content: add {services,onions}.md, update about.md

content/about.md

@@ -1,51 +1,27 @@
 ---
 title: "about dotya.ml"
 date: 2020-08-06T17:15:03+01:00
+lastmod: 2022-08-30T12:00:42+02:00
 draft: false
 ---
 
-Free services provided for fun as a hobby with passion and :white_heart:\
+Free services provided for fun as a hobby with passion and :white_heart:
-So far we have:
+
-* [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml
+### Clearnet services
-* [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml
+see what we have so far: [list of services]({{< relref "services.md" >}}).
-* [DNSCrypt](https://dnscrypt.info/) server
-* [tmate](https://tmate.io/) server (see https://git.dotya.ml/dotya.ml/tmate)
-* [SearXNG](https://github.com/searxng/searxng) instance at https://searxng.dotya.ml/
-* [CoreDNS](https://coredns.io/) serving [DNS-over-TLS](https://www.rfc-editor.org/rfc/rfc7858) at `dotya.ml:853` ([config](https://git.dotya.ml/dotya.ml/coredns)).
 
 ### Onion services
-> Note: This is a work in progress - more services are to come
+for increased privacy of our users, *some* services are also available
-
+natively via [TOR](https://www.torproject.org/), have a look at
-Gitea: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion\
+[onions 🧅]({{< relref "onions.md" >}}) for details.
-this site: http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion\
-prometheus: http://vognfwm7c6wq2gxqcmswi2flwckuxryefd7n3axxkvlpasdjhns5buqd.onion\
-grafana: http://6t3ydf7sl7iso2wbymbfjtaq6qqlrms37ffik2siulsljc3ubobklnid.onion\
-statuspage: http://o4irro4dspyuytbw2b2g2ac4ukkh2ex53oolhzw7hrfjmq6tiklrtwqd.onion
-
-#### current progress on onion drone
-https://git.dotya.ml/dotya.ml/community/issues/5
-
-Making `DroneCI` available as a hidden service would require either
-a) spinning up another instance, for which we currently don't have capacities, or
-b) some kind of an evil hack that we've not yet discovered.\
-We're open to ideas - if you know how to make this work, please, send us a patch,
-PR or an email with anything interesting and worthwile.
-
-set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion
-
-### DNS(Crypt)
-a non-logging name server, securing connections using DNSCrypt for increased
-privacy, that is - as long as we trust our own server.
-
-see our [DNSCrypt post]({{< relref "posts/dnscrypt" >}}) for more.
 
 ### Observability
-long-term monitoring of trends for services we're running
+to enable long-term monitoring of trends for services we're running:
 * [prometheus](https://prometheus.io) at https://metrics.dotya.ml
 * [grafana](https://grafana.com) at https://grafana.dotya.ml
 
 ### Status
-* in-house status monitor at https://status.dotya.ml
+* in-house status monitor at https://status.dotya.ml (courtesy of [statping-ng](https://statping-ng.github.io))
 * UptimeRobot hosted dashboard at https://stats.uptimerobot.com/93yPqFmmx8
 
 ### Security

content/onions.md

@@ -0,0 +1,41 @@
+---
+title: "onions 🧅"
+date: 2022-08-30T12:00:42+02:00
+lastmod: 2022-08-30T12:00:42+02:00
+enableGitInfo: true
+draft: false
+---
+
+> Note: This is a work in progress - more services are to come
+
+> Note 2: the `http` part of the links below is misleading, as (our) [onion
+> services](https://community.torproject.org/onion-services/) are in fact
+> fully encrypted every step of the way using `https`, only the certs are not
+> signed by a conventional CA (certificate authority), which means
+> conventional browsers (including Firefox-based TorBrowser) would cry if the
+> sites were served with explicit `https` prefix.  
+> this decreases the security by exactly zero and unless LetsEncrypt starts
+> issuing certs for `.onion` domains, we're not going to see broad usage of
+> *explicit* `https` prefix on onion services, since only the likes of NY
+> Times, BBC, Twitter or Facebook are going to make their CAs to sign them a
+> neat little `.onion` cert.
+
+Gitea: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion\
+this site: http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion\
+prometheus: http://vognfwm7c6wq2gxqcmswi2flwckuxryefd7n3axxkvlpasdjhns5buqd.onion\
+grafana: http://6t3ydf7sl7iso2wbymbfjtaq6qqlrms37ffik2siulsljc3ubobklnid.onion\
+statuspage: http://o4irro4dspyuytbw2b2g2ac4ukkh2ex53oolhzw7hrfjmq6tiklrtwqd.onion
+
+#### current progress on onion drone
+https://git.dotya.ml/dotya.ml/community/issues/5
+
+Making `DroneCI` available as a hidden service would require either
+a) spinning up another instance, for which we currently don't have capacities, or
+b) some kind of an evil hack that we've not yet discovered.\
+We're open to ideas - if you know how to make this work, please, send us a patch,
+PR or an email with anything interesting and worthwile.
+
+set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion
+
+### clearnet
+also check out [services]({{< relref "services" >}})...

content/services.md

@@ -0,0 +1,18 @@
+---
+title: "services"
+date: 2022-08-30T11:50:50+02:00
+lastmod: 2022-08-30T11:50:50+02:00
+enableGitInfo: true
+toc: true
+draft: false
+---
+
+a non-exhaustive list of services available to the community:
+* [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml
+* [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml
+* [DNSCrypt](https://dnscrypt.info/) resolver (see [DNSCrypt]({{< relref "posts/dnscrypt" >}}))
+* [tmate](https://tmate.io/) server (see https://git.dotya.ml/dotya.ml/tmate)
+* [SearXNG](https://github.com/searxng/searxng) instance at https://searxng.dotya.ml/
+* [CoreDNS](https://coredns.io/) serving [DNS-over-TLS](https://www.rfc-editor.org/rfc/rfc7858) at `dotya.ml:853` ([config](https://git.dotya.ml/dotya.ml/coredns)).
+
+also check out [onions 🧅]({{< relref "onions" >}}) to learn about services accessible via TOR.