Add privacy, rework some css

Caddyfile

@@ -20,12 +20,19 @@ http://static-mat-services.fly.dev {
 		file_server
 	}
 
+	log {
+		output stdout
+		output net {$LOG_OUTPUT_ADDR} {
+			dial_timeout 1m
+		}
+	}
+
 	header {
 		# disable FLoC tracking
 		Permissions-Policy interest-cohort=()
 		# enable HSTS
 		# currently ramping up max-age as per https://hstspreload.org/
-		Strict-Transport-Security max-age=604800; includeSubDomains
+		Strict-Transport-Security max-age=2592000; includeSubDomains
 		# disable clients from sniffing the media type
 		X-Content-Type-Options nosniff
 		# clickjacking protection
@@ -39,6 +46,7 @@ http://static-mat-services.fly.dev {
       img-src 'self';
       style-src 'self' 'unsafe-inline';
       font-src 'self';
+			script-src 'self';
       form-action 'none';
       frame-ancestors 'none';
       base-uri 'none';

content/privacy.md

@@ -0,0 +1,40 @@
++++
+title = "privacy notice"
+path = "privacy"
++++
+
+## summary
+
+- no javascript or other client-side tracking is performed on this site.
+- caddy server logs are enabled, but not persisted to disk.
+- caddy server logs are aggregated into a self-hosted goatcounter instance for 180 days.
+- the site is hosted by fly.io.
+
+## data that i collect
+
+### server logs
+
+this site is served with caddy, and caddy's [default logging configuration](https://caddyserver.com/docs/caddyfile/directives/log) is used. caddy logs include information such as IP address, the document being requested, the time of request, and the response status from the server. caddy logs are not stored on disk, and are only retained for as long as the fly.io logging tooling can retrieve them.
+
+#### statistics (goatcounter)
+
+caddy logs are streamed to a self-hosted instance of [goatcounter](https://www.goatcounter.com). goatcounter aggregates logs to remove personal information. this instance of goatcounter is running on fly.io, and is completely unaffiliated with the goatcounter business - i operate the server myself. aggregated log data in goatcounter is retained for 180 days. the following statistics are aggregated:
+
+- unique visitor sessions
+  - "Track unique visitors for up to 8 hours"
+- referrer + campaign
+  - Referer header or utm_campaign/utm_source/ref
+- screen size
+- country
+- language
+  - "Supported languages from Accept-Language"
+
+although it does not apply to the self hosted instance of goatcounter used by this site, the [hosted goatcounter instance's privacy policy](https://www.goatcounter.com/help/privacy) may be useful to review.
+
+### site hosting
+
+this site is hosted on fly.io. [see this page for fly.io's privacy statement](https://fly.io/legal/privacy-policy/).
+
+## data that i share
+
+logs and aggregated data are not shared with any third parties.

fly.toml

@@ -0,0 +1,38 @@
+# fly.toml file generated for static-mat-services on 2022-08-08T01:01:25-04:00
+
+app = "static-mat-services"
+kill_signal = "SIGINT"
+kill_timeout = 5
+processes = []
+
+[env]
+
+[experimental]
+  allowed_public_ports = []
+  auto_rollback = true
+
+[[services]]
+  http_checks = []
+  internal_port = 8080
+  processes = ["app"]
+  protocol = "tcp"
+  script_checks = []
+  [services.concurrency]
+    hard_limit = 25
+    soft_limit = 20
+    type = "connections"
+
+  [[services.ports]]
+    force_https = true
+    handlers = ["http"]
+    port = 80
+
+  [[services.ports]]
+    handlers = ["tls", "http"]
+    port = 443
+
+  [[services.tcp_checks]]
+    grace_period = "1s"
+    interval = "15s"
+    restart_limit = 0
+    timeout = "2s"

nix/container.nix

@@ -8,6 +8,7 @@ dockerTools.buildLayeredImage {
     Cmd = [ "${caddy}/bin/caddy" "run" "-config" "${caddyfile}" ];
     Env = [
       "SITE_ROOT=${site}"
+      "LOG_OUTPUT_ADDR=tcp://[fdaa:0:742b:a7b:ab2:1:a2b5:2]:9090"
     ];
   };
 }

sass/style/main.scss

@@ -50,11 +50,11 @@ div.brand>* {
   padding: 0 0.25em;
 }
 
-div.brand:hover img.logo {
+div.brand:hover img#logo {
   filter: brightness(0) invert(1);
 }
 
-img.logo {
+img#logo {
   border: none;
   height: 0.75em;
   width: 0.75em;
@@ -90,104 +90,13 @@ footer {
   font-size: 0.75em;
   display: flex;
 
-  code {
-    color: var(--text-0);
-
-    &:hover {
-      background-color: var(--primary-color);
-      color: var(--hover-color);
-      border-radius: 0;
-    }
-  }
-
-  .privacy-note {
-    flex: 2 0;
-    padding-right: 1em;
-  }
-
-  .powered-by {
+  #site-info {
     flex: 1 0;
   }
+
+  #copyright {
+    align-items: flex-end;
   }
-
-// Different sized headers
-h1.page-header {
-  font-weight: normal;
-  max-width: 720px;
-}
-
-h2 {
-  font-size: 1.4rem;
-  margin-top: 1.4em;
-
-  &::before {
-    content: "# ";
-  }
-}
-
-h3 {
-  font-size: 1.3rem;
-  margin-top: 1.3em;
-
-  &::before {
-    content: "## ";
-  }
-}
-
-h4 {
-  font-size: 1.2rem;
-  margin-top: 1.2em;
-
-  &::before {
-    content: "### ";
-  }
-}
-
-h5 {
-  font-size: 1.1rem;
-  margin-top: 1.1em;
-
-  &::before {
-    content: "#### ";
-  }
-}
-
-h6 {
-  font-size: 1rem;
-  margin-top: 1em;
-
-  &::before {
-    content: "##### ";
-  }
-}
-
-// Tags
-ul.tags {
-  margin: 0.5rem;
-
-  li {
-    margin-right: 0.6rem;
-    display: inline-block;
-
-    a {
-      margin-left: 0;
-    }
-  }
-}
-
-// // Header dot
-// .header-dot {
-//   font-size: 1.6em;
-// }
-
-// Meta
-.meta a:hover {
-  color: white;
-}
-
-// Fixup grays
-time {
-  color: var(--text-1);
 }
 
 // Post list

sass/style/parts/_header.scss

@@ -1,8 +1,10 @@
-.page-header {
+h1.page-header {
   font-size: 2.75em;
   line-height: 100%;
   font-family: var(--header-font);
   margin: 4rem 0px 1rem 0px;
+
+  max-width: 720px;
 }
 
 .centered-header {

sass/style/parts/_image.scss

@@ -1,4 +1,4 @@
-img:not(.logo) {
+img:not(#logo) {
   border: 3px solid #ececec;
   max-width: 100%;
   border-radius: 5px;

sass/style/parts/_misc.scss

@@ -51,7 +51,7 @@ a:hover {
 }
 
 time {
-  color: grey;
+  color: var(--text-1);
 }
 
 /* Remove post list padding */

sass/style/parts/_tags.scss

@@ -10,3 +10,16 @@
   color: var(--hover_color);
   background-color: var(--primary-color);
 }
+
+ul.tags {
+  margin: 0.5rem;
+
+  li {
+    margin-right: 0.6rem;
+    display: inline-block;
+
+    a {
+      margin-left: 0;
+    }
+  }
+}

templates/partials/footer.html

@@ -1,7 +1,16 @@
 <footer>
-  <p>powered by <a href="https://getzola.org" target="_blank" rel="noopener noreferral"><code>zola</code></a> + <a
-      href="https://github.com/not-matthias/apollo" target="_blank" rel="noopener noreferral"><code>apollo</code></a>
+  <div id="site-info">
+    <p id="powered-by">
+      powered by <a href="https://getzola.org" target="_blank" rel="noopener noreferral">zola</a> + <a
+        href="https://github.com/not-matthias/apollo" target="_blank" rel="noopener noreferral">apollo</a>
       and
-    <a href="https://nixos.org" target="_blank" rel="noopener noreferral"><code>nix</code></a>.
+      <a href="https://nixos.org" target="_blank" rel="noopener noreferral">nix</a>.
+    </p>
+    <p id="privacy-note">
+      <a href="/privacy">privacy notice</a>.
+    </p>
+  </div>
+  <p id="copyright">
+    &copy; 2022 mat ess.
   </p>
 </footer>

templates/partials/header.html

@@ -47,4 +47,6 @@
   <link rel="stylesheet" href="{{ get_url(path=stylesheet, cachebust=true) }}">
   {% endfor %}
   {% endif %}
+
+  <link rel="canonical" href="{{ get_url(path=current_path) }}" />
 </head>

templates/partials/nav.html

@@ -1,6 +1,6 @@
 <header>
   <div class="main brand">
-    <a href={{ config.base_url }}><img class=logo src="{{ get_url(path=config.extra.favicon, cachebust=true) }}"
+    <a href={{ config.base_url }}><img id="logo" src="{{ get_url(path=config.extra.favicon, cachebust=true) }}"
         alt="" />{{ config.title }}</a>
   </div>