Minify HTML & CSS (#1351)

Signed-off-by: Daniel Gray <dng@disroot.org>

Pipfile

@@ -9,6 +9,7 @@ mkdocs-material = {path = "./mkdocs-material"}
 mkdocs-static-i18n = "*"
 mkdocs-git-revision-date-localized-plugin = "*"
 typing-extensions = "*"
+mkdocs-minify-plugin = "*"
 
 [dev-packages]
 scour = "*"

Pipfile.lock

@@ -1,7 +1,7 @@
 {
     "_meta": {
         "hash": {
-            "sha256": "2d68765ce86bf264f0a29d6b9f31202a71615d6aad4653cffc874bd095267d29"
+            "sha256": "76ed583036efde0ea1b0725942175f9c77c8a04f218b4822cc8dcc0f8174e2f4"
         },
         "pipfile-spec": 6,
         "requires": {
@@ -41,11 +41,11 @@
         },
         "certifi": {
             "hashes": [
-                "sha256:6ae10321df3e464305a46e997da41ea56c1d311fb9ff1dd4e04d6f14653ec63a",
-                "sha256:8d15a5a7fde18536a249c49e07e8e462b8fc13de21b3c80e8a68315dfa227c99"
+                "sha256:9c5705e395cd70084351dd8ad5c41e65655e08ce46f2ec9cf6c2c08390f71eb7",
+                "sha256:f1d53542ee8cbedbe2118b5686372fb33c297fcd6379b050cca0ef13a597382a"
             ],
-            "markers": "python_version >= '3.5'",
-            "version": "==2022.5.18"
+            "markers": "python_version >= '3.6'",
+            "version": "==2022.5.18.1"
         },
         "cffi": {
             "hashes": [
@@ -107,7 +107,7 @@
                 "sha256:2857e29ff0d34db842cd7ca3230549d1a697f96ee6d3fb071cfa6c7393832597",
                 "sha256:6881edbebdb17b39b4eaaa821b438bf6eddffb4468cf344f09f89def34a8b1df"
             ],
-            "markers": "python_version >= '3'",
+            "markers": "python_version >= '3.0'",
             "version": "==2.0.12"
         },
         "click": {
@@ -118,6 +118,12 @@
             "markers": "python_version >= '3.7'",
             "version": "==8.1.3"
         },
+        "csscompressor": {
+            "hashes": [
+                "sha256:afa22badbcf3120a4f392e4d22f9fff485c044a1feda4a950ecc5eba9dd31a05"
+            ],
+            "version": "==0.9.5"
+        },
         "cssselect2": {
             "hashes": [
                 "sha256:3a83b2a68370c69c9cd3fcb88bbfaebe9d22edeef2c22d1ff3e1ed9c7fa45ed8",
@@ -157,21 +163,27 @@
             "markers": "python_version >= '3.7'",
             "version": "==3.1.27"
         },
+        "htmlmin": {
+            "hashes": [
+                "sha256:50c1ef4630374a5d723900096a961cff426dff46b48f34d194a81bbe14eca178"
+            ],
+            "version": "==0.1.12"
+        },
         "idna": {
             "hashes": [
                 "sha256:84d9dd047ffa80596e0f246e2eab0b391788b0503584e8945f2368256d2735ff",
                 "sha256:9d643ff0a55b762d5cdb124b8eaa99c66322e2157b69160bc32796e824360e6d"
             ],
-            "markers": "python_version >= '3'",
+            "markers": "python_version >= '3.0'",
             "version": "==3.3"
         },
         "importlib-metadata": {
             "hashes": [
-                "sha256:1208431ca90a8cca1a6b8af391bb53c1a2db74e5d1cef6ddced95d4b2062edc6",
-                "sha256:ea4c597ebf37142f827b8f39299579e31685c31d3a438b59f469406afd0f2539"
+                "sha256:5d26852efe48c0a32b0509ffbc583fda1a2266545a78d104a6f4aff3db17d700",
+                "sha256:c58c8eb8a762858f49e18436ff552e83914778e50e9d2f1660535ffb364552ec"
             ],
             "markers": "python_version >= '3.7'",
-            "version": "==4.11.3"
+            "version": "==4.11.4"
         },
         "jinja2": {
             "hashes": [
@@ -181,6 +193,12 @@
             "markers": "python_version >= '3.6'",
             "version": "==3.0.3"
         },
+        "jsmin": {
+            "hashes": [
+                "sha256:c0959a121ef94542e807a674142606f7e90214a2b3d1eb17300244bbb5cc2bfc"
+            ],
+            "version": "==3.0.1"
+        },
         "lxml": {
             "hashes": [
                 "sha256:078306d19a33920004addeb5f4630781aaeabb6a8d01398045fcde085091a169",
@@ -338,6 +356,14 @@
             "markers": "python_version >= '3.6'",
             "version": "==1.0.3"
         },
+        "mkdocs-minify-plugin": {
+            "hashes": [
+                "sha256:32d9e8fbd89327a0f4f648f517297aad344c1bad64cfde110d059bd2f2780a6d",
+                "sha256:487c31ae6b8b3230f56910ce6bcf5c7e6ad9a8c4f51c720a4b989f30c2b0233f"
+            ],
+            "index": "pypi",
+            "version": "==0.5.0"
+        },
         "mkdocs-static-i18n": {
             "hashes": [
                 "sha256:5d69b4eb284931bd048a36f923367f2a7bd0dc7b0438008dce8ca1a8feee99e2"

README.md

@@ -74,7 +74,7 @@ This website uses [`mkdocs-material-insiders`](https://squidfunk.github.io/mkdoc
     - `git submodule init`
     - `git submodule update docs/assets/brand`
 2. Install [Python 3.6+](https://www.python.org/downloads/)
-3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin typing-extensions`
+3. Install [dependencies](/Pipfile): `pip install mkdocs mkdocs-material mkdocs-static-i18n mkdocs-git-revision-date-localized-plugin mkdocs-minify-plugin typing-extensions`
 4. Serve the site locally: `mkdocs serve`
     - The site will be available at `http://localhost:8000`
     - You can build the site locally with `mkdocs build`

docs/android.en.md

@@ -65,16 +65,17 @@ CalyxOS only [supports](https://calyxos.org/docs/guide/device-support/) Google P
     DivestOS inherits many [supported devices](https://divestos.org/index.php?page=devices&base=LineageOS) from LineageOS. It has signed builds, making it possible to have [verified boot](https://source.android.com/security/verifiedboot) on some non-Pixel devices.
 
     [:octicons-home-16: Homepage](https://divestos.org){ .md-button .md-button--primary }
+    [:pg-tor:](http://divestoseb5nncsydt7zzf5hrfg44md4bxqjs5ifcv4t7gt7u6ohjyyd.onion){ .card-link title=Onion }
     [:octicons-eye-16:](https://divestos.org/index.php?page=privacy_policy){ .card-link title="Privacy Policy" }
     [:octicons-info-16:](https://divestos.org/index.php?page=faq){ .card-link title=Documentation}
     [:octicons-code-16:](https://github.com/divested-mobile){ .card-link title="Source Code" }
     [:octicons-heart-16:](https://divested.dev/index.php?page=donate){ .card-link title=Contribute }
 
-DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. It includes [UnifiedNlp](https://github.com/microg/UnifiedNlp) for network location. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and includes [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning).
+DivestOS has automated kernel vulnerability ([CVE](https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures)) [patching](https://gitlab.com/divested-mobile/cve_checker), fewer proprietary blobs, a custom [hosts](https://divested.dev/index.php?page=dnsbl) file, and [F-Droid](https://www.f-droid.org) as the app store. Its hardened WebView, [Mulch](https://gitlab.com/divested-mobile/mulch), enables [CFI](https://en.wikipedia.org/wiki/Control-flow_integrity) for all architectures and [network state partitioning](https://developer.mozilla.org/en-US/docs/Web/Privacy/State_Partitioning), and receives out-of-band updates.
 
 DivestOS also includes kernel patches from GrapheneOS and enables all available kernel security features via [defconfig hardening](https://github.com/Divested-Mobile/DivestOS-Build/blob/master/Scripts/Common/Functions.sh#L758). All kernels newer than version 3.4 include full page [sanitization](https://lwn.net/Articles/334747/) and all ~22 Clang-compiled kernels have [`-ftrivial-auto-var-init=zero`](https://reviews.llvm.org/D54604?id=174471) enabled.
 
-DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0, 17.1, and 18.1 implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and 18.1 feature GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, and [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
+DivestOS implements some system hardening patches originally developed for GrapheneOS. DivestOS 16.0 and higher implements GrapheneOS's [`INTERNET`](https://developer.android.com/training/basics/network-ops/connecting) and SENSORS permission toggle, [hardened memory allocator](https://github.com/GrapheneOS/hardened_malloc), [exec-spawning](android/grapheneos-vs-calyxos.md#additional-hardening), [JNI](https://en.wikipedia.org/wiki/Java_Native_Interface) [constification](https://en.wikipedia.org/wiki/Const_(computer_programming)), and partial [bionic](https://en.wikipedia.org/wiki/Bionic_(software)) hardening patchsets. 17.1 and higher features GrapheneOS's per-network full [MAC randomization](https://en.wikipedia.org/wiki/MAC_address#Randomization) option, [`ptrace_scope`](https://www.kernel.org/doc/html/latest/admin-guide/LSM/Yama.html) control, and automatic reboot/Wi-Fi/Bluetooth [timeout options](https://grapheneos.org/features).
 
 !!! warning
 

docs/assets/stylesheets/extra.css

@@ -79,7 +79,7 @@
 
 /* Better contrast link colors */
 [data-md-color-scheme="default"] > * {
-    --md-typeset-a-color: #3C00E0;
+    --md-typeset-a-color: rgb(79, 70, 229);
 }
 
 [data-md-color-scheme="slate"] {
@@ -90,6 +90,7 @@
 .md-typeset .md-button {
     color: var(--md-typeset-a-color);
     margin-bottom: 5px;
+    border-radius: 6px;
 }
 .md-typeset .md-button--primary {
     color: white;
@@ -107,9 +108,13 @@ h1, h2, h3, .md-header__topic {
 /* Recommendation cards */
 .md-typeset .admonition.recommendation,
 .md-typeset details.recommendation {
-    border: none;
+    border: 1px solid #ccc;
     font-size: inherit;
 }
+[data-md-color-scheme="slate"] .md-typeset .admonition.recommendation,
+[data-md-color-scheme="slate"] .md-typeset details.recommendation {
+    border: 1px solid #666;
+}
 .md-typeset .recommendation > .admonition-title,
 .md-typeset .recommendation > summary {
     background-color: rgba(43, 155, 70, 0.0);
@@ -146,8 +151,8 @@ h1, h2, h3, .md-header__topic {
     right:auto;
 }
 
-.downloads p > a:not(:last-child) {
-    padding-right: 0.5em;
+.downloads p > a {
+    padding-left: 0.5em;
 }
 details[class="downloads annotate"] > p .md-annotation span span::before {
     vertical-align: 0;
@@ -240,9 +245,55 @@ details[class="downloads annotate"] > p .md-annotation span span::before {
 }
 [data-md-color-scheme="slate"] .pg-blue-gray {
     color: #9ab2bc;
+}
 
 /* Make light/dark mode icon smaller */
 label[class="md-header__button md-icon"] svg {
     height: 1rem;
     width: 1rem;
 }
+
+.md-typeset :is(.admonition, details) {
+    box-shadow: none;
+    border-radius: 6px;
+    border: 1px solid;
+    border-left-width: 1px!important;
+}
+.md-typeset :is(.admonition-title, summary) {
+    margin-left: -0.6rem!important;
+}
+.md-typeset details:not(.downloads, [open]) summary:hover {
+    box-shadow: inset 0 0 100px 100px rgba(255, 255, 255, 0.6);
+}
+[data-md-color-scheme="slate"] .md-typeset details:not(.downloads, [open]) summary:hover {
+    box-shadow: inset 0 0 100px 100px rgba(255, 255, 255, 0.1);
+}
+[data-md-color-scheme="default"] .md-search__form {
+    background-color: hsla(0,0%,100%,.3);
+}
+.md-search__form:hover {
+    background-color: hsla(0,0%,100%,.9);
+}
+[data-md-color-scheme="slate"] .md-search__form:hover {
+    background-color: rgba(0, 0, 0, 0.4);
+}
+.md-search__form, .md-typeset .grid.cards > :is(ul, ol) > li, .md-typeset .grid > .card {
+    border-radius: 6px;
+}
+[data-md-toggle="search"]:checked ~ .md-header .md-search__form {
+    border-radius: 6px 6px 0 0;
+    box-shadow: none;
+}
+[data-md-toggle="search"]:checked ~ .md-header .md-search__output {
+    border-radius: 0 0 6px 6px;
+    box-shadow: none;
+}
+.md-tooltip {
+    border-radius: 6px;
+    box-shadow: none;
+    border: 1px solid rgba(128, 128, 128, 0.3);
+}
+.md-typeset .grid.cards > :is(ul, ol) > li:is(:focus-within, :hover), .md-typeset .grid > .card:is(:focus-within, :hover) {
+    box-shadow: none;
+    border-color: rgba(128, 128, 128, 0.5);
+}

docs/basics/vpn-overview.en.md

@@ -58,7 +58,7 @@ For use cases like these, or if you have another compelling reason, the VPN prov
 ## Sources and Further Reading
 
 1. [VPN - a Very Precarious Narrative](https://schub.io/blog/2019/04/08/very-precarious-narrative.html) by Dennis Schubert
-2. [The self-contained networks](self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
+2. [The self-contained networks](../self-contained-networks.md) recommended by Privacy Guides are able to replace a VPN that allows access to services on local area network
 3. [Slicing Onions: Part 1 – Myth-busting Tor](https://medium.com/privacyguides/slicing-onions-part-1-myth-busting-tor-9ec188ae1904) by blacklight447
 4. [Slicing Onions: Part 2 – Onion recipes; VPN not required](https://web.archive.org/web/20210116140725/https://write.privacytools.io/my-thoughts-on-security/slicing-onions-part-2-onion-recipes-vpn-not-required) by blacklight447
 5. [IVPN Privacy Guides](https://www.ivpn.net/privacy-guides)

docs/vpn.en.md

@@ -19,7 +19,7 @@ Find a no-logging VPN operator who isn’t out to sell or read your web traffic.
 
     If you're looking for additional **privacy** from your ISP, on a public Wi-Fi network, or while torrenting files, a VPN may be the solution for you as long as you understand the risks involved.
 
-    [More Info](technology/vpn-overview.md){ .md-button }
+    [More Info](basics/vpn-overview.md){ .md-button }
 
 ## Recommended Providers
 

mkdocs.yml

@@ -77,6 +77,10 @@ watch:
   - includes
 
 plugins:
+  - minify:
+      minify_html: true
+      htmlmin_opts:
+          remove_comments: true
   - i18n:
       default_language: en
       material_alternate: true
@@ -133,8 +137,8 @@ markdown_extensions:
       toc_depth: 4
 
 extra_javascript:
-  - javascripts/mathjax.js
-  - javascripts/feedback.js
+  - assets/javascripts/mathjax.js
+  - assets/javascripts/feedback.js
 
 nav:
   - Home: 'index.md'

theme/overrides/home.en.html

@@ -1,6 +1,6 @@
 {% extends "base.html" %}
 {% block extrahead %}
-  <link rel="stylesheet" href="{{ 'overrides/home.css' | url }}">
+  <link rel="stylesheet" href="{{ 'assets/stylesheets/home.css' | url }}">
   <link rel="me" href="https://aragon.sh/@jonah">
   <link rel="me" href="https://fosstodon.org/@freddy">
   <link rel="me" href="https://mastodon.social/@dngray">