How this blog is built (Hugo + PaperMod + GitLab Pages)

Why a static blog

I wanted something fast, portable, and boring to maintain: plain markdown, predictable builds, no database, no plugin ecosystem.

Stack

• Hugo (static site generator)
• PaperMod (theme found from the official list )
• GitLab Pages (hosting + CI build)
• Porkbun (DNS)

Repo layout

• content/ → posts and pages
• layouts/ → small overrides (e.g., link render hook)
• static/ → static assets (icons, images, etc.)

Build & deploy (GitLab Pages)

My site is built automatically on push. The important parts are:

• run Hugo in production mode
• publish the public/ directory as the Pages artifact

My pipeline is essentially:

variables:
  HUGO_ENV: production
  GIT_SUBMODULE_STRATEGY: recursive

default:
  image: hugomods/hugo:exts
  before_script:
    - hugo version

pages:
  script:
    - hugo
  pages: true
  artifacts:
    paths:
      - public
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
  environment: production

Core Hugo config

Here are the bits of hugo.yaml that matter for how the site behaves:

languageCode: en-us
theme: ["PaperMod"]

enableRobotsTXT: true

outputs:
  home:
    - HTML
    - RSS
    - JSON

params:
  env: production
  mainSections: ["posts"]

Don’t forget also to add the baseURL and the title fields.

Site search

PaperMod search uses a generated index.json, so the homepage outputs must include JSON. I enable it by adding JSON to home outputs and creating /search/.

PaperMod documents this as the supported approach.

Affiliate + external link automation

I added a link render hook to automatically qualify affiliate links and harden external links.

In Markdown, I can mark a link as affiliate by adding a title:

[Product](https://example.com "affiliate")

The render hook then:

• adds rel="sponsored" for affiliate links
• adds rel="noopener noreferrer" and target="_blank" for external links

Analytics & privacy

I currently use Google Analytics. I keep tracking minimal and avoid adding random third-party widgets that leak data or slow the site down. PaperMod and Hugo integrate this feature. I enabled analytics via Hugo config parameters.

Security defaults I care about

When I built the site, I wanted to keep it simple.

Content and security policy (practical rules)

These are the rules I follow when I publish:

• I don’t recommend running scripts without explaining what they do.
• I qualify compensated links (affiliate/sponsored).
• I prioritize reproducible steps and tradeoffs over vague recommendations.

That’s why the blog stays static, minimal, and focused on repeatable setups.