Add privacy, rework some css

pull/1/head
mat ess 2022-08-28 02:41:20 -04:00
parent 9b7058afef
commit 7fa6f64a2a
12 changed files with 127 additions and 105 deletions

View File

@ -20,12 +20,19 @@ http://static-mat-services.fly.dev {
file_server file_server
} }
log {
output stdout
output net {$LOG_OUTPUT_ADDR} {
dial_timeout 1m
}
}
header { header {
# disable FLoC tracking # disable FLoC tracking
Permissions-Policy interest-cohort=() Permissions-Policy interest-cohort=()
# enable HSTS # enable HSTS
# currently ramping up max-age as per https://hstspreload.org/ # currently ramping up max-age as per https://hstspreload.org/
Strict-Transport-Security max-age=604800; includeSubDomains Strict-Transport-Security max-age=2592000; includeSubDomains
# disable clients from sniffing the media type # disable clients from sniffing the media type
X-Content-Type-Options nosniff X-Content-Type-Options nosniff
# clickjacking protection # clickjacking protection
@ -39,6 +46,7 @@ http://static-mat-services.fly.dev {
img-src 'self'; img-src 'self';
style-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';
font-src 'self'; font-src 'self';
script-src 'self';
form-action 'none'; form-action 'none';
frame-ancestors 'none'; frame-ancestors 'none';
base-uri 'none'; base-uri 'none';

40
content/privacy.md Normal file
View File

@ -0,0 +1,40 @@
+++
title = "privacy notice"
path = "privacy"
+++
## summary
- no javascript or other client-side tracking is performed on this site.
- caddy server logs are enabled, but not persisted to disk.
- caddy server logs are aggregated into a self-hosted goatcounter instance for 180 days.
- the site is hosted by fly.io.
## data that i collect
### server logs
this site is served with caddy, and caddy's [default logging configuration](https://caddyserver.com/docs/caddyfile/directives/log) is used. caddy logs include information such as IP address, the document being requested, the time of request, and the response status from the server. caddy logs are not stored on disk, and are only retained for as long as the fly.io logging tooling can retrieve them.
#### statistics (goatcounter)
caddy logs are streamed to a self-hosted instance of [goatcounter](https://www.goatcounter.com). goatcounter aggregates logs to remove personal information. this instance of goatcounter is running on fly.io, and is completely unaffiliated with the goatcounter business - i operate the server myself. aggregated log data in goatcounter is retained for 180 days. the following statistics are aggregated:
- unique visitor sessions
- "Track unique visitors for up to 8 hours"
- referrer + campaign
- Referer header or utm_campaign/utm_source/ref
- screen size
- country
- language
- "Supported languages from Accept-Language"
although it does not apply to the self hosted instance of goatcounter used by this site, the [hosted goatcounter instance's privacy policy](https://www.goatcounter.com/help/privacy) may be useful to review.
### site hosting
this site is hosted on fly.io. [see this page for fly.io's privacy statement](https://fly.io/legal/privacy-policy/).
## data that i share
logs and aggregated data are not shared with any third parties.

38
fly.toml Normal file
View File

@ -0,0 +1,38 @@
# fly.toml file generated for static-mat-services on 2022-08-08T01:01:25-04:00
app = "static-mat-services"
kill_signal = "SIGINT"
kill_timeout = 5
processes = []
[env]
[experimental]
allowed_public_ports = []
auto_rollback = true
[[services]]
http_checks = []
internal_port = 8080
processes = ["app"]
protocol = "tcp"
script_checks = []
[services.concurrency]
hard_limit = 25
soft_limit = 20
type = "connections"
[[services.ports]]
force_https = true
handlers = ["http"]
port = 80
[[services.ports]]
handlers = ["tls", "http"]
port = 443
[[services.tcp_checks]]
grace_period = "1s"
interval = "15s"
restart_limit = 0
timeout = "2s"

View File

@ -8,6 +8,7 @@ dockerTools.buildLayeredImage {
Cmd = [ "${caddy}/bin/caddy" "run" "-config" "${caddyfile}" ]; Cmd = [ "${caddy}/bin/caddy" "run" "-config" "${caddyfile}" ];
Env = [ Env = [
"SITE_ROOT=${site}" "SITE_ROOT=${site}"
"LOG_OUTPUT_ADDR=tcp://[fdaa:0:742b:a7b:ab2:1:a2b5:2]:9090"
]; ];
}; };
} }

View File

@ -50,11 +50,11 @@ div.brand>* {
padding: 0 0.25em; padding: 0 0.25em;
} }
div.brand:hover img.logo { div.brand:hover img#logo {
filter: brightness(0) invert(1); filter: brightness(0) invert(1);
} }
img.logo { img#logo {
border: none; border: none;
height: 0.75em; height: 0.75em;
width: 0.75em; width: 0.75em;
@ -90,104 +90,13 @@ footer {
font-size: 0.75em; font-size: 0.75em;
display: flex; display: flex;
code { #site-info {
color: var(--text-0);
&:hover {
background-color: var(--primary-color);
color: var(--hover-color);
border-radius: 0;
}
}
.privacy-note {
flex: 2 0;
padding-right: 1em;
}
.powered-by {
flex: 1 0; flex: 1 0;
} }
#copyright {
align-items: flex-end;
} }
// Different sized headers
h1.page-header {
font-weight: normal;
max-width: 720px;
}
h2 {
font-size: 1.4rem;
margin-top: 1.4em;
&::before {
content: "# ";
}
}
h3 {
font-size: 1.3rem;
margin-top: 1.3em;
&::before {
content: "## ";
}
}
h4 {
font-size: 1.2rem;
margin-top: 1.2em;
&::before {
content: "### ";
}
}
h5 {
font-size: 1.1rem;
margin-top: 1.1em;
&::before {
content: "#### ";
}
}
h6 {
font-size: 1rem;
margin-top: 1em;
&::before {
content: "##### ";
}
}
// Tags
ul.tags {
margin: 0.5rem;
li {
margin-right: 0.6rem;
display: inline-block;
a {
margin-left: 0;
}
}
}
// // Header dot
// .header-dot {
// font-size: 1.6em;
// }
// Meta
.meta a:hover {
color: white;
}
// Fixup grays
time {
color: var(--text-1);
} }
// Post list // Post list

View File

@ -1,8 +1,10 @@
.page-header { h1.page-header {
font-size: 2.75em; font-size: 2.75em;
line-height: 100%; line-height: 100%;
font-family: var(--header-font); font-family: var(--header-font);
margin: 4rem 0px 1rem 0px; margin: 4rem 0px 1rem 0px;
max-width: 720px;
} }
.centered-header { .centered-header {

View File

@ -1,4 +1,4 @@
img:not(.logo) { img:not(#logo) {
border: 3px solid #ececec; border: 3px solid #ececec;
max-width: 100%; max-width: 100%;
border-radius: 5px; border-radius: 5px;

View File

@ -51,7 +51,7 @@ a:hover {
} }
time { time {
color: grey; color: var(--text-1);
} }
/* Remove post list padding */ /* Remove post list padding */

View File

@ -10,3 +10,16 @@
color: var(--hover_color); color: var(--hover_color);
background-color: var(--primary-color); background-color: var(--primary-color);
} }
ul.tags {
margin: 0.5rem;
li {
margin-right: 0.6rem;
display: inline-block;
a {
margin-left: 0;
}
}
}

View File

@ -1,7 +1,16 @@
<footer> <footer>
<p>powered by <a href="https://getzola.org" target="_blank" rel="noopener noreferral"><code>zola</code></a> + <a <div id="site-info">
href="https://github.com/not-matthias/apollo" target="_blank" rel="noopener noreferral"><code>apollo</code></a> <p id="powered-by">
powered by <a href="https://getzola.org" target="_blank" rel="noopener noreferral">zola</a> + <a
href="https://github.com/not-matthias/apollo" target="_blank" rel="noopener noreferral">apollo</a>
and and
<a href="https://nixos.org" target="_blank" rel="noopener noreferral"><code>nix</code></a>. <a href="https://nixos.org" target="_blank" rel="noopener noreferral">nix</a>.
</p>
<p id="privacy-note">
<a href="/privacy">privacy notice</a>.
</p>
</div>
<p id="copyright">
&copy; 2022 mat ess.
</p> </p>
</footer> </footer>

View File

@ -47,4 +47,6 @@
<link rel="stylesheet" href="{{ get_url(path=stylesheet, cachebust=true) }}"> <link rel="stylesheet" href="{{ get_url(path=stylesheet, cachebust=true) }}">
{% endfor %} {% endfor %}
{% endif %} {% endif %}
<link rel="canonical" href="{{ get_url(path=current_path) }}" />
</head> </head>

View File

@ -1,6 +1,6 @@
<header> <header>
<div class="main brand"> <div class="main brand">
<a href={{ config.base_url }}><img class=logo src="{{ get_url(path=config.extra.favicon, cachebust=true) }}" <a href={{ config.base_url }}><img id="logo" src="{{ get_url(path=config.extra.favicon, cachebust=true) }}"
alt="" />{{ config.title }}</a> alt="" />{{ config.title }}</a>
</div> </div>