stu/motherfuckingblog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

init

Browse source
This commit is contained in:
Stewart Pidasso 2025-07-07 02:07:58 +00:00
commit c021228161
24 changed files with 1509 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

88
sites/jekyll-source/_posts/2023-05-01-welcome-to-jekyll.md Normal file
View file

@ -0,0 +1,88 @@
---
title: Boilerplate Jekyll How-to
layout: post
date: '2025-05-01 12:00:00 +0000'
categories:
- jekyll
tags:
- getting-started
---
# Welcome to Jekyll!
This is your first post using Jekyll with the less-style theme. Jekyll is a static site generator that transforms your plain text into static websites and blogs.
## How to Create Posts
To create a new post, simply add a file in the `_posts` directory that follows the naming convention `YYYY-MM-DD-title.md`, where `YYYY-MM-DD` is the date of your post and `title` is the title of your post.
At the top of each post, you need to include what's called "front matter" - this is YAML that tells Jekyll how to process the file. Here's an example:
```yaml
---
layout: post
title: "Your Post Title"
date: 2023-05-01 12:00:00 -0000
categories: [category1, category2]
tags: [tag1, tag2]
---
```
## Markdown Formatting
Jekyll uses Markdown for formatting. Here are some examples:
### Headers
```markdown
# H1
## H2
### H3
```
### Emphasis
```markdown
*italic* or _italic_
**bold** or __bold__
```
### Lists
```markdown
- Item 1
- Item 2
- Subitem 2.1
- Subitem 2.2
1. First item
2. Second item
```
### Links and Images
```markdown
[Link text](URL)
![Image alt text](image-url)
```
### Code
```markdown
`inline code`
```python
# Code block with syntax highlighting
def hello_world():
print("Hello, world!")
```
```
## Next Steps
1. Customize your site by editing `_config.yml`
2. Create new posts in the `_posts` directory
3. Add pages by creating new markdown files in the root directory
4. Customize the theme by overriding CSS in `assets/css/style.scss`
Happy blogging with Jekyll!

83
sites/jekyll-source/_posts/2025-06-22-wtf-is-this.md Normal file
View file

@ -0,0 +1,83 @@
---
title: WTF Is this? Gimme the deets.
layout: post
date: '2025-07-06 15:11:26'
---
[TL;DR Github Repo](http://git.motherfuckingblog.com)
For **99% of users**:
- a <20kb blog about web infrastructure that they don't understand
- they found high due to its 99% SEO Scores
- seems different, but they don't quite know why?
- "yeah its whatever. no ads was nice." - Average Chad
For **OG [MotherfuckingWebsite.com](https://motherfuckingwebsite.com)** enjoyers:
- A way to learn about static site generators like **Jekyll** (Check out Hugo or 11ty too if this concept is new to you)
-- A way to systemize and organize if you plan on having more than a handful of posts.
-- Extensible, but not in the gross Wordpress way. For example, add search, table of contents, and more.
- Some cool other shit in docker compose that makes it easier to own your data and your infrastructure.
For **fucks sake whats all this other shit**:
- Isn't it weird products don't ship with **security** natively included? It's opinionated, but its safer than default in the othr shit.
- *Traefik* - Reverse proxy your management interfaces and IP Allowlist them in an easy way. Secure yourself against any dumb idea you are bound to add later.
- *Crowdsec WAF* - Crowdsec is legit innovating and deserves more attention. Crowdsourced blacklisting and malicious signature detection.
- Data Privacy:
- *Forgejo* - FOSS Github. Better Post Revision History than Wordpress. But
- *Umami* - FOSS Google Analytics Alternative. Privacy forward, 1st party.
## How TF Do I Make A Blog
Configure your DNS and Firewall on your cloud provider. You should restrict port `333` to trust IP addresses only.
In the example I have used Linode API to get a wildcard cert. If you don't care about TLS, you are wrong, but I get it. Traefik will create self signed certs for you, but you will likely need to remove or modify the TLS settings in the compose file.
Once you have set up your cloud provider:
```
git clone thisRepo
cd thisRepo
cp .env.example .env
vim .env # make it match your environment
docker compose up
```
### Deployment
It is capable of running on a 1 shared CPU, with 2GB of RAM as tested on Linode.
Running on 2 shared CPUs with 4 GB of ram is sufficient for the full stack to run as smooth as butter for 99% of all users. On my personal fork unrelated to motherfuckingblog.com, I keep my Forgejo instance on another server with a Nextcloud instance and additional hardening. This isn't a bible, its a starter kit to make it easier for normal people to iterate from. Take what you need and throw the rest out.
### Security
Products should ship secure by default or at the least have a small handful of options that are easy to configure and harden.
This comes with Crowdsec WAF which will share limited data with crowdsec. If strict data isolation is essential. You need to remove this and consider a different WAF. There are alternatives, but at least be aware of what you are losing. Crowdsec with AppSec protects against human laziness. Essentially it acts as a real-time updated block list that matches against known malicious signatures in outdated software that you probably haven't patched yet, ya filthy animal.
All Admin Interfaces are restricted to an IP Allowlist. Almost every Org has VPNs, this is what they are meant for.
**If you are a noob** and you just `curl icanhazip.com ` then paste in your IP. *Prepare to temporarily lose access*. Your ISP will rotate your IP and you will think you are SOL. You are not. You need your own private VPN (which is actually easy to do), or you need to bind these to the local interface then perform ssh port forwarding anytime you want to perform maintenance. That sounds scary, but I promise it is like two simple commands. I'm pretty sure you can just change the port binding at the top of the compose file from `333:333` to `127.0.0.1:333:333`. Then you simply `ssh user@remote -L 333:127.0.0.1:333`
The Jekyll Admin interface had no authentication by default so basic http authentication was added via Traefik.
Additionally there is a strong benefit to using a non-standard port / custom entry point in Traefik (port 333 in this example) in the docker-compose file for this project. This allows for redudant whitelisting. On my cloud provider I also whitelist my IP address to those ports and deny all others. This means even if traefik IPAllowlisting is bypassed via some hacker black magic, I have a secondary defense.
#### Random Aside
It's just insane to me we just leave admin login portals open in the wild. WTF are we doing?
> Please guess employee passwords on my public website an unlimited number of times.
> \- **Every Chief Information Security Officer**
### Issues
##### It's ugly!
While, I find this beautiful. You may perfer one of the thousands of free themes for Jekyll which will make your site look exactly like the corporate garbage flooding the internet.
##### X Feature is Broken
Yep! Personally I know of the error that appears, but is incorrect in jekyll admin interface. But honestly that is at least half the point. If you properly restrict your broken tech behind network level access controls it mitigates the risk for a large portion of people.
Also this isn't a pick it up and make an identical blog. It is a starter kit. I know half of you are going to rip Jekyll admin out. If you plan on using it you are welcome to open issues with them or figure out the way to use. It works for my purposes and allows me to create, edit, and tag posts. I need nothing else.

56
sites/jekyll-source/_posts/2025-07-05-obligatory-rant-the-birth-of-this-project.md Normal file
View file

@ -0,0 +1,56 @@
---
title: Obligatory Rant/Background
layout: post
---
All I wanted was a simple small af static blog where I owned the stack and the data. But the **problems**:
* Thinking about CSS between paragraphs ruins my ability to write.
* TinyMCE's minified and compressed core is [100x larger](https://github.com/tinymce/tinymce/issues/4028) than my entire front end codebase.
* Managing more than a dozen posts is a nightmare.
* Wordpress is somehow even worse.
* Need to add search, tags, or any other features? Almost everything requires Node, PHP, or something insane that is probably millions of times larger than my entire codebase.
* Hosting? Every Jekyll post is how to host on Microsoft's Github. (Surely Microsoft would [never](https://arstechnica.com/information-technology/2025/02/copilot-exposes-private-github-pages-some-removed-by-microsoft/) [misuse](https://www.wired.com/story/github-commercial-ai-tool-built-open-source-code/) your data. )
* Want to know if anyone even looked at your site? Good thing Google hasn't been using your data to literally facilitate a genocide or anything... [oh wait](https://web.archive.org/web/20240720084622/https://www.wired.com/story/amazon-google-project-nimbus-israel-idf/).
So this is my opinionated attempt to move the needle the other direction.
**If you didn't understand anything I just said** throw it in an LLM/"AI" and ask it to explain. You can understanding anything you set your mind to. Don't doubt yourself.
**For the Nerds who are still with me**: This is a ***self-hosted*** **starter kit** for people sick of big bro. It is at the point where it could be taken several directions.
- Dev and Prod versions of the site for development? Check.
- 10kb static site? Check
- Layers of security? Check
- First Party data? Check
Check out other posts for some ideas or to learn more. In short, this is an opinionated **Docker Compose** project that uses:
- **Traefik** for reverse proxying all admin interfaces.
- **Jekyll** the same tech behind Github Pages, to build static sites.
- **Nginx** as the lightweight webserver.
- **Forgejo** for version control.
- **Umami Analytics** we are all a little vain.
- **Crowdsec WAF** for additional security.
This gives me a clean, cloud-based markdown writing environment with proper version control and monitoring.
### Deployment
It is capable of running on a 1 shared CPU, with 2GB of RAM. RAM is the limiting factor.
Running on 2 shared CPUs with 4 GB of ram is sufficient for the full stack to run as smooth as butter for 99.9% of all users.
On my personal fork unrelated to motherfuckingblog.com, I keep my Forgejo instance on another server with a Nextcloud instance and additional hardening. This isn't a bible, its a starter kit to make it easier for normal people to iterate from. Take what you need and throw the rest out.
### Security
Products should ship secure by default or at least have a small handful of options that are easy to configure and harden the product.
This comes with Crowdsec WAF which will share limited data with crowdsec. If strict data isolation is essential. You need to remove this and consider a different WAF. There are alternatives, but at least be aware of what you are losing. Crowdsec with AppSec protects against human laziness. Essentially **it acts as a real-time updated block list** that matches against known malicious signatures in outdated software that you probably haven't patched yet, ya filthy animal.
***All Admin Interfaces are restricted to an IP Allowlist.*** Almost every Org has VPNs, this is what they are meant for.
*If you are a complete noob*. It is okay. You will need to learn a bit to use this project, but it is within grasp. Don't discount yourself. **There is a big gotcha here.** If you just `curl icanhazip.com ` then paste in your IP on the allowlist. It will work. YAY! Party time! But *prepare to temporarily lose access*. Your ISP will rotate your IP and you will think you are shit outta luck. You are not. Ideally you would use your own private VPN (which they literally have scripts to deploy, it's easy to do), or you need to bind these to the local interface then perform ssh port forwarding anytime you want to perform maintenance/ view your dashboards. That sounds scary, but I promise it is like two simple commands. Though some additional config is probable.
The **Jekyll Admin interface had no authentication by default so basic http authentication was added** via Traefik. For God's sake, keep your admin interfaces from being externally accessible to anyone but trusted individuals.
Lastly, there is a strong benefit to **using a non-standard port / custom entry point in Traefik** (port 333 in this example) in the docker-compose file for this project. This allows for redudant whitelisting. On my cloud provider I also whitelist my IP address to those ports and deny all others. This means even if Traefik `IPAllowlist` is bypassed via some hacker black magic, I have a secondary defense.