This site is built with Hugo using the Terminal theme. The Hugo static site is compiled inside a Docker multi-stage build, bundled into a SWAG container image, pushed to Amazon ECR, and deployed to a MicroK8s cluster via GitHub Actions. Source content lives in a Git repo and a push to main triggers the full build-and-deploy pipeline automatically.

The Pipeline#

  1. I write a post in markdown and push to main
  2. GitHub Actions triggers the deploy-swag.yml workflow
  3. Hugo compiles the static site inside a Docker multi-stage build
  4. The output gets bundled into a SWAG container image (nginx + Let’s Encrypt + Cloudflare tunnel)
  5. The image is pushed to Amazon ECR
  6. The workflow triggers a rolling deployment on the MicroK8s cluster on the Heezy self-hosted runner
  7. The SWAG pod picks up the new image and serves the site

The whole thing takes about two minutes from push to live.

Why SWAG#

SWAG (Secure Web Application Gateway) is a LinuxServer.io container that bundles nginx, certbot, and fail2ban. It handles TLS termination, reverse proxying, and Cloudflare tunnel integration. I use it as the ingress for everything I want to host on the internet for free. Specifically, this is completely tailored to be used with Cloudflare ZTNA tunnels, which allow me to host this outside of my house, through the security and safety of Cloudflare without having to worry about protecting ingress point

Why Not AWS / Netlify / Vercel / GitHub Pages#

I already have all the hardware. I pay for the power to run it. And although I do have an AWS account, that is something that I have to carefully manage, watch and care for. When I was an AWS User Group organizer, I could request bundles of credits every calendar year to cover the few hundreds of dollars in cost, but the group has disbanded and I am left to pay for each bit and byte like everyone else who uses AWS.

Hassle plus cost makes it a headache.

If I leave a server online in my lab, it costs 0, in headspace or in my wallet.