13 files changed, 637 insertions, 221 deletions
diff --git a/www/content/hurd/_index.md b/www/content/hurd/_index.md
deleted file mode 100644
index b4c727c..0000000
--- a/www/content/hurd/_index.md
+++ /dev/null
@@ -1,182 +0,0 @@
----
-title: "Hurd"
-date: 2025-03-03T15:34:41+08:00
-lastmod: 2025-03-03T23:28:46+08:00
-layout: single
----
-
-{{< mono >}}
-
-[TODOS](/hurd/todos)
-
-{{< /mono >}}
-
-## links
-
-{{< mono >}}
-
-| name | link |
-| --- | --- |
-| kernel-list-archive | <https://lists.gnu.org/archive/html/bug-hurd/> |
-| debian-list-archive | <https://lists.debian.org/debian-hurd/> |
-| irc-archive | <https://logs.guix.gnu.org/hurd/> |
-| kernel-home | <https://www.gnu.org/software/hurd/index.html> |
-| debian-home | <https://www.debian.org/ports/hurd/> |
-
-{{< /mono >}}
-
-refs:
-
-{{< mono >}}
-
-| name | link |
-| --- | --- |
-| c | <https://en.cppreference.com/w/c> |
-| posix latest | <https://pubs.opengroup.org/onlinepubs/9799919799/> |
-| posix 2013 | <https://pubs.opengroup.org/onlinepubs/9699919799.2013edition/> |
-| posix 2008 | <https://pubs.opengroup.org/onlinepubs/9699919799.2008edition/> |
-| glibc | <https://sourceware.org/glibc/manual/2.41/html_mono/libc.html> |
-
-{{< /mono >}}
-
-## *_MAX patch
-
-TODO: Move to separate page.
-
-```c
-#include <errno.h>
-#include <stdlib.h>
-#include <unistd.h>
-
-static inline char *xreadlink(const char *restrict path) {
-  char *buffer;
-  size_t allocated = 128;
-  ssize_t len;
-
-  while (1) {
-    buffer = (char *)malloc(allocated);
-    if (!buffer) {
-      return NULL;
-    }
-    len = readlink(path, buffer, allocated);
-    if (len < (ssize_t)allocated) {
-      return buffer;
-    }
-    free(buffer);
-    if (len >= (ssize_t)allocated) {
-      allocated *= 2;
-      continue;
-    }
-    return NULL;
-  }
-}
-
-static inline char *xgethostname() {
-  long max_host_name;
-  char *buffer;
-
-  max_host_name = sysconf(_SC_HOST_NAME_MAX);
-  buffer = malloc(max_host_name + 1);
-
-  if (gethostname(buffer, max_host_name + 1)) {
-    free(buffer);
-    return NULL;
-  }
-
-  buffer[max_host_name] = '\0';
-  return buffer;
-}
-
-static inline char *xgetcwd() {
-  char *buffer;
-  size_t allocated = 128;
-
-  while (1) {
-    buffer = (char *)malloc(allocated);
-    if (!buffer) {
-      return NULL;
-    }
-    getcwd(buffer, allocated);
-    if (buffer)
-      return buffer;
-    free(buffer);
-    if (errno == ERANGE) {
-      allocated *= 2;
-      continue;
-    }
-    return NULL;
-  }
-}
-```
-
-## git repos
-
-{{< link-group >}}
-hurd
-cru: <https://crupest.life/git/cru-hurd/hurd.git>
-upstream: <https://git.savannah.gnu.org/git/hurd/hurd.git>
-debian: <https://salsa.debian.org/hurd-team/hurd>
-{{< /link-group >}}
-
-{{< link-group >}}
-gnumach
-cru: <https://crupest.life/git/cru-hurd/gnumach.git>
-upstream: <https://git.savannah.gnu.org/git/hurd/gnumach.git>
-debian: <https://salsa.debian.org/hurd-team/gnumach>
-{{< /link-group >}}
-
-{{< link-group >}}
-mig
-cru: <https://crupest.life/git/cru-hurd/mig.git>
-upstream: <https://git.savannah.gnu.org/git/hurd/mig.git>
-debian: <https://salsa.debian.org/hurd-team/mig>
-{{< /link-group >}}
-
-{{< link-group >}}
-glibc
-cru: <https://crupest.life/git/cru-hurd/glibc.git>
-upstream: <git://sourceware.org/git/glibc.git>
-debian: <https://salsa.debian.org/glibc-team/glibc>
-mirror: <https://mirrors.tuna.tsinghua.edu.cn/git/glibc.git>
-{{< /link-group >}}
-
-{{< link-group >}}
-web
-cru: <https://crupest.life/git/cru-hurd/web.git>
-upstream: <https://git.savannah.gnu.org/git/hurd/web.git>
-{{< /link-group >}}
-
-## cheatsheet
-
-Start qemu
-
-```sh
-qemu-system-x86_64 -enable-kvm -m 4G -net nic -net user,hostfwd=tcp::3222-:22 -vga vmware -drive cache=writeback,file=[...]
-```
-
-Configure/Setup network
-
-```sh
-settrans -fgap /servers/socket/2 /hurd/pfinet -i /dev/eth0 -a 10.0.2.15 -g 10.0.2.2 -m 255.255.255.0
-fsysopts /servers/socket/2 /hurd/pfinet -i /dev/eth0 -a 10.0.2.15 -g 10.0.2.2 -m 255.255.255.0
-fsysopts /server/socket/2 -a 10.0.2.15 -g 10.0.2.2 -m 255.255.255.0
-```
-
-Setup apt
-
-```sh
-apt-get --allow-unauthenticated --allow-insecure-repositories update
-apt-get --allow-unauthenticated upgrade
-```
-
-## mailing lists / irc
-
-{{< mono >}}
-
-| name | address |
-| --- | --- |
-| hurd | <bug-hurd@gnu.org> |
-| debian | <debian-hurd@lists.debian.org> |
-| irc | librechat #hurd |
-
-{{< /mono >}}
diff --git a/www/content/notes/_index.md b/www/content/notes/_index.md
new file mode 100644
index 0000000..3f96f73
--- /dev/null
+++ b/www/content/notes/_index.md
@@ -0,0 +1,16 @@
+---
+title: "Notes"
+date: 2025-06-14T21:24:00+08:00
+lastmod: 2025-06-14T21:24:00+08:00
+layout: single
+---
+
+- [Cheat Sheet](/notes/cheat-sheet)
+
+- [Hurd](/notes/hurd)
+
+  - [Cheat Sheet](/notes/hurd/cheat-sheet)
+
+  - [Todos](/notes/hurd/todos)
+
+  - [Useful Links](/notes/hurd/links)
diff --git a/www/content/notes/cheat-sheet.md b/www/content/notes/cheat-sheet.md
new file mode 100644
index 0000000..aba8e18
--- /dev/null
+++ b/www/content/notes/cheat-sheet.md
@@ -0,0 +1,132 @@
+---
+title: "Cheat Sheet"
+date: 2025-04-01T23:09:53+08:00
+lastmod: 2025-06-12T01:09:39+08:00
+---
+
+goto: [Hurd Cheat Sheet (in a separated page)](/notes/hurd/cheat-sheet)
+{class="mono"}
+
+## GRUB
+
+Update GRUB after `grub` package is updated. Replace `/boot` with your mount
+point of the EFI partition in `--efi-directory=/boot`. Replace `GRUB` with your
+bootloader id in `--bootloader-id=GRUB`.
+
+```sh
+grub-install --target=x86_64-efi --efi-directory=/boot --bootloader-id=GRUB
+grub-mkconfig -o /boot/grub/grub.cfg
+```
+
+## (Private) My Service Infrastructure Management
+
+All commands should be run at the project root path.
+
+### Install Deno
+
+Script from <https://docs.deno.com/runtime/getting_started/installation/>
+
+```sh
+curl -fsSL https://deno.land/install.sh | sh
+```
+
+### Add Git Server User / Set Password
+
+```sh
+docker run -it --rm -v "./data/git/user-info:/user-info" httpd htpasswd /user-info [username]
+```
+
+### Certbot
+
+A complete command is `[prefix] [docker (based on challenge kind)] [command] [challenge] [domains] [test] [misc]`
+
+| part | for | segment |
+| :-: | :-: | --- |
+| prefix | * | `docker run -it --rm --name certbot -v "./data/certbot/certs:/etc/letsencrypt" -v "./data/certbot/data:/var/lib/letsencrypt" certbot/certbot` |
+| docker | challenge standalone | `-p "0.0.0.0:80:80"` |
+| docker | challenge nginx | `-v "./data/certbot/webroot:/var/www/certbot"` |
+| command | create/expand/shrink | `certonly` |
+| command | renew | `renew` |
+| challenge | standalone | `--standalone` |
+| challenge | nginx | `--webroot -w /var/www/certbot` |
+| domains | * | `[-d [domain]]...` |
+| test | * | `--test-cert --dry-run` |
+| misc | agree tos | `--agree-tos` |
+| misc | cert name | `--cert-name [name]` |
+| misc | email | `--email [email]` |
+
+For example, **test** create/expand/shrink with standalone server:
+
+```sh
+docker run -it --rm --name certbot \
+  -v "./data/certbot/certs:/etc/letsencrypt" \
+  -v "./data/certbot/data:/var/lib/letsencrypt" \
+  -p "0.0.0.0:80:80" \
+  certbot/certbot \
+  certonly \
+  --standalone \
+  --cert-name crupest.life \
+  -d crupest.life -d mail.crupest.life -d timeline.crupest.life \
+  --test-cert --dry-run
+```
+
+## System Setup
+
+### Debian setup
+
+#### Setup SSL Certificates and Curl
+
+```sh
+apt-get update
+apt-get install ca-certificates curl
+install -m 0755 -d /etc/apt/keyrings
+```
+
+### Docker Setup
+
+#### Uninstall Packages Provided by Stock Repo
+
+```bash
+for pkg in docker.io docker-doc docker-compose \
+    podman-docker containerd runc; do
+  apt-get remove $pkg;
+done
+```
+
+#### Install Certs From Docker
+
+Remember to [setup ssl and curl](#setup-ssl-certificates-and-curl) first.
+
+```sh
+curl -fsSL https://download.docker.com/linux/debian/gpg \
+  -o /etc/apt/keyrings/docker.asc
+chmod a+r /etc/apt/keyrings/docker.asc
+```
+
+#### Add Docker Repos
+
+```bash
+echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] \
+  https://download.docker.com/linux/debian \
+  $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+  tee /etc/apt/sources.list.d/docker.list > /dev/null
+```
+
+#### Install Docker Packages
+
+```sh
+apt-get update
+apt-get install docker-ce docker-ce-cli containerd.io \
+  docker-buildx-plugin docker-compose-plugin
+```
+
+#### Start And Enable Docker
+
+Remember to log out and log back to let user group change take effects.
+
+```sh
+systemctl enable docker
+systemctl start docker
+groupadd -f docker
+usermod -aG docker $USER
+```
diff --git a/www/content/notes/hurd/_index.md b/www/content/notes/hurd/_index.md
new file mode 100644
index 0000000..8faf70b
--- /dev/null
+++ b/www/content/notes/hurd/_index.md
@@ -0,0 +1,15 @@
+---
+title: "Hurd"
+date: 2025-03-03T15:34:41+08:00
+lastmod: 2025-06-12T01:09:39+08:00
+layout: single
+---
+
+This is the gateway page for various notes about
+[GNU/Hurd](https://www.gnu.org/software/hurd/) written by me.
+
+- [Cheat Sheet](/notes/hurd/cheat-sheet)
+
+- [Todos](/notes/hurd/todos)
+
+- [Useful Links](/notes/hurd/links)
diff --git a/www/content/notes/hurd/cheat-sheet.md b/www/content/notes/hurd/cheat-sheet.md
new file mode 100644
index 0000000..6fe5ccd
--- /dev/null
+++ b/www/content/notes/hurd/cheat-sheet.md
@@ -0,0 +1,68 @@
+---
+title: "Hurd Cheat Sheet"
+date: 2025-06-12T00:59:16+08:00
+lastmod: 2025-06-14T20:34:06+08:00
+---
+
+## Mirrors
+
+The mirror has to be `debian-ports`, not `debian`, and many mirror sites do not
+provide it. Following is aliyun mirror:
+
+```txt
+/etc/apt/sources.list
+---
+deb https://mirrors.aliyun.com/debian-ports/ unstable main
+deb https://mirrors.aliyun.com/debian-ports/ unreleased main
+deb-src https://mirrors.aliyun.com/debian/ unstable main
+```
+
+The hurd-amd64 deb-src seems to not work.
+
+## Use QEMU Virtual Machine
+
+For i386, use
+
+```sh
+qemu-system-x86_64 -enable-kvm -m 4G \
+  -net nic -net user,hostfwd=tcp::3222-:22 \
+  -vga vmware -drive cache=writeback,file=[...]
+```
+
+For x86_64, use
+
+```sh
+qemu-system-x86_64 -enable-kvm -m 8G -machine q35 \
+  -net nic -net user,hostfwd=tcp::3223-:22 \
+  -vga vmware -drive cache=writeback,file=[...]
+```
+
+GRUB in the image seems to use hard-coded path of `/dev/*` block file as the
+root partition in the kernel command line rather than GUID, so if the hard disk
+bus is changed in QEMU and the path is changed accordingly, the system can't
+boot on.
+
+QEMU cli arguments `-machine q35` enables AHCI and SATA, and is **required for
+official x86_64 image to boot**. As for i386, I haven't checked now.
+
+There is [a Deno script](https://github.com/crupest/crupest/blob/dev/deno/tools/manage-vm.ts)
+written by me to help define and build QEMU cli arguments of VMs.
+
+## Inside Hurd
+
+Configure/Setup network
+
+```sh
+settrans -fgap /servers/socket/2 /hurd/pfinet \
+  -i /dev/eth0 -a 10.0.2.15 -g 10.0.2.2 -m 255.255.255.0
+fsysopts /servers/socket/2 /hurd/pfinet \
+  -i /dev/eth0 -a 10.0.2.15 -g 10.0.2.2 -m 255.255.255.0
+fsysopts /server/socket/2 -a 10.0.2.15 -g 10.0.2.2 -m 255.255.255.0
+```
+
+Setup apt
+
+```sh
+apt-get --allow-unauthenticated --allow-insecure-repositories update
+apt-get --allow-unauthenticated upgrade
+```
diff --git a/www/content/notes/hurd/links.md b/www/content/notes/hurd/links.md
new file mode 100644
index 0000000..1e966d4
--- /dev/null
+++ b/www/content/notes/hurd/links.md
@@ -0,0 +1,88 @@
+---
+title: "Hurd Useful Links"
+date: 2025-06-14T20:34:06+08:00
+lastmod: 2025-06-14T20:34:06+08:00
+---
+
+## links
+
+| name | link |
+| --- | --- |
+| kernel-list-archive | <https://lists.gnu.org/archive/html/bug-hurd/> |
+| debian-list-archive | <https://lists.debian.org/debian-hurd/> |
+| irc-archive | <https://logs.guix.gnu.org/hurd/> |
+| kernel-home | <https://www.gnu.org/software/hurd/index.html> |
+| debian-home | <https://www.debian.org/ports/hurd/> |
+
+refs:
+
+| name | link |
+| --- | --- |
+| c | <https://en.cppreference.com/w/c> |
+| posix latest | <https://pubs.opengroup.org/onlinepubs/9799919799/> |
+| posix 2013 | <https://pubs.opengroup.org/onlinepubs/9699919799.2013edition/> |
+| posix 2008 | <https://pubs.opengroup.org/onlinepubs/9699919799.2008edition/> |
+| glibc | <https://sourceware.org/glibc/manual/2.41/html_mono/libc.html> |
+
+## mailing lists / irc
+
+| name | address |
+| --- | --- |
+| hurd | <bug-hurd@gnu.org> |
+| debian | <debian-hurd@lists.debian.org> |
+| irc | librechat #hurd |
+
+## *_MAX patch
+
+See [this](posts/c-func-ext.md)
+
+## git repos
+
+Clone all at once:
+
+```sh
+# glibc is too big, so not clone here.
+for repo in hurd gnumach mig web; do
+  if [ ! -d $repo ]; then
+    git clone "https://crupest.life/git/hurd/$repo.git"
+    pushd $repo
+    git remote add upstream "https://git.savannah.gnu.org/git/hurd/$repo.git"
+    popd
+  fi
+done
+```
+
+{{< link-group >}}
+hurd
+cru: <https://crupest.life/git/hurd/hurd.git>
+upstream: <https://git.savannah.gnu.org/git/hurd/hurd.git>
+debian: <https://salsa.debian.org/hurd-team/hurd>
+{{< /link-group >}}
+
+{{< link-group >}}
+gnumach
+cru: <https://crupest.life/git/hurd/gnumach.git>
+upstream: <https://git.savannah.gnu.org/git/hurd/gnumach.git>
+debian: <https://salsa.debian.org/hurd-team/gnumach>
+{{< /link-group >}}
+
+{{< link-group >}}
+mig
+cru: <https://crupest.life/git/hurd/mig.git>
+upstream: <https://git.savannah.gnu.org/git/hurd/mig.git>
+debian: <https://salsa.debian.org/hurd-team/mig>
+{{< /link-group >}}
+
+{{< link-group >}}
+glibc
+cru: <https://crupest.life/git/hurd/glibc.git>
+upstream: <git://sourceware.org/git/glibc.git>
+debian: <https://salsa.debian.org/glibc-team/glibc>
+mirror: <https://mirrors.tuna.tsinghua.edu.cn/git/glibc.git>
+{{< /link-group >}}
+
+{{< link-group >}}
+web
+cru: <https://crupest.life/git/hurd/web.git>
+upstream: <https://git.savannah.gnu.org/git/hurd/web.git>
+{{< /link-group >}}
diff --git a/www/content/hurd/todos.md b/www/content/notes/hurd/todos.md
index d95bfb9..2dbded3 100644
--- a/www/content/hurd/todos.md
+++ b/www/content/notes/hurd/todos.md
@@ -1,7 +1,7 @@
 ---
 title: "Hurd Todos"
 date: 2025-03-03T21:22:35+08:00
-lastmod: 2025-03-03T23:28:46+08:00
+lastmod: 2025-06-14T20:34:06+08:00
 params:
   css:
     - todos
@@ -9,7 +9,11 @@ params:
 
 ## Porting
 
-### {{< todo name=pam state=working >}}
+### hurd-fs4 {class="todo working"}
+
+<https://salsa.debian.org/rust-team/debcargo-conf/-/merge_requests/872>
+
+### pam {class="todo give-up"}
 
 {{< link-group >}}
 git
@@ -23,7 +27,7 @@ mail
 <https://lists.debian.org/debian-hurd/2025/02/msg00018.html>
 {{< /link-group >}}
 
-### {{< todo name=abseil state=working >}}
+### abseil {class="todo working"}
 
 {{< link-group >}}
 git
@@ -34,11 +38,11 @@ debian: <https://salsa.debian.org/debian/abseil>
 
 {{< link-group >}}
 mail
-<https://lists.debian.org/debian-hurd/2025/02/msg00011.html>\
+<https://lists.debian.org/debian-hurd/2025/02/msg00011.html>
 <https://lists.debian.org/debian-hurd/2025/02/msg00035.html>
 {{< /link-group >}}
 
-### {{< todo name=libgav1 state=done >}}
+### libgav1 {class="todo done"}
 
 {{< link-group >}}
 git
diff --git a/www/content/posts/_index.html b/www/content/posts/_index.md
index 76fa783..76fa783 100644
--- a/www/content/posts/_index.html
+++ b/www/content/posts/_index.md
diff --git a/www/content/posts/c-func-ext.md b/www/content/posts/c-func-ext.md
new file mode 100644
index 0000000..1f5f822
--- /dev/null
+++ b/www/content/posts/c-func-ext.md
@@ -0,0 +1,101 @@
+---
+title: "Libc/POSIX Function \"Extensions\""
+date: 2025-03-04T13:40:33+08:00
+lastmod: 2025-03-04T13:40:33+08:00
+categories: coding
+tags:
+  - c
+  - posix
+---
+
+(I've given up on this, at least for linux pam.)
+
+Recently, I’ve been working on porting some libraries to GNU/Hurd. Many (old)
+libraries use [`*_MAX` constants on POSIX system
+interfaces](https://pubs.opengroup.org/onlinepubs/9699919799.2008edition/nframe.html)
+to calculate buffer sizes. However, the GNU/Hurd maintainers urge against the
+blind use of them and refuse to define them in system headers. When old APIs are
+gone, compatibility problems come. To make my life easier, I'll put some
+reusable code snippets here to help *fix `*_MAX` bugs*.
+
+<!--more-->
+
+```c
+#include <stdlib.h>
+#include <stdarg.h>
+#include <unistd.h>
+#include <stdio.h>
+#include <errno.h>
+
+static inline char *xreadlink(const char *restrict path) {
+  char *buffer;
+  size_t allocated = 128;
+  ssize_t len;
+
+  while (1) {
+    buffer = (char*) malloc(allocated);
+    if (!buffer) { return NULL; }
+    len = readlink(path, buffer, allocated);
+    if (len < (ssize_t) allocated) { return buffer; }
+    free(buffer);
+    if (len >= (ssize_t) allocated) { allocated *= 2; continue; }
+    return NULL;
+  }
+ }
+
+
+static inline char *xgethostname(void) {
+  long max_host_name;
+  char *buffer;
+
+  max_host_name = sysconf(_SC_HOST_NAME_MAX);
+  buffer = malloc(max_host_name + 1);
+
+  if (gethostname(buffer, max_host_name + 1)) {
+    free(buffer);
+    return NULL;
+  }
+
+  buffer[max_host_name] = '\0';
+  return buffer;
+}
+
+static inline char *xgetcwd(void) {
+  char *buffer;
+  size_t allocated = 128;
+
+  while (1) {
+    buffer = (char*) malloc(allocated);
+    if (!buffer) { return NULL; }
+    getcwd(buffer, allocated);
+    if (buffer) return buffer;
+    free(buffer);
+    if (errno == ERANGE) { allocated *= 2; continue; }
+    return NULL;
+  }
+}
+
+static inline __attribute__((__format__(__printf__, 2, 3))) int
+xsprintf(char **buf_ptr, const char *restrict format, ...) {
+  char *buffer;
+  int ret;
+
+  va_list args;
+  va_start(args, format);
+
+  ret = snprintf(NULL, 0,  format, args);
+  if (ret < 0) { goto out; }
+
+  buffer = malloc(ret + 1);
+  if (!buffer) { ret = -1; goto out; }
+
+  ret = snprintf(NULL, 0,  format, args);
+  if (ret < 0) { free(buffer); goto out; }
+
+  *buf_ptr = buffer;
+
+out:
+  va_end(args);
+  return ret;
+}
+```
diff --git a/www/content/posts/nspawn.md b/www/content/posts/nspawn.md
new file mode 100644
index 0000000..c6add7e
--- /dev/null
+++ b/www/content/posts/nspawn.md
@@ -0,0 +1,206 @@
+---
+title: "Use systemd-nspawn to Create a Development Sandbox"
+date: 2025-03-04T23:22:23+08:00
+lastmod: 2025-03-27T17:46:24+08:00
+---
+
+*systemd-nspawn* is a great tool for creating development sandboxes. Compared to
+other similar technologies, it's lightweight, flexible, and easy to use. In this
+blog, I'll present a simple guide to using it.
+
+<!--more-->
+
+## Advantages
+
+I've been using traditional VMs and Docker for creating development
+environments. While both work fine, regardless of the performance, they suffer
+from being overly isolated. Two big headaches for me are host network sharing in
+traditional VMs and the immutability of Docker container ports and mounts.
+
+*systemd-nspawn* is much more flexible. Every feature can be configured
+granularly and dynamically. For example, filesystem sharing can be configured to
+work like bind mounts, and network isolation can be disabled entirely, which
+exactly solves the two headaches mentioned above. Additionally, being part of
+*systemd*, it has the same excellent design as other *systemd* components.
+
+Debian has a similar powerful tool called *schroot*. It is the official tool for
+automatic package building. Unfortunately, it seems to be a tool specific to
+Debian.
+
+## Usage
+
+*systemd-nspawn* consists of two parts that work together to achieve its VM
+functionality:
+
+1. The program `systemd-nspawn`, which runs other programs in an isolated
+   environment with user-specified settings. Each running VM is essentially a
+   group of processes launched via `systemd-nspawn`.
+2. Components for defining and managing VMs, possibly utilizing
+   `systemd-nspawn`.
+
+*systemd-nspawn* has a user interface similar to *systemd service*:
+
+- `[name].service` => `[name].nspawn`: Define VMs.
+  - Should be placed in `/etc/systemd/nspawn/`, where `machinectl` scans for VM
+    definitions.
+  - `[name]` serves as the VM's name. Use it to specify the VM when calling
+    `machinectl`. Note: You'd better use a valid hostname (avoid illegal
+    characters like `.`) to prevent weird errors.
+  - The options available roughly mirror `systemd-nspawn`'s CLI arguments, with
+    some adjustments to better fit VM semantics.
+  - Isolation-related options are usually prefixed with `Private` (e.g.,
+    `PrivateUsers=`).
+- `systemctl` => `machinectl`: Manage VMs.
+  - `enable`/`disable`: Set whether the VM starts automatically at system boot.
+  - `start`/`poweroff`/`reboot`/`terminate`/`kill`: Control the VM's running
+    state.
+  - `login`/`shell`: Do things inside the VM.
+
+I'll demonstrate how to create a Debian-based VM on Arch Linux as an example.
+You should adjust the commands based on your own situation.
+
+### Create Root Filesystem
+
+The root filesystem of a distribution can be created using a special tool from
+its package manager. For Debian-based distributions, it's `debootstrap`. If your
+OS uses a different package manager ecosystem, the target distribution's one and
+its keyrings (which might reside somewhere else) have to be installed first.
+
+```bash-session
+# pacman -S debootstrap debian-archive-keyring ubuntu-keyring
+```
+
+Regular directories work perfectly as root filesystems, but other directory-like
+things should work, too, such as `btrfs` subvolume.
+
+```bash-session
+# btrfs subvolume create /var/lib/machines/[name]
+```
+
+Now, run `debootstrap` to create a minimal filesystem. Update the command with
+the target distribution's codename and one of its mirrors you select.
+
+```bash-session
+# debootstrap --include=dbus,libpam-systemd [codename] \
+    /var/lib/machines/[name] [mirror]
+```
+
+At this point, the filesystem contains only the distribution's essential
+packages, much like a base Docker image (e.g., `debian`), so you can customize
+it in a similar way.
+
+### Configure and Customize
+
+I'll present my personal configuration here as a reference. You can create a new
+one based on it or from scratch.
+
+1. Disable user isolation: `[Exec] PrivateUsers=no`
+2. Disable network isolation: `[Network] Private=no`
+3. Create a user with the same username, group name, UID and GIDs: should be
+   done inside the VM.
+4. Only bind a subdirectory under *home*: `[Files] Bind=/home/[user]/[subdir]`
+5. Set the hostname: `[Exec] Hostname=[hostname]`
+
+I disable user isolation because it's implemented using the kernel's user
+namespace, which adds many inconveniences due to UID/GID mapping.
+
+So, the final `.nspawn` file is like:
+
+```systemd
+/etc/systemd/nspawn/[name].nspawn
+---
+[Exec]
+PrivateUsers=no
+Hostname=[hostname]
+
+[Files]
+Bind=/home/[user]/[subdir]
+
+[Network]
+Private=no
+```
+
+If `machinectl` can already start the VM, you can log in to customize it
+further. Otherwise, you can use `systemd-nspawn` directly to enter the VM and
+run commands inside it. `--resolv-conf=bind-host` binds the host's
+`/etc/resolv.conf` file to make the network work.
+
+```bash-session
+# systemd-nspawn --resolv-conf=bind-host -D /var/lib/machines/[name]
+```
+
+Now, inside the VM, you can do whatever you like. In my configuration, a correct
+user must be created manually.
+
+```bash-session
+# apt install locales sudo nano vim less man bash-completion curl wget \
+    build-essential git
+# dpkg-reconfigure locales
+
+# useradd -m -G sudo -s /usr/bin/bash [user]
+# passwd [user]
+```
+
+Some setup may need to be done manually, especially those usually handled by the
+distribution's installer.
+
+1. Update `/etc/hostname` with the VM's real hostname.
+2. Update `/etc/hosts`.
+
+```plain
+/etc/hosts
+---
+127.0.0.1       localhost [hostname]
+::1             localhost ip6-localhost ip6-loopback
+ff02::1         ip6-allnodes
+ff02::2         ip6-allrouters
+```
+
+**Ubuntu 20.04 specific:** Due to [a bug in
+systemd](https://github.com/systemd/systemd/issues/22234), the backport source
+has to be added.
+
+```plain
+/etc/apt/sources.list
+---
+deb https://mirrors.ustc.edu.cn/ubuntu focal main restricted universe multiverse
+deb https://mirrors.ustc.edu.cn/ubuntu/ focal-updates main restricted universe multiverse
+deb https://mirrors.ustc.edu.cn/ubuntu/ focal-backports main restricted universe multiverse
+deb https://mirrors.ustc.edu.cn/ubuntu/ focal-security main restricted universe multiverse
+```
+
+### Use
+
+The following command starts a new shell session for the specified user inside
+the VM, where you can run commands and perform tasks.
+
+```bash-session
+# machinectl shell [user]@[name]
+```
+
+Another way is to use `login` command to enter the *login console*. From there,
+you can log in as a user to start a shell session.
+
+```bash-session
+# machinectl login [name]
+```
+
+To exit a VM session (especially in the *login console*), press `CTRL+]` three
+times quickly in a row.
+
+### Snapshot
+
+The easiest way to backup/snapshot a VM is to create an archive of the VM's
+filesystem. You can use any archive tool you prefer, such as the simple `tar`.
+If the VM's filesystem is a `btrfs` subvolume, native `btrfs` snapshots can be
+used here. Before creating a snapshot, you should power off the VM to avoid
+archiving runtime files.
+
+```bash-session
+# machinectl poweroff [name]
+# btrfs subvolume snapshot /var/lib/machines/[name] \
+    /var/lib/machines/btrfs-snapshots/[name]/[snapshot-name]
+```
+
+`machinectl` also provides an *image* feature similar to Docker, though I've
+never tried it. Feel free to explore it if you're interested!
diff --git a/www/content/posts/pattern-in-cpp.md b/www/content/posts/pattern-in-cpp.md
deleted file mode 100644
index be921fd..0000000
--- a/www/content/posts/pattern-in-cpp.md
+++ /dev/null
@@ -1,25 +0,0 @@
----
-title: "Pattern in C++"
-date: 2022-01-24T15:57:34+08:00
-categories: Coding
-tags:
-  - C++
-description: The secret ingredient of secret ingredient soup is ...
----
-
-> The secret ingredient of secret ingredient soup is ...
-> Nothing!
-
-This is a script from Kung Fu Panda, which is one of my favorite film.
-
-People have been struggling for days to find a pattern in which they can code better. Especially those who use Java. They even wrote a book called "Programming Pattern" (or another name since I might forget the name) to show the common patterns.
-
-<!--more-->
-
-I don't mean patterns are bad. However there exists many people who strive to the patterns, stick to the patterns or even get stubborn to patterns. Maybe there exists a way to achieve their goals with some not that patterned code but they don't want to use them at all just because the code is not patterned.
-
-I love C++. And the pattern of C++ is exactly *NO PATTERN*. You write code in the way that they do the task most effectively and neatly. You don't need to apply a pattern to achieve your goal. You just write your code naturally with the way you are most comfortable with.
-
-Tools including programming language serve for people but not vice versa. Don't let tools constrain your hands. And when you find tools not convenient, just fix them or make a new one. Just like C++ is evolving all the time. So are all languages.
-
-The best is code is those that express meanings most clearly and achieve goals most effectively and do nothing with patterns.
diff --git a/www/content/posts/use-paddleocr.md b/www/content/posts/use-paddleocr.md
index f4eae32..806df41 100644
--- a/www/content/posts/use-paddleocr.md
+++ b/www/content/posts/use-paddleocr.md
@@ -2,10 +2,10 @@
 title: "Use PaddleOCR"
 date: 2022-11-30T13:25:36+08:00
 description: Simple steps to use PaddleOCR.
-categories: Coding
+categories: coding
 tags:
   - AI
-  - Python
+  - python
   - OCR
 ---
 
diff --git a/www/content/todos.md b/www/content/todos.md
deleted file mode 100644
index a790e24..0000000
--- a/www/content/todos.md
+++ /dev/null
@@ -1,7 +0,0 @@
----
-title: "Todos"
-date: 2025-03-03T15:34:53+08:00
-lastmod: 2025-03-03T23:28:46+08:00
----
-
-[Hurd](/hurd/todos)