privacyguides
/
privacyguides.org
mirror of https://github.com/privacyguides/privacyguides.org.git
1
0
Fork 0
Code Issues Activity

Remove server things from repo (#2475) 

Signed-off-by: Daniel Gray <dngray@privacyguides.org>
This commit is contained in:
Jonah Aragon 2024-04-03 07:06:38 +00:00 committed by Daniel Gray
parent 04c37b9cdf
commit ce7896c07f
No known key found for this signature in database
GPG Key ID: 41911F722B0F9AE3
28 changed files with 226 additions and 620 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.github/CODEOWNERS vendored
View File

@ -1,27 +1,5 @@
# Copyright (c) 2019-2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
# Additional Co-Owners are added to the TOP of this file
# High-traffic pages
/docs/index.en.md @jonaharagon @dngray
/docs/index.md @jonaharagon @dngray
/theme/overrides/ @jonaharagon
# Org
@ -35,4 +13,3 @@ README.md @jonaharagon @dngray
/Pipfile @jonaharagon
/Pipfile.lock @jonaharagon
/.github/ @jonaharagon
/.well-known/ @jonaharagon

93
.github/workflows/build-offline.yml vendored Normal file
View File

@ -0,0 +1,93 @@
name: Build Offline Website
on:
workflow_call:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
persist-credentials: "false"
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- name: Python setup
uses: actions/setup-python@v5
with:
cache: "pipenv"
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ github.repository }}-en-${{ github.ref }}-
site-cache-${{ github.repository }}-en-
- name: Install Python dependencies
run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- name: Build website
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CARDS: false
run: |
pipenv run mkdocs build --config-file config/mkdocs-offline.yml
pipenv run mkdocs --version
- name: Package website
run: |
tar -czvf offline.tar.gz site
zip -r -q offline.zip site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ github.repository }}-en-${{ github.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- name: Upload tar.gz file
uses: actions/upload-artifact@v4
with:
name: offline.tar.gz
path: offline.tar.gz
- name: Upload zip file
uses: actions/upload-artifact@v4
with:
name: offline.zip
path: offline.zip
- name: Create ZIM File
uses: addnab/docker-run-action@v3
with:
image: ghcr.io/openzim/zim-tools:3.1.3
options: -v ${{ github.workspace }}:/data
run: |
zimwriterfs -w index.html -I assets/brand/logos/png/square/pg-yellow.png -l eng -t "Privacy Guides" -d "Your central privacy and security resource to protect yourself online." -c "Privacy Guides" -p "Jonah Aragon" -n "Privacy Guides" -e "https://github.com/privacyguides/privacyguides.org" /data/site /data/offline-privacy_guides.zim
- name: Upload ZIM file
uses: actions/upload-artifact@v4
with:
name: offline-privacy_guides.zim
path: offline-privacy_guides.zim

114
.github/workflows/build.yml vendored Normal file
View File

@ -0,0 +1,114 @@
name: Build Website
on:
workflow_call:
inputs:
ref:
required: true
type: string
repo:
required: true
type: string
lang:
type: string
default: en
context:
type: string
default: deploy-preview
continue-on-error:
type: boolean
default: true
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
continue-on-error: ${{ inputs.continue-on-error }}
permissions:
contents: read
steps:
- uses: actions/checkout@v4
with:
repository: ${{ inputs.repo }}
ref: ${{ inputs.ref }}
persist-credentials: "false"
fetch-depth: 0
- uses: actions/download-artifact@v4
with:
pattern: repo-*
path: modules
- run: |
rmdir modules/mkdocs-material
mv modules/repo-mkdocs-material-insiders modules/mkdocs-material
rmdir theme/assets/brand
mv modules/repo-brand theme/assets/brand
- if: inputs.lang != 'en'
run: |
cp -rl modules/repo-i18n/i18n .
cp -rl modules/repo-i18n/includes .
cp -rl modules/repo-i18n/theme .
- uses: actions/setup-python@v5
with:
cache: "pipenv"
- uses: actions/cache/restore@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
restore-keys: |
site-cache-${{ inputs.repo }}-${{ inputs.ref }}-
site-cache-${{ inputs.repo }}-
- uses: actions/cache/restore@v4.0.2
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
path: |
config/.cache/plugin/social/manifest.json
config/.cache/plugin/social/assets
restore-keys: |
card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-
card-cache-${{ inputs.repo }}-${{ inputs.lang }}-
- run: |
pip install pipenv
pipenv install
sudo apt install pngquant
- uses: falti/dotenv-action@v1.1
with:
path: includes/strings.${{ inputs.lang }}.env
export-variables: true
keys-case: bypass
- env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
CONTEXT: ${{ inputs.context }}
PRODUCTION: true
run: |
pipenv run mkdocs build --config-file config/mkdocs.${{ inputs.lang }}.yml
pipenv run mkdocs --version
tar -czvf site-build-${{ inputs.lang }}.tar.gz site
- uses: actions/cache/save@v4.0.2
with:
key: site-cache-${{ inputs.repo }}-${{ inputs.ref }}-${{ hashfiles('.cache/**') }}
path: .cache
- uses: actions/cache/save@v4.0.2
with:
key: card-cache-${{ inputs.repo }}-${{ inputs.lang }}-${{ inputs.ref }}-${{ hashfiles('config/.cache/plugin/social/manifest.json') }}
path: |
config/.cache/plugin/social/manifest.json
config/.cache/plugin/social/assets
- uses: actions/upload-artifact@v4
with:
name: site-build-${{ inputs.lang }}.tar.gz
path: site-build-${{ inputs.lang }}.tar.gz

51
.github/workflows/deploy-all.yml vendored
View File

@ -1,51 +0,0 @@
name: Deploy Website Build
permissions:
contents: read
pages: write
id-token: write
on:
workflow_call:
inputs:
netlify_production:
type: boolean
default: true
github_pages:
type: boolean
default: true
minio_production:
type: boolean
default: true
outputs:
netlify_preview_address:
value: ${{ jobs.netlify.outputs.address }}
secrets:
NETLIFY_TOKEN:
PROD_MINIO_KEY_ID:
PROD_MINIO_SECRET_KEY:
jobs:
netlify:
if: inputs.netlify_production
uses: privacyguides/.github/.github/workflows/deploy-netlify.yml@main
with:
netlify_site_id: ${{ vars.PROD_NETLIFY_SITE }}
environment: production
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
minio:
if: inputs.minio_production
uses: privacyguides/.github/.github/workflows/deploy-minio.yml@main
with:
environment: production
secrets:
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
pages:
if: inputs.github_pages
uses: privacyguides/.github/.github/workflows/deploy-pages.yml@main
with:
environment: github-pages

6
.github/workflows/publish-pr.yml vendored
View File

@ -60,7 +60,7 @@ jobs:
fail-fast: false
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build.yml@main
uses: ./.github/workflows/build.yml
with:
ref: ${{github.event.pull_request.head.ref}}
repo: ${{github.event.pull_request.head.repo.full_name}}
@ -71,7 +71,7 @@ jobs:
needs: build
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/deploy-netlify-preview.yml@main
uses: privacyguides/webserver/.github/workflows/deploy-netlify-preview.yml@main
with:
netlify_alias: ${{ github.event.pull_request.head.sha }}
netlify_site_id: ${{ vars.NETLIFY_SITE }}
@ -84,7 +84,7 @@ jobs:
needs: deploy
runs-on: ubuntu-latest
env:
address: ${{ needs.deploy.outputs.netlify_preview_address }}
address: ${{ needs.deploy.outputs.address }}
steps:
- uses: thollander/actions-comment-pull-request@v2.5.0
with:

12
.github/workflows/publish-release.yml vendored
View File

@ -48,7 +48,7 @@ jobs:
lang: [en, es, fr, he, it, nl, ru, zh-Hant]
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build.yml@main
uses: ./.github/workflows/build.yml
with:
ref: ${{ github.ref }}
repo: ${{ github.repository }}
@ -60,7 +60,7 @@ jobs:
needs: submodule
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build-offline.yml@main
uses: ./.github/workflows/build-offline.yml
release:
name: Create release notes
@ -84,15 +84,13 @@ jobs:
deploy:
needs: build
uses: ./.github/workflows/deploy-all.yml
with:
netlify_production: true
github_pages: true
minio_production: true
uses: privacyguides/webserver/.github/workflows/deploy-all.yml@main
secrets:
NETLIFY_TOKEN: ${{ secrets.NETLIFY_TOKEN }}
PROD_MINIO_KEY_ID: ${{ secrets.PROD_MINIO_KEY_ID }}
PROD_MINIO_SECRET_KEY: ${{ secrets.PROD_MINIO_SECRET_KEY }}
CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
cleanup:
if: ${{ always() }}

4
.github/workflows/test-build.yml vendored
View File

@ -45,7 +45,7 @@ jobs:
fail-fast: false
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build.yml@main
uses: ./.github/workflows/build.yml
with:
ref: ${{ github.ref }}
repo: ${{ github.repository }}
@ -56,7 +56,7 @@ jobs:
needs: submodule
permissions:
contents: read
uses: privacyguides/.github/.github/workflows/build-offline.yml@main
uses: ./.github/workflows/build-offline.yml
cleanup:
if: ${{ always() }}

4
.github/workflows/test-lint.yml vendored
View File

@ -35,7 +35,7 @@ concurrency:
cancel-in-progress: true
env:
MAIN_BRANCH: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
MAIN_BRANCH: ${{ github.event_name == 'push' }}
jobs:
megalinter:
@ -45,7 +45,7 @@ jobs:
- if: ${{ env.MAIN_BRANCH }}
uses: actions/checkout@v4
- if: ${{ !env.MAIN_BRANCH }}
- if: ${{ env.MAIN_BRANCH == 0 }}
uses: actions/checkout@v4
with:
fetch-depth: 0

1
.vscode/extensions.json vendored
View File

@ -24,7 +24,6 @@
"DavidAnson.vscode-markdownlint",
"wholroyd.jinja",
"mikestead.dotenv",
"matthewpi.caddyfile-support",
"redhat.vscode-yaml",
"ecmel.vscode-html-css",
"yzhang.markdown-all-in-one"

17
.vscode/settings.json vendored
View File

@ -21,20 +21,9 @@
{
"git.ignoreLimitWarning": true,
"ltex.diagnosticSeverity": "hint",
"[markdown]": {
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true
},
"[caddyfile]": {
"editor.defaultFormatter": "matthewpi.caddyfile-support",
"editor.formatOnSave": true
},
"files.associations": {
"*.caddy": "caddyfile",
"*.example-caddy": "caddyfile"
},
"editor.unicodeHighlight.invisibleCharacters": true,
"editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
"editor.unicodeHighlight.ambiguousCharacters": true,
"editor.unicodeHighlight.invisibleCharacters": true,
"editor.defaultFormatter": "DavidAnson.vscode-markdownlint",
"[yaml]": {
"editor.defaultFormatter": "redhat.vscode-yaml",
"editor.quickSuggestions": {

50
config/caddy/Caddyfile
View File

@ -1,50 +0,0 @@
(pg-umami-config) {
umami {
event_endpoint https://stats.jonaharagon.net/api/send
website_uuid 30b92047-7cbb-4800-9815-2e075a293e0a
# bit of a hack to get umami working properly, nothing to do with cloudflare
client_ip_header CF-Connecting-IP
trusted_ip_header X-Real-IP
cookie_consent umami
cookie_resolution resolution
debug
}
}
www.privacyguides.org {
import vars
import common/*.caddy
import production/*.caddy
}
http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
import vars
import common/*.caddy
import production/minio.caddy
}
http://*.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
@hostnames header_regexp hostname Host (\S+)\.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd\.onion
handle @hostnames {
reverse_proxy {re.hostname.1}.privacyguides.org:443 {
header_up Host {re.hostname.1}.privacyguides.org
transport http {
tls
}
}
}
}
privacyguides.org {
import vars
import production/matrix.caddy
handle {
import production/https.caddy
redir https://www.privacyguides.org{uri}
}
}
http://xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion {
redir http://www.xoe4vn5uwdztif6goazfbmogh6wh5jc4up35bqdflu6bkdc5cas5vjqd.onion{uri}
}

13
config/caddy/README.md
View File

@ -1,13 +0,0 @@
# Caddy Webserver Config
Requires a build of Caddy with [jonaharagon/caddy-umami](https://github.com/jonaharagon/caddy-umami) installed.
## Variables
These variables are set on the server, and can be accessed like `{vars.variable_name}`:
- `minio_hostname`
- `pg_minio_bucket`
- `pg_matrix_webserver`
- `pg_umami_website_uuid`
- `umami_hostname`

34
config/caddy/common/00-matchers.caddy
View File

@ -1,34 +0,0 @@
@static {
path *.ico *.css *.js *.gif *.webp *.avif *.jpg *.jpeg *.png *.svg *.woff *.woff2
}
@en path /en/*
@es path /es/*
@fr path /fr/*
@he path /he/*
@it path /it/*
@nl path /nl/*
@ru path /ru/*
@zh-Hant path /zh-Hant/*
@es-header {
header Accept-Language es*
}
@fr-header {
header Accept-Language fr*
}
@he-header {
header Accept-Language he*
}
@it-header {
header Accept-Language it*
}
@nl-header {
header Accept-Language nl*
}
@ru-header {
header Accept-Language ru*
}
@zh-Hant-header {
header Accept-Language zh-Hant*
}

42
config/caddy/common/30-errors.caddy
View File

@ -1,42 +0,0 @@
handle_errors {
@errors `{err.status_code} in [404]`
handle @errors {
handle @es {
try_files /i18n/{err.status_code}.es.html i18n/{err.status_code}.en.html
file_server
}
handle @fr {
try_files i18n/{err.status_code}.fr.html i18n/{err.status_code}.en.html
file_server
}
handle @he {
try_files i18n/{err.status_code}.he.html i18n/{err.status_code}.en.html
file_server
}
handle @it {
try_files i18n/{err.status_code}.it.html i18n/{err.status_code}.en.html
file_server
}
handle @nl {
try_files i18n/{err.status_code}.nl.html i18n/{err.status_code}.en.html
file_server
}
handle @ru {
try_files i18n/{err.status_code}.ru.html i18n/{err.status_code}.en.html
file_server
}
handle @zh-Hant {
try_files i18n/{err.status_code}.zh-Hant.html i18n/{err.status_code}.en.html
file_server
}
handle {
try_files i18n/{err.status_code}.en.html
file_server
}
}
# Handle all other webserver errors with a simple text response
handle {
respond "{err.status_code} {err.status_text}"
}
}

16
config/caddy/common/30-headers.caddy
View File

@ -1,16 +0,0 @@
header X-Frame-Options SAMEORIGIN
header X-Content-Type-Options nosniff
header X-XSS-Protection 0
vars pg_csp_self "https://www.privacyguides.org https://cdn.privacyguides.org 'self'"
# You can check whether a CSP directive will fall back to default-src on MDN.
# Add CSP directives WITH a default-src fallback here:
header +Content-Security-Policy "default-src 'none'; script-src {vars.pg_csp_self} 'unsafe-inline'; style-src {vars.pg_csp_self} 'unsafe-inline'; font-src {vars.pg_csp_self} data:; img-src data: {vars.pg_csp_self}; connect-src https://api.github.com https://*.privacyguides.net {vars.pg_csp_self}; frame-src https://*.privacyguides.net https://snowflake.torproject.org {vars.pg_csp_self}"
# Add CSP directives WITHOUT a default-src fallback here:
header +Content-Security-Policy "form-action 'self'; frame-ancestors 'none'; base-uri 'none'; sandbox allow-scripts allow-popups allow-same-origin;"
header Permissions-Policy "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
header Access-Control-Allow-Origin "*"
header @static Cache-Control max-age=2592000

4
config/caddy/common/50-redirect.caddy
View File

@ -1,4 +0,0 @@
redir /kb* /en/basics/why-privacy-matters/
redir /license* https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
redir /coc* /en/CODE_OF_CONDUCT/
redir /team* /en/about/

30
config/caddy/common/55-redirect-lang.caddy
View File

@ -1,30 +0,0 @@
route / {
header Cache-Control no-store
redir @es-header /es
redir @fr-header /fr
redir @he-header /he
redir @it-header /it
redir @nl-header /nl
redir @ru-header /ru
redir @zh-Hant-header /zh-Hant
# default case
handle {
redir * /en/
}
}
@kb {
path */kb */kb/*
}
route @kb {
redir @es /es/basics/why-privacy-matters/
redir @fr /fr/basics/why-privacy-matters/
redir @he /he/basics/why-privacy-matters/
redir @it /it/basics/why-privacy-matters/
redir @nl /nl/basics/why-privacy-matters/
redir @ru /ru/basics/why-privacy-matters/
redir @zh-Hant /zh-Hant/basics/why-privacy-matters/
redir * /en/basics/why-privacy-matters/
}

50
config/caddy/common/55-redirect-outdated.caddy
View File

@ -1,50 +0,0 @@
redir /browsers /en/desktop-browsers/
redir /blog https://blog.privacyguides.org
redir /basics/dns-overview /en/advanced/dns-overview/
redir /basics/tor-overview /en/advanced/tor-overview/
redir /real-time-communication/communication-network-types /en/advanced/communication-network-types
redir /advanced/real-time-communication /en/advanced/communication-network-types
redir /android/overview /en/os/android-overview/
redir /linux-desktop/overview /en/os/linux-overview/
redir /android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
redir /ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
redir /linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
redir /linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
redir /advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
redir /real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
redir /advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
redir /advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
redir /operating-systems /en/desktop/
redir /threat-modeling /en/basics/threat-modeling/
redir /self-contained-networks /en/tor/
redir /privacy-policy /en/about/privacy-policy/
redir /metadata-removal-tools /en/data-redaction/
redir /basics /en/kb
redir /software/file-encryption /en/encryption/
redir /providers /en/tools/#service-providers
redir /software/calendar-contacts /en/calendar/
redir /calendar-contacts /en/calendar/
redir /software/metadata-removal-tools /en/data-redaction/
redir /contact /en/about/
redir /welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
redir /software/email /en/email-clients/
redir /providers/paste /en/tools/
redir /blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
redir /terms-and-notices /en/about/notices/
redir /software/networks /en/tor/
redir /social-news-aggregator /en/news-aggregators/
redir /basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
redir /linux-desktop /en/desktop/
handle_path /providers/* {
redir * /en/{uri}
}
handle_path /software/* {
redir * /en/{uri}
}
handle_path /blog/* {
redir * https://blog.privacyguides.org/{uri}
}
handle_path /assets/* {
redir * /en/assets/{uri}
}

6
config/caddy/common/80-canonical.caddy
View File

@ -1,6 +0,0 @@
@canonicalPath {
path */
}
route @canonicalPath {
rewrite @canonicalPath {http.request.orig_uri.path}index.html
}

2
config/caddy/production/https.caddy
View File

@ -1,2 +0,0 @@
header ?Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
header +Content-Security-Policy upgrade-insecure-requests;

13
config/caddy/production/matrix.caddy
View File

@ -1,13 +0,0 @@
@matrix {
path /.well-known/matrix/*
}
handle @matrix {
reverse_proxy 10.163.5.51:81 {
header_up Host matrix.privacyguides.org
header_up X-Forwarded-Port {http.request.port}
header_up X-Forwarded-TlsProto {tls_protocol}
header_up X-Forwarded-TlsCipher {tls_cipher}
header_up X-Forwarded-HttpsProto {proto}
}
}

31
config/caddy/production/minio.caddy
View File

@ -1,31 +0,0 @@
cache
encode zstd gzip
reverse_proxy http://10.163.3.10:9000 {
header_up Host privacyguides-org-production.stor1-minio.jonaharagon.net
header_down -Server
header_down -Vary
header_down -X-*
@200ok status 2xx 304
handle_response @200ok {
import pg-umami-config
copy_response
copy_response_headers
}
@error404 status 404
handle_response @error404 {
@addSlash {
expression !{path}.endsWith("/")
}
redir @addSlash {http.request.orig_uri.path}/
}
@error400 status 400
handle_response @error400 {
@real404 {
path *//index.html
}
respond @real404 404
}
}

4
config/mkdocs-common.yml
View File

@ -105,8 +105,8 @@ extra:
name: Self-Hosted Analytics
checked: true
github:
name: GitHub
checked: false
name: GitHub API
checked: true
actions:
- reject
- accept

104
netlify.toml
View File

@ -1,104 +0,0 @@
# Copyright (c) 2022-2024 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
[build]
publish = "site/"
command = "mkdocs build --config-file config/mkdocs.en.yml && cp -r static/* site/"
[context.production]
command = "rm -rf i18n-download || true && git clone https://github.com/privacyguides/i18n i18n-download && cp -rl i18n-download/i18n . && cp -rl i18n-download/includes . && cp -rl i18n-download/theme . && mkdocs build --config-file config/mkdocs.en.yml && mkdocs build --config-file config/mkdocs.es.yml && mkdocs build --config-file config/mkdocs.fr.yml && mkdocs build --config-file config/mkdocs.he.yml && mkdocs build --config-file config/mkdocs.it.yml && mkdocs build --config-file config/mkdocs.nl.yml && mkdocs build --config-file config/mkdocs.zh-Hant.yml && mkdocs build --config-file config/mkdocs.ru.yml && cp -r static/* site/"
[context.branch-deploy]
command = "crowdin download && for i in config/mkdocs.*.yml; do mkdocs build --config-file $i; done && cp -r static/* site/"
[[headers]]
for = "/*"
[headers.values]
X-Frame-Options = "DENY"
X-XSS-Protection = "0"
X-Content-Type-Options = "nosniff"
Strict-Transport-Security = "max-age=63072000; includeSubDomains; preload"
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://*.privacyguides.net; frame-ancestors 'none'"
Permissions-Policy = "browsing-topics=(), conversion-measurement=(), interest-cohort=(), accelerometer=(), ambient-light-sensor=(), battery=(), camera=(), display-capture=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), usb=()"
[[headers]]
for = "/:lang/about/donate/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://opencollective.com https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src https://opencollective.com data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://opencollective.com; frame-ancestors 'none'"
[[headers]]
for = "/:lang/tor/"
[headers.values]
Content-Security-Policy = "default-src 'none'; script-src https://www.privacyguides.org 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; font-src 'self' data:; img-src data: 'self'; connect-src https://api.github.com https://*.privacyguides.net 'self'; frame-src https://snowflake.torproject.org; frame-ancestors 'none'"
[[redirects]]
from = "/es/*"
to = "/i18n/404.es.html"
status = 404
[[redirects]]
from = "/fr/*"
to = "/i18n/404.fr.html"
status = 404
[[redirects]]
from = "/he/*"
to = "/i18n/404.he.html"
status = 404
[[redirects]]
from = "/it/*"
to = "/i18n/404.it.html"
status = 404
[[redirects]]
from = "/nl/*"
to = "/i18n/404.nl.html"
status = 404
[[redirects]]
from = "/zh-hant/*"
to = "/i18n/404.zh-Hant.html"
status = 404
[[redirects]]
from = "/ru/*"
to = "/i18n/404.ru.html"
status = 404
[[redirects]]
from = "/*"
to = "/i18n/404.en.html"
status = 404
[[plugins]]
package = "@netlify/plugin-lighthouse"
[[plugins.inputs.audits]]
path = "en"
[[plugins.inputs.audits]]
path = "en/tools"
[[plugins.inputs.audits]]
path = "en/basics/why-privacy-matters"
[[plugins.inputs.audits]]
path = "en/vpn"

89
static/_redirects
View File

@ -1,89 +0,0 @@
# Copyright (c) 2023 Jonah Aragon <jonah@triplebit.net>
# Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to
# deal in the Software without restriction, including without limitation the
# rights to use, copy, modify, merge, publish, distribute, sublicense, and/or
# sell copies of the Software, and to permit persons to whom the Software is
# furnished to do so, subject to the following conditions:
# The above copyright notice and this permission notice shall be included in
# all copies or substantial portions of the Software.
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
# FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. IN NO EVENT SHALL THE
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING
# FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS
# IN THE SOFTWARE.
/ /en/ 302 Language=en
/ /es/ 302 Language=es
/ /fr/ 302 Language=fr
/ /he/ 302 Language=he
/ /it/ 302 Language=it
/ /nl/ 302 Language=nl
/ /zh-hant/ 302 Language=zh-Hant
/ /ru/ 302 Language=ru
/ /en/ 302
/.well-known/matrix/* https://matrix.privacyguides.org/.well-known/matrix/:splat 200
/.well-known/* /well-known/:splat 200
/kb /en/basics/why-privacy-matters/
/:lang/kb /:lang/basics/why-privacy-matters/
/coc /en/CODE_OF_CONDUCT/
/license https://github.com/privacyguides/privacyguides.org/tree/main/README.md#license
/team /en/about/
/browsers /en/desktop-browsers/
/blog https://blog.privacyguides.org
/basics/dns-overview /en/advanced/dns-overview/
/basics/tor-overview /en/advanced/tor-overview/
/real-time-communication/communication-network-types /en/advanced/communication-network-types
/advanced/real-time-communication /en/advanced/communication-network-types
/android/overview /en/os/android-overview/
/linux-desktop/overview /en/os/linux-overview/
/android/grapheneos-vs-calyxos https://blog.privacyguides.org/2022/04/21/grapheneos-or-calyxos/
/ios/configuration https://blog.privacyguides.org/2022/10/22/ios-configuration-guide/
/linux-desktop/hardening https://blog.privacyguides.org/2022/04/22/linux-system-hardening/
/linux-desktop/sandboxing https://blog.privacyguides.org/2022/04/22/linux-application-sandboxing/
/advanced/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/real-time-communication/signal-configuration-hardening https://blog.privacyguides.org/2022/07/07/signal-configuration-and-hardening/
/advanced/integrating-metadata-removal https://blog.privacyguides.org/2022/04/09/integrating-metadata-removal/
/advanced/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/operating-systems /en/desktop/
/threat-modeling /en/basics/threat-modeling/
/self-contained-networks /en/tor/
/privacy-policy /en/about/privacy-policy/
/metadata-removal-tools /en/data-redaction/
/basics /en/kb
/software/file-encryption /en/encryption/
/providers /en/tools/#service-providers
/software/calendar-contacts /en/calendar/
/calendar-contacts /en/calendar/
/software/metadata-removal-tools /en/data-redaction/
/contact /en/about/
/welcome-to-privacy-guides https://blog.privacyguides.org/2021/09/14/welcome-to-privacy-guides/
/software/email /en/email-clients/
/providers/paste /en/tools/
/blog/2019/10/05/understanding-vpns https://www.jonaharagon.com/posts/understanding-vpns/
/terms-and-notices /en/about/notices/
/software/networks /en/tor/
/social-news-aggregator /en/news-aggregators/
/basics/erasing-data https://blog.privacyguides.org/2022/05/25/secure-data-erasure/
/linux-desktop /en/desktop/
/providers/:slug /en/:slug/
/software/:slug /en/:slug/
/blog/* https://blog.privacyguides.org/:splat
/assets/* /en/assets/:splat
/:slug/ /en/:slug/
/about/:slug/ /en/about/:slug/
/advanced/:slug/ /en/advanced/:slug/
/basics/:slug/ /en/basics/:slug/
/meta/:slug/ /en/meta/:slug/
/os/:slug/ /en/os/:slug/

24
static/i18n/404.en.html
View File

File diff suppressed because one or more lines are too long

5
static/well-known/security.txt
View File

@ -1,5 +0,0 @@
Contact: mailto:jonah@triplebit.net
Expires: 2024-01-01T18:00:00.000Z
Preferred-Languages: en
Canonical: https://www.privacyguides.org/.well-known/security.txt
Policy: https://github.com/privacyguides/privacyguides.org/security/policy

2
theme/assets/javascripts/resolution.js
View File

@ -22,7 +22,7 @@ function getCookie(cname) {
var consent = __md_get("__consent")
if (!consent) {
__md_set("__consent", {umami: true});
__md_set("__consent", {"umami":true,"github":true});
if (getCookie('resolution') == '') {
const resolution = `${window.screen.width}x${window.screen.height}`;
setCookie('resolution', resolution, 30);