2025-02-05 11:21:34 -05:00
9 changed files with 46 additions and 39 deletions
--- a/cloudflare-build.sh
+++ b/cloudflare-build.sh
@ -1,10 +1,10 @@
 #!/bin/bash

-set -euo pipefail
+set -eu

-curl -L -s https://api.github.com/repos/gohugoio/hugo/releases/latest | grep "browser_download_url.*extended.*linux-amd64.tar.gz" | cut -d : -f 2,3 | sed 's/"//g' | xargs wget
+#curl -L -s https://api.github.com/repos/gohugoio/hugo/releases/latest | grep "browser_download_url.*extended.*linux-amd64.tar.gz" | cut -d : -f 2,3 | sed 's/"//g' | xargs wget

-# wget https://github.com/gohugoio/hugo/releases/download/v0.119.0/hugo_0.119.0_Linux-64bit.tar.gz
+wget https://github.com/gohugoio/hugo/releases/download/v0.119.0/hugo_0.119.0_Linux-64bit.tar.gz

 tar xvf ./*.tar.gz
 chmod u+x ./hugo
--- a/config.yml
+++ b/config.yml
@ -45,10 +45,17 @@ params:
    title: Tommy Tran
    subtitle: "System Administrator and Technical Writer"
    imageUrl: "/avatar.png"
+    buttons:
+      - name: About
+        url: about
+      - name: Contact
+        url: contact

  socialIcons:
    - name: github
      url: "https://github.com/tommytran732"
+    - name: gitea
+      url: "https://git.tommytran.io/Tomster"
    - name: matrix
      url: "https://invite.arcticfoxes.net/#/@tommy:arcticfoxes.net"
    - name: telegram
@ -97,26 +104,22 @@ markup:

 menu:
  main:
-    - identifier: About
-      name: About
-      url: /about/
-      weight: 10
    - identifier: Blog
      name: Blog
      url: https://privsec.dev
-      weight: 20
-    - identifier: Contact
-      name: Contact
-      url: /contact/
-      weight: 30
+      weight: 10
    - identifier: Projects
      name: Projects
      url: /projects/
-      weight: 40
+      weight: 20
+    - identifier: Packages
+      name: Packages
+      url: /packages/
+      weight: 30
    - identifier: PGP
      name: PGP
      url: tommy.asc
-      weight: 50
+      weight: 40

 privacy:
  disqus:
--- a/content/about.md
+++ b/content/about.md
@ -9,6 +9,6 @@ Hey there 👋

 My name is Thien, but I mostly go by "Tommy" nowadays. I am an Linux system administrator around 4 years of experience. I am familiar with most major Linux families, from Red Hat to Debian to SUSE to Arch Linux. Recently, my interest has shifted to immutable distributions such as Fedora Silverblue/CoreOS and openSUSE MicroOS.

-Like most Linux users, I am an open source enthusiast and publish most of the projects made in my free time on [GitHub](https://github.com/tommytran732). I also made a couple of small contributions to various projets on GitHub as well.
+Like most Linux users, I am an open source enthusiast and publish most of the projects made in my free time on [GitHub](https://github.com/tommytran732) and [my own Gitea instance](https://git.tommytran.io/tomster). I also made a couple of small contributions to various projets on GitHub as well.

-I have a collaborative blog - [PrivSec.dev](https://privsec.dev) - with a couple of friends I "met" through [GrapheneOS](https://grapheneos.org).
+If you are active in the privacy communities on Matrix, you may recognize me. I used to be a collaborator for [PrivacyGuides.org](https://privacyguides.org) and wrote a large portion of the site from around October 2021 - July 2022. Now, I am now working on my own website - [PrivSec.dev](https://privsec.dev) - with a couple of friends I "met" through [GrapheneOS](https://grapheneos.org). Oh, while we are on this topic, I am also a moderator in the official GrapheneOS channels as well (though not a developer or project member). Or, you may just know me as that one guy who loves throwing a hypervisor at every problem he encounters, typical of a Qubes OS user. 
--- a/content/contact.md
+++ b/content/contact.md
@ -15,13 +15,11 @@ My Telegram is [TommyTran732](https://t.me/tommytran732). I do not check it as o

 ## Email

-If you prefer to reach out to me via email, my address is [contact@tommytran.io](mailto:contact@tommytran.io). Aliases:
+If you prefer to reach out to me via email, my address is [contact@tommytran.io](mailto:contact@tommytran.io). I do not use PGP for emails. Aliases:

 - [tommy@privsec.dev](mailto:tommy@privsec.dev)
 - [tommy@arcticfoxes.net](mailto:tommy@arcticfoxes.net)

-Please use encryption if possible. My PGP key is available [here](https://tommytran.io/tommy.asc).
-
 ## Other Accounts

 Discord:
@ -38,10 +36,11 @@ Reddit:
 My Git accounts:
 - [GitHub](https://github.com/tommytran732)
 - [GitLab](https://gitlab.com/tommytran732) (inactive)
+- [Gitea](https://git.tommytran.io/tomster)

 Packaging:
 - [AUR](https://aur.archlinux.org/account/TommyTran732) (login required)
 - [Docker Hub](https://hub.docker.com/u/tommytran732) (inactive)
- [Quay.io](https://quay.io/tommytran732) (inactive)
+- [Quay.io](https://quay.io/tommytran732)

 Please by wary of anyone claiming to be me or using the handle "TommyTran732" reaching out to you. Chances are, they are an impersonator. You can always contact me via Matrix or Email for identity verification.
--- a/content/packages.md
+++ b/content/packages.md
@ -0,0 +1,15 @@
+---
+title: "Packages"
+date: 2022-09-03
+---
+
+## Synapse
+![Matrix](/images/matrix.jpg)
+
+I have a [simple fork](https://github.com/tommytran732/Synapse-Docker) of [Wonderfall's hardened Synapse Docker image](https://github.com/Wonderfall/docker-synapse) with the [Mjolnir module](https://github.com/matrix-org/mjolnir/blob/main/docs/synapse_module.md) support and the default (as opposed to light) variant of the [Hardened Memory Allocator](https://github.com/GrapheneOS/hardened_malloc).
+
+You can obtain the image by pulling `ghcr.io/tommytran732/synapse` or `quay.io/tommytran732/synapse`.
+
+## Matrix.to
+
+I made an Alpine Docker container for [Matrix.to](https://matrix.to) that you obtain by pulling `ghcr.io/tommytran732/matrix.to`. The default instance has been changed from [Element.io](https://app.element.io) to [ArcticFoxes.net](https://element.arcticfoxes.net).
--- a/content/projects.md
+++ b/content/projects.md
@ -11,25 +11,15 @@ date: 2022-09-02

 We focus on in-depth system configuration, security analysis, and software/hardware recommendations. Our site is based on technical merits, not ideologies and politics.

-## Polarix Containers
-
-![Polarix Containers](/images/containers.jpg)
-
-[Polarix Containers](https://github.com/Polarix-Containers) is a collection of OCI containers aiming to improve security over upstream builds.
-
-Some containers are simple daily rebuilds of upstream containers. Others are remade from scratch with Alpine Linux/Red Hat UBI and unprivileged users. hardened_malloc is included in most builds.
-
 ## ArcticFoxes.net

 ![ArcticFoxes.net](/images/arcticfoxes.png)

 [ArcticFoxes.net](https://arcticfoxes.net) is a group of self hosted and federated services run by me. It consists of:

- [A Matrix server](https://matrix.arcticfoxes.net).
+- [A Matrix server](https://matrix.arcticfoxes.net) using my [hardened docker image](https://github.com/tommytran732/Synapse-Docker). I also have a [web client](https://element.arcticfoxes.net) and TURN server as accessories for the Matrix server.
 - [A OpenVPN to ONC converter](onc.arcticfoxes.net). This is a simple fork of [thomkeh/ovpn2onc](https://github.com/thomkeh/ovpn2onc) with a dark theme.

-It also formerly included Nitter and Signal TLS Proxy instances.
-
 Most of the configurations and deployment files are available on [GitHub](https://github.com/ArcticFoxes-net).

 ## Linux Setup Scripts
@ -42,7 +32,7 @@ Features include, but are not limited to:
 - Removal of unnecessary packages
 - Hardened boot parameters
 - Hardened sysctl settings
- Kernel module blacklist from [secureblue](https://github.com/secureblue/secureblue)
+- Kernel module blacklist from Whonix's [security-misc](https://github.com/Kicksecure/security-misc/blob/master/etc/modprobe.d/30_security-misc.conf)
 - Mac Address randomization for desktop installations
 - SSH client and server hardening
 - Installation of Hardened Malloc on Red Hat systems
--- a/static/.well-known/security.txt
+++ b/static/.well-known/security.txt
@ -2,15 +2,15 @@
 Hash: SHA256

 Contact: https://matrix.to/#/@tommy:arcticfoxes.net
+Contact: https://simplex.chat/contact#/?v=1-4&smp=smp%3A%2F%2FN_McQS3F9TGoh4ER0QstUf55kGnNSd-wXfNPZ7HukcM%3D%40smp19.simplex.im%2F03zrijd3pM0hi2AG6XLiMMpxEsjEqj_5%23%2F%3Fv%3D1-2%26dh%3DMCowBQYDK2VuAyEAx3xSpEh_hRUiGatqlRxGajqIcg6H6xc9jf-2UfeJGA4%253D%26srv%3Di53bbtoqhlc365k6kxzwdp5w3cdt433s7bwh3y32rcbml2vztiyyz5id.onion
 Contact: mailto:contact@tommytran.io
-Expires: 2028-01-01T00:00:00.000Z
-Encryption: https://tommytran.io/tommy.asc
+Expires: 2026-12-24T00:00:00.000Z
 Preferred-Languages: en-US, vi-VN
-Canonical: https://tommytran.io/.well-known/security.txt
+Canonical: https://tommytran.io/security.txt
 -----BEGIN PGP SIGNATURE-----

-iHUEARYIAB0WIQR7t0D0xuMPQ9QHbwNVXJAqNOyWjwUCZ0W8GAAKCRBVXJAqNOyW
-j5OuAP9KIR8b6U8o0/4brFKsr+PPJeIdbWuisrvh0uaEMB+OpQD/do5IxxZtGEEC
-9wc7VsMFgjhjYX0xDSAfnHaYsw8Cuw4=
-=5kZo
+iHUEARYIAB0WIQR7t0D0xuMPQ9QHbwNVXJAqNOyWjwUCZZEPagAKCRBVXJAqNOyW
+j3U0AQCiNSKueVaa+w7W7EU3bF7gb1AwfBg0p7WjUo+TNxqB3gEA3XVT2Dpb4vm1
+Cg80jbBEbPkOEBwIWwBl8Jb0e0e8Jgo=
+=vLVh
 -----END PGP SIGNATURE-----
--- a/static/images/containers.jpg
+++ b/static/images/containers.jpg
--- a/static/images/simplex-chat-address.png
+++ b/static/images/simplex-chat-address.png