diff --git a/config.toml b/config.toml
index 5b15e6e..7c04612 100644
--- a/config.toml
+++ b/config.toml
@@ -1,5 +1,5 @@
# The URL the site will be built for
-base_url = "https://mtgmonkey.net"
+base_url = "https://blog.mtgmonkey.net"
# Whether to automatically compile all Sass files in the sass directory
compile_sass = true
diff --git a/content/daily/2025-06-07.md b/content/daily/2025-06-07.md
new file mode 100644
index 0000000..d76a83e
--- /dev/null
+++ b/content/daily/2025-06-07.md
@@ -0,0 +1,15 @@
++++
+title = "init post"
+date = 2025-06-07
++++
+
+This is my first daily message, posted in the afternoon rather than the morning. In the future, all fo these will be posted when I wake up.
+
+Let's do some about me.
+I use nixos with limine, ly, xmonad, qutebrowser, and nvf on the day-to-day. I program in haskell, elm, nix, and rust. Functional programming for the win! My vps is also nixos, and it's so convenient to share my home-manager config between the two!
+
+### Links
+All sites are built %100 declatatively with Nix.
+- [My rgit server](https://git.mtgmonkey.net), which hosts all my repos, including that for this site and for my pet site.
+- [My blog](https://blog.mtgmonkey.net), which you are reading now.
+- [My pet site](https://mtgmonkey.net), Elmskell, which has a Haskell Scotty backend with an Elm frontend.
diff --git a/content/daily/2025-06-08.md b/content/daily/2025-06-08.md
new file mode 100644
index 0000000..5953a76
--- /dev/null
+++ b/content/daily/2025-06-08.md
@@ -0,0 +1,87 @@
++++
+title = "TLS Troubles and Embarrassing Secrets"
+date = 2025-06-08
++++
+
+Last night, this website saw hours of downtime because of a combination of silly mistakes. Let me explain.
+
+### TLS Troubles
+
+This site runs with the [Ferron](https://www.ferronweb.org/) webserver. When you have a website, you need to have TLS certificates so users can use HTTPS to access it. Ferron has these really great configuration options to do this automatically.
+
+> [Nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/ferron.nix), used to define Ferron's config.yaml
+>
+> ```nix
+> -- ferron-conf.nix
+> {
+> global = {
+> enableAutomaticTLS = true;
+> useAutomaticTLSHTTPChallenge = true;
+> };
+> }
+> ```
+
+These automatic TLS certificates are issued by [Let's Encrypt](https://letsencrypt.org), a fantastic nonprofit you should definitely go check out. They do, however, have pretty strict [rate limits](https://letsencrypt.org/docs/rate-limits/). Luckily, they offer a [staging feature](https://letsencrypt.org/docs/staging-environment) with much higher rate limits.
+
+I made a number of mistakes. The first was testing in production rather than on a local server.
+
+The second was not taking advantage of Let's Encrypt's staging features. Ferron even has an option `automaticTLSLetsEncryptProduction` that, when `false`, lets one use Let's Encrypt's staging features. Even though there is a [whole page](https://www.ferronweb.org/docs/automatic-tls), and despite knowing not to experiment in a production environment, I thought I would be fine and forged ahead.
+
+It was the seventh `systemctl restart ferron` which broke my sites. Suddenly, all I got was `ERR_SSL_PROTOCOL_ERR` from visiting *any* of my sites. There it was: Lesson learned. I will do my experiments locally going forward.
+
+A problem still remained, however. This blog is updated daily, and is built with a [flake](https://git.mtgmonkey.net/blog.git/tree/flake.nix). This makes it fully declarative; a boon! Ferron, however, was configured to point to `${blog.packages.x86_64-linux.default}/wwwroot`, which would be outdated until I `systeml restart`ed the server. Ferron requests a new certificate from Let's Encrypt, though, meaning I would hit the rate limit if I restarted even a couple of times too many. To fix this, my Ferron https server points to a second http server, which hosts the blog.
+
+> My much-overcomplicated ferron setup
+>
+> ```nix
+> # ferron-conf.nix
+> {
+> global = {
+> # enable automatic tls for https
+> secure = true;
+> enableAutomaticTLS = true;
+> useAutomaticTLSHTTPChallenge = true;
+> # let an https connection travel to the blog-ferron http server without error
+> disableProxyCertificateVerification = true;
+> # enable proxying to local servers (reverse proxying)
+> loadModules = ["rproxy"];
+> };
+> hosts = [
+> {
+> # route requests for the blog to port 8181
+> domain = "blog.mtgmonkey.net";
+> proxyTo = "http://localhost:8181/";
+> }
+> ];
+> }
+> ```
+>
+> ```nix
+> # blog-ferron-conf.nix
+> # take the blog flake as an input
+> { blog, ... }: {
+> global = {
+> # expose server to port 8181, so the main ferron server will proxy to it
+> port = 8181;
+> # the default flake output includes the static site at wwwroot
+> wwwroot = "${blog.packages.x86_64-linux.default}/wwwroot";
+> };
+> }
+> ```
+
+This means I only need to `systemctl restart blog-ferron`, rather than ...`ferron`, meaning I don't trigger a new Let's Encrypt cert request every time. I can update my blog *however frequently I want* and *still* ensure the reproducibility of Nix.
+
+All code above is, clearly, just simplified snippets; the actual file are linked below
+- [ferron.nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/ferron.nix), where ferron-conf.nix is in the let binding
+- [blog.nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/blog.nix), where blog-ferron-conf.nix is in the let binding
+- [flake.nix](https://git.mtgmonkey.net/server-configuration.git/tree/flake.nix),the flake to which the above modules are imported
+
+
+### Embarrassing Secrets
+
+I spent all morning trying to configure different secrets management programs, from [agenix](https://github.com/ryantm/agenix), to [spos-nix](https://github.com/Mic92/sops-nix), to even a simple `.gitignore`. After finally getting agenix configured properly, it occured to me that my only 'secrets' were my ssh *public keys*, which are harmless to share! I don't need *any* secrets management, much less something as complex as agenix.
+
+### By Tomorrow
+
+- [ ] Polish up [the blog](https://blog.mtgmonkey.net) a little bit
+- [ ] Get a [translation api](https://github.com/LibreTranslate/LibreTranslate) set up
diff --git a/content/daily/2025-06-09.md b/content/daily/2025-06-09.md
new file mode 100644
index 0000000..04a4d3a
--- /dev/null
+++ b/content/daily/2025-06-09.md
@@ -0,0 +1,123 @@
++++
+title = "Spacebar and a Translation Service"
+date = 2025-06-09
++++
+
+### Since Yesterday
+
+- [ ] Polish up [the blog](https://blog.mtgmonkey.net) a little bit
+- [X] Get a [translation api](https://translate.mtgmonkey.net) set up
+- [X] Get a [chat client](https://chat.mtgmonkey.net) set up
+
+### Spacebar Server
+
+The Spacebar server is super easy to run on Nix - its flake just works! Below I write the relevant portions of my Nix config.
+
+> ```nix
+> # flake.nix
+> {
+> # import server from the flake.nix on gh
+> inputs.spacebar-server.url = "github:spacebarchat/server";
+> outputs = {
+> spacebar-server,
+> ...
+> }: {
+> nixosConfigurations."server" = nixpkgs.lib.nixosSystem {
+> system = "x86_64-linux";
+> specialArgs = {
+> # pass spacebar-server to any module that wants it
+> inherit spacebar-server;
+> };
+> modules = [
+> # add spacebar to configuration
+> ./services/spacebar.nix
+> ];
+> };
+> };
+> }
+> ```
+>
+> ```nix
+> # services/spacebar.nix
+> {
+> spacebar-server,
+> lib,
+> pkgs,
+> ...
+> }: {
+> systemd.services.spacebar-server = {
+> serviceConfig = {
+> Type = "simple";
+> ExecStart = "${lib.getExe
+> spacebar-server.packages.x86_64-linux.default}";
+> # Ensure the server is run by a non-priveleged user for security
+> RemainAfterExit = true;
+> User = "spacebar";
+> Group = "spacebar";
+> };
+> environment = {
+> # Specify location of uploaded files and the db
+> DATABASE = "/var/lib/spacebar-server/database.db";
+> STORAGE_LOCATION = "/var/lib/spacebar-server/files/";
+> };
+> };
+> # Create user that runs the server
+> users.users.spacebar = {
+> isSystemUser = true;
+> group = "spacebar";
+> # Create home, where database.db and files/ are located
+> home = "/var/lib/spacebar-server";
+> createHome = true;
+> # utility packages while SSHing into the user
+> packages = [
+> pkgs.git
+> # package to test drive the server with the unpriveleged user
+> spacebar-server.packages.x86_64-linux.default
+> # edit the database
+> pkgs.sqlite
+> ];
+> # I have noshell in my flake, so there won't be a login shell unless it's specified
+> shell = pkgs.bash;
+> };
+> # Groups need to be 'initialized' on nixos
+> users.groups.spacebar = {};
+> }
+> ```
+
+This configuration runs great! Well, given that you configure the database correctly - sqlite is going to be the death of me! `api_endpointPublic`, `cdn_endpointPublic`, and `gateway_endpointPublic` *all need to be set* before the server's connected up properly to take new users. That means running the below series of commands from the `sqlite3` repl - an interface without backspace~
+
+> ```bash
+> # as spacebar user
+> sqlite3 ~/database.db
+> ```
+>> ```sql
+>> update config
+>> set value='"https://spacebar-api.mtgmonkey.net/api/v9"'
+>> where key='api_endpointPublic';
+>> update config
+>> set value='"https://spacebar-api.mtgmonkey.net"'
+>> where key='cdn_endpointPublic';
+>> update config
+>> set value='"wss://spacebar-api.mtgmonkey.net"'
+>> where key='gateway_endpointPublic';
+>> .exit
+>> ```
+
+Beleive it or not, the server was only the *easy* part! I next had to configure the client.
+
+There are generally 3 web clients to choose from when it comes to Spacebar.
+- [The official client](https://github.com/spacebarchat/client), written in React, is the most beautiful. It's not fully featured, however, missing the home page, friends, DMs, and more.
+- [The legacy client](https://github.com/spacebarchat/client/tree/legacy-v2), written in Typescript, is known to work. Unfortunately, it is quite outdated and, no matter how much I tried, I could not get it to build on Nix.
+- [JankClient](https://github.com/MathMan05/JankClient), an unofficial client written in TypeScript, is, as its name suggests, quite janky. It requires frequent browser refreshes to fix visual glitches and is poorly optimised on mobile.
+
+JankClient, despite its glitchiness, is the one I finally decided on. Though the official client has a flake, it's currently non-functional, and has been for a while. Neither of the other two have flakes, unfortunately, but it's easy enough to run JankClient with Docker. I first ran `nix-shell -p compose2nix` before renaming `compose.yaml` to `docker-compose.yaml` (as compose2nix requires). I then ran compose2nix and used the output as the basis for [services/spacebar.nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/spacebar.nix). I made a couple of major modifications: Firstly, I bound it to a different port as a matter of personal preference. I also changed all instances of `podman` with `docker`, as my rgit instance runs on docker and nix can only have 1 declaration of `virtualisation.oci-containers.backend`. Secondly, the generated `docker-build-spaceclient-jank.service` wouldn't run properly, so I had to build the image manually. Finally, I added an [anubis](https://github.com/TecharoHQ/anubis) PoW captcha and a reverse client entry in my [ferron](https://www.ferronweb.org) webserver, as appropriate.
+
+All code above is, clearly, just simplified snippets; the actual file are linked below
+- [flake.nix](https://git.mtgmonkey.net/server-configuration.git/tree/flake.nix).
+- [services/spacebar.nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/spacebar.nix).
+- [services/ferron.nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/ferron.nix).
+- [services/translate.nix](https://git.mtgmonkey.net/server-configuration.git/tree/services/ferron.nix).
+
+### For Tomorrow
+
+- [ ] Polish up [the blog](https://blog.mtgmonkey.net) a little bit
diff --git a/content/daily/_index.md b/content/daily/_index.md
new file mode 100644
index 0000000..8799f36
--- /dev/null
+++ b/content/daily/_index.md
@@ -0,0 +1,6 @@
++++
+title = "Daily Posts"
+sort_by = "date"
+template = "blog.html"
+page_template = "blog_page.html"
++++
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 0000000..e33e0e4
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,26 @@
+{
+ "nodes": {
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1749143949,
+ "narHash": "sha256-QuUtALJpVrPnPeozlUG/y+oIMSLdptHxb3GK6cpSVhA=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "d3d2d80a2191a73d1e86456a751b83aa13085d7d",
+ "type": "github"
+ },
+ "original": {
+ "id": "nixpkgs",
+ "ref": "nixos-unstable",
+ "type": "indirect"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nixpkgs": "nixpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 0000000..ed96b63
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,24 @@
+{
+ inputs = {
+ nixpkgs.url = "nixpkgs/nixos-unstable";
+ };
+ outputs = {nixpkgs, ...}: let
+ system = "x86_64-linux";
+ pkgs = nixpkgs.legacyPackages.${system};
+ in {
+ packages.${system} = {
+ default = pkgs.callPackage ./package.nix {};
+ };
+ devShells.${system} = {
+ default = pkgs.mkShell {
+ nativeBuildInputs = [
+ pkgs.zola
+ pkgs.tokei
+ ];
+ shellHook = ''
+ ${pkgs.cowsay}/bin/cowsay Welcome to the devshell
+ '';
+ };
+ };
+ };
+}
diff --git a/package.nix b/package.nix
new file mode 100644
index 0000000..3fcd14a
--- /dev/null
+++ b/package.nix
@@ -0,0 +1,30 @@
+{
+ zola,
+ lib,
+ stdenv,
+ ...
+}:
+stdenv.mkDerivation {
+ pname = "elmskell-blog";
+ version = "0.1.0";
+ src = ./.;
+ nativeBuildInputs = [
+ zola
+ ];
+ configurePhase = ''
+ # zola check
+ '';
+ buildPhase = ''
+ zola build
+ '';
+ installPhase = ''
+ mkdir -p $out/wwwroot
+ cp ./public/* $out/wwwroot/ -r
+ '';
+ meta = {
+ description = "Andromeda's blog, statically served via Zola";
+ longDescription = "Andromeda's blog, statically served via Zola";
+ homepage = "https://mtgmonkey.net";
+ license = lib.licenses.wtfpl;
+ };
+}
diff --git a/templates/base.html b/templates/base.html
new file mode 100644
index 0000000..4f82054
--- /dev/null
+++ b/templates/base.html
@@ -0,0 +1,14 @@
+
+
+
+
+ Andromeda's blog
+
+
+
+
+ {% block content %} {% endblock content %}
+
+
+
+
diff --git a/templates/blog.html b/templates/blog.html
new file mode 100644
index 0000000..63775bc
--- /dev/null
+++ b/templates/blog.html
@@ -0,0 +1,12 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+ {{ section.title }}
+
+
+{% endblock content %}
diff --git a/templates/blog_page.html b/templates/blog_page.html
new file mode 100644
index 0000000..f0f638e
--- /dev/null
+++ b/templates/blog_page.html
@@ -0,0 +1,9 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+ {{ page.title }}
+
+{{ page.date }}
+{{ page.content | safe }}
+{% endblock content %}
diff --git a/templates/index.html b/templates/index.html
new file mode 100644
index 0000000..1c2bb5f
--- /dev/null
+++ b/templates/index.html
@@ -0,0 +1,8 @@
+{% extends "base.html" %}
+
+{% block content %}
+
+ This is Andromeda's blog.
+
+Daily Posts
+{% endblock content %}