Introduction
I’ve been meaning to start this blog again now I have more time; I moved house and was focused on fixing the new place.
Anyway, first things first: I’ve decided to ditch Wordpress.com. It’s an OK platform, but does feel a little crufty in this day and age. As my subscription is up for renewal soon, I decided to take the hint and rebuild it.
The source and content is now held in a git repo, and the now-static production site itself is hosted in an S3 bucket. As there’s no server this should keep hosting costs to a minimum, as well as reducing the number of things that can go wrong.
I also really like having the source content and images stored in git under my control: I found storing images in wordpress was always kind of a “soup” of unversioned images.
Architecture
Hey, I’m a Director of Architecture, so lets have a diagram of.. some.. architecture!
The content is stored as markdown files in git.
Those are turned into static HTML and pushed to S3.
Finally, there’s a Cloudfront CDN in front of it to speed things up.
I use Astro to turn the markdown into static HTML and build the other bits of the site.
I’m also using Pagefind to add the search box to the site: its entirely static and runs only in your browser.
So my publication pipeline is now:
- I commit a new article to git.
- A Github action runs a CI pipeline to render it to static HTML
- Static HTML is synced to S3
- Cloudfront CDN is invalidated so changes appear promptly!
Here’s an example of the markdown for a post:
---
title: "picotherm: Controlling an OpenTherm Boiler with a Raspberry Pi Pico"
pubDate: 2024-03-12T21:59:23.000Z
categories: ["Projects"]
tags: ["baxi", "boiler", "opentherm", "pico", "python", "raspberry", "raspberry pi pico"]
heroImage: "./2024-03-12-picotherm-controlling-an-opentherm-boiler-with-a-raspberry-pi-pico/debugging_boiler-7106d318.jpg"
---
# Introduction
In our old flat, we had control over our heating from our phones: I’d reverse engineered the RF control protocol used by our Salus thermostat. I never got round to blogging about that, but the code is available [here](https://github.com/adq/heating).
[snip]Supporting Comments
I still wanted to have the ability for others to comment: this took a bit more thought and engineering.
I want the site to be static and self contained, so no databases or third party services are allowed. Any comments must be stored in git with the content.
However, this is the internet in 2026 so I definitely need some sort of review process.
This is what I came up with:
So the process is:
-
User posts a comment from the website using a form.
-
That is sent to a serverless Lambda function:
This creates a base64 machine readable version of the comment, and importantly, it computes a verification code based on that and a shared secret.
Finally, it emails that, and a human readable version to me.
-
I get the email, and, if I decide to accept the comment, I simply reply to the email with “PUBLISH
” -
A second system polls the email looking for those replies: if it finds one, and the verification code is correct, it adds the comment to git and commits it. Oh, and it checks that only I sent that reply.
-
Finally, the normal github action then picks up and publication process is as normal.
If I don’t want to accept a comment, I simply delete the email!
This avoids any sort of database or message queue (even temporarily) by using technology from 1971.
I believe this is secure as well, eliminating the possibility of bad actors from inserting faked comments.
Here’s an example comment email:
New comment awaiting your decision.
Post: picotherm: Controlling an OpenTherm Boiler with a Raspberry Pi Pico
Link: https://blog-tng.lidskialf.net/2024/03/12/picotherm-controlling-an-opentherm-boiler-with-a-raspberry-pi-pico/
Author: test4
Email: test4@test.com
Website: https://test4.com
Comment:
* one
* two
* three
something
else
------------------------------------------------------------
Verification code: AAAA-BBBB-CCCC
To PUBLISH this comment, reply to this email typing this line at the top:
PUBLISH AAAA-BBBB-CCCC
(Type it yourself — the code ties your approval to this specific comment.)
To reject it, just delete this email. Nothing happens unless you reply.
------------------------------------------------------------
-----BEGIN COMMENT-----
eyJwb3N0SWQiOiIyMDI0LzIwMjQtMDMtMTItcGljb3RoZXJtLWNvbnRyb2xsaW5nLWFuLW9wZW50aGVybS1ib2lsZXItd2l0aC1hLXJhc3BiZXJyeS1waS1waWNvIiwicG9zdFRpdGxlIjoicGljb3RoZXJtOiBDb250cm9sbGluZyBhbiBPcGVuVGhlcm0gQm9pbGVyIHdpdGggYSBSYXNwYmVycnkgUGkgUGljbyIsImNvbW1lbnQiOnsiaWQiOiJjLW1xeDB3dHdpLTZncjJqNiIsImF1dGhvciI6InRlc3Q0IiwiYXV0aG9yVXJsIjoiaHR0cHM6Ly90ZXN0NC5jb20iLCJkYXRlIjoiMjAyNi0wNi0yOFQwMDowMTowNi40NDFaIiwiY29udGVudCI6Iiogb25lXG4qIHR3b1xuKiB0aHJlZVxuXG5zb21ldGhpbmdcblxuZWxzZSJ9fQ
-----END COMMENT-----The comments are stored in a “sidecar” YAML file in git to keep them seperate from the actual article for data cleanliness. Here’s a real example:
comments:
- id: '5296'
author: myprofoundly3272188d48
date: '2025-01-02T11:29:12.000Z'
content: Hi, thanks for posting this, I'm definitely going to try and connect to my boiler. I've ordered the OpenTherm interface and already have a pico. I'm a Home Assistant user and interested in how you connected this as a sensor? Apologies if I've missed it somewhere or this isn't the place for questions like that. Cheers, RichardConclusion
No doubt there will be teething issues, but it all seems to work quite well so far.
As a bonus, I added some new widgets to help finding things too. Oh, and the comments support markdown as well!
More importantly though, I now have control and ownership over everything.
Leave a comment
Comments are moderated, so yours won't appear immediately. Your email is never published.