Initial commit

.ansible-lint

@@ -0,0 +1,14 @@
+---
+
+exclude_paths:
+  - .cache/
+  - .gitea/
+  - ansible/roles/requirements.yaml
+  - ansible/vars/vault.yaml
+
+warn_list:
+  - internal-error
+  # Role name {} does not match ``^[a-z][a-z0-9_]+$`` pattern
+  - '106'
+
+# vi: ft=yaml

.gitea/workflows/build_and_deploy.yaml

@@ -0,0 +1,40 @@
+---
+
+name: Build, and deploy Hugo site
+run-name: ${{ gitea.actor }} is building, and deploying the static page
+on:
+  push:
+    branches:
+      - prod
+
+jobs:
+  deploy-prod:
+    runs-on: ubuntu-latest
+    steps:
+      - run: echo "The job was automatically triggered by a ${{ gitea.event_name }} event."
+      - run: echo "The name of your branch is ${{ gitea.ref }} and your repository is ${{ gitea.repository }}."
+      - name: Check out repository code
+        uses: actions/checkout@v3
+        with:
+          submodules: 'true'
+          github-server-url: 'https://git.cbarts.net/'
+      - name: Install apt packages
+        run: apt update && apt install -y jq rsync
+      - name: Get latest Hugo version
+        run: |
+          url=$(curl --silent "https://api.github.com/repos/gohugoio/hugo/releases/latest" | jq -r '.assets[] | select(.name | contains("linux-amd64.tar.gz")) | .browser_download_url' | grep -E 'hugo_[0-9]+\.[0-9]+\.[0-9]+_linux-amd64.tar.gz')
+          wget -P /tmp/hugo/ "$url"
+          version=$(echo "$url" | grep -oP 'hugo_\K[0-9]+\.[0-9]+\.[0-9]+')
+          echo "Downloaded Hugo version: $version"
+      - name: Unpack Hugo
+        run: tar -xf /tmp/hugo/* -C ${{ gitea.workspace }}/bin
+      - name: Build the static webpage
+        run: ${{ gitea.workspace }}/bin/hugo --minify
+      - name: Create private key
+        run: |
+          echo "${{ secrets.ACT_RUNNER_KEY }}" > /tmp/act_runner_key
+          chmod 600 /tmp/act_runner_key
+      - name: rsync public directory
+        run: |
+          rsync -avz --delete -e "ssh -i /tmp/act_runner_key -o StrictHostKeyChecking=no" ${{ gitea.workspace }}/public/* act_runner@whatnow.site:/var/media/nginx/
+      - run: echo "This job's status is ${{ job.status }}."

.gitignore

@@ -1 +1,7 @@
 .vault-password
+.terraform
+*.tfvars
+act_runner*
+terraform.tfstate
+terraform.tfstate.backup
+src/public

.gitmodules

@@ -0,0 +1,6 @@
+[submodule "hugo/themes/nostyleplease"]
+	path = hugo/themes/nostyleplease
+	url = https://github.com/hanwenguo/hugo-theme-nostyleplease
+[submodule "src/themese/nostyleplease"]
+	path = src/themese/nostyleplease
+	url = https://github.com/hanwenguo/hugo-theme-nostyleplease/

.yamllint

@@ -0,0 +1,9 @@
+---
+
+extends: default
+
+ignore: |
+  .github/
+  ansible/vars/vault.yaml
+
+# vi: ft=yaml

README.md

@@ -1,3 +1,5 @@
-# template-ansible-project
+# whatnow.site
 
-This is a template repository for creating new Ansible projects.
+This page aims to be a collection of resources for anyone to stand up for democracy and the human rights we believe in. The idea came about after my partner and I were clueless for next steps after the inauguration of the 47th president of the United States.
+
+If you have resources you think should be added to this page, please send an email to ‘info’ at this domain.

ansible/group_vars/all.yaml

@@ -0,0 +1,13 @@
+---
+
+# coredotbin.openssh
+openssh_port: 22
+openssh_hostkeys:
+  - /etc/ssh/ssh_host_ed25519_key
+openssh_kexalgorithms:
+  - curve25519-sha256@libssh.org
+  - diffie-hellman-group-exchange-sha256
+openssh_macs:
+  - hmac-sha2-512-etm@openssh.com
+  - hmac-sha2-256-etm@openssh.com
+  - umac-128-etm@openssh.com

ansible/group_vars/docker_hosts.yaml

@@ -0,0 +1,5 @@
+---
+
+# ironicbadger.docker_compose_generator
+appdata_path: /var/appdata
+media_path: /var/media

ansible/roles/requirements.yaml

@@ -0,0 +1,7 @@
+---
+
+roles:
+  - name: coredotbin.openssh
+  - name: coredotbin.docker
+  - name: oefenweb.fail2ban
+  - name: ironicbadger.docker_compose_generator

ansible/run.yaml

@@ -0,0 +1,16 @@
+---
+- name: Play for all hosts
+  hosts: all
+  vars_files:
+    - 'vars/vault.yaml'
+  roles:
+    - role: coredotbin.openssh
+    - role: oefenweb.fail2ban
+
+- name: Play for Docker hosts
+  hosts: docker_hosts
+  vars_files:
+    - 'vars/vault.yaml'
+  roles:
+    - role: coredotbin.docker
+    - role: ironicbadger.docker_compose_generator

ansible/services/whatnow.site/01-traefik/compose.yaml

@@ -0,0 +1,31 @@
+---
+
+services:
+  traefik:
+    image: traefik
+    container_name: traefik
+    command:
+      - --api.dashboard=false
+
+      - --providers.docker
+      - --providers.docker.exposedByDefault=false
+
+      # Entrypoints
+      - --entrypoints.http.address=:80
+      - --entrypoints.http.http.redirections.entryPoint.to=https
+      - --entrypoints.http.http.redirections.entryPoint.scheme=https
+
+      - --entryPoints.https.address=:443
+      - --entryPoints.https.http.tls.certresolver=porkbun
+
+      # Let's Encrypt
+      - --certificatesResolvers.porkbun.acme.dnsChallenge.provider=porkbun
+      - "--certificatesResolvers.porkbun.acme.email={{ admin_email_address }}"
+      - --certificatesResolvers.porkbun.acme.storage=/etc/traefik/acme.json
+    environment:
+      - "PORKBUN_API_KEY={{ porkbun_api_key }}"
+      - "PORKBUN_SECRET_API_KEY={{ porkbun_api_secret }}"
+    volumes:
+      - "{{ appdata_path }}/traefik/config:/etc/traefik"
+      - /var/run/docker.sock:/var/run/docker.sock:ro
+    restart: unless-stopped

ansible/upgrade.yaml

@@ -0,0 +1,12 @@
+---
+
+- name: Play to upgrade apt packages on Debian hosts
+  hosts: all
+  vars_files:
+    - 'vars/vault.yaml'
+  tasks:
+    - name: Update and Upgrade apt packages
+      ansible.builtin.apt:
+        upgrade: true
+        update_cache: true
+        cache_valid_time: 86400

ansible/vars/vault.yaml

@@ -0,0 +1,22 @@
+$ANSIBLE_VAULT;1.1;AES256
+34353531633562323465616266306433346332303237393662656330643764376263323261303161
+6138393630393663353436666462313661346235656433610a333466383033613338616666313835
+36633037373166313432643665303632396162633963643336356562666363353766663561323936
+3466323034323633650a393063363665303761363063373662326661343634323363353661383736
+30343835373730643436643961383964343733653861623430333863393935613930386635333962
+31636437346465643965326162373464376161393133633661333734303834326530316431383165
+62396537353061306561333761396336663263316230633636383138636131376233333662396335
+39393165363962653236636663613735323739613631656534353165383631623366303761653165
+66383862656165346330623730353066353939666265613037323335613939333630623763633439
+32373835366362373035343837343032613032393736626330366239373462316633393732326662
+33333861666138343464343137613461653030313132393462353034393238616532343762333232
+31616238663964363565363461623663626465383437663834396461376638383331346165323838
+38353365383136663438623330633730653533636634393435363931393361396132616263636535
+63653032323137376465623433333631663731393563626635316464343539663534306363303666
+66313430316535653963323038666437663536303334316233653132656230393032323238633838
+33643432383730346430303439663630643663396231366336383266343935306136316434343231
+31316536613265646231653930313230633234653265643763373364343464386435396338656366
+62323631663962333135393365626635343861393830373161396335653564356236653931663162
+61643036333835393964656662393834313031633162626665366237386365663962653733316639
+66633235623033663235343334653633386537356634616461616661653239346238383662656365
+6539

files/pre-commit

@@ -1,16 +0,0 @@
-# Pre-commit hook to ensure vault.yaml is encrypted
-#
-# Credit goes to Nick Busey from HomelabOS for this neat little trick
-# https://gitlab.com/NickBusey/HomelabOS/-/issues/355
-
-if ( git show :vars/vault.yaml | grep -q "$ANSIBLE_VAULT;" ); then
-echo "\e[38;5;108mVault Encrypted. Safe to commit.\e[0m"
-else
-echo "\e[38;5;208mVault not encrypted! Run 'make encrypt' and try again.\e[0m"
-exit 1
-fi
-
-command -v yamllint > /dev/null && echo "Running yamllint..." && yamllint . || exit 1
-command -v ansible-lint > /dev/null && echo "Running ansible-lint..." ansible-lint
-
-# vi: ft=sh

group_vars/all.yaml

@@ -1 +0,0 @@
----\n

host_vars/host.yaml

@@ -1 +0,0 @@
----\n

hugo/themes/nostyleplease

@@ -0,0 +1 @@
+Subproject commit cfbfe4e8ed13ba6256c9ea076690dba30dd8765b

inventory.yaml

@@ -1 +1,13 @@
----\n
+---
+all:
+  hosts:
+    whatnow.site:
+      ansible_user: act_runner
+      ansible_ssh_private_key_file: act_runner
+  children:
+    docker_hosts:
+      hosts:
+        whatnow.site:
+    webservers:
+      hosts:
+        whatnow.site:

makefile

@@ -0,0 +1,111 @@
+##@ General
+
+# Credit the the Woodpecker-CI team for this awesome help script
+.PHONY: help
+help: ## Display this help
+	@awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n  make \033[36m<target>\033[0m\n"} /^[a-zA-Z_0-9-]+:.*?##/ { printf "  \033[36m%-15s\033[0m %s\n", $$1, $$2 } /^##@/ { printf "\n\033[1m%s\033[0m\n", substr($$0, 5) } ' $(MAKEFILE_LIST)
+
+install-tools: ## Install development tools
+	@hash yamllint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		pip install yamllint; \
+	fi ; \
+	hash ansible-lint > /dev/null 2>&1; if [ $$? -ne 0 ]; then \
+		pip install ansible-lint; \
+	fi
+
+# Initiliaze git pre-commit hook to ensure vault.yaml is encrypted
+# Credit to Nick Busey from HomelabOS
+# https://gitlab.com/NickBusey/HomelabOS/-/issues/355
+define _gitinit
+if [ -d .git/ ]; then
+rm .git/hooks/pre-commit > /dev/null 2>&1
+cat <<EOT >> .git/hooks/pre-commit
+# git pre-commit
+printf "Checking that vault is encrypted...\n"
+if ( cat ansible/vars/vault.yaml | grep -q "\$ANSIBLE_VAULT;" ); then
+printf "\033[0;32mVault Encrypted. Safe to commit.\033[0m\n"
+else
+printf  "\033[0;31mVault not encrypted! Run 'make encrypt' and try again.\033[0m\n"
+exit 1
+fi
+printf "Running yamllint...\n"
+hash yamllint > /dev/null 2>&1; if [ \$\$ -ne 0 ]; then yamllint . || exit 1; fi
+printf "Running ansible-lint..."
+hash ansible-lint > /dev/null 2>&1; if [ \$\$ -ne 0 ]; then ansible-lint || exit 1; fi
+EOT
+chmod +x .git/hooks/pre-commit
+else
+printf "\033[1;31mError\033[0;31m: Either the repository failed to download, or a new repository has not yet been initialized.\033[0m\n"
+fi
+echo Set git pre-commit hook
+endef
+export gitinit = $(value _gitinit)
+
+.PHONY: init
+init: install-tools reqs ## Initialize Git hooks, requirements, and dev tools
+	@ eval "$$gitinit"
+
+##@ Requirements
+
+reqs: ## Install Ansible Galaxy requirements
+	ansible-galaxy install -r ansible/roles/requirements.yaml
+forcereqs: ## Force install Ansible Galaxy requirements
+	ansible-galaxy install -r ansible/roles/requirements.yaml --force
+
+##@ Vault
+
+encrypt: ## Encrypt the Ansible vault
+	ansible-vault encrypt ansible/vars/vault.yaml
+decrypt: ## Decrypt the Ansible vault
+	ansible-vault decrypt ansible/vars/vault.yaml
+
+##@ Test
+
+.PHONY: lint
+lint: install-tools ## Lint yaml and Ansible
+	yamllint ansible
+	ansible-lint
+
+# If the first argument is "check"...
+ifeq (check,$(firstword $(MAKECMDGOALS)))
+  # use the rest as arguments for "check"
+  RUN_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  # ...and turn them into do-nothing targets
+  $(eval $(RUN_ARGS):;@:)
+endif
+
+.PHONY: check
+check: lint ## Plan OpenTofu and run Ansible playbook in check mode
+	#tofu plan
+	ansible-playbook -b ansible/run.yaml --check --diff $(RUN_ARGS)
+
+.PHONY: serve
+serve: ## Build and serve a preview of the Hugo site locally
+	hugo -s src serve --noHTTPCache --disableFastRender &
+
+##@ Run
+
+# If the first argument is "run"...
+ifeq (run,$(firstword $(MAKECMDGOALS)))
+  # use the rest as arguments for "run"
+  RUN_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  # ...and turn them into do-nothing targets
+  $(eval $(RUN_ARGS):;@:)
+endif
+
+.PHONY: run
+run: lint ## Apply OpenTofu and run Ansible playbook
+	#tofu apply
+	ansible-playbook -b ansible/run.yaml $(RUN_ARGS)
+
+# If the first argument is "upgrade"...
+ifeq (upgrade,$(firstword $(MAKECMDGOALS)))
+  # use the rest as arguments for "upgrade"
+  RUN_ARGS := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
+  # ...and turn them into do-nothing targets
+  $(eval $(RUN_ARGS):;@:)
+endif
+
+.PHONY: upgrade
+upgrade: ## Update and Upgrade apt packages
+	ansible-playbook -b ansible/upgrade.yaml $(RUN_ARGS)

playbooks/localhost_setup.yaml

@@ -1,17 +0,0 @@
----
-- name: Localhost setup
-  hosts: 127.0.0.1
-  tasks:
-    - name: Install packages
-      ansible.builtin.package:
-        name: "{{ item }}"
-        state: present
-      with_items:
-        - yamllint
-        - ansible-lint
-
-    - name: Set up git pre-commit hooks
-      ansible.builtin.copy:
-        src: ../files/pre-commit
-        dest: ../.git/hooks/pre-commit
-        mode: 0755

roles/requirements.yaml

@@ -1 +0,0 @@
----\n

src/archetypes/default.md

@@ -0,0 +1,5 @@
++++
+date = '{{ .Date }}'
+draft = true
+title = '{{ replace .File.ContentBaseName "-" " " | title }}'
++++

src/content/_index.md

@@ -0,0 +1,82 @@
++++
+date = '2025-02-09T15:56:25-05:00'
+draft = false
+title = 'What now?'
++++
+
+# The U.S. is on a collision course with fascism. **What now?**
+
+> "**All persons** born or naturalized in the United States, **and subject to the jurisdiction thereof, are citizens of the United States** and of the State wherein they reside. No State shall make or enforce any law which shall abridge the privileges or immunities of citizens of the United States; nor shall any State deprive any person of life, liberty, or property, without due process of law; nor deny to any person within its jurisdiction **the equal protection of the laws**."
+> 
+> 
+> \- *Section 1 of the 14th Amendment to the Constitution of the United States*
+
+## Build a community.
+
+Live your values and find those who share in them.
+
+Engage with mutual aid groups: voluntary, collaborative exchanges of resources and services for common benefit that take place amongst community members to overcome social, economic, and political barriers to meeting common needs.
+
+- [Mutual Aid Hub](https://www.mutualaidhub.org/)
+- [Food not Bombs](https://foodnotbombs.net/new_site/)
+- [How to create a mutual aid network | American Friends Service Committee](https://afsc.org/news/how-create-mutual-aid-network)
+
+Take part in federated communities on [Mastodon](https://joinmastodon.org/), [Lemmy](https://join-lemmy.org/), and [PixelFed](https://pixelfed.org/). [The Fediverse](https://www.fediverse.to/) is a collection of community-owned, ad-free, [decentralized](https://www.404media.co/decentralized-social-media-is-the-only-alternative-to-the-tech-oligarchy/), and privacy-focused social networks. You can join any of these and still follow anyone on the other services, because they all speak the same language.
+
+Escape the censorship of Zuckerberg's [Facebook](https://www.theguardian.com/media/2021/may/26/pro-palestine-censorship-facebook-instagram), [Instagram](https://www.bbc.com/news/articles/c4g32yxpdz0o), and Threads, Musk's X, and TikTok—which has only returned [after hiding anti-Trump rhetoric](https://www.latintimes.com/anti-trump-searches-appear-hidden-tiktok-after-app-comes-back-online-tiktok-now-trumps-572903) by moving to federated online communities.
+
+## Protect and support the members of your community.
+
+All people in the United States, regardless of immigration status, have certain rights and protections under the U.S. Constitution.
+
+The ILRC’s Red Cards help people assert their rights and defend themselves in many situations, such as when ICE agents go to a home. Order or print some of these cards and make them available to your community.
+
+- [Red Cards](https://www.ilrc.org/red-cards-tarjetas-rojas) \/ _[Tarjetas Rojas](https://www.ilrc.org/red-cards-tarjetas-rojas)_ | [Immigrant Legal Resource Center](https://www.ilrc.org/red-cards-tarjetas-rojas)
+- [Immigration Preparedness Toolkit | Immigrant Legal Resource Center](https://www.ilrc.org/resources/community/immigration-preparedness-toolkit)
+
+## Encourage and support labor unions, workers, and small businesses
+
+Get involved with unions and co-ops in your local area. Join picket lines and participate in boycotts.
+
+Direct purchasing power away from Amazon, Whole Foods, and large grocery chains. Shop at farmers' markets and small businesses.
+
+- [Find a farmers market near you | National Farmers Market Directory](https://nfmd.org/browse/)
+- [USDA National Farmers Market Directory | USDA.gov](https://www.ams.usda.gov/local-food-directories/farmersmarkets)
+- [Farmers Markets Accepting SNAP Benefits | USDA.gov](https://www.fns.usda.gov/snap/farmers-markets-accepting-benefits)
+
+By state
+
+- [Orange County Farmers Markets | Orange County California](https://www.orangecounty.net/HTML/farmersmarkets.html)
+- [Farmers' Markets in Denver](https://www.denver.org/things-to-do/shopping/farmers-markets/)
+- [Fresh farmers markets in Georgia | Georgia Grown](https://georgiagrown.com/find-georgia-grown/retail/farmers-markets/)
+- [Find a Market | Illinois Farmers Market Association](https://www.ilfma.org/find-a-market/)
+- [Find a Farmers Market | Michigan Famers Market Association](https://mifma.org/find-a-farmers-market/)
+- [Grand Rapids Farmers Markets](https://www.experiencegr.com/articles/post/west-michigan-farmers-markets/)
+- [Farmers Markets | Minnesota Grown](https://minnesotagrown.com/farmers-markets/)
+- [Find a Greenmarket or Farmstand | GrowNYC](https://www.grownyc.org/greenmarket/ourmarkets)
+- [Find a Farmers Market | Utah Farmers Market Network](https://www.utahfarmersmarketnetwork.org/find-a-farmers-market)
+- [Washington State Farmers Market Association](https://wafarmersmarkets.org/)
+- [Wisconsin Farmers Market Association](https://www.wifarmersmarkets.org/find-a-wisconsin-farmers-market)
+
+## Continue to **vote** and stay informed about local elections.
+
+Visit [vote.org](https://www.vote.org/) for state-by-state links to state and local election information, voter registration rules and deadlines, and absentee ballot information.
+
+Encourage and vote for public servants who are focused on the public—not on special interest-funded career opportunities.
+
+Lobbying is the act of soliciting elected officials to use their office to benefit the interests of corporations and [wealthy oligarchs](https://www.theguardian.com/commentisfree/2025/jan/22/oligarchs-visible-more-vulnerable). [Filing taxes could be a lot easier without Intuit's lobbyists](https://www.propublica.org/article/inside-turbotax-20-year-fight-to-stop-americans-from-filing-their-taxes-for-free), but this is just one example of the power tech companies and oligarchs exhibit over government policy.
+
+Contact your senators and congresspeople to remind them of who they're fighting for and comment on pressing issues. We elect these public servants to serve our interests. Let them know what our interests are.
+
+- [Find your congress member](https://www.congress.gov/members/find-your-member)
+- [Find your senator](https://www.senate.gov/senators/senators-contact.htm)
+
+## Share and promote these resources.
+
+Submit resources you've found helpful to the email at the bottom of this page.
+
+---
+
+# What is fascism?
+
+Fascism is a system of government with a centralized authority, a capitalist economy, violent suppression of the opposition (like we saw on January 6th, 2021), and a policy of belligerent nationalism and racism. Sound familiar? We think so.

src/hugo.toml

@@ -0,0 +1,4 @@
+baseURL = 'https://whatnow.site/'
+languageCode = 'en-us'
+title = 'What now?'
+theme = 'nostyleplease'

src/layouts/footer.md

@@ -0,0 +1,9 @@
+---
+
+# About
+
+This page aims to be a collection of resources for anyone to stand up for democracy and the human rights we believe in. The idea came about after my partner and I were clueless for next steps after the inauguration of the 47th president of the United States.
+
+If you have resources you think should be added to this page, please send an email to 'info' at this domain.
+
+Built with [Hugo](https://gohugo.io/) and the [no-style-please](https://themes.gohugo.io/themes/hugo-theme-nostyleplease/) theme.

src/layouts/index.html

@@ -0,0 +1,5 @@
+{{ define "main" }}
+
+{{ .Content }}
+
+{{ end }}

src/resources/_gen/assets/css/main.scss_35601896d6bd2ab55ee32eed5560ec53.content

@@ -0,0 +1,3 @@
+body[a="dark"]{background-color:#000;color:#fff}body[a="dark"] a{color:#79a8ff}body[a="dark"] a:visited{color:#f78fe7}body[a="dark"] details{border:thin solid #fff}body[a="dark"] details summary{color:#fff}body[a="dark"] details[open] summary{border-bottom:1px solid #fff}body[a="dark"] pre{background:#000}body[a="dark"] code:not(pre>code){background-color:#fff;color:#000}body[a="dark"] *:target{background:#2f3849;color:#fff}body[a="dark"] table,body[a="dark"] th,body[a="dark"] td{border:thin solid #fff}body[a="dark"] .toc{border:thin solid #fff;padding:1rem}body[a="dark"] figcaption{color:#000}body[a="dark"] blockquote{border:thin solid #fff}body[a="light"]{background-color:#fff;color:#000}body[a="light"] a{color:#3548cf}body[a="light"] a:visited{color:#8f0075}body[a="light"] details{border:thin solid #000}body[a="light"] details summary{color:#000}body[a="light"] details[open] summary{border-bottom:1px solid #000}body[a="light"] pre{background:#fff}body[a="light"] code:not(pre>code){background-color:#000;color:#fff}body[a="light"] *:target{background:#dae5ec;color:#000}body[a="light"] table,body[a="light"] th,body[a="light"] td{border:thin solid #000}body[a="light"] .toc{border:thin solid #000;padding:1rem}body[a="light"] figcaption{color:#595959}body[a="light"] blockquote{border:thin solid #000}@media (prefers-color-scheme: dark){body[a="auto"]{background-color:#000;color:#fff}body[a="auto"] a{color:#79a8ff}body[a="auto"] a:visited{color:#f78fe7}body[a="auto"] details{border:thin solid #fff}body[a="auto"] details summary{color:#fff}body[a="auto"] details[open] summary{border-bottom:1px solid #fff}body[a="auto"] pre{background:#000}body[a="auto"] code:not(pre>code){background-color:#fff;color:#000}body[a="auto"] *:target{background:#2f3849;color:#fff}body[a="auto"] table,body[a="auto"] th,body[a="auto"] td{border:thin solid #fff}body[a="auto"] .toc{border:thin solid #fff;padding:1rem}body[a="auto"] figcaption{color:#000}body[a="auto"] blockquote{border:thin solid #fff}}@media (prefers-color-scheme: light){body[a="auto"]{background-color:#fff;color:#000}body[a="auto"] a{color:#3548cf}body[a="auto"] a:visited{color:#8f0075}body[a="auto"] details{border:thin solid #000}body[a="auto"] details summary{color:#000}body[a="auto"] details[open] summary{border-bottom:1px solid #000}body[a="auto"] pre{background:#fff}body[a="auto"] code:not(pre>code){background-color:#000;color:#fff}body[a="auto"] *:target{background:#dae5ec;color:#000}body[a="auto"] table,body[a="auto"] th,body[a="auto"] td{border:thin solid #000}body[a="auto"] .toc{border:thin solid #000;padding:1rem}body[a="auto"] figcaption{color:#595959}body[a="auto"] blockquote{border:thin solid #000}}html{height:100%}body{font-family:monospace;font-size:16px;line-height:1.4;margin:0;min-height:100%;overflow-wrap:break-word}h2,h3,h4,h5,h6{margin-top:1.5rem}p{margin:1rem 0}li{margin:0.4rem 0}a{text-decoration:none}a:hover{text-decoration:underline}hr{text-align:center;border:0;margin:2rem 0}hr:before{content:'/////'}hr:after{content:attr(data-content) "/////"}pre{padding:1em;overflow-x:auto}table{width:100%}table,th,td{border-collapse:collapse;padding:0.4rem}code{text-size-adjust:100%;-ms-text-size-adjust:100%;-moz-text-size-adjust:100%;-webkit-text-size-adjust:100%}code:not(pre>code){padding:0.1em 0.2em;font-size:90%}code.has-jax{-webkit-font-smoothing:antialiased;background:inherit !important;border:none !important;font-size:100%}blockquote{padding:1rem}blockquote p{margin:0}img{max-width:100%;display:block;margin:0 auto}figcaption{text-align:center;opacity:0.5}details{padding:1rem}details summary{text-decoration:none}details[open] summary{margin-bottom:0.5em;padding-bottom:0.5em}.post-meta{display:flex;justify-content:space-between;align-items:center}.w{max-width:640px;margin:0 auto;padding:4rem 2rem}.toc{padding:1rem}
+
+/*# sourceMappingURL=main.css.map */

src/resources/_gen/assets/css/main.scss_35601896d6bd2ab55ee32eed5560ec53.json

@@ -0,0 +1 @@
+{"Target":"/css/main.900100e9dbee2d56c58fac8bb717037cae7e26a9c36c29d2ff587bdd65f0cbbe510b41d81a3bb234919cdfdc7550d786b2fab70c8fc507772d732fe097106d12.css","MediaType":"text/css","Data":{"Integrity":"sha512-kAEA6dvuLVbFj6yLtxcDfK5+JqnDbCnS/1h73WXwy75RC0HYGjuyNJGc39x1UNeGsvq3DI/FB3ctcy/glxBtEg=="}}

src/resources/_gen/assets/css/main.scss_3d8be35fd0793eabe59c88efeab77a53.content

@@ -0,0 +1 @@
+body[a="dark"]{background-color:#000;color:#fff}body[a="dark"] a{color:#79a8ff}body[a="dark"] a:visited{color:#f78fe7}body[a="dark"] details{border:thin solid #fff}body[a="dark"] details summary{color:#fff}body[a="dark"] details[open] summary{border-bottom:1px solid #fff}body[a="dark"] pre{background:#000}body[a="dark"] code:not(pre>code){background-color:#fff;color:#000}body[a="dark"] *:target{background:#2f3849;color:#fff}body[a="dark"] table,body[a="dark"] th,body[a="dark"] td{border:thin solid #fff}body[a="dark"] .toc{border:thin solid #fff;padding:1rem}body[a="dark"] figcaption{color:#000}body[a="dark"] blockquote{border:thin solid #fff}body[a="light"]{background-color:#fff;color:#000}body[a="light"] a{color:#3548cf}body[a="light"] a:visited{color:#8f0075}body[a="light"] details{border:thin solid #000}body[a="light"] details summary{color:#000}body[a="light"] details[open] summary{border-bottom:1px solid #000}body[a="light"] pre{background:#fff}body[a="light"] code:not(pre>code){background-color:#000;color:#fff}body[a="light"] *:target{background:#dae5ec;color:#000}body[a="light"] table,body[a="light"] th,body[a="light"] td{border:thin solid #000}body[a="light"] .toc{border:thin solid #000;padding:1rem}body[a="light"] figcaption{color:#595959}body[a="light"] blockquote{border:thin solid #000}@media (prefers-color-scheme: dark){body[a="auto"]{background-color:#000;color:#fff}body[a="auto"] a{color:#79a8ff}body[a="auto"] a:visited{color:#f78fe7}body[a="auto"] details{border:thin solid #fff}body[a="auto"] details summary{color:#fff}body[a="auto"] details[open] summary{border-bottom:1px solid #fff}body[a="auto"] pre{background:#000}body[a="auto"] code:not(pre>code){background-color:#fff;color:#000}body[a="auto"] *:target{background:#2f3849;color:#fff}body[a="auto"] table,body[a="auto"] th,body[a="auto"] td{border:thin solid #fff}body[a="auto"] .toc{border:thin solid #fff;padding:1rem}body[a="auto"] figcaption{color:#000}body[a="auto"] blockquote{border:thin solid #fff}}@media (prefers-color-scheme: light){body[a="auto"]{background-color:#fff;color:#000}body[a="auto"] a{color:#3548cf}body[a="auto"] a:visited{color:#8f0075}body[a="auto"] details{border:thin solid #000}body[a="auto"] details summary{color:#000}body[a="auto"] details[open] summary{border-bottom:1px solid #000}body[a="auto"] pre{background:#fff}body[a="auto"] code:not(pre>code){background-color:#000;color:#fff}body[a="auto"] *:target{background:#dae5ec;color:#000}body[a="auto"] table,body[a="auto"] th,body[a="auto"] td{border:thin solid #000}body[a="auto"] .toc{border:thin solid #000;padding:1rem}body[a="auto"] figcaption{color:#595959}body[a="auto"] blockquote{border:thin solid #000}}html{height:100%}body{font-family:monospace;font-size:16px;line-height:1.4;margin:0;min-height:100%;overflow-wrap:break-word}h2,h3,h4,h5,h6{margin-top:1.5rem}p{margin:1rem 0}li{margin:0.4rem 0}a{text-decoration:none}a:hover{text-decoration:underline}hr{text-align:center;border:0;margin:2rem 0}hr:before{content:'/////'}hr:after{content:attr(data-content) "/////"}pre{padding:1em;overflow-x:auto}table{width:100%}table,th,td{border-collapse:collapse;padding:0.4rem}code{text-size-adjust:100%;-ms-text-size-adjust:100%;-moz-text-size-adjust:100%;-webkit-text-size-adjust:100%}code:not(pre>code){padding:0.1em 0.2em;font-size:90%}code.has-jax{-webkit-font-smoothing:antialiased;background:inherit !important;border:none !important;font-size:100%}blockquote{padding:1rem}blockquote p{margin:0}img{max-width:100%;display:block;margin:0 auto}figcaption{text-align:center;opacity:0.5}details{padding:1rem}details summary{text-decoration:none}details[open] summary{margin-bottom:0.5em;padding-bottom:0.5em}.post-meta{display:flex;justify-content:space-between;align-items:center}.w{max-width:640px;margin:0 auto;padding:4rem 2rem}.toc{padding:1rem}

src/resources/_gen/assets/css/main.scss_3d8be35fd0793eabe59c88efeab77a53.json

@@ -0,0 +1 @@
+{"Target":"/css/main.51652302d3a998bf7887aed5c2cf89141bbebdf45a2c8f87b0717a3cf4f51c4e53c694c328fb1de78c3a625a1c01f80745bf1f2f42c040647a245cbbb6c2d1d7.css","MediaType":"text/css","Data":{"Integrity":"sha512-UWUjAtOpmL94h67Vws+JFBu+vfRaLI+HsHF6PPT1HE5TxpTDKPsd54w6YlocAfgHRb8fL0LAQGR6JFy7tsLR1w=="}}

src/themes/nostyleplease

@@ -0,0 +1 @@
+Subproject commit cfbfe4e8ed13ba6256c9ea076690dba30dd8765b

src/themese/nostyleplease

@@ -0,0 +1 @@
+Subproject commit cfbfe4e8ed13ba6256c9ea076690dba30dd8765b

tofu.tf

@@ -0,0 +1,182 @@
+terraform {
+  required_providers {
+    linode = {
+      source = "linode/linode"
+    }
+    porkbun = {
+      source = "kyswtn/porkbun"
+      version = "0.1.3"
+    }
+  }
+}
+
+variable "linode_root_password" {}
+variable "linode_username" {}
+variable "linode_user_password" {}
+
+provider "linode" {
+  token = var.linode_token
+}
+
+provider "porkbun" {
+  api_key = var.porkbun_api_key
+  secret_api_key = var.porkbun_secret_api_key
+}
+
+variable "linode_token" {
+  description = "Linode API token"
+  sensitive = true
+}
+
+variable "porkbun_api_key" {
+  description = "Porkbun API key"
+}
+
+variable "porkbun_secret_api_key" {
+  description = "Porkbun API secret"
+  sensitive = true
+}
+
+resource "linode_sshkey" "key" {
+  label = "act_runner"
+  ssh_key = chomp(file("act_runner.pub"))
+}
+
+resource "linode_instance" "wn_lin_deb_use_01" {
+  label = "wn-lin-deb-use-01"
+  type = "g6-nanode-1"
+  region = "us-east"
+  image = "linode/debian11"
+  root_pass = var.linode_root_password
+
+  tags = ["tofu"]
+
+  // connection {
+  //   host = linode_instance.wn_lin_deb_use_01.ip_address
+  //   user = "root"
+  //   password = var.linode_root_password
+  // }
+
+  // provisioner "remote-exec" {
+  //   inline = [
+  //     // Set hostname
+  //     "hostnamectl set-hostname wn-lin-deb-use-01.whatnow.site",
+  //     // Create required groups
+  //     "groupadd ssh",
+  //     "groupadd sudo",
+  //     "useradd -m -G ssh,sudo -s /usr/bin/bash act_runner",
+  //     "usermod -aG ssh ${var.linode_username}",
+  //     "echo \"${chomp(file("act_runner.pub"))} >> /home/act_username/.ssh/authorized_keys",
+  //   ]
+  // }
+}
+
+resource "porkbun_dns_record" "whatnowsite" {
+  domain = "whatnow.site"
+  type = "A"
+  content = linode_instance.wn_lin_deb_use_01.ip_address
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "www" {
+  domain = "whatnow.site"
+  type = "CNAME"
+  name = "www"
+  priority = 0
+  content = "whatnow.site"
+  ttl = 600
+  notes = "Redirect www.whatnow.site to whatnow.site"
+}
+
+resource "porkbun_dns_record" "protonverification" {
+  domain = "whatnow.site"
+  type = "TXT"
+  content = "protonmail-verification=a498c4f361abb4493f3734f6c4d5fdb91cc2edeb"
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "protonmx10" {
+  domain = "whatnow.site"
+  type = "MX"
+  content = "mail.protonmail.ch"
+  priority = 10
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "protonmx20" {
+  domain = "whatnow.site"
+  type = "MX"
+  content = "mailsec.protonmail.ch"
+  priority = 20
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "spf" {
+  domain = "whatnow.site"
+  type = "TXT"
+  content = "v=spf1 include:_spf.protonmail.ch -all"
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "protondkim1" {
+  domain = "whatnow.site"
+  type = "CNAME"
+  name = "protonmail._domainkey"
+  content = "protonmail.domainkey.d3rb67w6crkvj3orrugsd3np7l3huitnpx4gj5uri636jans5er3a.domains.proton.ch."
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "protondkim2" {
+  domain = "whatnow.site"
+  type = "CNAME"
+  name = "protonmail2._domainkey"
+  content = "protonmail2.domainkey.d3rb67w6crkvj3orrugsd3np7l3huitnpx4gj5uri636jans5er3a.domains.proton.ch."
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "protondkim3" {
+  domain = "whatnow.site"
+  type = "CNAME"
+  name = "protonmail3._domainkey"
+  content = "protonmail3.domainkey.d3rb67w6crkvj3orrugsd3np7l3huitnpx4gj5uri636jans5er3a.domains.proton.ch."
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "dmarc" {
+  domain = "whatnow.site"
+  type = "TXT"
+  name = "_dmarc"
+  content = "v=DMARC1; p=reject; aspf=s; adkim=s; fo=1; ri=86400"
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "caa_issue" {
+  domain = "whatnow.site"
+  type = "CAA"
+  priority = 0
+  content = "0 issue letsencrypt.org"
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "caa_issuewild" {
+  domain = "whatnow.site"
+  type = "CAA"
+  content = "0 issuewild letsencrypt.org"
+  priority = 0
+  ttl = 600
+}
+
+resource "porkbun_dns_record" "caa_iodef" {
+  domain = "whatnow.site"
+  type = "CAA"
+  content = "0 iodef mailto:info@whatnow.site"
+  priority = 0
+  ttl = 600
+}

vars/vault.yaml

@@ -1 +0,0 @@
----\n