Gitea links in footer + Gemini

.gitea/workflows/deploy.yaml

@@ -0,0 +1,51 @@
+name: Deploy
+
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch:
+
+env:
+  HUGO_VERSION: 0.160.1
+  DEPLOY_DIR: /var/www/davideisinger.com
+  DITHER_CACHE_DIR: /workspace-cache/dither
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Setup Node
+        uses: actions/setup-node@v4
+        with:
+          node-version: 22
+
+      - name: Install packages
+        run: |
+          apt-get update
+          apt-get install -y curl imagemagick rsync ruby-full wget
+          wget --quiet https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb
+          apt-get install -y ./hugo_extended_${HUGO_VERSION}_linux-amd64.deb
+          gem install bundler
+
+      - name: Restore secret key
+        env:
+          SECRET_KEY: ${{ secrets.SECRET_KEY }}
+        run: |
+          printf '%s' "$SECRET_KEY" > secret.key
+
+      - name: Verify RSS template diff
+        run: ./bin/check-rss-template
+
+      - name: Spellcheck Markdown
+        run: npx -y cspell "content/**/*.md"
+
+      - name: Build site
+        run: ./bin/build
+
+      - name: Deploy site
+        run: ./bin/deploy-local "${DEPLOY_DIR}"

.gitignore

@@ -1,4 +1,5 @@
 .hugo_build.lock
+.cache
 public
 resources/_gen
 secret.key

bin/build

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)
+dither_dir="${repo_root}/bin/dither"
+cache_dir="${DITHER_CACHE_DIR:-${repo_root}/.cache/dither}"
+
+mkdir -p "${cache_dir}"
+
+pushd "${dither_dir}" >/dev/null
+bundle install
+ROOT="${repo_root}/content" KEY="${repo_root}/secret.key" DITHER_CACHE_DIR="${cache_dir}" bundle exec rackup -p 4567 &
+dither_pid=$!
+popd >/dev/null
+
+cleanup() {
+	if kill -0 "${dither_pid}" 2>/dev/null; then
+		kill "${dither_pid}" 2>/dev/null || true
+		wait "${dither_pid}" 2>/dev/null || true
+	fi
+}
+trap cleanup EXIT INT TERM
+
+for _ in {1..50}; do
+	if (echo >/dev/tcp/localhost/4567) >/dev/null 2>&1; then
+		ready=1
+		break
+	fi
+	sleep 0.1
+done
+
+if [[ "${ready:-0}" -ne 1 ]]; then
+	echo "dither server did not start on port 4567" >&2
+	exit 1
+fi
+
+pushd "${repo_root}" >/dev/null
+rm -rf public
+HUGO_PARAMS_GIT_COMMIT="$(git rev-parse HEAD)" \
+	DITHER_SERVER=http://localhost:4567 \
+	hugo --minify
+find public -name "*.enc" -type f -delete
+find public/elsewhere -name "*.gmi" -type f -delete
+popd >/dev/null

bin/check-rss-template

@@ -0,0 +1,29 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)
+tmp_dir=$(mktemp -d)
+trap 'rm -rf "${tmp_dir}"' EXIT
+
+hugo_version="${HUGO_VERSION:?HUGO_VERSION must be set}"
+upstream_template="${tmp_dir}/rss.xml"
+diff_output="${tmp_dir}/rss.diff"
+
+curl -fsSL "https://raw.githubusercontent.com/gohugoio/hugo/refs/tags/v${hugo_version}/tpl/tplimpl/embedded/templates/rss.xml" \
+	-o "${upstream_template}"
+
+set +e
+diff "${upstream_template}" "${repo_root}/themes/v2/layouts/_default/rss.xml" >"${diff_output}"
+diff_status=$?
+set -e
+
+if [[ "${diff_status}" -gt 1 ]]; then
+	exit "${diff_status}"
+fi
+
+line_count=$(wc -l <"${diff_output}" | tr -d ' ')
+if [[ "${line_count}" != "7" ]]; then
+	echo "Unexpected RSS template diff line count: ${line_count}" >&2
+	cat "${diff_output}" >&2
+	exit 1
+fi

bin/deploy-local

@@ -0,0 +1,15 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+repo_root=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)
+target_dir="${1:-/var/www/davideisinger.com}"
+
+pushd "${repo_root}" >/dev/null
+mkdir -p "${target_dir}"
+rsync \
+	-v \
+	-r \
+	--delete \
+	public/ \
+	"${target_dir}/"
+popd >/dev/null

bin/dither/dither.rb

@@ -1,5 +1,8 @@
 require "sinatra"
 require "mini_magick"
+require "digest"
+require "fileutils"
+require "tempfile"
 
 MiniMagick.logger.level = Logger::DEBUG
 
@@ -7,6 +10,24 @@ ROOT = ENV.fetch("ROOT")
 KEY = ENV.fetch("KEY")
 DITHER = ENV["DITHER"] != "0"
 FORMAT = "png"
+CACHE_DIR = ENV["DITHER_CACHE_DIR"]
+
+def cache_path_for(path, geometry)
+  return unless CACHE_DIR
+
+  source_path = "#{ROOT}/#{path}.enc"
+  cache_key = Digest::SHA256.hexdigest([
+    path,
+    Digest::SHA256.file(source_path).hexdigest,
+    geometry,
+    DITHER,
+    FORMAT,
+    1
+  ].join("\0"))
+
+  FileUtils.mkdir_p(CACHE_DIR)
+  File.join(CACHE_DIR, "#{cache_key}.#{FORMAT}")
+end
 
 get "/*" do |path|
   halt 404, {"Content-Type" => "text/plain"}, "not found" unless File.exist?("#{ROOT}/#{path}.enc")
@@ -16,17 +37,32 @@ get "/*" do |path|
   geometry = params["geo"] unless params["geo"] == ""
   geometry.gsub!(/\d+/) { |n| n.to_i * 2 } if geometry && !DITHER
 
-  decrypted = %x(
+  cached_path = cache_path_for(path, geometry)
-    openssl \
+  if cached_path && File.exist?(cached_path)
-      aes-256-cbc \
+    return File.binread(cached_path)
-      -d \
+  end
-      -in #{ROOT}/#{path}.enc \
+
-      -pass file:#{KEY} \
+  decrypted = Tempfile.new(["dither", File.extname(path)])
-      -iter 1000000
+  decrypted.binmode
+  decrypted.close
+
+  begin
+    openssl_ok = system(
+      "openssl",
+      "aes-256-cbc",
+      "-d",
+      "-in", "#{ROOT}/#{path}.enc",
+      "-out", decrypted.path,
+      "-pass", "file:#{KEY}",
+      "-iter", "1000000"
     )
+    halt 500, {"Content-Type" => "text/plain"}, "decrypt failed" unless openssl_ok
 
     convert = MiniMagick::Tool::Convert.new
-  convert.stdin
+    convert.limit("memory", "128MiB")
+    convert.limit("map", "256MiB")
+    convert.limit("disk", "1GiB")
+    convert << decrypted.path
     convert.background("white")
     convert.layers("flatten")
     convert.strip
@@ -48,5 +84,16 @@ get "/*" do |path|
     end
 
     convert << "#{FORMAT.upcase}:-"
-  convert.call(stdin: decrypted)
+    output = convert.call
+
+    if cached_path
+      temp_cache_path = "#{cached_path}.tmp-#{Process.pid}"
+      File.binwrite(temp_cache_path, output)
+      FileUtils.mv(temp_cache_path, cached_path)
+    end
+
+    output
+  ensure
+    decrypted.unlink
+  end
 end

bin/server

@@ -3,9 +3,12 @@ set -euo pipefail
 
 repo_root=$(cd "$(dirname "${BASH_SOURCE[0]}")/.." && pwd)
 dither_dir="${repo_root}/bin/dither"
+cache_dir="${DITHER_CACHE_DIR:-${repo_root}/.cache/dither}"
+
+mkdir -p "${cache_dir}"
 
 pushd "${dither_dir}" >/dev/null
-ROOT="${repo_root}/content" KEY="${repo_root}/secret.key" bundle exec ruby dither.rb &
+ROOT="${repo_root}/content" KEY="${repo_root}/secret.key" DITHER_CACHE_DIR="${cache_dir}" bundle exec ruby dither.rb &
 dither_pid=$!
 popd >/dev/null
 

content/journal/dispatch-38-april-2026/index.md

@@ -53,7 +53,7 @@ Finally warming up around here (though we did get hit by the [largest 24-hour te
 {{<dither IMG_0004.jpeg "782x600">}}Face-first into the color chaos.{{</dither>}}
 {{<dither IMG_0009.jpeg "782x600">}}Blue faces, red popsicles, and the kind of chaos that means the afternoon went well.{{</dither>}}
 
-Then we drove up to DC, left the kids with my folks, and took the train to Baltimore to catch [my friend's][3] show and spend a little bit of time in the city. We stayed at the [Pendry][4] which was super nice -- we'll be back. Sold the old car while were up there -- 🪦 legend.
+Then we drove up to DC, left the kids with my folks, and took the train to Baltimore to catch [my friend's][3] show and spend a little bit of time in the city. We stayed at the [Pendry][4] which was super nice. We'll be back. Sold the old car while were up there -- 🪦 legend.
 
 [3]: https://www.instagram.com/__carillon/
 [4]: https://www.pendry.com/baltimore/

themes/v2/layouts/_default/baseof.gmi

@@ -8,7 +8,7 @@
 
 Rendered {{ now | dateFormat "2006-01-02 15:04:05 MST" }}
 {{- with site.Params.git.commit }}
-=> https://git.sr.ht/~dce/davideisinger.com/commit/{{ . }} {{ . }}
+=> https://git.davideisinger.com/dce/davideisinger.com/commit/{{ . }} {{ . }}
 {{ end -}}
 
 => https://creativecommons.org/licenses/by/4.0/deed.en © CC BY 4.0

themes/v2/layouts/partials/footer.html

@@ -12,7 +12,7 @@
   <div class="mobile-hidden">
     Rendered {{ now | dateFormat "2006-01-02 15:04:05 MST" }}
     {{ with site.Params.git.commit }}
-      • <a href="https://git.sr.ht/~dce/davideisinger.com/commit/{{ . }}">{{ substr . 0 7}}</a>
+      • <a href="https://git.davideisinger.com/dce/davideisinger.com/commit/{{ . }}">{{ substr . 0 7}}</a>
     {{ end }}
   </div>
 

themes/v2/layouts/partials/gemtext.gmi

@@ -39,6 +39,11 @@
 {{- end -}}
 
 {{- /* Photo processing */ -}}
+{{- range findRE `(?s){{<dither[^>]*>}}.*?{{</dither>}}` $content -}}
+	{{- $rendered := $page.RenderString . -}}
+	{{- $url := $rendered | replaceRE `(?s).*src="([^"]+)".*` "=> $1" -}}
+	{{- $content = replace $content . $url -}}
+{{- end -}}
 {{- range findRE `{{<(dither|thumbnail) [^/]+/>}}` $content -}}
 	{{- $rendered := $page.RenderString . -}}
 	{{- $url := $rendered | replaceRE `(?s).*src="([^"]+)".*` "=> $1" -}}