How I built this site (and its tiny CMS)
A minimalist personal site with a password-gated markdown editor — no database, just files, Next.js, and a few good defaults.
I wanted a personal site that was fast, mine, and easy to write on. No dashboard to log into, no database to babysit. Here's how it works.
The stack
- Next.js (App Router) for routing and static rendering
- Tailwind for a small, consistent design system
- Markdown files as the source of truth for posts
- A password-gated
/adminwith a live markdown editor
That's it. The blog you're reading is generated straight from .md files in the repo.
A CMS without a database
Every post is a file with a little frontmatter on top:
---
title: How I built this site
excerpt: A minimalist personal site...
date: 2026-06-24
published: true
---
The body goes here, in **markdown**.
Writing happens in a split-screen editor with a live preview. When I publish, it writes the file, and a git push ships it. The whole thing is static, so pages load instantly and there's almost nothing to attack.
Security defaults I didn't skip
Even for a personal site, a few things are non-negotiable:
- Sanitized markdown so a post can never inject a script.
- A signed, http-only session cookie for the admin gate — no passwords in the browser.
- A strict Content-Security-Policy and the usual hardening headers.
- Rate-limited login and a constant-time password check.
| Concern | Approach |
|---|---|
| XSS | rehype-sanitize on all rendering |
| Auth | HMAC-signed cookie, edge-verified |
| Brute force | Per-IP rate limiting |
| Clickjacking | X-Frame-Options: DENY + CSP |
The result is a site I actually enjoy writing on — and one I don't have to think about between posts. That's the whole point.