Merge branch 'master' into update_architecture_en

content/en/blog/releases/0.11.0.md

@@ -0,0 +1,80 @@
+---
+title: "Version 0.11.0 Release"
+linkTitle: "0.11.0"
+date: 2024-03-14
+description: >
+  New About screen, reworked jobs management
+---
+
+## Changelog
+
+### Features
+
+- Enabled the following languages:
+  - Arabic
+  - Estonian
+  - Kazakh
+  - Chinese (Simplified)
+
+- **Server management**: Add ssh settings ([#477](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/477))
+- **UI**: Server settings is now a separate screen ([#477](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/477))
+- **UI**: The new About page now contains links to our support channels ([#464](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/464), resolves [#339](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/339) and [#170](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/170))
+- **Jobs**: Now you can track the result of jobs, and the progress of the server rebuilds and upgrades ([#440](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/440), resolves [#254](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/254))
+- **UI**: On iOS, use the Curpentino bottom navbar ([#483](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/483))
+- **UI**: Use Curpentino widgets where possible on iOS ([#483](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/483))
+- **Jobs**: Block starting client-side jobs when the server is rebuilding or moving a service ([#477](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/477))
+- **UI**: On the bottom bar, show all labels, not only the selected one ([#458](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/458), resolves [#454](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/454))
+- **UI**: Move provider card titles to the top row ([#449](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/449), resolves [#448](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/448))
+- Unified management of API connection to the server: the app should be now more reactive to changes ([#440](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/440))
+- **UI**: Onboarding page now looks better on big screens ([#444](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/444))
+
+### Bug Fixes
+
+- **UI**: Card titles no longer overflow on small screens ([#483](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/483), resolves [#476](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/476))
+- **DNS**: Detect the situation when we have faulty link-local IPv6 records ([#473](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/473))
+- **DNS**: Do not include faulty link-local DNS records in the list of found records ([#475](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/475))
+- **UI**: Fix the empty server confirmation screen during recovery ([#474](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/474))
+- **UI**: Fix the misleading value of "Do not verify TLS" ([#468](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/468))
+- **Jobs**: When you return the server settings value back, the job to change the setting is deleted ([#440](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/440), resolves [#166](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/166))
+- **Jobs**: When removing all completed jobs, optimistically delete them in UI first ([#440](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/440), resolves [#277](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/277))
+
+
+### Other
+
+- Binds migration screen is now in Developer settings, as it is no longer needed on API 3.0, but might still be helpful for stuck servers.
+- Remove the server deletion function ([#484](https://git.selfprivacy.org/SelfPrivacy/selfprivacy.org.app/issues/484))
+
+### Translation contributions
+
+- Kazakh
+  - TabithiS (133)
+
+- Chinese (Simplified)
+  - Nil (545)
+
+- Polish
+  - TabithiS (52)
+
+- Russian
+  - Inex Code (43)
+
+- Hebrew
+  - Yaron (17)
+
+- Estonian
+  - Dmitri B. (536)
+
+- Thai
+  - Inex Code (2)
+
+- German
+  - Inex Code (14)
+    - Based on anonymous suggestions
+
+- Ukrainian
+  - Nagibator Nagibuchiy (18)
+  - TabithiS (26)
+  - Meko (93)
+
+- Arabic
+  - Deem Alosili (656)

content/en/docs/Backups/_index.md

@@ -11,13 +11,13 @@ description: >
 
 When your service is broken but it worked yesterday you have two options:
 
-  * Spend some time reading logs and debugging what went wrong. Meanwhile the service is unusable and maybe some data is irreversibly lost.
-  * Rewind the service to the working state and then debug at a more relaxed pace. Hopefully it was just solar flare or a glitch in the Matrix.
+  * Spend some time reading logs and debugging what went wrong. Meanwhile the service is unusable and maybe some data is irreversibly lost;
+  * Restore the service to a working state and then debug at a more relaxed pace. Hopefully it was just a solar flare or a glitch in the Matrix.
 
 This second, nerve-saving option is enabled by backing up regularly, and even better, automatically.
 
-As an extra benefit, backing up makes it easy to transfer a service from one machine to another with minimal hassle.
-This is useful for datacenters on fire, if your server provider gets bought out by another corporation or if shareholders decide that it is finally time to make more profit.
+Having a backup simplifies the process of transferring a service between machines, ensuring minimal inconvenience.
+This is useful if your datacenter is on fire, if your server provider gets bought out by another corporation, or when shareholders decide that it is finally time to make more profit.
 
 This document covers the basic terms and usage of SelfPrivacy backup subsystem.
 
@@ -25,45 +25,45 @@ This document covers the basic terms and usage of SelfPrivacy backup subsystem.
 
 SelfPrivacy does not make backups of the whole machine.
 Instead, it saves the states of each service.
-The state of files used by a service, taken at a certain time, is called a Snapshot.
-In the interface, you can see a snapshot as having an id, a service it backs up, and a date of creation.
+The state of the files used by a service, taken at a certain time, is called a Snapshot.
+In the interface, you can see that a snapshot has an ID, a service it backs up, and a date of creation.
 
 ## When backups occur?
 
 A snapshot is created in 3 cases:
 
- * By user's manual command to back up a service
- * Automatically at certain intervals if Automatic Backups are enabled
- * As a precaution before an inplace restore of a service
+ * By user's manual command to back up a service;
+ * Automatically at specified intervals if Automatic Backups are enabled;
+ * As a precaution before an inplace restore of a service.
 
 ## How the data is stored?
 
-The service's files are stored at the cloud of user's choosing.
-At the moment we support Backblaze but more are to be added.
+The service's files are stored at the cloud of the user's choice.
+We currently support Backblaze, with more to come.
 
-All of the service data is encrypted with a local secret which the cloud never receives.
-Under the hood, we use Restic for transfers of encrypted data.
+All of the service data is encrypted with a local secret that the cloud never receives.
+Under the hood, we use Restic to transfer encrypted data.
+
+Cloud storage providers, such as Backblaze, have an option to prevent immediate deletion of data.
 
-Clouds like Backblaze have an option to disallow immediate removal of data.
 SelfPrivacy app uses this option so that in case when the server is hacked the data cannot be erased.
 
 ## Listing snapshots
 
 There are 2 factors to keep in mind when looking at the list:
 
-  * For the sake of performance, the list is cached. If some snapshots are missing which you think should be there, invalidate the cache so it reloads.
-  * If you remove some snapshots, they will disappear from the list, but for some limited time they are still restorable with the help of the cloud.
+  * For the sake of performance, the list is cached. If some snapshots are missing which you think should be there, invalidate the cache so it reloads;
+  * If you delete some snapshots, they will be removed from the list, but for some limited time they are still restorable with the help of the cloud.
 
 ## Restoring a snapshot
 
-When you restore a snapshot, the service is stopped, and all of its files are restored to the state when the snapshot was taken.
-There are 2 ways to do it.
+Restoring a snapshot involves stopping the service and reverting all files to their state at the snapshot's creation. This process can be accomplished in two distinct ways.
 
 The safest one, the default one, is to download the snapshot in its entirety, verify that data is not damaged, and replace the service files with the files from the snapshot.
-This has a downside that you need to have extra space to store the snapshot.
+However, this method requires additional storage space for the snapshot.
 
-A somewhat riskier way is to overwrite the service files directly, without intermediate storage. This needs less space, but if the transfer goes wrong, you end up with a broken service.
-To somewhat mitigate this, a pre-restore snapshot is made just before the restoration.
+A somewhat riskier way is to overwrite the service files directly, without intermediate storage. It requires less space, but if the transfer goes wrong, you end up with a broken service.
+To help reduce the impact, a snapshot is taken just before restoring.
 
 The app does check that we have enough space before attempting a restore.
 
@@ -73,23 +73,22 @@ Forgetting makes the snapshot inaccessible from the server, but deletion itself
 
 ## Automatic Backup
 
-If you set up an automatic backup period, all of the services will be backed up regularly according to the period.
+If you set up an automatic backup period, all of the services will be backed up according to the set period.
 
 Note that backups are independent per service. If you have services A and B backed up automatically every day in the morning, and then you back up service B manually at noon, then service A's next backup will be in the morning as usual, but B's backups will occur at noons.
 
-If set to zero, autobackups will be disabled.
+If it is disabled, automatic backups will not be performed.
 
 ## Restoring after someone has deleted all the snapshots
 
-  * Go to your Backblaze/other cloud interface directly.
-  * Rewind the bucket's state to prior the deletion event.
-  * Open SelfPrivacy app
-  * Invalidate snapshot cache
-  * List the snapshots
-  * Restore from snapshots as usual
+  * Go to your Backblaze/other cloud interface directly;
+  * Rewind the bucket to its previous state before the deletion event;
+  * Open SelfPrivacy app;
+  * Update the snapshot list;
+  * Restore from snapshots as usual.
 
 ## Troubleshooting backups
 
-  * If you suspect that the snapshot list is inaccurate, try discarding the cache
-  * If an inplace restore failed, make sure that your cloud is accessible and your contract is active, then try to either restore a snapshot you tried to restore, or a pre-restore snapshot generated automatically
-  * If you do not have enough space on the disk for a safe restore, try restoring inplace
+  * If you suspect that the list of snapshots is incorrect, try updating the snapshot list;
+  * If an inplace restore has failed, make sure that your cloud is accessible and your contract is active. Then try to restore either a snapshot that you tried to restore or a pre-restore snapshot that was automatically generated;
+  * If you do not have enough space on the disk for a safe restore, try restoring inplace.

content/en/docs/How To Guides/change_dns_provider/_index.md

@@ -0,0 +1,243 @@
+---
+title: "How to change the DNS provider to deSEC"
+linkTitle: "Changing DNS provider to deSEC"
+weight: 2
+date: 2023-10-21
+description: >
+    For those who want to change their DNS provider after server installation.
+---
+
+
+We recommend using [deSEC](https://desec.io/) instead of [CloudFlare](https://cloudflare.com/). DeSEC is dedicated to privacy.
+
+If you have first tied your domain to CloudFlare and now you want to change providers, this article is for you.
+
+Attention, the process is quite complicated, and if you feel that something goes wrong, you can feel free to write us in the chat.
+
+During this process, your services will be temporarily unavailable. Also, write down the IP address of your server, as you will not be able to access it by domain name.
+
+## Transferring the nameserver
+
+A nameserver is a server that translates your domain (letters) into a server IP address (numbers).
+
+1. Register with [deSEC](https://desec.io/).
+
+2. On [the "domains" page](https://desec.io/domains), click on the “plus” button.
+
+
+{{< imgproc desec1 Fill "626x287" />}}
+
+
+3. Enter your domain.
+
+4. Copy "nameservers".
+
+{{< imgproc desec2 Fill "626x287" />}}
+
+
+Now go to the website of the domain registrar from whom you purchased the domain.
+The actions will be similar for all providers, we will show using [Porkbun](https://porkbun.com/) as an example.
+
+1. Go to your domain control panel.
+
+2. Find there the “Authoritative nameservers” parameter.
+
+{{< imgproc namechip1 Fill "626x287" />}}
+
+3. Replace the current addresses with those that we copied from deSEC in the instructions earlier.
+
+4. Save the changes.
+
+{{< imgproc namechip3 Fill "626x287" />}}
+
+---
+
+## Getting the deSEC token
+
+1. Log in [here](https://desec.io/login).
+
+2. Go to the [Domains page](https://desec.io/domains).
+
+3. Go to the **Token management** tab.
+
+4. Click on the round "plus" button in the upper right corner.
+
+{{< imgproc desec-tokenmanagment Fill "626x287" />}}
+
+5. "**Generate New Token**" dialogue must be displayed. Enter any **Token name** you wish. Advanced settings are not required, so do not touch anything there.
+
+6. Click on **Save**.
+
+7. Make sure you save the token's "**secret value**" as it will only be displayed once.
+
+{{< imgproc dncsec-copy Fill "626x287" />}}
+
+8. Now you can safely **close** the dialogue.
+
+
+---
+
+## Migrating records
+
+
+Log into both [CloudFlare](https://cloudflare.com/) and [deSEC](https://desec.io/).
+
+
+### On the deSEC website
+
+Follow [the link](https://desec.io/) in the “Domain Management” panel, click on your domain.
+
+{{< imgproc howtodesec1 Fill "600x350" />}}
+
+Now you can add new entries to it using the “Plus” button.
+
+{{< imgproc howtodesec2 Fill "600x350" />}}
+
+
+### On the CloudFlare website
+
+Follow [this link](https://cloudflare.com/) and go to the settings of your domain, which is located under the "Websites" section.
+
+Select your domain.
+
+{{< imgproc howcloudflare2 Fill "363x442" />}}
+
+Now go to "DNS", then "Records".
+
+{{< imgproc howcloudflare Fill "363x442" />}}
+
+
+### First record: api
+
+Based on the example in the screenshot, transfer the parameters of your "api" record (look at the "Name" column) according to their colors.
+
+{{< imgproc replace1 Fill "1544x755" />}}
+
+On the left side of the screenshot is deSEC, and on the right side is Cloudflare. You need to sequentially transfer each parameter of this record.
+
+### Second record: root
+
+Create a new record of type "A", in the "IPv4 address" field, enter your server address, which you have already entered in the "Content" field of the previous record.
+
+**You don't need to transfer all the records!** You have created two records, and the third one has already been created for you.
+
+{{< imgproc replace2 Fill "1250x830" />}}
+
+---
+
+
+## Connecting to the server
+
+To perform the following actions, you will need to connect to the server via SSH with administrator privileges. Basic understanding of the command line is recommended ;)
+
+You can find instructions on how to connect [here](/docs/how-to-guides/root_ssh/).
+
+After connecting to the server, enter the following command:
+
+```
+nano /etc/nixos/userdata.json
+```
+
+You are in a terminal text editor called "nano".
+
+You are editing the file `/etc/nixos/userdata.json`, and you can use the arrow keys to navigate.
+
+Find the following lines in the file:
+
+```
+"dns": {
+    "provider": "CLOUDFLARE",
+    "useStagingACME": false
+},
+
+```
+
+Replace:
+
+```"provider": "CLOUDFLARE",```
+
+with
+
+```"provider": "DESEC",```
+
+Now press CTRL+X, and then key Y.
+
+Then edit another file:
+
+```
+nano /etc/selfprivacy/secrets.json
+```
+
+Find the following:
+
+```
+"dns": {
+    "apiKey": "SECRET-HERE"
+},
+
+```
+
+Remove your old token from CloudFlare and paste the copied token from deSEC.
+(If CTRL+V doesn't work, try SHIFT+CTRL+V)
+
+```"apiKey": "Your deSEC token",```
+
+It should now look like this:
+
+```
+"dns": {
+        "apiKey": "Your deSEC token"
+    },
+```
+
+Press CTRL+X, then Y to save the file.
+
+If the file has been saved and you have successfully exited the text editor, enter the command:
+
+```
+systemctl start sp-nixos-rebuild.service
+```
+
+It will start the rebuild of your system with new options. You may close the console now.
+
+
+---
+
+## Reconfiguring the application
+
+You will have to reset the application config to work properly. **Don't forget to create a recovery key and save it in a safe place (password manager).**
+
+How to reset the application:
+
+Go to Application Settings.
+
+{{< imgproc app1 Fill "590x1221" />}}
+
+
+Press "Reset application config".
+
+{{< imgproc app2 Fill "585x700" />}}
+
+
+Now go to the "Setup Wizard" section where you configured your server when you first launched the application.
+
+{{< imgproc app3 Fill "590x1221" />}}
+
+Tap "I already have a SelfPrivacy server!".
+
+(In the old version it might be called "Connect to an existing server").
+
+{{< imgproc app4 Fill "590x1221" />}}
+
+Next, follow the instructions in the app and enter the recovery key or code from another device where the SelfPrivacy app is installed.
+
+After installation, you will see some problems with Domain and DNS. The application will offer you to fix them. Accept the fixes.
+
+{{< imgproc app5 Fill "590x1221" />}}
+
+
+{{< imgproc app6 Fill "590x500" />}}
+
+
+
+**Congratulations! You have successfully changed your domain provider. We recommend you to check that all services are working correctly.**

content/en/docs/Services/pleroma.md

@@ -5,11 +5,11 @@ description: >
   Decentralized Social Network Server
 ---
 
-Any centralized social network will have to take care of moderation, censorship, 
-implementing rules, reading your correspondence as it grows. 
-Another thing is your own social network, which can only belong to you, 
-your family or your team. Only a decentralized network can provide maximum privacy. 
-That's why we offer you to become part of the Fediverse decentralized network. 
+Any centralized social network will have to take care of moderation, censorship,
+implementing rules, reading your correspondence as it grows.
+Another thing is your own social network, which can only belong to you,
+your family or your team. Only a decentralized network can provide maximum privacy.
+That's why we offer you to become part of the Fediverse decentralized network.
 
 At SelfPrivacy we use [Pleroma](https://pleroma.social/).
 
@@ -24,4 +24,15 @@ At SelfPrivacy we use [Pleroma](https://pleroma.social/).
 
 ## Features of Pleroma
 - A social network of any scale: from a personal server with a single account to a massive thematic site;
-- Your social network, your rules. You are the censor, moderator and administrator.
+- Your social network, your rules. You are the censor, moderator and administrator.
+
+## Getting admin rights
+
+Right now you can get admin rights only by using the command line.
+
+1. Connect to your server via SSH as a `root` user. Use [this guide](/docs/how-to-guides/root_ssh/) if you need help.
+2. Run the following command, replacing `<username>` with the username you want to make an admin:
+   ```
+   sudo -u pleroma env RELEASE_COOKIE=/var/lib/pleroma/.cookie pleroma_ctl user set <username> --admin
+   ```
+3. Done! Now the user `<username>` has admin rights.

content/ru/docs/Backups/_index.md

@@ -86,7 +86,6 @@ SelfPrivacy не создает резервных копий всей маши
   * Откатите состояние ведра до состояния, предшествовавшего удалению;
   * Откройте приложение SelfPrivacy;
   * Обновите список копий;
-  * Откройте снимки;
   * Восстановите моментальный снимок обычным способом.
 
 ## Устранение неполадок при резервном копировании

content/ru/docs/How To Guides/change_dns_provider/_index.md

@@ -8,14 +8,15 @@ description: >
 ---
 
 
-Мы рекомендуем использовать [deSEC](https://desec.io/) вместо [CloudFlare](https://cloudflare.com/). DeSEC нацелен на приватность. 
+Мы рекомендуем использовать [deSEC](https://desec.io/) вместо [CloudFlare](https://cloudflare.com/). DeSEC нацелен на приватность.
 
 Если вы сначала привязали ваш домен к CloudFlare и теперь хотите сменить провайдера, эта статья для вас.
 
-Внимание, процесс довольно сложен, и если вы чувствуете, что что-то идет не так, можете смело [писать нам в чат](https://selfprivacy.org/ru/docs/faq/#%D0%BA%D0%B0%D0%BA-%D0%BF%D0%BE%D0%BB%D1%83%D1%87%D0%B8%D1%82%D1%8C-%D0%BF%D0%BE%D0%BC%D0%BE%D1%89%D1%8C).
+Внимание, процесс довольно сложен, и если вы чувствуете, что что-то идет не так, можете смело писать нам в чат.
 
 ## Переносим сервер имен (nameserver)
-Сервер имен — это сервер который переводит ваш домен (буквы) в IP-адрес сервера (цифры).
+
+Сервер имен — это сервер, который переводит ваш домен (буквы) в IP-адрес сервера (цифры).
 
 1. Регистрируемся в [deSEC](https://desec.io/).
 
@@ -33,11 +34,10 @@ description: >
 
 
 Теперь переходим на сайт провайдера, у которого вы покупали домен.
-Действия будут схожи для всех провайдеров, мы будем показывать на примере [Namecheap](https://www.namecheap.com/). 
+Действия будут схожи для всех провайдеров, мы будем показывать на примере [Porkbun](https://porkbun.com/).
 
 1. Переходим в панель управления вашим доменом.
 
-
 2. Находим там параметр "Authoritative nameservers".
 
 {{< imgproc namechip1 Fill "626x287" />}}
@@ -53,7 +53,7 @@ description: >
 ## Получаем токен deSEC
 
 1. Авторизуемся в [deSEC](https://desec.io/login)
-  
+
 2. Переходим на страницу [Domains](https://desec.io/domains)
 
 3. Переходим на вкладку **Token management**.
@@ -62,8 +62,7 @@ description: >
 
 {{< imgproc desec-tokenmanagment Fill "626x287" />}}
 
-
-5. Должен появиться диалог "**Generate New Token**". Вводим любое имя токена в **Token name**. 
+5. Должен появиться диалог "**Generate New Token**". Вводим любое имя токена в **Token name**.
 *Advanced settings* необязательны, так что ничего там не трогаем.
 
 6. Кликаем **Save**.
@@ -81,29 +80,29 @@ description: >
 
 Понять, что запись обновилась, вы сможете через приложение, либо перейдя по ссылке на один из ваших сервисов (вы увидите ошибку подключения).
 
-Но помните, вы не сможете больше обращаться к вашему серверу по домену, вам нужно будет знать IP-адрес сервера. Его можно узнать, к примеру, в панеле хостер провайдера.
+Но помните, вы не сможете больше обращаться к вашему серверу по домену, вам нужно будет знать IP-адрес сервера. Его можно узнать, к примеру, в панели хостер провайдера.
 
 Для следующих действий вам нужно будет подключиться по ssh к серверу с правами администратора. Минимальное понимание работы командной строки приветствуется ;)
 
-Инструкцию по подключению вы сможете [прочитать тут](http://localhost:1313/ru/docs/how-to-guides/root_ssh/). 
+Инструкцию по подключению вы сможете [прочитать тут](/docs/how-to-guides/root_ssh/).
 
 
 После подключения к серверу вводим:
 
 ```
-nano /etc/nixos/userdata/userdata.json
+nano /etc/nixos/userdata.json
 ```
 
-Вы оказались в терминальном тектовом редакторе под названием "nano". 
+Вы оказались в терминальном текcтовом редакторе под названием "nano".
 
-Вы редактируете файл ```/etc/nixos/userdata/userdata.json```, и можете использовать стрелочки для перемещения.
+Вы редактируете файл ```/etc/nixos/userdata.json```, и можете использовать стрелочки для перемещения.
 
 Находим в файле такие строчки:
 
 ```
 "dns": {
     "provider": "CLOUDFLARE",
-    "apiKey": "Тут будет много букв и цифр, это ваш токен"
+    "useStagingACME": false
 },
 
 ```
@@ -112,33 +111,49 @@ nano /etc/nixos/userdata/userdata.json
 
 ```"provider": "CLOUDFLARE",```
 
-на 
+на
 
 ```"provider": "DESEC",```
 
+Теперь нажимаем CTRL+X, после клавишу Y.
 
-Теперь на следующей строчке убираем ваш старый токен от CloudFlare и вставляем скопированный токен от deSEC. 
+Теперь отредактируем другой файл:
+
+```
+nano /etc/selfprivacy/secrets.json
+```
+
+Находим в файле такие строчки:
+
+```
+"dns": {
+    "apiKey": "SECRET-HERE"
+},
+
+```
+
+Убираем ваш старый токен от CloudFlare и вставляем скопированный токен от deSEC.
 (Если CTRL+V не работает, попробуйте SHIFT+CTRL+V)
 
 ```"apiKey": "Сюда ваш токен",```
 
-Должно получиться так: 
+Должно получиться так:
 
 ```
 "dns": {
-        "provider": "DESEC",
-        "apiKey": "Ваш токен от deSEC",
+        "apiKey": "Ваш токен от deSEC"
     },
 ```
 
-Теперь нажимаем CTRL+X, после клавишу Y. 
+Теперь нажимаем CTRL+X, после клавишу Y.
+
+Если файл сохранился и вы успешно вышли из текстового редактора, вводим команду:
 
-Если файл сохранился и вы успешно вышли из тектового редактора, вводим команду:
 ```
-nixos-rebuild switch 
+systemctl start sp-nixos-rebuild.service
 ```
 
-Она пересоберет вашу серверную систему с новыми параметрами.
+Она начнёт пересборку вашей системы с новыми параметрами.
 
 После выполнения команды можно смело закрывать консоль.
 
@@ -152,6 +167,7 @@ nixos-rebuild switch
 
 
 #### В интерфейсе deSEC
+
 По [ссылке](https://desec.io/), в панели "Domain Managment" нажмите на ваш домен.
 
 {{< imgproc howtodesec1 Fill "600x350" />}}
@@ -162,6 +178,7 @@ nixos-rebuild switch
 
 
 ##### В интерфейсе CloudFlare
+
 По [ссылке](https://cloudflare.com/), переходим в настройки вашего домена, который находится в разделе "Websites".
 
 Выбираем ваш домен.
@@ -174,17 +191,17 @@ nixos-rebuild switch
 
 
 #### Первая запись: api
-Орентируясь на пример с скриншота переносим ваши параметры "api" (смотрите на столбик "Name") записи в соответвии с их цветами.
+
+Ориентируясь на пример со скриншота переносим ваши параметры "api" (смотрите на столбик "Name") записи в соответствии с их цветами.
 
 {{< imgproc replace1 Fill "1544x755" />}}
 
-На скриншоте слева — deSEC, а справа Сloudflare. Вам нужно последовательно перенести каждый параметр данной записи. 
+На скриншоте слева — deSEC, а справа Сloudflare. Вам нужно последовательно перенести каждый параметр данной записи.
 
 #### Вторая запись: корневая
 
 Создаём новую запись типа "А", в "IPv4 address" пишем ваш адрес сервера, вы уже писали его в поле "Content" предыдущей записи.
 
-
 **Все записи переносить не надо!** Вы создали две записи, а третья уже была создана за вас. Давайте проверим, что у нас получилось.
 
 {{< imgproc replace2 Fill "1250x830" />}}
@@ -226,4 +243,4 @@ nixos-rebuild switch
 
 {{< imgproc app6 Fill "590x500" />}}
 
-**Поздравляем! Вы успешно сменили доменного провайдера. Рекомендуем вам проверить, что все сервисы работают корректно.**
+**Поздравляем! Вы успешно сменили доменного провайдера. Рекомендуем вам проверить, что все сервисы работают корректно.**

content/ru/docs/Theory/architecture.md

@@ -7,11 +7,11 @@ description: >
   Как организован проект и как он работает.
 ---
 
-Да, вы можете использовать kubernetes. Но зачем, если неизменяемость обеспечивается NixOS?
+Да, вы можете использовать kubernetes. Но зачем, если неизменяемость обеспечивается благодаря NixOS?
 
-**Мобильное приложение:** [Flutter](https://flutter.dev/)/[Dart](https://dart.dev/) выбрали из-за скорости и плавности работы UI, а также очень соблазнительна их кроссплатформенность.
+**Пользовательское приложение:** [Flutter](https://flutter.dev/)/[Dart](https://dart.dev/) выбрали из-за скорости и плавности работы UI, а также очень соблазнительна их кроссплатформенность.
 
-**Бэкенд**: [NixOS](https://nixos.org/) + [Python](https://www.python.org/). NixOS выбран из-за воспроизводимости, Python из-за универсальности и популярности.
+**Серверная сторона (backend)**: [NixOS](https://nixos.org/) + [Python](https://www.python.org/). NixOS выбран из-за воспроизводимости, Python из-за универсальности и популярности.
 
 # Сервис-провайдеры
 **Нам не платит ни один сервис-провайдер!** Мы никак с ними не аффилированы. Выбирали исключительно из профессиональных соображений. Но не исключаем партнерство в будущем.
@@ -23,18 +23,25 @@ SelfPrivacy поддерживает два хостинг провайдера:
 
 Оба были выбранны из-за низкой цены и приемлемого уровня сервиса, качественного REST API. 
 
-Hetzer не был замечен в проблемах с приватностью и сбором данных.
-
 Кандидаты:
 - Свой личный железный сервер. **Сейчас наш основной приоритет**;
 - Сервис-провайдер, который предоставит API для разворачивания железного сервера. Вне [FVEY](https://en.wikipedia.org/wiki/Five_Eyes);
 - OVH
 - Scaleway
 
-Еще есть бесплатный [Oracle Cloud](https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm), но там где вы не платите, обычно вы и есть товар.
+Ещё есть бесплатный [Oracle Cloud](https://docs.oracle.com/en-us/iaas/Content/FreeTier/freetier_topic-Always_Free_Resources.htm), но там где вы не платите, обычно вы и есть товар.
 
 ### DNS
-[Cloudlare](https://cloudflare.com) надежность, бесплатность. Вероятно, собирает данные, иначе сложно объяснить зачем бесплатно проксировать чужой трафик. В нашем случае используем только как DNS-сервер и ничего не проксируем. В будущем заменим на self-hosted DNS, как только решим проблему надежности.
 
-### Backup repository
-[Backblaze](https://www.backblaze.com/) бесплатно и в разы дешевле AWS. Не замечен в сборе данных. [Публикует](https://www.backblaze.com/blog/open-source-data-storage-server/) в open source наработки железа, на котором работает. Также [делится](https://www.backblaze.com/b2/hard-drive-test-data.html) очень полезной статистикой по отказам дисков, на основе которых можно выбрать себе наиболее надежный и проверенный. В будущем, возможно, заменим на self-hosted решение или p2p. Сейчас это не основной приоритет, так как данные шифруются, а сервис-провайдер видит только IP-адрес Вашего сервера (а не домашний).
+На выбор [Cloudlare](https://cloudflare.com), [deSEC](https://desec.io/) или [DigitalOcean DNS](https://www.digitalocean.com/).
+
+[deSEC](https://desec.io/) — более приватный вариант, рекомендуется по умолчанию.
+
+[Cloudlare](https://cloudflare.com) вероятно, собирает данные в режиме проксирования трафика, иначе сложно объяснить, зачем предоставлять серсис бесплатно. **В нашем случае мы ничего не проксируем, а используем его только как DNS-сервер.** 
+
+### Резервные копии
+Используем — [Backblaze](https://www.backblaze.com/)
+
+Первые 20GB бесплатны и в разы дешевле AWS. [Backblaze](https://www.backblaze.com/) [публикует](https://www.backblaze.com/blog/open-source-data-storage-server/) в open source наработки железа, на котором работает. Также [делится](https://www.backblaze.com/b2/hard-drive-test-data.html) очень полезной статистикой по отказам дисков, на основе которых можно выбрать себе наиболее надёжный и проверенный. 
+
+В будущем, возможно, заменим на self-hosted решение или p2p. **Сейчас это не основной приоритет, так как данные шифруются, а сервис-провайдер видит только IP-адрес вашего сервера, а не устройства с приложением.**