feat!: Separate www into www/blog and www/private

Now the private content is stored as a git submodule. This means I can keep that repo's source private, but still use it in the build product. The build product (website) relies on HTTP basic authentication, so access control is maintained throughout the SDLC.
2026-04-04 11:48:33 -07:00 · 2026-04-04 11:48:33 -07:00 · 35d31bea2a
commit 35d31bea2a
parent 60d8788ffa
116 changed files with 3863 additions and 120 deletions
--- a/deploy.sh
+++ b/deploy.sh
@ -2,75 +2,21 @@

 set -e

-usage() {
-    printf "Usage: %s [build|staging|prod|local]\n\n  build   - Build the blog with mdbook\n  staging - Deploy to local staging environment (/srv/www/stage.binning.net)\n  prod    - Deploy to production server via SSH (www.binning.net)\n  local   - Deploy directly to /srv/www/binning.net (used by Forgejo CI runner)\n\nExample:\n  %s build\n  %s staging\n  %s prod\n  %s local\n" "$0" "$0" "$0" "$0" "$0"
-    exit 1
-}
+printf "Deploying to PRODUCTION environment...\n"

-if [ $# -eq 0 ]; then
-    printf "Error: No command specified\n"
-    usage
+REMOTE_HOST="crossbox"
+REMOTE_USER="brimlock"
+REMOTE_PATH="/srv/www/binning.net"
+
+if ! ssh -o BatchMode=yes -o ConnectTimeout=5 ${REMOTE_USER}@${REMOTE_HOST} exit 2>/dev/null; then
+    printf "Warning: SSH connection test failed. Ensure SSH keys are configured.\nYou may be prompted for a password.\n"
 fi

-CMD=$1
+printf "Deploying website files...\n"
+ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p /tmp/blog-deploy"
+rsync -avz --delete blog/ ${REMOTE_USER}@${REMOTE_HOST}:/tmp/blog-deploy/
+ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo rsync -avz --delete /tmp/blog-deploy/ ${REMOTE_PATH}/ && \
+    sudo chown -R nginx:nginx ${REMOTE_PATH}/ && \
+    printf 'Content deployed.\n'"

-case $CMD in
-    build)
-        printf "Building blog with mdbook...\n"
-        [ -s src ] || ln -s /var/lib/www src
-        mdbook build
-        printf "✓ Build complete!\n"
-        ;;
-
-    staging)
-        printf "Deploying to STAGING environment...\n"
-
-        STAGING_PATH="/srv/www/stage.binning.net"
-
-        sudo mkdir -p ${STAGING_PATH}
-
-        printf "Deploying website files...\n"
-        sudo rsync -av --delete blog/ ${STAGING_PATH}/
-
-        sudo chown -R nginx:nginx ${STAGING_PATH}/
-
-        printf "✓ Staging deployment complete!\n  Files deployed to: %s\n\nTo activate nginx, import staging.nginx.nix into your local NixOS config\nand run: sudo nixos-rebuild switch\n" "${STAGING_PATH}"
-        ;;
-
-    prod)
-        printf "Deploying to PRODUCTION environment...\n"
-
-        REMOTE_HOST="crossbox"
-        REMOTE_USER="brimlock"
-        REMOTE_PATH="/srv/www/binning.net"
-
-        if ! ssh -o BatchMode=yes -o ConnectTimeout=5 ${REMOTE_USER}@${REMOTE_HOST} exit 2>/dev/null; then
-            printf "Warning: SSH connection test failed. Ensure SSH keys are configured.\nYou may be prompted for a password.\n"
-        fi
-
-        printf "Deploying website files...\n"
-        ssh ${REMOTE_USER}@${REMOTE_HOST} "mkdir -p /tmp/blog-deploy"
-        rsync -avz --delete blog/ ${REMOTE_USER}@${REMOTE_HOST}:/tmp/blog-deploy/
-        ssh ${REMOTE_USER}@${REMOTE_HOST} "sudo rsync -avz --delete /tmp/blog-deploy/ ${REMOTE_PATH}/ && \
-            sudo chown -R nginx:nginx ${REMOTE_PATH}/ && \
-            printf 'Content deployed.\n'"
-
-        printf "✓ Production deployment complete!\n\nNginx configuration is managed by the nixos-config flake (hosts/crossbox/nginx.nix).\n"
-        ;;
-
-    local)
-        printf "Deploying locally to production path...\n"
-
-        LOCAL_PATH="/srv/www/binning.net"
-
-        printf "Deploying website files...\n"
-        rsync -av --delete blog/ ${LOCAL_PATH}/
-
-        printf "✓ Local deployment complete!\n  Files deployed to: %s\n" "${LOCAL_PATH}"
-        ;;
-
-    *)
-        printf "Error: Invalid command '%s'\n" "$CMD"
-        usage
-        ;;
-esac
+printf "✓ Production deployment complete!\n\nNginx configuration is managed by the nixos-config flake (hosts/crossbox/nginx.nix).\n"