commit - ec3c217bbb702f600b7a59426a483075d1df9c16
commit + 400eba655aebc37d352b86c151f449436ada88c8
blob - /dev/null
blob + e3e009237ed0f1b4862a202fba042107f5cdd928 (mode 755)
--- /dev/null
+++ deploy
+#!/bin/sh -xe
+
+ipv4='46.23.94.50'
+ipv6='2a03:6000:6f66:640::50'
+
+# shellcheck disable=SC2016
+doas_conf='
+permit nopass setenv { ENV PS1 SSH_AUTH_SOCK PATH=$PATH HOME=$HOME } :wheel
+permit nopass keepenv root as root
+'
+
+# shellcheck disable=SC2016
+httpd_conf_with_tls='
+server "runbsd.info" {
+ alias "*.runbsd.info"
+ listen on * port 80
+ block return 301 "https://runbsd.info$REQUEST_URI"
+}
+
+server "runbsd.info" {
+ alias "*.runbsd.info"
+ listen on 127.0.0.1 port 8080
+ root "/htdocs/runbsd"
+ log style combined
+ location "/.well-known/acme-challenge/*" {
+ root "/acme"
+ request strip 2
+ }
+}
+'
+
+# shellcheck disable=SC2016
+httpd_conf='
+server "runbsd.info" {
+ alias "*.runbsd.info"
+ listen on * port 80
+ root "/htdocs/runbsd"
+ location "/.well-known/acme-challenge/*" {
+ root "/acme"
+ request strip 2
+ }
+}
+
+server "www.runbsd.info" {
+ listen on * port 80
+ block return 301 "http://runbsd.info$REQUEST_URI"
+}
+'
+
+# shellcheck disable=SC2016
+relayd_conf='
+ipv4="'"$ipv4"'"
+ipv6="'"$ipv6"'"
+
+table <local> { 127.0.0.1 }
+
+http protocol https {
+ tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+ match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
+ match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
+ match request header append "X-Forwarded-Port" value "$REMOTE_PORT"
+
+ match response header set "Content-Security-Policy" value "default-src '\''none'\''; font-src '\''self'\'' runbsd.info; script-src '\''self'\'' runbsd.info; style-src '\''self'\'' runbsd.info '\''unsafe-inline'\''; img-src '\''self'\'' runbsd.info; base-uri '\''none'\''; form-action '\''self'\'' runbsd.info; frame-ancestors '\''none'\''"
+
+ match response header set "Feature-Policy" value "camera '\''none'\''; microphone '\''none'\''"
+ match response header set "Server" value "RGZ.EE"
+ # match response header set "Cache-Control" value "max-age=31536000"
+ match response header set "Referrer-Policy" value "no-referrer"
+ match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
+ match response header set "X-Content-Type-Options" value "nosniff"
+ match response header set "X-Frame-Options" value "deny"
+ match response header set "X-XSS-Protection" value "1; mode=block"
+
+ return error
+ pass
+}
+
+relay wwwtls {
+ listen on $ipv4 port 443 tls
+ listen on $ipv6 port 443 tls
+ protocol https
+ forward to <local> port 8080
+}
+'
+acme_client_conf='
+authority letsencrypt {
+ api url "https://acme-v02.api.letsencrypt.org/directory"
+ account key "/etc/ssl/private/letsencrypt.key"
+}
+
+domain runbsd.info {
+ alternative names { runbsd.info, www.runbsd.info }
+ domain key "/etc/ssl/private/runbsd.key"
+ domain certificate "/etc/ssl/runbsd.crt"
+ domain full chain certificate "/etc/ssl/runbsd.pem"
+ sign with letsencrypt
+}
+'
+
+ssh runbsd 'set -xe
+pkg_add -u
+pkg_add git lowdown
+pkg_delete -a
+
+mkdir -p -m 755 /var/www/htdocs/runbsd
+mkdir -p -m 700 /etc/ssl/private
+mkdir -p -m 755 /var/www/acme
+mkdir -p -m 755 /var/www/bin
+
+echo '\'"$doas_conf"\'' > /etc/doas.conf
+echo '\'"$relayd_conf"\'' > /etc/relayd.conf
+echo '\'"$acme_client_conf"\'' > /etc/acme-client.conf
+echo '\'"$httpd_conf"\'' > /etc/httpd.conf
+
+rcctl enable httpd
+httpd -n
+rcctl restart httpd
+
+acme-client -n runbsd.info
+acme-client -vF runbsd.info
+
+ln -fs /etc/ssl/private/runbsd.key /etc/ssl/private/'"$ipv4"'.key
+ln -fs /etc/ssl/private/runbsd.key "/etc/ssl/private/'"$ipv6"'.key"
+ln -fs /etc/ssl/runbsd.pem /etc/ssl/'"$ipv4"'.crt
+ln -fs /etc/ssl/runbsd.pem "/etc/ssl/'"$ipv6"'.crt"
+
+echo '\'"$httpd_conf_with_tls"\'' > /etc/httpd.conf
+httpd -n
+rcctl restart httpd
+rcctl enable relayd
+relayd -n
+rcctl restart relayd
+mkdir -p -m 755 /var/www/git
+git init --bare /var/www/git/runbsd.git
+'
+scp ssg6 runbsd:/var/www/bin/ssg6
+scp post-receive runbsd:/var/www/git/runbsd.git/hooks/post-receive
+
+git remote add runbsd runbsd:/var/www/git/runbsd.git
blob - /dev/null
blob + ed5b3df258e2d9eed0e6bc30f18957649ba06f5a (mode 755)
--- /dev/null
+++ ssg6
+#!/bin/sh -e
+#
+# https://rgz.ee/bin/ssg6
+# Copyright 2018-2019 Roman Zolotarev <hi@romanzolotarev.com>
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+main() {
+ test -n "$1" || usage
+ test -n "$2" || usage
+ test -n "$3" || usage
+ test -n "$4" || usage
+ test -d "$1" || no_dir "$1"
+ test -d "$2" || no_dir "$2"
+
+ src=$(readlink_f "$1")
+ dst=$(readlink_f "$2")
+
+ IGNORE=$(
+ if ! test -f "$src/.ssgignore"; then
+ printf ' ! -path "*/.*"'
+ return
+ fi
+ while read -r x; do
+ test -n "$x" || continue
+ printf ' ! -path "*/%s*"' "$x"
+ done <"$src/.ssgignore"
+ )
+
+ # files
+
+ title="$3"
+
+ h_file="$src/_header.html"
+ f_file="$src/_footer.html"
+ test -f "$f_file" && FOOTER=$(cat "$f_file") && export FOOTER
+ test -f "$h_file" && HEADER=$(cat "$h_file") && export HEADER
+
+ list_dirs "$src" |
+ (cd "$src" && cpio -pdu "$dst")
+
+ fs=$(
+ if test -f "$dst/.files"; then
+ list_affected_files "$src" "$dst/.files"
+ else
+ list_files "$1"
+ fi
+ )
+
+ if test -n "$fs"; then
+ echo "$fs" | tee "$dst/.files"
+
+ if echo "$fs" | grep -q '\.md$'; then
+ if test -x "$(which lowdown 2>/dev/null)"; then
+ echo "$fs" | grep '\.md$' |
+ render_md_files_lowdown "$src" "$dst" "$title"
+ else
+ if test -x "$(which Markdown.pl 2>/dev/null)"; then
+ echo "$fs" | grep '\.md$' |
+ render_md_files_Markdown_pl "$src" "$dst" "$title"
+ else
+ echo "couldn't find lowdown nor Markdown.pl"
+ exit 3
+ fi
+ fi
+ fi
+
+ echo "$fs" | grep '\.html$' |
+ render_html_files "$src" "$dst" "$title"
+
+ echo "$fs" | grep -Ev '\.md$|\.html$' |
+ (cd "$src" && cpio -pu "$dst")
+ fi
+
+ printf '[ssg] ' >&2
+ print_status 'file, ' 'files, ' "$fs" >&2
+
+ # sitemap
+
+ base_url="$4"
+ date=$(date +%Y-%m-%d)
+ urls=$(list_pages "$src")
+
+ test -n "$urls" &&
+ render_sitemap "$urls" "$base_url" "$date" >"$dst/sitemap.xml"
+
+ print_status 'url' 'urls' "$urls" >&2
+ echo >&2
+}
+
+readlink_f() {
+ file="$1"
+ cd "$(dirname "$file")"
+ file=$(basename "$file")
+ while test -L "$file"; do
+ file=$(readlink "$file")
+ cd "$(dirname "$file")"
+ file=$(basename "$file")
+ done
+ dir=$(pwd -P)
+ echo "$dir/$file"
+}
+
+print_status() {
+ test -z "$3" && printf 'no %s' "$2" && return
+
+ echo "$3" | awk -v singular="$1" -v plural="$2" '
+ END {
+ if (NR==1) printf NR " " singular
+ if (NR>1) printf NR " " plural
+ }'
+}
+
+usage() {
+ echo "usage: ${0##*/} src dst title base_url" >&2
+ exit 1
+}
+
+no_dir() {
+ echo "${0##*/}: $1: No such directory" >&2
+ exit 2
+}
+
+list_dirs() {
+ cd "$1" && eval "find . -type d ! -name '.' ! -path '*/_*' $IGNORE"
+}
+
+list_files() {
+ cd "$1" && eval "find . -type f ! -name '.' ! -path '*/_*' $IGNORE"
+}
+
+list_dependant_files() {
+ e="\\( -name '*.html' -o -name '*.md' -o -name '*.css' -o -name '*.js' \\)"
+ cd "$1" && eval "find . -type f ! -name '.' ! -path '*/_*' $IGNORE $e"
+}
+
+list_newer_files() {
+ cd "$1" && eval "find . -type f ! -name '.' $IGNORE -newer $2"
+}
+
+has_partials() {
+ grep -qE '^./_.*\.html$|^./_.*\.js$|^./_.*\.css$'
+}
+
+list_affected_files() {
+ fs=$(list_newer_files "$1" "$2")
+
+ if echo "$fs" | has_partials; then
+ list_dependant_files "$1"
+ else
+ echo "$fs"
+ fi
+}
+
+render_html_files() {
+ while read -r f; do
+ render_html_file "$3" <"$1/$f" >"$2/$f"
+ done
+}
+
+render_md_files_lowdown() {
+ while read -r f; do
+ lowdown \
+ --html-no-escapehtml \
+ --html-no-skiphtml \
+ --parse-no-metadata \
+ --parse-no-autolink <"$1/$f" |
+ render_html_file "$3" \
+ >"$2/${f%\.md}.html"
+ done
+}
+
+render_md_files_Markdown_pl() {
+ while read -r f; do
+ Markdown.pl <"$1/$f" |
+ render_html_file "$3" \
+ >"$2/${f%\.md}.html"
+ done
+}
+
+render_html_file() {
+ # h/t Devin Teske
+ awk -v title="$1" '
+ { body = body "\n" $0 }
+ END {
+ body = substr(body, 2)
+ if (body ~ /<\/?[Hh][Tt][Mm][Ll]/) {
+ print body
+ exit
+ }
+ if (match(body, /<[[:space:]]*[Hh]1(>|[[:space:]][^>]*>)/)) {
+ t = substr(body, RSTART + RLENGTH)
+ sub("<[[:space:]]*/[[:space:]]*[Hh]1.*", "", t)
+ gsub(/^[[:space:]]*|[[:space:]]$/, "", t)
+ if (t) title = t " — " title
+ }
+ n = split(ENVIRON["HEADER"], header, /\n/)
+ for (i = 1; i <= n; i++) {
+ if (match(tolower(header[i]), "<title></title>")) {
+ head = substr(header[i], 1, RSTART - 1)
+ tail = substr(header[i], RSTART + RLENGTH)
+ print head "<title>" title "</title>" tail
+ } else print header[i]
+ }
+ print body
+ print ENVIRON["FOOTER"]
+ }'
+}
+
+list_pages() {
+ e="\\( -name '*.html' -o -name '*.md' \\)"
+ cd "$1" && eval "find . -type f ! -path '*/.*' ! -path '*/_*' $IGNORE $e" |
+ sed 's#^./##;s#.md$#.html#;s#/index.html$#/#'
+}
+
+render_sitemap() {
+ urls="$1"
+ base_url="$2"
+ date="$3"
+
+ echo '<?xml version="1.0" encoding="UTF-8"?>'
+ echo '<urlset'
+ echo 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
+ echo 'xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9'
+ echo 'http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"'
+ echo 'xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">'
+ echo "$urls" |
+ sed -E 's#^(.*)$#<url><loc>'"$base_url"'/\1</loc><lastmod>'"$date"'</lastmod><priority>1.0</priority></url>#'
+ echo '</urlset>'
+}
+
+main "$@"
