Merge Jafner.dev into Jafner.net

Jafner.dev/.gitea/workflows/hugo.yml

@@ -0,0 +1,10 @@
+name: Hugo
+on: [push]
+jobs:
+  build:
+    runs-on: 
+    steps:
+    - uses: actions/checkout@v1
+    
+    - name: hugo
+      uses: klakegg/actions-hugo@1.0.0

Jafner.dev/.github/workflows/hugo.yaml

@@ -0,0 +1,67 @@
+name: Hugo
+on: 
+  push:
+    branches: [ main ]
+  workflow_dispatch:
+
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+
+concurrency:
+  group: "pages"
+  cancel-in-progress: false
+
+defaults:
+  run: 
+    shell: bash
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    env:
+      HUGO_VERSION: 0.121.2
+    steps:
+      - name: Install Hugo CLI
+        run: |
+          wget -O ${{ runner.temp }}/hugo.deb https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.deb \
+          && sudo dpkg -i ${{ runner.temp }}/hugo.deb          
+      - name: Install Dart Sass
+        run: sudo snap install dart-sass
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: 'true'
+          fetch-depth: 0
+      - name: Setup Pages
+        id: pages
+        uses: actions/configure-pages@v4
+      - name: Install Node.js dependencies
+        run: "[[ -f package-lock.json || -f npm-shrinkwrap.json ]] && npm ci || true"
+      - name: Build with Hugo
+        env:
+          # For maximum backward compatibility with Hugo modules
+          HUGO_ENVIRONMENT: production
+          HUGO_ENV: production
+          TZ: America/Los_Angeles
+        run: |
+          hugo \
+            --gc \
+            --minify \
+            --baseURL "https://jafner.dev/"          
+      - name: Upload artifact
+        uses: actions/upload-pages-artifact@v3
+        with:
+          path: ./public
+
+  deploy:
+    environment:
+      name: github-pages
+      url: https://jafner.dev/
+    runs-on: ubuntu-latest
+    needs: build
+    steps:
+      - name: Deploy to GitHub Pages
+        id: deployment
+        uses: actions/deploy-pages@v4

Jafner.dev/.gitignore

@@ -0,0 +1 @@
+public/

Jafner.dev/.gitmodules

@@ -0,0 +1,3 @@
+[submodule "themes/hello-friend-ng"]
+	path = themes/hello-friend-ng
+	url = https://github.com/rhazdon/hugo-theme-hello-friend-ng.git

Jafner.dev/README.md

@@ -0,0 +1,74 @@
+# Running local dev server
+1. Ensure theme submodule is loaded: `git submodule init && git submodule update`
+2. Run the server with `hugo server --noHTTPCache --ignoreCache --disableFastRender --buildDrafts`
+
+## Including Images in Content
+*Good old-fashioned `![](image.png)` markdown image embedding works just fine.*
+
+1. Place the image file beside the content in the folder (called a ["page bundle"](https://gohugo.io/content-management/page-bundles/)).
+2. For a Featured Image, use the line `featured_image = "image.jpg"` in the frontmatter.
+3. For an inline image, use `{{< image src="image.jpg" >}}`
+
+> Note: The working directory for relative resource locations uses the name of the content file as the current location. E.g. referencing the image `./myimage.jpg` or `./myimage.jpg` from inside the `/content/projects/myproject.md` content file, would look for those images at `/content/projects/myproject/myimage.jpg`. 
+
+## Add a Table of Contents
+- To include a table of contents at the beginning of a page, add the flag `toc = true` to the frontmatter. 
+- To insert a table of contents inline with the text, use the `{{% toc %}}` shortcode.
+- Tables of contents are configured under the `[markup]` configuration node in [`config.toml`](/config.toml).
+
+## Create a New Homelab or Project Article
+Use hugo's `hugo new content` command with the path (relative to root) to the content page for the new article. 
+
+Examples:
+- `hugo new content content/projects/my-new-project.md` This will create a new draft page with the title and date set smartly, as well as `draft = true`
+- `hugo new content content/projects/my-new-project/index.md` This will create a new draft page inside a page bundle, creating the bundle directory if needed. 
+
+## Set non-default `og:image` image for embedders
+To set the image that is used when other sites or services embed a link (e.g. Discord), we use the `ogimage` page param in the frontmatter. The value is the path to the desired image relative to the `static` directory. 
+
+Examples:
+- Unset `ogimage` tag will fall back to [`/static/img/logo.png`](/static/img/logo.png).
+- `ogimage = 'img/mobilebanner.png'` will use `/static/img/mobilebanner.png`.
+
+This is separate from any image content visible on the site itself, which makes it useful for preserving the cleanliness of the reading experience.
+
+## Generate article images with ImageMagick
+Assign the text to use for the article image to the `LOGOTEXT` variable. E.g. `LOGOTEXT="Jafner.dev"`
+
+```bash
+LOGOTEXT="Jafner.dev"
+convert -size 1200x630 xc:#1b1c1d -pointsize 110 -font "Noto-Sans-Mono-Regular" \
+   -fill #A9A9B3 -draw "text 50,360 '>$ ~/$LOGOTEXT'"\
+   -fill #FE5186 -gravity East -draw "text 50,0 '█'"\
+   $LOGOTEXT.logo.png
+```
+
+And that will generate an image like:
+
+![](jafner.dev.logo.png)
+
+It can be a little finicky to make the text *look right*, especially getting the left-right spacing down. Use the following parameters to make changes:
+
+- `xc:#1b1c1d` sets the background color to the provided hex code.
+- `-pointsize 128` sets the font size of the text.
+- The first `-font @Inter.ttf` sets the font to [Inter](https://fonts.google.com/specimen/Inter), the preferred font for the site. 
+- The first `-fill #A9A9B3` sets the color for the text part of the logo.
+- The first `-draw "text 50,360 '>$ ~/$LOGOTEXT'"` draws the `>$ ~/` part of the logo, then uses the `$LOGOTEXT` variable for the proceeding text. The `text 50,360` describes the X,Y offset in pixels from the top-left of the image to begin drawing the text. 
+- The second `-font "Noto-Sans-Mono-Regular"` sets the font we need to use for Unicode character support. See the list of available fonts with `convert -list font | less`. If we don't need the cursor block, this entire line can be omitted.
+- The second `-fill #FE5186` sets the color of the [cursor block](https://www.compart.com/en/unicode/U+2588).
+- `-gravity East` sets the draw orientation to the middle of the right side of the frame. 
+- The second `-draw "text 50,0 '█'"` draws the unicode cursor block character 50 pixels X-offset (from the middle-right) 
+
+Hex codes:
+- Pink cursor block: #FE5186
+- Dark grey header background: #1A1B1C
+- Light grey header logo text: #A9A9B2
+
+# Organizing Content
+When creating new content, we gotta keep in mind a few of the systems that are dependent on organizational consistency.
+
+1. Use `slug = 'mypage'` to set the name that will be used in the URL, and in the dynamic logo at the top-left.
+   1. For `homelab` articles, this will be prepended with `/homelab/` already, so don't be redundant. E.g. don't use `slug = 'homelab-tour'`, use `slug = 'tour'`. The former will render as `/homelab/homelab-tour/` and the latter will render as `/homelab/tour/`
+2. Isn't `/homelab/` a type of `/projects/` ? Yes. But it's such a huge project that it has earned its own category.
+3. Titles should be either like `Homelab Tour: Reviewing the what, how, and why of my lab`, or `Esports-grade Overwatch 2 on Linux`. That is, either a very short title with an expounding subtitle, or a sufficiently self-descriptive title. 
+   1. Use a colon to separate subtitle.

Jafner.dev/archetypes/default.md

@@ -0,0 +1,10 @@
++++
+title = '{{ replace .File.ContentBaseName "-" " " | title }}'
+description = " "
+date = {{ .Date }}
+aliases = []
+author = "Joey Hafner"
+ogimage = '/img/Jafner.dev.logo.png'
+slug = "draft"
+draft = true
++++

Jafner.dev/config.toml

@@ -0,0 +1,143 @@
+baseURL = "https://jafner.dev"
+title   = "Jafner.dev"
+languageCode = "en-us"
+theme = "hello-friend-ng"
+
+PygmentsCodeFences = true
+PygmentsStyle = "monokai"
+
+archetypeDir = "archetypes"
+contentDir   = "content"
+dataDir      = "data"
+layoutDir    = "layouts"
+publishDir   = "public"
+
+buildDrafts  = false
+buildFuture  = false
+buildExpired = false
+canonifyURLs = false
+
+enableRobotsTXT = true
+enableGitInfo   = false
+enableEmoji     = true
+enableMissingTranslationPlaceholders = false
+enableThemeToggle = true
+disableRSS     = true
+disableSitemap = false
+disable404     = false
+disableHugoGeneratorInject = false
+
+[permalinks]
+  [permalinks.section]
+    homelab = "/homelab/"
+    projects = "/projects/"
+  [permalinks.page]
+    pages = "/:slug"
+
+[blackfriday]
+  hrefTargetBlank = true
+
+[taxonomies]
+  tag        = "tags"
+  category   = "categories"
+  series     = "series"
+
+[params]
+  dateform        = "Jan 2, 2006"
+  dateformShort   = "Jan 2"
+  dateformNum     = "2006-01-02"
+  dateformNumTime = "2006-01-02 15:04"
+  description = "Personal site for Joey Hafner"
+  keywords = "docker homelab self-hosted bitwarden nextcloud developer git github hugo"
+  images = [""]
+  homeSubtitle = "Personal portfolio website for Joey Hafner"
+  disableReadOtherPosts = false
+  enableThemeToggle = false
+  enableSharingButtons = true
+  enableGlobalLanguageMenu = false
+  customCSS = ["/css/toc-no-underline.css"]
+  customJS  = []
+  justifyContent = false  # Set "text-align: justify" to .post-content.
+  [params.author]
+    name = "Joey Hafner"
+
+  [params.footer]
+    trademark = 2023
+    rss = false
+    copyright = true
+    author = false
+
+    topText = [
+      "Source on <a href=\"https://github.com/Jafner/jafner.dev\">GitHub</a>"
+    ]
+    bottomText = [
+    ]
+
+  [params.favicon.color]
+    mask = "#1b1c1d"
+    msapplication = "#1b1c1d"
+    theme = "#1b1c1d"
+
+  [params.logo]
+    logoMark     = ">$ ~"
+    logoText     = ""
+    logoHomeLink = "/"
+
+  [[params.social]]
+    name = "discord"
+    url  = "https://discordapp.com/users/124394980725751808"
+
+  [[params.social]]
+    name = "email"
+    url  = "mailto:joey@jafner.net"
+
+  [[params.social]]
+    name = "github"
+    url  = "https://github.com/Jafner"
+
+  [[params.social]]
+    name = "gitea"
+    url   = "https://gitea.jafner.tools/Jafner"
+
+  [[params.social]]
+    name = "linkedin"
+    url  = "https://www.linkedin.com/in/joey-hafner-b8977a107/"
+
+  [[params.social]]
+    name = "reddit"
+    url  = "https://www.reddit.com/user/jafner425"
+
+[languages]
+  [languages.en]
+    weight    = 1
+    copyright = '<a href="https://creativecommons.org/licenses/by-nc/4.0/" target="_blank" rel="noopener">CC BY-NC 4.0</a>'
+  [languages.en.params]
+    subtitle  = ""
+
+[menu]
+  [[menu.main]]
+    identifier = "about"
+    name       = "About"
+    url        = "about-me"
+    weight     = 10
+  [[menu.main]]
+    identifier = "experience"
+    name       = "Experience"
+    url        = "experience"
+    weight     = 20
+  [[menu.main]]
+    identifier = "homelab"
+    name       = "Homelab"
+    url        = "homelab"
+    weight     = 30
+  [[menu.main]]
+    identifier = "projects"
+    name       = "Projects"
+    url        = "projects"
+    weight     = 40
+
+[markup]
+  [markup.tableOfContents]
+    endLevel = 3
+    ordered = false
+    startLevel = 2

Jafner.dev/content/homelab/Homelab Tour/index.md

@@ -0,0 +1,203 @@
++++
+title = 'Homelab Tour'
+description = "In this article I walk through the services I run, what problems they solve for me, and the lessons I've learned."
+date = 2024-06-27T09:15:13-07:00
+aliases = ["/articles/homelab-tour-series-intro", "/homelab-tour"]
+author = "Joey Hafner"
+ogimage = 'Homelab.tour.logo.png'
+slug = 'tour'
+draft = false
++++
+
+## There are many like it...
+
+But this lab is built *by me and for me*. Just as I am the sole (or primary) beneficiary of its value, I am also the sole owner. I've gotta pay for all the hard drives, the network switches, the API keys, the power supplies, the rack rails. I've gotta configure the SMTP notifications, the [DNS](https://xkcd.com/2259/), the firewalls and the subnets. I open, update, and close [issues](https://gitea.jafner.tools/Jafner/homelab/issues), [remediate leaked secrets](https://gitea.jafner.tools/Jafner/homelab/issues/128), and write documentation. 
+
+It's exhausting and exhilarating, frustrating and fulfilling, thankless and thankful. And I've never written about it before, so here's me finally getting to do that.
+
+{{% toc %}}
+
+## Core Services: It's about data.
+[For](https://www.npr.org/2021/04/09/986005820/after-data-breach-exposes-530-million-facebook-says-it-will-not-notify-users) [myriad](https://www.forbes.com/sites/quickerbettertech/2021/07/05/a-linkedin-breach-exposes-92-of-usersand-other-small-business-tech-news/) [reasons](https://www.theverge.com/2018/5/3/17316684/twitter-password-bug-security-flaw-exposed-change-now), [I want](https://www.techtarget.com/whatis/feature/SolarWinds-hack-explained-Everything-you-need-to-know) to [maintain](https://www.bbc.com/news/technology-37232635) as much [control](https://www.theverge.com/2022/12/22/23523322/lastpass-data-breach-cloud-encrypted-password-vault-hackers) of [my data](https://www.bbc.com/news/technology-58817658) [as possible](https://cloudsecurityalliance.org/blog/2022/03/13/an-analysis-of-the-2020-zoom-breach). So I got hard drives to store my data, and built computers around those hard drives to move my data to and fro. Lastly, I selected a few of the awesome projects others have built to tell the computers how to move my data.
+
+![Apps.png|App icons left-to-right: Bitwarden, Gitea, Nextcloud, Zipline, Send, Home Assistant, TrueNAS Scale, VyOS](Apps.png)
+
+Veteran self-hosters are familiar with many of these, but I want to talk about how each of these projects helps me claw back a little bit of control over my data.
+
+### Bitwarden: The best password manager
+*Password management server.* | [Bitwarden](https://bitwarden.com/) ([Vaultwarden](https://github.com/dani-garcia/vaultwarden)) | [`bitwarden.jafner.tools`](https://bitwarden.jafner.tools) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/druid/config/vaultwarden/docker-compose.yml)
+
+I used to use LastPass.
+- *June 15, 2015* [ArsTechnica: Hack of cloud-based LastPass exposes hashed master passwords](https://arstechnica.com/information-technology/2015/06/hack-of-cloud-based-lastpass-exposes-encrypted-master-passwords/)
+- *December 28, 2021* [BleepingComputer: LastPass users warned their master passwords are compromised](https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/)
+- *November 30, 2022* [BleepingComputer: Lastpass says hackers accessed customer data in new breach](https://www.bleepingcomputer.com/news/security/lastpass-says-hackers-accessed-customer-data-in-new-breach/)
+
+Bitwarden has an [excellent security track record *so far*](https://bitwarden.com/blog/third-party-security-audit/). But two factors (ha!) led to my choosing to self-host the community-built server instead of using Bitwarden's first-party cloud service: 
+
+1. Subscription-gated features. 2FA/OTP authenticator, file attachments, security reports, and more are gated behind a subscription. I wholeheartedly endorse Bitwarden's decision, but that's just enough encouragement for me to host it myself.
+2. Bigger means more attractive target. The more people put their trust in Bitwarden, the more attractive a target it becomes. My personal server is unlikely to attract the attention of any individuals or organizations with the capability to penetrate *Bitwarden's* security. Of course, that only matters if I maintain good security posture everywhere else in the homelab. More on that another day.
+
+I've had an excellent experience with Bitwarden so far. The user experience is fluid enough that I was able to onboard my family without issue. 
+
+### Gitea: Control the source
+*Source control and basic CI/CD.* | [Gitea](https://about.gitea.com/) | [`gitea.jafner.tools`](https://gitea.jafner.tools/) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/druid/config/gitea) 
+
+GitHub is great. And I often question my decision to host my own Git and CI/CD server. I'm not foolish enough to worry that any of my code would be included in any high-quality AI training datasets. Really, In 
+
+I started out using a self-hosted GitLab instance, but its power and flexibility entail weight. And I got tired of the administrative toil caused by frequent and substantial updates to the entire platform. 
+
+So I spun up Gitea, set up some [runners](https://docs.gitea.com/next/usage/actions/act-runner/), and got back to work. 
+
+### Nextcloud: Corner office with a view
+*Office services (files, photos, calendar, contacts).* | [Nextcloud](https://nextcloud.com/) | [`nextcloud.jafner.net`](https://nextcloud.jafner.net) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/fighter/config/nextcloud) 
+
+Google Drive is pretty cool and useful. I didn't care much for Docs and the other office products, but the storage, sharing, and sync functionality Drive provided was useful at school, at home, at work, and even for gaming. But it's hard-limited to 15 GB on the free version. And expanding that costs ~$5/TB mo., which is only $0.63 cheaper than buying an 8TB SAS HDD *every month*. So I decided `drives > Drive`.
+
+And it feels luxurious. Knowing that all my phone's photos and videos are stored on my hardware and won't every touch Google's servers. I can take a full-fat video without worrying that 600 MB will eat up a bunch of my quota. Nextcloud also offers a wide swathe of plugins for other functionalities via their [App store](https://apps.nextcloud.com/). 
+
+### Manyfold: Library management for 3D models
+*3D Model library manager.* | [Manyfold](https://github.com/manyfold3d/manyfold) | [`3d.jafner.net`](https://3d.jafner.net/) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/fighter/config/vandam)
+
+Over the years I've spent a *lot* of money on 3D models for fantasy RPG miniatures. My collection of models is measured in *terrabytes*. And I have a deep appreciation for the creative work of the artists who make these models. But artists, I think, are not naturally inclined toward robust file organization practices. So my "collection" is really more like a pile. 
+
+But Manyfold (formerly "VanDAM") has helped enormously with the process of making that collection usable. Search and preview are the two biggest features. Automated tagging and other organizational features also help a lot. 
+
+I still have a lot of manual work to do though...
+
+### Send: The service formerly known as Firefox Send
+*Quick and secure file share. [XKCD#949](https://xkcd.com/949/).* | [Send](https://github.com/timvisee/send) | [`send.jafner.net`](https://send.jafner.net/) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/fighter/config/send)
+
+The XKCD comic above articulates and experience I've had enough times. Nextcloud helps a lot when I want to share a file with someone else. But Send covers the cases where a friend wants to send me a file, or a friend is asking me how to send a file to another friend. I can just send them the link. I don't even need to explain how it works, it's built intuitively enough. And I get some peace of mind knowing that the files are encrypted end-to-end. 
+
+### Zipline: Clip that
+*Media sharing server (upload screenshots, recordings).* | [Zipline](https://github.com/diced/zipline) | [`zipline.jafner.net`](https://zipline.jafner.net) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/fighter/config/zipline) 
+
+This service exists exclusively to let me right click the video file of a gaming highlight, hit "Share", and send the link to my friends as seamlessly as possible *while supporting high-fidelity content*. I record my gameplay at 1440p 120 FPS. Check it out:  
+
+- [Venture 5k](https://zipline.jafner.net/u/%5B2024-06-19%5D%20Neato.mp4).
+- [Venture scrim highlight](https://zipline.jafner.net/u/%5B2024-06-19%5D%20Scrim%20(1:55:22-1:56:02).mp4)
+- [My greatest widowmaker highlight](https://zipline.jafner.net/u/ImYtUX.mp4)
+
+That last one's not even 120 fps, I just love to show it. To be honest though, if Youtube supported scripted/automated uploads I would just use that. But it's probably for the best that they don't.
+
+### Home Assistant: Climate control for the Critter Cove
+*Home automation and monitoring.* | [Home Assistant](https://www.home-assistant.io/) | [`homeassistant.jafner.net`](https://homeassistant.jafner.net) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/fighter/config/home-assistant) 
+
+I think a lot of folks start their self-hosting journey with Home Assistant. It's a fantastic tool, and it keeps some of your most important data from being reliant on [often-flakey vendors](https://gizmodo.com/the-never-ending-death-of-smart-home-gadgets-1842456125) who have little interest in supporting their product unless you're giving them money for it. 
+
+My partner and I have four reptiles, several insects, and a hamster whose climates I simply cannot be bothered to adjust manually every hour of the waking day. So I installed Home Assistant, hooked up warm-side and cool-side [Govee hygrometer/thermometers](https://us.govee.com/products/govee-bluetooth-hygrometer-thermometer-h5075?Style=1*H5075), put the heating lamps on [TP Link smart dimming plugs](https://www.kasasmart.com/us/products/smart-plugs/product-kp405), and wrote some automation to keep everybody in their happy temperature range. 
+
+### VyOS: My router is a text file
+*Configuration-as-code router OS.* | [VyOS](https://vyos.io/) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/wizard/config) 
+
+One day I thought to myself, "do I know how a router works?" The answer was no, so I built one (hardware and configuration) from scratch between the hours of 10 PM and 4 AM to ensure none of my housemates would be disturbed by the requisite internet outage. I deployed the seat-of-my-pants router configuration to "production" overnight and handled about one day's worth of post-deployment support before everything was seamlessly stable. 
+
+The hardest part was crimping and terminating every single ethernet cable. At least 20 connections. Woof.
+
+### TrueNAS: How I sleep at night
+*Data safety provider.* | [TrueNAS](https://www.truenas.com/truenas-scale/) | [Configuration: Main](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/barbarian) | [Configuration: Backup](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/monk) 
+
+Underpinning every single one of the above services in one way or another is my TrueNAS deployment. It is composed of two hosts: a primary and a backup. Every day, each system takes a [differential snapshot](https://www.truenas.com/docs/scale/24.04/scaleuireference/dataprotection/periodicsnapshottasksscreensscale/) of each dataset, and runs a short [S.M.A.R.T. test](https://www.truenas.com/docs/scale/24.04/scaleuireference/dataprotection/smarttestsscreensscale/) on each disk. Nightly, the most important datasets on the primary are backed up to the backup as an [Rsync task](https://www.truenas.com/docs/scale/24.04/scaleuireference/dataprotection/rsynctasksscreensscale/). And every week it runs a [scrub task](https://www.truenas.com/docs/scale/24.04/scaleuireference/dataprotection/scrubtasksscreensscale/) to ensure the stored data still checksums correctly. 
+
+And of course, it runs an SMB server and iSCSI target to facilitate clients and applications interacting with their own little data puddle. 
+
+## Additional Services: Just for fun
+In addition to the important services above, I run a handful of services just for off time. 
+
+### Plex: I wish Jellyfin supported SSO
+The superior media server, Plex provides a free (as in beer) solution with a beautiful frontend and comprehensive metadata scraping. Plex has set a standard for serving movies and TV that no alternative service has been able to match. It is the unwelcome incumbent no one has mustered the resources to dethrone. Over the last decade Plex has crept away from its [XBMC](https://en.wikipedia.org/wiki/Kodi_(software)) roots, and leaned into building services that make the business boys happy. They've been investing engineering hours into integrating more and more with external service providers, rather than [updating some of the core functionality](https://www.plexopedia.com/plex-media-server/general/metadata-stored/). And in [2022](https://www.theverge.com/2022/8/24/23319570/plex-security-breach-exposes-usernames-emails-passwords) they leaked my username, email, and (encrypted) password just to be rude to me personally. 
+
+But I digress...
+
+[Jellyfin](https://jellyfin.org/) is the leading opposition. But Jellyfin's [most wanted feature requests](https://features.jellyfin.org/?view=most-wanted) paints a sorry picture of the state of things. Features I consider critical, such as [2FA](https://features.jellyfin.org/posts/26/add-support-for-two-factor-authentication-2fa), [transcoding](https://features.jellyfin.org/posts/284/convert-option-similar-to-plexs-optimise), [offline access for mobile clients](https://features.jellyfin.org/posts/218/support-offline-mode-on-android-mobile), [to-watch lists](https://features.jellyfin.org/posts/576/watchlist-like-netflix), [watch history](https://features.jellyfin.org/posts/633/watched-history), [OIDC support](https://features.jellyfin.org/posts/230/support-for-oidc) / [OAuth support](https://features.jellyfin.org/posts/271/oauth-support), [list collections to which a movie belongs](https://features.jellyfin.org/posts/540/list-all-collections-that-a-movie-belong-to-in-movie-details), and more I'm sure if I just keep scrolling. Maybe a few more years. 
+
+### 5eTools: If D&D Beyond was designed by software engineers instead of business boys
+5eTools is an insanely high quality, data-driven repository for each and every piece of content ever made for D&D 5th edition. Fortunately, they have a *blocklist* feature to restrict the visible content to only the stuff I've bought the books for. 
+
+### Calibre-web: Frontend for the premiere ebook library manager
+[Calibre-web](https://github.com/janeczku/calibre-web) | [Calibre](https://calibre-ebook.com/) | [`rpg.calibre.jafner.net`](https://rpg.calibre.jafner.net/) | [`sff.calibre.jafner.net`](https://sff.calibre.jafner.net/)
+
+Sometimes, rarely, I read a book. Much more freqeuently, I want to check a section from a book. Calibre(-web) affords me access to my entire library of books and ebooks from a web browser. Frustratingly, the owner of the project has decided not to implement generic OAuth2/OIDC support. [But open-source, uh, finds a way.](https://github.com/janeczku/calibre-web/pull/2211#issuecomment-1182460156)
+
+### Minecraft: Geoff \"itzg\" Bourne is a blessing
+[`itzg/docker-minecraft-server`](https://github.com/itzg/docker-minecraft-server) | [`itzg/mc-router`](https://github.com/itzg/mc-router) | [`itzg/mc-monitor`](https://github.com/itzg/mc-monitor) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/fighter/config/minecraft/docker-compose.yml)
+Hosting game servers for my friends got me into this stuff, and has been a throughline of my life for over 15 years.
+And Minecraft has been a consistent presence in that domain. Today that task is easier and more polished than ever. 
+
+Two Docker images, [itzg/mc-router](https://github.com/itzg/mc-router) and [itzg/docker-minecraft-server](https://github.com/itzg/docker-minecraft-server) have handled every Minecraft server I've hosted since late 2020. The configuration is simple and declarative. The best part is the reverse proxying. In 2015 I would head to [WhatsMyIP.org](https://www.whatsmyip.org/), copy the number at the top, and send it to my friends. Then they would manually type it into the connect dialog (copy-paste can be challenging), type something wrong, get a connection error, and call me on Google Hangouts. We'd, eventually get it figured out, but now I can just say "It's `e9.jafner.net`" and that seems to stick a lot better. 
+
+## Admin Services: Help me handle all this
+Nothing since has given me the same high as seeing the green padlock next to `jafner.net` for the first time. After years of typing IPs, memorizing ports, skipping "Your connection is not private" pages, and answering "What's the IP again?", that green padlock was more gratifying than the $60k piece of paper framed on my wall. 
+
+Below are the tools and services I use to make everything else work *properly*. 
+
+### Traefik: One-liner* TLS-certified subdomains
+*Docker-integrated reverse proxy.* | [Traefik](https://github.com/traefik/traefik) | [Configuration: Fighter](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/traefik/docker-compose.yml) | [Configuration: Druid](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/druid/config/traefik/docker-compose.yml)
+
+*Okay, it's not literally one line. It's five.
+
+```yml
+networks:
+  - web
+labels:
+  - traefik.http.routers.myservice.rule=Host(`myservice.jafner.net`)
+  - traefik.http.routers.myservice.tls.certresolver=lets-encrypt
+```
+
+Lines #1-2 configure a service to attach to the Docker network Traefik is monitoring.
+Lines #3-5 tell Traefik what (sub)domain(s) that service should serve, and tell it to provision a fresh LetsEncrypt certificate. 
+
+- No wildcard certs.
+- No manual cert requests.
+- No services are exposed by default. 
+
+In addition to handling that core functionality, it also offers "middlewares" to handle additional functionality, like [forwardauth](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/traefik/config/config_addons.yaml#L49), which helps me protect services that don't support [OAuth2](https://oauth.net/2/)/[OIDC](https://www.microsoft.com/en-us/security/business/security-101/what-is-openid-connect-oidc), such as [WG-Easy](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/wireguard/docker-compose.yml#L26). 
+
+I have never been tempted to look for alternatives. I struggle to imagine how a reverse proxy could be better for my use-case without overstepping its role. 
+
+Oh, it would be nice if it handled [dispatching to other Traefik instances](https://gitea.jafner.tools/Jafner/homelab/issues/71) in a more intuitive/simple way. I haven't been able to get that working.
+
+### Keycloak: Sign in to Jafner.net
+*IAM provider* | [Keycloak](https://www.keycloak.org/) | [Configuration](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/keycloak)
+
+It's easy to allow your password manager's "local accounts" folder slowly grow to dozens or hundreds of credentials as services are trialed, decomissioned, reinstalled, and troubleshooted (troubleshot?). Further, supporting basic account information updates for *users that aren't me* is non-trivial. How many SMTP submission API keys would I need to support each of my services sending their own "Recover your account password" emails?
+
+Keycloak provides much-needed consolidation of account management. Just like a *real website*, anyone who wants to *do something* with one of my services (e.g. open a [Gitea issue](https://gitea.jafner.tools/issues)) can walk through the familiar account creation process. Give a first and last name, email, username, and password. You'll get a verification email in your inbox from `"Keycloak Admin" <noreply@jafner.net>`. Click the link, go back to the page you were trying to access, and *boom*, you can do stuff. Stuff I don't want you to be able to do is still gated behind manual account approval. For example, you can't just create an account and start uploading files to Nextcloud. Oh, and it supports 2FA. 
+
+One day I'll be able to manage *every single Jafner.net application's* ID and access via Keycloak, but a few have held out. But that's an entire article itself. 
+Until then I'll be happy that *most* applications and services either support native OAuth2 or OIDC, or are single-user and can be simply gated behind Traefik forwardauth.
+
+### Wireguard: Road warrior who needs to reboot the Minecraft server
+*Quick, easy, fast VPN plus quick, easy, fast web UI* | [Wireguard](https://www.wireguard.com/) | [WG-Easy](https://github.com/wg-easy/wg-easy) | [Configuration: Fighter](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/wireguard/docker-compose.yml) | [Configuration: Druid](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/druid/config/wireguard/docker-compose.yml)
+
+Every homelabber is faced with the question of how to administrate their server when they aren't sitting (or standing) at their desk at home. It's a great question; you're dipping your toes into [security posture](https://csrc.nist.gov/glossary/term/security_posture), and the constant tension between security and ease-of-access. Using SSH keys instead of passwords is a no-brainer, but do you also configure [SSH 2FA](https://www.digitalocean.com/community/tutorials/how-to-set-up-multi-factor-authentication-for-ssh-on-ubuntu-20-04)? Most folks don't allow SSH traffic directly through the router, but *how* do you build and configure your VPN for SSHing into your server? 
+
+The steps I take to secure my SSH hosts are detailed [here](https://gitea.jafner.tools/Jafner/homelab/src/branch/main/docs/Security.md#securing-ssh), but I'll be digging into that more in another article. In brief:
+
+- SSH keys are matched to a user and host. E.g. `Joey_Desktop`, or `Joey_Phone`.
+- Authorized keys are added only as needed. There is no template. Nothing is included by default. 
+- Each SSH server is configured to require pubkey authentication and disable password authentication. 
+- Each SSH server is configured to require 2FA via the `google-authenticator` PAM module. 
+- The router is not configured to port-forward any SSH traffic. Accessing SSH requires VPNing. 
+
+Lots of iteration led to this configuration. I'm sure I'll write it out at some point.
+
+### Grafana, Prometheus, and Uptime-kuma: Observability before I knew what that meant
+[Grafana](https://grafana.com/) | [Prometheus](https://prometheus.io/) | [Uptime-kuma](https://github.com/louislam/uptime-kuma) | [Configuration: Monitoring Fighter](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/monitoring) | [Configuration: Uptime-kuma Fighter](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/fighter/config/uptime-kuma/docker-compose.yml) | [Configuration: Monitoring Druid](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/druid/config/monitoring/docker-compose.yml) | [Configuration: Uptime-kuma Druid](https://gitea.jafner.tools/Jafner/homelab/src/commit/94e0aed892812adcfd94bd84e588eb474dd7abda/druid/config/uptime-kuma/docker-compose.yml)
+
+Before I knew what "Site Reliability Engineering" was, I had a Grafana instance (using ye olde Telegraf and InfluxDB) showing me pretty graphs. I was exposed to the timeseries database paradigm, and how to query it in a useful way. And later down the line I integrated [Loki](https://grafana.com/docs/loki/latest/) to pull all my Docker container logs into my one pretty visualization platform. I built dashboards for monitoring host health, troubleshooting specific issues, statuspages; I built alert policies to send notifications via Discord and email; and I exported data from practically every service. And then things settled down, and that data-analytics muscle began to atrophy. My environment was stable. So I changed tact.
+
+Uptime-kuma is simple, beautiful, and does all the things I need. HTTP and ping-based uptime monitoring, outage notifications (via email and Discord), and [status pages](https://uptime.jafner.tools/status/net). 
+
+All this lets me sleep easy knowing that if any of my services go down, I'll get a Discord notification. When someone asks me "Hey, is \<service\> down?" I can answer confidently, "Nope, works on my system."
+
+## Closing thoughts, and looking forward
+I've not written much about my lab before. It's been a challenge to resist rambling about all the challenges and iterations I walked through to get the lab to the state it's in today. And even just in the process of writing this the last couple days I've come to realize a few low-hanging fruit improvements I could make. 
+
+While I'm proud of all the things I've tought myself in this process, I could not have done it without hundreds of thousands of hours of freely-contributed projects, Q&As, documentation, tutorials, and every other kind of support. 
+
+In addition to the hundreds of individual project founders, maintainers, and contributers, I am deeply appreciative of the creators from whom inspiration flowed freely. I'm sure there's room here somewhere for an [`Appendix N: Inspirational Reading`](https://dungeonsdragons.fandom.com/wiki/Appendix_N) article. 
+
+---
+
+Thanks for reading. If you want to contact me to chat about homelabbing, D&D, tech writing, gaming, A/V streaming tech, or because you think I can help you solve a problem, email me at [`joey@jafner.net`](mailto:joey@jafner.net) or use any of [my other socials]({{< ref "/" >}} "Homepage").

Jafner.dev/content/homelab/_index.md

@@ -0,0 +1,3 @@
++++
+title = 'Homelab Articles'
++++

Jafner.dev/content/pages/about-me/index.md

@@ -0,0 +1,16 @@
++++
+title = 'About Me'
+description = ' '
+date = 2024-05-28T17:56:25-07:00
+draft = false
+slug = "about-me"
+ogimage = "about-me.logo.png"
++++
+
+My name is Joey Hafner. I’m a computing engineer located in Tacoma, WA.
+
+I’m always working on a diverse array of tech projects. Whether it’s my homelab, or spending 3 hours wrestling with a script to save me 30 seconds.
+
+I’ve enjoyed hacking with whatever tech I could get my hands on since I was a teen, and that interest was overclocked in 2019 when I found Docker and started my homelab.
+
+I’m always excited about opportunities to learn new technologies and build useful things.

Jafner.dev/content/pages/experience/index.md

@@ -0,0 +1,25 @@
++++
+title = 'Experience'
+description = ' '
+date = 2024-05-28T17:56:47-07:00
+draft = false
+ogimage = "experience.logo.png"
+slug = "experience"
++++
+
+Below is a reverse chronological listing of my employment history.
+
+## [2024-02 to 2021-11] Site Reliability Engineer @ American Eagle
+From November 2021 through February 2024, I worked on a long-term contract with American Eagle to design and implement observability tooling for cloud infrastructure and apps. 
+
+- Spearheaded implementation of Bamboo pipelines to automate deployment of New Relic/Terraform observability codebase. 
+    - That reduced mean-time-to-deployment for our commits by more than 10x.
+    - Increased deployment frequency from ~weekly to ~twice daily.
+- Collaborated with internal development teams to design human-optimized observability and alerting toolkits.
+- Authored and maintained documentation for our New Relic/Terraform codebase.
+
+## [2021-11 to 2021-08] DevOps Engineer @ UpWork Contractor
+From August through November 2021, I collaborated with solo- and small-team projects to build automation pipelines, guide offshore software development teams toward client needs, and secure cloud resources to improve security posture. I also implemented data resilience and disaster recovery protocols with attention to ease-of-use and documentation. If you have an UpWork client account, you can view my engineering profile here.
+
+## [2021-08 to 2021-03] Technical Writer @ UpWork Contractor
+From March through August 2021, I wrote technical documentation and articles for clients on UpWork. I loved working with open-source project developers to refine and articulate their vision. If you have an UpWork client account, you can view my technical writing profile here.

Jafner.dev/content/projects/homelab/index.md

@@ -0,0 +1,151 @@
++++
+title = 'Homelab'
+description = ' '
+date = 2024-05-28T17:58:08-07:00
+draft = true
++++
+
+# Preamble: How to Use My Homelab Repo
+
+# Intro
+- My homelab is always evolving, so I will aim to keep the contents of this page agnostic to any current setup. 
+- Always intended to make the repository publicly accessible, but left secrets in the code early on. 
+- Always pushed toward complete configuration as code. Application data and secrets excepted, all application configuration *should* be defined in the application's config directory.
+- Some docker images don't get us 100% of the way there, so we define what we can in the compose file, then either scripts or a README to fill in the gaps.
+
+# Principles and Goals
+1. Be useful. First and foremost we should remove anything that isn't useful, and trial anything that may be.
+2. Be resilient. We should integrate configuration code with process documentation to make rebuilding from scratch as easy as possible.
+3. Be simple. 
+4. Be helpful. First for myself to make future work easier, and second to make writing this page easier (3 years later). 
+
+# Development: Problems and Solutions
+
+## What I've got to work with: Hosts and Cloud Resources
+- Barbarian
+- Fighter
+- Druid
+- Wizard
+- Monk
+
+## What I need to get done: Service Roles
+
+- I need some way to store a lot of big files. Storing and protecting big library.
+- I need some way for my friends and family to watch the movies in my movie library. Serving media library.
+- I need some way to make my stuff accessible safely over the internet. Managing access.
+- I need some way to manage this whole thing. Managing configuration.
+- I need some way to know if it's breaking. Monitoring and notifying on service uptime.
+
+## What I don't need to get done: Retired Service Roles
+
+## The wrong ways to do it: Replaced Services
+
+# Long-Lived Lessons
+
+# Appendix A: Tools Used
+Appendix of tools.
+
+## Local Tools
+- Docker
+- Docker-compose
+- Git 
+- Ansible
+- VSCodium
+- Terraform
+- Tabby
+
+## Services: Chronological
+
+### The Before Times
+- Teamspeak 3
+- Terraria 
+- Minecraft
+- 5eTools
+
+### Initial Commit
+- Wireguard (wg-easy)
+- Wikijs
+- Uptime-kuma
+- Unifi_controller
+- Traefik
+- Tdarr
+- Prometheus
+- Wordpress (Portfolio, NVGM, landing)
+- Portainer
+- Plex
+- Peertube
+- Olivetin
+- Docker-minecraft
+- Joplin
+- Homer
+- Grafana
+- InfluxDB
+- Telegraf
+- Gitlab
+- Gitea
+- Exatorrent
+- PlantUML
+- DrawIO
+- Cloudflare-DDNS
+- Calibre-web
+- Authentik
+- Ass
+- Radarr
+- Sonarr
+- NZBHydra2
+- SabNZBD
+
+## Services: By Category
+
+### Serve Files
+- Video: Plex, Peertube, Zipline, Jellyfin
+- Image: Ass, 
+- 3D Models: Vandam (now Manyfold)
+- Ebooks: Calibre-web
+- Notes: Joplin
+- Files: Nextcloud, Send, TrueNAS
+
+### Manage Access (& Other Admin)
+- Keycloak
+- Authentik
+- Wireguard
+- Traefik
+- Unifi Controller
+- DDNS
+
+### Git Server
+- Gitlab
+- Gitea
+
+### Monitoring & Observability
+- Uptime Kuma
+- Prometheus
+- Grafana
+- MC-Monitor
+- InfluxDB and Telegraf
+- Exporters for Ping, Docker, PiHole, UptimeKuma
+
+### Websites
+- NVGM, portfolio, landing
+- Wikijs
+- Homer, Homepage
+- Jafner.dev
+
+### Torrents
+- Rtorrent
+- Transmission
+- Deluge
+- ExaTorrent
+- Qbittorrent
+
+### Games Servers
+- Minecraft
+- Unturned
+- Terraria
+- 7 Days to Die
+
+# References
+1. [Jafner/homelab](https://gitea.jafner.tools/Jafner/homelab)
+2. [Initial commit](https://gitea.jafner.tools/Jafner/homelab/commit/45c541999d972020f21547c2d0ddea739f7103ce)
+3. [Example secret in code - Cloudflare API Key](https://gitea.jafner.tools/Jafner/homelab/src/commit/45c541999d972020f21547c2d0ddea739f7103ce/server/config/cloudflare-ddns/docker-compose.yml#L8)
+4. [Example secret in code - SSH key](https://gitea.jafner.tools/Jafner/homelab/src/commit/45c541999d972020f21547c2d0ddea739f7103ce/server/config/wikijs/id_rsa)

Jafner.dev/content/projects/pamidi/index.md

@@ -0,0 +1,267 @@
++++
+title = 'Pamidi: Control PulseAudio with a MIDI device'
+description = 'In this article I review the script I wrote in 2021 to manipulate PulseAudio with a MIDI controller.'
+date = 2024-05-28T17:58:19-07:00
+draft = false
+ogimage = "pamidi.logo.png"
+slug = 'pamidi'
++++
+
+{{< image src="pamidi.jpg" >}}
+
+My first project posted publicly. Initially I didn't expect to post it, but I didn't see any other solutions to the problem I was having, so I figured my solution could inspire someone else to do it better.
+
+# Problem: Physical Volume Knobs for Applications
+While using Windows, I installed an application called [MIDI Mixer](https://www.midi-mixer.com/) to map the physical volume knobs of my [Behringer X-Touch Mini](https://www.behringer.com/product.html?modelCode=0808-AAF) (and the accompanying mute and media control buttons) to individual applications on my PC. The most common use-case for me was turning my Spotify music up or down without alt-tabbing from my Overwatch game. My microphone was also mapped into the software. 
+
+It's just nice to have a physical interface for these things. But when I tried switching to Pop!_OS a couple years ago, I first [inquired at /r/linuxaudio](https://www.reddit.com/r/linuxaudio/comments/owqi6j/linux_equivalent_to_midi_mixer_functionality/) about replicating that functionality on Linux. While I was able to find [a similar project](https://github.com/solarnz/pamidicontrol), nothing really scratched the itch, so I dug in to build my own. 
+
+# Solution: PulseAudio and Xdotool in a Bash Script
+I built [`pamidi`](https://github.com/Jafner/pamidi). We'll break it down here, with the benefit of retrospect. 
+
+## Dependencies
+Two utilities are critical to the function of the script: [`xdotool`](https://github.com/jordansissel/xdotool) and [`pacmd`](https://man.archlinux.org/man/pacmd.1). Additionally, we presume you're running SystemD with PulseAudio.
+
+- `xdotool` is used to get the current focused window. This lets us drastically simplify the UX of mapping the volume knobs to specific applications. 
+- `pacmd` is used to change volume and toggle mute for PulseAudio streams. 
+
+## Code Breakdown
+Let's take a look at [the code](https://github.com/Jafner/pamidi/blob/main/pamidi.sh). The source is annotated with comments, but we'll just look at the code here.
+
+### Initialize the Service
+```bash
+initialize(){
+	echo "Initializing"
+	echo "Checking for xdotool"
+	if ! hash xdotool &> /dev/null; then
+		echo "xdotool could not be found, exiting"
+		exit 2
+	else
+		echo "xdotool found"
+	fi
+	echo "Waiting for pulseaudio service to start..."
+	while [[ $(systemctl --machine=joey@.host --user is-active --quiet pulseaudio) ]]; do
+		echo "Pulseaudio service not started, waiting..."
+		sleep 2
+	done
+	echo "Waiting for X-TOUCH MINI to be connected..."
+	while [[ ! $(lsusb | grep "X-TOUCH MINI") ]]
+	do
+		echo "X-TOUCH MINI not connected. Waiting..."
+		sleep 2
+	done 
+	col_1_app_pid=-1
+	col_2_app_pid=-1
+	col_3_app_pid=-1
+	col_4_app_pid=-1
+	col_5_app_pid=-1
+	col_6_app_pid=-1
+	col_7_app_pid=-1
+	col_8_app_pid=-1
+	assign_profile_1
+	print_col_app_ids
+	echo "Initialized pamidi"
+	notify-send "Initialized pamidi"
+}
+```
+
+1. First we check to ensure `xdotool` is installed. `hash` is a weird choice for checking the presence of a command. Would probably use `which` today. 
+2. Next we wait until we see that the PulseAudio SystemD unit's status is "active". But, uh... I'm not sure why I needed that `--machine=joey@.host` flag. 
+3. We wait until `lsusb` reports the `X-TOUCH MINI` as connected.
+4. We set up our 8 variables for storing application PIDs. 
+5. We invoke a yet-to-be-implemented function `assign_profile_1`. It does nothing.
+6. We print the PIDs bound to each knob to the console. And then we send an OS notification that the service is initialized. 
+
+Cool. Now how does it actually work?
+
+### Change Volume: Mackie vs. Standard
+```bash
+change_volume_mackie() {
+	if (( $2 >= 64 )); then
+		vol_change="-$(expr $2 - 64)"
+	else
+		vol_change="+$2"
+	fi
+
+	app_pid=$1
+
+	all_sink_inputs="$(pacmd list-sink-inputs)"
+	all_sink_inputs="$(paste \
+		<(printf '%s' "$all_sink_inputs" | grep 'application.process.id' | cut -d'"' -f 2) \
+		<(printf '%s' "$all_sink_inputs" | grep 'index: ' | rev | cut -d' ' -f 1 | rev))"
+
+	echo "$all_sink_inputs" | while read line ; do
+		pid=$(echo "$line" | cut -f1)
+		if [[ "$pid" == "$1" ]]; then
+			stream_id="$(echo "$line" | cut -f2)"
+			pactl set-sink-input-volume $stream_id $vol_change% 2> /dev/null
+		fi
+	done
+}
+```
+
+1. We take two positional arguments for this function: application PID, and volume delta.
+   - The use of volume delta is the primary differentiator between Mackie mode and standard mode. In Mackie mode, turning the knob returns a *change* in volume. Values from 0-63 represent `-63` through `-1` and values from 64-127 represent `+0` through `+63`. We use this to set a `volume_change` variable.
+2. In order to change volume, we need the sink ID matching the PID for the application we've bound to a particular knob. We do this in a very roundabout way. 
+   1. We get a list of all PulseAudio sink-inputs (playback streams) with their detailed properties. We need the index (sink ID) and application process ID (our PID). 
+   2. We do some pipe gymnastics to convert that to an array of tuples in the form `<sink-id> <application-pid>`. Then we iterate over that list to match the provided application PID. 
+3. Lastly, we use `pactl set-sink-input-volume` to change the volume.
+    - `$stream_id` determines which sink-input is affected. Like `4`.
+    - `$vol_change` is a string of a signed integer in `|0-63|`. Like `-12` or `+62`
+
+Note: In Standard mode, we use the same `pactl` command, but the volume argument is prepended with a sign to increment/decrement the volume, rather than set it.
+
+### Toggle Mute, Mute On, and Mute Off
+Instead of posting the full functions, which are highly repetitive, we'll just look at how they differ from each other.
+
+We follow the same process as in change volume to get the stream ID from the PID. 
+
+- Toggle mute: `pactl set-sink-input-mute $stream_id toggle`
+- Mute on: `pactl set-sink-input-mute $stream_id on`
+- Mute off: `pactl set-sink-input-mute $stream_id off`
+
+### Get Stream Index from PID
+```bash
+get_stream_index_from_pid(){
+	all_sink_inputs="$(pacmd list-sink-inputs)"
+	all_sink_inputs="$(paste \
+		<(printf '%s' "$all_sink_inputs" | grep 'application.process.id' | cut -d'"' -f 2) \
+		<(printf '%s' "$all_sink_inputs" | grep 'index: ' | rev | cut -d' ' -f 1 | rev))"
+
+	stream_ids=""
+	echo "$all_sink_inputs" | while read line ; do
+		pid=$(echo "$line" | cut -f1)
+		if [[ "$pid" == "$1" ]]; then
+			echo "$line" | cut -f2
+		fi
+	done
+}
+```
+This function does all the gymnastics we repeat in every other function. We just don't use this function anywhere in the code.
+
+### Get Binary from PID
+```bash
+get_binary_from_pid(){
+	output="$(paste -d"\t" \
+		<(printf '%s' "$output" | grep 'application.process.id' | cut -d'"' -f 2) \
+		<(printf '%s' "$output" | grep 'application.process.binary' | cut -d'"' -f 2))"
+
+	echo "$output" | while read line ; do
+		pid=$(echo "$line" | cut -f1)
+		if [[ "$pid" == "$1" ]]; then
+			echo "$line" | cut -f2
+		fi
+	done
+}
+```
+This function is not used anywhere. It requires that `$output` contain the raw response from `pactl list-sink-inputs`. It creates an array of tuples in the form `<pid> <application binary>`, and then prints the name of the application binary matching the PID passed to the function as the first positional argument. 
+
+### Bind Application
+```bash
+bind_application() {
+	window_pid="$(xdotool getactivewindow getwindowpid)"
+	window_name="$(xdotool getactivewindow getwindowname)"
+	col_id=$1
+	case "$col_id" in
+		"1" ) col_1_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"2" ) col_2_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"3" ) col_3_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"4" ) col_4_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"5" ) col_5_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"6" ) col_6_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"7" ) col_7_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+		"8" ) col_8_app_pid=$window_pid && notify-send "Set knob $col_id to $window_name" ;;
+	esac
+
+}
+```
+This function is called when we press down on one of the knobs. It binds the currently focused application to that knob. Very nice UX, and reletively simply implemented. It takes the index of the knob pressed as its one positional argument.
+
+1. Use `xdotool` to get the pid and name of the currently active window.
+2. Assign the window PID to that knob, and send an OS notification to let the user know what happened.
+
+### Main: Mackie and Standard
+```bash
+main_mackie(){
+	aseqdump -p "X-TOUCH MINI" | \
+	while IFS=" ," read src ev1 ev2 ch label1 data1 label2 data2 rest; do
+		case "$ev1 $ev2 $data1 $data2" in 
+			# column 1
+			"Note on 32"* ) bind_application 1 ;; # knob press
+		    "Note on 89"* ) toggle_mute $col_1_app_pid ;; # top button
+			"Note on 87"* ) print_col_app_ids ;; # bottom button
+			"Control change 16"* ) change_volume $col_1_app_pid $data2 ;; # knob turn
+
+			# column 2
+			"Note on 33"* ) bind_application 2 ;; # knob press
+		    "Note on 90"* ) toggle_mute $col_2_app_pid ;; # top button
+			"Note on 88"* ) ;; # bottom button
+			"Control change 17"* ) change_volume $col_2_app_pid $data2 ;; # knob turn
+
+			# column 3
+			"Note on 34"* ) bind_application 3 ;; # knob press
+		    "Note on 40"* ) toggle_mute $col_3_app_pid ;; # top button
+			"Note on 91"* ) media_prev ;;
+			"Control change 18"* ) change_volume $col_3_app_pid $data2 ;; # knob turn
+
+			# column 4
+			"Note on 35"* ) bind_application 4 ;; # knob press
+		    "Note on 41"* ) toggle_mute $col_4_app_pid ;; # top button
+			"Note on 92"* ) media_next ;;
+			"Control change 19"* ) change_volume $col_4_app_pid $data2 ;; # knob turn
+
+			# column 5
+			"Note on 36"* ) bind_application 5 ;; # knob press
+		    "Note on 42"* ) toggle_mute $col_5_app_pid ;; # top button
+			"Note on 86"* ) ;;
+			"Control change 20"* ) change_volume $col_5_app_pid $data2 ;; # knob turn
+
+			# column 6
+			"Note on 37"* ) bind_application 6 ;; # knob press
+		    "Note on 43"* ) toggle_mute $col_6_app_pid ;; # top button
+			"Note on 93"* ) media_stop ;;
+			"Control change 21"* ) change_volume $col_6_app_pid $data2 ;; # knob turn
+
+			# column 7
+			"Note on 38"* ) bind_application 7 ;; # knob press
+		    "Note on 44"* ) toggle_mute $col_7_app_pid ;; # top button
+			"Note on 94"* ) media_play_pause ;;
+			"Control change 22"* ) change_volume $col_7_app_pid $data2 ;; # knob turn
+
+			# column 8
+			"Note on 39"* ) bind_application 8 ;; # knob press
+		    "Note on 45"* ) toggle_mute $col_8_app_pid ;; # top button
+			"Note on 95"* ) ;;
+			"Control change 23"* ) change_volume $col_8_app_pid $data2 ;; # knob turn
+
+			# layer a and b buttons
+			"Note on 84"* ) assign_profile_1 ;;
+			"Note on 85"* ) assign_profile_2 ;;
+		esac
+	done
+}
+```
+This one took a lot of trial and error, and this function is where we would need to implement profiles for different devices. 
+1. We use `aseqdump` to attach to the ALSA output stream of the "X-TOUCH MINI" device (`-p "X-TOUCH-MINI`). 
+2. We read each line in a while loop, and set variables according to the format used by the X-Touch Mini in `aseqdump`. 
+    - The sequence `$ev1 $ev2 $data1` is used to determine which physical interaction was used. Its values look like "Note on 36" or "Control change 18", which represent Knob 5 Press and Knob 3 Turn, respectively. 
+    - For knob turn interactions, we pass the `$data2` value to the change_volume function, otherwise it is discarded.
+
+Note: The difference between Mackie and standard here is the mapping between `$data1` and the physical interaction. E.g. Knob 5 Press in Mackie mode sends "Note on 36", and in standard mode it sends "Control change 13 127". 
+
+## Future Work
+This script was amateurish, and today I don't need the functionality it provides. It's unlikely I will continue to work on it, but as an exercise, there are a few layers of improvements I would make:
+
+1. Remove `--machine=joey@.host` from the PulseAudio service up check. 
+2. Improve the tragic state of optimization for the change volume functions. We *do not* need to get the entire list of running audio sinks every time we increment or decrement the volume.
+3. Eliminate the repetitiveness of the change volume and mute functions.
+4. Map interactions to ALSA sequence entries more programmatically (e.g. `"Note on") bind_application $(($data1 - 31)) ;;`) This can apply to both Mackie and standard mode.
+5. Modularize functions to make it more portable between input devices. 
+6. Rewrite in a proper programming language. Python, or Go, or Rust. 
+
+# Conclusion
+This was a fun project. I learned a bit about MIDI and ALSA, a bit about Bash and Systemd, and I built something useful. 
+
+It was [received kindly](https://www.reddit.com/r/linuxaudio/comments/qf59fx/a_little_bash_script_to_control_application/), despite its vast room for improvement. And some folks are [still encountering](https://www.reddit.com/r/linuxaudio/comments/1cr9w68/linux_equivalent_to_pcpanel_or_midi_mixer/) this need, so maybe it's worth revisiting.
+
+Today, I use a [GoXLR Mini](https://www.tc-helicon.com/product.html?modelCode=0803-AAB) with [GoXLR-on-Linux/GoXLR-utility](https://github.com/GoXLR-on-Linux/goxlr-utility/) to get much of the functionality I was wanting. It's missing some things (like dynamically rebinding faders to applications), but has some nice features pamidi could never replicate, such as microphone audio processing. 

Jafner.dev/docker-compose.yml

@@ -0,0 +1,12 @@
+name: 'jafner-dev'
+version: "3.9"
+services:
+  hugo:
+    image: klakegg/hugo:latest
+    container_name: "Jafner-dev"
+    command: server -D
+    volumes: 
+      - ./:/src
+    ports:
+      - 10808:1313
+

Jafner.dev/layouts/partials/extra-head.html

@@ -0,0 +1,35 @@
+{{- with or site.Title site.Params.title | plainify }}
+  <meta property="og:site_name" content="{{ . }}">
+{{- end }}
+
+{{- with or .Title site.Title site.Params.title | plainify }}
+  <meta property="og:title" content="{{ . }}">
+{{- end }}
+
+{{- with or .Description .Summary site.Params.description | plainify | htmlUnescape | chomp }}
+  <meta property="og:description" content="{{ . }}">
+{{- end }}
+
+{{- if .IsPage }}
+  <meta property="og:type" content="article">
+  {{- with .Section }}
+    <meta property="article:section" content="{{ . }}">
+  {{- end }}
+  {{- $ISO8601 := "2006-01-02T15:04:05-07:00" }}
+  {{- with .PublishDate }}
+    <meta property="article:published_time" {{ .Format $ISO8601 | printf "content=%q" | safeHTMLAttr }}>
+  {{- end }}
+  {{- with .Lastmod }}
+    <meta property="article:modified_time" {{ .Format $ISO8601 | printf "content=%q" | safeHTMLAttr }}>
+  {{- end }}
+  {{- range .GetTerms "tags" | first 6 }}
+    <meta property="article:tag" content="{{ .Page.Title | plainify }}">
+  {{- end }}
+{{- else }}
+  <meta property="og:type" content="website">
+{{- end }}
+
+<meta property="og:url" content="{{ .Permalink }}">
+<meta property="article:author" content="Joey Hafner">
+<meta property="og:image" content="{{ if .Page.Params.ogimage }}{{ .Permalink }}{{ .Page.Params.ogimage }}{{ else }}{{ .Site.BaseURL }}img/Jafner.dev.logo.png{{ end }}">
+<meta name="og:site_name" content="Jafner.dev"/>

Jafner.dev/layouts/partials/head.html

@@ -0,0 +1,74 @@
+<meta charset="UTF-8">
+<meta http-equiv="X-UA-Compatible" content="ie=edge">
+{{ if .Params.noindex }}
+<meta name="robots" content="noindex" />
+{{ end }}
+<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+<meta name="author" content="{{ if .Params.author }}{{ .Params.author }}{{ else }}{{ range .Site.Author }}{{ . }} {{ end }}{{ end }}">
+<meta name="description" content="{{ if .IsHome }}{{ .Site.Params.homeSubtitle }}{{ else }}{{ if .Params.Description }}{{ .Params.Description }}{{ else }}{{ .Summary | plainify }}{{ end }}{{ end }}" />
+<meta name="keywords" content="{{ .Site.Params.keywords }}{{ if .Params.tags }}{{ range .Params.tags }}, {{ . }}{{ end }}{{ end }}" />
+<meta name="robots" content="noodp" />
+<meta name="theme-color" content="{{ .Site.Params.themeColor }}" />
+<link rel="canonical" href="{{ .Permalink }}" />
+
+{{ block "title" . }}
+    <title>
+        {{ if .IsHome }}
+            {{ $.Site.Title }} {{ with $.Site.Params.Subtitle }} — {{ . }} {{ end }}
+        {{ else }}
+            {{ .Title }} :: {{ $.Site.Title }} {{ with $.Site.Params.Subtitle }} — {{ . }}{{ end }}
+        {{ end }}
+    </title>
+{{ end }}
+
+<!-- CSS -->
+{{ $options := (dict "targetPath" "main.css" "outputStyle" "compressed" "enableSourceMap" true) }}
+{{ $style := resources.Get "scss/main.scss" | resources.ToCSS $options | resources.Fingerprint }}
+<link rel="stylesheet" href="{{ $style.RelPermalink }}" integrity="{{ $style.Data.Integrity }}">
+
+{{ range $val := $.Site.Params.customCSS }}
+    {{ if gt (len $val) 0 }}
+        <link rel="stylesheet" type="text/css" href="{{ $val }}">
+    {{ end }}
+{{ end }}
+
+<!-- Icons -->
+{{- partial "favicons.html" . }}
+
+{{ template "_internal/schema.html" . }}
+{{ template "_internal/twitter_cards.html" . }}
+{{ template "_internal/opengraph.html" . }}
+
+{{ range .Params.categories }}
+    <meta property="article:section" content="{{ . }}" />
+{{ end }}
+
+{{ if isset .Params "date" }}
+    <meta property="article:published_time" content="{{ time .Date }}" />
+{{ end }}
+
+<!-- RSS -->
+{{ with .OutputFormats.Get "rss" -}}
+    {{ printf `<link rel="%s" type="%s" href="%s" title="%s" />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }}
+{{ end -}}
+
+<!-- JSON Feed -->
+{{ if .OutputFormats.Get "json" }}
+<link href="{{ if .OutputFormats.Get "json" }}{{ .Site.BaseURL }}feed.json{{ end }}" rel="alternate"
+    type="application/json" title="{{ .Site.Title }}" />
+{{ end }}
+
+<!-- Custom head tags -->
+{{- if templates.Exists "partials/extra-head.html" -}}
+    {{ partial "extra-head.html" . }}
+{{- end }}
+
+<!-- Google Analytics internal template -->
+{{- if .Site.GoogleAnalytics }}
+    {{ template "_internal/google_analytics.html" . }}
+{{- end }}
+
+<!-- Plausible.io -->
+{{- if $.Site.Params.plausibleDataDomain }}
+    <script defer data-domain="{{ .Site.Params.plausibleDataDomain }}" src="{{ .Site.Params.plausibleScriptSource }}"></script>
+{{- end}}

Jafner.dev/layouts/partials/logo.html

@@ -0,0 +1,16 @@
+<a href="{{ if .Site.Params.Logo.LogoHomeLink }}{{ .Site.Params.Logo.LogoHomeLink }}{{ else }}{{ .Site.BaseURL | relLangURL }}{{ end }}" style="text-decoration: none;">
+    <div class="logo">
+        {{ if .Site.Params.Logo.path }}
+            <img src="{{ .Site.Params.Logo.path }}" alt="{{ .Site.Params.Logo.alt }}" />
+        {{ else }}
+            <span class="logo__mark" style="font-size: 18px">{{ with .Site.Params.Logo.logoMark }}{{ . }}{{ else }}>{{ end }}</span>
+            <span class="logo__text {{ with.Site.Params.Logo.logoCursorPathname}}logo__pathname{{ end }}">
+                {{ with .RelPermalink }}{{ . }}{{ else }}Jafner.dev{{ end }}</span>
+            <span class="logo__cursor" style=
+                  "{{ with.Site.Params.Logo.logoCursorDisabled }}visibility:hidden;{{ end }}
+                   {{ with.Site.Params.Logo.logoCursorColor    }}background-color:{{ . }};{{ end }}
+                   {{ with.Site.Params.Logo.logoCursorAnimate  }}animation-duration:{{ . }};{{ end }}">
+            </span>
+        {{ end }}
+    </div>
+</a>

Jafner.dev/layouts/partials/opengraph.html

@@ -0,0 +1,18 @@
+<meta property="og:title" content="{{ .Title }}" />
+<meta property="og:description" content="{{ with .Description }}{{ . }}{{ else }}{{if .IsPage}}{{ .Summary }}{{ else }}{{ with .Site.Params.description }}{{ . }}{{ end }}{{ end }}{{ end }}" />
+<meta property="og:type" content="{{ if .IsPage }}article{{ else }}website{{ end }}" />
+<meta property="og:url" content="{{ .Permalink }}" />
+
+{{- if .IsPage }}
+{{- $iso8601 := "2006-01-02T15:04:05-07:00" -}}
+<meta property="article:section" content="{{ .Section }}" />
+{{ with .PublishDate }}<meta property="article:published_time" {{ .Format $iso8601 | printf "content=%q" | safeHTMLAttr }} />{{ end }}
+{{ with .Lastmod }}<meta property="article:modified_time" {{ .Format $iso8601 | printf "content=%q" | safeHTMLAttr }} />{{ end }}
+{{- end -}}
+
+{{- with .Params.audio }}<meta property="og:audio" content="{{ . }}" />{{ end }}
+{{- with .Params.locale }}<meta property="og:locale" content="{{ . }}" />{{ end }}
+{{- with .Site.Params.title }}<meta property="og:site_name" content="{{ . }}" />{{ end }}
+{{- with .Params.videos }}{{- range . }}
+<meta property="og:video" content="{{ . | absURL }}" />
+{{ end }}{{ end }}

Jafner.dev/layouts/shortcodes/toc.html

@@ -0,0 +1 @@
+{{ .Page.TableOfContents }}

Jafner.dev/resources/_gen/assets/scss/scss/main.scss_38b1322b728d0fc31bc0aabb683ebc6d.json

@@ -0,0 +1 @@
+{"Target":"main.949191c1dcc9c4a887997048b240354e47152016d821198f89448496ba42e491.css","MediaType":"text/css","Data":{"Integrity":"sha256-lJGRwdzJxKiHmXBIskA1TkcVIBbYIRmPiUSElrpC5JE="}}

Jafner.dev/static/css/toc-no-underline.css

@@ -0,0 +1,12 @@
+nav a:link {
+	text-decoration: none;
+}
+nav a:visited {
+	text-decoration: none;
+}
+nav a:hover {
+	text-decoration: underline;
+}
+nav a:active {
+	text-decoration: none;
+}

Jafner.dev/themes/hello-friend-ng

@@ -0,0 +1 @@
+Subproject commit a902dacd8477728158ca181e17a340ea2f36d1ac