Merge f7ce949278 into 190e0b2835

config.yaml

@@ -5,6 +5,10 @@ enableGitInfo: true
 enableRobotsTXT: true
 paginate: 20
 
+services:
+  googleAnalytics:
+    ID: G-V8WJDERTX9
+
 build:
   noJSConfigInAssets: true
   writeStats: true
@@ -68,7 +72,7 @@ markup:
 
 module:
   imports:
-    - path: custom-theme
+    - path: hugo-theme-gruvbox
   mounts:
     - source: node_modules/simple-icons/icons
       target: assets/simple-icons

content/_index.md

@@ -1,6 +1,6 @@
 # Hello
 
-👋 I'm a software tinkerer with a passion for infra, security, privacy, and self-hosting.
+👋 I'm a software tinkerer with a passion for infra, security, and self-hosting.
 
 This is a space where I document my learnings and share them with others. I hope you find something useful here. Continuous improvement is what motivates me to keep learning.
 
@@ -10,9 +10,8 @@ I choose to host this site, alongside other tools, rather than relying exclusive
 
 If you would like to connect with me:
 
-- [Email](mailto:davegallant@proton.me)
+- [Email](mailto:me@davegallant.ca)
 - [LinkedIn](https://www.linkedin.com/in/dave-gallant)
-- [Cal.com](https://cal.com/davegallant)
 - [Mastodon](https://mastodon.social/@davegallant)
 - [GitHub](https://github.com/davegallant)
 - [RSS Feed](https://davegallant.ca/index.xml)

content/blog/amazon-ebs-csi-driver-terraform/index.md

@@ -1,95 +0,0 @@
----
-title: "Amazon EBS CSI driver with terraform"
-date: "2024-04-07T15:20:23-04:00"
-draft: false
-comments: true
-toc: false
-author: "Dave Gallant"
-tags: ['aws', 'eks', 'ebs', 'aws-ebs-csi-driver', 'oidc', 'efs', 'aws-efs-csi-driver']
----
-
-I recently configured the Amazon EBS CSI driver and found the setup with terraform to be more effort than expected. I wanted to avoid third-party modules and keep it as simple as possible, while remaining least privilege.
-
-> UPDATE: This approach can also be used for the aws-efs-csi-driver
-
-<!--more-->
-
-The [Amazon EBS CSI driver docs](https://docs.aws.amazon.com/eks/latest/userguide/ebs-csi.html) mention that the following are needed:
-
-- an existing EKS cluster
-- IAM role (that allows communication to the EC2 API)
-- EKS add-on (aws-ebs-csi-driver)
-- OIDC provider
-
-This sounded simple enough but I was unable to find a "grab-and-go" terraform example that followed the recommendations in the docs. I saw some suggestions about attaching an `AmazonEBSCSIDriverPolicy` policy to the node groups but did not think this was the best idea since this would allow many pods to potentially have access to the EC2 API.
-
-After a few minutes of LLM prompting, I was unimpressed with the results. I began to piece together the config myself, and after some trial and error, this is the terraform that I came up with:
-
-```hcl
-
-# TLS needed for the thumbprint
-provider "tls" {}
-
-data "tls_certificate" "oidc" {
-  url = aws_eks_cluster.main.identity[0].oidc[0].issuer
-}
-
-# EKS addon
-resource "aws_eks_addon" "ebs_csi_driver" {
-  cluster_name             = aws_eks_cluster.main.name
-  addon_name               = "aws-ebs-csi-driver"
-  addon_version            = "v1.29.1-eksbuild.1"
-  service_account_role_arn = aws_iam_role.ebs_csi_driver.arn
-}
-
-# AWS Identity and Access Management (IAM) OpenID Connect (OIDC) provider
-
-resource "aws_iam_openid_connect_provider" "eks" {
-  url             = aws_eks_cluster.main.identity.0.oidc.0.issuer
-  client_id_list  = ["sts.amazonaws.com"]
-  thumbprint_list = [data.tls_certificate.oidc.certificates[0].sha1_fingerprint]
-}
-
-# IAM
-resource "aws_iam_role" "ebs_csi_driver" {
-  name               = "ebs-csi-driver"
-  assume_role_policy = data.aws_iam_policy_document.ebs_csi_driver_assume_role.json
-}
-
-data "aws_iam_policy_document" "ebs_csi_driver_assume_role" {
-  statement {
-    effect = "Allow"
-
-    principals {
-      type        = "Federated"
-      identifiers = [aws_iam_openid_connect_provider.eks.arn]
-    }
-
-    actions = [
-      "sts:AssumeRoleWithWebIdentity",
-    ]
-
-    condition {
-      test     = "StringEquals"
-      variable = "${aws_iam_openid_connect_provider.eks.url}:aud"
-      values   = ["sts.amazonaws.com"]
-    }
-
-    condition {
-      test     = "StringEquals"
-      variable = "${aws_iam_openid_connect_provider.eks.url}:sub"
-      values   = ["system:serviceaccount:kube-system:ebs-csi-controller-sa"]
-    }
-
-  }
-}
-
-resource "aws_iam_role_policy_attachment" "AmazonEBSCSIDriverPolicy" {
-  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEBSCSIDriverPolicy"
-  role       = aws_iam_role.ebs_csi_driver.name
-}
-```
-
-The above configuration follows the docs, binding an IAM role to the service account `kube-system/ebs-csi-controller-sa` using an OpenID connect provider.
-
-After applying the changes above, I deployed [the sample application](https://docs.aws.amazon.com/eks/latest/userguide/ebs-sample-app.html) and noticed that the persistent volume claims were bound to EBS volumes.

content/blog/opting-out-of-haveibeenpwned/index.md

@@ -1,43 +0,0 @@
----
-title: "Opting out of haveibeenpwned"
-date: "2025-02-16T21:15:07-05:00"
-draft: false
-comments: true
-toc: false
-author: "Dave Gallant"
-tags:
-  [
-    "breach",
-    "darkweb",
-    "haveibeenpwned",
-    "hibp",
-    "passwords",
-    "privacy",
-  ]
-author: "Dave Gallant"
----
-
-Data breaches are a concern for anyone trying to live a life of relative privacy. Last month, PowerSchool informed its customers that [hackers stole data of 62 million students](https://www.bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-data-of-62-million-students/). This may not have impacted you, but unless you have been practicing [Extreme Privacy](https://inteltechniques.com/book7.html) techniques for decades, you likely have been impacted by a data breach in the past.
-
-<!--more-->
-
-## Understanding Data Breaches
-
-Data breaches occur when unauthorized individuals gain access to sensitive information (names, addresses, emails, phone numbers among other details). If the breach is substantial enough, the raw data is likely to make it into the hands of data brokers that will collect, aggregate, and sell the information on the [dark web](https://en.wikipedia.org/wiki/Dark_web).
-
-## Check if you have been impacted
-
-There are a number of services that can be used to check if you have been impacted by a data breach, including [Mozilla monitor](https://monitor.mozilla.org), [Google Dark web report](https://myactivity.google.com/dark-web-report/dashboard), and [haveibeenpwned.com](https://haveibeenpwned.com/). Some password managers offer features that compare your credentials against known breaches. These services can also be configured to send you notifications when a breach occurs. It is a good idea to become aware of these breaches as soon as you can, so that you can protect yourself from malicious behaviour such as phishing.
-
-If you have been an email or phone number for any length of time, there is a high probability that some of your data has been exposed. You can easily check by querying [haveibeenpwned.com](https://haveibeenpwned.com/). Many of the tools that offer breach detection, query the haveibeenpwned database. Although I believe this is service is a public good, it also opens the door for anyone who may be looking to gain more information about your present and past usages of various websites and services.
-
-## Opting out
-
-If you have an identity that you'd like to protect, I'd suggest [opting out of public searchability](https://haveibeenpwned.com/OptOut/). This of course does not undo the data breach that happened, but does it make it more challenging for someone to quickly search for an impacted email address. Even after opting out, you can still [subscribe to breach notifications](https://haveibeenpwned.com/NotifyMe), as long as you can validate that you have access to the email in question.
-
-There are other websites that offer similar style lookups, but many of them are either paywalled or require account registration.
-
-## Email aliases
-
-A more proactive method of reducing the likelihood of future exposures is to use an email aliasing service such as [Firefox Relay](https://relay.firefox.com), [DuckDuckGo Email Protection](https://duckduckgo.com/email/), or if you use Proton Mail, [hide-my-email aliases](https://proton.me/support/addresses-and-aliases#hide). This will allow you sign up for services using an alias instead of revealing your email address. The service then forwards all emails to your real address that you configure when setting up the alias.
-

content/blog/setting-up-gitea-actions-with-tailscale/index.md

@@ -104,9 +104,9 @@ Something to consider is whether or not you want to use ssh with git. One method
 
 ## Theming
 
-I discovered some themes for gitea [here](https://git.sainnhe.dev/sainnhe/gitea-themes).
+I discovered some themes for gitea [here](https://git.sainnhe.dev/sainnhe/gitea-themes) and decided to try out gruvbox.
 
-I added the theme by copying [theme-palenight.css](https://git.sainnhe.dev/sainnhe/gitea-themes/raw/branch/master/dist/theme-palenight.css) into `./data/gitea/public/assets/css`. I then added the following to `environment` in `docker-compose.yml`:
+I added the theme by cloning [theme-gruvbox-auto.css](https://git.sainnhe.dev/sainnhe/gitea-themes/raw/branch/master/dist/theme-gruvbox-auto.css) into `./data/gitea/public/assets/css`. I then added the following to `environment` in `docker-compose.yml`:
 
 ```yaml
 - GITEA__ui__DEFAULT_THEME=palenight

content/blog/using-aks-and-socks-to-connect-to-a-private-azure-db/index.md

@@ -26,6 +26,7 @@ I ran into a roadblock recently where I wanted to conveniently connect to a mana
 
 <!--more-->
 
+
 ## Go Public?
 
 Should the database be migrated to public subnets? Ideally not, since it is good practice to host internal infrastructure in restricted subnets.
@@ -81,6 +82,4 @@ If these stars align, than this solution might work as a stopgap for accessing a
 
 It would be nice if Azure provided tooling similar to cloud-sql-proxy, so that using private databases would be more of a convenient experience.
 
-~~One other thing to note is that some clients (such as [dbeaver](https://dbeaver.io/)) [do not provide DNS resolution over SOCKS](https://github.com/dbeaver/dbeaver/issues/872). So in this case, you won't be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.~~
-
-> **2025-01-16:**: DNS over SOCKS now works with the latest dbeaver client.
+One other thing to note is that some clients (such as [dbeaver](https://dbeaver.io/)) [do not provide DNS resolution over SOCKS](https://github.com/dbeaver/dbeaver/issues/872). So in this case, you won't be able to use DNS as if you were inside the cluster, but instead have to rely on knowing private ip addresses.

content/blog/watching-youtube-in-private/index.md

@@ -83,32 +83,10 @@ After invidious was up and running, I installed [Tailscale](https://tailscale.co
 
 I figured it would be nice to redirect existing YouTube links that others send me, so that I could seamlessly watch the videos using invidious.
 
-I went looking for a way to redirect paths at the browser level. I found [Redirector](https://github.com/einaregilsson/Redirector), which can be used to modify http requests in the browser. I created the following redirect (exported as json):
+I went looking for a way to redirect paths at the browser level. I found the lightweight proxy [requestly](https://requestly.io/), which can be used to modify http requests in my browser. I created the following rules:
 
-```json
-{
-    "redirects": [
-        {
-            "description": "youtube to invidious",
-            "exampleUrl": "https://www.youtube.com/watch?v=-lz30by8-sU",
-            "exampleResult": "http://invidious:3000/watch?v=-lz30by8-sU",
-            "error": null,
-            "includePattern": "https://*youtube.com/*",
-            "excludePattern": "",
-            "patternDesc": "Any youtube video should redirect to invidious",
-            "redirectUrl": "http://invidious:3000/$2",
-            "patternType": "W",
-            "processMatches": "noProcessing",
-            "disabled": false,
-            "grouped": false,
-            "appliesTo": [
-                "main_frame"
-            ]
-        }
-    ]
-}
-```
+![requestly](requestly-rules.png)
 
-Now the link <https://www.youtube.com/watch?v=-lz30by8-sU> will redirect to [http://invidious:3000/watch?v=-lz30by8-sU](http://invidious:3000/watch?v=-lz30by8-sU)
+Now the link https://www.youtube.com/watch?v=-lz30by8-sU will redirect to [http://invidious:3000/watch?v=-lz30by8-sU](http://invidious:3000/watch?v=-lz30by8-sU)
 
 I'm still looking for ways to improve this invidious setup. There doesn't appear to be a way to stream in 4K yet.

layouts/partials/comments.html

@@ -12,8 +12,6 @@
 {{- $utterancesEnabled := $config.utterances.enable -}}
 
 {{- if $utterancesEnabled -}}
-<br>
-<br>
 <section id='comments' class='comments'>
   <div class='container sep-before'>
     <div class='comments'>

layouts/partials/head/head_end.html

@@ -1,2 +0,0 @@
-<!-- Umami Analytics -->
-<script defer src="https://umami.snake-cloud.ts.net/script.js" data-website-id="e8adafba-b892-4dad-a139-2bd61fe5fab9"></script>

package-lock.json

@@ -227,9 +227,9 @@
       }
     },
     "node_modules/@csstools/cascade-layer-name-parser": {
-      "version": "1.0.13",
-      "resolved": "https://registry.npmjs.org/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-1.0.13.tgz",
-      "integrity": "sha512-MX0yLTwtZzr82sQ0zOjqimpZbzjMaK/h2pmlrLK7DCzlmiZLYFpoO94WmN1akRVo6ll/TdpHb53vihHLUMyvng==",
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/@csstools/cascade-layer-name-parser/-/cascade-layer-name-parser-1.0.9.tgz",
+      "integrity": "sha512-RRqNjxTZDUhx7pxYOBG/AkCVmPS3zYzfE47GEhIGkFuWFTQGJBgWOUUkKNo5MfxIfjDz5/1L3F3rF1oIsYaIpw==",
       "dev": true,
       "funding": [
         {
@@ -241,13 +241,12 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT",
       "engines": {
         "node": "^14 || ^16 || >=18"
       },
       "peerDependencies": {
-        "@csstools/css-parser-algorithms": "^2.7.1",
-        "@csstools/css-tokenizer": "^2.4.1"
+        "@csstools/css-parser-algorithms": "^2.6.1",
+        "@csstools/css-tokenizer": "^2.2.4"
       }
     },
     "node_modules/@csstools/color-helpers": {
@@ -320,9 +319,9 @@
       }
     },
     "node_modules/@csstools/css-parser-algorithms": {
-      "version": "2.7.1",
-      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-2.7.1.tgz",
-      "integrity": "sha512-2SJS42gxmACHgikc1WGesXLIT8d/q2l0UFM7TaEeIzdFCE/FPMtTiizcPGGJtlPo2xuQzY09OhrLTzRxqJqwGw==",
+      "version": "2.6.1",
+      "resolved": "https://registry.npmjs.org/@csstools/css-parser-algorithms/-/css-parser-algorithms-2.6.1.tgz",
+      "integrity": "sha512-ubEkAaTfVZa+WwGhs5jbo5Xfqpeaybr/RvWzvFxRs4jfq16wH8l8Ty/QEEpINxll4xhuGfdMbipRyz5QZh9+FA==",
       "dev": true,
       "funding": [
         {
@@ -334,18 +333,17 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT",
       "engines": {
         "node": "^14 || ^16 || >=18"
       },
       "peerDependencies": {
-        "@csstools/css-tokenizer": "^2.4.1"
+        "@csstools/css-tokenizer": "^2.2.4"
       }
     },
     "node_modules/@csstools/css-tokenizer": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-2.4.1.tgz",
-      "integrity": "sha512-eQ9DIktFJBhGjioABJRtUucoWR2mwllurfnM8LuNGAqX3ViZXaUchqk+1s7jjtkFiT9ySdACsFEA3etErkALUg==",
+      "version": "2.2.4",
+      "resolved": "https://registry.npmjs.org/@csstools/css-tokenizer/-/css-tokenizer-2.2.4.tgz",
+      "integrity": "sha512-PuWRAewQLbDhGeTvFuq2oClaSCKPIBmHyIobCV39JHRYN0byDcUWJl5baPeNUcqrjtdMNqFooE0FGl31I3JOqw==",
       "dev": true,
       "funding": [
         {
@@ -357,15 +355,14 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT",
       "engines": {
         "node": "^14 || ^16 || >=18"
       }
     },
     "node_modules/@csstools/media-query-list-parser": {
-      "version": "2.1.13",
-      "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-2.1.13.tgz",
-      "integrity": "sha512-XaHr+16KRU9Gf8XLi3q8kDlI18d5vzKSKCY510Vrtc9iNR0NJzbY9hhTmwhzYZj/ZwGL4VmB3TA9hJW0Um2qFA==",
+      "version": "2.1.9",
+      "resolved": "https://registry.npmjs.org/@csstools/media-query-list-parser/-/media-query-list-parser-2.1.9.tgz",
+      "integrity": "sha512-qqGuFfbn4rUmyOB0u8CVISIp5FfJ5GAR3mBrZ9/TKndHakdnm6pY0L/fbLcpPnrzwCyyTEZl1nUcXAYHEWneTA==",
       "dev": true,
       "funding": [
         {
@@ -377,13 +374,12 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT",
       "engines": {
         "node": "^14 || ^16 || >=18"
       },
       "peerDependencies": {
-        "@csstools/css-parser-algorithms": "^2.7.1",
-        "@csstools/css-tokenizer": "^2.4.1"
+        "@csstools/css-parser-algorithms": "^2.6.1",
+        "@csstools/css-tokenizer": "^2.2.4"
       }
     },
     "node_modules/@csstools/postcss-cascade-layers": {
@@ -1394,9 +1390,9 @@
       }
     },
     "node_modules/@tabler/icons": {
-      "version": "2.45.0",
-      "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-2.45.0.tgz",
-      "integrity": "sha512-J10UDghOni9wlrj5CpKAzychDCABCKYq897mGg0wGFsd+tYLaUdz0dt/HZeGnV8gZJo0hIiTPLGwBp5EW42Qsg==",
+      "version": "2.47.0",
+      "resolved": "https://registry.npmjs.org/@tabler/icons/-/icons-2.47.0.tgz",
+      "integrity": "sha512-4w5evLh+7FUUiA1GucvGj2ReX2TvOjEr4ejXdwL/bsjoSkof6r1gQmzqI+VHrE2CpJpB3al7bCTulOkFa/RcyA==",
       "funding": {
         "type": "github",
         "url": "https://github.com/sponsors/codecalm"
@@ -1676,9 +1672,9 @@
       }
     },
     "node_modules/caniuse-lite": {
-      "version": "1.0.30001700",
-      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001700.tgz",
-      "integrity": "sha512-2S6XIXwaE7K7erT8dY+kLQcpa5ms63XlRkMkReXjle+kf6c5g38vyMl+Z5y8dSxOFDhcFe+nxnn261PLxBSQsQ==",
+      "version": "1.0.30001572",
+      "resolved": "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001572.tgz",
+      "integrity": "sha512-1Pbh5FLmn5y4+QhNyJE9j3/7dK44dGB83/ZMjv/qJk86TvDbjk0LosiZo0i0WB0Vx607qMX9jYrn1VLHCkN4rw==",
       "dev": true,
       "funding": [
         {
@@ -1693,8 +1689,7 @@
           "type": "github",
           "url": "https://github.com/sponsors/ai"
         }
-      ],
-      "license": "CC-BY-4.0"
+      ]
     },
     "node_modules/chalk": {
       "version": "4.1.2",
@@ -3820,9 +3815,9 @@
       "dev": true
     },
     "node_modules/nanoid": {
-      "version": "3.3.8",
-      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.8.tgz",
-      "integrity": "sha512-WNLf5Sd8oZxOm+TzppcYk8gVOgP+l58xNy58D0nbUnOxOWRWvlcCV4kUF7ltmI6PsrLl/BgKEyS4mqsGChFN0w==",
+      "version": "3.3.7",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.7.tgz",
+      "integrity": "sha512-eSRppjcPIatRIMC1U6UngP8XFcz8MQWGQdt1MTBQ7NaAmvXDfvNxbvWV3x2y6CdEUciCSsDHDQZbhYaB8QEo2g==",
       "dev": true,
       "funding": [
         {
@@ -3830,7 +3825,6 @@
           "url": "https://github.com/sponsors/ai"
         }
       ],
-      "license": "MIT",
       "bin": {
         "nanoid": "bin/nanoid.cjs"
       },
@@ -4072,11 +4066,10 @@
       }
     },
     "node_modules/picocolors": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.1.1.tgz",
-      "integrity": "sha512-xceH2snhtb5M9liqDsmEw56le376mTZkEX/jEb/RxNFyegNul7eNslCXP9FDj/Lcu0X8KEyMceP2ntpaHrDEVA==",
-      "dev": true,
-      "license": "ISC"
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/picocolors/-/picocolors-1.0.0.tgz",
+      "integrity": "sha512-1fygroTLlHu66zi26VoTDv8yRgm0Fccecssto+MhsZ0D/DGW2sm8E8AjW7NU5VVTRt5GxbeZ5qBuJr+HyLYkjQ==",
+      "dev": true
     },
     "node_modules/picomatch": {
       "version": "2.3.1",
@@ -4112,9 +4105,9 @@
       }
     },
     "node_modules/postcss": {
-      "version": "8.5.2",
-      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.5.2.tgz",
-      "integrity": "sha512-MjOadfU3Ys9KYoX0AdkBlFEF1Vx37uCCeN4ZHnmwm9FfpbsGWMZeBLMmmpY+6Ocqod7mkdZ0DT31OlbsFrLlkA==",
+      "version": "8.4.38",
+      "resolved": "https://registry.npmjs.org/postcss/-/postcss-8.4.38.tgz",
+      "integrity": "sha512-Wglpdk03BSfXkHoQa3b/oulrotAkwrlLDRSOb9D0bN86FdRyE9lppSp33aHNPgBa0JKCoB+drFLZkQoRRYae5A==",
       "dev": true,
       "funding": [
         {
@@ -4130,11 +4123,10 @@
           "url": "https://github.com/sponsors/ai"
         }
       ],
-      "license": "MIT",
       "dependencies": {
-        "nanoid": "^3.3.8",
-        "picocolors": "^1.1.1",
-        "source-map-js": "^1.2.1"
+        "nanoid": "^3.3.7",
+        "picocolors": "^1.0.0",
+        "source-map-js": "^1.2.0"
       },
       "engines": {
         "node": "^10 || ^12 || >=14"
@@ -4332,9 +4324,9 @@
       }
     },
     "node_modules/postcss-custom-media": {
-      "version": "10.0.8",
-      "resolved": "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-10.0.8.tgz",
-      "integrity": "sha512-V1KgPcmvlGdxTel4/CyQtBJEFhMVpEmRGFrnVtgfGIHj5PJX9vO36eFBxKBeJn+aCDTed70cc+98Mz3J/uVdGQ==",
+      "version": "10.0.4",
+      "resolved": "https://registry.npmjs.org/postcss-custom-media/-/postcss-custom-media-10.0.4.tgz",
+      "integrity": "sha512-Ubs7O3wj2prghaKRa68VHBvuy3KnTQ0zbGwqDYY1mntxJD0QL2AeiAy+AMfl3HBedTCVr2IcFNktwty9YpSskA==",
       "dev": true,
       "funding": [
         {
@@ -4346,12 +4338,11 @@
           "url": "https://opencollective.com/csstools"
         }
       ],
-      "license": "MIT",
       "dependencies": {
-        "@csstools/cascade-layer-name-parser": "^1.0.13",
-        "@csstools/css-parser-algorithms": "^2.7.1",
-        "@csstools/css-tokenizer": "^2.4.1",
-        "@csstools/media-query-list-parser": "^2.1.13"
+        "@csstools/cascade-layer-name-parser": "^1.0.9",
+        "@csstools/css-parser-algorithms": "^2.6.1",
+        "@csstools/css-tokenizer": "^2.2.4",
+        "@csstools/media-query-list-parser": "^2.1.9"
       },
       "engines": {
         "node": "^14 || ^16 || >=18"
@@ -5841,11 +5832,10 @@
       }
     },
     "node_modules/source-map-js": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.1.tgz",
-      "integrity": "sha512-UXWMKhLOwVKb728IUtQPXxfYU+usdybtUrK/8uGE8CQMvrhOpwvzDBwj0QhSL7MQc7vIsISBG8VQ8+IDQxpfQA==",
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/source-map-js/-/source-map-js-1.2.0.tgz",
+      "integrity": "sha512-itJW8lvSA0TXEphiRoawsCksnlf8SyvmFzIhltqAHluXd88pkCd+cXJVHTDwdCr0IzwptSm035IHQktUu1QUMg==",
       "dev": true,
-      "license": "BSD-3-Clause",
       "engines": {
         "node": ">=0.10.0"
       }

package.hugo.json

@@ -0,0 +1,4 @@
+{
+  "name": "davegallant.github.io",
+  "version": "0.1.0"
+}

renovate.json

@@ -1,8 +1,5 @@
 {
   "$schema": "https://docs.renovatebot.com/renovate-schema.json",
-  "schedule": [
-    "every weekend"
-  ],
   "extends": [
     "config:recommended"
   ]

shell.nix

@@ -1,5 +1,5 @@
 let
-  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-24.11";
+  nixpkgs = fetchTarball "https://github.com/NixOS/nixpkgs/tarball/nixos-23.11";
   pkgs = import nixpkgs { config = { }; overlays = [ ]; };
 in
 

themes/custom-theme/layouts/partials/post-list.html

@@ -1,13 +0,0 @@
-{{ range $pageIndex, $page := .Pages }}
-  <article class="post">
-    <div class="post-header">
-      <div class="post-meta">
-        {{- with $page.Date -}}
-          <span>{{ .Format "2006-01-02" }}</span> 
-        {{- end -}}: <a href="{{ .RelPermalink }}">{{ .Title | markdownify }}</a>
-      </div>
-    </div>
-  </article>
-{{ end }}
-
-{{ partial "pagination.html" . }}

themes/hugo-theme-gruvbox/assets/css/critical/15-colors.css

@@ -16,10 +16,10 @@
   --bg3: #665c54;
   --bg4: #32344a;
   --fg: var(--fg1);
-  --fg0: #a1a1a1;
-  --fg1: #dddfeb;
+  --fg0: #ad8ee6;
+  --fg1: #acb0d0;
   --fg2: #7da6ff;
-  --fg3: #6a6c67;
+  --fg3: #9ece6a;
   --fg4: #32344a;
   --gray1: var(--fg4);
   --gray2: #444b6a;
@@ -29,8 +29,8 @@
   --green2: #b9f27c;
   --yellow1: #e0af68;
   --yellow2: #ff9e64;
-  --blue1: #63A8D3;
-  --blue2: #63A8D3;
+  --blue1: #7da6ff;
+  --blue2: #7aa2f7;
   --purple1: #ad8ee6;
   --purple2: #bb9af7;
   --aqua1: #449dab;
@@ -44,6 +44,7 @@
   }
 
 :root {
-  --primary: var(--blue1);
-  --primary-alt: var(--blue2);
+  {{ $themeColor := .Param "themeColor" | default "blue" }}
+  --primary: var(--{{ $themeColor }}1);
+  --primary-alt: var(--{{ $themeColor }}2);
 }

themes/hugo-theme-gruvbox/assets/css/critical/30-header.css

@@ -65,7 +65,7 @@ header {
   }
 
   &::placeholder {
-    color: var(--fg1);
+    color: var(--fg3);
   }
 
   &[type="search"]::-webkit-search-cancel-button {

themes/hugo-theme-gruvbox/assets/css/critical/40-post.css

@@ -1,7 +1,7 @@
 .post,
 .content-section {
   border-bottom: 2px dotted var(--bg1);
-  padding: 0rem 0;
+  padding: 2rem 0;
 }
 
 .post {

themes/hugo-theme-gruvbox/assets/js/dark-mode.js

@@ -28,13 +28,32 @@ function setCommentsTheme(theme) {
 }
 
 function setTheme(theme) {
+  if (theme == "auto") {
+    theme = window.matchMedia("(prefers-color-scheme: light)").matches
+      ? "light"
+      : "dark";
+  }
   document.documentElement.setAttribute("data-theme", theme);
   setPrismTheme(theme);
   setCommentsTheme(theme);
 }
 
+function toggleTheme(e) {
+  const theme = e.currentTarget.classList.contains("light--hidden")
+    ? "light"
+    : "dark";
+  setTheme(theme);
+  saveTheme(theme);
+}
 
-setTheme("dark");
+// Initial load
+setTheme(getTheme());
+
+window
+  .matchMedia("(prefers-color-scheme: dark)")
+  .addEventListener("change", (event) => {
+    setTheme(getTheme());
+  });
 
 // This script is inlined in the <head> of the document, so we have to wait
 // for the DOM content before can add event listeners to the toggle buttons

themes/hugo-theme-gruvbox/layouts/partials/head/stylesheets.html

@@ -3,8 +3,8 @@
 
 {{ $critical := sort (resources.Match "css/critical/*.css") "Name" | resources.Concat nil | resources.ExecuteAsTemplate nil . | resources.PostCSS }}
 {{ $nonCritical := sort (resources.Match "css/non-critical/*.css") "Name" | resources.Concat "css/non-critical.css" | resources.ExecuteAsTemplate "css/non-critical.css" . | resources.PostCSS }}
-{{ $prismDark := resources.Get "prism-themes/prism-coldark-dark.css" }}
-{{ $prismLight := resources.Get "prism-themes/prism-coldark-dark.css" }}
+{{ $prismDark := resources.Get "prism-themes/prism-synthwave84.css" }}
+{{ $prismLight := resources.Get "prism-themes/prism-synthwave84.css" }}
 
 {{ if hugo.IsProduction }}
   {{ $critical = $critical | resources.PostProcess }}