIXME]">[FIXME] Github</a>.