Almanack/almnck
2
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages Wiki Activity Actions
Almanack Root https://almnck.com/
1,085 commits 2 branches 0 tags 4.6 GiB
  • Python 47.5%
  • JavaScript 34.2%
  • CSS 7.6%
  • HTML 4.3%
  • Shell 4%
  • Other 2.4%
Find a file
Exact
Danny O'Brien 6a474b304c Process: archive distill-aware refactor opportunities critique
2026-06-11 15:44:34 -04:00
.claude Add interactive-margin-boxes skill for future box creation 2026-02-21 02:58:53 -08:00
.pi Add pi agent config pointing to .claude/skills 2026-03-09 23:27:56 -07:00
api fix: make Stripe checkout test complete full payment flow 2026-02-23 17:10:52 -08:00
assets Reference: start IPFS pin log (CID + timestamp per prod-ipfs-pin run) 2026-06-11 15:44:34 -04:00
bin Infra: move cluster.env outside chowned dir; fix a-failover PATH 2026-06-11 15:44:34 -04:00
doc Process: archive distill-aware refactor opportunities critique 2026-06-11 15:44:34 -04:00
docs/plans doc: add anchored clusters (v2 storage) to pen marginalia design 2026-02-24 03:25:00 -08:00
editorial Editorial: triage ideas; add Diderot prospectus and HMS Challenger drafts 2026-06-11 15:44:34 -04:00
llc Add 2026 expenses and fix FTB penalty date 2026-04-05 17:59:04 -07:00
src Remove HTMX library 2026-05-26 16:20:12 -07:00
.age-recipients Kropotkin article: FQA margin box, woodcut portraits, footnotes 2026-02-16 23:24:09 -08:00
.crates.toml fix: wait for noble crypto libs before initializing identity 2026-01-17 16:29:32 -08:00
.crates2.json fix: wait for noble crypto libs before initializing identity 2026-01-17 16:29:32 -08:00
.gitattributes track binary assets with Git LFS 2026-02-21 20:20:58 -08:00
.gitignore Add .superpowers/ to .gitignore 2026-03-20 16:12:48 -07:00
CLAUDE.md Persona: compeer greeting and three new neologisms 2026-06-11 15:44:34 -04:00
CONSENSX.md Persona: compeer greeting and three new neologisms 2026-06-11 15:44:34 -04:00
Makefile prod-ipfs-pin: use inbrowser.link gateway 2026-03-22 02:56:33 -07:00
pyproject.toml Add layout-invariants test harness with tunable thresholds 2026-03-10 01:53:38 -07:00
README.md Document editor-only content encryption in README 2026-02-01 18:41:53 -08:00
uv.lock chore: update uv.lock for skyfield dependency 2026-02-18 15:48:59 -08:00

README.md

Directory structure

bin -- small scripts for managing the stuff below
src -- codebase for generating website or conducting process. Anything bigger than a (small) script.
assets -- IP, including incoming articles, images, currently edited work, final products.
web -- the contents of our (static, public) website.
secrets -- passwords, PII, etc. Assume everything else could be made public. If it would be existentially bad for it to leak, encrypt it, and put it here.
doc -- documentation of processes, ideas, memos, etc.
llc -- corporate documents, financial ledger, business running.
.venv -- python environment for this whole kiboodle.

Quick Start

From a fresh clone:

make bootstrap        # Create venv, install deps, run migrations
source bin/a-activate # Activate the environment
make serve            # Start Django dev server on port 1969

Requires uv for dependency management.

Working Environment

To reactivate an existing environment:

. bin/a-activate

Editor-Only Content

Some content in editorial/inbox/ is encrypted so only editors can read it. This is for unpublished drafts and works-in-progress—not for secrets or confidential information (those belong in secrets/).

Why encrypt drafts?

  • Upcoming articles shouldn't be publicly visible before publication
  • Contributors may share work that isn't ready for the world yet
  • The rest of the repo can remain public without leaking unfinished writing

How it works

We use md-age for transparent encryption. Files with this frontmatter are automatically encrypted in git:

---
age-encrypt: yes
age-recipients:
  - git:assets/keys/editors
---
Your markdown content here...

The git:assets/keys/editors reference points to a file listing editor public keys. When you check out the file, it's automatically decrypted (if you have a matching private key). When you commit, it's re-encrypted.

Setup

Run bin/a-setup-key to configure everything automatically:

bin/a-setup-key

This script:

  • Creates an Ed25519 keypair (~/.ssh/almanack-age) compatible with both SSH and age
  • Configures git to use md-age filters for transparent decrypt/encrypt
  • Adds SSH config for the almnck git server alias
  • Adds your public key to assets/keys/editors and commits it

After running, add the printed public key to your Forgejo account at https://code.almnck.com/user/settings/keys to complete git server access.

Adding a new editor

When a new editor runs a-setup-key, their key is added to assets/keys/editors. Then run md-age git rekey to re-encrypt all protected files with the new recipient.

Current editors

See assets/keys/editors for the list of public keys with access.