feat!: Separate www into www/blog and www/private

Now the private content is stored as a git submodule. This means I can keep that repo's source private, but still use it in the build product. The build product (website) relies on HTTP basic authentication, so access control is maintained throughout the SDLC.
2026-04-04 11:48:33 -07:00 · 2026-04-04 11:48:33 -07:00 · 095e0aadd8
commit 095e0aadd8
parent 60d8788ffa
116 changed files with 3854 additions and 118 deletions
--- a/deploy.sh
+++ b/deploy.sh
@ -2,75 +2,21 @@

 set -e

-usage() {
-    printf "Usage: %s [build|staging|prod|local]\n\n  build   - Build the blog with mdbook\n  staging - Deploy to local staging environment (/srv/www/stage.binning.net)\n  prod    - Deploy to production server via SSH (www.binning.net)\n  local   - Deploy directly to /srv/www/binning.net (used by Forgejo CI runner)\n\nExample:\n  %s build\n  %s staging\n  %s prod\n  %s local\n" "$0" "$0" "$0" "$0" "$0"
-    exit 1
-}
+printf "Deploying to PRODUCTION environment...\n"

-if [ $# -eq 0 ]; then
-    printf "Error: No command specified\n"
-    usage
+REMOTE_HOST="crossbox"
+REMOTE_USER="brimlock"
+REMOTE_PATH="/srv/www/binning.net"
+
+if ! ssh -o BatchMode=yes -o ConnectTimeout=5 ${REMOTE_USER}@${REMOTE_HOST} exit 2>/dev/null; then
+    printf "Warning: SSH connection test failed. Ensure SSH keys are configured.\nYou may be prompted for a password.\n"
 fi

-CMD=$1
+printf "Deploying website files...\n"
+ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p /tmp/blog-deploy"
+rsync -avz --delete blog/ ${REMOTE_USER}@${REMOTE_HOST}:/tmp/blog-deploy/
+ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo rsync -avz --delete /tmp/blog-deploy/ ${REMOTE_PATH}/ && \
+    sudo chown -R nginx:nginx ${REMOTE_PATH}/ && \
+    printf 'Content deployed.\n'"

-case $CMD in
-    build)
-        printf "Building blog with mdbook...\n"
-        [ -s src ] || ln -s /var/lib/www src
-        mdbook build
-        printf "✓ Build complete!\n"
-        ;;
-
-    staging)
-        printf "Deploying to STAGING environment...\n"
-
-        STAGING_PATH="/srv/www/stage.binning.net"
-
-        sudo mkdir -p ${STAGING_PATH}
-
-        printf "Deploying website files...\n"
-        sudo rsync -av --delete blog/ ${STAGING_PATH}/
-
-        sudo chown -R nginx:nginx ${STAGING_PATH}/
-
-        printf "✓ Staging deployment complete!\n  Files deployed to: %s\n\nTo activate nginx, import staging.nginx.nix into your local NixOS config\nand run: sudo nixos-rebuild switch\n" "${STAGING_PATH}"
-        ;;
-
-    prod)
-        printf "Deploying to PRODUCTION environment...\n"
-
-        REMOTE_HOST="crossbox"
-        REMOTE_USER="brimlock"
-        REMOTE_PATH="/srv/www/binning.net"
-
-        if ! ssh -o BatchMode=yes -o ConnectTimeout=5 ${REMOTE_USER}@${REMOTE_HOST} exit 2>/dev/null; then
-            printf "Warning: SSH connection test failed. Ensure SSH keys are configured.\nYou may be prompted for a password.\n"
-        fi
-
-        printf "Deploying website files...\n"
-        ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p /tmp/blog-deploy"
-        rsync -avz --delete blog/ ${REMOTE_USER}@${REMOTE_HOST}:/tmp/blog-deploy/
-        ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo rsync -avz --delete /tmp/blog-deploy/ ${REMOTE_PATH}/ && \
-            sudo chown -R nginx:nginx ${REMOTE_PATH}/ && \
-            printf 'Content deployed.\n'"
-
-        printf "✓ Production deployment complete!\n\nNginx configuration is managed by the nixos-config flake (hosts/crossbox/nginx.nix).\n"
-        ;;
-
-    local)
-        printf "Deploying locally to production path...\n"
-
-        LOCAL_PATH="/srv/www/binning.net"
-
-        printf "Deploying website files...\n"
-        rsync -av --delete blog/ ${LOCAL_PATH}/
-
-        printf "✓ Local deployment complete!\n  Files deployed to: %s\n" "${LOCAL_PATH}"
-        ;;
-
-    *)
-        printf "Error: Invalid command '%s'\n" "$CMD"
-        usage
-        ;;
-esac
+printf "✓ Production deployment complete!\n\nNginx configuration is managed by the nixos-config flake (hosts/crossbox/nginx.nix).\n"