fix: seafile-mirror git link

Reviewed-on: #16

.gitea/workflows/hugo.yaml

@@ -46,11 +46,19 @@ jobs:
           sed -i "s|__PROXY_URL__|${{ secrets.MATOMO_PROXY_URL }}|" static/config.php
           sed -i "s|__TOKEN_AUTH__|${{ secrets.MATOMO_TOKEN_AUTH }}|" static/config.php
 
+      - name: Check for broken links
+        run: |
+          if [ "${{ gitea.ref }}" = "refs/heads/main" ]; then
+            mise linkcheck --offline || true
+          else
+            mise linkcheck --offline
+          fi
+
       - name: Build website with Hugo
-        run: hugo
+        run: mise run build
 
       - name: Copy website to host
-        uses: https://github.com/appleboy/scp-action@v1.0.0
+        uses: https://github.com/appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0
         with:
           host: mehl.mx
           username: maxmehl

config.toml

@@ -12,6 +12,9 @@ summaryLength = 50
   leftDoubleQuote = '“'
   rightDoubleQuote = '”'
 
+[markup.goldmark.renderHooks.link]
+  useEmbedded = "fallback"
+
 [permalinks]
   blog = "/blog/:year/:slug"
 

content/blog/2015-01-next-station-tanzania.md

@@ -53,4 +53,4 @@ Any further questions? Do not hesitate [to ask me][3]!
 
  [1]: /2015/naechste-station-tansania
  [2]: /uploads/tanzania-map.png
- [3]: //max.mehl.mx/contact
+ [3]: /contact

content/blog/2023-09-seafile-mirror.md

@@ -20,7 +20,7 @@ all its files isn't so trivial. This is because the files are stored in a layout
 similar to bare Git repositories, and Seafile's headless tool, seafile-cli,
 is... suboptimal. So I created what started out as a wrapper for it and ended up
 as a full-blown tool for automatically synchronising your libraries to a backup
-location: [**Seafile Mirror**](https://src.mehl.mx/mxmehl/seafile-mirror).
+location: [**Seafile Mirror**](https://github.com/mxmehl/seafile-mirror).
 
 ## My requirements
 
@@ -64,7 +64,7 @@ turned out that this tool has a number of fundamental issues:
 
 ## The solution
 
-[seafile-mirror](https://src.mehl.mx/mxmehl/seafile-mirror) takes care of all
+[seafile-mirror](https://github.com/mxmehl/seafile-mirror) takes care of all
 these stumbling blocks:
 
 * It downloads/syncs defined libraries in customisable intervals
@@ -95,13 +95,13 @@ and configuration.
 The tool has been running every day since a couple of months without any issues.
 However, I could imagine a few more features to be helpful for more people:
 
+* Support of encrypted libraries: Shouldn't be a big issue, it would require
+  passing the password to the underlying seafile-cli command.
+  ([#1](https://github.com/mxmehl/seafile-mirror/issues/1))
 * Support of login tokens: Currently, only user/password auth is supported which
   is fine for my use-case as it's just a read-only user. This wouldn't be hard
   to fix either, seafile-cli supports it (at least in theory).
-  ([#2](https://src.mehl.mx/mxmehl/seafile-mirror/issues/2))
+  ([#2](https://github.com/mxmehl/seafile-mirror/issues/2))
-* Support of encrypted libraries: Shouldn't be a big issue, it would require
-  passing the password to the underlying seafile-cli command.
-  ([#3](https://src.mehl.mx/mxmehl/seafile-mirror/issues/3))
 
 If you have encountered problems or would like to point out the need for
 specific features, please feel free to contact me or comment on the Mastodon

content/blog/2026-03-foss-backstage-getting-real-supply-chain/index.md

@@ -0,0 +1,30 @@
+---
+title: "Getting Real with the Supply Chain: From SBOM Data to Action"
+date: 2026-03-17
+categories:
+  # Language
+  - english
+  # - deutsch
+  - presentation
+  # - podcast
+  # - article
+tags:
+  - OSPO
+  - SupplyChain
+  - DeutscheBahn
+headerimage:
+  src: max-cornelius-stage.jpg
+  alt: Cornelius Schumacher and Max Mehl giving the presentation at FOSS Backstage 2026. It's a total view of the auditorium from the back, with the two speakers on stage and the final slide in the background.
+# summary: Visible on the listing page, but not on the article page
+video: https://www.youtube.com/watch?v=M8wYRRCWaQU
+slides: https://up.mehl.mx/slides/2026-03-17-foss-backstage-supply-chain.pdf
+event:
+  name: FOSS Backstage 2026
+  href: https://26.foss-backstage.de/session/getting-real-with-the-supply-chain-from-sbom-data-to-action/
+---
+
+At DB, we handle 100,000+ SBOMs per day. For our small, virtual Open Source Program Office (OSPO), the challenge is not to get lost in the data, but to cut through the jungle and identify real risks. Together with my OSPO colleague Cornelius Schumacher, I presented this challenge at the FOSS Backstage conference in Berlin. We explained how we gather data, generate insights, and take action.
+
+This talk was partly inspired by my earlier FOSDEM talks ([here](/blog/2026-01-fosdem-supply-chain-strategy) and [there](/blog/2026-02-fosdem-sbom-collection)), where I focused on DB's SBOM program and its tools. In this presentation, however, we highlighted what can be learned from it for professional Open Source management.
+
+One topic stood out throughout the presentation: the need for an OSPO to balance between people, value, and risk. None of these should dominate, even though governance functions often tend to focus on risk. Instead, Cornelius and I advocated for a risk-based approach to managing Open Source.

content/blog/2026-03-gnulinux-podcast-lieferketten-deutsche-bahn/index.md

@@ -0,0 +1,28 @@
+---
+title: "Software-Lieferketten bei der Deutschen Bahn"
+date: 2026-03-25
+categories:
+  - deutsch
+  - podcast
+tags:
+  - Community
+  - DeutscheBahn
+  - SupplyChain
+summary: Ich wurde mal wieder von Ralf Hersel zum “Captain it’s Wednesday” Podcast von GNU/Linux.ch eingeladen, um über Software-Lieferketten bei der Deutschen Bahn zu sprechen. Anlass waren meine jüngsten Vorträge auf der FOSS Backstage und der FOSDEM, in denen ich über die Herausforderungen und Chancen von Software-Lieferketten bei der DB gesprochen habe.
+headerimage:
+  src: ciw.jpg
+  alt: The famous "Captain it's Wednesday" comic
+  processes:
+    - fill 1000x440 center webp
+audio: https://gnulinux.ch/podcast/CIW175.mp3
+event:
+  name: Captain it's Wednesday Podcast
+  href: https://gnulinux.ch/ciw175-podcast
+mastodon_toot_url: https://mastodon.social/@mxmehl/116318946107759692
+---
+
+Ich wurde mal wieder von Ralf Hersel zum "Captain it's Wednesday" Podcast von GNU/Linux.ch eingeladen, um über Software-Lieferketten bei der Deutschen Bahn zu sprechen. Anlass waren meine jüngsten Vorträge auf der [FOSS Backstage](/blog/2026-03-foss-backstage-getting-real-supply-chain) und der [FOSDEM](/blog/2026-01-fosdem-supply-chain-strategy), in denen ich über die Herausforderungen und Chancen von Software-Lieferketten bei der DB gesprochen habe.
+
+Mit Ralf habe ich mal ganz vorne angefangen: was ist eine Software-Lieferkette überhaupt, warum ist sie wichtig, und wie sieht sie bei einem großen Unternehmen wie der Deutschen Bahn aus, und was haben diese SBOMs damit zu tun? Wir haben über die enormen Mengen an Software-Komponenten gesprochen, die täglich bei der DB verarbeitet werden, und wie wir versuchen, den Überblick zu behalten und Risiken zu managen. Dabei ging es auch um die Rolle von Freier und Open Source in der Lieferkette und wie wir dabei mit der Community zusammenarbeiten.
+
+Nach exakt 37 Minuten war das Gespräch auch schon wieder vorbei und natürlich konnten wir nicht in jedes Detail eintauchen. Aber ich hoffe, es war dennoch ein interessanter Einblick für die Zuhörenden.

mise.toml

@@ -1,2 +1,33 @@
 [tools]
-hugo-extended = "0.157.0"
+hugo-extended = "0.159.1"
+lychee = "latest"
+
+[vars]
+build_dir = "public"
+
+[tasks.cleanup]
+description = "Clean up the build destination directory"
+run = "rm -r {{vars.build_dir}} || true"
+
+[tasks.build]
+depends = ["cleanup"]
+description = "Build the static site using Hugo"
+run = "hugo -d {{vars.build_dir}}"
+
+[tasks.preview]
+depends = ["cleanup"]
+description = "Preview the site locally using Hugo's built-in server"
+run = "hugo server"
+
+[tasks.linkcheck]
+depends = ["build"]
+description = "Check for broken links using lychee"
+run = '''
+lychee \
+  --max-concurrency 5 --cache --max-cache-age 1h \
+  --index-files 'index.html' \
+  --root-dir {{vars.build_dir}}/ \
+  -u 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) Apple WebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36' \
+  --exclude 'glyphicons-halflings-regular\.(eot|woff|woff2|ttf|svg)' \
+  {{vars.build_dir}}/
+'''

themes/hugo-sustain/assets/scss/default.scss

@@ -363,6 +363,13 @@ div.contact p {
       margin-top: 0;
     }
   }
+  // First and last card in the list have different border radius
+  .row:first-child .card {
+    border-radius: 1rem 1rem 0 1rem;
+  }
+  .row:last-child .card {
+    border-radius: 0 1rem 1rem 1rem;
+  }
 }
 
 /* Helpers */

themes/hugo-sustain/layouts/_default/list.html

@@ -65,7 +65,9 @@
           </div>
           <div class="col-xs-9 col-md-10">
             {{ if $selection }}
-              <span class="article-rss"><a class="label label-rss" href="/{{ .Data.Plural }}/{{lower .Title}}/index.xml" title="RSS Feed"><i class="fa fa-rss" aria-hidden="true"></i> Subscribe to »{{.Title}}«</a></span>
+              {{- with .OutputFormats.Get "RSS" -}}
+                <span class="article-rss"><a class="label label-rss" href="{{ .Permalink }}" title="RSS Feed"><i class="fa fa-rss" aria-hidden="true"></i> Subscribe to »{{ $.Title }}«</a></span>
+              {{- end -}}
             {{ else }}
               <span class="article-rss"><a class="label label-rss" href="/blog/index.xml" title="RSS Feed"><i class="fa fa-rss" aria-hidden="true"></i>  Subscribe to all posts</a></span>
             {{ end }}

themes/hugo-sustain/layouts/partials/head/css.html

@@ -13,9 +13,10 @@
 
 <!-- Theme stylesheet, combination of all in assets/scss -->
 {{- $style := resources.Get "scss/main.scss" | resources.ExecuteAsTemplate "scss/main.scss" . | toCSS (dict "targetPath" "css/main.css" "enableSourceMap" false) }}
-<link rel="stylesheet" href="{{ ($style).RelPermalink }}?v={{ md5 time.Now.Unix }}">
+<link rel="stylesheet" href="{{ ($style).RelPermalink }}?v={{ md5 $style.Content }}">
 
 <!-- Custom CSS -->
 {{- range .Site.Params.custom_css }}
-<link rel="stylesheet" href="{{ relURL . }}?v={{ md5 time.Now.Unix }}" />
+{{- $md5 := md5 (readFile (printf "static/%s" .)) }}
+<link rel="stylesheet" href="{{ relURL . }}?v={{ $md5 }}" />
 {{- end }}