Merge branch 'master' into terminal

content/privacy_policy.md

@@ -0,0 +1,98 @@
++++
+draft = false
+title = 'Privacy Policy'
+
+[params]
+  showWordCount = false
++++
+
+This is a privacy policy notice for anyone who happens to use any of the services I use.
+
+# For all services
+
+My server is a VPS with full disk encryption. This means that, if the disk is seized, e.g. by law enforcement, your
+data will be unreadable to them. However, if the VPS host wishes to, they can dump the decryption keys from RAM and
+read my disk. For most user services I host, there will be additional encryption at rest, including such that data is
+never decrypted server-side.
+
+The server is hosted in Romania.
+
+I make local backups of server data which I physically possess. These backups are always on LUKS-encrypted drives (i.e.
+same disclaimer as above about being unreadable should they be seized) stored in Britain. I reserve the right to keep
+my backups for as long as I like, so any data you have deleted on my server may still exist in backups. If you have
+accidentally uploaded sensitive data to my server which you want scrubbed, [contact me](/contact) and I will do my best
+to remove it from backups. Please don't rely on this to delete data though, and just don't upload anything to my server
+that absolutely can't persist.
+
+My server uses fail2ban with a ban length of 1 day, so your IP address may be stored for a day if fail2ban bans you.
+
+# Sharing data
+
+If I am not forced to by law, I will never share the data of anyone who uses my hosted services with any third party.
+Try not to use my server for anything that could get the cops on me, but in the event that I am approached by law
+enforcement with a legally valid data access request/warrant/etc, I will do everything I safely can to avoid handing
+over data, up to and including shutting down the service in question. This is no guarantee that I wouldn't comply if my
+own safety/liberty/etc were at risk though, therefore you should not take it as a given that data stored on this server
+cannot be shared if law enforcement is interested.
+
+I will not go out of my way to read anyone's private data (e.g. email addresses on accounts), but if it is unencrypted,
+I may stumble across it while doing server maintenance, reading logs, etc. If you have public data on my server, I may
+access it from the public web as a member of the public.
+
+# Web services
+
+My web server is nginx. I log web requests without any identifying information. I log:
+
+* Timestamps
+* The type of request
+* The resource accessed
+* The status of the request
+
+My logging config is:
+
+```conf
+log_format main '[$time_local] "$request" '
+                '$status $body_bytes_sent ';
+```
+
+Logs are rotated with logrotate with the following logrotate config:
+
+```logrotate
+/var/log/nginx/*.log {
+        missingok
+        sharedscripts
+        postrotate
+                /etc/init.d/nginx --quiet --ifstarted reopen
+        endscript
+}
+```
+
+I also log errors.
+
+# [My static website (revsuine.xyz)](https://revsuine.xyz/)
+
+My static website does not collect data about you beyond nginx logging. It uses JavaScript for prism.js syntax
+highlighting, and for the drop-down menu on mobile. To see the JavaScript usage, look at [the GitHub repo for the
+theme](https://github.com/search?q=repo%3Apanr%2Fhugo-theme-terminal++language%3AJavaScript&type=code). The site works
+completely fine without JavaScript.
+
+This website does not use cookies, tracking pixels, or anything of the sort.
+
+# [Nextcloud (cloud.revsuine.xyz)](https://cloud.revsuine.xyz/)
+
+Server-side encryption is enabled, meaning I can view an index of your files, but not read their content. End-to-end
+encryption is also enabled.
+
+I log errors, which may contain client IP addresses.
+
+# [Forgejo (git.revsuine.xyz)](https://git.revsuine.xyz/)
+
+There is no additional encryption at rest for anything hosted on Forgejo, so you shouldn't upload anything to my
+Forgejo instance you don't want me to see. I can say I won't look at your private repos, but you'd have to take my word
+for it, and I am *able* to look at them if I want to.
+
+# Changes
+
+This privacy policy was first written in 2024 and will be kept up-to-date. I reserve the right to update this privacy
+policy whenever I like.
+

layouts/partials/footer.html

@@ -7,6 +7,8 @@ Generated with <a href="https://gohugo.io/">Hugo</a>. Website source available
 <a href="https://www.gnu.org/licenses/gpl-3.0.txt">GNU General Public Licence v3</a>. <a
 href="https://github.com/panr/hugo-theme-terminal">Theme</a> by <a href="https://github.com/panr/">panr</a>, which is
 licensed under the <a href="https://github.com/panr/hugo-theme-terminal/blob/master/LICENSE.md">MIT licence</a>.</p>
+
+<p align="center"><a href="/privacy_policy">Privacy Policy</a></p>
 </footer>
 
 <!-- REQUIRED FOR PRISMJS: -->

static/style.css

@@ -6,6 +6,11 @@
     --accent: var(--green);
     --faint_foreground: var(--grey0);
     --code_background: var(--bg_dim);
+    --highlight_background: var(--bg3);
+}
+
+::selection, ::-moz-selection {
+    background: var(--highlight_background);
 }
 
 a {
@@ -17,6 +22,7 @@ a {
 a:hover {
     color: var(--background) !important;
     background-color: var(--accent) !important;
+    text-decoration-line: none;
 }
 
 .code-toolbar {
@@ -27,6 +33,10 @@ code {
     background: var(--code_background);
 }
 
+.post-meta {
+    color: var(--faint_foreground);
+}
+
 .footnotes {
     color: var(--faint_foreground);
 }

themes/terminal

@@ -1 +1 @@
-Subproject commit fa3123d2a6aac6f39cfd1ee8e092a2700c348a57
+Subproject commit d184493a0e6abe57c89b2ccb288d961107581f6e