Describe services used to power the site

content/about/uses.md

@@ -228,7 +228,7 @@ All my server daemons are statically-linked binaries, which makes sandboxing eas
 
 
 Nginx
-: Specifically, [nginx-quic.](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, and musl libc; patched for dynamic TLS records, basic OCSP support, and HPACK compression.
+: Specifically, [nginx-quic](https://quic.nginx.org/) with the [headers_more](https://github.com/openresty/headers-more-nginx-module) and [ngx_brotli](https://github.com/google/ngx_brotli) modules. Statically linked against zlib-ng, BoringSSL, and musl libc; patched for dynamic TLS records, basic OCSP support, and static HPACK compression.
 
 [certbot-ocsp-fetcher](https://github.com/tomwassenberg/certbot-ocsp-fetcher)
 : Shell script to manage the OCSP cache for Nginx, since Nginx's own implementation is lacking (and completely non-existent if you build with BoringSSL)

content/meta/_index.md

@@ -5,6 +5,19 @@ outputs:
     - html
 description: "About this site. How it's built, why it's built that way, privacy, accessibility, mirrors, etc."
 ---
+How I run this site
+-------------------
+
+With the exception of search-result pages, this site's public-facing content is statically-generated using [the Hugo static-site generator](https://gohugo.io/). I list all the server-side software on [my "uses" page]({{<relref "/about/uses.md#server-side-stuff">}}). All programs on my server that did not come pre-installed with Fedora Cloud Edition are statically-linked binaries built by me, running in heavily sandboxed environments. Most services run with their own root directories (i.e. they run in chroots).
+
+Hugo pulls Webmentions from my Webmention endpoint during builds, so I can have statically-generated comments. Although I did use a pre-made theme a long time ago, I've since gradually re-written the site; my theme is now original. See [my site design standards]({{<relref "/meta/site-design.md">}}) for my design goals.
+
+### Services this site relies on
+
+This site is hosted on a virtual private server I rent from Digital Ocean, with 1&nbsp;virtual CPU and 1&nbsp;GB of memory. I don't necessarily endorse Digital Ocean; for now, I'm only using it for the free credits. I use name servers from [deSEC](https://desec.io/), and do recommend it to others who want managed DNSSEC.
+
+This site encrypts HTTPS traffic with an OCSP-stapled TLS certificate signed by Let's Encrypt. It regularly pulls package updates from Fedora's official repository mirrors.
+
 Other versions of this site
 ---------------------------
 

content/notes/big-tech-nameservers.md

@@ -7,3 +7,5 @@ Many people are worried about Amazon Web Services and especially Cloudflare cent
 Hot take: it's fine to use a "Big Tech" provider **as a name server,** provided you can handle the 24-hour delay involved in a migration. Of all things, using a name server doesn't have nearly the same the drawbacks as other types of centralization. It's super easy to migrate, and DNSSEC keep name servers honest. There are more important things to worry about.
 
 I'll switch to Cloudflare *just for DNS,* because it's one of the only providers that supports DNSSEC and the new HTTPS records. The latter will be useful once a web server finally gains Encrypted Client Hello support; I'm watching Nginx, OpenLiteSpeed, H2O, redbean, and Caddy.
+
+<ins datetime="2022-09-09T21:31:12-07:00">Update: I switched my name servers from Cloudflare to <a href="https://desec.io/">deSEC</a>.</ins>