privacyguides/privacyguides.org
1
0
Fork 0
mirror of https://github.com/privacyguides/privacyguides.org.git synced 2025-11-04 13:27:53 +00:00
Code Issues Activity

Remove server things from repo (#2475)

Browse Source 
Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Jonah Aragon
2024-04-03 07:06:38 +00:00
committed by Daniel Gray
parent 04c37b9cdf
commit ce7896c07f
28 changed files with 226 additions and 620 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
.github/CODEOWNERS vendored
View File

@@ -1,27 +1,5 @@
# Copyright (c) 2019-2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# Additional Co-Owners are added to the TOP of this file
# High-traffic pages
/docs/index.en.md @jonaharagon @dngray
/docs/index.md @jonaharagon @dngray
/theme/overrides/ @jonaharagon
# Org
@@ -35,4 +13,3 @@ README.md @jonaharagon @dngray
/Pipfile @jonaharagon
/Pipfile.lock @jonaharagon
/.github/ @jonaharagon
/.well-known/ @jonaharagon

93
.github/workflows/build-offline.yml vendored Normal file
View File

@@ -0,0 +1,93 @@
name: Build Offline Website
on:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: "false"
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Python setup
uses: actions/setup-python@v5
with:
cache: "pipenv"
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ github.repository }}-en-${{ github.ref }}-
site-cache-${{ github.repository }}-en-
- name: Install Python dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARDS: false
run: |
pipenv run mkdocs build --config-file config/mkdocs-offline.yml
pipenv run mkdocs --version
- name: Package website
run: |
tar -czvf offline.tar.gz site
zip -r -q offline.zip site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
name: offline.tar.gz
path: offline.tar.gz
- name: Upload zip file
uses: actions/upload-artifact@v4
with:
name: offline.zip
path: offline.zip
- name: Create ZIM File
uses: addnab/docker-run-action@v3
with:
image: ghcr.io/openzim/zim-tools:3.1.3
options: -v ${{ github.workspace }}:/data
run: |
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/offline-privacy_guides.zim
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim

114
.github/workflows/build.yml vendored Normal file
View File

@@ -0,0 +1,114 @@
name: Build Website
on:
workflow_call:
inputs:
ref:
required: true
type: string
repo:
required: true
type: string
lang:
type: string
default: en
context:
type: string
default: deploy-preview
continue-on-error:
type: boolean
default: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- if: inputs.lang != 'en'
run: |
cp -rl modules/repo-i18n/i18n .
cp -rl modules/repo-i18n/includes .
cp -rl modules/repo-i18n/theme .
- uses: actions/setup-python@v5
with:
cache: "pipenv"
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ inputs.repo }}-${{ inputs.ref }}-
site-cache-${{ inputs.repo }}-
- uses: actions/cache/restore@v4.0.2
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
path: |
config/.cache/plugin/social/manifest.json
config/.cache/plugin/social/assets
restore-keys: |
card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-
card-cache-${{ inputs.repo }}-${{ inputs.lang }}-
- run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- uses: falti/dotenv-action@v1.1
with:
path: includes/strings.${{ inputs.lang }}.env
export-variables: true
keys-case: bypass
- env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CONTEXT: ${{ inputs.context }}
PRODUCTION: true
run: |
pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
pipenv run mkdocs --version
tar -czvf site-build-${{ inputs.lang }}.tar.gz site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- uses: actions/cache/save@v4.0.2
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
path: |
config/.cache/plugin/social/manifest.json
config/.cache/plugin/social/assets
- uses: actions/upload-artifact@v4
with:
name: site-build-${{ inputs.lang }}.tar.gz
path: site-build-${{ inputs.lang }}.tar.gz

51
.github/workflows/deploy-all.yml vendored
View File

@@ -1,51 +0,0 @@
name: Deploy Website Build
permissions:
contents: read
pages: write
id-token: write
on:
workflow_call:
inputs:
netlify_production:
type: boolean
default: true
github_pages:
type: boolean
default: true
minio_production:
type: boolean
default: true
outputs:
netlify_preview_address:
value: ${{ jobs.netlify.outputs.address }}
secrets:
NETLIFY_TOKEN:
PROD_MINIO_KEY_ID:
PROD_MINIO_SECRET_KEY:
jobs:
netlify:
if: inputs.netlify_production
uses: privacyguides/.github/.github/workflows/deploy-netlify.yml@main
with:
netlify_site_id: ${{ vars.PROD_NETLIFY_SITE }}
environment: production
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
minio:
if: inputs.minio_production
uses: privacyguides/.github/.github/workflows/deploy-minio.yml@main
with:
environment: production
secrets:
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
pages:
if: inputs.github_pages
uses: privacyguides/.github/.github/workflows/deploy-pages.yml@main
with:
environment: github-pages

6
.github/workflows/publish-pr.yml vendored
View File

@@ -60,7 +60,7 @@ jobs:
fail-fast: false
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build.yml@main
uses: ./.github/workflows/build.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
@@ -71,7 +71,7 @@ jobs:
needs: build
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/deploy-netlify-preview.yml@main
uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
with:
netlify_alias: ${{ github.event.pull_request.head.sha }}
netlify_site_id: ${{ vars.NETLIFY_SITE }}
@@ -84,7 +84,7 @@ jobs:
needs: deploy
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy.outputs.netlify_preview_address }}
address: ${{ needs.deploy.outputs.address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
with:

12
.github/workflows/publish-release.yml vendored
View File

@@ -48,7 +48,7 @@ jobs:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build.yml@main
uses: ./.github/workflows/build.yml
with:
ref: ${{ github.ref }}
repo: ${{ github.repository }}
@@ -60,7 +60,7 @@ jobs:
needs: submodule
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build-offline.yml@main
uses: ./.github/workflows/build-offline.yml
release:
name: Create release notes
@@ -84,15 +84,13 @@ jobs:
deploy:
needs: build
uses: ./.github/workflows/deploy-all.yml
with:
netlify_production: true
github_pages: true
minio_production: true
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
cleanup:
if: ${{ always() }}

4
.github/workflows/test-build.yml vendored
View File

@@ -45,7 +45,7 @@ jobs:
fail-fast: false
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build.yml@main
uses: ./.github/workflows/build.yml
with:
ref: ${{ github.ref }}
repo: ${{ github.repository }}
@@ -56,7 +56,7 @@ jobs:
needs: submodule
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build-offline.yml@main
uses: ./.github/workflows/build-offline.yml
cleanup:
if: ${{ always() }}

4
.github/workflows/test-lint.yml vendored
View File

@@ -35,7 +35,7 @@ concurrency:
cancel-in-progress: true
env:
MAIN_BRANCH: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
MAIN_BRANCH: ${{ github.event_name == 'push' }}
jobs:
megalinter:
@@ -45,7 +45,7 @@ jobs:
- if: ${{ env.MAIN_BRANCH }}
uses: actions/checkout@v4
- if: ${{ !env.MAIN_BRANCH }}
- if: ${{ env.MAIN_BRANCH == 0 }}
uses: actions/checkout@v4
with:
fetch-depth: 0

1
.vscode/extensions.json vendored
View File

@@ -24,7 +24,6 @@
"DavidAnson.vscode-markdownlint",
"wholroyd.jinja",
"mikestead.dotenv",
"matthewpi.caddyfile-support",
"redhat.vscode-yaml",
"ecmel.vscode-html-css",
"yzhang.markdown-all-in-one"

17
.vscode/settings.json vendored
View File

@@ -21,20 +21,9 @@
{
"git.ignoreLimitWarning": true,
"ltex.diagnosticSeverity": "hint",
"[markdown]": {
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true
},
"[caddyfile]": {
"editor.defaultFormatter": "matthewpi.caddyfile-support",
"editor.formatOnSave": true
},
"files.associations": {
"*.caddy": "caddyfile",
"*.example-caddy": "caddyfile"
},
"editor.unicodeHighlight.invisibleCharacters": true,
"editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true,
"editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
"[yaml]": {
"editor.defaultFormatter": "redhat.vscode-yaml",
"editor.quickSuggestions": {

50
config/caddy/Caddyfile
View File

@@ -1,50 +0,0 @@
(pg-umami-config) {
umami {
event_endpoint https://stats.jonaharagon.net/api/send
website_uuid 30b92047-7cbb-4800-9815-2e075a293e0a
# bit of a hack to get umami working properly, nothing to do with cloudflare
client_ip_header CF-Connecting-IP
trusted_ip_header X-Real-IP
cookie_consent umami
cookie_resolution resolution
debug
}
}
www.privacyguides.org {
import vars
import common/*.caddy
import production/*.caddy
}
http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
import vars
import common/*.caddy
import production/minio.caddy
}
http://*.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
@hostnames header_regexp hostname Host (\S+)\.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd\.onion
handle @hostnames {
reverse_proxy {re.hostname.1}.privacyguides.org:443 {
header_up Host {re.hostname.1}.privacyguides.org
transport http {
tls
}
}
}
}
privacyguides.org {
import vars
import production/matrix.caddy
handle {
import production/https.caddy
redir https://www.privacyguides.org{uri}
}
}
http://xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
redir http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion{uri}
}

13
config/caddy/README.md
View File

@@ -1,13 +0,0 @@
# Caddy Webserver Config
Requires a build of Caddy with [jonaharagon/caddy-umami](https://github.com/jonaharagon/caddy-umami) installed.
## Variables
These variables are set on the server, and can be accessed like `{vars.variable_name}`:
- `minio_hostname`
- `pg_minio_bucket`
- `pg_matrix_webserver`
- `pg_umami_website_uuid`
- `umami_hostname`

34
config/caddy/common/00-matchers.caddy
View File

@@ -1,34 +0,0 @@
@static {
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
@en path /en/*
@es path /es/*
@fr path /fr/*
@he path /he/*
@it path /it/*
@nl path /nl/*
@ru path /ru/*
@zh-Hant path /zh-Hant/*
@es-header {
header Accept-Language es*
}
@fr-header {
header Accept-Language fr*
}
@he-header {
header Accept-Language he*
}
@it-header {
header Accept-Language it*
}
@nl-header {
header Accept-Language nl*
}
@ru-header {
header Accept-Language ru*
}
@zh-Hant-header {
header Accept-Language zh-Hant*
}

42
config/caddy/common/30-errors.caddy
View File

@@ -1,42 +0,0 @@
handle_errors {
@errors `{err.status_code} in [404]`
handle @errors {
handle @es {
try_files /i18n/{err.status_code}.es.html i18n/{err.status_code}.en.html
file_server
}
handle @fr {
try_files i18n/{err.status_code}.fr.html i18n/{err.status_code}.en.html
file_server
}
handle @he {
try_files i18n/{err.status_code}.he.html i18n/{err.status_code}.en.html
file_server
}
handle @it {
try_files i18n/{err.status_code}.it.html i18n/{err.status_code}.en.html
file_server
}
handle @nl {
try_files i18n/{err.status_code}.nl.html i18n/{err.status_code}.en.html
file_server
}
handle @ru {
try_files i18n/{err.status_code}.ru.html i18n/{err.status_code}.en.html
file_server
}
handle @zh-Hant {
try_files i18n/{err.status_code}.zh-Hant.html i18n/{err.status_code}.en.html
file_server
}
handle {
try_files i18n/{err.status_code}.en.html
file_server
}
}
# Handle all other webserver errors with a simple text response
handle {
respond "{err.status_code} {err.status_text}"
}
}

16
config/caddy/common/30-headers.caddy
View File

@@ -1,16 +0,0 @@
header X-Frame-Options SAMEORIGIN
header X-Content-Type-Options nosniff
header X-XSS-Protection 0
vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
# You can check whether a CSP directive will fall back to default-src on MDN.
# Add CSP directives WITH a default-src fallback here:
header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
# Add CSP directives WITHOUT a default-src fallback here:
header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
header Access-Control-Allow-Origin "*"
header @static Cache-Control max-age=2592000

4
config/caddy/common/50-redirect.caddy
View File

@@ -1,4 +0,0 @@
redir /kb* /en/basics/why-privacy-matters/
redir /license* https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
redir /coc* /en/CODE_OF_CONDUCT/
redir /team* /en/about/

30
config/caddy/common/55-redirect-lang.caddy
View File

@@ -1,30 +0,0 @@
route / {
header Cache-Control no-store
redir @es-header /es
redir @fr-header /fr
redir @he-header /he
redir @it-header /it
redir @nl-header /nl
redir @ru-header /ru
redir @zh-Hant-header /zh-Hant
# default case
handle {
redir * /en/
}
}
@kb {
path */kb */kb/*
}
route @kb {
redir @es /es/basics/why-privacy-matters/
redir @fr /fr/basics/why-privacy-matters/
redir @he /he/basics/why-privacy-matters/
redir @it /it/basics/why-privacy-matters/
redir @nl /nl/basics/why-privacy-matters/
redir @ru /ru/basics/why-privacy-matters/
redir @zh-Hant /zh-Hant/basics/why-privacy-matters/
redir * /en/basics/why-privacy-matters/
}

50
config/caddy/common/55-redirect-outdated.caddy
View File

@@ -1,50 +0,0 @@
redir /browsers /en/desktop-browsers/
redir /blog https://blog.privacyguides.org
redir /basics/dns-overview /en/advanced/dns-overview/
redir /basics/tor-overview /en/advanced/tor-overview/
redir /real-time-communication/communication-network-types /en/advanced/communication-network-types
redir /advanced/real-time-communication /en/advanced/communication-network-types
redir /android/overview /en/os/android-overview/
redir /linux-desktop/overview /en/os/linux-overview/
redir /android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
redir /ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
redir /linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
redir /linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
redir /advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
redir /real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
redir /advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
redir /advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
redir /operating-systems /en/desktop/
redir /threat-modeling /en/basics/threat-modeling/
redir /self-contained-networks /en/tor/
redir /privacy-policy /en/about/privacy-policy/
redir /metadata-removal-tools /en/data-redaction/
redir /basics /en/kb
redir /software/file-encryption /en/encryption/
redir /providers /en/tools/#service-providers
redir /software/calendar-contacts /en/calendar/
redir /calendar-contacts /en/calendar/
redir /software/metadata-removal-tools /en/data-redaction/
redir /contact /en/about/
redir /welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
redir /software/email /en/email-clients/
redir /providers/paste /en/tools/
redir /blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
redir /terms-and-notices /en/about/notices/
redir /software/networks /en/tor/
redir /social-news-aggregator /en/news-aggregators/
redir /basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
redir /linux-desktop /en/desktop/
handle_path /providers/* {
redir * /en/{uri}
}
handle_path /software/* {
redir * /en/{uri}
}
handle_path /blog/* {
redir * https://blog.privacyguides.org/{uri}
}
handle_path /assets/* {
redir * /en/assets/{uri}
}

6
config/caddy/common/80-canonical.caddy
View File

@@ -1,6 +0,0 @@
@canonicalPath {
path */
}
route @canonicalPath {
rewrite @canonicalPath {http.request.orig_uri.path}index.html
}

2
config/caddy/production/https.caddy
View File

@@ -1,2 +0,0 @@
header ?Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
header +Content-Security-Policy upgrade-insecure-requests;

13
config/caddy/production/matrix.caddy
View File

@@ -1,13 +0,0 @@
@matrix {
path /.well-known/matrix/*
}
handle @matrix {
reverse_proxy 10.163.5.51:81 {
header_up Host matrix.privacyguides.org
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}

31
config/caddy/production/minio.caddy
View File

@@ -1,31 +0,0 @@
cache
encode zstd gzip
reverse_proxy http://10.163.3.10:9000 {
header_up Host privacyguides-org-production.stor1-minio.jonaharagon.net
header_down -Server
header_down -Vary
header_down -X-*
@200ok status 2xx 304
handle_response @200ok {
import pg-umami-config
copy_response
copy_response_headers
}
@error404 status 404
handle_response @error404 {
@addSlash {
expression !{path}.endsWith("/")
}
redir @addSlash {http.request.orig_uri.path}/
}
@error400 status 400
handle_response @error400 {
@real404 {
path *//index.html
}
respond @real404 404
}
}

4
config/mkdocs-common.yml
View File

@@ -105,8 +105,8 @@ extra:
name: Self-Hosted Analytics
checked: true
github:
name: GitHub
checked: false
name: GitHub API
checked: true
actions:
- reject
- accept

104
netlify.toml
View File

@@ -1,104 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
[build]
publish = "site/"
command = "mkdocs build --config-file config/mkdocs.en.yml && cp -r static/* site/"
[context.production]
command = "rm -rf i18n-download || true && git clone https://github.com/privacyguides/i18n i18n-download && cp -rl i18n-download/i18n . && cp -rl i18n-download/includes . && cp -rl i18n-download/theme . && mkdocs build --config-file config/mkdocs.en.yml && mkdocs build --config-file config/mkdocs.es.yml && mkdocs build --config-file config/mkdocs.fr.yml && mkdocs build --config-file config/mkdocs.he.yml && mkdocs build --config-file config/mkdocs.it.yml && mkdocs build --config-file config/mkdocs.nl.yml && mkdocs build --config-file config/mkdocs.zh-Hant.yml && mkdocs build --config-file config/mkdocs.ru.yml && cp -r static/* site/"
[context.branch-deploy]
command = "crowdin download && for i in config/mkdocs.*.yml; do mkdocs build --config-file $i; done && cp -r static/* site/"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "0"
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
Permissions-Policy = "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
[[headers]]
for = "/:lang/about/donate/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
[[headers]]
for = "/:lang/tor/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
[[redirects]]
from = "/es/*"
to = "/i18n/404.es.html"
status = 404
[[redirects]]
from = "/fr/*"
to = "/i18n/404.fr.html"
status = 404
[[redirects]]
from = "/he/*"
to = "/i18n/404.he.html"
status = 404
[[redirects]]
from = "/it/*"
to = "/i18n/404.it.html"
status = 404
[[redirects]]
from = "/nl/*"
to = "/i18n/404.nl.html"
status = 404
[[redirects]]
from = "/zh-hant/*"
to = "/i18n/404.zh-Hant.html"
status = 404
[[redirects]]
from = "/ru/*"
to = "/i18n/404.ru.html"
status = 404
[[redirects]]
from = "/*"
to = "/i18n/404.en.html"
status = 404
[[plugins]]
package = "@netlify/plugin-lighthouse"
[[plugins.inputs.audits]]
path = "en"
[[plugins.inputs.audits]]
path = "en/tools"
[[plugins.inputs.audits]]
path = "en/basics/why-privacy-matters"
[[plugins.inputs.audits]]
path = "en/vpn"

89
static/_redirects
View File

@@ -1,89 +0,0 @@
# Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
/ /en/ 302 Language=en
/ /es/ 302 Language=es
/ /fr/ 302 Language=fr
/ /he/ 302 Language=he
/ /it/ 302 Language=it
/ /nl/ 302 Language=nl
/ /zh-hant/ 302 Language=zh-Hant
/ /ru/ 302 Language=ru
/ /en/ 302
/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200
/.well-known/* /well-known/:splat 200
/kb /en/basics/why-privacy-matters/
/:lang/kb /:lang/basics/why-privacy-matters/
/coc /en/CODE_OF_CONDUCT/
/license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
/team /en/about/
/browsers /en/desktop-browsers/
/blog https://blog.privacyguides.org
/basics/dns-overview /en/advanced/dns-overview/
/basics/tor-overview /en/advanced/tor-overview/
/real-time-communication/communication-network-types /en/advanced/communication-network-types
/advanced/real-time-communication /en/advanced/communication-network-types
/android/overview /en/os/android-overview/
/linux-desktop/overview /en/os/linux-overview/
/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/operating-systems /en/desktop/
/threat-modeling /en/basics/threat-modeling/
/self-contained-networks /en/tor/
/privacy-policy /en/about/privacy-policy/
/metadata-removal-tools /en/data-redaction/
/basics /en/kb
/software/file-encryption /en/encryption/
/providers /en/tools/#service-providers
/software/calendar-contacts /en/calendar/
/calendar-contacts /en/calendar/
/software/metadata-removal-tools /en/data-redaction/
/contact /en/about/
/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
/software/email /en/email-clients/
/providers/paste /en/tools/
/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
/terms-and-notices /en/about/notices/
/software/networks /en/tor/
/social-news-aggregator /en/news-aggregators/
/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/linux-desktop /en/desktop/
/providers/:slug /en/:slug/
/software/:slug /en/:slug/
/blog/* https://blog.privacyguides.org/:splat
/assets/* /en/assets/:splat
/:slug/ /en/:slug/
/about/:slug/ /en/about/:slug/
/advanced/:slug/ /en/advanced/:slug/
/basics/:slug/ /en/basics/:slug/
/meta/:slug/ /en/meta/:slug/
/os/:slug/ /en/os/:slug/

24
static/i18n/404.en.html
View File

File diff suppressed because one or more lines are too long

5
static/well-known/security.txt
View File

@@ -1,5 +0,0 @@
Contact: mailto:jonah@triplebit.net
Expires: 2024-01-01T18:00:00.000Z
Preferred-Languages: en
Canonical: https://www.privacyguides.org/.well-known/security.txt
Policy: https://github.com/privacyguides/privacyguides.org/security/policy

2
theme/assets/javascripts/resolution.js
View File

@@ -22,7 +22,7 @@ function getCookie(cname) {
var consent = __md_get("__consent")
if (!consent) {
__md_set("__consent", {umami: true});
__md_set("__consent", {"umami":true,"github":true});
if (getCookie('resolution') == '') {
const resolution = `${window.screen.width}x${window.screen.height}`;
setCookie('resolution', resolution, 30);