add hire/resume pages, contact form, security middleware, and admin improvements

.env.example

@@ -35,3 +35,11 @@ ADMIN_PASSWORD_HASH=$2a$12$examplehashgoeshere...
 # Secret key for signing session cookies. Use a long random string.
 # Generate with: openssl rand -hex 32
 SESSION_SECRET=change-me-use-openssl-rand-hex-32
+
+# ------------------------------------------------------------------
+# Contact / Hire form
+# ------------------------------------------------------------------
+
+# Email address that receives hire form submissions.
+# Requires a working local MTA (OpenSMTPD) listening on localhost:25.
+CONTACT_EMAIL=hire@ridgwaysystems.org

cmd/server/main.go

@@ -48,14 +48,22 @@ func main() {
 	mux.HandleFunc("GET /infrastructure", h.Infrastructure)
 	mux.HandleFunc("GET /status", h.Status)
 	mux.HandleFunc("GET /about", h.About)
+	mux.HandleFunc("GET /hire", h.Hire)
+	mux.HandleFunc("POST /hire", h.HirePost)
+	mux.HandleFunc("GET /resume", h.Resume)
 	mux.HandleFunc("GET /sitemap.xml", h.Sitemap)
 
 	// Admin routes (auth handled per-handler)
 	mux.HandleFunc("/admin", h.AdminDashboard)
 	mux.HandleFunc("/admin/", h.AdminRouter)
 
+	srv := handler.Chain(mux,
+		handler.LoggingMiddleware,
+		handler.SecurityHeadersMiddleware,
+	)
+
 	log.Printf("ridgwaysystems.org starting on :%s (DEV=%s)", port, os.Getenv("DEV"))
-	log.Fatal(http.ListenAndServe(":"+port, mux))
+	log.Fatal(http.ListenAndServe(":"+port, srv))
 }
 
 // generateSyntaxCSS writes a chroma CSS file with light and dark themes.

internal/blog/store.go

@@ -161,6 +161,28 @@ func (s *Store) Search(query string) ([]*Post, error) {
 	return results, nil
 }
 
+// Neighbors returns the posts immediately older and newer than slug in
+// date-descending order (newer = more recent = lower index).
+// Either value may be nil if slug is at the boundary.
+func (s *Store) Neighbors(slug string) (older, newer *Post, err error) {
+	posts, err := s.All(false)
+	if err != nil {
+		return nil, nil, err
+	}
+	for i, p := range posts {
+		if p.Slug == slug {
+			if i+1 < len(posts) {
+				older = posts[i+1]
+			}
+			if i > 0 {
+				newer = posts[i-1]
+			}
+			return older, newer, nil
+		}
+	}
+	return nil, nil, errors.New("post not found: " + slug)
+}
+
 // AllTags returns a deduplicated list of tags across all published posts.
 func (s *Store) AllTags() ([]string, error) {
 	posts, err := s.All(false)

internal/handler/admin.go

@@ -60,6 +60,9 @@ func (h *Handler) AdminRouter(w http.ResponseWriter, r *http.Request) {
 	case path == "/admin/upload":
 		h.requireAuth(h.adminUpload)(w, r)
 
+	case path == "/admin/uploads":
+		h.requireAuth(h.adminUploads)(w, r)
+
 	default:
 		h.renderErr(w, http.StatusNotFound, "Admin page not found.")
 	}
@@ -337,6 +340,40 @@ func (h *Handler) adminUpload(w http.ResponseWriter, r *http.Request) {
 	fmt.Fprintf(w, `{"url":"%s","markdown":"![image](%s)"}`, url, url)
 }
 
+// --- Uploads browser ---
+
+type uploadFile struct {
+	Name     string
+	URL      string
+	Markdown string
+}
+
+type uploadsData struct {
+	Files []uploadFile
+	Flash string
+}
+
+func (h *Handler) adminUploads(w http.ResponseWriter, r *http.Request) {
+	const dir = "static/uploads"
+	entries, err := os.ReadDir(dir)
+	var files []uploadFile
+	if err == nil {
+		for _, e := range entries {
+			if e.IsDir() {
+				continue
+			}
+			name := e.Name()
+			url := "/static/uploads/" + name
+			files = append(files, uploadFile{
+				Name:     name,
+				URL:      url,
+				Markdown: "![image](" + url + ")",
+			})
+		}
+	}
+	h.render(w, "admin-uploads", uploadsData{Files: files, Flash: r.URL.Query().Get("flash")})
+}
+
 // sanitizeSlug ensures a slug is filesystem-safe.
 func sanitizeSlug(s string) string {
 	s = strings.ToLower(strings.TrimSpace(s))

internal/handler/handler.go

@@ -2,6 +2,7 @@
 package handler
 
 import (
+	"fmt"
 	"html/template"
 	"log"
 	"net/http"
@@ -13,20 +14,22 @@ import (
 
 // Handler holds shared dependencies for all HTTP handlers.
 type Handler struct {
-	store     *blog.Store
+	store        *blog.Store
-	dataDir   string
+	dataDir      string
-	templates map[string]*template.Template
+	templates    map[string]*template.Template
-	siteURL   string
+	siteURL      string
-	devMode   bool
+	contactEmail string
+	devMode      bool
 }
 
 // New creates a Handler. dataDir is the path to the data/ directory.
 func New(store *blog.Store, dataDir string) *Handler {
 	h := &Handler{
-		store:   store,
+		store:        store,
-		dataDir: dataDir,
+		dataDir:      dataDir,
-		siteURL: getenv("SITE_URL", "https://ridgwaysystems.org"),
+		siteURL:      getenv("SITE_URL", "https://ridgwaysystems.org"),
-		devMode: os.Getenv("DEV") == "1",
+		contactEmail: getenv("CONTACT_EMAIL", "hire@ridgwaysystems.org"),
+		devMode:      os.Getenv("DEV") == "1",
 	}
 	if !h.devMode {
 		h.templates = mustLoadTemplates()
@@ -69,10 +72,14 @@ func mustLoadTemplates() map[string]*template.Template {
 		{"infrastructure", "templates/infrastructure.html"},
 		{"status", "templates/status.html"},
 		{"about", "templates/about.html"},
+		{"hire", "templates/hire.html"},
+		{"resume", "templates/resume.html"},
+		{"error", "templates/error.html"},
 		{"admin-login", "templates/admin/login.html"},
 		{"admin-dashboard", "templates/admin/dashboard.html"},
 		{"admin-editor", "templates/admin/editor.html"},
 		{"admin-status", "templates/admin/status.html"},
+		{"admin-uploads", "templates/admin/uploads.html"},
 	}
 
 	for _, p := range pages {
@@ -98,8 +105,24 @@ func (h *Handler) render(w http.ResponseWriter, name string, data any) {
 	}
 }
 
+// errorData is passed to the error template.
+type errorData struct {
+	Code    int
+	Title   string
+	Message string
+}
+
 func (h *Handler) renderErr(w http.ResponseWriter, code int, msg string) {
 	w.Header().Set("Content-Type", "text/html; charset=utf-8")
 	w.WriteHeader(code)
-	w.Write([]byte("<html><body><h1>" + http.StatusText(code) + "</h1><p>" + msg + "</p><a href='/'>Home</a></body></html>"))
+	data := errorData{Code: code, Title: http.StatusText(code), Message: msg}
+	t := h.tmpl("error")
+	if t == nil {
+		fmt.Fprintf(w, "<html><body><h1>%d %s</h1><p>%s</p><a href='/'>Home</a></body></html>",
+			code, http.StatusText(code), msg)
+		return
+	}
+	if err := t.ExecuteTemplate(w, "base", data); err != nil {
+		log.Printf("renderErr %d: %v", code, err)
+	}
 }

internal/handler/middleware.go

@@ -0,0 +1,54 @@
+package handler
+
+import (
+	"log"
+	"net/http"
+	"strings"
+	"time"
+)
+
+// Chain wraps h with each middleware in order (first applied outermost).
+func Chain(h http.Handler, mw ...func(http.Handler) http.Handler) http.Handler {
+	for i := len(mw) - 1; i >= 0; i-- {
+		h = mw[i](h)
+	}
+	return h
+}
+
+// LoggingMiddleware logs method, path, status code, and duration.
+func LoggingMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		start := time.Now()
+		lw := &loggingResponseWriter{ResponseWriter: w, code: http.StatusOK}
+		next.ServeHTTP(lw, r)
+		log.Printf("%s %s %d %s", r.Method, r.URL.RequestURI(), lw.code, time.Since(start))
+	})
+}
+
+type loggingResponseWriter struct {
+	http.ResponseWriter
+	code int
+}
+
+func (lw *loggingResponseWriter) WriteHeader(code int) {
+	lw.code = code
+	lw.ResponseWriter.WriteHeader(code)
+}
+
+// SecurityHeadersMiddleware sets security-related HTTP response headers.
+// Admin paths get script-src 'self'; all other paths get script-src 'none'.
+func SecurityHeadersMiddleware(next http.Handler) http.Handler {
+	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		scriptSrc := "'none'"
+		if strings.HasPrefix(r.URL.Path, "/admin") {
+			scriptSrc = "'self'"
+		}
+		w.Header().Set("Content-Security-Policy",
+			"default-src 'self'; script-src "+scriptSrc+"; style-src 'self'; img-src 'self' data:; font-src 'self'; frame-ancestors 'none'")
+		w.Header().Set("X-Frame-Options", "DENY")
+		w.Header().Set("X-Content-Type-Options", "nosniff")
+		w.Header().Set("Referrer-Policy", "strict-origin-when-cross-origin")
+		w.Header().Set("Permissions-Policy", "camera=(), microphone=(), geolocation=()")
+		next.ServeHTTP(w, r)
+	})
+}

internal/handler/public.go

@@ -2,6 +2,8 @@ package handler
 
 import (
 	"encoding/xml"
+	"fmt"
+	"log"
 	"net/http"
 	"path/filepath"
 	"strconv"
@@ -10,6 +12,7 @@ import (
 
 	"ridgwaysystems.org/website/internal/blog"
 	"ridgwaysystems.org/website/internal/feed"
+	"ridgwaysystems.org/website/internal/mailer"
 	"ridgwaysystems.org/website/internal/status"
 )
 
@@ -107,6 +110,13 @@ func (h *Handler) BlogList(w http.ResponseWriter, r *http.Request) {
 	})
 }
 
+// postPageData is passed to the post template.
+type postPageData struct {
+	*blog.Post
+	Older *blog.Post
+	Newer *blog.Post
+}
+
 func (h *Handler) BlogPost(w http.ResponseWriter, r *http.Request) {
 	slug := r.PathValue("slug")
 	if slug == "" {
@@ -123,7 +133,8 @@ func (h *Handler) BlogPost(w http.ResponseWriter, r *http.Request) {
 		h.renderErr(w, http.StatusNotFound, "Post not found.")
 		return
 	}
-	h.render(w, "post", post)
+	older, newer, _ := h.store.Neighbors(slug)
+	h.render(w, "post", postPageData{Post: post, Older: older, Newer: newer})
 }
 
 func (h *Handler) Feed(w http.ResponseWriter, r *http.Request) {
@@ -167,6 +178,62 @@ func (h *Handler) About(w http.ResponseWriter, r *http.Request) {
 	h.render(w, "about", nil)
 }
 
+func (h *Handler) Resume(w http.ResponseWriter, r *http.Request) {
+	h.render(w, "resume", nil)
+}
+
+// --- Hire / Contact ---
+
+type hireData struct {
+	Name    string
+	Email   string
+	Company string
+	Message string
+	Error   string
+	Success bool
+}
+
+func (h *Handler) Hire(w http.ResponseWriter, r *http.Request) {
+	h.render(w, "hire", hireData{})
+}
+
+func (h *Handler) HirePost(w http.ResponseWriter, r *http.Request) {
+	if err := r.ParseForm(); err != nil {
+		h.renderErr(w, http.StatusBadRequest, "Bad form data.")
+		return
+	}
+	d := hireData{
+		Name:    strings.TrimSpace(r.FormValue("name")),
+		Email:   strings.TrimSpace(r.FormValue("email")),
+		Company: strings.TrimSpace(r.FormValue("company")),
+		Message: strings.TrimSpace(r.FormValue("message")),
+	}
+	if d.Name == "" || d.Email == "" || d.Message == "" {
+		d.Error = "Name, email, and message are required."
+		h.render(w, "hire", d)
+		return
+	}
+	if !strings.Contains(d.Email, "@") {
+		d.Error = "Please enter a valid email address."
+		h.render(w, "hire", d)
+		return
+	}
+
+	subject := "Hire inquiry from " + d.Name
+	body := fmt.Sprintf("Name:    %s\nEmail:   %s\nCompany: %s\n\nMessage:\n%s\n",
+		d.Name, d.Email, d.Company, d.Message)
+
+	if err := mailer.Send(h.contactEmail, subject, body); err != nil {
+		log.Printf("contact form mail error: %v", err)
+		d.Error = "Could not send message. Please email hire@ridgwaysystems.org directly."
+		h.render(w, "hire", d)
+		return
+	}
+
+	d.Success = true
+	h.render(w, "hire", d)
+}
+
 // --- Sitemap ---
 
 type urlset struct {
@@ -188,6 +255,8 @@ func (h *Handler) Sitemap(w http.ResponseWriter, r *http.Request) {
 	urls := []sitemapURL{
 		{Loc: h.siteURL + "/", Freq: "weekly", Prio: "1.0"},
 		{Loc: h.siteURL + "/blog", Freq: "weekly", Prio: "0.9"},
+		{Loc: h.siteURL + "/hire", Freq: "monthly", Prio: "0.9"},
+		{Loc: h.siteURL + "/resume", Freq: "monthly", Prio: "0.7"},
 		{Loc: h.siteURL + "/infrastructure", Freq: "monthly", Prio: "0.7"},
 		{Loc: h.siteURL + "/status", Freq: "daily", Prio: "0.6"},
 		{Loc: h.siteURL + "/about", Freq: "monthly", Prio: "0.5"},

internal/mailer/mailer.go

@@ -0,0 +1,18 @@
+// Package mailer sends email via the local SMTP relay (OpenSMTPD on localhost:25).
+package mailer
+
+import (
+	"fmt"
+	"net/smtp"
+)
+
+const from = "noreply@ridgwaysystems.org"
+
+// Send delivers a plain-text email through the local MTA.
+func Send(to, subject, body string) error {
+	msg := fmt.Sprintf(
+		"From: %s\r\nTo: %s\r\nSubject: %s\r\nMIME-Version: 1.0\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n%s",
+		from, to, subject, body,
+	)
+	return smtp.SendMail("localhost:25", nil, from, []string{to}, []byte(msg))
+}

static/css/style.css

@@ -619,6 +619,29 @@ blockquote {
 
 /* === About / Prose === */
 
+.about-header {
+  display: flex;
+  align-items: center;
+  gap: 1.5rem;
+  margin-bottom: 2rem;
+  padding-bottom: 1.5rem;
+  border-bottom: 1px solid var(--border);
+}
+
+.about-avatar {
+  width: 72px;
+  height: 72px;
+  border-radius: 6px;
+  flex-shrink: 0;
+  border: 1px solid var(--border);
+}
+
+.about-header h1 { margin: 0; }
+
+@media (max-width: 480px) {
+  .about-avatar { width: 52px; height: 52px; }
+}
+
 .prose {
   max-width: 640px;
   line-height: 1.75;
@@ -915,6 +938,396 @@ blockquote {
   font-family: var(--font-mono);
 }
 
+/* === Post Nav (prev/next) === */
+
+.post-nav {
+  display: flex;
+  align-items: center;
+  justify-content: space-between;
+  gap: 1rem;
+  font-size: 0.88rem;
+  font-family: var(--font-mono);
+}
+
+.post-nav-prev,
+.post-nav-next { flex: 1; }
+
+.post-nav-next { text-align: right; }
+
+.post-nav-all {
+  color: var(--text-muted);
+  white-space: nowrap;
+}
+
+/* === Error Page === */
+
+.error-page {
+  text-align: center;
+  padding: 4rem 1rem;
+}
+
+.error-code {
+  font-family: var(--font-mono);
+  font-size: 4rem;
+  font-weight: 700;
+  color: var(--accent);
+  line-height: 1;
+  margin-bottom: 0.25em;
+}
+
+.error-page h1 { margin-top: 0; }
+.error-page p { color: var(--text-muted); }
+.error-page .btn { margin: 0.3rem; }
+
+/* === Upload Browser === */
+
+.upload-browser {
+  display: grid;
+  grid-template-columns: repeat(auto-fill, minmax(220px, 1fr));
+  gap: 1rem;
+  margin-top: 1rem;
+}
+
+.upload-item {
+  background: var(--bg-alt);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  overflow: hidden;
+}
+
+.upload-thumb {
+  width: 100%;
+  height: 140px;
+  object-fit: cover;
+  display: block;
+  background: var(--bg-code);
+}
+
+.upload-info {
+  padding: 0.6rem 0.75rem;
+  display: flex;
+  flex-direction: column;
+  gap: 0.3rem;
+}
+
+.upload-name,
+.upload-md {
+  font-size: 0.75rem;
+  word-break: break-all;
+  color: var(--text-muted);
+  user-select: all;
+}
+
+/* === Hire Page === */
+
+.nav-hire { color: var(--accent) !important; }
+.nav-hire:hover { color: var(--accent-dim) !important; }
+
+.hire-page { max-width: var(--max-w); }
+
+.hire-intro {
+  margin-bottom: 2.5rem;
+  padding-bottom: 1.5rem;
+  border-bottom: 1px solid var(--border);
+}
+
+.hire-intro h1 { margin-bottom: 0.3em; }
+
+.hire-tagline {
+  font-size: 1.05rem;
+  color: var(--text-muted);
+  font-style: italic;
+  margin: 0 0 1em;
+}
+
+.services-grid {
+  display: grid;
+  grid-template-columns: repeat(auto-fit, minmax(195px, 1fr));
+  gap: 0.85rem;
+  margin: 1.25rem 0 2.5rem;
+}
+
+.service-card {
+  background: var(--bg-alt);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  padding: 0.9rem 1rem;
+}
+
+.service-card h3 {
+  font-family: var(--font-mono);
+  font-size: 0.88rem;
+  margin: 0 0 0.4em;
+  color: var(--accent);
+  font-weight: 600;
+}
+
+.service-card p {
+  font-size: 0.84rem;
+  color: var(--text-muted);
+  margin: 0;
+  line-height: 1.5;
+}
+
+.hire-availability {
+  background: var(--bg-alt);
+  border: 1px solid var(--border);
+  border-left: 3px solid var(--accent);
+  border-radius: var(--radius);
+  padding: 0.8rem 1rem;
+  font-size: 0.9rem;
+  margin-bottom: 2.5rem;
+  color: var(--text-muted);
+}
+
+.hire-availability strong {
+  font-family: var(--font-mono);
+  color: var(--accent);
+}
+
+.contact-section h2 { margin-bottom: 0.4em; }
+
+.contact-form {
+  display: flex;
+  flex-direction: column;
+  gap: 1rem;
+  max-width: 540px;
+}
+
+.form-group {
+  display: flex;
+  flex-direction: column;
+  gap: 0.35rem;
+}
+
+.form-group label {
+  font-size: 0.85rem;
+  font-weight: 600;
+  color: var(--text-muted);
+}
+
+.form-group input,
+.form-group textarea {
+  padding: 0.5em 0.75em;
+  background: var(--bg);
+  border: 1px solid var(--border-dark);
+  border-radius: var(--radius);
+  color: var(--text);
+  font-size: 0.95rem;
+  font-family: var(--font-sans);
+  line-height: 1.5;
+}
+
+.form-group input:focus,
+.form-group textarea:focus {
+  outline: 2px solid var(--accent);
+  outline-offset: 1px;
+  border-color: var(--accent);
+}
+
+.form-group textarea {
+  min-height: 140px;
+  resize: vertical;
+  line-height: 1.65;
+}
+
+.field-note {
+  font-size: 0.78rem;
+  color: var(--text-muted);
+  font-family: var(--font-mono);
+  font-weight: 400;
+}
+
+.required-mark { color: var(--accent); }
+
+.form-success {
+  background: #efe;
+  border: 1px solid #9d9;
+  border-radius: var(--radius);
+  padding: 0.9rem 1.1rem;
+  color: #2a7a2a;
+  margin-bottom: 1rem;
+  font-size: 0.95rem;
+}
+
+@media (prefers-color-scheme: dark) {
+  .form-success { background: #1a3020; border-color: #2a6a3a; color: #6db88a; }
+}
+
+/* === Resume Page === */
+
+.resume-page { max-width: var(--max-w); }
+
+.resume-actions {
+  display: flex;
+  align-items: center;
+  gap: 0.75rem;
+  margin-bottom: 2rem;
+  flex-wrap: wrap;
+}
+
+.resume-print-hint {
+  font-size: 0.8rem;
+  color: var(--text-muted);
+  font-family: var(--font-mono);
+}
+
+.resume-print-hint kbd {
+  font-family: var(--font-mono);
+  font-size: 0.78em;
+  background: var(--bg-alt);
+  border: 1px solid var(--border-dark);
+  border-radius: 3px;
+  padding: 0.1em 0.35em;
+}
+
+.resume-header {
+  margin-bottom: 2rem;
+  padding-bottom: 1.25rem;
+  border-bottom: 2px solid var(--border-dark);
+}
+
+.resume-header h1 { font-size: 2rem; margin-bottom: 0.1em; }
+
+.resume-tagline {
+  font-size: 0.95rem;
+  color: var(--text-muted);
+  margin: 0 0 0.75em;
+}
+
+.resume-contact {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 0.35rem 1.25rem;
+  font-size: 0.82rem;
+  font-family: var(--font-mono);
+  color: var(--text-muted);
+}
+
+.resume-contact a { color: var(--text-muted); }
+.resume-contact a:hover { color: var(--accent); }
+
+.resume-section { margin-bottom: 2rem; }
+
+.resume-section > p { font-size: 0.9rem; line-height: 1.7; }
+
+.resume-section h2 {
+  font-size: 0.75rem;
+  text-transform: uppercase;
+  letter-spacing: 0.1em;
+  color: var(--text-muted);
+  border-bottom: 1px solid var(--border);
+  padding-bottom: 0.3em;
+  margin: 0 0 1.25rem;
+  font-family: var(--font-mono);
+  font-weight: 600;
+}
+
+.resume-job { margin-bottom: 1.4rem; }
+.resume-job:last-child { margin-bottom: 0; }
+
+.resume-job-header {
+  display: flex;
+  justify-content: space-between;
+  align-items: baseline;
+  flex-wrap: wrap;
+  gap: 0.15rem 1rem;
+  margin-bottom: 0.1em;
+}
+
+.resume-role { font-weight: 700; font-size: 0.97rem; }
+
+.resume-dates {
+  font-family: var(--font-mono);
+  font-size: 0.78rem;
+  color: var(--text-muted);
+  white-space: nowrap;
+}
+
+.resume-org {
+  font-size: 0.88rem;
+  margin-bottom: 0.45em;
+}
+
+.resume-company { font-weight: 600; color: var(--accent); }
+
+.resume-location {
+  color: var(--text-muted);
+  font-family: var(--font-mono);
+  font-size: 0.82rem;
+}
+
+.resume-job ul {
+  margin: 0;
+  padding-left: 1.2em;
+}
+
+.resume-job li {
+  font-size: 0.87rem;
+  margin-bottom: 0.3em;
+  line-height: 1.55;
+}
+
+.resume-cert-list {
+  display: flex;
+  flex-wrap: wrap;
+  gap: 0.4rem;
+  padding: 0;
+  list-style: none;
+  margin: 0;
+}
+
+.resume-cert {
+  font-family: var(--font-mono);
+  font-size: 0.78rem;
+  background: var(--bg-alt);
+  border: 1px solid var(--border);
+  border-radius: var(--radius);
+  padding: 0.2em 0.65em;
+  color: var(--text-muted);
+}
+
+.resume-skills dl {
+  display: grid;
+  grid-template-columns: 6rem 1fr;
+  gap: 0.5em 1em;
+  font-size: 0.87rem;
+  margin: 0;
+}
+
+.resume-skills dt {
+  font-weight: 600;
+  color: var(--text);
+  line-height: 1.55;
+}
+
+.resume-skills dd {
+  margin: 0;
+  color: var(--text-muted);
+  line-height: 1.55;
+}
+
+@media (max-width: 500px) {
+  .resume-skills dl { grid-template-columns: 1fr; gap: 0.15em; }
+  .resume-skills dt { margin-top: 0.5em; }
+}
+
+@media print {
+  .site-header,
+  .site-footer,
+  .resume-actions { display: none !important; }
+
+  body { background: #fff !important; color: #000 !important; }
+  .main-content { max-width: 100%; padding: 0.5cm 1cm; }
+  a { color: #000 !important; }
+  .resume-header { border-bottom-color: #999 !important; }
+  .resume-section h2 { border-bottom-color: #ccc !important; color: #555 !important; }
+  .resume-company { color: #000 !important; }
+  .resume-cert { background: #f5f5f5 !important; border-color: #ccc !important; }
+  .resume-skills dt { color: #000 !important; }
+  .resume-skills dd { color: #333 !important; }
+}
+
 /* === Responsive === */
 
 @media (max-width: 600px) {

static/favicon.svg

@@ -0,0 +1,14 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 32 32">
+  <rect width="32" height="32" rx="5" fill="#1a1918"/>
+  <polyline
+    points="7,10 18,16 7,22"
+    fill="none"
+    stroke="#e8870a"
+    stroke-width="3.5"
+    stroke-linecap="round"
+    stroke-linejoin="round"/>
+  <line x1="20" y1="22" x2="27" y2="22"
+    stroke="#e8870a"
+    stroke-width="3.5"
+    stroke-linecap="round"/>
+</svg>

static/img/avatar.svg

@@ -0,0 +1,24 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 512 512">
+  <!-- Background -->
+  <rect width="512" height="512" fill="#1a1918"/>
+
+  <!-- Subtle inner border / frame -->
+  <rect x="1" y="1" width="510" height="510" fill="none" stroke="#2e2c2a" stroke-width="2"/>
+
+  <!-- > chevron -->
+  <polyline
+    points="128,172 284,256 128,340"
+    fill="none"
+    stroke="#e8870a"
+    stroke-width="36"
+    stroke-linecap="round"
+    stroke-linejoin="round"/>
+
+  <!-- _ cursor -->
+  <line
+    x1="308" y1="340"
+    x2="424" y2="340"
+    stroke="#e8870a"
+    stroke-width="36"
+    stroke-linecap="round"/>
+</svg>

static/img/wallpaper.svg

@@ -0,0 +1,190 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1920 1080" shape-rendering="geometricPrecision">
+  <defs>
+    <!-- Dot grid -->
+    <pattern id="dots" width="48" height="48" patternUnits="userSpaceOnUse">
+      <circle cx="24" cy="24" r="1.1" fill="#c86800" opacity="0.14"/>
+    </pattern>
+
+    <!-- Scan lines -->
+    <pattern id="scanlines" width="1" height="4" patternUnits="userSpaceOnUse">
+      <rect width="1" height="2" fill="#000" opacity="1"/>
+    </pattern>
+
+    <!-- Glow for the >_ mark -->
+    <filter id="glow" x="-40%" y="-40%" width="180%" height="180%">
+      <feGaussianBlur stdDeviation="16" result="blur1"/>
+      <feGaussianBlur stdDeviation="5"  result="blur2"/>
+      <feMerge>
+        <feMergeNode in="blur1"/>
+        <feMergeNode in="blur1"/>
+        <feMergeNode in="blur2"/>
+        <feMergeNode in="SourceGraphic"/>
+      </feMerge>
+    </filter>
+
+    <!-- Soft radial glow behind the mark -->
+    <radialGradient id="centerGlow" cx="50%" cy="50%" r="50%">
+      <stop offset="0%"   stop-color="#e8870a" stop-opacity="0.07"/>
+      <stop offset="100%" stop-color="#e8870a" stop-opacity="0"/>
+    </radialGradient>
+
+    <!-- Vignette -->
+    <radialGradient id="vignette" cx="50%" cy="50%" r="72%">
+      <stop offset="0%"   stop-color="#000" stop-opacity="0"/>
+      <stop offset="100%" stop-color="#000" stop-opacity="0.6"/>
+    </radialGradient>
+  </defs>
+
+  <!-- ============================================================
+       1. Background layers
+       ============================================================ -->
+  <rect width="1920" height="1080" fill="#1a1918"/>
+  <rect width="1920" height="1080" fill="url(#dots)"/>
+  <rect width="1920" height="1080" fill="url(#scanlines)" opacity="0.035"/>
+
+  <!-- ============================================================
+       2. Corner text blocks — actual homelab / OpenBSD content
+          All at low opacity so they read as ambient context,
+          not competing with the central mark.
+       ============================================================ -->
+
+  <!-- === TOP-LEFT: pf.conf (fw01) === -->
+  <g font-family="'Courier New', Courier, monospace" font-size="13" fill="#8a8075">
+    <!-- heading -->
+    <text x="80" y="96"  opacity="0.55" fill="#b87838"># /etc/pf.conf -- fw01 (SuperMicro 1U)</text>
+    <text x="80" y="118" opacity="0.38">ext_if  = "em0"</text>
+    <text x="80" y="136" opacity="0.38">vlan10  = "vlan10"  <tspan opacity="0.6" fill="#5a5450"># servers</tspan></text>
+    <text x="80" y="154" opacity="0.38">vlan20  = "vlan20"  <tspan opacity="0.6" fill="#5a5450"># desktop</tspan></text>
+    <text x="80" y="172" opacity="0.38">vlan30  = "vlan30"  <tspan opacity="0.6" fill="#5a5450"># game</tspan></text>
+    <text x="80" y="190" opacity="0.38">vlan40  = "vlan40"  <tspan opacity="0.6" fill="#5a5450"># iot/guest</tspan></text>
+    <text x="80" y="216" opacity="0.28" fill="#5a5450">set block-policy drop</text>
+    <text x="80" y="234" opacity="0.28" fill="#5a5450">set skip on lo</text>
+    <text x="80" y="252" opacity="0.28" fill="#5a5450">block all</text>
+    <text x="80" y="270" opacity="0.28" fill="#5a5450">antispoof for $ext_if inet</text>
+    <text x="80" y="296" opacity="0.38">pass in  on $ext_if proto tcp \</text>
+    <text x="80" y="314" opacity="0.38">    to port { 22 80 443 } keep state</text>
+    <text x="80" y="332" opacity="0.38">pass out on $ext_if all keep state</text>
+    <text x="80" y="356" opacity="0.28" fill="#5a5450">pass in on $vlan10 all keep state</text>
+    <text x="80" y="374" opacity="0.28" fill="#5a5450">pass in on $vlan20 to $vlan10</text>
+    <text x="80" y="392" opacity="0.28" fill="#5a5450">block in on $vlan40 to 10.0.0.0/8</text>
+  </g>
+
+  <!-- === TOP-RIGHT: network topology === -->
+  <g font-family="'Courier New', Courier, monospace" font-size="13" fill="#8a8075" text-anchor="end">
+    <text x="1840" y="96"  opacity="0.55" fill="#b87838"># ridgwaysystems.org -- network</text>
+    <text x="1840" y="118" opacity="0.38">              internet</text>
+    <text x="1840" y="136" opacity="0.28" fill="#5a5450">                  |</text>
+    <text x="1840" y="154" opacity="0.42">       fw01  10.0.1.1   OpenBSD</text>
+    <text x="1840" y="172" opacity="0.32" fill="#5a5450">   pf  relayd  unbound  wireguard</text>
+    <text x="1840" y="190" opacity="0.28" fill="#5a5450">                  |</text>
+    <text x="1840" y="216" opacity="0.38">+-- vlan10  10.0.10.0/24  servers</text>
+    <text x="1840" y="234" opacity="0.28" fill="#5a5450">|   srv01  R720  httpd gitea mail</text>
+    <text x="1840" y="252" opacity="0.28" fill="#5a5450">|   srv02  R710  dns vmm backup</text>
+    <text x="1840" y="270" opacity="0.38">+-- vlan20  10.0.20.0/24  desktop</text>
+    <text x="1840" y="288" opacity="0.28" fill="#5a5450">|   ws01   ansible control node</text>
+    <text x="1840" y="306" opacity="0.38">+-- vlan30  10.0.30.0/24  game</text>
+    <text x="1840" y="324" opacity="0.28" fill="#5a5450">|   linux VMs via vmm(4)</text>
+    <text x="1840" y="342" opacity="0.38">+-- vlan40  10.0.40.0/24  iot/guest</text>
+    <text x="1840" y="360" opacity="0.28" fill="#5a5450">    block to 10.0.0.0/8</text>
+  </g>
+
+  <!-- === BOTTOM-LEFT: service status === -->
+  <g font-family="'Courier New', Courier, monospace" font-size="13" fill="#8a8075">
+    <text x="80" y="700" opacity="0.55" fill="#b87838">$ rcctl status</text>
+    <text x="80" y="722" opacity="0.38">httpd      <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv01  :80 :443</text>
+    <text x="80" y="740" opacity="0.38">relayd     <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  fw01   :80 :443</text>
+    <text x="80" y="758" opacity="0.38">unbound    <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  fw01   :53</text>
+    <text x="80" y="776" opacity="0.38">nsd        <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv02  :53</text>
+    <text x="80" y="794" opacity="0.38">smtpd      <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv01  :25 :465</text>
+    <text x="80" y="812" opacity="0.38">gitea      <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv01  :3000</text>
+    <text x="80" y="830" opacity="0.38">prometheus <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv01  :9090</text>
+    <text x="80" y="848" opacity="0.38">grafana    <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv01  :3001</text>
+    <text x="80" y="866" opacity="0.38">wireguard  <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  fw01   :51820</text>
+    <text x="80" y="884" opacity="0.38">matrix     <tspan fill="#c8a020" opacity="0.9">degraded</tspan> srv01  :8448</text>
+    <text x="80" y="902" opacity="0.38">jellyfin   <tspan fill="#4a8a4a" opacity="0.9">active</tspan>  srv02  :8096</text>
+    <text x="80" y="920" opacity="0.28" fill="#5a5450">game-srv   stopped  srv02</text>
+  </g>
+
+  <!-- === BOTTOM-RIGHT: hardware inventory === -->
+  <g font-family="'Courier New', Courier, monospace" font-size="13" fill="#8a8075" text-anchor="end">
+    <text x="1840" y="700" opacity="0.55" fill="#b87838"># hardware inventory</text>
+    <text x="1840" y="722" opacity="0.42">fw01   SuperMicro 1U     OpenBSD 7.6</text>
+    <text x="1840" y="740" opacity="0.28" fill="#5a5450">       Xeon E3-1230v2 / 16 GB ECC</text>
+    <text x="1840" y="758" opacity="0.28" fill="#5a5450">       pf · relayd · wireguard</text>
+    <text x="1840" y="782" opacity="0.42">srv01  Dell R720         OpenBSD 7.6</text>
+    <text x="1840" y="800" opacity="0.28" fill="#5a5450">       2x Xeon E5-2600 / 64 GB ECC</text>
+    <text x="1840" y="818" opacity="0.28" fill="#5a5450">       httpd · gitea · smtpd · matrix</text>
+    <text x="1840" y="842" opacity="0.42">srv02  Dell R710         OpenBSD 7.6</text>
+    <text x="1840" y="860" opacity="0.28" fill="#5a5450">       Xeon X5650 / 48 GB ECC</text>
+    <text x="1840" y="878" opacity="0.28" fill="#5a5450">       nsd · vmm · jellyfin</text>
+    <text x="1840" y="902" opacity="0.42">ws01   desktop            Linux</text>
+    <text x="1840" y="920" opacity="0.28" fill="#5a5450">       Ryzen / 32 GB  ansible</text>
+  </g>
+
+  <!-- ============================================================
+       3. Center focal area
+       ============================================================ -->
+
+  <!-- Soft radial glow behind the mark -->
+  <ellipse cx="960" cy="530" rx="540" ry="340" fill="url(#centerGlow)"/>
+
+  <!-- "OpenBSD" label above the mark -->
+  <text
+    x="960" y="368"
+    text-anchor="middle"
+    font-family="'Courier New', Courier, monospace"
+    font-size="15"
+    letter-spacing="10"
+    fill="#b87838"
+    opacity="0.55">OPENBSD  HOMELAB</text>
+
+  <!-- >_ mark, centered: x span 740–1180, y span 390–692 -->
+  <g filter="url(#glow)">
+    <polyline
+      points="740,390 940,540 740,690"
+      fill="none"
+      stroke="#e8870a"
+      stroke-width="26"
+      stroke-linecap="round"
+      stroke-linejoin="round"/>
+    <line
+      x1="980" y1="690"
+      x2="1180" y2="690"
+      stroke="#e8870a"
+      stroke-width="26"
+      stroke-linecap="round"/>
+  </g>
+
+  <!-- Site name below the mark -->
+  <text
+    x="960" y="795"
+    text-anchor="middle"
+    font-family="'Courier New', Courier, monospace"
+    font-size="22"
+    letter-spacing="6"
+    fill="#5a5450"
+    opacity="0.8">ridgwaysystems.org</text>
+
+  <!-- ============================================================
+       4. Finishing
+       ============================================================ -->
+
+  <!-- Corner bracket marks (brighter now) -->
+  <polyline points="52,84 52,52 84,52"
+    fill="none" stroke="#3a3836" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+  <polyline points="1836,52 1868,52 1868,84"
+    fill="none" stroke="#3a3836" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+  <polyline points="52,996 52,1028 84,1028"
+    fill="none" stroke="#3a3836" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+  <polyline points="1836,1028 1868,1028 1868,996"
+    fill="none" stroke="#3a3836" stroke-width="1.5" stroke-linecap="round" stroke-linejoin="round"/>
+
+  <!-- Thin horizontal separator lines flanking the center mark -->
+  <line x1="80" y1="540" x2="640" y2="540"
+    stroke="#2e2c2a" stroke-width="1" opacity="0.6"/>
+  <line x1="1280" y1="540" x2="1840" y2="540"
+    stroke="#2e2c2a" stroke-width="1" opacity="0.6"/>
+
+  <!-- Vignette overlay -->
+  <rect width="1920" height="1080" fill="url(#vignette)"/>
+</svg>

static/js/editor.js

@@ -0,0 +1,55 @@
+(function() {
+  var previewBtn   = document.getElementById('preview-btn');
+  var uploadBtn    = document.getElementById('upload-btn');
+  var imgFile      = document.getElementById('img-file');
+  var textarea     = document.getElementById('content');
+  var output       = document.getElementById('preview-output');
+  var uploadStatus = document.getElementById('upload-status');
+
+  if (!textarea) return;
+
+  // --- Preview ---
+  function refreshPreview() {
+    var fd = new FormData();
+    fd.append('content', textarea.value);
+    fetch('/admin/preview', { method: 'POST', body: fd })
+      .then(function(r) { return r.text(); })
+      .then(function(html) { output.innerHTML = html; })
+      .catch(function() { output.innerHTML = '<p class="form-error">Preview failed.</p>'; });
+  }
+
+  if (previewBtn) previewBtn.addEventListener('click', refreshPreview);
+  if (textarea.value.trim()) { refreshPreview(); }
+
+  // --- Image upload ---
+  if (uploadBtn) uploadBtn.addEventListener('click', function() { imgFile.click(); });
+
+  if (imgFile) imgFile.addEventListener('change', function() {
+    if (!this.files.length) return;
+    var file = this.files[0];
+    var fd = new FormData();
+    fd.append('image', file);
+
+    uploadStatus.textContent = 'Uploading\u2026';
+    uploadBtn.disabled = true;
+
+    fetch('/admin/upload', { method: 'POST', body: fd })
+      .then(function(r) { return r.json(); })
+      .then(function(data) {
+        if (data.error) {
+          uploadStatus.textContent = 'Error: ' + data.error;
+          return;
+        }
+        var pos    = textarea.selectionStart;
+        var before = textarea.value.substring(0, pos);
+        var after  = textarea.value.substring(textarea.selectionEnd);
+        textarea.value = before + data.markdown + after;
+        textarea.selectionStart = textarea.selectionEnd = pos + data.markdown.length;
+        textarea.focus();
+        uploadStatus.textContent = 'Inserted: ' + data.url;
+        setTimeout(function() { uploadStatus.textContent = ''; }, 3000);
+      })
+      .catch(function() { uploadStatus.textContent = 'Upload failed.'; })
+      .finally(function() { uploadBtn.disabled = false; imgFile.value = ''; });
+  });
+})();

templates/about.html

@@ -2,8 +2,11 @@
 {{define "meta-desc"}}About Ridgway Systems — a personal OpenBSD homelab project.{{end}}
 
 {{define "content"}}
-<div class="page-header">
+<div class="about-header">
-  <h1>About</h1>
+  <img src="/static/img/avatar.svg" alt="Ridgway Systems" class="about-avatar">
+  <div>
+    <h1>About</h1>
+  </div>
 </div>
 
 <div class="prose">

templates/admin/dashboard.html

@@ -7,6 +7,7 @@
     <div class="admin-actions">
       <a href="/admin/new" class="btn">New Post</a>
       <a href="/admin/status" class="btn btn-outline">Edit Status</a>
+      <a href="/admin/uploads" class="btn btn-outline">Uploads</a>
       <a href="/" class="btn btn-outline">View Site</a>
       <form method="POST" action="/admin/logout" class="inline-form">
         <button type="submit" class="btn btn-outline">Logout</button>

templates/admin/editor.html

@@ -45,60 +45,5 @@
   </form>
 </div>
 
-<script>
+<script src="/static/js/editor.js"></script>
-(function() {
-  var previewBtn  = document.getElementById('preview-btn');
-  var uploadBtn   = document.getElementById('upload-btn');
-  var imgFile     = document.getElementById('img-file');
-  var textarea    = document.getElementById('content');
-  var output      = document.getElementById('preview-output');
-  var uploadStatus = document.getElementById('upload-status');
-
-  // --- Preview ---
-  function refreshPreview() {
-    var fd = new FormData();
-    fd.append('content', textarea.value);
-    fetch('/admin/preview', { method: 'POST', body: fd })
-      .then(function(r) { return r.text(); })
-      .then(function(html) { output.innerHTML = html; })
-      .catch(function() { output.innerHTML = '<p class="form-error">Preview failed.</p>'; });
-  }
-
-  previewBtn.addEventListener('click', refreshPreview);
-  if (textarea.value.trim()) { refreshPreview(); }
-
-  // --- Image upload ---
-  uploadBtn.addEventListener('click', function() { imgFile.click(); });
-
-  imgFile.addEventListener('change', function() {
-    if (!this.files.length) return;
-    var file = this.files[0];
-    var fd = new FormData();
-    fd.append('image', file);
-
-    uploadStatus.textContent = 'Uploading…';
-    uploadBtn.disabled = true;
-
-    fetch('/admin/upload', { method: 'POST', body: fd })
-      .then(function(r) { return r.json(); })
-      .then(function(data) {
-        if (data.error) {
-          uploadStatus.textContent = 'Error: ' + data.error;
-          return;
-        }
-        // Insert markdown at cursor position
-        var pos = textarea.selectionStart;
-        var before = textarea.value.substring(0, pos);
-        var after  = textarea.value.substring(textarea.selectionEnd);
-        textarea.value = before + data.markdown + after;
-        textarea.selectionStart = textarea.selectionEnd = pos + data.markdown.length;
-        textarea.focus();
-        uploadStatus.textContent = 'Inserted: ' + data.url;
-        setTimeout(function() { uploadStatus.textContent = ''; }, 3000);
-      })
-      .catch(function() { uploadStatus.textContent = 'Upload failed.'; })
-      .finally(function() { uploadBtn.disabled = false; imgFile.value = ''; });
-  });
-})();
-</script>
 {{end}}

templates/admin/uploads.html

@@ -0,0 +1,30 @@
+{{define "title"}}Uploads — Admin{{end}}
+
+{{define "content"}}
+<div class="admin-wrap">
+  <div class="admin-header">
+    <h1>Uploads</h1>
+    <div class="admin-actions">
+      <a href="/admin" class="btn btn-outline">Back to Dashboard</a>
+    </div>
+  </div>
+
+  {{if .Flash}}<p class="flash">{{.Flash}}</p>{{end}}
+
+  {{if not .Files}}
+  <p class="muted">No uploaded images yet.</p>
+  {{else}}
+  <div class="upload-browser">
+    {{range .Files}}
+    <div class="upload-item">
+      <img src="{{.URL}}" alt="{{.Name}}" class="upload-thumb">
+      <div class="upload-info">
+        <code class="upload-name">{{.Name}}</code>
+        <code class="upload-md">{{.Markdown}}</code>
+      </div>
+    </div>
+    {{end}}
+  </div>
+  {{end}}
+</div>
+{{end}}

templates/base.html

@@ -15,6 +15,9 @@
   <meta name="twitter:card" content="summary">
   <meta name="twitter:title" content="{{block "tw-title" .}}Ridgway Systems{{end}}">
   <meta name="twitter:description" content="{{block "tw-desc" .}}A homelab built on OpenBSD — from firewall to git server.{{end}}">
+  <link rel="icon" type="image/svg+xml" href="/static/favicon.svg">
+  <meta property="og:image" content="{{block "og-image" .}}https://ridgwaysystems.org/static/img/avatar.svg{{end}}">
+  <meta name="twitter:image" content="{{block "tw-image" .}}https://ridgwaysystems.org/static/img/avatar.svg{{end}}">
   <link rel="stylesheet" href="/static/css/style.css">
   <link rel="stylesheet" href="/static/css/syntax.css">
   <link rel="alternate" type="application/rss+xml" title="Ridgway Systems" href="/blog/feed.xml">
@@ -28,6 +31,7 @@
         <li><a href="/infrastructure">infrastructure</a></li>
         <li><a href="/status">status</a></li>
         <li><a href="/about">about</a></li>
+        <li><a href="/hire" class="nav-hire">hire me</a></li>
       </ul>
     </nav>
   </header>
@@ -41,7 +45,8 @@
       <a href="/">ridgwaysystems.org</a> &mdash;
       running OpenBSD &mdash;
       <a href="/blog/feed.xml">RSS</a> &mdash;
-      <a href="https://git.ridgwaysystems.org">gitea</a>
+      <a href="https://git.ridgwaysystems.org">gitea</a> &mdash;
+      <a href="/hire">hire me</a>
     </p>
   </footer>
 </body>

templates/error.html

@@ -0,0 +1,13 @@
+{{define "title"}}{{.Code}} {{.Title}} — Ridgway Systems{{end}}
+
+{{define "content"}}
+<div class="error-page">
+  <div class="error-code">{{.Code}}</div>
+  <h1>{{.Title}}</h1>
+  <p>{{.Message}}</p>
+  <a href="/" class="btn btn-outline">Go home</a>
+  {{if eq .Code 404}}
+  <a href="/blog" class="btn btn-outline">Build log</a>
+  {{end}}
+</div>
+{{end}}

templates/hire.html

@@ -0,0 +1,88 @@
+{{define "title"}}Hire Blake Ridgway — Ridgway Systems{{end}}
+{{define "meta-desc"}}Available for contracts and consulting: firewall/network design, Linux, DevOps, network security, server builds, and general sysadmin.{{end}}
+{{define "og-title"}}Hire Blake Ridgway — Ridgway Systems{{end}}
+{{define "og-desc"}}Available for contracts and consulting. Remote, any US timezone.{{end}}
+
+{{define "content"}}
+<div class="hire-page">
+
+  <div class="hire-intro">
+    <h1>Work With Me</h1>
+    <p class="hire-tagline">Infrastructure that actually works. On OpenBSD, Linux, or wherever the job takes it.</p>
+    <p>I'm Blake Ridgway &mdash; a Site Reliability Engineer based in Enid, Oklahoma with experience across cloud infrastructure, on-prem networks, security hardening, and automation. I've built policy-as-code firewall frameworks, managed Kubernetes workloads at a fintech startup, designed WAN monitoring systems, and I'm currently running SRE on Azure at a cloud-native shop.</p>
+    <p>This site runs on a self-hosted OpenBSD server in my homelab. That's not a gimmick &mdash; it's how I approach every system I touch.</p>
+    <p><a href="/resume">View my full resume &rarr;</a></p>
+  </div>
+
+  <section>
+    <h2>Services</h2>
+    <div class="services-grid">
+      <div class="service-card">
+        <h3>Firewall &amp; Network Design</h3>
+        <p>pf, iptables, VLANs, VPNs, BGP/OSPF, network segmentation, zero trust architecture.</p>
+      </div>
+      <div class="service-card">
+        <h3>Linux &amp; OpenBSD</h3>
+        <p>System hardening, service configuration, performance tuning, and ongoing administration.</p>
+      </div>
+      <div class="service-card">
+        <h3>DevOps &amp; IaC</h3>
+        <p>Terraform, Ansible, Azure DevOps, AWS, CI/CD pipelines, GitOps with Argo CD.</p>
+      </div>
+      <div class="service-card">
+        <h3>Network Security</h3>
+        <p>Policy-as-code firewalls, IDS/IPS, geo-blocking, security posture audits and hardening.</p>
+      </div>
+      <div class="service-card">
+        <h3>Server Builds</h3>
+        <p>Bare-metal provisioning, PXE boot, homelab and small business server deployments.</p>
+      </div>
+      <div class="service-card">
+        <h3>General Sysadmin</h3>
+        <p>Monitoring (Prometheus, Grafana, Nagios), incident response, runbooks, and day-to-day ops.</p>
+      </div>
+    </div>
+  </section>
+
+  <div class="hire-availability">
+    <strong>Availability:</strong> Open to contracts and consulting engagements &mdash; fully remote, any US timezone.
+    Pricing by project or hourly &mdash; contact me for details.
+  </div>
+
+  <section class="contact-section">
+    <h2>Get in touch</h2>
+    <p>Tell me about your project or problem. I'll respond within one business day.</p>
+
+    {{if .Success}}
+    <div class="form-success">
+      <strong>Message sent.</strong> I'll be in touch shortly.
+    </div>
+    {{else}}
+    {{if .Error}}<p class="form-error">{{.Error}}</p>{{end}}
+
+    <form method="POST" action="/hire" class="contact-form">
+      <div class="form-group">
+        <label for="name">Name <span class="required-mark">*</span></label>
+        <input type="text" id="name" name="name" value="{{.Name}}" required autocomplete="name" placeholder="Jane Smith">
+      </div>
+      <div class="form-group">
+        <label for="email">Email <span class="required-mark">*</span></label>
+        <input type="email" id="email" name="email" value="{{.Email}}" required autocomplete="email" placeholder="jane@example.com">
+      </div>
+      <div class="form-group">
+        <label for="company">Company <span class="field-note">(optional)</span></label>
+        <input type="text" id="company" name="company" value="{{.Company}}" autocomplete="organization" placeholder="Acme Corp">
+      </div>
+      <div class="form-group">
+        <label for="message">Message <span class="required-mark">*</span></label>
+        <textarea id="message" name="message" required placeholder="Describe your project, timeline, and any relevant details.">{{.Message}}</textarea>
+      </div>
+      <div>
+        <button type="submit" class="btn">Send message</button>
+      </div>
+    </form>
+    {{end}}
+  </section>
+
+</div>
+{{end}}

templates/post.html

@@ -23,7 +23,11 @@
     {{.Content}}
   </div>
   <footer class="post-footer">
-    <a href="/blog">&larr; Back to build log</a>
+    <nav class="post-nav">
+      <div class="post-nav-prev">{{if .Older}}<a href="/blog/{{.Older.Slug}}">&larr; {{.Older.Title}}</a>{{end}}</div>
+      <a href="/blog" class="post-nav-all">all posts</a>
+      <div class="post-nav-next">{{if .Newer}}<a href="/blog/{{.Newer.Slug}}">{{.Newer.Title}} &rarr;</a>{{end}}</div>
+    </nav>
   </footer>
 </article>
 {{end}}

templates/resume.html

@@ -0,0 +1,141 @@
+{{define "title"}}Resume — Blake Ridgway{{end}}
+{{define "meta-desc"}}Blake Ridgway — Site Reliability Engineer. Cloud infrastructure, network security, DevOps, and Linux/BSD systems.{{end}}
+{{define "og-title"}}Resume — Blake Ridgway{{end}}
+{{define "og-desc"}}Site Reliability Engineer with experience in cloud infrastructure, network design, security, and automation. Available for contracts.{{end}}
+
+{{define "content"}}
+<div class="resume-page">
+
+  <div class="resume-actions">
+    <a href="/hire" class="btn">Work with me</a>
+    <a href="/hire" class="btn btn-outline">Contact</a>
+    <span class="resume-print-hint">Print or save as PDF: <kbd>Ctrl+P</kbd> / <kbd>&#8984;+P</kbd></span>
+  </div>
+
+  <header class="resume-header">
+    <h1>Blake Ridgway</h1>
+    <p class="resume-tagline">Site Reliability Engineer &mdash; Cloud &bull; Network &bull; Linux &bull; Security</p>
+    <div class="resume-contact">
+      <span>Enid, Oklahoma &mdash; US/Central &mdash; Remote</span>
+      <a href="mailto:blakearidgway@gmail.com">blakearidgway@gmail.com</a>
+      <a href="https://linkedin.com/in/blakearidgway">linkedin.com/in/blakearidgway</a>
+      <a href="https://ridgwaysystems.org/hire">ridgwaysystems.org/hire</a>
+    </div>
+  </header>
+
+  <section class="resume-section">
+    <h2>Summary</h2>
+    <p>Results-driven Cloud and Network Engineer with a strong background in designing, implementing, and automating secure, scalable, and highly available infrastructure across on-premises and multi-cloud environments (AWS, Azure). Proven expertise in Infrastructure-as-Code, policy-as-code security frameworks, and comprehensive monitoring for proactive incident prevention. Adept at translating complex business requirements into resilient technical solutions with a focus on network performance, cloud resource optimization, and overall security posture.</p>
+  </section>
+
+  <section class="resume-section">
+    <h2>Experience</h2>
+
+    <div class="resume-job">
+      <div class="resume-job-header">
+        <span class="resume-role">Site Reliability Engineer</span>
+        <span class="resume-dates">Sep 2025 &ndash; Present</span>
+      </div>
+      <div class="resume-org">
+        <span class="resume-company">Advanced Metrics</span>
+        <span class="resume-location">&mdash; Remote</span>
+      </div>
+      <ul>
+        <li>Provision, deploy, and manage virtual machines, servers, and scalable storage in Azure, optimizing for performance and cost.</li>
+        <li>Configure and maintain complex virtual networks including VNet peering, VPN Gateways, ExpressRoute connections, and NSGs for secure, efficient connectivity.</li>
+        <li>Implement security measures including firewalls and access controls across cloud infrastructure.</li>
+        <li>Use Terraform, Azure DevOps, and ARM templates for IaC and CI/CD pipeline automation.</li>
+        <li>Utilize Azure Monitor for performance monitoring, log analysis, and alerting.</li>
+      </ul>
+    </div>
+
+    <div class="resume-job">
+      <div class="resume-job-header">
+        <span class="resume-role">Systems Administrator</span>
+        <span class="resume-dates">Jul 2023 &ndash; Sep 2025</span>
+      </div>
+      <div class="resume-org">
+        <span class="resume-company">Triangle Insurance Company</span>
+        <span class="resume-location">&mdash; Enid, OK</span>
+      </div>
+      <ul>
+        <li>Designed and automated infrastructure deployments using IaC, achieving a 20% performance improvement and a 15% reduction in deployment time.</li>
+        <li>Architected a policy-as-code firewall framework with geo-location blocking and automated rule updates, strengthening security posture while minimizing manual errors.</li>
+        <li>Developed and automated comprehensive disaster recovery validation, reducing RTO by 30% and ensuring business continuity.</li>
+        <li>Designed and implemented ISP network speed monitoring using Prometheus and Grafana, providing real-time WAN visibility.</li>
+        <li>Deployed full-stack monitoring with Nagios and automated alerting, cutting time-to-detect (TTD) by 40% and time-to-resolve (TTR) by 20%.</li>
+      </ul>
+    </div>
+
+    <div class="resume-job">
+      <div class="resume-job-header">
+        <span class="resume-role">Sr. Platform Engineer</span>
+        <span class="resume-dates">Mar 2022 &ndash; Jul 2023</span>
+      </div>
+      <div class="resume-org">
+        <span class="resume-company">Prime Trust</span>
+        <span class="resume-location">&mdash; Remote</span>
+      </div>
+      <ul>
+        <li>Engineered Azure and AWS cloud infrastructure using IaC, improving scalability, consistency, and reducing manual intervention.</li>
+        <li>Partnered with stakeholders to translate product requirements into secure, scalable infrastructure specifications aligned with business goals.</li>
+        <li>Designed and supported Argo CD workload management for continuous delivery, improving release velocity and reducing deployment errors.</li>
+        <li>Authored and maintained comprehensive documentation, runbooks, and standards for recurring issues, accelerating incident response.</li>
+        <li>Performed deep root cause analysis on incidents, implementing preventative measures to improve long-term system stability.</li>
+      </ul>
+    </div>
+  </section>
+
+  <section class="resume-section">
+    <h2>Education</h2>
+
+    <div class="resume-job">
+      <div class="resume-job-header">
+        <span class="resume-role">B.S. Computer Science</span>
+        <span class="resume-dates">Jun 2021 &ndash; Present</span>
+      </div>
+      <div class="resume-company">Southern New Hampshire University</div>
+    </div>
+
+    <div class="resume-job">
+      <div class="resume-job-header">
+        <span class="resume-role">Information Technology Program</span>
+        <span class="resume-dates">2013</span>
+      </div>
+      <div class="resume-company">Autry Technology Center</div>
+    </div>
+  </section>
+
+  <section class="resume-section">
+    <h2>Certifications</h2>
+    <ul class="resume-cert-list">
+      <li class="resume-cert">CompTIA Network+</li>
+      <li class="resume-cert">FCF Cybersecurity</li>
+      <li class="resume-cert">FCA Cybersecurity</li>
+    </ul>
+  </section>
+
+  <section class="resume-section">
+    <h2>Technical Skills</h2>
+    <div class="resume-skills">
+      <dl>
+        <dt>Cloud</dt>
+        <dd>AWS, Azure (VNet, NSG, ExpressRoute, VPN Gateway, ARM Templates, Azure Monitor, CloudWatch)</dd>
+
+        <dt>Networking</dt>
+        <dd>TCP/IP, DNS, DHCP, BGP, OSPF, VLANs, VPN, pf, iptables, IDS/IPS, NAC, Zero Trust</dd>
+
+        <dt>Automation</dt>
+        <dd>Terraform, Ansible, Azure DevOps, Bash, Python, PowerShell, Ruby</dd>
+
+        <dt>Monitoring</dt>
+        <dd>Prometheus, Grafana, Nagios, Splunk, ELK Stack, SIEM integration, Azure Monitor</dd>
+
+        <dt>Platforms</dt>
+        <dd>Linux, OpenBSD, VMware, Hyper-V, Proxmox, Citrix, Docker, Kubernetes, Argo CD</dd>
+      </dl>
+    </div>
+  </section>
+
+</div>
+{{end}}