Compare commits

...

194 Commits

Author SHA1 Message Date
9bbfef4c39
compose: use docker compose, not docker-compose
All checks were successful
continuous-integration/drone/push Build is passing
* get on with the times...plus the old form does not like the compose
  file anymore
* also add an empty volume to make compose happy
2024-05-28 22:45:53 +02:00
b796f72abc
go: add a 404 handler
All checks were successful
continuous-integration/drone/push Build is passing
2024-04-02 23:32:51 +02:00
22e4b4d5a4
add info on DOH to the services page
All checks were successful
continuous-integration/drone/push Build is passing
2023-10-05 15:15:31 +02:00
7fbdfac786
md: update contact info
All checks were successful
continuous-integration/drone/push Build is passing
2023-09-25 23:32:48 +03:00
131e84bd17
ci,dockerfile: bump to go1.21
All checks were successful
continuous-integration/drone/push Build is passing
2023-08-13 16:03:13 +02:00
2906fb1b88
chore: add todos [skip ci] 2023-08-13 16:00:27 +02:00
e9bd63decb
pre-commit-config: update hugo check [skip ci] 2023-07-29 17:06:39 +02:00
9c6215d9a1
chore: bump hugo to v0.115.3
All checks were successful
continuous-integration/drone/push Build is passing
the hugo bump required updating some configuration fields, those are
thus part of this change set
2023-07-20 16:21:41 +02:00
aa539af15d
add .golangci.yml
All checks were successful
continuous-integration/drone/push Build is passing
2023-07-19 22:43:44 +02:00
3dbafe08e7
ci,dockerfile,gomod: bump base to go1.20
All checks were successful
continuous-integration/drone/push Build is passing
2023-07-19 22:39:12 +02:00
d081a79f6d
go: add server read/write timeouts
All checks were successful
continuous-integration/drone/push Build is passing
2023-07-19 22:35:42 +02:00
419686eb0c
chore(dockerfile): bump docker preamble
All checks were successful
continuous-integration/drone/push Build is passing
2023-07-19 22:27:48 +02:00
leo
aa2b945765
posts: add m32.md
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing
2023-06-14 14:14:25 +02:00
leo
e49b97a80a
partials: add width,height to gitea svg
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-20 21:25:44 +01:00
leo
07b479d3bf
revert 3a6fe46 adding incorrect meta tag
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:40:21 +01:00
leo
9ec1a876d1
chore: add 28bd2388 page's description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:30:13 +01:00
leo
2a8ef46357
chore: add onions page's description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:28:06 +01:00
leo
a3a5a19710
chore: add privacy page's description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:26:29 +01:00
leo
cf1a632e3e
chore: add contact page's description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:24:32 +01:00
leo
d8e801a178
chore: add about page's description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:23:54 +01:00
leo
df3d9c644f
chore: add services description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:21:22 +01:00
leo
fb351a2e8d
chore: add post description
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 15:18:27 +01:00
leo
ad9a9e679f
compose: comment out internal-nw
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 14:50:33 +01:00
leo
3a6fe46e26
add alternative meta description to baseof.html
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 14:39:07 +01:00
leo
6928c45106
add aria role to footer tmpl
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 14:27:49 +01:00
leo
057ca6edba
add aria role to homepage footer
All checks were successful
continuous-integration/drone/push Build is passing
2023-02-14 14:24:09 +01:00
leo
3020a43ca2
hotfix: disable traefik, scale down homepage
All checks were successful
continuous-integration/drone/push Build is passing
2023-01-31 01:21:02 +01:00
leo
3b36350faf
compose: adapt to changed socket location
All checks were successful
continuous-integration/drone/push Build is passing
2023-01-30 17:22:11 +01:00
leo
759d7a1ccb
dockerfile: bump go base img to :1.18.9-alpine3.17
All checks were successful
continuous-integration/drone/push Build is passing
2022-12-16 17:19:35 +01:00
leo
c4bea59899
compose: bump traefik to 2.9.6
All checks were successful
continuous-integration/drone/push Build is passing
2022-12-16 16:47:37 +01:00
leo
f680d0cefa
compose: bump traefik to 2.9.5
All checks were successful
continuous-integration/drone/push Build is passing
2022-12-16 16:18:05 +01:00
e29cf10b03
readme: make title link to repo
All checks were successful
continuous-integration/drone/push Build is passing
2022-10-31 15:22:14 +01:00
b720c1224b
chore(ci,dockerfile): bump hugo to v0.105.0
All checks were successful
continuous-integration/drone/push Build is passing
2022-10-28 23:32:35 +02:00
44ae248e72
compose: bump traefik to 2.9.4
All checks were successful
continuous-integration/drone/push Build is passing
2022-10-28 23:20:58 +02:00
698f3f0329
compose: bump traefik to 2.9.1
All checks were successful
continuous-integration/drone/push Build is passing
2022-10-11 17:20:08 +02:00
fe2aba1e74
compose: bump traefik to 2.8.8
All checks were successful
continuous-integration/drone/push Build is passing
2022-10-11 17:18:02 +02:00
5c258c0b8b
chore(ci,dockerfile): bump hugo to v0.104.1
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-28 16:02:48 +02:00
f47d06eded
bump traefik to 2.8.7
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-28 15:59:03 +02:00
6e25befe64
pre-commit: add hugo-version-check hook
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-28 15:55:50 +02:00
b023e6bcba
chore(ci,dockerfile): bump hugo to v0.103.0
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-17 13:18:43 +02:00
bbe295aea9
bump traefik to 2.8.5
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-17 03:44:21 +02:00
df4791a3b1
content: add age key, split contact page
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing
2022-09-12 17:30:18 +02:00
f363952d13
ci(compose): split long cmd to multiple lines
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-09 14:47:09 +02:00
9b08a69426
ci: add 'check compose' step to pipelines
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-09 14:37:37 +02:00
4912d1f9e8
compose: add healthcheck
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-09 13:21:44 +02:00
3b9343debf
chore(compose,ci): always specify registry
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-09 12:56:04 +02:00
fab63e3eee
bump traefik to 2.8.4
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-09 12:23:37 +02:00
7a178b29af
content: add (affiliate) link to UptimeRobot
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-06 16:11:32 +02:00
937621ae7e
ci(fix): use correct tag (broken by c88a02c)
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone Build is passing
additionally, show hugo version on pull
2022-09-04 20:30:05 +02:00
f36a545c93
config: format datetime according to RFC1123Z
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-01 20:17:21 +02:00
20b3218aab
layouts(posts): add lastmod if set
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-01 03:08:03 +02:00
87138d7b1e
content(dnscrypt): add tips, reword, reformat
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-01 02:36:58 +02:00
c88a02c101
chore: bump hugo to v0.102.2
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-01 01:42:11 +02:00
04eeda81c7
ci: start signing .drone.yml
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-01 01:36:06 +02:00
8afe3e0524
chore: bump hugo to v0.102.1
All checks were successful
continuous-integration/drone/push Build is passing
2022-09-01 01:19:15 +02:00
6e1039893d
ci,dockerfile: switch to immawanderer/alpine-hugo
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-31 21:46:29 +02:00
051903761c
content: add privacy.md, update {about,contact}.md
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-30 13:03:36 +02:00
f7d9892205
content: add {services,onions}.md, update about.md
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-30 12:43:55 +02:00
e358a0d1a4
archetypes: set git info by default [skip ci] 2022-08-30 11:50:25 +02:00
bf16d9d763
archetypes: set lastmod by default [skip ci] 2022-08-30 11:50:02 +02:00
90aca411aa
content(about): add note on CoreDNS DoT resolver
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-30 11:35:37 +02:00
31ea1683aa
ignore binary [skip ci] 2022-08-28 17:36:44 +02:00
6923776886
content(dnscrypt): partially reword the post
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-28 17:29:07 +02:00
bcd6f3bf1a
ci: unify GOFLAGS with dockerfile
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-23 13:36:45 +02:00
26bc3d7d61
enable pygments to use classes
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-21 18:01:42 +02:00
084258ee6c
content(about): add note on SearXNG
All checks were successful
continuous-integration/drone/push Build is passing
instance deployed at https://searxng.dotya.ml
2022-08-21 17:30:05 +02:00
b0dc51e14c
content(about): add note on tmate
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-21 17:27:57 +02:00
e20bf87831
bump traefik to 2.8.3
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-14 11:48:20 +02:00
c68a84082f
bump traefik to 2.8.2
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-12 21:36:28 +02:00
c9553bf7e5
ci: add 'VCS_REF' build arg during compose build
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-08 16:51:03 +02:00
35b2cd330c
readme: add pre-commit badge [skip ci] 2022-08-08 16:50:31 +02:00
9ae12826a8
dockerfile: migrate to docker frontend v1.3
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-08 16:47:39 +02:00
5df1659c6f
pre-commit: add hadonlint-container hook [skip ci] 2022-08-08 16:46:52 +02:00
a894b9eff5
ci: bump hadolint to v2.10.0-alpine
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-08 16:35:20 +02:00
e314f788e7
content(about): add mention of cryptcheck.fr scans
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-08 16:28:11 +02:00
c3a29bef55
fix: {ci race condition,traefik}
All checks were successful
continuous-integration/drone/push Build is passing
as a result of #33:
* traefik proxy according to compose was pointing nowhere
* traefik was attempting to redirect as it used to when the site was
  behind nginx, which is unneccessary now, the go app can properly
  handle paths such as '/tags/'.
2022-08-08 15:27:27 +02:00
cfe496dcb7
embed homepage in a Go app (#33)
Some checks failed
continuous-integration/drone/push Build is failing
the entire './public' folder that Hugo produces is embedded into a
variable of 'embed.FS' type and served directly using the default http
mux that Go std offers.

ci, pre-commit, Dockerfile and compose file have all been updated
accordingly.

nginx is no longer needed to front the site files, which enabled
switching to a SCRATCH image containing just a single statically linked
"homepage" app that has all files (html, css, js) embedded.
the containers are otherwise empty (as the name SCRATCH suggests), which
further decreases potential attack surface area.

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #33
2022-08-08 15:20:50 +02:00
d0c61e4847
add yamllint [skip ci] 2022-08-02 15:13:39 +02:00
20c220ffee
compose: add memory limits
All checks were successful
continuous-integration/drone/push Build is passing
2022-08-02 15:08:18 +02:00
20665dc119
chore: fix compose's yaml [skip ci] 2022-08-02 15:07:02 +02:00
0a3136a291
bump traefik to 2.8.1
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-18 17:40:05 +02:00
ffd7a943f4
fix .pre-commit-config.yaml [skip ci] 2022-07-02 17:20:01 +02:00
a8ac5aa872
pre-commit: check compose file
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-02 17:18:27 +02:00
c99432ea52
bump traefik to 2.8.0
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-02 17:07:45 +02:00
ee7acd7c1b
bump traefik to 2.7.3
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-02 17:06:27 +02:00
2c4b9a8546
bump traefik to 2.7.2
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-02 17:05:52 +02:00
c6a7db63d7
pin traefik to 2.7.1
All checks were successful
continuous-integration/drone/push Build is passing
2022-07-02 17:03:19 +02:00
30be2871f2
nginx: redirect 404 to /404.html
All checks were successful
continuous-integration/drone/push Build is passing
2022-04-05 16:27:51 +02:00
1432f7e50d
use relref shortcode for site-local links
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-30 17:59:37 +02:00
bb5d6b632e
only solve for rss as alternative output format
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-30 17:45:06 +02:00
0b8d7d92ae
fix 8fe0e155d3: bump traefik to version 2.7
All checks were successful
continuous-integration/drone/push Build is passing
the :2.6.3 tag is apparently only available for arm arch, it's probably
best not to base the decision to bump versions on a new release
notification. instead, availability of the new version for our default
arch (amd64) should always be checked:
    podman run -it --rm docker.io/library/traefik:2.6.3
    Trying to pull docker.io/library/traefik:2.6.3...
    Error: choosing an image from manifest list docker://traefik:2.6.3: no image found in manifest list for architecture amd64, variant "", OS linux

    ~ took 2s
    (╯°□°)╯︵ ┻━┻ 125 🔥  podman run -it --rm docker.io/library/traefik:2.7
    Trying to pull docker.io/library/traefik:2.7...
    Getting image source signatures
    Copying blob 491249faa733 done
2022-03-30 17:26:02 +02:00
8fe0e155d3
chore: bump traefik to version 2.6.3
Some checks failed
continuous-integration/drone/push Build is failing
2022-03-30 13:45:28 +02:00
aaccd2356b
update theme colours
All checks were successful
continuous-integration/drone/push Build is passing
commit bc6140098f698dbdf9f40b17e68a93d866eb93b5
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 29 18:32:39 2022 +0200

    add commentary to colour codes

    since we're keeping the original names of colour variables from the
    theme, it's a good idea to at least have the usage of them (somewhat)
    documented.

commit 927909be604187b8e178ce009d88ac6b26c0b3c5
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 29 18:24:43 2022 +0200

    increase pre border-radius to 5px

commit 62f0d1654028beb625453ad19b0138574e999861
Author: surtur <a_mirre@utb.cz>
Date:   Tue Mar 29 18:18:02 2022 +0200

    change theme colours
2022-03-29 18:37:04 +02:00
5ca65d3410
set .post-info.a:hover border-bottom size to 2px
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-29 18:07:32 +02:00
c6e71ec9e9
hover transition duration: speed-up to .1s
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-29 18:03:13 +02:00
d0899c6c81
chore: bump traefik to version 2.6.2
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-25 14:45:38 +01:00
b67aaf5aa3
ci: use upstream alpine image for stagin runs
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-20 22:04:56 +01:00
34bf219bde
ci: :latest -> :linux-amd64
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-20 20:33:55 +01:00
a0e38dd2ef
ci: perform hadolint check in deploy pipeline
All checks were successful
continuous-integration/drone/push Build is passing
...a failsafe of sorts
2022-03-20 20:18:45 +01:00
66528553a3
fix: correctly indent and init yaml documents
All checks were successful
continuous-integration/drone/push Build is passing
still some lines are over 80 characters, that needs fixing, too
2022-03-20 20:15:28 +01:00
09a8c3fb60
chore: bump hadolint to v2.9.1-alpine
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-20 19:05:00 +01:00
7222724254
fix: pin fedora-hugo to tag linux-amd64
All checks were successful
continuous-integration/drone/push Build is passing
...which is in fact "rolling" but not called "latest" so hadolint
remains happy
2022-03-20 19:02:50 +01:00
363f26fe3e
chore: bump traefik to version 2.6.1
All checks were successful
continuous-integration/drone/push Build is passing
2022-03-20 18:51:49 +01:00
990832b664
chore: bump traefik to version 2.6.0
All checks were successful
continuous-integration/drone/push Build is passing
2022-02-14 16:45:41 +01:00
b0a6084bd6
chore: bump traefik to version 2.5.7
All checks were successful
continuous-integration/drone/push Build is passing
2022-01-21 16:35:43 +01:00
fa4c50301c
fix: inaccessible tags
All checks were successful
continuous-integration/drone/push Build is passing
2022-01-17 10:54:08 +01:00
554fbb6afd
chore: bump traefik to version 2.5.6
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-28 23:33:51 +01:00
fbc4c7115d
chore: bump traefik to version 2.5.5
All checks were successful
continuous-integration/drone/push Build is passing
2021-12-14 22:41:18 +01:00
ac4ddd5c18
chore: explicitly specify desired taxonomies
All checks were successful
continuous-integration/drone/push Build is passing
2021-11-22 17:52:39 +01:00
e01813e8d4
chore: bump traefik to version 2.5.4
All checks were successful
continuous-integration/drone/push Build is passing
2021-11-09 00:13:14 +01:00
564d834865
pre-commit: add yaml check [skip ci] 2021-09-22 08:37:42 +02:00
2b74d3d58e
chore: bump traefik to version 2.5.3
All checks were successful
continuous-integration/drone/push Build is passing
2021-09-22 08:29:37 +02:00
8d3959c30f
chore: bump traefik to version 2.5.2
All checks were successful
continuous-integration/drone/push Build is passing
2021-09-04 23:50:03 +02:00
a6961ff0c3
template: add RSS link to head of each page
All checks were successful
continuous-integration/drone/push Build is passing
using the below would also add any other alternative formats.
since we don't use any other alt formats, it will only output the link
to RSS feed for each page.
{{ range .AlternativeOutputFormats -}}
    {{ printf `<link rel="%s" type="%s" href="%s" title="%s" />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }}
{{ end -}}

ref: https://gohugo.io/templates/rss/#reference-your-rss-feed-in-head
2021-08-23 15:16:34 +02:00
d23e961b70
chore: bump traefik to version 2.5.1
All checks were successful
continuous-integration/drone/push Build is passing
2021-08-22 12:31:35 +02:00
666bb63477
add pre-commit config
All checks were successful
continuous-integration/drone/push Build is passing
it's sane to have some pre-flight checks, pre-commit makes it easy.
ref: https://pre-commit.com/
2021-08-21 21:01:05 +02:00
06da04bb5c
fix: git url is supposed to only miss commit hash (#31)
All checks were successful
continuous-integration/drone/push Build is passing
to correctly point to a commit path, a '/src/commit/' chunk had to be
added to the previously used URL, which simply pointed to the root of
the repository. that resulted in a garbled URL and a non-existent path as far as Gitea was concerned.
this PR fixes that.

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #31
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
2021-08-08 11:15:25 +02:00
8a1821c416
Add info about DNSCrypt resolver (#29)
All checks were successful
continuous-integration/drone/push Build is passing
update hadolint to v2.6.0-alpine and add an IGNORE to Dockerfile to make
sure the linter is up to date and all errors are resolved, resulting ina passing build.
the ignore is added as the issue is not too big of a deal (at least not
ATM).

* 55d9852 - fix: make hadolint pass <surtur>
* 8f2e192 - about, posts: add dnscrypt <surtur>

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #29
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
2021-08-08 00:36:37 +02:00
6fcef0ce11
chore: bump traefik to version 2.5.0-rc5
All checks were successful
continuous-integration/drone/push Build is passing
2021-08-04 03:08:30 +02:00
6425917e1c
fix(ci): specify the project before the up command
All checks were successful
continuous-integration/drone/push Build is passing
* compose ignores the project value if specified later
* issue introduced in ebd51c2
2021-07-28 14:39:10 +02:00
ebd51c2d54
ci/compose: add project name using a drone env var
All checks were successful
continuous-integration/drone/push Build is passing
ref: dotya.ml/docs#1
2021-07-24 15:46:23 +02:00
2cb4922ffb
chore: bump traefik version to 2.5.0-rc2
All checks were successful
continuous-integration/drone/push Build is passing
2021-06-29 23:14:59 +02:00
744f521684
chore: bump traefik to version 2.4.9
All checks were successful
continuous-integration/drone/push Build is passing
2021-06-23 14:40:40 +02:00
327c48ab68
update: nicer gitea and dockerhub svgs
All checks were successful
continuous-integration/drone/push Build is passing
* fixed sizes and positioning
2021-06-11 23:17:26 +02:00
5dfb0bd0b7
chore: bump traefik to version 2.4.8
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-25 12:33:56 +01:00
a72f41d56e
cbp: pin hadolint version
All checks were successful
continuous-integration/drone/push Build is passing
* atm to 2.0.0-alpine
2021-03-25 12:31:54 +01:00
d865915b40
fix: name proper project authors in LICENSE (#28)
All checks were successful
continuous-integration/drone/push Build is passing
as title.

yep, got it wrong the whole time... 🚀

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #28
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
2021-03-09 22:15:22 +01:00
b58f935123
ci: enable building with BuildKit for Compose
All checks were successful
continuous-integration/drone/push Build is passing
ref: https://www.docker.com/blog/faster-builds-in-compose-thanks-to-buildkit-support/
2021-03-09 10:17:14 +01:00
6b52682f57
ci: split build into build+deploy steps
All checks were successful
continuous-integration/drone/push Build is passing
* build with --no-cache of course
2021-03-09 10:01:23 +01:00
aa95981741
chore: bump traefik version to 2.4.7
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-09 09:53:05 +01:00
cea59cbb28
chore: bump traefik version to 2.4.6
All checks were successful
continuous-integration/drone/push Build is passing
2021-03-02 14:30:41 +01:00
f9a8603770
chore: bump traefik version to 2.4.5
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-19 13:34:36 +01:00
7f8fcbde52
chore: bump traefik version to 2.4.3
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-18 09:46:54 +01:00
e10bbd74f8
chore: add Hadolint Dockerfile linting (#27)
All checks were successful
continuous-integration/drone/push Build is passing
as per #22
fixes #22

* update PR pipeline in .drone.yml
* add .hadolint.yaml

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #27
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
2021-02-16 16:11:24 +01:00
8378656cb7
chore: bump traefik version to 2.4.2
All checks were successful
continuous-integration/drone/push Build is passing
2021-02-04 22:11:31 +01:00
2d58181837
bump traefik version to 2.4.0 (#25)
All checks were successful
continuous-integration/drone/push Build is passing
as title.

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #25
Co-authored-by: wanderer <a_mirre@utb.cz>
Co-committed-by: wanderer <a_mirre@utb.cz>
2021-01-31 05:11:42 +01:00
d6510fbd9b
chore: define a FROM alias (#26)
All checks were successful
continuous-integration/drone/push Build is passing
while the existing setup works, we're following best practices of aliasing a FROM layer 

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #26
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
2021-01-24 16:15:28 +01:00
d529a0fc14
Add link to onion Prometheus (#23)
All checks were successful
continuous-integration/drone/push Build is passing
Our Prometheus instance is now available via tor at http://vognfwm7c6wq2gxqcmswi2flwckuxryefd7n3axxkvlpasdjhns5buqd.onion.
This PR adds the link to the about page among the rest of the onion services.

Related issue: dotya.ml/community#25

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #23
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
Co-authored-by: wanderer <wanderer@noreply.git.dotya.ml>
Co-committed-by: wanderer <wanderer@noreply.git.dotya.ml>
2021-01-22 14:52:50 +01:00
886e536f08
Merge pull request 'chore: pin traefik version as good practices say' (#24) from pin-traefik-version into master
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #24
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
2021-01-21 21:07:53 +01:00
c0ccf94ac5
chore: pin traefik version as good practices say
All checks were successful
continuous-integration/drone/pr Build is passing
2021-01-12 18:54:35 +01:00
eab16418c8
feat: switch to alpine base+edit nginx.conf w/sed
All checks were successful
continuous-integration/drone/push Build is passing
* use epoll
* etag off
* server_tokens off
* tcp_{nopush,nodelay} on
* s/spaces/tabs/
2020-11-25 15:39:35 +01:00
f7f260687a
feat: add onion statuspage to the list of services
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-17 21:45:18 +01:00
cd91d1d165
feat: add onion grafana to the list of services
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-17 21:29:20 +01:00
c151237ac0
feat: add clickable badges
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-11 14:56:50 +01:00
5b633c04ed
feat: add Observability section to about.md
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-11 14:36:09 +01:00
63ff3e500b
chore: add info about onion drone to about.md
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-11 14:20:55 +01:00
18878ee14a
refactor: add full and clickable onion links
All checks were successful
continuous-integration/drone/push Build is passing
* as opposed to addresses embedded in the page as "code"
2020-11-11 14:10:52 +01:00
9488645cef
chore: add HSTS preload badge to README.md
All checks were successful
continuous-integration/drone/push Build is passing
2020-11-11 13:31:09 +01:00
1fbe690f7f
chore: add SecurityHeaders report+shields.io badge 2020-11-11 13:30:12 +01:00
462797e135
feat: update README && about.md ranking info
All checks were successful
continuous-integration/drone/push Build is passing
* improvement from 125 to 130 due to upgrade-insecure-requests
2020-11-11 13:07:53 +01:00
a744eae7b8
fix: add missing semicolon for html entity #183;
All checks were successful
continuous-integration/drone/push Build is passing
* missing twice
2020-11-11 12:28:07 +01:00
ee41b9b69e
chore: update keyserver link
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-26 18:37:16 +01:00
83d300260c
feat: route deploy pipeline to main runner
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-15 16:43:29 +02:00
b3954d5257
notmuch: removing redundant wording
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-14 14:41:14 +02:00
efb4329e73
refactor: Chrome --> Chromium, remove Edge :)
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-14 14:39:29 +02:00
b91a5163c6
chore: md formatting is a love
All checks were successful
continuous-integration/drone/push Build is passing
* break the lines for md readability when editing
2020-10-14 14:36:06 +02:00
125be40daf
feat: add info about dotya.ml
All checks were successful
continuous-integration/drone/push Build is passing
* display full links in relevant cases - clarity over readability
* note:
  * hsts
  * onion services
2020-10-14 14:26:38 +02:00
39a5ba03c8
chore: add multiple possible endpoints
All checks were successful
continuous-integration/drone/push Build is passing
* common localhost names
* container name
* onion service name
2020-10-14 13:29:03 +02:00
8d6207186f
fix: maintain state after dockerd restarts
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-11 19:50:06 +02:00
2c7b38da0a
Add proper RSS support (#21)
All checks were successful
continuous-integration/drone/push Build is passing
add: add link to the feed to index

add: smarter rss template

* as per https://www.godo.dev/tutorials/hugo-full-text-rss/

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #21
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
Co-Authored-By: wanderer <wanderer@noreply.git.dotya.ml>
Co-Committed-By: wanderer <wanderer@noreply.git.dotya.ml>
2020-10-09 23:32:22 +02:00
8deb3583d4
fix: test builds on PRs failing to run
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-09 23:08:15 +02:00
152cbeaff8
chore: specify lang code as en-gb
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-09 21:52:15 +02:00
60f20f7d6f
chore: add rawhtml shortcode specification
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-09 21:43:53 +02:00
e25153d118
chore: minor improvements from theme submodule
All checks were successful
continuous-integration/drone/push Build is passing
* as we're using customised style.scss a manual merge is needed.
  this could probably be better served by loading the changes from a
  separate .scss file (TBD)
2020-10-05 13:11:36 +02:00
4801a792b6
chore: add --remove-orphans to the build command
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-05 08:39:03 +02:00
2efd79e1e4
fix: docker-compose build issue (#20)
All checks were successful
continuous-integration/drone/push Build is passing
chore: add scaling param to the .drone.yml

fix: issue when dc build fails due to scale

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #20
Co-Authored-By: wanderer <wanderer@noreply.git.dotya.ml>
Co-Committed-By: wanderer <wanderer@noreply.git.dotya.ml>
2020-10-04 16:29:51 +02:00
5317325ab0
feat: use traefik for loadbalancing
Some checks failed
continuous-integration/drone/push Build is failing
commit 384b118
    refactor: remove redundant ipv6 enablement in env

    * it is already enabled by default, as witnessed by this error message:
    10-listen-on-ipv6-by-default.sh: error: IPv6 listen already enabled

commit abfd7b2
    add: loadbalance using traefik
2020-10-04 16:07:55 +02:00
384177911c
fix: syntax error in 0247a03 cron watch
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-03 22:44:03 +02:00
0247a036a9
chore: add watch for nightly cron to .drone.yml 2020-10-03 22:41:21 +02:00
50ea242c33
docker-compose hotfix (#19)
All checks were successful
continuous-integration/drone/push Build is passing
fix: no need to stop the container before build 🚀

* this is handled for us by docker on container re-creation

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #19
Co-Authored-By: wanderer <wanderer@noreply.git.dotya.ml>
Co-Committed-By: wanderer <wanderer@noreply.git.dotya.ml>
2020-10-03 21:25:52 +02:00
41099802c2
docker-compose deployment (#18)
All checks were successful
continuous-integration/drone/push Build is passing
refactor: .drone.yml + don't run on {push,PR}

add: docker-compose-build pipeline

* general refactoring of .drone.yml

fix: incorrect dependency

* add: don't run img pull on PR

refactor: update .drone.yml logic

chore: adding docker-compose.yml

* it's in fact going to be docker-compose deployment

add: Dockerfile + update baseUrl

* also enhance footer partial that cries when a ref goes missing (such
  as when a branch is merged)

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #18
Co-Authored-By: wanderer <wanderer@noreply.git.dotya.ml>
Co-Committed-By: wanderer <wanderer@noreply.git.dotya.ml>
2020-10-03 21:00:19 +02:00
112e77ce67
chore: add branch constraints for deploy pipeline
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-03 16:00:49 +02:00
6d242de66d
rm netdata badges + move status.md content (#17)
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #17
2020-10-03 15:52:11 +02:00
8db0e145c4
chore: move stuff from /status to /about
All checks were successful
continuous-integration/drone/pr Build is passing
continuous-integration/drone/push Build is passing
2020-10-03 15:49:22 +02:00
5921aaa5bb
chore: remove badges
All checks were successful
continuous-integration/drone/push Build is passing
continuous-integration/drone/pr Build is passing
2020-10-03 13:30:08 +02:00
f126cfc597
feat: add missing values to site.webmanifest
All checks were successful
continuous-integration/drone/push Build is passing
2020-10-03 13:04:09 +02:00
f5353973c2
general .drone.yml clean-up (#16)
All checks were successful
continuous-integration/drone/push Build is passing
refactor: positive rather than negative selection

* i.e. includes as opposed to excludes

chore: separate build and deploy pipeline

* this allows for more granular run conditions and constraints

refactor: remove redundant status==success assertion

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #16
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
Co-Authored-By: wanderer <wanderer@noreply.git.dotya.ml>
Co-Committed-By: wanderer <wanderer@noreply.git.dotya.ml>
2020-09-25 20:57:33 +02:00
2d589bf19f
Privacy section update (#15)
All checks were successful
continuous-integration/drone/push Build is passing
chore: wording + contentual change in privacy section

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #15
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
2020-09-18 16:25:45 +02:00
dc63b52b14
fix: correctly use bug issue template (#14)
All checks were successful
continuous-integration/drone/push Build is passing
the template needs to be in a subfolder as per https://docs.gitea.io/en-us/issue-pull-request-templates/
a bug issue template in the state as introduced by #10 does not work
correctly

Reviewed-on: #14
2020-09-15 22:01:35 +02:00
8f9ba57983
add: key repo link for 0x28bd2388 (#13)
All checks were successful
continuous-integration/drone/push Build is passing
add: vertical offset between contact blocks

add: key repo link for 0x28bd2388

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #13
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
2020-09-14 23:43:57 +02:00
956141ae7b
fix: missing newline introduced by #11 (#12)
All checks were successful
continuous-integration/drone/push Build is passing
fix: missing newline introduced by #11

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #12
2020-09-14 13:00:23 +02:00
99f8f53326
add contact info (#11)
All checks were successful
continuous-integration/drone/push Build is passing
Merge branch 'master' into new-contact-info

add contact info

Co-authored-by: dalahast <yngblkee1000@tfwno.gf>
Reviewed-on: #11
2020-09-14 12:40:40 +02:00
56f49276b0
Add bug issue template (#10)
All checks were successful
continuous-integration/drone/push Build is passing
add: bug issue template

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #10
Reviewed-by: dalahast <dalahast@noreply.git.dotya.ml>
2020-09-11 23:33:12 +02:00
ee547ad4c4
Link title + whitespace fix (#8)
All checks were successful
continuous-integration/drone/push Build is passing
revert: use hard tabs for consistency

fix: status page link title 'source code' --> 'service status'

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #8
2020-09-09 00:01:19 +02:00
148e343cc0
add link to new status page also for global footer
All checks were successful
continuous-integration/drone/push Build is passing
2020-09-08 20:47:35 +02:00
d80c31f3ca
add links to new status page
All checks were successful
continuous-integration/drone/push Build is passing
2020-09-08 20:36:29 +02:00
cd791c4298
Adding status badges + limiting step execution (#6)
All checks were successful
continuous-integration/drone/push Build is passing
chore: notifications don't need to run on PR let's say

fix: fine-tuning the limits

chore: also run notification pipeline on any branch

fix: further limit pipeline execution

fix: limit deploy step execution for master

* run notifications on PR and any branch

chore: add utilization status badges + style

Co-authored-by: surtur <a_mirre@utb.cz>
Reviewed-on: #6
2020-09-01 06:36:53 +02:00
873ce9b590
fix: remove redundant config keys
All checks were successful
continuous-integration/drone/push Build is passing
2020-08-24 14:43:39 +02:00
1b1994c12c
chore: updated README.md as per #5
All checks were successful
continuous-integration/drone/push Build is passing
2020-08-20 20:54:32 +02:00
3534b16cbc
feat: pointing links at the renamed repo, closing #5
All checks were successful
continuous-integration/drone/push Build is passing
* don't forget to change your remotes, too
2020-08-20 20:00:56 +02:00
c44522d06a
fix: Gitea svg declaration param was in the wrong place
All checks were successful
continuous-integration/drone/push Build is passing
2020-07-29 12:14:44 +02:00
6640239616
feat: added git info to the footer for pages other than the index
All checks were successful
continuous-integration/drone/push Build is passing
2020-07-24 12:56:29 +02:00
e9e287ebec
fix: added missing "description" meta tag 2020-07-24 12:55:30 +02:00
eafc98b394
fix: lighthouse-approved robots file 2020-07-24 12:54:43 +02:00
35 changed files with 1438 additions and 178 deletions

@ -6,61 +6,376 @@ name: pull
clone: clone:
disable: true disable: true
steps: trigger:
- name: fedora-hugo event:
pull: always exclude: [push, pull_request]
image: immawanderer/fedora-hugo:latest
commands:
- uname -r
- cat /etc/fedora-release
- name: alpine-rsync steps:
pull: always - name: alpine-hugo
image: immawanderer/alpine-rsync:latest pull: always
commands: image: docker.io/immawanderer/alpine-hugo:hugo-v0.115.3
- uname -r commands:
- hugo version
- name: alpine-rsync
pull: always
image: docker.io/immawanderer/alpine-rsync:latest
commands:
- uname -r
- name: hadolint
pull: always
image: docker.io/hadolint/hadolint:2.10.0-alpine
commands:
- uname -r
- hadolint --version
- name: golang
pull: always
image: docker.io/library/golang:1.21.0-alpine3.18
commands:
- uname -r
- go version
---
kind: pipeline
type: docker
name: build
platform:
os: linux
arch: amd64
trigger:
branch: [master, testing]
event: pull_request
depends_on:
- pull
environment:
CGO_ENABLED: 0
steps:
- name: submodules
image: docker.io/alpine/git:v2.36.2
depends_on: [clone]
commands:
- git submodule init
- git submodule update --recursive
- name: hugo-extended
pull: always
image: docker.io/immawanderer/alpine-hugo:hugo-v0.115.3
depends_on: [submodules]
commands:
- hugo version
- hugo --gc=true --minify
- name: go fmt
image: docker.io/library/golang:1.21.0-alpine3.18
volumes:
- name: gopath
path: /go
depends_on:
- clone
commands:
- go fmt
- name: go vet
image: docker.io/library/golang:1.21.--alpine3.18
volumes:
- name: gopath
path: /go
depends_on:
- go fmt
commands:
- go vet
- name: go build
pull: if-not-exists
image: docker.io/library/golang:1.21.0-alpine3.18
volumes:
- name: gopath
path: /go
depends_on:
- go vet
# wait until the site is output into './public'.
- hugo-extended
environment:
GOFLAGS: -trimpath -mod=readonly -modcacherw
commands:
- go build -v -ldflags "-s -w -X main.Version=${DRONE_COMMIT}" .
volumes:
- name: gopath
temp: {}
--- ---
kind: pipeline kind: pipeline
type: docker type: docker
name: 'build and deploy' name: docker-compose-build
platform:
os: linux
arch: amd64
trigger:
branch: master
event: pull_request
depends_on: depends_on:
- pull - build
steps: steps:
- name: hugo-extended - name: hadolint
pull: if-not-exists image: docker.io/hadolint/hadolint:v2.10.0-alpine
image: immawanderer/fedora-hugo:latest depends_on: [clone]
when: commands:
status: - hadolint --version
- success - hadolint Dockerfile
commands:
- git submodule init
- git submodule update
- hugo version
- hugo --gc=true --minify
- name: deploy - name: check compose
pull: if-not-exists pull: always
image: immawanderer/alpine-rsync:latest image: docker.io/tmaier/docker-compose:latest
when: depends_on: [clone]
status: volumes:
- success - name: s
depends_on: path: /var/run/docker.sock
- hugo-extended environment:
environment: COMPOSE_DOCKER_CLI_BUILD: 1
OL: DOCKER_BUILDKIT: 1
from_secret: hugo_user commands:
OL_P: - docker compose -f docker-compose.yml config -q
from_secret: hugo_passwd
OL_D: - name: build
from_secret: hugo_dir pull: always
commands: image: docker.io/tmaier/docker-compose:latest
- echo $OL_P > nupass depends_on: [hadolint, check compose]
- export RSYNC_RSH='sshpass -f ./nupass ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null' volumes:
- rsync -av --delete --chown $OL public/ $OL@dotya.ml:$OL_D - name: s
path: /var/run/docker.sock
environment:
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_BUILDKIT: 1
commands:
- docker compose build --build-arg VCS_REF=${DRONE_COMMIT} --no-cache --pull
volumes:
- name: s
host:
path: /run/docker.sock
---
kind: pipeline
type: docker
name: deploy-staging
platform:
os: linux
arch: amd64
trigger:
branch:
- testing
event:
exclude: [pull_request, tag]
depends_on:
- build
steps:
- name: submodules
image: docker.io/alpine/git:v2.36.2
depends_on: [clone]
commands:
- git submodule init
- git submodule update --recursive
- name: hugo-extended
pull: always
image: docker.io/immawanderer/alpine-hugo:hugo-v0.115.3
depends_on: [submodules]
commands:
- hugo version
- hugo --gc=true --minify
- name: deploy
pull: if-not-exists
image: docker.io/library/alpine:3.15.0
when:
status:
- success
branch:
- testing
depends_on:
- hugo-extended
environment:
OL:
from_secret: hugo_user
OL_P:
from_secret: hugo_passwd
OL_D:
from_secret: hugo_dir
commands:
- apk update
- apk -U upgrade --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
- apk add --no-cache ca-certificates rsync openssh-client sshpass --repository=http://dl-cdn.alpinelinux.org/alpine/edge/testing
- echo $OL_P > nupass
- export RSYNC_RSH='sshpass -f ./nupass ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
- rsync -av --delete --chown $OL public/ $OL@dotya.ml:$OL_D
---
kind: pipeline
type: docker
name: deploy
platform:
os: linux
arch: amd64
trigger:
branch:
- master
event:
exclude: [pull_request, tag]
environment:
# ref: https://www.docker.com/blog/faster-builds-in-compose-thanks-to-buildkit-support/
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_BUILDKIT: 1
node:
r: main
depends_on:
- build
environment:
CGO_ENABLED: 0
steps:
- name: submodules
image: docker.io/alpine/git:v2.36.2
depends_on: [clone]
commands:
- git submodule init
- git submodule update --recursive
- name: hugo-extended
pull: always
image: docker.io/immawanderer/alpine-hugo:hugo-v0.115.3
depends_on: [submodules]
commands:
- hugo version
- hugo --gc=true --minify
- name: hadolint
image: docker.io/hadolint/hadolint:v2.10.0-alpine
depends_on:
- clone
commands:
- hadolint --version
- hadolint Dockerfile
- name: check compose
pull: always
image: docker.io/tmaier/docker-compose:latest
depends_on: [clone]
volumes:
- name: s
path: /var/run/docker.sock
environment:
COMPOSE_DOCKER_CLI_BUILD: 1
DOCKER_BUILDKIT: 1
commands:
- docker compose -f docker-compose.yml config -q
- name: go fmt
image: docker.io/library/golang:1.21.0-alpine3.18
volumes:
- name: gopath
path: /go
depends_on:
- clone
commands:
- go fmt
- name: go vet
image: docker.io/library/golang:1.21.0-alpine3.18
volumes:
- name: gopath
path: /go
depends_on:
- go fmt
# wait until the site is output into './public'.
- hugo-extended
commands:
- go vet
- name: go build
image: docker.io/library/golang:1.21.0-alpine3.18
volumes:
- name: gopath
path: /go
depends_on:
- go vet
commands:
- go build -v -ldflags "-s -w -X main.Version=${DRONE_COMMIT}" .
- name: rm-intermediate
pull: if-not-exists
image: docker.io/immawanderer/fedora-hugo:linux-amd64
depends_on:
- go build
commands:
- rm -rf ./public
- name: build
pull: always
image: docker.io/tmaier/docker-compose:latest
depends_on:
- rm-intermediate
- hadolint
- check compose
- go fmt
- go vet
- go build
volumes:
- name: s
path: /var/run/docker.sock
commands:
- docker compose build --build-arg VCS_REF=${DRONE_COMMIT} --no-cache
when:
branch: master
status: success
- name: deploy
pull: always
image: docker.io/tmaier/docker-compose:latest
depends_on:
- build
volumes:
- name: s
path: /var/run/docker.sock
commands:
- docker compose -p ${DRONE_REPO_NAME} up
-d
--remove-orphans
--scale homepage=1
when:
branch: master
status: success
volumes:
- name: s
host:
path: /run/docker.sock
- name: gopath
temp: {}
--- ---
@ -76,22 +391,21 @@ clone:
trigger: trigger:
branch: branch:
- master - master
- "dev*" - testing
event: event:
- push - push
- tag - tag
status: status:
- success - success
- failure - failure
depends_on: depends_on: [deploy, deploy-staging]
- 'build and deploy'
steps: steps:
- name: discord - name: discord
pull: if-not-exists pull: if-not-exists
image: appleboy/drone-discord:latest image: docker.io/appleboy/drone-discord:latest
settings: settings:
message: > message: >
{{#success build.status}} {{#success build.status}}
@ -122,30 +436,24 @@ clone:
disable: true disable: true
trigger: trigger:
event: event: cron
- cron cron: [hourly, nightly]
cron: status: [success, failure]
- hourly
- hourly-build
status:
- success
- failure
depends_on: depends_on: [deploy]
- 'build and deploy'
steps: steps:
- name: discord - name: discord
pull: always pull: always
image: appleboy/drone-discord:latest image: docker.io/appleboy/drone-discord:latest
settings: settings:
message: > message: >
{{#success build.status}} {{#success build.status}}
✅ [Hourly build #{{build.number}}]({{build.link}}) of `{{repo.name}}` has been successfully deployed. ✅ [Cron build #{{build.number}}]({{build.link}}) of `{{repo.name}}` has been successfully deployed.
event: **`{{build.event}}`** event: **`{{build.event}}`**
commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}` commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`
{{else}} {{else}}
❌ [Hourly build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed to deploy. ❌ [Cron build #{{build.number}}]({{build.link}}) of `{{repo.name}}` failed to deploy.
event: **`${DRONE_BUILD_EVENT}`** event: **`${DRONE_BUILD_EVENT}`**
failed stage(s): **`${DRONE_FAILED_STAGES}`** failed stage(s): **`${DRONE_FAILED_STAGES}`**
commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}` commit [`${DRONE_COMMIT_SHA:0:7}`](https://git.dotya.ml/${DRONE_REPO}/commit/${DRONE_COMMIT_SHA}) by {{commit.author}} on `{{commit.branch}}`
@ -155,3 +463,9 @@ steps:
from_secret: discord_webhook_hourly_id from_secret: discord_webhook_hourly_id
webhook_token: webhook_token:
from_secret: discord_webhook_hourly_token from_secret: discord_webhook_hourly_token
---
kind: signature
hmac: 4e178bb873563499a7b3b00fdb372acc239dedfb8b151858598a29778349f44c
...

@ -0,0 +1,8 @@
---
name: "Bug :bug:"
title: "[Bug] "
about: "A bug :bug: template"
labels:
- bug
---
<!-- This is a bug template -->

3
.gitignore vendored

@ -2,3 +2,6 @@
public/ public/
resources/ resources/
*.swp *.swp
# go binary
homepage

96
.golangci.yml Normal file

@ -0,0 +1,96 @@
---
run:
go: '1.20'
tests: true
skip-dirs:
- static
- public
issues:
max-issues-per-linter: 0
max-same-issues: 0
linters:
enable:
- bidichk
- dupl
- decorder
- dogsled
- exportloopref
- forbidigo
- gas
- gocognit
- goconst
- gocritic
- godot
- govet
- gofmt
- gofumpt
- goimports
- goprintffuncname
- gosec
- ineffassign
- misspell
# - prealloc
- revive
- tparallel
- unconvert
- unparam
- unused
- wastedassign
- whitespace
- wsl
linter-settings:
dupl:
threshold: 100
gocritic:
enabled-tags:
- diagnostic
- experimental
- opinionated
- performance
- style
disabled-checks:
- dupImport # https://github.com/go-critic/go-critic/issues/845
- ifElseChain
- octalLiteral
- whyNoLint
- wrapperFunc
gocyclo:
min-complexity: 15
gofumpt:
extra-rules: true
lang-version: "1.20"
govet:
check-shadowing: true
revive:
severity: warning
confidence: 0.8
errorCode: 1
warningCode: 1
rules:
- name: blank-imports
- name: context-as-argument
- name: context-keys-type
- name: dot-imports
- name: error-return
- name: error-strings
- name: error-naming
- name: exported
- name: if-return
- name: increment-decrement
- name: var-naming
- name: var-declaration
- name: package-comments
- name: range
- name: receiver-naming
- name: time-naming
- name: unexported-return
- name: indent-error-flow
- name: errorf
- name: duplicated-imports
- name: modifies-value-receiver
wsl:
allow-cuddle-declaration: true
...

2
.hadolint.yaml Normal file

@ -0,0 +1,2 @@
---
ignored:

47
.pre-commit-config.yaml Normal file

@ -0,0 +1,47 @@
---
repos:
- repo: https://github.com/pre-commit/pre-commit-hooks
rev: v4.0.1
hooks:
- id: check-merge-conflict
- id: check-toml
- id: check-yaml
exclude: .drone.yml # drone's yaml is somewhat strange sometimes
- repo: local
hooks:
- id: hugo-version-check
name: hugo version check
entry: |
bash -c "
files='.drone.yml Dockerfile'
count=$(grep -oE '(hugo-v)[0-9].[0-9].[0-9].[0-9]' $files | cut -d':' -f2 | sed -e 's/^ *//g' -e 's/hugo-v//g' | uniq | wc -l)
if [ $count -gt 1 ]; then
echo hugo versions inconsistent:
grep -noE --color=always '(hugo-v)[0-9].[0-9].[0-9].[0-9]' $files
exit 1
fi
"
language: system
pass_filenames: false
- id: check-compose-file
name: check compose file
language: system
entry: docker-compose -f docker-compose.yml config
pass_filenames: false
- id: yamllint
name: yamllint
language: system
entry: yamllint .
pass_filenames: false
- repo: https://git.dotya.ml/wanderer/hadolint-pre-commit
rev: v0.0.1
hooks:
- id: hadolint-container
- repo: https://github.com/dnephin/pre-commit-golang
rev: v0.5.0
hooks:
- id: go-mod-tidy
- id: go-unit-tests
- id: golangci-lint
- id: go-build
...

13
.yamllint Normal file

@ -0,0 +1,13 @@
---
yaml-files:
- '*.yaml'
- '*.yml'
- '.yamllint'
rules:
line-length:
level: warning
# vim: ft=yaml bs=2 ts=2
...

36
Dockerfile Normal file

@ -0,0 +1,36 @@
# syntax=docker/dockerfile-upstream:master-labs
# refs:
# https://docs.docker.com/develop/develop-images/build_enhancements/#overriding-default-frontends
# https://pythonspeed.com/articles/docker-buildkit/
FROM docker.io/alpine/git:v2.36.2 AS submodules
WORKDIR /homepage
COPY . .
RUN git submodule init && \
git submodule update --recursive
FROM docker.io/immawanderer/alpine-hugo:hugo-v0.115.3 AS hugobuild
COPY --from=submodules /homepage/ /homepage/
WORKDIR /homepage
RUN hugo version && \
hugo --minify --gc=true --cleanDestinationDir
FROM docker.io/library/golang:1.21.0-alpine3.18 AS gobuild
COPY --from=hugobuild /homepage/ /homepage/
WORKDIR /homepage
ARG VCS_REF=development
RUN CGO_ENABLED=0 GOFLAGS='-trimpath -mod=readonly -modcacherw' \
go build -o homepage-app -v -ldflags "-s -w -X main.version=$VCS_REF" .
FROM scratch
COPY --from=gobuild /homepage/homepage-app /homepage
ENTRYPOINT ["/homepage"]

@ -1,7 +1,7 @@
DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE DO WHAT THE FUCK YOU WANT TO PUBLIC LICENSE
Version 2, December 2004 Version 2, December 2004
Copyright (C) 2004 Sam Hocevar <sam@hocevar.net> Copyright (C) 2019-2021 dotya.ml authors
Everyone is permitted to copy and distribute verbatim or modified Everyone is permitted to copy and distribute verbatim or modified
copies of this license document, and changing it is allowed as long copies of this license document, and changing it is allowed as long

@ -1,6 +1,10 @@
# dotya.ml # [dotya.ml](https://git.dotya.ml/dotya.ml/homepage/)
[![Build Status](https://drone.dotya.ml/api/badges/dotya.ml/dotya_homepage/status.svg?ref=refs/heads/master)](https://drone.dotya.ml/dotya.ml/dotya_homepage) [![pre-commit](https://img.shields.io/badge/pre--commit-enabled-brightgreen?logo=pre-commit&logoColor=white)](https://github.com/pre-commit/pre-commit)
[![Build Status](https://drone.dotya.ml/api/badges/dotya.ml/homepage/status.svg?ref=refs/heads/master)](https://drone.dotya.ml/dotya.ml/homepage)
[![Mozilla HTTP Observatory Grade](https://img.shields.io/mozilla-observatory/grade-score/dotya.ml)](https://observatory.mozilla.org/analyze/dotya.ml)
[![Security Headers](https://img.shields.io/security-headers?url=https%3A%2F%2Fdotya.ml)](https://securityheaders.com/?q=https%3A%2F%2Fdotya.ml)
![Chromium HSTS preload](https://img.shields.io/hsts/preload/dotya.ml)
sawce that makes up the dotya.ml landing page. sawce that makes up the dotya.ml landing page.

@ -1,6 +1,8 @@
--- ---
title: "{{ replace .Name "-" " " | title }}" title: "{{ replace .Name "-" " " | title }}"
date: {{ .Date }} date: {{ .Date }}
lastmod: {{ .Date }}
enableGitInfo: true
draft: true draft: true
--- ---

@ -1,11 +1,12 @@
// Colors // Colors
// //
$theme: #D8D8D8; $theme: #613583; // hyperlink highlight background colour, .post-info
$text: #D8D8D8; // site-local link :hover highlight colour
$light-grey: #282a2b; // Background $text: #21fa45; // colour of normal text
$dark-grey: #282a2b; // Hover Bar $light-grey: #010000; // background
$highlight-grey: #151718; // Highlight background of `keyword` $dark-grey: #111115; // hover bar
$midnightblue: #151718; // Code Background $highlight-grey: #9141ac; // code (not in pre) background
$midnightblue: #151718; // code text (not in pre) colour
// Fonts // Fonts
// //

@ -48,19 +48,20 @@ pre {
letter-spacing: normal; letter-spacing: normal;
white-space: pre; white-space: pre;
color: #eee; color: #eee;
background: $midnightblue; background: transparent;
border-radius: 4px; border-radius: 5px;
// -webkit-overflow-scrolling: touch; // -webkit-overflow-scrolling: touch;
code { code {
padding: 0; padding: 0;
margin: 0; margin: 0;
background: $midnightblue; color: #eee;
background: transparent;
} }
} }
code { code {
color: #eee; color: $midnightblue;
background: $highlight-grey; background: $highlight-grey;
border-radius: 3px; border-radius: 3px;
padding: 0 3px; padding: 0 3px;
@ -90,12 +91,11 @@ a {
text-decoration: none; text-decoration: none;
border: none; border: none;
transition-property: color; transition-property: color;
transition-duration: .4s; transition-duration: .1s;
transition-timing-function: ease-out; transition-timing-function: ease-out;
&:hover { &:hover {
color: #fff; color: $highlight-grey;
text-shadow: 0 0 1px #fff;
} }
} }
@ -230,6 +230,7 @@ table {
box-sizing: border-box; box-sizing: border-box;
box-shadow: -1px -2px 3px rgba(0, 0, 0, 0.45); box-shadow: -1px -2px 3px rgba(0, 0, 0, 0.45);
background-color: $dark-grey; background-color: $dark-grey;
animation-duration: .3s;
} }
.hdr-wrapper { .hdr-wrapper {
@ -379,6 +380,7 @@ p.img-404 {
&:hover { &:hover {
border-color: #fff; border-color: #fff;
color: $highlight-grey;
} }
svg { svg {
@ -576,6 +578,14 @@ hr.post-end {
border-radius: 4px; border-radius: 4px;
} }
a img {
display: block;
max-width: 100%;
height: auto;
margin: 0;
border-radius: 4px;
}
ul, ul,
ol { ol {
padding: 0; padding: 0;
@ -628,7 +638,7 @@ hr.post-end {
background: transparent; background: transparent;
} }
&.footnote-return { &.footnote-backref {
text-decoration: none; text-decoration: none;
} }
} }
@ -638,12 +648,18 @@ hr.post-end {
} }
} }
.footnote-ref a { a.footnote-ref {
box-shadow: none; box-shadow: none;
text-decoration: none; text-decoration: none;
padding: 2px; padding: 2px;
border-radius: 2px; border-radius: 2px;
background-color: $midnightblue; background-color: $midnightblue;
&:hover{
box-shadow: none;
background-color: $theme;
transition-property: background-color;
}
} }
.post-info { .post-info {
@ -656,7 +672,7 @@ hr.post-end {
} }
a:hover { a:hover {
border-bottom: 1px solid $theme; border-bottom: 2px solid $theme;
} }
svg { svg {

@ -1,32 +1,39 @@
baseurl = "/" baseurl = "/"
languageCode = "en-us" languageCode = "en-gb"
defaultContentLanguage = "en"
theme = "hermit" theme = "hermit"
license = "WTFPL" enableGitInfo = true
copyright = '<a href="http://www.wtfpl.net/about/" rel="noopener">WTFPL</a>'
pygmentsCodefences = true pygmentsCodefences = true
pygmentsUseClasses = true pygmentsUseClasses = true
pygmentsStyle = "fruity"
enableEmoji = true enableEmoji = true
[author] [author]
name = "dotya.ml" name = "dotya.ml"
[params] [taxonomies]
dateform = "Jan 2, 2006" tag = 'tags'
dateformShort = "Jan 2"
dateformNum = "2006-02-01"
dateformNumTime = "2006-02-01 15:04 +0000"
[permalinks]
posts = '/:year/:month/:title/'
[params]
dateform = "02 Jan 2006"
dateformShort = "02 Jan"
dateformNum = "02 Jan 2006"
dateformNumTime = "Mon, 02 Jan 2006 15:04:05 -0700"
# Metadata mostly used in document's head # Metadata mostly used in document's head
description = "dotya.ml" description = "dotya.ml homepage"
keywords = "homepage, development, git, programming" keywords = "homepage, development, git, programming"
images = [""] images = [""]
themeColor = "#282a2b" themeColor = "#282a2b"
justifyContent = false justifyContent = false
relatedPosts = false relatedPosts = true
gitUrl = "https://git.dotya.ml/dotya.ml/homepage/src/commit/"
# Directory name of your blog content (default is `content/posts`) # Directory name of your blog content (default is `content/posts`)
contentTypeName = "posts" contentTypeName = "content/posts"
# Default theme "light" or "dark" # Default theme "light" or "dark"
defaultTheme = "dark" defaultTheme = "dark"
@ -53,36 +60,38 @@ enableEmoji = true
alt = "dockerhub profile page" alt = "dockerhub profile page"
[languages] [languages]
[languages.logo.params.en]
logoText = "dotya.ml"
logoHomeLink = "/"
[languages.en] [languages.en]
title = "dotya.ml" title = "dotya.ml"
subtitle = ""
[languages.en.params]
keywords = "homepage, development, git, programming" keywords = "homepage, development, git, programming"
subtitle = "hello friend. hello friend? that's lame. maybe I should give you a name."
readOtherPosts = "" readOtherPosts = ""
[languages.en.params.logo] # You can create a language based menu
logoText = "dotya.ml" [languages.en.menu]
logoHomeLink = "/" [[languages.en.menu.main]]
identifier = "about"
# You can create a language based menu name = "about"
[languages.en.menu] url = "/about/"
[[languages.en.menu.main]] alt = "about dotya.ml"
identifier = "about" weight = 1
name = "about" [[languages.en.menu.main]]
url = "/about/" identifier = "posts"
alt = "dotya.ml status" name = "posts"
weight = 1 url = "/posts/"
# [[languages.en.menu.main]] alt = "dotya.ml posts"
# identifier = "posts" weight = 2
# name = "posts" [[languages.en.menu.main]]
# url = "/posts" identifier = "contact"
# alt = "dotya.ml posts" name = "contact"
# weight = 2 url = "/contact/"
[[languages.en.menu.main]] alt = "dotya.ml contact"
identifier = "contact" weight = 3
name = "contact"
url = "/contact/"
alt = "dotya.ml contact"
weight = 3
[privacy] [privacy]
[privacy.disqus] [privacy.disqus]

@ -1,5 +1,6 @@
--- ---
title: "0x28bd2388" title: "0x28bd2388"
description: "instructions on how to verify 0x28bd2388 gpg key"
date: 2020-03-07T16:22:03+01:00 date: 2020-03-07T16:22:03+01:00
draft: false draft: false
--- ---

@ -1,12 +1,47 @@
--- ---
title: "about dotya.ml" title: "about dotya.ml"
date: 2020-03-07T02:12:03+01:00 description: "an overview of dotya.ml's activities and mission"
date: 2020-08-06T17:15:03+01:00
lastmod: 2022-09-06T16:11:32+02:00
draft: false draft: false
--- ---
Free services provided for fun as a hobby with passion and :heart:\ Free services provided for fun as a hobby with passion and :white_heart:
So far we have [Gitea](https://git.dotya.ml) and a [Drone](https://drone.dotya.ml) ci/cd instance (login with a Gitea account).
### Clearnet services
see what we have so far: [list of services]({{< relref "services.md" >}}).
### Onion services
for increased privacy of our users, *some* services are also available
natively via [TOR](https://www.torproject.org/), have a look at
[onions 🧅]({{< relref "onions.md" >}}) for details.
### Observability
to enable long-term monitoring of trends for services we're running:
* [prometheus](https://prometheus.io) at https://metrics.dotya.ml
* [grafana](https://grafana.com) at https://grafana.dotya.ml
### Status ### Status
* in-house status monitor at https://status.dotya.ml (courtesy of [statping-ng](https://statping-ng.github.io))
* UptimeRobot ([affiliate link](https://uptimerobot.com/?rid=a60f8392870bc9)) hosted dashboard at https://stats.uptimerobot.com/93yPqFmmx8
You can see the [current status here](/status/). ### Security
[HSTS](https://tools.ietf.org/rfc/rfc6797.txt) has been enabled early on for `dotya.ml`,
which means that all major browsers (Firefox, Chromium, Safari and Opera) today know that this site,
as well as **all** of its subdomains, communicate with you only using TLS to secure the data in transit
(they check the [preload list](https://source.chromium.org/chromium/chromium/src/+/master:net/http/transport_security_state_static.json)),
i.e. no plain HTTP connections.
#### Misc
* HTTP headers insight for https://dotya.ml as per [Mozilla HTTP Observatory](https://observatory.mozilla.org/analyze/dotya.ml)\
Scoring 130 out of 100 points
* [SecurityHeaders](https://securityheaders.com/) report at https://securityheaders.com/?q=https%3A%2F%2Fdotya.ml
* SSL Labs [TLS rating](https://www.ssllabs.com/ssltest/analyze.html?d=dotya.ml): *A+*
* [cryptcheck.fr](https://cryptcheck.fr/https/dotya.ml): *A+*
### Privacy
see [privacy]({{< relref "privacy" >}}), the short version being *we are not
selling you out* 🎉.

@ -1,39 +1,52 @@
--- ---
title: "contact" title: "contact"
description: "ways to get in contact with dotya.ml maintainers"
date: 2020-03-07T01:53:03+01:00 date: 2020-03-07T01:53:03+01:00
draft: false draft: false
--- ---
\-- wanderer ## \-- wanderer
```bash ```bash
echo a_mirre.utb.cz | sed 's/\./@/' echo wanderer+hello.dotya.ml | sed 's/\./@/'
``` ```
fingerprint: use [age](https://github.com/FiloSottile/age) if possible.\
pubkey:
```sh
age16xdcxvnnhcekv59ncj5fmdarhm8csdgd9nk7nzxpywg5xtehq4kq49880e
```
gpg fingerprint:
```bash ```bash
E860 AB3C D007 8D30 E86C DA74 7B28 D8DC 28BD 2388 E860 AB3C D007 8D30 E86C DA74 7B28 D8DC 28BD 2388
``` ```
the corresponding pubkey: [0x28bd2388](/28bd2388/) the corresponding pubkey: [0x28bd2388]({{< relref "28bd2388.md" >}})
plain key file: [0x28bd2388.asc](/store/0x28bd2388.asc) plain key file: [0x28bd2388.asc](/store/0x28bd2388.asc)
openpgp key server link: [0x28bd2388](https://keys.openpgp.org/vks/v1/by-fingerprint/E860AB3CD0078D30E86CDA747B28D8DC28BD2388)
## \-- 2EEEB
```bash
echo andrej.pillar,vutbr.cz | sed 's/\,/@/'
```
fingerprint:
```bash
4413 88B1 4509 04C0 E435 6F16 AA07 F3B7 1F41 8FEE
```
the pubkey can be found in a [key repo](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xaa07f3b71f418fee)
communication using gpg is *preferable* communication using gpg is *preferable*
## Privacy policy ## Privacy
see [privacy]({{< relref "about#privacy" >}}), or in case of questions, say
Since I don't like such practices myself, this site *does not* collect hi and ask away at:
*any* kind of user/browser/device/user agent/network identifier, ```sh
which - for simplicity's sake is - ANY data.\ hello at dotya dot ml
Period.\ ```
No IP addresses are stored, no user
agents logged, no cookies are used to identify users.
Therefore **no data is collected** and can't be passed on to third parties,
nor is there any intention of ever doing so.
## Long live the libre world! ## Long live the libre world!
Feel at home.\ Feel at home.\
Cheers. Cheers.

42
content/onions.md Normal file

@ -0,0 +1,42 @@
---
title: "onions 🧅"
description: "summary of onion services dotya.ml provides - a more anonymous way to access your stuff"
date: 2022-08-30T12:00:42+02:00
lastmod: 2022-08-30T12:00:42+02:00
enableGitInfo: true
draft: false
---
> Note: This is a work in progress - more services are to come
> Note 2: the `http` part of the links below is misleading, as (our) [onion
> services](https://community.torproject.org/onion-services/) are in fact
> fully encrypted every step of the way using `https`, only the certs are not
> signed by a conventional CA (certificate authority), which means
> conventional browsers (including Firefox-based TorBrowser) would cry if the
> sites were served with explicit `https` prefix.
> this decreases the security by exactly zero and unless LetsEncrypt starts
> issuing certs for `.onion` domains, we're not going to see broad usage of
> *explicit* `https` prefix on onion services, since only the likes of NY
> Times, BBC, Twitter or Facebook are going to make their CAs to sign them a
> neat little `.onion` cert.
Gitea: http://2crftbzxbcoqolvzreaaeyrod5qwycayef55gxgzgfcpqlaxrnh3kkqd.onion\
this site: http://6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion\
prometheus: http://vognfwm7c6wq2gxqcmswi2flwckuxryefd7n3axxkvlpasdjhns5buqd.onion\
grafana: http://6t3ydf7sl7iso2wbymbfjtaq6qqlrms37ffik2siulsljc3ubobklnid.onion\
statuspage: http://o4irro4dspyuytbw2b2g2ac4ukkh2ex53oolhzw7hrfjmq6tiklrtwqd.onion
#### current progress on onion drone
https://git.dotya.ml/dotya.ml/community/issues/5
Making `DroneCI` available as a hidden service would require either
a) spinning up another instance, for which we currently don't have capacities, or
b) some kind of an evil hack that we've not yet discovered.\
We're open to ideas - if you know how to make this work, please, send us a patch,
PR or an email with anything interesting and worthwile.
set-up-but-not-properly-working drone: http://c3vqfx2dqltvdbsqu3ndqwcxsp3uk3vcxo2jsigie5zfajub3j3y35id.onion
### clearnet
also check out [services]({{< relref "services" >}})...

119
content/posts/dnscrypt.md Normal file

@ -0,0 +1,119 @@
---
title: "DNSCrypt - running the server"
description: "How we run a DNSCrypt server using docker-compose"
date: 2021-08-06T23:38:45+02:00
author: wanderer - https://git.dotya.ml/wanderer
draft: false
toc: true
enableGitInfo: true
tags: [dnscrypt, dns, privacy, security, censorship]
---
## why are you doing this?
There are many publicly available [open resolvers using DoT, DoH or
DNSCrypt](https://dnscrypt.info/public-servers) just sitting around the
interwebs, waiting to secure the DNS traffic and protect it from whoever is
looking.
However, we have still felt the need to run our own, especially since
DNS is such a critical piece of infrastructure.
And now we're offering it for public use.
## so what is it?
What we're running is a non-censoring, non-logging, DNSSEC-capable, DNSCrypt-enabled DNS
resolver using
[dnscrypt-server-docker](https://github.com/dnscrypt/dnscrypt-server-docker) project.
Of course, our resolver is available over both IPv4 and IPv6.
## can I haz some plz
Yes! As a matter of fact, you should even be able to get records on
[OpenNIC](https://www.opennic.org/) domains.
You can try some using the awesome tool [`doggo`](https://github.com/mr-karan/doggo), like so:
```shell
doggo --debug --json NS epic. @sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA
```
example response:
```shell
DEBUG[2022-09-01T00:22:23+02:00] initiating DNSCrypt resolver
DEBUG[2022-09-01T00:22:23+02:00] Starting doggo 🐶
DEBUG[2022-09-01T00:22:23+02:00] Attempting to resolve domain=epic. nameserver="144.91.70.62:5443" ndots=0
[
{
"answers": [
{
"name": "epic.",
"type": "NS",
"class": "IN",
"ttl": "86400s",
"address": "ns13.opennic.glue.",
"status": "",
"rtt": "45ms",
"nameserver": "144.91.70.62:5443"
}
],
"authorities": null,
"questions": [
{
"name": "epic.",
"type": "NS",
"class": "IN"
}
]
}
]
```
### `dnscrypt-proxy` configuration tips
If you'd, for some reason, like to use exclusively our name servers, simply set
the `server_names` in the root section of your `dnscrypt-proxy.toml` config
file:
```toml
server_names = ['dotya.ml', 'dotya.ml-ipv6']
```
By default servers are picked based on latency, which is a sane default and it
is in fact what we use.
If in need of more granular nameserver selection based on anything other than
latency they can additionally easily be filtered (without being explicitly
listed) based on:
* logging
* filtering
* DNSSEC capabilities
* DoH, ODoH or DNSCrypt capabilities
* IPv4 or IPv6 availability
Further, we also remove certain players from the equation by simply listing
them in `disabled_server_names`, like so:
```toml
disabled_server_names = ['google-ipv6', 'cloudflare', 'cloudflare-ipv6', 'cisco', 'cisco-ipv6', 'cisco-familyshield', 'cisco-familyshield-ipv6', 'yandex', 'apple', 'doh.dns.apple.com']
```
### old news
> Update 2022-09-01: the servers are now a part of the official listing at
> https://dnscrypt.info/public-servers/, so there is no point in adding them
> manually anymore. Keeping this for posterity.
Paste one or both of the following entries in the `[static]` section of your
`dnscrypt-proxy.toml` configuration file.
```toml
[static]
# IPv4 (144.91.70.62, port 5443)
[static. 'dnscrypt.dotya.ml-ipv4']
stamp = 'sdns://AQcAAAAAAAAAETE0NC45MS43MC42Mjo1NDQzIHF-JiN46cNwFXJleEVWGWgrhe2QeysUtZoo9HwzYCMzITIuZG5zY3J5cHQtY2VydC5kbnNjcnlwdC5kb3R5YS5tbA'
# IPv6 (2a02:c207:2030:396::1, port 5443)
[static. 'dnscrypt.dotya.ml-ipv6']
stamp = 'sdns://AQcAAAAAAAAAHFsyYTAyOmMyMDc6MjAzMDozOTY6OjFdOjU0NDMgcX4mI3jpw3AVcmV4RVYZaCuF7ZB7KxS1mij0fDNgIzMhMi5kbnNjcnlwdC1jZXJ0LmRuc2NyeXB0LmRvdHlhLm1s'
```
## server configuration
Files used to set up and run this service can be found here:\
https://git.dotya.ml/dotya.ml/dnscrypt-server.
It's a `docker-compose` setup managed with `systemd`, similar to how Drone CI
is handled.

157
content/posts/m32.md Normal file

@ -0,0 +1,157 @@
---
title: "Compiling C programs using -m32 on Arch in 2023"
description: "Compiling C programs for 32bit on Arch in 2023"
date: 2023-06-14T12:32:52+02:00
author: wanderer - https://git.dotya.ml/wanderer
draft: false
toc: true
enableGitInfo: true
images:
tags:
- archlinux
- compilation
- 32bit
---
## Intro
> **Preliminary:** To be clear, this short post is not primarily concerned with
> *running* the 32bit programs, instead specifically *compiling C programs for
> 32bit (x86)*.
Compiling a `C` program for a 32bit architecture in 2023?
Well, one might still want to poke at reversing smaller address-space programs,
*even in 2023*, and contrary to the popular belief, there still exist pieces of
software not ported to 64bit and architectures in use that are 32bit. Whatever
the motivation, the *compilation* process might not be as straight-forward on
Arch as one would maybe expect, so this post shows how it can be done. Unless
specified otherwise, the `x86` architecture is assumed.
### Example program
> Just show the example program already!
Nothing fancy, just saying hi and printing the value of `esp`. All that is
needed is to compile this into a 32bit binary.
```c
/* 32ftw.c */
#include <stdio.h>
int main() {
printf("hey 32!\n");
register int e asm("esp");
printf("esp: 0x%08x\n", e);
return 0;
}
```
For reference, the`GCC` version used was `gcc (GCC) 13.1.1 20230429`.
## TL;DR
To compile a 32bit `C` program on
[64bit-only](https://wiki.archlinux.org/title/Frequently_asked_questions#What_architectures_does_Arch_support?)
Arch, additional packages (on top of compilers/linkers) are required. As of
2023-06-14 these are:
* `core/lib32-glibc`
* `core/libr32-gcc-libs`,
which are the GNU C library (could also use [musl libc](https://musl.libc.org/)
but that would probably necessitate compiler wrapping as GCC seems to prefer
the GNU versions), and the 32bit version of the GCC libraries, respectively.
### Installing deps and calling it a day
```sh
~ % sudo pacman -S lib32-glibc lib32-gcc-libs
resolving dependencies...
looking for conflicting packages...
Package (2) New Version Net Change
core/lib32-gcc-libs 13.1.1-1 113.12 MiB
core/lib32-glibc 2.37-3 18.06 MiB
Total Installed Size: 131.18 MiB
:: Proceed with installation? [Y/n]
```
## The longer version
If you ever needed to compile some `C` sources (such as the example listed
[here](#example-program)) on Arch into a 32 bit binary? You might have
encountered the following:
```sh
~ % gcc -o 32ftw -m32 32ftw.c && ./32ftw
In file included from /usr/include/features.h:515,
from /usr/include/bits/libc-header-start.h:33,
from /usr/include/stdio.h:27,
from 32ftw.c:2:
/usr/include/gnu/stubs.h:7:11: fatal error: gnu/stubs-32.h: No such file or directory
7 | # include <gnu/stubs-32.h>
| ^~~~~~~~~~~~~~~~
compilation terminated.
```
Alright, a quick search and [an answer on Arch
forums](https://bbs.archlinux.org/viewtopic.php?pid=1136063#p1136063) points to
a (spoiler: *partial*) solution: `lib32-glibc` is needed, so let's install it
```sh
~ % sudo pacman -S lib32-glibc
```
and try again:
```sh
~ % gcc -o 32ftw -m32 32ftw.c && ./32ftw
/usr/sbin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-linux-gnu/13.1.1/../../../libgcc_s.so.1 when searching for libgcc_s.so.1
/usr/sbin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-linux-gnu/13.1.1/../../../libgcc_s.so.1 when searching for libgcc_s.so.1
/usr/sbin/ld: skipping incompatible /usr/lib/libgcc_s.so.1 when searching for libgcc_s.so.1
/usr/sbin/ld: cannot find libgcc_s.so.1: No such file or directory
/usr/sbin/ld: skipping incompatible /usr/lib/gcc/x86_64-pc-linux-gnu/13.1.1/../../../libgcc_s.so.1 when searching for libgcc_s.so.1
/usr/sbin/ld: skipping incompatible /usr/lib/libgcc_s.so.1 when searching for libgcc_s.so.1
collect2: error: ld returned 1 exit status
```
> Oh no, it still refuses to work.
As is *somewhat* hinted in the linker's error message depicted above, the
problem can be rectified by installing the GCC libraries (the 32bit version, of
course), which in Arch's `core` repository lives under the name
`lib32-gcc-libs`:
```sh
~ % sudo pacman -S lib32-gcc-libs
```
Now the program can finally be compiled and run and we can see it's a 32bit
binary.
```sh
~ % gcc -o 32ftw -m32 32ftw.c && ./32ftw
hey 32!
esp: 0xff8d27f0
~ % file ./32ftw
32ftw: ELF 32-bit LSB pie executable, Intel 80386, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux.so.2, BuildID[sha1]=2ff0c8dce8f64db4960aa6aef6cd9936326e990d, for GNU/Linux 4.4.0, not stripped
~ % ldd ./32ftw
linux-gate.so.1 (0xf7f50000)
libc.so.6 => /usr/lib32/libc.so.6 (0xf7ce5000)
/lib/ld-linux.so.2 => /usr/lib/ld-linux.so.2 (0xf7f52000)
```
## Closing words
To sum up, compiling a `C` program for 32bit on contemporary Arch works fine
with just a handful of dependencies. In author's opinion, this could be
highlighted better in the Archwiki, but perhaps the target audience is so small
that it hasn't even been considered.
For a not-much-talking summary, check out [TL;DR's calling it a
day](#installing-deps-and-calling-it-a-day).

22
content/privacy.md Normal file

@ -0,0 +1,22 @@
---
title: "privacy"
description: "an overview of dotya.ml's information collection/use practices (spoiler - we don't sell your data)"
date: 2022-08-30T12:47:37+02:00
lastmod: 2022-08-30T12:47:37+02:00
enableGitInfo: true
draft: false
---
### tl;dr
[Access logs](https://en.wikipedia.org/wiki/Server_log) are stored for up to 30 days for the purpose of defending against abuse.
### the long version
Since I don't like such practices myself, this site *does not* collect
*any* kind of user/browser/device/user agent/network identifier,
which - for simplicity's sake is - no data at all - **FOR PROFIT**.\
Period.
No personally identifiable data is collected - actively or passively - and therefore can't be passed on to third parties (such as advertisement companies), nor is there any intention of *ever* doing so.
Visitor device's apparent IP address *is stored* in access log, along with a [user agent](https://duckduckgo.com/?t=ffab&q=user+agent) string, which allows us to defend against abuse.
These logs are automatically overwriten approximately every 30 days.

25
content/services.md Normal file

@ -0,0 +1,25 @@
---
title: "services"
description: "a non-exhaustive list of services hosted by dotya.ml available to the community"
date: 2022-08-30T11:50:50+02:00
lastmod: 2022-08-30T11:50:50+02:00
enableGitInfo: true
toc: true
draft: false
---
a non-exhaustive list of services available to the community:
* [Gitea](https://gitea.io) SCM instance at https://git.dotya.ml
* [DroneCI](https://drone.io) instance (login with a Gitea account) at https://drone.dotya.ml
* DNS resolvers:
* [DNSCrypt](https://dnscrypt.info/) resolver (see [DNSCrypt]({{< relref "posts/dnscrypt" >}}))
* [CoreDNS](https://coredns.io/) serving
[DNS-over-TLS](https://www.rfc-editor.org/rfc/rfc7858) at
`dns.dotya.ml:853`, and
[DNS-over-HTTPS](https://en.wikipedia.org/wiki/DNS_over_HTTPS) at
`https://dns.dotya.ml/dns-query`|`https://dns.dotya.ml:4053/dns-query`
([config](https://git.dotya.ml/dotya.ml/coredns)).
* [SearXNG](https://github.com/searxng/searxng) *metasearch* engine instance at https://searxng.dotya.ml/
* [tmate](https://tmate.io/) server (see https://git.dotya.ml/dotya.ml/tmate)
also check out [onions 🧅]({{< relref "onions" >}}) to learn about services accessible via TOR.

@ -1,18 +0,0 @@
---
title: "dotya.ml status"
date: 2020-03-07T02:13:07+01:00
draft: false
---
Any information regarding status of the site and services will be posted here.
### Security
* HTTP headers insight as per [Mozilla HTTP Observatory](https://observatory.mozilla.org/analyze/dotya.ml)\
Scoring 125 out of 100 points
* SSL Labs [TLS rating](https://www.ssllabs.com/ssltest/analyze.html?d=dotya.ml): *A+*
### Uptime
* dotya.ml services [UptimeRobot stats](https://stats.uptimerobot.com/93yPqFmmx8)

56
docker-compose.yml Normal file

@ -0,0 +1,56 @@
---
version: '3'
services:
#reverse-proxy:
# image: docker.io/library/traefik:2.9.6
# command: --api=false --api.dashboard=false --providers.docker
# mem_limit: 64m
# networks:
# - internal-nw
# - default
# ports:
# - 127.0.0.1:1314:80
# restart: always
# volumes:
# # So that traefik can listen to the Docker events
# - /run/docker.sock:/var/run/docker.sock:ro
# healthcheck:
# # DON'T
# # test: "/usr/bin/wget -q -Y off http://localhost:80/about -O /dev/null > /dev/null 2>&1"
# # DO:
# test: "/usr/bin/wget -q -Y off http://localhost:80/about -O /dev/null 2>&-"
# interval: 10s
# retries: 20
homepage:
build:
context: .
image: homepage
mem_limit: 8m
networks:
# - internal-nw
- default
ports:
- 127.0.0.1:1314:1314
restart: always
#labels:
# - traefik.enable=true
# - traefik.http.services.homepage.loadbalancer.server.port=1314
# - traefik.http.routers.homepage.rule=Host(`localhost`) || Host(`127.0.0.1`) || Host(`homepage`) || Host(`6426tqrh4y5uobmo5y2csaip3m3avmjegd2kpa24sadekpxglbm34aqd.onion`)
logging:
driver: json-file
options:
max-size: "5m"
max-file: "5"
networks:
# internal-nw:
# internal: true
default:
volumes:
none:
...

3
go.mod Normal file

@ -0,0 +1,3 @@
module git.dotya.ml/dotya.ml/homepage
go 1.20

@ -0,0 +1,51 @@
<!DOCTYPE html>
<html lang="{{.Site.LanguageCode}}">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta http-equiv="X-UA-Compatible" content="ie=edge">
{{- with .Site.Params.themeColor }}
<meta name="description" content="{{if $.IsHome}}{{ $.Site.Params.description }}{{else}}{{$.Description}}{{end}}">
<meta name="theme-color" content="{{.}}">
<meta name="msapplication-TileColor" content="{{.}}">
{{- end }}
{{- partial "structured-data.html" . }}
{{- partial "favicons.html" }}
<title>{{.Title}}</title>
{{ range .AlternativeOutputFormats -}}
{{ printf `<link rel="%s" type="%s" href="%s" title="%s" />` .Rel .MediaType.Type .Permalink $.Title | safeHTML }}
{{ end -}}
{{ $style := resources.Get "scss/style.scss" | resources.ExecuteAsTemplate "css/style.css" . | toCSS | minify | fingerprint -}}
<link rel="stylesheet" href="{{ $style.Permalink }}" {{ printf "integrity=%q" $style.Data.Integrity | safeHTMLAttr }} crossorigin="anonymous">
{{- block "head" . -}}{{- end }}
{{- range .Site.Params.customCSS }}
<link rel="stylesheet" href="{{ . | absURL }}">
{{- end }}
{{- if templates.Exists "partials/extra-head.html" -}}
{{ partial "extra-head.html" . }}
{{- end }}
</head>
<body id="page">
{{ block "header" . -}}{{ end -}}
{{ block "main" . -}}{{ end -}}
{{ block "footer" . -}}{{ end }}
{{ $main := resources.Get "js/main.js" -}}
{{ if .Site.Params.code_copy_button | default true -}}
{{ $codeCopy := resources.Get "js/code-copy.js" -}}
{{ $script := slice $main $codeCopy | resources.Concat "js/bundle.js" | minify | fingerprint -}}
<script src="{{ $script.Permalink }}" {{ printf "integrity=%q" $script.Data.Integrity | safeHTMLAttr }} crossorigin="anonymous"></script>
{{ else -}}
{{ $script := $main | minify | fingerprint -}}
<script src="{{ $script.Permalink }}" {{ printf "integrity=%q" $script.Data.Integrity | safeHTMLAttr }} crossorigin="anonymous"></script>
{{ end }}
{{- partial "analytics.html" . }}
{{- if templates.Exists "partials/extra-foot.html" -}}
{{ partial "extra-foot.html" . }}
{{- end }}
</body>
</html>

26
layouts/_default/rss.xml Normal file

@ -0,0 +1,26 @@
<rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom">
<channel>
<title>{{ if eq .Title .Site.Title }}{{ .Site.Title }}{{ else }}{{ with .Title }}{{.}} on {{ end }}{{ .Site.Title }}{{ end }}</title>
<link>{{ .Permalink }}</link>
<description>Recent content {{ if ne .Title .Site.Title }}{{ with .Title }}in {{.}} {{ end }}{{ end }}on {{ .Site.Title }}</description>
<generator>Hugo -- gohugo.io</generator>{{ with .Site.LanguageCode }}
<language>{{.}}</language>{{end}}{{ with .Site.Author.email }}
<managingEditor>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</managingEditor>{{end}}{{ with .Site.Author.email }}
<webMaster>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</webMaster>{{end}}{{ with .Site.Copyright }}
<copyright>{{.}}</copyright>{{end}}{{ if not .Date.IsZero }}
<lastBuildDate>{{ .Date.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</lastBuildDate>{{ end }}
{{ with .OutputFormats.Get "RSS" }}
{{ printf "<atom:link href=%q rel=\"self\" type=%q />" .Permalink .MediaType | safeHTML }}
{{ end }}
{{ range .Pages }}
<item>
<title>{{ .Title }}</title>
<link>{{ .Permalink }}</link>
<pubDate>{{ .Date.Format "Mon, 02 Jan 2006 15:04:05 -0700" | safeHTML }}</pubDate>
{{ with .Site.Author.email }}<author>{{.}}{{ with $.Site.Author.name }} ({{.}}){{end}}</author>{{end}}
<guid>{{ .Permalink }}</guid>
<description>{{ .Content | html }}</description>
</item>
{{ end }}
</channel>
</rss>

@ -1,4 +1,7 @@
{{ define "head" }} {{ define "head" }}
{{ with .OutputFormats.Get "rss" -}}
{{ printf `<link rel="%s" type="%s" href="%s" title="%s" />` .Rel .MediaType.Type .Permalink $.Site.Title | safeHTML }}
{{ end -}}
{{ if .Site.Params.bgImg -}} {{ if .Site.Params.bgImg -}}
<style>.bg-img {background-image: url('{{.Site.Params.bgImg}}');}</style> <style>.bg-img {background-image: url('{{.Site.Params.bgImg}}');}</style>
{{- else if .Site.Params.images -}} {{- else if .Site.Params.images -}}
@ -27,9 +30,10 @@
{{ partialCached "menu.html" . }} {{ partialCached "menu.html" . }}
</nav> </nav>
</div> </div>
<div id="home-footer"> <div id="home-footer" role="contentinfo">
<p> <p>
&copy; {{ now.Format "2006" }} <a href="{{ .Site.BaseURL }}">{{ .Site.Author.name }}</a>{{ .Site.Params.footerCopyright | safeHTML }} &#183 <a href="https://git.dotya.ml/dotya.ml/dotya_homepage" title="source code" target="_blank" rel="noopener">source</a> &copy; {{ now.Format "2006" }} <a href="{{ .Site.BaseURL }}">{{ .Site.Author.name }}</a>{{ .Site.Params.footerCopyright | safeHTML }} &#183; <a href="https://git.dotya.ml/dotya.ml/homepage" title="source code" target="_blank" rel="noopener">source</a> &#183; <a href="https://status.dotya.ml" title="service status" target="_blank" rel="noopener">status</a>
{{- with (not (in (.Site.Params.Language.Get "disabledKinds") "RSS")) }} &#183; <a href="{{ "index.xml" | absLangURL }}" target="_blank" title="rss"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-rss"><path d="M4 11a9 9 0 0 1 9 9"></path><path d="M4 4a16 16 0 0 1 16 16"></path><circle cx="5" cy="19" r="1"></circle></svg></a>{{ end }}
</p> </p>
</div> </div>
</div> </div>

@ -1,3 +1,3 @@
<footer id="site-footer" class="section-inner thin animated fadeIn faster"> <footer id="site-footer" class="section-inner thin animated fadeIn faster" role="contentinfo">
<p>&copy; {{ now.Format "2006" }} <a href="{{ .Site.BaseURL }}">{{ .Site.Author.name }}</a>{{ .Site.Params.footerCopyright | safeHTML }} &#183 <a href="https://git.dotya.ml/dotya.ml/dotya_homepage" title="source code" target="_blank" rel="noopener">source</a></p> <p>&copy; {{ now.Format "2006" }} <a href="{{ .Site.BaseURL }}">{{ .Site.Author.name }}</a>{{ .Site.Params.footerCopyright | safeHTML }} &#183 <a href="https://git.dotya.ml/dotya.ml/homepage" title="source code" target="_blank" rel="noopener">source</a> &#183 <a href="https://status.dotya.ml" title="service status" target="_blank" rel="noopener">status</a>{{if .Site.Params.enableGitInfo}}<br/><a href="https://git.dotya.ml/dotya.ml/homepage/commit/{{ .GitInfo.Hash }}" target="_blank" rel="noopener">commit {{ .GitInfo.AbbreviatedHash }}</a>{{end}}</p>
</footer> </footer>

File diff suppressed because one or more lines are too long

77
layouts/posts/single.html Normal file

@ -0,0 +1,77 @@
{{ define "head" }}
{{ if .Params.featuredImg -}}
<style>.bg-img {background-image: url('{{.Params.featuredImg}}');}</style>
{{- else if .Params.images -}}
{{- range first 1 .Params.images -}}
<style>.bg-img {background-image: url('{{. | absURL}}');}</style>
{{- end -}}
{{- end -}}
{{ end }}
{{ define "header" }}
{{ partial "header.html" . }}
{{ end }}
{{ define "main" }}
{{- if (or .Params.images .Params.featuredImg) }}
<div class="bg-img"></div>
{{- end }}
<main class="site-main section-inner animated fadeIn faster">
<article class="thin">
<header class="post-header">
<div class="post-meta"><span>{{ .Date.Format .Site.Params.dateform }}</span></div>
<h1>{{ .Title }}</h1>
</header>
<div class="content">
{{ .Content | replaceRE "(<h[1-6] id=\"([^\"]+)\".+)(</h[1-6]+>)" `${1}<a href="#${2}" class="anchor" aria-hidden="true"><svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M15 7h3a5 5 0 0 1 5 5 5 5 0 0 1-5 5h-3m-6 0H6a5 5 0 0 1-5-5 5 5 0 0 1 5-5h3"></path><line x1="8" y1="12" x2="16" y2="12"></line></svg></a>${3}` | safeHTML }}
</div>
{{- if .Site.Params.relatedPosts }}
{{- partial "related-posts.html" . -}}
{{- end }}
<hr class="post-end">
<footer class="post-info">
{{- with $.Param "author" }}
<p><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-feather"><path d="M20.24 12.24a6 6 0 0 0-8.49-8.49L5 10.5V19h8.5z"></path><line x1="16" y1="8" x2="2" y2="22"></line><line x1="17.5" y1="15" x2="9" y2="15"></line></svg>{{ . }}</p>
{{- end }}
{{- with .Params.tags }}
<p>
<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-tag meta-icon"><path d="M20.59 13.41l-7.17 7.17a2 2 0 0 1-2.83 0L2 12V2h10l8.59 8.59a2 2 0 0 1 0 2.82z"></path><line x1="7" y1="7" x2="7" y2="7"></line></svg>
{{- range . -}}
<span class="tag"><a href="{{ "tags/" | absLangURL }}{{ . | urlize }}">{{.}}</a></span>
{{- end }}
</p>
{{- end }}
<p><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-file-text"><path d="M14 2H6a2 2 0 0 0-2 2v16a2 2 0 0 0 2 2h12a2 2 0 0 0 2-2V8z"></path><polyline points="14 2 14 8 20 8"></polyline><line x1="16" y1="13" x2="8" y2="13"></line><line x1="16" y1="17" x2="8" y2="17"></line><polyline points="10 9 9 9 8 9"></polyline></svg>{{ i18n "wordCount" . }}</p>
<p><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-calendar"><rect x="3" y="4" width="18" height="18" rx="2" ry="2"></rect><line x1="16" y1="2" x2="16" y2="6"></line><line x1="8" y1="2" x2="8" y2="6"></line><line x1="3" y1="10" x2="21" y2="10"></line></svg>{{ dateFormat .Site.Params.dateformNumTime .Date.Local }}{{- if .Lastmod }} (last modified {{ dateFormat .Site.Params.dateformNumTime .Lastmod }}){{- end -}}</p>
{{- if and .GitInfo .Site.Params.gitUrl }}
<p><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-git-commit"><circle cx="12" cy="12" r="4"></circle><line x1="1.05" y1="12" x2="7" y2="12"></line><line x1="17.01" y1="12" x2="22.96" y2="12"></line></svg><a href="{{ .Site.Params.gitUrl -}}{{ .GitInfo.Hash }}" target="_blank" rel="noopener">{{ .GitInfo.AbbreviatedHash }}</a> @ {{ dateFormat .Site.Params.dateformNum .GitInfo.AuthorDate.Local }}</p>
{{- end }}
</footer>
</article>
{{- if .Params.toc }}
<aside id="toc">
<div class="toc-title">{{ i18n "tableOfContents" }}</div>
{{ .TableOfContents }}
</aside>
{{- end }}
<div class="post-nav thin">
{{- with .NextInSection }}
<a class="next-post" href="{{ .Permalink }}">
<span class="post-nav-label"><svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-left"><line x1="19" y1="12" x2="5" y2="12"></line><polyline points="12 19 5 12 12 5"></polyline></svg>&nbsp;{{ i18n "newer" }}</span><br><span>{{ .Title }}</span>
</a>
{{- end }}
{{- with .PrevInSection }}
<a class="prev-post" href="{{ .Permalink }}">
<span class="post-nav-label">{{ i18n "older" }}&nbsp;<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round" class="feather feather-arrow-right"><line x1="5" y1="12" x2="19" y2="12"></line><polyline points="12 5 19 12 12 19"></polyline></svg></span><br><span>{{ .Title }}</span>
</a>
{{- end }}
</div>
<div id="comments" class="thin">
{{- partial "comments.html" . -}}
</div>
</main>
{{ end }}
{{ define "footer" }}
{{ partialCached "footer.html" . }}
{{ end }}

@ -0,0 +1,2 @@
<!-- raw html -->
{{.Inner}}

92
main.go Normal file

@ -0,0 +1,92 @@
package main
import (
"embed"
"fmt"
"io/fs"
"log"
"net/http"
"os"
"path"
"time"
)
var version = "development"
//go:embed public/*
var embeddedPublic embed.FS
// bytes of the 404.html page.
var b404 []byte
// usrIP is a good way to read the src IP this way because we trust our proxy.
// largely from: https://stackoverflow.com/a/55738279
func usrIP(r *http.Request) string {
ip := r.Header.Get("x-forwarded-for")
if ip == "" {
ip = r.Header.Get("x-real-ip")
}
if ip == "" {
ip = r.RemoteAddr
}
return ip
}
// notFound writes back 404 and the 404 page.
func notFound(w http.ResponseWriter, r *http.Request) {
w.WriteHeader(http.StatusNotFound)
w.Write(b404)
}
// handleNotFound allows us to override the response on e.g. 404.
// inspired by https://stackoverflow.com/a/62747667
func handleNotFound(fs http.FileSystem) http.Handler {
fileServer := http.FileServer(fs)
return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
p := r.URL.Path
// so as not to allow path traversals.
cleanedPath := path.Clean(p)
_, err := fs.Open(cleanedPath)
if os.IsNotExist(err) {
log.Printf("Error 404 Not Found when serving path: %s, cleaned path: %s, IP: %s",
p, cleanedPath, usrIP(r))
notFound(w, r)
return
}
fileServer.ServeHTTP(w, r)
})
}
func main() {
// TODO: ENV WHATPORT
// TODO: add /ip endpoint that returns the src IP.
f404, err := embeddedPublic.ReadFile("public/404.html")
if err != nil {
log.Fatalf("no 404.html in the folder, weird: %s", fmt.Errorf("err: %w", err))
}
b404 = f404
root, err := fs.Sub(embeddedPublic, "public")
if err != nil {
log.Fatal(err)
}
log.Printf("Starting app built from revision '%s'\n", version)
log.Print("Listening on :1314...")
// https://blog.cloudflare.com/the-complete-guide-to-golang-net-http-timeouts/
srv := http.Server{
ReadTimeout: 15 * time.Second,
WriteTimeout: 15 * time.Second,
Addr: ":1314",
Handler: handleNotFound(http.FS(root)),
}
err = srv.ListenAndServe()
if err != nil {
log.Fatal(err)
}
}

@ -5,6 +5,7 @@ User-agent: Mediapartners*
Disallow: / Disallow: /
User-Agent: * User-Agent: *
Disallow: /404.html Disallow: /categories
Disallow: /categories/ Disallow: /tags
Sitemap: https://dotya.ml/sitemap.xml Sitemap: https://dotya.ml/sitemap.xml

@ -1,6 +1,7 @@
{ {
"name": "", "name": "dotya.ml",
"short_name": "", "short_name": "dotya.ml",
"start_url":"https://dotya.ml/",
"icons": [ "icons": [
{ {
"src": "/android-chrome-192x192.png", "src": "/android-chrome-192x192.png",