update

content/Control Nginx inside a container.md

@@ -0,0 +1,11 @@
+---
+up:
+  - Nginx
+created: 2025-06-03T20:36:00
+updated: 2025-06-03T20:36:00
+tags:
+  - atomic
+---
+Use `-s reload` to reload the configuration where a SIGHUP is not easily available, e.g. when running in [[Docker]] or [[Podman]]. This can be useful when TLS certificates have been updated to start using the new certificates.
+## References
+* [Nginx Beginners Guide](https://nginx.org/en/docs/beginners_guide.html)

content/Deploy Docusaurus to Netlify from CI.md

@@ -0,0 +1,78 @@
+[[Docusaurus]] sites can be deployed to [[Netlify]] from the CI of our [[Forgejo]] instance. It's necessary to set the two variables:
+* `NETLIFY_AUTH_TOKEN` (secret)
+* `NETLIFY_SITE_ID` (pretty sure isn't secret)
+
+Running `netlify build` without being logged in seems to generate errors. Rather just use `npm run build` to generate the build in the `build/` directory.
+
+Running `netlify deploy` will automatically detect these as environment variables, but setting the values as variables in Forgejo does not automatically make them into environment variables, so they should be passed explicitly in the commands.
+## Example Workflow
+This workflow uses [[npm]] to manage the dependencies, rather than having them managed by [[Nix]]. This may introduce discrepancies between environments, but the `package-lock.json` should be minimising those even if not providing any guarantees.
+
+```nix
+{  
+  inputs = {  
+    nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";  
+    flake-utils.url = "github:numtide/flake-utils";  
+  };  
+  outputs =  
+    {  
+      self,  
+      nixpkgs,  
+      flake-utils,  
+      ...  
+    }:  
+    flake-utils.lib.eachDefaultSystem (  
+      system:  
+      let  
+        pkgs = import nixpkgs {  
+          inherit system;  
+        };  
+      in  
+      with pkgs;  
+      {  
+        devShells.default = mkShell {  
+          buildInputs = [  
+            git  
+            netlify-cli  
+            nodejs_22  
+          ];  
+        };  
+      }  
+    );  
+}
+```
+
+```yaml
+name: Build and deploy  
+  
+on:  
+  push:  
+    branches:  
+      - main  
+  
+jobs:  
+  lint:  
+    runs-on: docker  
+  
+    container:  
+      image: ghcr.io/catthehacker/ubuntu:runner-latest  
+  
+    steps:  
+      - name: Checkout code  
+        uses: actions/checkout@v4  
+  
+      - name: Set up Nix  
+        uses: https://guardianproject.dev/actions/install-nix-action@v31  
+  
+      - name: Install npm dependencies  
+        run: nix develop --command npm install  
+  
+      - name: Generate OpenAPI section  
+        run: nix develop --command npm run docusaurus gen-api-docs api  
+  
+      - name: Run build  
+        run: nix develop --command npm run build  
+  
+      - name: Deploy  
+        run: nix develop --command netlify deploy --auth ${{ secrets.NETLIFY_AUTH_TOKEN }} -s ${{ vars.NETLIFY_SITE_ID }}
+```

content/Install NixOS remotely.md

@@ -0,0 +1,11 @@
+---
+up:
+  - "[[NixOS]]"
+created: 2025-06-03T20:39:00
+updated: 2025-06-03T20:39:00
+tags:
+  - atomic
+---
+[[NixOS]] can be installed remotely on an existing system via [[SSH]] using [[nixos-anywhere]].
+## References
+* [How I like to install NixOS (declaratively)](https://michael.stapelberg.ch/posts/2025-06-01-nixos-installation-declarative/)

content/Lightsail instances have managed firewalls.md

@@ -0,0 +1,12 @@
+---
+up:
+  - "[[AWS]]"
+created: 2025-06-06T15:58:00
+updated: 2025-06-06T15:58:00
+tags:
+  - atomic
+---
+
+When deploying a [[Lightsail]] instance on [[AWS]], it's necessary to go to the **Networking** tab and then add port 443 to allow incoming HTTPS connections. By default, only ports 22 and 80 are open.
+## References
+* [Learn more about firewall rules](https://lightsail.aws.amazon.com/ls/docs/en_us/articles/understanding-firewall-and-port-mappings-in-amazon-lightsail)

content/index.md

@@ -0,0 +1 @@
+Hi