commit 400eba655aebc37d352b86c151f449436ada88c8
from: Roman Zolotarev <hi@romanzolotarev.com>
date: Tue May 25 11:27:56 2021 UTC

add deploy script

commit - ec3c217bbb702f600b7a59426a483075d1df9c16
commit + 400eba655aebc37d352b86c151f449436ada88c8
blob - /dev/null
blob + e3e009237ed0f1b4862a202fba042107f5cdd928 (mode 755)
--- /dev/null
+++ deploy
@@ -0,0 +1,139 @@
+#!/bin/sh -xe
+
+ipv4='46.23.94.50'
+ipv6='2a03:6000:6f66:640::50'
+
+# shellcheck disable=SC2016
+doas_conf='
+permit nopass setenv { ENV PS1 SSH_AUTH_SOCK PATH=$PATH HOME=$HOME } :wheel
+permit nopass keepenv root as root
+'
+
+# shellcheck disable=SC2016
+httpd_conf_with_tls='
+server "runbsd.info" {
+	alias "*.runbsd.info"
+	listen on * port 80
+	block return 301 "https://runbsd.info$REQUEST_URI"
+}
+
+server "runbsd.info" {
+	alias "*.runbsd.info"
+	listen on 127.0.0.1 port 8080
+	root "/htdocs/runbsd"
+	log style combined
+	location "/.well-known/acme-challenge/*" {
+		root "/acme"
+		request strip 2
+	}
+}
+'
+
+# shellcheck disable=SC2016
+httpd_conf='
+server "runbsd.info" {
+	alias "*.runbsd.info"
+  listen on * port 80
+  root "/htdocs/runbsd"
+  location "/.well-known/acme-challenge/*" {
+    root "/acme"
+    request strip 2
+  }
+}
+
+server "www.runbsd.info" {
+  listen on * port 80
+  block return 301 "http://runbsd.info$REQUEST_URI"
+}
+'
+
+# shellcheck disable=SC2016
+relayd_conf='
+ipv4="'"$ipv4"'"
+ipv6="'"$ipv6"'"
+
+table <local> { 127.0.0.1 }
+
+http protocol https {
+	tls ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256"
+        match request header append "X-Forwarded-By" value "$SERVER_ADDR:$SERVER_PORT"
+        match request header append "X-Forwarded-For" value "$REMOTE_ADDR"
+        match request header append "X-Forwarded-Port" value "$REMOTE_PORT"
+
+	match response header set "Content-Security-Policy" value "default-src '\''none'\''; font-src '\''self'\'' runbsd.info; script-src '\''self'\'' runbsd.info; style-src '\''self'\'' runbsd.info '\''unsafe-inline'\''; img-src '\''self'\'' runbsd.info; base-uri '\''none'\''; form-action '\''self'\'' runbsd.info; frame-ancestors '\''none'\''"
+
+	match response header set "Feature-Policy" value "camera '\''none'\''; microphone '\''none'\''"
+	match response header set "Server" value "RGZ.EE"
+        # match response header set "Cache-Control"  value "max-age=31536000"
+        match response header set "Referrer-Policy" value "no-referrer"
+        match response header set "Strict-Transport-Security" value "max-age=31536000; includeSubDomains; preload"
+        match response header set "X-Content-Type-Options" value "nosniff"
+        match response header set "X-Frame-Options" value "deny"
+        match response header set "X-XSS-Protection" value "1; mode=block"
+
+        return error
+        pass
+}
+
+relay wwwtls {
+	listen on $ipv4 port 443 tls
+	listen on $ipv6 port 443 tls
+	protocol https
+	forward to <local> port 8080
+}
+'
+acme_client_conf='
+authority letsencrypt {
+	api url "https://acme-v02.api.letsencrypt.org/directory"
+	account key "/etc/ssl/private/letsencrypt.key"
+}
+
+domain runbsd.info {
+	alternative names { runbsd.info, www.runbsd.info }
+	domain key "/etc/ssl/private/runbsd.key"
+	domain certificate "/etc/ssl/runbsd.crt"
+	domain full chain certificate "/etc/ssl/runbsd.pem"
+	sign with letsencrypt
+}
+'
+
+ssh runbsd 'set -xe
+pkg_add -u 
+pkg_add git lowdown
+pkg_delete -a
+
+mkdir -p -m 755 /var/www/htdocs/runbsd
+mkdir -p -m 700 /etc/ssl/private
+mkdir -p -m 755 /var/www/acme
+mkdir -p -m 755 /var/www/bin
+
+echo '\'"$doas_conf"\'' > /etc/doas.conf
+echo '\'"$relayd_conf"\'' > /etc/relayd.conf
+echo '\'"$acme_client_conf"\'' > /etc/acme-client.conf
+echo '\'"$httpd_conf"\'' > /etc/httpd.conf
+
+rcctl enable httpd
+httpd -n
+rcctl restart httpd
+
+acme-client -n runbsd.info
+acme-client -vF runbsd.info
+
+ln -fs /etc/ssl/private/runbsd.key /etc/ssl/private/'"$ipv4"'.key
+ln -fs /etc/ssl/private/runbsd.key "/etc/ssl/private/'"$ipv6"'.key"
+ln -fs /etc/ssl/runbsd.pem /etc/ssl/'"$ipv4"'.crt
+ln -fs /etc/ssl/runbsd.pem "/etc/ssl/'"$ipv6"'.crt"
+
+echo '\'"$httpd_conf_with_tls"\'' > /etc/httpd.conf
+httpd -n
+rcctl restart httpd
+rcctl enable relayd
+relayd -n
+rcctl restart relayd
+mkdir -p -m 755 /var/www/git
+git init --bare /var/www/git/runbsd.git
+'
+scp ssg6 runbsd:/var/www/bin/ssg6
+scp post-receive runbsd:/var/www/git/runbsd.git/hooks/post-receive
+
+git remote add runbsd runbsd:/var/www/git/runbsd.git
blob - /dev/null
blob + ed5b3df258e2d9eed0e6bc30f18957649ba06f5a (mode 755)
--- /dev/null
+++ ssg6
@@ -0,0 +1,243 @@
+#!/bin/sh -e
+#
+# https://rgz.ee/bin/ssg6
+# Copyright 2018-2019 Roman Zolotarev <hi@romanzolotarev.com>
+#
+# Permission to use, copy, modify, and/or distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+# WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+# ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+# WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+# ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+# OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+#
+
+main() {
+	test -n "$1" || usage
+	test -n "$2" || usage
+	test -n "$3" || usage
+	test -n "$4" || usage
+	test -d "$1" || no_dir "$1"
+	test -d "$2" || no_dir "$2"
+
+	src=$(readlink_f "$1")
+	dst=$(readlink_f "$2")
+
+	IGNORE=$(
+		if ! test -f "$src/.ssgignore"; then
+			printf ' ! -path "*/.*"'
+			return
+		fi
+		while read -r x; do
+			test -n "$x" || continue
+			printf ' ! -path "*/%s*"' "$x"
+		done <"$src/.ssgignore"
+	)
+
+	# files
+
+	title="$3"
+
+	h_file="$src/_header.html"
+	f_file="$src/_footer.html"
+	test -f "$f_file" && FOOTER=$(cat "$f_file") && export FOOTER
+	test -f "$h_file" && HEADER=$(cat "$h_file") && export HEADER
+
+	list_dirs "$src" |
+		(cd "$src" && cpio -pdu "$dst")
+
+	fs=$(
+		if test -f "$dst/.files"; then
+			list_affected_files "$src" "$dst/.files"
+		else
+			list_files "$1"
+		fi
+	)
+
+	if test -n "$fs"; then
+		echo "$fs" | tee "$dst/.files"
+
+		if echo "$fs" | grep -q '\.md$'; then
+			if test -x "$(which lowdown 2>/dev/null)"; then
+				echo "$fs" | grep '\.md$' |
+					render_md_files_lowdown "$src" "$dst" "$title"
+			else
+				if test -x "$(which Markdown.pl 2>/dev/null)"; then
+					echo "$fs" | grep '\.md$' |
+						render_md_files_Markdown_pl "$src" "$dst" "$title"
+				else
+					echo "couldn't find lowdown nor Markdown.pl"
+					exit 3
+				fi
+			fi
+		fi
+
+		echo "$fs" | grep '\.html$' |
+			render_html_files "$src" "$dst" "$title"
+
+		echo "$fs" | grep -Ev '\.md$|\.html$' |
+			(cd "$src" && cpio -pu "$dst")
+	fi
+
+	printf '[ssg] ' >&2
+	print_status 'file, ' 'files, ' "$fs" >&2
+
+	# sitemap
+
+	base_url="$4"
+	date=$(date +%Y-%m-%d)
+	urls=$(list_pages "$src")
+
+	test -n "$urls" &&
+		render_sitemap "$urls" "$base_url" "$date" >"$dst/sitemap.xml"
+
+	print_status 'url' 'urls' "$urls" >&2
+	echo >&2
+}
+
+readlink_f() {
+	file="$1"
+	cd "$(dirname "$file")"
+	file=$(basename "$file")
+	while test -L "$file"; do
+		file=$(readlink "$file")
+		cd "$(dirname "$file")"
+		file=$(basename "$file")
+	done
+	dir=$(pwd -P)
+	echo "$dir/$file"
+}
+
+print_status() {
+	test -z "$3" && printf 'no %s' "$2" && return
+
+	echo "$3" | awk -v singular="$1" -v plural="$2" '
+	END {
+		if (NR==1) printf NR " " singular
+		if (NR>1) printf NR " " plural
+	}'
+}
+
+usage() {
+	echo "usage: ${0##*/} src dst title base_url" >&2
+	exit 1
+}
+
+no_dir() {
+	echo "${0##*/}: $1: No such directory" >&2
+	exit 2
+}
+
+list_dirs() {
+	cd "$1" && eval "find . -type d ! -name '.' ! -path '*/_*' $IGNORE"
+}
+
+list_files() {
+	cd "$1" && eval "find . -type f ! -name '.' ! -path '*/_*' $IGNORE"
+}
+
+list_dependant_files() {
+	e="\\( -name '*.html' -o -name '*.md' -o -name '*.css' -o -name '*.js' \\)"
+	cd "$1" && eval "find . -type f ! -name '.' ! -path '*/_*' $IGNORE $e"
+}
+
+list_newer_files() {
+	cd "$1" && eval "find . -type f ! -name '.' $IGNORE -newer $2"
+}
+
+has_partials() {
+	grep -qE '^./_.*\.html$|^./_.*\.js$|^./_.*\.css$'
+}
+
+list_affected_files() {
+	fs=$(list_newer_files "$1" "$2")
+
+	if echo "$fs" | has_partials; then
+		list_dependant_files "$1"
+	else
+		echo "$fs"
+	fi
+}
+
+render_html_files() {
+	while read -r f; do
+		render_html_file "$3" <"$1/$f" >"$2/$f"
+	done
+}
+
+render_md_files_lowdown() {
+	while read -r f; do
+		lowdown \
+			--html-no-escapehtml \
+			--html-no-skiphtml \
+			--parse-no-metadata \
+			--parse-no-autolink <"$1/$f" |
+			render_html_file "$3" \
+				>"$2/${f%\.md}.html"
+	done
+}
+
+render_md_files_Markdown_pl() {
+	while read -r f; do
+		Markdown.pl <"$1/$f" |
+			render_html_file "$3" \
+				>"$2/${f%\.md}.html"
+	done
+}
+
+render_html_file() {
+	# h/t Devin Teske
+	awk -v title="$1" '
+	{ body = body "\n" $0 }
+	END {
+		body = substr(body, 2)
+		if (body ~ /<\/?[Hh][Tt][Mm][Ll]/) {
+			print body
+			exit
+		}
+		if (match(body, /<[[:space:]]*[Hh]1(>|[[:space:]][^>]*>)/)) {
+			t = substr(body, RSTART + RLENGTH)
+			sub("<[[:space:]]*/[[:space:]]*[Hh]1.*", "", t)
+			gsub(/^[[:space:]]*|[[:space:]]$/, "", t)
+			if (t) title = t " &mdash; " title
+		}
+		n = split(ENVIRON["HEADER"], header, /\n/)
+		for (i = 1; i <= n; i++) {
+			if (match(tolower(header[i]), "<title></title>")) {
+				head = substr(header[i], 1, RSTART - 1)
+				tail = substr(header[i], RSTART + RLENGTH)
+				print head "<title>" title "</title>" tail
+			} else print header[i]
+		}
+		print body
+		print ENVIRON["FOOTER"]
+	}'
+}
+
+list_pages() {
+	e="\\( -name '*.html' -o -name '*.md' \\)"
+	cd "$1" && eval "find . -type f ! -path '*/.*' ! -path '*/_*' $IGNORE $e" |
+		sed 's#^./##;s#.md$#.html#;s#/index.html$#/#'
+}
+
+render_sitemap() {
+	urls="$1"
+	base_url="$2"
+	date="$3"
+
+	echo '<?xml version="1.0" encoding="UTF-8"?>'
+	echo '<urlset'
+	echo 'xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"'
+	echo 'xsi:schemaLocation="http://www.sitemaps.org/schemas/sitemap/0.9'
+	echo 'http://www.sitemaps.org/schemas/sitemap/0.9/sitemap.xsd"'
+	echo 'xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">'
+	echo "$urls" |
+		sed -E 's#^(.*)$#<url><loc>'"$base_url"'/\1</loc><lastmod>'"$date"'</lastmod><priority>1.0</priority></url>#'
+	echo '</urlset>'
+}
+
+main "$@"