add rate limiting, CSRF, newsletter, auto-checker, /uses and /projects pages

templates/uses.html

@@ -0,0 +1,99 @@
+{{define "title"}}Uses — Ridgway Systems{{end}}
+{{define "meta-desc"}}Hardware, software, and tools Blake Ridgway uses in the homelab and day-to-day work.{{end}}
+
+{{define "content"}}
+<div class="uses-page">
+  <div class="page-header">
+    <h1>Uses</h1>
+    <p class="page-desc">Hardware, software, and tools — homelab and daily driver.</p>
+  </div>
+
+  <section class="uses-section">
+    <h2>Hardware</h2>
+
+    <div class="uses-item">
+      <div class="uses-item-header">
+        <span class="uses-name">fw01</span>
+        <span class="uses-role">Firewall / Router</span>
+      </div>
+      <p>SuperMicro 1U, Intel E3-1230v2, 16GB ECC RAM. Running OpenBSD. Handles all pf firewall rules, VLANs, WireGuard VPN, unbound DNS, and relayd reverse proxy. The critical piece everything else depends on.</p>
+    </div>
+
+    <div class="uses-item">
+      <div class="uses-item-header">
+        <span class="uses-name">srv01</span>
+        <span class="uses-role">Primary Services</span>
+      </div>
+      <p>Dell PowerEdge R720, dual Xeon E5-2600, 64GB RAM. Main workload server — runs Prometheus, Grafana, Gitea, OpenSMTPD, Matrix/Conduit. Loud and power-hungry, but handles everything without complaint.</p>
+    </div>
+
+    <div class="uses-item">
+      <div class="uses-item-header">
+        <span class="uses-name">srv02</span>
+        <span class="uses-role">Media / Secondary</span>
+      </div>
+      <p>Dell PowerEdge R710. Jellyfin media server, game server VMs, secondary storage, authoritative DNS (nsd). The workhorse for anything that doesn't need to be bulletproof.</p>
+    </div>
+
+    <div class="uses-item">
+      <div class="uses-item-header">
+        <span class="uses-name">ws01</span>
+        <span class="uses-role">Workstation</span>
+      </div>
+      <p>Desktop, AMD Ryzen. Daily driver for development, terminal sessions, and homelab management. Running Fedora Linux.</p>
+    </div>
+  </section>
+
+  <section class="uses-section">
+    <h2>Operating Systems</h2>
+    <ul class="uses-list">
+      <li><strong>OpenBSD</strong> &mdash; fw01, this web server. Chosen for its security defaults, pf, and the fact that it does exactly what it says on the tin.</li>
+      <li><strong>AlmaLinux / Rocky</strong> &mdash; srv01, srv02. RHEL-compatible for production workloads where SELinux and systemd are expected.</li>
+      <li><strong>Fedora</strong> &mdash; Workstation. Stays close to bleeding-edge tooling without being Arch.</li>
+    </ul>
+  </section>
+
+  <section class="uses-section">
+    <h2>Networking</h2>
+    <ul class="uses-list">
+      <li><strong>pf</strong> &mdash; OpenBSD packet filter. VLANs, NAT, geo-blocking, antispoof. The whole reason fw01 runs OpenBSD.</li>
+      <li><strong>WireGuard</strong> &mdash; VPN for remote access. Simple, fast, auditable.</li>
+      <li><strong>unbound</strong> &mdash; Recursive DNS resolver on fw01. Validates DNSSEC, blocks ad/tracking domains.</li>
+      <li><strong>nsd</strong> &mdash; Authoritative DNS on srv02 for the ridgwaysystems.org zone.</li>
+      <li><strong>relayd</strong> &mdash; OpenBSD reverse proxy in front of this site and internal services.</li>
+    </ul>
+  </section>
+
+  <section class="uses-section">
+    <h2>Infrastructure &amp; Automation</h2>
+    <ul class="uses-list">
+      <li><strong>Terraform</strong> &mdash; Cloud infrastructure (Azure, AWS). Anything that touches a cloud API gets IaC'd.</li>
+      <li><strong>Ansible</strong> &mdash; Configuration management for Linux servers. Idempotent, no agent required.</li>
+      <li><strong>Gitea</strong> &mdash; Self-hosted git at <a href="https://git.ridgwaysystems.org">git.ridgwaysystems.org</a>. Lightweight, fast, no subscription required.</li>
+      <li><strong>Prometheus + Grafana</strong> &mdash; Metrics and dashboards for everything. Custom exporters for pf counters, ISP throughput, and hardware sensors.</li>
+      <li><strong>Nagios</strong> &mdash; Service alerting. Opinionated but reliable — been running since before dashboards were cool.</li>
+    </ul>
+  </section>
+
+  <section class="uses-section">
+    <h2>Development</h2>
+    <ul class="uses-list">
+      <li><strong>VS Code</strong> &mdash; Primary editor. Remote SSH extension makes working directly on servers seamless.</li>
+      <li><strong>Go</strong> &mdash; Preferred language for infrastructure tooling and this site. Fast to compile, easy to deploy a single binary.</li>
+      <li><strong>Python</strong> &mdash; Scripting, automation, quick data processing.</li>
+      <li><strong>Bash / ksh</strong> &mdash; Bash on Linux, ksh on OpenBSD. Shell scripts for anything that doesn't need to outlast the week.</li>
+      <li><strong>tmux</strong> &mdash; Terminal multiplexer. Multiple panes across multiple SSH sessions, always.</li>
+    </ul>
+  </section>
+
+  <section class="uses-section">
+    <h2>Self-hosted Services</h2>
+    <ul class="uses-list">
+      <li><strong>OpenSMTPD</strong> &mdash; Mail server. Handles inbound and outbound for ridgwaysystems.org.</li>
+      <li><strong>Matrix / Conduit</strong> &mdash; Self-hosted chat. Federated, encrypted. Currently migrating.</li>
+      <li><strong>Jellyfin</strong> &mdash; Media server. No subscription, no phone-home, streams anywhere on the LAN.</li>
+    </ul>
+  </section>
+
+</div>
+{{end}}