10 files changed, 125 insertions, 55 deletions

diff --git a/static/favicon.png b/static/favicon.png
new file mode 100644
index 0000000..db8a432
--- /dev/null
+++ b/static/favicon.png
diff --git a/static/files/articles/site-backend/pablotron.onion.conf.txt b/static/files/articles/site-backend/pablotron.onion.conf.txt
new file mode 100644
index 0000000..9c80ede
--- /dev/null
+++ b/static/files/articles/site-backend/pablotron.onion.conf.txt
@@ -0,0 +1,40 @@
+server {
+  listen unix:/var/run/tor/pablotron.sock;
+  server_name pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion;
+  root /store/www/pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion/htdocs;
+  index index.html;
+  access_log /var/log/nginx/pablotron-access.log;
+
+  # enable compression, compress common types
+  gzip on;
+  gzip_types text/html text/plain text/xml text/css text/javascript application/x-javascript text/csv application/json text/json image/svg+xml;
+
+  # security headers (see comments in apache config)
+  add_header "X-Frame-Options" "SAMEORIGIN";
+  add_header "X-Content-Type-Options" "nosniff";
+  add_header "Cross-Origin-Opener-Policy" "same-origin";
+  add_header "Cross-Origin-Resource-Policy" "same-origin";
+  add_header "Access-Control-Allow-Origin" "http://pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion";
+  add_header "Referrer-Policy" "strict-origin-when-cross-origin";
+  add_header "Permissions-Policy" "camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()";
+
+  # different from apache; POST method not needed
+  add_header "Access-Control-Allow-Methods" "GET, HEAD, OPTIONS";
+
+  location ~ \.(ico|jpg|jpeg|png|gif|webp|svg|js|json|css)$ {
+    # cache images, stylesheets, and javascript for 1 year
+    # note: caching makes a BIG difference when browsing via tor
+    expires 1y;
+  }
+
+  location ~ \.svg$ {
+    # relax Content-Security-Policy for SVGs to allow
+    # `style-src-attr 'unsafe-inline'`
+    add_header "Content-Security-Policy" "default-src 'self'; img-src 'self'; style-src-attr 'self' 'unsafe-inline'";
+  }
+
+  location ^~ \.svg$ {
+    # default Content-Security-Policy
+    add_header "Content-Security-Policy" "default-src 'self'; img-src 'self' https://pmdn.org";
+  }
+}
diff --git a/static/files/articles/site-backend/pablotron.org.conf.txt b/static/files/articles/site-backend/pablotron.org.conf.txt
index 97a60d2..59ef28c 100644
--- a/static/files/articles/site-backend/pablotron.org.conf.txt
+++ b/static/files/articles/site-backend/pablotron.org.conf.txt
@@ -30,6 +30,9 @@
   # POST needed for /hooks
   Header append "Access-Control-Allow-Methods" "POST, GET, HEAD, OPTIONS"
 
+  # expose tor onion service (2025-05-18)
+  Header set "Onion-Location" "http://pablotronfils76sk6pwvyoosvfjbhxe3sn4c654e4na4szidbnbqdyd.onion%{REQUEST_URI}s"
+
   # cache images, stylesheets, and javascript for 1 year
   <FilesMatch "\.(ico|jpg|jpeg|png|gif|webp|svg|js|json|css)$">
     Header set Cache-Control "max-age=31536000, public"
diff --git a/static/files/articles/site-backend/script.js.txt b/static/files/articles/site-backend/script.js.txt
index ae47804..1ab4045 100644
--- a/static/files/articles/site-backend/script.js.txt
+++ b/static/files/articles/site-backend/script.js.txt
@@ -1,26 +1,23 @@
 'use strict';
 
 //
-// script.js - script which handles:
+// script.js: minimal JS for pablotron.org
 //
-// - check/set dark mode (added 2024-05-27)
-// - enable burger menu support
+// - set theme on page load
+// - bind theme switcher and burger menu event handlers
 //
-// original notes regarding burger menu and minification are in the
-// "burger menu" section below
+// current sizes (2025-04-01):
+// - minified: 699 bytes
+// - minified/compressed: 508 bytes
 //
-// burger menu (2024-05-27)
-// ------------------------
+// notes below are slightly out of date...
+//
+// theme switcher (2024-05-27)
+// ---------------------------
 // does the following:
 //
 // 1. checks for user setting and use that, if present.
-// 2. otherwise check browser for preferred color scheme and use that.
-//
-// this works in conjunction with the styles in `assets/dark.sass` and
-// has one minor quirk: there is a brief flash when the user transitions
-// to a new page and has dark mode enabled.  this can be removed by
-// uncommenting the block at the top of `dark.sass`, but doing this
-// currently breaks the light color scheme :/.
+// 2. otherwise default to dark mode.
 //
 // refs:
 // https://developer.mozilla.org/en-US/docs/Web/CSS/@media/prefers-color-scheme
@@ -56,26 +53,16 @@ const D = document,
       M = window.matchMedia,
       on = (el, id, fn) => el.addEventListener(id, fn);
 
-// use theme if set, otherwise fall back to dark mode
-// FIXME: move to DOMContentLoaded?
-//
-// update (2025-03-31): prefer dark mode by default and only set light
-// mode if the user has explicitly selected the light theme using the
-// theme toggle.
-//
-// the old logic also attempted to account for "prefers-color-scheme:
-// light", but i want the default to be dark unless it is explicitly
-// overridden.
-C.add('dark'); // unconditionally set dark mode
+// light theme selected by user?
 if (L && L.theme && L.theme === 'light') {
   C.remove('dark'); // set light theme
 }
 
-document.addEventListener('DOMContentLoaded', () => {
+D.addEventListener('DOMContentLoaded', () => {
   // theme toggle event handler
-  on(D.querySelector('.navbar-item[data-id="theme"]'), 'click', (e) => {
+  on(D.querySelector('.navbar-item[data-id="theme"]'), 'click', e => {
     e.preventDefault(); // stop event
-    L.theme = C.toggle('dark') ? 'dark' : 'light'; // toggle
+    L.theme = C.toggle('dark') ? 'dark' : 'light'; // toggle theme
   });
 
   // iterate through burgers, bind to click events
diff --git a/static/files/articles/site-backend/webhook.conf.txt b/static/files/articles/site-backend/webhook.conf.txt
index 254155d..1243946 100644
--- a/static/files/articles/site-backend/webhook.conf.txt
+++ b/static/files/articles/site-backend/webhook.conf.txt
@@ -9,10 +9,6 @@
 
   "pass-environment-to-command": [{
     "source": "string",
-    "envname": "DEPLOY_HTDOCS_PATH",
-    "name": "/data/www/pablotron.org/builds/current"
-  }, {
-    "source": "string",
     "envname": "DEPLOY_REPO_DIR",
     "name": "/data/www/pablotron.org/git"
   }, {
diff --git a/static/files/pabs.asc b/static/files/pabs.asc
index 9bda0d2..555912f 100644
--- a/static/files/pabs.asc
+++ b/static/files/pabs.asc
@@ -2,27 +2,27 @@
 
 mDMEZPpC4BYJKwYBBAHaRw8BAQdAozyRcx2w+Eb6m6VBVEp3EnfdOsH1SGgY7Bf0
 7F7zP2C0H1BhdWwgRHVuY2FuIDxncGdAcGFibG90cm9uLm9yZz6ImQQTFggAQQIb
-AQUJA+MNIAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBAIRNlIVSOsZj2T/c44Y
-JTTN0fK4BQJk+kTGAhkBAAoJEI4YJTTN0fK4bnMA/RAZ5S31GTIrZUA3JmZvCvwq
-k3rtWxL6BDhco8yQOdQuAQCM6qSHN4rXr+6ztIe3EvkpWU8lXh1Uc3Krki5kTzQA
-ArQrUGF1bCBEdW5jYW4gKGdpdGh1YikgPGdpdGh1YkBwYWJsb3Ryb24ub3JnPoiW
-BBMWCAA+FiEEAhE2UhVI6xmPZP9zjhglNM3R8rgFAmT6RJ4CGwEFCQPjDSAFCwkI
-BwIGFQoJCAsCBBYCAwECHgECF4AACgkQjhglNM3R8rjyvwD+PbyFukeFU6SMTGa0
-5ciR5WbhXhRHm19f0i+i8dfjRGQA/ifcNa6L+jefQUY5r2eIcjo+5AyANKeQQX1E
-atOoS14HtCtQYXVsIER1bmNhbiAocGVyc29uYWwpIDxwYWJzQHBhYmxvdHJvbi5v
-cmc+iJYEExYIAD4WIQQCETZSFUjrGY9k/3OOGCU0zdHyuAUCZPpEvAIbAQUJA+MN
-IAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCOGCU0zdHyuPdVAQCktsGno4Rs
-2F+mpkBL/XAZygGcXTex87GBk+9UHTIFoAD/W2IxS3sXhG84+dVuXawEjbVAsZnY
-JXgo/Yp89t3FcQO4MwRk+kMGFgkrBgEEAdpHDwEBB0CXyafK+3r6c+foOGSypcN3
-DDpRJ4E08hZrLlMDo66tmYj1BBgWCAAmFiEEAhE2UhVI6xmPZP9zjhglNM3R8rgF
-AmT6QwYCGwIFCQPjDPoAgQkQjhglNM3R8rh2IAQZFggAHRYhBMxaPAkB8qSbHzks
-9w9m3LNb0xXvBQJk+kMGAAoJEA9m3LNb0xXvnlsA/2XAWLXyMSTTGBVLN3V96gpT
-L/jm2fincNSBkk5heOT3AP0SM6I8I7yBN8a9HyRW7of7dISp1DPRej7zjba+w2DW
-D02/AQDOFVyNA8nFU8VIply2q0f5cWremdEyKZsMQOoV7h8YrwEAkZPruamwJOhb
-dERvNLzLRfTy4Ur21AZQCbNDO1PiEgi4OARk+kMWEgorBgEEAZdVAQUBAQdAnLxb
-gFTx1NB4SrLsKOV/3zZkwGiPHhwNy1rf8czSlCUDAQgHiH4EGBYIACYWIQQCETZS
-FUjrGY9k/3OOGCU0zdHyuAUCZPpDFgIbDAUJA+MM6gAKCRCOGCU0zdHyuH71AQCL
-EetpJgsLGwm0qqwPMIwk38h/VfsG5B4cSOiP5KFfKQD+Ko6KWtGkgwS2k8IgqEng
-GdWY8q5PwXp8FHsdOC7QuQI=
-=84QG
+AQULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAIZARYhBAIRNlIVSOsZj2T/c44YJTTN
+0fK4BQJozgCMBQkHliSsAAoJEI4YJTTN0fK4fNkBAN0ytDOHZbjWJIuGRp/VvtAn
+EIz5ngsqEr60uMvv5t7eAQC0AgQ2o2J/AHwou7V0fz2uISH9QSHMGw/Y5Hjn6RX+
+BbQrUGF1bCBEdW5jYW4gKGdpdGh1YikgPGdpdGh1YkBwYWJsb3Ryb24ub3JnPoiW
+BBMWCAA+AhsBBQsJCAcCBhUKCQgLAgQWAgMBAh4BAheAFiEEAhE2UhVI6xmPZP9z
+jhglNM3R8rgFAmjOAIwFCQeWJKwACgkQjhglNM3R8rilewEA19Lc/7iWIkmIWSTI
+veXUZD0dCNzOg0nhhl7GEMoK/foA/24+KVQUWU2AJka4RNb4glVqo1b6UNq2IOZr
+rLmZv5sLtCtQYXVsIER1bmNhbiAocGVyc29uYWwpIDxwYWJzQHBhYmxvdHJvbi5v
+cmc+iJYEExYIAD4CGwEFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AWIQQCETZSFUjr
+GY9k/3OOGCU0zdHyuAUCaM4AjAUJB5YkrAAKCRCOGCU0zdHyuLUSAQDSQS2OQa/E
+VdAyRd1LR8jR7WPaHAyXbPanOC8x+3AksQEAx3gwp0ZBxAhj7lwlzuqAdxWy1Eiu
++9O1gAcEyDzULgS4MwRk+kMGFgkrBgEEAdpHDwEBB0CXyafK+3r6c+foOGSypcN3
+DDpRJ4E08hZrLlMDo66tmYj1BBgWCAAmAhsCFiEEAhE2UhVI6xmPZP9zjhglNM3R
+8rgFAmjOATAFCQeWJSoAgXYgBBkWCAAdFiEEzFo8CQHypJsfOSz3D2bcs1vTFe8F
+AmT6QwYACgkQD2bcs1vTFe+eWwD/ZcBYtfIxJNMYFUs3dX3qClMv+ObZ+Kdw1IGS
+TmF45PcA/RIzojwjvIE3xr0fJFbuh/t0hKnUM9F6PvONtr7DYNYPCRCOGCU0zdHy
+uGg/AP9Vj/sL5GoNcvgx8d7SdKV+GWAmJnGFAszAkPsA4vCULgD/cSP+mafM9Xdf
+mCEYA2Wcps/nPOkJoXJDfFcyO0vMVwO4OARk+kMWEgorBgEEAZdVAQUBAQdAnLxb
+gFTx1NB4SrLsKOV/3zZkwGiPHhwNy1rf8czSlCUDAQgHiH4EGBYIACYCGwwWIQQC
+ETZSFUjrGY9k/3OOGCU0zdHyuAUCaM4BEwUJB5Yk/QAKCRCOGCU0zdHyuOehAP0W
+QeLan4L834js6/UJ3Cow8T+QLEaJxCKGrEhYOwjrQQD8CU/3XuO6FKRFIZsC57Lw
+uWmtrMiaRtxcEjoL7GEsOw0=
+=qJVW
 -----END PGP PUBLIC KEY BLOCK-----
diff --git a/static/files/posts/armbian-on-odroid-n2l/n2l-1024.png b/static/files/posts/armbian-on-odroid-n2l/n2l-1024.png
new file mode 100644
index 0000000..4809ded
--- /dev/null
+++ b/static/files/posts/armbian-on-odroid-n2l/n2l-1024.png
diff --git a/static/files/posts/armbian-on-odroid-n2l/n2l-1024.webp b/static/files/posts/armbian-on-odroid-n2l/n2l-1024.webp
new file mode 100644
index 0000000..4a91338
--- /dev/null
+++ b/static/files/posts/armbian-on-odroid-n2l/n2l-1024.webp
diff --git a/static/files/posts/armbian-on-odroid-n2l/n2l.jpg b/static/files/posts/armbian-on-odroid-n2l/n2l.jpg
new file mode 100644
index 0000000..8553d86
--- /dev/null
+++ b/static/files/posts/armbian-on-odroid-n2l/n2l.jpg
diff --git a/static/files/posts/armbian-on-odroid-n2l/odroid-n2l-root_not_logged_in_yet.txt b/static/files/posts/armbian-on-odroid-n2l/odroid-n2l-root_not_logged_in_yet.txt
new file mode 100644
index 0000000..2f03dae
--- /dev/null
+++ b/static/files/posts/armbian-on-odroid-n2l/odroid-n2l-root_not_logged_in_yet.txt
@@ -0,0 +1,44 @@
+#
+# armbian automatic first boot configuration based on the documentation
+# at https://docs.armbian.com/User-Guide_Autoconfig/
+#
+# NOTE: This configuration did NOT work as expected.
+#
+# In particular, it had the following errors:
+#
+# - did not set the root password.  instead the root password was "1234"
+# - did not set the user password
+# - generated a broken network configuration which did not work after
+#   the second boot
+#
+
+# Network Settings
+PRESET_NET_CHANGE_DEFAULTS="1"
+
+## Ethernet
+PRESET_NET_ETHERNET_ENABLED="1"     #   Ignored due to WiFi
+
+## WiFi
+PRESET_NET_WIFI_ENABLED="1"
+PRESET_NET_WIFI_SSID="MY WIFI SSID"
+PRESET_NET_WIFI_KEY="MY WIFI PASSWORD"
+PRESET_NET_WIFI_COUNTRYCODE="US"
+PRESET_CONNECT_WIRELESS="y"
+## Static IP
+PRESET_NET_USE_STATIC="0"
+
+# System
+SET_LANG_BASED_ON_LOCATION="y"
+PRESET_LOCALE="en_US.UTF-8"
+PRESET_TIMEZONE="US/Eastern"
+
+# Root
+PRESET_ROOT_PASSWORD="MY ROOT PASSWORD"
+PRESET_ROOT_KEY=""
+
+# User
+PRESET_USER_NAME="someuser"
+PRESET_USER_PASSWORD="MY USER PASSWORD"
+PRESET_USER_KEY="URL TO SSH KEY"
+PRESET_DEFAULT_REALNAME="Some User"
+PRESET_USER_SHELL="bash"