# Single-user deployment

One person, one machine, all your data stays with you. This is the default and simplest mode.

## GitHub Pages (free, automated)

```bash
uv run bincio render --deploy github
```

This builds `site/dist/` and pushes it to the `gh-pages` branch. Requires `npx gh-pages` (`npm install -g gh-pages`).

Set the repository to serve from the `gh-pages` branch in GitHub → Settings → Pages.

## Static hosting (Netlify, Vercel, Cloudflare Pages, etc.)

Build locally and deploy the `site/dist/` directory. Or set up CI:

```yaml
# .github/workflows/deploy.yml (example)
- run: uv run bincio render
- uses: actions/upload-pages-artifact@v3
  with:
    path: site/dist
```

## VPS with nginx

Serve `site/dist/` as a static directory. No server process needed for read-only access.

```nginx
server {
    listen 80;
    server_name example.com;
    root /var/www/bincio/dist;
    index index.html;
    location / { try_files $uri $uri/ $uri.html =404; }
}
```

### Enable the edit UI on a VPS

If you want to edit activities from the browser while on your VPS:

```nginx
server {
    listen 443 ssl;
    server_name example.com;

    root /var/www/bincio/dist;

    location / {
        try_files $uri $uri/ $uri.html =404;
    }

    # Proxy /api/* to bincio edit (local-only, never exposed directly)
    location /api/ {
        proxy_pass http://127.0.0.1:4041;
        proxy_set_header Host $host;
    }
}
```

Then run `bincio edit` as a background service:

```bash
uv run bincio edit --data-dir ~/bincio_data
```

And set `PUBLIC_EDIT_URL=` (empty — the proxy makes /api/ same-origin) in your environment before building.

## Keeping the site up to date

After extracting new activities or editing sidecars:

```bash
uv run bincio extract           # process new files
uv run bincio render            # rebuild site/dist/
rsync -av site/dist/ user@server:/var/www/bincio/dist/
```

Or automate with a cron job or GitHub Action.

## Privacy note

Single-user mode has no authentication. The site is public to anyone with the URL. Use `privacy: private` in sidecar files to hide specific activities, or restrict access at the nginx level (HTTP basic auth, IP allowlist, etc.).