summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--about-me.html12
-rw-r--r--kb.html28
-rw-r--r--projects/mfa.html150
-rw-r--r--projects/template.html107
-rw-r--r--software.html74
-rw-r--r--style.css37
6 files changed, 87 insertions, 321 deletions
diff --git a/about-me.html b/about-me.html
index afac43f..3045fdd 100644
--- a/about-me.html
+++ b/about-me.html
@@ -10,7 +10,17 @@
10<body> 10<body>
11 <header><h1 class=pagetop>About Me</h1></header> 11 <header><h1 class=pagetop>About Me</h1></header>
12 <main> 12 <main>
13 A page for biographical information. 13 <p>I enjoy cybersecurity, networking, systems administration, and automation.<p>
14 <p>I am currently employed as a SOC analyst.</p>
15 <p>I hold the following certifications:</p>
16 <ul>
17 <li>CompTIA Network+</li>
18 <li>CompTIA Security+</li>
19 <li>IPv6 Certified Network Engineer</li>
20 <li>Stellar Cyber Certified Associate</li>
21 </ul>
22 <p>When I am not working on various technology projects I enjoy
23 golfing and tennis. I also occasionally play guitar (poorly)</p>
14 </main> 24 </main>
15 <footer><a href=index.html>www.chudnick.com</a></footer> 25 <footer><a href=index.html>www.chudnick.com</a></footer>
16</body> 26</body>
diff --git a/kb.html b/kb.html
index 37bf647..bbd87d2 100644
--- a/kb.html
+++ b/kb.html
@@ -11,69 +11,45 @@
11 <header><h1 class=pagetop>Knowledge Base</h1></header> 11 <header><h1 class=pagetop>Knowledge Base</h1></header>
12 <main> 12 <main>
13 <p>This page contains various articles on technology topics of interest, 13 <p>This page contains various articles on technology topics of interest,
14 typically structured as how-to or tutorial documents. 14 typically structured as how-to or tutorial documents. All articles
15 Items without links indicate future topics I intend to cover. All articles
16 are intended for Debian 11 unless otherwise stated, but should be similar 15 are intended for Debian 11 unless otherwise stated, but should be similar
17 if tried on other distros.</p> 16 if tried on other distros.</p>
18 <h2>Configuration Management</h2> 17 <h2>Configuration Management</h2>
19 <ul> 18 <ul>
20 <li>Ansible Basics</li>
21 <li>Ansible Playbooks</li>
22 <li>Ansible integration with FreeIPA</li>
23 </ul>
24
25 <h2>Desktop Programs</h2>
26 <ul>
27 <li><a href=articles/mutt.html>Mutt - Terminal Email Client</a></li>
28 </ul> 19 </ul>
29 20
30 <h2>Identity Management</h2> 21 <h2>Identity Management</h2>
31 <ul> 22 <ul>
32 <li><a href=articles/freeipa-server.html>FreeIPA Server Setup</a></li> 23 <li><a href=articles/freeipa-server.html>FreeIPA Server Setup</a></li>
33 <li>Integrated 2FA with FreeIPA</li>
34 <li>FreeIPA Sudo Rules</li>
35 <li>Kerberized NFS using FreeIPA</li>
36 </ul> 24 </ul>
37 25
38 <h2>Miscellaneous</h2> 26 <h2>Miscellaneous</h2>
39 <ul> 27 <ul>
40 <a href=articles/mdadm-raid.html><li>Linux Software RAID</li></a> 28 <a href=articles/mdadm-raid.html><li>Linux Software RAID</li></a>
41 <li>Debian Archive Mirror</li>
42 </ul> 29 </ul>
43 30
44 <h2>Monitoring</h2> 31 <h2>Monitoring</h2>
45 <ul> 32 <ul>
33 <em>I no longer use Icinga in favor of Prometheus and Grafana</em>
46 <li><a class=kbitem href=articles/icinga-master.html>Icinga2 Master Installation</a></li> 34 <li><a class=kbitem href=articles/icinga-master.html>Icinga2 Master Installation</a></li>
47 <li><a class=kbitem href=articles/icinga-director.html>Icinga2 Director</a></li> 35 <li><a class=kbitem href=articles/icinga-director.html>Icinga2 Director</a></li>
48 <li><a class=kbitem href=articles/icinga-agent.html>Icinga2 Agent Installation and Configuration</a></li> 36 <li><a class=kbitem href=articles/icinga-agent.html>Icinga2 Agent Installation and Configuration</a></li>
49 <li><a href=articles/icinga-influx.html>Store Icinga2 data in InfluxDB</a></li> 37 <li><a href=articles/icinga-influx.html>Store Icinga2 data in InfluxDB</a></li>
50 <li>Graph Icinga data with Grafana and InfluxDB</li>
51 <li>Icinga2 Alert Notifications</li>
52 </ul> 38 </ul>
53 39
54 <h2>Networking</h2> 40 <h2>Networking</h2>
55 <ul> 41 <ul>
56 <li>BIND9 DNS Server</li>
57 <li>ISC DHCP Server</li>
58 <li>Chrony NTP Server</li>
59 <li>UFW Host-Based Firewall</li>
60 </ul> 42 </ul>
61 43
62 <h2>Security</h2> 44 <h2>Security</h2>
63 <ul> 45 <ul>
64 <li><a href=articles/pam-tfa.html>PAM OATH Two Factor Authentication</a></li> 46 <li><a href=articles/pam-tfa.html>PAM OATH Two Factor Authentication</a></li>
65 <li><a href=articles/luks.html>LUKS Device Encryption</a></li> 47 <li><a href=articles/luks.html>LUKS Device Encryption</a></li>
66 <li>Prelude SIEM</li>
67 <li>Snort IPS</li>
68 <li>FreeRADIUS Server</li>
69 </ul> 48 </ul>
70 49
71 <h2>Self Hosting</h2> 50 <h2>Self Hosting</h2>
72 <ul> 51 <ul>
73 <li><a class=kbitem href=articles/mail-server.html>Postfix/Dovecot Mail Server</a></li> 52 <li><a class=kbitem href=articles/mail-server.html>Postfix/Dovecot Mail Server</a></li>
74 <li>Jellyfin Media Server</li>
75 <li>Searx Self-Hosted Search Engine</li>
76 <li>Proxmox Virtual Environment</li>
77 53
78 </ul> 54 </ul>
79 </main> 55 </main>
diff --git a/projects/mfa.html b/projects/mfa.html
deleted file mode 100644
index 2a89856..0000000
--- a/projects/mfa.html
+++ /dev/null
@@ -1,150 +0,0 @@
1<!DOCTYPE html>
2<html lang=en>
3 <head>
4 <title></title>
5 <meta charset="utf-8"/>
6 <link rel="shortcut icon" href="favicon.ico"/>
7 <link rel='stylesheet' type='text/css' href='style.css'/>
8 <meta name="viewport" content="width=device-width, initial-scale=1">
9 </head>
10<body>
11 <header><h1 class=pagetop>Projects</h1></header>
12 <main>
13 <h2>mfa</h2>
14 <p><em>Check out the source code here - </em>
15 <a href=https://git.chudnick.com/mfa>git.chudnick.com/mfa</a></p>
16
17 <p><strong>mfa</strong> is a system for out-of-band multi-factor
18 authentication with PAM.
19 My original reason for working on this was to get MFA functionality for
20 a Postfix/Dovecot mail server that uses PAM for authentication.
21 Solutions such as pam_oath are not feasible
22 for this purpose because a mail client has no way of exposing an
23 interface for the oath challenge-response.
24 Therefore a way to circumvent the original application to get the request
25 to the user is needed, which is what mfa does.</p>
26
27 <p>The design of mfa is not novel, it works the same way as Cisco's Duo.
28 Duo does have open source modules for achieving this objective, but all
29 the authentication requests are
30 sent back to their proprietary "cloud" service. I'm sure that most
31 free software
32 enthusiasts see this as a major red flag, especially for small personal
33 use cases.</p>
34
35 <h3>Design</h3>
36
37 <p>mfa is primarily composed of three parts - the server, the client,
38 and the PAM module.
39 The server listens for connections from both clients and PAM
40 modules. The server receives a
41 request from a PAM module that includes the username of the user
42 attempting to authenticate,
43 the hostname of the computer, and the service being accessed. The
44 server then correlates the
45 combination of user, host, and service to a particular client, and
46 attempts to push a request.
47 The server will then evaluate the client's response, and either
48 return to the PAM module that
49 the user is authenticated or denied.</p>
50
51 <p>The server itself consists of two parts that I've called
52 <strong>mfad</strong> and
53 <strong>mfac</strong>. mfad is the program responsible for doing
54 what I've described above.
55 mfac is a command line utility that the administrator uses to
56 configure the server. mfac is used
57 to enroll clients in the system and to provision applications. A
58 client is enrolled by using the
59 --add-client option and providing an alias for that user. The
60 server then assigns that user an
61 identifying key that is used to connect and a TOTP secret key. With
62 the client enrolled, the
63 administrator can then assign applications to that client. With the
64 --add-app command, the
65 administrator ties a username, hostname, and service combination to
66 a client alias, so that
67 when that combination is seen the server knows who to ask for
68 authentication. The administrator
69 also identifies which MFA methods are valid for this combination
70 (currently either or both of
71 push and/or totp). The example below shows the process of
72 enrolling a new client called
73 'tux' and then provisioning MFA for SSH attempts to
74 tux@linux.example.org.</p>
75
76 <pre><code><em># Enroll a client named tux</em>
77mfac --add-client tux
78alias: tux
79client key: VA32LB3SF2HG2FDWJS5XIOFVWTMBQYRSQ3PK3OOPA3FBIQMSMJZCXYJQCYKYUWUU
80totp secret: TGGG3QCXA4MR2S2X6B33GSYN
81uri: otpauth://totp/tux%40mfad?secret=TGGG3QCXA4MR2S2X6B33GSYN
82
83<em># Provision MFA for SSH tux@linux.example.org allowing for both push
84authentication or TOTP</em>
85mfac --add-app --user tux --host linux.example.org --service sshd --alias tux
86--methods push totp
87 </code></pre>
88
89 <p>The PAM module of mfa also consists of two parts: the actual PAM
90 module
91 <strong>pam_mfa.so</strong> that gets called in the PAM stack and a
92 helper
93 program that interacts with mfad. The job of pam_mfa.so is to
94 retrieve the
95 necessary information (user and service) from PAM and then invoke
96 the helper
97 program with that data. It then waits for the MFA process to
98 complete, retrieves
99 the result, and returns either success or failure to the PAM stack.
100 The helper
101 program initiates a connetion to mfad when run and then passes
102 username, hostname,
103 and service information to the server. It too receives a success
104 or failure response
105 and then relays that information to the PAM module. Here is an
106 example of using
107 pam_mfa.so in the PAM stack for sshd.</p>
108
109 <pre><code><strong>/etc/pam.d/sshd</strong>
110auth requisite pam_mfa.so</code></pre>
111
112 <p>The client program is what the end user interacts with to
113 provide authentication responses.
114 Currently it is only a very simple terminal program but expanding
115 on this is high on the
116 TODO list. The client opens a connection to the server and
117 identifies itself with the client
118 key that was generated during enrollment. The client waits for a
119 prompt from the server, and
120 when it receives one, informs the user. The client receives the
121 users input and sends it back
122 to the server. The client performs this loop continuously until it
123 is closed.</p>
124
125 <h2>clibrary</h2>
126
127 <p><em>Check out the source code here -</em>
128 <a href=https://git.chudnick.com/clibrary>git.chudnick.com/clibrary</a></p>
129
130 <h2>mail-tools</h2>
131 <p>
132 <a href=https://git.chudnick.com/mail-tools>git.chudnick.com/mail-tools</a>
133 </p>
134
135 <h2>deploy-scripts</h2>
136 <p>
137 <a href=https://git.chudnick.com/deploy-scripts>
138 git.chudnick.com/deploy-scripts</a>
139 </p>
140
141 <h2>server-scripts</h2>
142 <p>
143 <a href=https://git.chudnick.com/server-scripts>
144 git.chudnick.com/server-scripts</a>
145 </p>
146 </main>
147 <footer><a href=index.html>www.chudnick.com</a></footer>
148</body>
149</html>
150
diff --git a/projects/template.html b/projects/template.html
deleted file mode 100644
index 77b6c6a..0000000
--- a/projects/template.html
+++ /dev/null
@@ -1,107 +0,0 @@
1<!DOCTYPE html>
2<html lang=en>
3 <head>
4 <title></title>
5 <meta charset="utf-8"/>
6 <link rel="shortcut icon" href="favicon.ico"/>
7 <link rel='stylesheet' type='text/css' href='style.css'/>
8 <meta name="viewport" content="width=device-width, initial-scale=1">
9 </head>
10<body>
11 <header><h1 class=pagetop>Projects</h1></header>
12 <main>
13 <h2>mfa</h2>
14 <p><em>Check out the source code here - </em>
15 <a href=https://git.chudnick.com/mfa>git.chudnick.com/mfa</a></p>
16
17 <p><strong>mfa</strong> is a system for out-of-band multi-factor authentication with PAM.
18 My original reason for working on this was to get MFA functionality for a Postfix/Dovecot
19 mail server that uses PAM for authentication. Solutions such as pam_oath are not feasible
20 for this purpose because a mail client has no way of exposing an interface for the oath
21 challenge-response. Therefore a way to circumvent the original application to get the request
22 to the user is needed, which is what mfa does.</p>
23
24 <p>The design of mfa is not novel, it works the same way as Cisco's Duo. Duo does have open
25 source modules for achieving this objective, but all the authentication requests are
26 sent back to their proprietary "cloud" service. I'm sure that most free software
27 enthusiasts see this as a major red flag, especially for small personal use cases.</p>
28
29 <h3>Design</h3>
30
31 <p>mfa is primarily composed of three parts - the server, the client, and the PAM module.
32 The server listens for connections from both clients and PAM modules. The server receives a
33 request from a PAM module that includes the username of the user attempting to authenticate,
34 the hostname of the computer, and the service being accessed. The server then correlates the
35 combination of user, host, and service to a particular client, and attempts to push a request.
36 The server will then evaluate the client's response, and either return to the PAM module that
37 the user is authenticated or denied.</p>
38
39 <p>The server itself consists of two parts that I've called <strong>mfad</strong> and
40 <strong>mfac</strong>. mfad is the program responsible for doing what I've described above.
41 mfac is a command line utility that the administrator uses to configure the server. mfac is used
42 to enroll clients in the system and to provision applications. A client is enrolled by using the
43 --add-client option and providing an alias for that user. The server then assigns that user an
44 identifying key that is used to connect and a TOTP secret key. With the client enrolled, the
45 administrator can then assign applications to that client. With the --add-app command, the
46 administrator ties a username, hostname, and service combination to a client alias, so that
47 when that combination is seen the server knows who to ask for authentication. The administrator
48 also identifies which MFA methods are valid for this combination (currently either or both of
49 push and/or totp). The example below shows the process of enrolling a new client called
50 'tux' and then provisioning MFA for SSH attempts to tux@linux.example.org.</p>
51
52 <pre><code><em># Enroll a client named tux</em>
53mfac --add-client tux
54alias: tux
55client key: VA32LB3SF2HG2FDWJS5XIOFVWTMBQYRSQ3PK3OOPA3FBIQMSMJZCXYJQCYKYUWUU
56totp secret: TGGG3QCXA4MR2S2X6B33GSYN
57uri: otpauth://totp/tux%40mfad?secret=TGGG3QCXA4MR2S2X6B33GSYN
58
59<em># Provision MFA for SSH tux@linux.example.org allowing for both push authentication or TOTP</em>
60mfac --add-app --user tux --host linux.example.org --service sshd --alias tux --methods push totp
61 </code></pre>
62
63 <p>The PAM module of mfa also consists of two parts: the actual PAM module
64 <strong>pam_mfa.so</strong> that gets called in the PAM stack and a helper
65 program that interacts with mfad. The job of pam_mfa.so is to retrieve the
66 necessary information (user and service) from PAM and then invoke the helper
67 program with that data. It then waits for the MFA process to complete, retrieves
68 the result, and returns either success or failure to the PAM stack. The helper
69 program initiates a connetion to mfad when run and then passes username, hostname,
70 and service information to the server. It too receives a success or failure response
71 and then relays that information to the PAM module. Here is an example of using
72 pam_mfa.so in the PAM stack for sshd.</p>
73
74 <pre><code><strong>/etc/pam.d/sshd</strong>
75auth requisite pam_mfa.so</code></pre>
76
77 <p>The client program is what the end user interacts with to provide authentication responses.
78 Currently it is only a very simple terminal program but expanding on this is high on the
79 TODO list. The client opens a connection to the server and identifies itself with the client
80 key that was generated during enrollment. The client waits for a prompt from the server, and
81 when it receives one, informs the user. The client receives the users input and sends it back
82 to the server. The client performs this loop continuously until it is closed.</p>
83
84 <h2>clibrary</h2>
85
86 <p><em>Check out the source code here -</em>
87 <a href=https://git.chudnick.com/clibrary>git.chudnick.com/clibrary</a></p>
88
89 <h2>mail-tools</h2>
90 <p>
91 <a href=https://git.chudnick.com/mail-tools>git.chudnick.com/mail-tools</a>
92 </p>
93
94 <h2>deploy-scripts</h2>
95 <p>
96 <a href=https://git.chudnick.com/deploy-scripts>git.chudnick.com/deploy-scripts</a>
97 </p>
98
99 <h2>server-scripts</h2>
100 <p>
101 <a href=https://git.chudnick.com/server-scripts>git.chudnick.com/server-scripts</a>
102 </p>
103 </main>
104 <footer><a href=index.html>www.chudnick.com</a></footer>
105</body>
106</html>
107
diff --git a/software.html b/software.html
index 928ccfc..9e9cd8a 100644
--- a/software.html
+++ b/software.html
@@ -11,44 +11,58 @@
11 <header><h1 class=pagetop>Software I Use</h1></header> 11 <header><h1 class=pagetop>Software I Use</h1></header>
12 <main> 12 <main>
13 <p>This is some of the software that I use and recommend. 13 <p>This is some of the software that I use and recommend.
14 It goes without saying, but all of this software is free as in freedom, 14 All of this software is FOSS.</p>
15 libre, open source.</p>
16
17 <h2>Desktop Programs</h2>
18 <p><strong>Window Manager</strong> - dwm
19 <a class=qr href="https://git.chudnick.com/dwm">[git]</a></p>
20 <p><strong>Shell</strong> - zsh</p>
21 <p><strong>Terminal Emulator</strong> - urxvt</p>
22 <p><strong>Statusbar</strong> - dwmblocks
23 <a class=qr href="https://git.chudnick.com/dwmblocks">[git]</a></p>
24 <p><strong>Text Editor</strong> - vim</p>
25 <p><strong>Music Player</strong> - cmus</p>
26 <p><strong>Process Monitor</strong> - htop</p>
27 <p><strong>Media Player</strong> - mpv</p>
28 <p><strong>Email</strong> - neomutt, isync, msmtp
29 <a class=qr href=articles/mutt.html>[kb]</a></p>
30 <p><strong>RSS</strong> - newsboat</p>
31 <p><strong>PDF Reader</strong> - zathura</p>
32 <p><strong>Sandbox</strong> - firejail</p>
33 <p><strong>Virtualization</strong> - qemu/kvm + libvirt</p>
34 <p><strong>Firewall</strong> - ufw</p>
35 15
36 <h2>Server Software</h2> 16 <h2>Server Software</h2>
37 <p>This is some server oriented software that I use.</p>
38 <p><strong>Mail Server</strong> - postfix + dovecot
39 <a class=qr href=articles/mail-server.html>[kb]</a></p>
40 17
41 <p><strong>Media Server</strong> - jellyfin</p> 18 <h3>Infrastructure</h3>
19 <p><strong>Virtualization</strong> - Proxmox VE</p>
20 <p><strong>Backups</strong> - Proxmox Backup Server</p>
21 <p><strong>DNS</strong> - Pi-hole</p>
22
23 <h3>Services</h3>
24 <p><strong>Authentication and Identity</strong> - Authelia</p>
25 <p><strong>LDAP</strong> - FreeIPA <a class=qr href=articles/freeipa-server.html>[kb]</a></p>
26 <p><strong>RSS Aggregator</strong> - FreshRSS</p>
27 <p><strong>Dashboard</strong> - Homer</p>
28 <p><strong>Search Engine</strong> - SearxNG</p>
29 <p><strong>Wiki</strong> - Bookstack</p>
30 <p><strong>Personal Cloud</strong> - Nextcloud</p>
31 <p><strong>Photo Management</strong> - Photoprism</p>
32 <p><strong>Game Streaming</strong> - Sunshine + Moonlight</p>
33 <p><strong>Mail Server</strong> - Postfix + Dovecot <a class=qr href=articles/mail-server.html>[kb]</a></p>
42 34
43 <p><strong>Server Monitoring</strong> - icinga2 35 <h3>Monitoring</h3>
44 <a class=qr href=articles/icinga-master.html>[kb]</a></p> 36 <p><strong>Service Monitoring</strong> - Prometheus + Grafana + Cadvisor</p>
37 <p><strong>Log Management</strong> - Loki</p>
45 38
46 <p><strong>Configuration Management</strong> - ansible</p> 39 <h3>Media</h3>
40 <p><strong>Media Server</strong> - Jellyfin</p>
41 <p><strong>Music Server</strong> - Navidrome</p>
47 42
48 <p><strong>Identity Management</strong> - FreeIPA 43 <h3>Development</h3>
49 <a class=qr href=articles/freeipa-server.html>[kb]</a></p> 44 <p><strong>Configuration Management</strong> - Ansible</p>
45 <p><strong>Git Repository</strong> - Gitea</p>
46 <p><strong>Git Mirror</strong> - cgit</p>
47 <p><strong>CI/CD</strong> - Jenkins</p>
48 <p><strong>Diagramming</strong> - draw.io</p>
50 49
51 50
51 <h2>Desktop Programs</h2>
52 <p><strong>Window Manager</strong> - dwm <a class=qr href="https://git.chudnick.com/dwm/about">[git]</a></p>
53 <p><strong>Shell</strong> - zsh <a class=qr href="https://git.chudnick.com/dotfiles/tree/.config/zsh">[git]</a></p>
54 <p><strong>Terminal Emulator</strong> - st <a class=qr href="https://git.chudnick.com/st/about">[git]</a></p>
55 <p><strong>Text Editor</strong> - vim <a class=qr href="https://git.chudnick.com/dotfiles/tree/.vim">[git]</a></p>
56 <p><strong>Music Player</strong> - cmus <a class=qr href="https://git.chudnick.com/dotfiles/tree/.config/cmus">[git]</a></p>
57 <p><strong>Process Monitor</strong> - htop <a class=qr href="https://git.chudnick.com/dotfiles/tree/.config/htop">[git]</a></p>
58 <p><strong>Media Player</strong> - mpv </p>
59 <p><strong>Email</strong> - neomutt, isync, msmtp
60 <a class=qr href="https://git.chudnick.com/dotfiles/tree/.config/mutt">[git]</a>
61 <a class=qr href=articles/mutt.html> [kb]</a></p>
62 <p><strong>PDF Reader</strong> - zathura <a class=qr href="https://git.chudnick.com/dotfiles/tree/.config/zathura">[git]</a></p>
63 <p><strong>Sandbox</strong> - firejail <a class=qr href="https://git.chudnick.com/dotfiles/tree/.config/firejail">[git]</a></p>
64 <p><strong>Firewall</strong> - ufw</p>
65
52 66
53 </main> 67 </main>
54 <footer><a href=index.html>www.chudnick.com</a></footer> 68 <footer><a href=index.html>www.chudnick.com</a></footer>
diff --git a/style.css b/style.css
index db70bd3..d5f7504 100644
--- a/style.css
+++ b/style.css
@@ -1,7 +1,27 @@
1body { 1@charset "UTF-8";
2 color: snow; 2
3 background: rgb(10,10,10); 3:root {
4 font-size: 14pt; 4 /* Set sans-serif & mono fonts */
5 --sans-font: Inter, Lato,Helvetica,"IBM Plex Sans","Roboto","Nimbus Sans L","Noto Sans", "Segoe UI",Arial,Helvetica,"Helvetica Neue",sans-serif;
6 --mono-font: "mononoki Nerd Font","IBM Plex Mono","Roboto Mono","Ubuntu Mono","Fira Code","Overpass Mono", Monaco,"Droid Sans Mono",monospace;
7 --bg: #242933;
8 --accent-bg: rgb(46, 52, 64);
9 --text: #eceff4;
10 --text-light: #d8dee9;
11 --border: #88c0d0;
12 --accent: #81a1c1;
13 --accent-light: #bf616a;
14 --code: #ebcb8b;
15 --alert: #a3be8c;
16 --alert-bg: #8fbcbb;
17 --code-bg: #2e3440;
18}
19
20html, body, .container {
21 background: var(--bg);
22 color: var(--text);
23 font-family: var(--sans-font);
24 font-size: 12pt;
5} 25}
6 26
7h1 { 27h1 {
@@ -69,7 +89,7 @@ p.donate {
69} 89}
70 90
71h2 { 91h2 {
72 color: firebrick; 92 color: var(--border);
73 text-align: left; 93 text-align: left;
74 font-size: 20pt; 94 font-size: 20pt;
75 border-bottom: solid 1px; 95 border-bottom: solid 1px;
@@ -85,7 +105,7 @@ h2.donate {
85} 105}
86 106
87h3 { 107h3 {
88 color: firebrick; 108 color: var(--border);
89 text-align: left; 109 text-align: left;
90 font-size: 16pt; 110 font-size: 16pt;
91 max-width: 800px; 111 max-width: 800px;
@@ -99,7 +119,7 @@ em {
99} 119}
100 120
101strong { 121strong {
102 color: deepskyblue; 122 color: var(--accent-light);
103} 123}
104 124
105/* Sidebar */ 125/* Sidebar */
@@ -171,3 +191,6 @@ pre {
171 max-width: 600px ; 191 max-width: 600px ;
172 margin: auto ; 192 margin: auto ;
173} 193}
194
195h3.software {
196}