Organize with page bundles

content/post/backing-up-gmail-with-synology/index.md

@@ -48,7 +48,7 @@ Synology's MailPlus seems to be a good candidate for backing up this data. By en
 
 Installing MailPlus can be done from the Package Center:
 
-![image](/images/backing-up-gmail-with-synology/install-mailplus-server.png)
+![image](install-mailplus-server.png)
 
 Next, I went into **Synology MailPlus Server** and on the left, clicked on **Account** and ensured my user was marked as active.
 
@@ -60,7 +60,7 @@ I made sure to set the `Fetch Range` to `All` in order to get all emails from th
 
 After this, mail started coming in.
 
-![image](/images/backing-up-gmail-with-synology/mail-plus-incoming-mail.png)
+![image](mail-plus-incoming-mail.png)
 
  After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.
 

content/post/enhancing-pfsense-with-services.md

@@ -1,35 +0,0 @@
----
-title: "Enhancing Pfsense With Services"
-date: 2023-03-25T18:37:08-04:00
-lastmod: 2023-03-25T18:37:08-04:00
-draft: true
-keywords: []
-description: ""
-tags: []
-categories: []
-author: ""
-
-# You can also close(false) or open(true) something for this content.
-# P.S. comment can only be closed
-comment: false
-toc: false
-autoCollapseToc: false
-postMetaInFooter: false
-hiddenFromHomePage: false
-# You can also define another contentCopyright. e.g. contentCopyright: "This is another copyright."
-contentCopyright: false
-reward: false
-mathjax: false
-mathjaxEnableSingleDollar: false
-
-flowchartDiagrams:
-  enable: false
-  options: ""
-
-sequenceDiagrams: 
-  enable: false
-  options: ""
-
----
-
-<!--more-->

content/post/setting-up-gitea-actions-with-tailscale/index.md

@@ -43,7 +43,7 @@ In this post I'll go through the process of setting up Gitea Actions and [Tailsc
 
 [Gitea Actions](https://docs.gitea.com/usage/actions/overview) have made it into the [1.19.0 release](https://blog.gitea.com/release-of-1.19.0/). This feature had been in an experimental state up until [1.21.0](https://blog.gitea.com/release-of-1.21.0/) and is now enabled by default 🎉.
 
-So what are they? If you've ever used GitHub Actions (and if you're reading this, I imagine you have), they essentially allow you to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same workflow syntax is already compatible on gitea. You can find a list of [unsupported workflows syntax](https://docs.gitea.com/usage/actions/comparison#unsupported-workflows-syntax).
+So what are they? If you've ever used GitHub Actions (and if you're reading this, I imagine you have), these will look familiar. Gitea Actions essentially enable the ability to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same workflow syntax is already compatible on gitea. You can find a documented list of [unsupported workflows syntax](https://docs.gitea.com/usage/actions/comparison#unsupported-workflows-syntax).
 
 Actions work by using a [custom fork](https://gitea.com/gitea/act) of [nekos/act](https://github.com/nektos/act). Workflows run in a new container for every job. If you specify an action such as 'actions/checkout@v3', it defaults to downloading the scripts from github.com. To avoid internet egress, you could always clone the required actions to your local gitea instance.
 
@@ -136,7 +136,7 @@ http:
 
 Something to consider is whether or not you want to use ssh with git. One method of getting this to work with containers is to use [ssh container passthrough](https://docs.gitea.com/installation/install-with-docker#ssh-container-passthrough). I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case.
 
-After adding the above configuration, running `docker compose up -d` should be enough to get your instance up and running. It will be accessible at [https://gitea.my-tailnet-name.ts.net](https://gitea.my-tailnet-name.ts.net) from within your tailnet.
+After adding the above configuration, running `docker compose up -d` should be enough to get an instance up and running. It will be accessible at [https://gitea.my-tailnet-name.ts.net](https://gitea.my-tailnet-name.ts.net) from within your tailnet.
 
 ## Connecting a Runner
 
@@ -144,7 +144,7 @@ I installed the runner by [following the docs](https://docs.gitea.com/usage/acti
 
 After registering this runner and starting the daemon, it appeared in `/admin/actions/runners`:
 
-![image](/images/setting-up-gitea-actions-with-tailscale/gitea-runners.png)
+![image](gitea-runners.png)
 
 ## Running a workflow
 
@@ -201,6 +201,6 @@ And voilà:
 
 ## Conclusion
 
-Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantionally more resources (ahem, gitlab). It certainly doesn't hurt that the codebase is largely written in go.
+Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantionally more resources (ahem, gitlab). It likely helps that the codebase is largely written in go.
 
 By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.

content/post/virtualizing-a-router-with-pfsense/index.md

@@ -56,7 +56,7 @@ The following configuration will:
 
 In the switch's web interface, I went to `VLAN` and then `802.1Q`, and then clicked on `VLAN Configuration`. I configured the ports to look like this:
 
-![vlan-config](/images/virtualizing-a-router-with-pfsense/netgear-vlan-configuration.png)
+![vlan-config](netgear-vlan-configuration.png)
 
 Note that the `VLAN Identifier Setting` has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.
 
@@ -64,15 +64,15 @@ To replicate the above configuration, add a new VLAN ID 10 (1 should exist by de
 
 Next, go into `VLAN Membership` and configure VLAN 1's port membership to be the following:
 
-![vlan-membership-1](/images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-1.png)
+![vlan-membership-1](netgear-vlan-membership-1.png)
 
 and then configure VLAN 10's port membership to be the following:
 
-![vlan-membership-10](/images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-10.png)
+![vlan-membership-10](netgear-vlan-membership-10.png)
 
 Now, go into `Port PVID` and ensure that port 8 is set to PVID 10.
 
-![vlan-port-pvid](/images/virtualizing-a-router-with-pfsense/netgear-port-pvid.png)
+![vlan-port-pvid](netgear-port-pvid.png)
 
 This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.
 
@@ -90,7 +90,7 @@ After going through the rest of the installation, if everything is connected cor
 
 If all goes well, the web interface should be running at [https://192.168.1.1](https://192.168.1.1).
 
-![pfsense-dashboard](/images/virtualizing-a-router-with-pfsense/pfsense-dashboard.png)
+![pfsense-dashboard](pfsense-dashboard.png)
 
 And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I've already installed [pfBlocker-NG](https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html).
 

content/post/watching-youtube-in-private/index.md

@@ -5,7 +5,7 @@ lastmod: 2022-12-10T21:46:55-05:00
 draft: false
 keywords: []
 description: ""
-tags: ['invidious','degoogle', 'youtube', 'yewtu.be', 'tailscale', 'privacy']
+tags: ["invidious", "degoogle", "youtube", "yewtu.be", "tailscale", "privacy"]
 categories: []
 author: ""
 
@@ -26,18 +26,16 @@ flowchartDiagrams:
   enable: false
   options: ""
 
-sequenceDiagrams: 
+sequenceDiagrams:
   enable: false
   options: ""
-
 ---
 
 <!--more-->
 
-I recently stumbled upon [yewtu.be](https://yewtu.be) and found it intriguing. It not only allows you to watch YouTube without *being on YouTube*, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it's a hosted instance of [invidious](https://invidious.io/).
+I recently stumbled upon [yewtu.be](https://yewtu.be) and found it intriguing. It not only allows you to watch YouTube without _being on YouTube_, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it's a hosted instance of [invidious](https://invidious.io/).
 
-
-![requestly](/images/watching-youtube-in-private/computerphile.png)
+![image](computerphile.png)
 
 The layout is simple, and **JavaScript is not required**.
 
@@ -54,7 +52,6 @@ I made a few modifications (such as pinning the container's tag), and ended up w
 ```yaml
 version: "3"
 services:
-
   invidious:
     image: quay.io/invidious/invidious:5160d8bae39dc5cc5d51abee90571a03c08d0f2b
     restart: unless-stopped
@@ -103,7 +100,7 @@ I figured it would be nice to redirect existing YouTube links that others send m
 
 I went looking for a way to redirect paths at the browser level. I found the lightweight proxy [requestly](https://requestly.io/), which can be used to modify http requests in my browser. I created the following rules:
 
-![requestly](/images/watching-youtube-in-private/requestly-rules.png)
+![requestly](requestly-rules.png)
 
 Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to [http://invidious:3000/watch?v=-lz30by8-sU](http://invidious:3000/watch?v=-lz30by8-sU)
 

content/post/what-to-do-with-a-homelab/index.md

@@ -23,7 +23,7 @@ Having multiple machines/nodes provides the advantage of increased redundancy, b
 Virtualizing your hardware is an organized way of dividing up your machine's resources. This can be done with something such as a *Virtual Machine* or something lighter like a container using *LXC* or *runC*.
 Containers have much less overhead in terms of boot time and storage allocation. This [Stack Overflow answer](https://stackoverflow.com/questions/16047306/how-is-docker-different-from-a-virtual-machine) sums it up nicely.
 
-![image](/images/proxmox.png)
+![image](proxmox.png)
 
 A hypervisor such as [Proxmox](https://www.proxmox.com/en/proxmox-ve/get-started) can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You'll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.
 
@@ -46,7 +46,7 @@ You could certainly setup and manage your own VPN by using something like [OpenV
 
 ## Monitoring
 
-![dashboard](/images/netdata.png)
+![dashboard](netdata.png)
 
 Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using [netdata](https://www.netdata.cloud/). It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.
 
@@ -54,7 +54,7 @@ Additionally, agents installed on different machines can all be centrally viewed
 
 As mentioned above, [Uptime Kuma](https://github.com/louislam/uptime-kuma) is a convenient way to track uptime and monitor the availability of your services.
 
-![uptime-kuma](/images/uptime-kuma.png)
+![uptime-kuma](uptime-kuma.png)
 
 ## In Summary
 

public/blog/2021/09/06/what-to-do-with-a-homelab/index.html

@@ -111,7 +111,7 @@ Having multiple machines/nodes provides the advantage of increased redundancy, b
 <h2 id="virtualization">Virtualization<a href="#virtualization" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>Virtualizing your hardware is an organized way of dividing up your machine&rsquo;s resources. This can be done with something such as a <em>Virtual Machine</em> or something lighter like a container using <em>LXC</em> or <em>runC</em>.
 Containers have much less overhead in terms of boot time and storage allocation. This <a href="https://stackoverflow.com/questions/16047306/how-is-docker-different-from-a-virtual-machine">Stack Overflow answer</a> sums it up nicely.</p>
-<p><img src="/images/proxmox.png" alt="image"></p>
+<p><img src="proxmox.png" alt="image"></p>
 <p>A hypervisor such as <a href="https://www.proxmox.com/en/proxmox-ve/get-started">Proxmox</a> can be installed in minutes on a new machine. It provides a web interface and a straight-forward way to spin up new VMs and containers. Even if your plan is to run mostly docker containers, Proxmox can be a useful abstraction for managing VMs, disks and running scheduled backups. You can even run docker within an LXC container by enabling nested virtualization. You&rsquo;ll want to ensure that VT-d and VT-x are enabled in the BIOS if you decide to install a hypervisor to manage your virtualization.</p>
 <h2 id="services">Services<a href="#services" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>So what are some useful services to deploy?</p>
@@ -127,11 +127,11 @@ Containers have much less overhead in terms of boot time and storage allocation.
 <h2 id="vpn">VPN<a href="#vpn" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>You could certainly setup and manage your own VPN by using something like <a href="https://openvpn.net/community-downloads/">OpenVPN</a>, but there is also something else you can try: <a href="https://tailscale.com/">tailscale</a>. It is a very quick way to create fully-encrypted connections between clients. With its <a href="https://tailscale.com/kb/1081/magicdns/">MagicDNS</a>, your can reference the names of machines like <code>homer</code> rather than using an IP address. By using this mesh-like VPN, you can easily create a secure tunnel to your homelab from anywhere.</p>
 <h2 id="monitoring">Monitoring<a href="#monitoring" class="hanchor" ariaLabel="Anchor">#</a></h2>
-<p><img src="/images/netdata.png" alt="dashboard"></p>
+<p><img src="netdata.png" alt="dashboard"></p>
 <p>Monitoring can become an important aspect of your homelab after it starts to become something that is relied upon. One of the simplest ways to setup some monitoring is using <a href="https://www.netdata.cloud/">netdata</a>. It can be installed on individual containers, VMs, and also a hypervisor (such as Proxmox). All of the monitoring works out of the box by detecting disks, memory, network interfaces, etc.</p>
 <p>Additionally, agents installed on different machines can all be centrally viewed in netdata, and it can alert you when some of your infrastructure is down or in a degraded state. Adding additional nodes to netdata is as simple as a 1-line shell command.</p>
 <p>As mentioned above, <a href="https://github.com/louislam/uptime-kuma">Uptime Kuma</a> is a convenient way to track uptime and monitor the availability of your services.</p>
-<p><img src="/images/uptime-kuma.png" alt="uptime-kuma"></p>
+<p><img src="uptime-kuma.png" alt="uptime-kuma"></p>
 <h2 id="in-summary">In Summary<a href="#in-summary" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>Building out a homelab can be a rewarding experience and it doesn&rsquo;t require buying a rack full of expensive servers to get a significant amount of utility. There are many services that you can run that require very minimal setup, making it possible to get a server up and running in a short period of time, with monitoring, and that can be securely connected to remotely.</p></section>
 

public/blog/2022/03/13/backing-up-gmail-with-synology/index.html

@@ -109,13 +109,13 @@
 <p>I&rsquo;ve used tools such as <a href="http://www.gmvault.org">gmvault</a> with success in the past. Setting this up on a cron seems like a viable option. However, I don&rsquo;t really need a lot of the features it offers and do not plan to restore this data to another account.</p>
 <p>Synology&rsquo;s MailPlus seems to be a good candidate for backing up this data. By enabling POP3 fetching, it&rsquo;s possible to fetch all existing emails, as well as periodically fetch all new emails. If a disaster ever did occur, having these emails would be beneficial, as they are an extension of my memory bank.</p>
 <p>Installing MailPlus can be done from the Package Center:</p>
-<p><img src="/images/backing-up-gmail-with-synology/install-mailplus-server.png" alt="image"></p>
+<p><img src="install-mailplus-server.png" alt="image"></p>
 <p>Next, I went into <strong>Synology MailPlus Server</strong> and on the left, clicked on <strong>Account</strong> and ensured my user was marked as active.</p>
 <p>Afterwords, I followed <a href="https://kb.synology.com/en-in/DSM/tutorial/How_should_I_receive_external_email_messages_via_MailPlus">these instructions</a> in order to start backing up emails.</p>
 <p>When entering the POP3 credentials, I created an <a href="https://myaccount.google.com/apppasswords">app password</a> solely for authenticating to POP3 from the Synology device. This is required because I have 2-Step verification enabled on my account. There doesn&rsquo;t seem to be a more secure way to access POP3 at the moment. It does seem like app password access is limited in scope (when MFA is enabled). These app passwords can&rsquo;t be used to login to the main Google account.</p>
 <p>I made sure to set the <code>Fetch Range</code> to <code>All</code> in order to get all emails from the beginning of time.</p>
 <p>After this, mail started coming in.</p>
-<p><img src="/images/backing-up-gmail-with-synology/mail-plus-incoming-mail.png" alt="image"></p>
+<p><img src="mail-plus-incoming-mail.png" alt="image"></p>
 <p>After fetching 19 years worth of emails, I tried searching for some emails. It only took a few seconds to search through ~50K emails, which is a relief if I ever did have to search for something important.</p>
 <h2 id="securing-synology">Securing Synology<a href="#securing-synology" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>Since Synology devices are not hermetically sealed, it&rsquo;s best to secure them by <a href="https://kb.synology.com/en-us/DSM/tutorial/How_to_add_extra_security_to_your_Synology_NAS#x_anchor_id8">enabling MFA</a> to help prevent being the <a href="https://www.bleepingcomputer.com/news/security/qlocker-ransomware-returns-to-target-qnap-nas-devices-worldwide/">victim of ransomware</a>. It is also wise to backup your system settings and volumes to the cloud using a tool such as <a href="https://www.synology.com/en-ca/dsm/feature/hyper_backup">Hyper Backup</a>.

public/blog/2022/04/02/virtualizing-my-router-with-pfsense/index.html

@@ -116,15 +116,15 @@
 <li>assign port 8 to be the WAN (connected to my ISP&rsquo;s modem)</li>
 </ul>
 <p>In the switch&rsquo;s web interface, I went to <code>VLAN</code> and then <code>802.1Q</code>, and then clicked on <code>VLAN Configuration</code>. I configured the ports to look like this:</p>
-<p><img src="/images/virtualizing-a-router-with-pfsense/netgear-vlan-configuration.png" alt="vlan-config"></p>
+<p><img src="netgear-vlan-configuration.png" alt="vlan-config"></p>
 <p>Note that the <code>VLAN Identifier Setting</code> has been setup already with two VLANs (1 and 10). More VLANs can be created (i.e. to isolate IoT devices), but 2 VLANs is all we need for the initial setup of a router.</p>
 <p>To replicate the above configuration, add a new VLAN ID 10 (1 should exist by default).</p>
 <p>Next, go into <code>VLAN Membership</code> and configure VLAN 1&rsquo;s port membership to be the following:</p>
-<p><img src="/images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-1.png" alt="vlan-membership-1"></p>
+<p><img src="netgear-vlan-membership-1.png" alt="vlan-membership-1"></p>
 <p>and then configure VLAN 10&rsquo;s port membership to be the following:</p>
-<p><img src="/images/virtualizing-a-router-with-pfsense/netgear-vlan-membership-10.png" alt="vlan-membership-10"></p>
+<p><img src="netgear-vlan-membership-10.png" alt="vlan-membership-10"></p>
 <p>Now, go into <code>Port PVID</code> and ensure that port 8 is set to PVID 10.</p>
-<p><img src="/images/virtualizing-a-router-with-pfsense/netgear-port-pvid.png" alt="vlan-port-pvid"></p>
+<p><img src="netgear-port-pvid.png" alt="vlan-port-pvid"></p>
 <p>This above configuration will dedicate two of the eight ports to WAN and LAN. This will allow the internet to flow into the pfSense from the modem.</p>
 <h2 id="setting-up-pfsense">Setting up pfSense<a href="#setting-up-pfsense" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>pfSense is fairly easy to setup. Just <a href="https://www.pfsense.org/download/">download the latest ISO</a> and boot up the virtual machine.
@@ -136,7 +136,7 @@ When setting up the machine, I mostly went with all of the defaults. Configurati
 </ul>
 <p>After going through the rest of the installation, if everything is connected correctly it should display both WAN and LAN addresses.</p>
 <p>If all goes well, the web interface should be running at <a href="https://192.168.1.1">https://192.168.1.1</a>.</p>
-<p><img src="/images/virtualizing-a-router-with-pfsense/pfsense-dashboard.png" alt="pfsense-dashboard"></p>
+<p><img src="pfsense-dashboard.png" alt="pfsense-dashboard"></p>
 <p>And this is where the fun begins. There are many tutorials and blogs about how to setup pfSense and various services and packages that can be installed. I&rsquo;ve already installed <a href="https://docs.netgate.com/pfsense/en/latest/packages/pfblocker.html">pfBlocker-NG</a>.</p>
 <h2 id="summary">Summary<a href="#summary" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>It is fairly simple to setup a router with pfSense from within a virtual machine. A physical dedicated routing machine is not necessary and often does not perform as well as software running on faster and more reliable hardware. So far, pfSense has been running for over a week without a single hiccup. pfSense is a mature piece of software that is incredibly powerful and flexible. To avoid some of the instability I had experienced with OpenWrt, I enabled <a href="https://docs.netgate.com/pfsense/en/latest/backup/autoconfigbackup.html">AutoConfigBackup</a>, which is capable of automatically backing up configuration upon every change. I plan to explore and experiment with more services and configuration in the future, so the ability to track all of these changes gives me the peace of mind that experimentation is safe.</p></section>

public/blog/2022/12/10/watching-youtube-in-private/index.html

@@ -103,7 +103,7 @@
 		
 
 		<section class="body"><p>I recently stumbled upon <a href="https://yewtu.be">yewtu.be</a> and found it intriguing. It not only allows you to watch YouTube without <em>being on YouTube</em>, but it also allows you to create an account and subscribe to channels without a Google account. What sort of wizardry is going on under the hood? It turns out that it&rsquo;s a hosted instance of <a href="https://invidious.io/">invidious</a>.</p>
-<p><img src="/images/watching-youtube-in-private/computerphile.png" alt="requestly"></p>
+<p><img src="computerphile.png" alt="image"></p>
 <p>The layout is simple, and <strong>JavaScript is not required</strong>.</p>
 <p>I started using <a href="https://yewtu.be">yewtu.be</a> as my primary client for watching videos. I subscribe to several YouTube channels and I prefer the interface invidiuous provides due to its simplicity. It&rsquo;s also nice to be in control of my search and watch history.</p>
 <p>A few days ago, yewtu.be went down briefly, and that motivated me enough to self-host invidious. There are several other hosted instances listed <a href="https://docs.invidious.io/instances/">here</a>, but being able to easily backup my own instance (including subscriptions and watch history) is more compelling in my case.</p>
@@ -112,7 +112,6 @@
 <p>I made a few modifications (such as pinning the container&rsquo;s tag), and ended up with:</p>
 <pre><code class="language-yaml">version: &quot;3&quot;
 services:
-
   invidious:
     image: quay.io/invidious/invidious:5160d8bae39dc5cc5d51abee90571a03c08d0f2b
     restart: unless-stopped
@@ -156,7 +155,7 @@ volumes:
 <h3 id="redirecting-youtube-links">Redirecting YouTube links<a href="#redirecting-youtube-links" class="hanchor" ariaLabel="Anchor">#</a></h3>
 <p>I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.</p>
 <p>I went looking for a way to redirect paths at the browser level. I found the lightweight proxy <a href="https://requestly.io/">requestly</a>, which can be used to modify http requests in my browser. I created the following rules:</p>
-<p><img src="/images/watching-youtube-in-private/requestly-rules.png" alt="requestly"></p>
+<p><img src="requestly-rules.png" alt="requestly"></p>
 <p>Now the link <a href="https://www.youtube.com/watch?v=-lz30by8-sU">https://www.youtube.com/watch?v=-lz30by8-sU</a> will redirect to <a href="http://invidious:3000/watch?v=-lz30by8-sU">http://invidious:3000/watch?v=-lz30by8-sU</a></p>
 <p>I&rsquo;m still looking for ways to improve this invidious setup. There doesn&rsquo;t appear to be a way to stream in 4K yet.</p></section>
 

public/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/index.html

@@ -107,7 +107,7 @@
 <p><a href="https://about.gitea.com/">Gitea</a> is a lightweight and fast git server that has much of the same look and feel as github. I have been using it in my homelab to mirror repositories hosted on other platforms such as github and gitlab. These mirrors take advantage of the decentralized nature of git by serving as &ldquo;backups&rdquo;. One of the main reasons I hadn&rsquo;t been using it more often was due to the lack of integrated CI/CD. This is no longer the case.</p>
 <h2 id="gitea-actions">Gitea Actions<a href="#gitea-actions" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p><a href="https://docs.gitea.com/usage/actions/overview">Gitea Actions</a> have made it into the <a href="https://blog.gitea.com/release-of-1.19.0/">1.19.0 release</a>. This feature had been in an experimental state up until <a href="https://blog.gitea.com/release-of-1.21.0/">1.21.0</a> and is now enabled by default 🎉.</p>
-<p>So what are they? If you&rsquo;ve ever used GitHub Actions (and if you&rsquo;re reading this, I imagine you have), they essentially allow you to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same workflow syntax is already compatible on gitea. You can find a list of <a href="https://docs.gitea.com/usage/actions/comparison#unsupported-workflows-syntax">unsupported workflows syntax</a>.</p>
+<p>So what are they? If you&rsquo;ve ever used GitHub Actions (and if you&rsquo;re reading this, I imagine you have), these will look familiar. Gitea Actions essentially enable the ability to run github workflows on gitea. Workflows between gitea and github are not completely interopable, but a lot of the same workflow syntax is already compatible on gitea. You can find a documented list of <a href="https://docs.gitea.com/usage/actions/comparison#unsupported-workflows-syntax">unsupported workflows syntax</a>.</p>
 <p>Actions work by using a <a href="https://gitea.com/gitea/act">custom fork</a> of <a href="https://github.com/nektos/act">nekos/act</a>. Workflows run in a new container for every job. If you specify an action such as &lsquo;actions/checkout@v3&rsquo;, it defaults to downloading the scripts from github.com. To avoid internet egress, you could always clone the required actions to your local gitea instance.</p>
 <p>Actions (gitea&rsquo;s implementation) has me excited because it makes spinning up a network-isolated environment for workflow automation incredibly simple.</p>
 <h2 id="integration-with-tailscale">Integration with Tailscale<a href="#integration-with-tailscale" class="hanchor" ariaLabel="Anchor">#</a></h2>
@@ -183,11 +183,11 @@ log:
           - url: &quot;http://gitea:3000&quot;
 </code></pre>
 <p>Something to consider is whether or not you want to use ssh with git. One method of getting this to work with containers is to use <a href="https://docs.gitea.com/installation/install-with-docker#ssh-container-passthrough">ssh container passthrough</a>. I decided to keep it simple and not use ssh, since communicating over https is perfectly fine for my use case.</p>
-<p>After adding the above configuration, running <code>docker compose up -d</code> should be enough to get your instance up and running. It will be accessible at <a href="https://gitea.my-tailnet-name.ts.net">https://gitea.my-tailnet-name.ts.net</a> from within your tailnet.</p>
+<p>After adding the above configuration, running <code>docker compose up -d</code> should be enough to get an instance up and running. It will be accessible at <a href="https://gitea.my-tailnet-name.ts.net">https://gitea.my-tailnet-name.ts.net</a> from within your tailnet.</p>
 <h2 id="connecting-a-runner">Connecting a Runner<a href="#connecting-a-runner" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>I installed the runner by <a href="https://docs.gitea.com/usage/actions/quickstart#set-up-runner">following the docs</a>. I opted for installing it on a separate host (another lxc container) as recommended in the docs. I used the systemd unit file to ensure that the runner comes back online after system reboots. I installed tailscale on this act runner as well, so that it can have the same &ldquo;networking privileges&rdquo; as the main instance.</p>
 <p>After registering this runner and starting the daemon, it appeared in <code>/admin/actions/runners</code>:</p>
-<p><img src="/images/setting-up-gitea-actions-with-tailscale/gitea-runners.png" alt="image"></p>
+<p><img src="gitea-runners.png" alt="image"></p>
 <h2 id="running-a-workflow">Running a workflow<a href="#running-a-workflow" class="hanchor" ariaLabel="Anchor">#</a></h2>
 <p>Now it&rsquo;s time start running some automation. I used the <a href="https://docs.gitea.com/usage/actions/quickstart#use-actions">demo workflow</a> as a starting point to verify that the runner is executing workflows.</p>
 <p>After this, I wanted to make sure that some of my existing workflows could be migrated over.</p>
@@ -232,12 +232,12 @@ jobs:
             --limit ${{ matrix.host }}
 </code></pre>
 <p>And voilà:</p>
-<video controls preload="auto" width="100%"  playsinline class="html-video">
+<video controls preload="auto" width="100%"  poster="/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runners.png" playsinline class="html-video">
     <source src="/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runner.webm" type="video/webm">
   <span>Your browser doesn't support embedded videos, but don't worry, you can <a href="/blog/2023/12/10/setting-up-gitea-actions-with-tailscale/gitea-runner.webm">download it</a> and watch it with your favorite video player!</span>
 </video>
 <h2 id="conclusion">Conclusion<a href="#conclusion" class="hanchor" ariaLabel="Anchor">#</a></h2>
-<p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantionally more resources (ahem, gitlab). It certainly doesn&rsquo;t hurt that the codebase is largely written in go.</p>
+<p>Gitea Actions are fast and the resource footprint is minimal. My gitea instance is currently using around 250mb of memory and a small fraction of a single cpu core (and the runner is using a similar amount of resources). This is impressive since many alternatives tend to require substantionally more resources (ahem, gitlab). It likely helps that the codebase is largely written in go.</p>
 <p>By combining gitea with the networking marvel that is tailscale, running workflows becomes simple and fun. Whether you are working on a team or working alone, this setup ensures that your workflows are securely accessible from anywhere with an internet connection.</p></section>
 
 		<div class="post-tags">