Initial file upload

.gitignore

@@ -0,0 +1,3 @@
+public/
+resources/
+.hugo_build.lock

.gitmodules

@@ -0,0 +1,4 @@
+[submodule "themes/blowfish"]
+	path = themes/blowfish
+	url = https://github.com/nunocoracao/blowfish.git
+	branch = main

README.md

@@ -0,0 +1,6 @@
+## Image sources
+
+- [Background](https://unsplash.com/photos/a-view-of-a-city-with-tall-buildings-iPyailqBGdM)
+- [About](https://unsplash.com/photos/cable-network-M5tzZtFCOfs)
+- [Contact](https://unsplash.com/photos/a-close-up-of-a-cell-phone-near-a-laptop-8e2VsJ0dOPM)
+- [Hire Me](https://unsplash.com/photos/shallow-focus-photography-of-red-and-white-for-hire-signage-fY8Jr4iuPQM)

archetypes/default.md

@@ -0,0 +1,5 @@
++++
+date = '{{ .Date }}'
+draft = true
+title = '{{ replace .File.ContentBaseName "-" " " | title }}'
++++

config/_default/hugo.toml

@@ -0,0 +1,69 @@
+# -- Site Configuration --
+# Refer to the theme docs for more details about each of these parameters.
+# https://blowfish.page/docs/getting-started/
+
+theme = "blowfish" # UNCOMMENT THIS LINE
+# baseURL = "https://tommytran.io/"
+defaultContentLanguage = "en"
+
+# pluralizeListTitles = "true" # hugo function useful for non-english languages, find out more in  https://gohugo.io/getting-started/configuration/#pluralizelisttitles
+
+enableRobotsTXT = true
+summaryLength = 0
+
+buildDrafts = false
+buildFuture = false
+
+enableEmoji = true
+
+# googleAnalytics = "G-XXXXXXXXX"
+
+[pagination]
+  pagerSize = 100
+
+[imaging]
+  anchor = 'Center'
+
+[taxonomies]
+  tag = "tags"
+  category = "categories"
+  author = "authors"
+  series = "series"
+
+[sitemap]
+  changefreq = 'daily'
+  filename = 'sitemap.xml'
+  priority = 0.5
+
+[outputs]
+  home = ["HTML", "RSS", "JSON"]
+
+[related]
+  threshold = 0
+  toLower = false
+
+    [[related.indices]]
+        name = "tags"
+        weight = 100
+
+    [[related.indices]]
+        name = "categories"
+        weight = 100
+
+    [[related.indices]]
+        name = "series"
+        weight = 50
+
+    [[related.indices]]
+        name = "authors"
+        weight = 20
+
+    [[related.indices]]
+        name = "date"
+        weight = 10
+
+    [[related.indices]]
+      applyFilter = false
+      name = 'fragmentrefs'
+      type = 'fragments'
+      weight = 10

config/_default/languages.en.toml

@@ -0,0 +1,42 @@
+disabled = false
+languageCode = "en"
+languageName = "English"
+weight = 1
+title = "Tommy's Space"
+
+[params]
+displayName = "EN"
+isoCode = "en"
+rtl = false
+dateFormat = "2 January 2006"
+description = "Tommy's personal website"
+
+[[params.author.links]]
+github = "https://github.com/TommyTran732"
+
+[[params.author.links]]
+gitlab = "https://git.metropolis.nexus/Tommy"
+
+[[params.author.links]]
+matrix = "https://matrix.to/#/@tommy:metropolis.nexus"
+
+[[params.author.links]]
+telegram = "https://t.me/tommytran732"
+
+[[params.author.links]]
+x-twitter = "https://x.com/TommyTran732"
+
+[[params.author.links]]
+linkedin = "https://www.linkedin.com/in/tommytran732"
+
+[[params.author.links]]
+email = "mailto:contact@tommytran.io"
+
+[[params.author.links]]
+pgpkey = "/tommy.asc"
+
+["params.author"]
+name = "Tommy Tran"
+bio = "System Administrator and Technical Writer"
+image = "avatar.png"
+headline = "System Administrator and Technical Writer"

config/_default/markup.toml

@@ -0,0 +1,20 @@
+# -- Markup --
+# These settings are required for the theme to function.
+
+[goldmark]
+  [goldmark.renderer]
+    unsafe = true
+
+  [goldmark.extensions]
+    [goldmark.extensions.passthrough]
+      enable = true
+      [goldmark.extensions.passthrough.delimiters]
+        block = [['\[', '\]'], ['$$', '$$']]
+        inline = [['\(', '\)']]
+
+[highlight]
+  noClasses = false
+
+[tableOfContents]
+  startLevel = 2
+  endLevel = 4

config/_default/menus.en.toml

@@ -0,0 +1,29 @@
+[[main]]
+none = "none"
+
+[[main]]
+name = "About"
+pageRef = "posts/about"
+identifier = "zGE2YAk94f"
+weight = 1
+
+[[main]]
+name = "Blog"
+url = "https://privsec.dev"
+identifier = "ZygO3vLON0"
+weight = 2
+
+[[main]]
+name = "Projects"
+pageRef = "/posts/projects"
+identifier = "uePnrAHpNc"
+weight = 3
+
+[[main]]
+name = "Contact"
+pageRef = "/posts/contact"
+identifier = "lqA5Rh0hE9"
+weight = 4
+
+[[footer]]
+none = "none"

config/_default/params.toml

@@ -0,0 +1,109 @@
+colorScheme = "blowfish"
+defaultAppearance = "dark"
+autoSwitchAppearance = false
+enableA11y = false
+enableSearch = true
+enableCodeCopy = false
+replyByEmail = false
+disableImageOptimization = false
+disableImageOptimizationMD = false
+disableTextInHeader = false
+fingerprintAlgorithm = "sha512"
+giteaDefaultServer = "https://git.fsfe.org"
+forgejoDefaultServer = "https://v11.next.forgejo.org"
+firebase = { }
+fathomAnalytics = { }
+umamiAnalytics = { }
+selineAnalytics = { }
+buymeacoffee = { }
+verification = { }
+rssnext = { }
+advertisement = { }
+defaultBackgroundImage = "background.jpg"
+
+[header]
+layout = "fixed"
+
+[footer]
+showMenu = true
+showCopyright = true
+showThemeAttribution = true
+showAppearanceSwitcher = false
+showScrollToTop = true
+
+[homepage]
+layout = "background"
+showRecent = true
+showRecentItems = "3"
+showMoreLink = true
+showMoreLinkDest = "/posts/"
+cardView = true
+cardViewScreenWidth = false
+layoutBackgroundBlur = true
+disableHeroImageFilter = false
+
+[article]
+showDate = false
+showViews = false
+showLikes = false
+showDateOnlyInArticle = false
+showDateUpdated = false
+showAuthor = true
+showHero = false
+layoutBackgroundBlur = true
+layoutBackgroundHeaderSpace = true
+showBreadcrumbs = false
+showDraftLabel = true
+showEdit = false
+editAppendPath = true
+seriesOpened = false
+showHeadingAnchors = true
+showPagination = true
+invertPagination = false
+showReadingTime = false
+showTableOfContents = true
+showTaxonomies = false
+showCategoryOnly = false
+showAuthorsBadges = false
+showWordCount = false
+showZenMode = false
+heroStyle = "background"
+showRelatedContent = false
+
+[list]
+showHero = false
+layoutBackgroundBlur = true
+layoutBackgroundHeaderSpace = true
+showBreadcrumbs = false
+showSummary = false
+showViews = false
+showLikes = false
+showTableOfContents = false
+showCards = false
+orderByWeight = false
+groupByYear = true
+cardView = false
+cardViewScreenWidth = false
+constrainItemsWidth = false
+
+[sitemap]
+excludedKinds = [ "taxonomy", "term" ]
+
+[taxonomy]
+showTermCount = true
+showHero = false
+showBreadcrumbs = false
+showViews = false
+showLikes = false
+showTableOfContents = false
+cardView = false
+
+[term]
+showHero = false
+showBreadcrumbs = false
+showViews = false
+showLikes = false
+showTableOfContents = true
+groupByYear = false
+cardView = false
+cardViewScreenWidth = false

content/posts/about/index.md

@@ -0,0 +1,15 @@
+---
+title: "About Me"
+date: 2022-09-02
+showHero: true
+---
+
+Hello! 👋
+
+I'm Thien, though you may know me as Tommy. With over five years of experience as a Linux system administrator, I specialize in managing a diverse range of Linux distributions, including Red Hat, Debian, SUSE, and Arch Linux. Recently, I've been diving into the world of containers and immutable distributions, which I find both innovative and exciting.
+
+Like most Linux users, I am an open source enthusiast and publish most of the projects made in my free time on [GitHub](https://github.com/tommytran732). I also made a couple of small contributions to various projets as well.
+
+I host several services, such as Matrix and Mastodon, free of charge. If you're curious, feel free to explore [Metropolis Nexus](https://metropolis.nexus), where you might find resources or services that suit your needs.
+
+Together with friends I connected with through GrapheneOS, I co-author a blog, [PrivSec.dev](https://privsec.dev), where we explore topics related to privacy and security. 

content/posts/contact/index.md

@@ -0,0 +1,42 @@
+---
+title: "Contact Information"
+date: 2022-09-02
+---
+
+## Matrix
+
+The best way to contact me is through Matrix. My account is [@tommy:metropolis.nexus](https://matrix.to/#/@tommy:metropolis.nexus). If you do not have a an account, you can sign up for one on my homeserver [metropolis.nexus](https://metropolis.nexus). I do not ask for your email address or any personal information for registration.
+
+## Telegram
+
+My Telegram is [TommyTran732](https://t.me/tommytran732). I do not check it as often as I do with Matrix. When contacting me, please use the [Secret Chat](https://telegram.org/faq#q-how-do-i-start-a-secret-chat) feature.
+
+## Email
+
+If you prefer to reach out to me via email, my address is [contact@tommytran.io](mailto:contact@tommytran.io). Aliases:
+
+- [tommy@metropolis.nexus](mailto:tommy@metropolis.nexus)
+- [tommy@privsec.dev](mailto:tommy@privsec.dev)
+
+Please use encryption if possible. My PGP key is available [here](https://tommytran.io/tommy.asc).
+
+## Other Accounts
+
+### Discord
+- TommyTran732
+
+### Linkedin
+- [TommyTran732](http://linkedin.com/in/tommytran732)
+
+For employers, please see [Hire Me!](/posts/hire-me)
+
+### Twitter
+
+- [@TommyTran732](https://twitter.com/tommytran732)
+- [@PrivSec_Dev](https://twitter.com/privsec_dev)
+
+### Git accounts
+- [GitHub](https://github.com/tommytran732)
+- [Metropolis GitLab](https://git.metropolis.nexus/tommy)
+
+Please by wary of anyone claiming to be me or using the handle "TommyTran732" reaching out to you. Chances are, they are an impersonator. You can always contact me via Matrix or Email for identity verification.

content/posts/hire-me/index.md

@@ -0,0 +1,18 @@
+---
+title: "I am open to work!"
+date: 2025-09-23
+---
+
+I’m currently open to new opportunities and eager to join a team in the U.S. or Canada as an employee. I do not take on freelance or contract work. For U.S. opportunities, I don’t require visa sponsorship at this time, though I may need it in the future. For Canadian opportunities, I will need an employer to apply for a work permit on my behalf. If you’re looking for a committed team member, let’s connect!
+
+## What I Can Do
+
+As a system administrator with 5 years of experience, I bring extensive expertise working with all three major Linux families—Red Hat, SUSE, and Debian—with a particular preference for Red Hat systems. While I am primarily a Linux administrator, I am also familiar with Windows systems and can handle tasks such as managing Active Directory.
+
+I prioritize creating secure and reliable systems, implementing measures like systemd hardening, container hardening, timely vulnerability patching for containers, attack surface reduction, and protecting systems from both external and internal threats.
+
+Most of my work is open source and available on GitHub. You can explore my server configurations on [Metropolis Nexus's GitHub](https://github.com/metropolis-nexus) to see my approach to system administration. For container security, I specialize in porting containers to Alpine Linux and performing daily rebuilds to ensure the latest patches are applied. Check out my work at [Polarix-Containers](https://github.com/polarix-containers), where I maintain a collection of OCI containers with enhanced protections.
+
+## Qualifications
+
+I hold several professional certifications, including the **Red Hat Certified System Administrator** and **Linux Foundation Certified Sysadmin**, demonstrating my expertise in Linux system administration. For a full list of my certifications, please visit my [LinkedIn profile](https://www.linkedin.com/in/tommytran732). I am committed to continuous learning and plan to pursue additional certifications in the near future to further enhance my skills.

content/posts/projects/index.md

@@ -0,0 +1,71 @@
+---
+title: "My Projects"
+date: 2022-09-02
+---
+
+These are some of my most notable projects. For a complete list, please visit my [GitHub profile](https://github.com/TommyTran732).
+
+## PrivSec.dev
+
+[PrivSec.dev](https://privsec.dev) is a website created by me and a few friends to provide practical privacy and security advice for end users. Think of it as a shared blog focused on this topic.
+
+We emphasize in-depth system configuration, security analysis, and software/hardware recommendations, prioritizing technical merits over ideologies or politics.
+
+## Polarix Containers
+
+[Polarix Containers](https://github.com/Polarix-Containers) is a collection of OCI containers designed to enhance security compared to upstream builds.
+
+Some containers are daily rebuilds of upstream containers, while others are rebuilt from scratch using Alpine Linux or Red Hat UBI with unprivileged users, maintaining upstream compatibility. Most builds include `hardened_malloc` for added security.
+
+Polarix Containers serve as the foundation for my other projects, such as [Metropolis.nexus](https://metropolis.nexus).
+
+## Metropolis.nexus
+
+[Metropolis.nexus](https://metropolis.nexus) is a collection of services I offer free of charge, including but not limited to:
+- Matrix
+- Mastodon
+- Vaultwarden
+- Redlib
+- Traccar
+- Stirling PDF
+- Signature PDF
+
+The [Metropolis-nexus GitHub organization](https://github.com/Metropolis-nexus) contains repositories documenting the system's setup. Key subprojects include:
+
+### Linux Setup Scripts
+
+These [setup scripts](https://github.com/Metropolis-nexus/Linux-Setup-Scripts) are used on my Linux systems and include hardening configurations such as:
+
+- Removal of unnecessary packages
+- Hardened boot parameters
+- Hardened `sysctl` settings
+- Kernel module blacklist from [SecureBlue](https://github.com/secureblue/secureblue)
+- SSH client and server hardening
+- Systemd hardening
+- Installation of Hardened Malloc on Red Hat systems
+- NTS setup
+
+### Fedora CoreOS Ignition Files
+
+These [Butane/Ignition configuration files](https://github.com/Metropolis-nexus/Fedora-CoreOS-Ignition) enable rapid deployment of Fedora CoreOS servers with the same hardening as the Linux Setup Scripts.
+
+They also include systemd services to:
+- Install and update gVisor at boot
+- Update containers in a Docker Compose stack daily
+
+### NGINX Configs
+
+My reverse proxy setup is available in [this repository](https://github.com/Metropolis-nexus/NGINX-Setup). It includes:
+- TLS configuration with strong cipher suites
+- A robust set of security headers
+- Content security policies for various services
+- ModSecurity configuration
+- Systemd hardening for system services
+
+## QubesOS scripts
+
+My [QubesOS scripts](https://github.com/TommyTran732/QubesOS-Script) configure Qubes virtual machines with the same hardening as my Linux setup scripts, tailored for Qubes' unique environment. I also provide documentation on how I set up my daily driver — a ThinkPad P53 — with Qubes for maximum privacy and security.
+
+## Microsoft Egde Policies
+
+Microsoft Edge can be one of the best browsers when configured properly, but it is privacy-invasive and has a large attack surface by default. My [list of policies](https://github.com/TommyTran732/Microsoft-Edge-Policies) configures it for improved privacy and security.

static/site.webmanifest

@@ -0,0 +1 @@
+{"name":"","short_name":"","icons":[{"src":"/android-chrome-192x192.png","sizes":"192x192","type":"image/png"},{"src":"/android-chrome-512x512.png","sizes":"512x512","type":"image/png"}],"theme_color":"#ffffff","background_color":"#ffffff","display":"standalone"}

static/tommy.asc

@@ -0,0 +1,17 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZYip3xYJKwYBBAHaRw8BAQdAg8efRKSxYv02Xhl7VLCb71duExzKT/U437P8
+bpwhvhG0IVRoaWVuIFRyYW4gPGNvbnRhY3RAdG9tbXl0cmFuLmlvPoiWBBMWCAA+
+FiEEe7dA9MbjD0PUB28DVVyQKjTslo8FAmWIqd8CGwMFCQWjmoAFCwkIBwIGFQoJ
+CAsCBBYCAwECHgECF4AACgkQVVyQKjTslo//6AEAvt58ku/TwB6zIOfvQYa0cYoj
+gTdFAou/w3l1yiK6v5YA/09cBI0bWka4HJPuWtACM8WoCzyX9HMQCJhrWz4mNZgD
+uDgEZYip3xIKKwYBBAGXVQEFAQEHQHZ640EjKVi0SEjM6K+3EgUnoOpcTquxhw9H
+G7heqfEJAwEIB4h+BBgWCAAmFiEEe7dA9MbjD0PUB28DVVyQKjTslo8FAmWIqd8C
+GwwFCQWjmoAACgkQVVyQKjTslo8lVwEAtLwM2qecldECFY1Efk6xrcsJr/pF93vb
+eBRI1nCA8ywA/0GCG58Qn26aAqsiBv39F8LQ2RojMiydAppWJwnmYBoJuDMEZYiq
+aBYJKwYBBAHaRw8BAQdAdSiTCWSCHOVJyT3whkXm+3enb6jorU36HWykQGcETVOI
+fgQYFggAJhYhBHu3QPTG4w9D1AdvA1VckCo07JaPBQJliKpoAhsgBQkFo5qAAAoJ
+EFVckCo07JaPH2AA/RUAT4KmKXDhru00NOrjvD6G65PSzhkcSGuZDK17xjLTAP9h
+gvsQ6ieu4OfN2DVCJMC9na5RtxyRB71vsMzBYyTQCQ==
+=XImG
+-----END PGP PUBLIC KEY BLOCK-----