blag: blogging in bash - by slonkazoid

..or fullstack web app development in bash using bingus-blog. either works

written
2024-12-29T20:42:00Z
last modified
2025-03-18T16:20:13Z
tags
bash draft hellish meta
link
back to home

blag: blogging in bash

have you ever wanted to write blog posts in bash? well, now you can, with blag and bingus-blog.

what

it all started in a conversation i was having with lily about blog engines.

discord conversation between me and lily, the messages are as follows: lily: can next do ssg me: yes lily: i can only find articles talking about it, no real projects that use it like that me: smh me: gonna @ domi and tell them to make bash blog ssg me: actually i should totally do that

it is important to note that this project ended up being ssr, not ssg. i just find ssr to be far more comfortable and extensible (more on that later).

a few days later, i got to work, and shared a screenshot of the first functioning draft in a fedi post.

a fedi post by me, the post text reads "making a thing", and attached is a screenshot of the the screenshot contents are as follows: firefox and a terminal window open on my desktop the terminal displays the 3 commands ran: "bat post.sh", the output of which is the line annotated and syntax highlighted contents of post.sh, "time ./render.sh post.sh > rendered.html", and "firefox rendered.html" firefox has rendered.html open, displaying the output of the script. it is exactly as described in the script.

in classic slonk fashion i started overengineering it soon after. not before long, bingus-blog had a refactor abstracting away the post provider in a trait object, improving caching, and more. overall, one could argue that the blag engine mode is actually more robust than markdown

i want to see it in action

sure! a bingus-blog instance configured with the blag engine and some funky blag-posts is live over at blag.slonk.ing!
just please don't hack me. or do. your choice. if you do though, please tell me so i can fix it😅

security

now for the obvious question, is this secure?

easy answer: no. i do not consider this secure enough to host on actual hardware, even i use a dedicated vm to host bingus-blag

however, it should be secure enough unless you do something wrong, allowing for rce or something. and it's really easy to do something wrong with this.

presently only one code execution vulnerability was found, which involved providing an url encoded path as the post name in the url, and led to an attacker being able to source local shell scripts. this has been fixed, but still, please don't host this on your production servers.

how to blag

to get started, you must first obtain the blag command:

git clone https://git.slonk.ing/slonk/blag
sudo install -Dt /usr/local/bin blag/blag # install blag in the global PATH
# if you don't want to do this, you can install it anywhere where bingus-blog
# can reach, but if it's not in it's PATH, you must set `blag.bin` to the path
# to the blag executable in the config

after that, it's a matter of simply deploying bingus-blog as usual, but with engine.mode = "blag" in the config

further instructions are available in blag's README file