separate site from infra

2025-02-13 20:09:47 -07:00
parent 425222d2a0
commit 4444307123
11 changed files with 57 additions and 204 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,5 +1 @@
 mkdocs/site
 traefik/log/*.log
 traefik/log/*.gz
 traefik/tls/*.json
 .local
--- a/README.md
+++ b/README.md
@@ -1,13 +1,5 @@
-# rskio mkdocs
+# rskio
-rskio.com website using:
+## brief
- squidfunk/mkdocs-material to build static html 
+a mkdocs site for rskio.com
 - nginx to host static html
 - traefik as front end proxy, tls, and http3
 ## Setup
 ```
 docker compose up -d
 ```
--- a/compose.yml
+++ b/compose.yml
@@ -1,40 +0,0 @@
 services:
  mkdocs:
    image: squidfunk/mkdocs-material
    command:
      - build
    volumes:
      - ./mkdocs:/docs
  traefik:
    image: traefik:latest
    command:
      - --configFile=/etc/traefik/traefik.yml
    ports:
      - 80:80/tcp
      - 443:443/tcp
      - 443:443/udp
      - 8080:8080/tcp
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - ./traefik/etc:/etc/traefik:ro
      - ./traefik/log:/var/log/traefik
      - ./traefik/tls:/letsencrypt
  nginx:
    image: nginx:latest
    labels:
      - traefik.enable=true
      - traefik.http.routers.rskio.entrypoints=websecure
      - traefik.http.routers.rskio.rule=Host(`rskio.com`)
      - traefik.http.routers.rskio.tls=true
      - traefik.http.routers.rskio.tls.certresolver=rskio_certresolver
      - traefik.http.routers.rskio.service=rskio@docker
      - traefik.http.services.rskio.loadbalancer.server.port=80
    volumes:
      - ./mkdocs/site:/opt/share/mkdocs/html:ro
      - ./nginx/etc/conf.d:/etc/nginx/conf.d:ro
    depends_on:
      mkdocs:
        condition: service_completed_successfully
--- a/mkdocs/docs/about.md
+++ b/mkdocs/docs/about.md
@@ -0,0 +1,42 @@
 # About
 ## Brief
 So you want to read a story?
 - by `rskntroot` on `2024-06-01`
 ## Story
 It's been what now? Just over 10 years since I started working in computing professionally.
 Right after dropping out of a Computer Science program too (oops)! Oh, and about 14 since I learned my first programming language.
 Guess I’m not just some random kid on the internet anymore.
 My story starts like many others'.
 My family couldn't get the WiFi working when broadband internet hit the shelves, leaving me to pick up the slack.
 What was seen as a knack for electronics quickly snowballed into a middle school robotics class, followed by a summer school course in C# programming.
 In high school, I managed three semesters of plain ol’ C, along with a few summer courses in electrical engineering, photography, and web design.
 University Java courses were a breeze.
 However, failing to attend Discrete Math II, Physics, and Calculus classes ended in disaster.
 One would imagine that studying computer science would impart the imperative of having some semblance of structure in one’s life.
 Yet, naivety sounded the horns of triumph: I dropped out.
 "Real life" had started for me; I didn't have $100 to my name, let alone a bed.
 I pleaded with both friends and extended family to host me while I figured things out.
 Within a few months, I managed to secure a job as a C++ programmer for a company that provided custom software solutions aimed at healthcare—wild!
 This time was short-lived, and out of desperation I decided to enlist.
 As God would have it, I ended up in computer networking despite my best efforts at Navscoleod.
 Looking back at that time, I marvel at how I operated.
 A boy fixed on dreams of grandeur, yet consumed by the consequences of naivety.
 Imagine being a hobbyist and pseudo-classically trained programmer in the military.
 Your only task: to maintain critical communications networks.
 What a treat!
 Delving into networking, protocol analysis, and network services, I found myself involved in everything related.
 This led to redesigning network management systems, building data center environments, employing remote communication systems, and eventually becoming the lead for a cybersecurity initiative.
 After separating, I held several contracting positions, including a multi-year stint as a Security Operations Center Lead Engineer.
 While tackling cybersecurity challenges in air-gapped environments, I grew weary of the pace of government work.
 These days, I’m a full-time network development engineer, designing and deploying network infrastructure for a Tier-1 cloud provider.
 In my spare time, I either work on personal projects or daydream of the financial freedom that would allow me to dedicate myself to those projects full-time.
--- a/mkdocs/docs/index.md
+++ b/mkdocs/docs/index.md
@@ -2,35 +2,28 @@
 ## Rskio
-This site is meant to catalog my efforts. Over the years, I've "spun my wheels" to learn, get things working, or explore interesting ideas--only for them to be lost to time. You might see this site as a collection of my notes or at times my memoirs, words shaped only by my inspiration in the moment. However, I intend for it to be much more. This site exists for me along with the hope that something I've done might help you.
+This site is meant to catalog my efforts.
-
+ Over the years, I've "spun my wheels" to learn, get things working, or explore interesting ideas--only for them to be lost to time.
-## About Me
+ You might see this site as a collection of my notes or at times my memoirs, words shaped only by my inspiration in the moment.
-
+ However, I intend for it to be much more.
-It's been what now? Just over 10 years since I started working in computing professionally. Right after dropping out of a Computer Science program too (oops)! Oh, and about 14 since I learned my first programming language. What?! I’m in my thirties?! Guess I can’t go saying I’m just some random kid on the internet anymore.
+ This site exists for me along with the hope that something I've done might help you.
 My story starts like many others'. My family couldn't get the WiFi working when broadband internet hit the shelves, leaving me to pick up the slack. What was seen as a knack for electronics quickly snowballed into a middle school robotics class, followed by a summer school course in C# programming. In high school, I managed three semesters of plain ol’ C, along with a few summer courses in electrical engineering, photography, and web design. 
 University Java courses were a breeze. However, failing to attend Discrete Mathematics II, Physics, and Calculus classes ended in disaster, showcasing just how much I was in need of some serious structure. One would imagine that studying computer science would impart the imperative of having some semblance of structure in one’s life. Yet, naivety sounded the horns of triumph: I dropped out.
 "Real life" had started for me; I didn't have $100 to my name, let alone a bed. I pleaded with both friends and family to host me while I figured things out. Within a few months, I managed to secure a job as a C++ programmer for a company that provided custom software solutions aimed at healthcare—wild! This time was short-lived, and out of fear of my own lack of structure, I decided to enlist. As God would have it, I ended up in computer networking despite my best efforts at Navscoleod. Looking back at that time, I marvel at how I operated, chasing dreams of grandeur, only to be consumed by the consequences of my own naivety.
 Imagine being a hobbyist and pseudo-classically trained programmer in the military. Your only task: to maintain critical communications networks. What a treat! I was determined to make the most of each opportunity that came my way. Delving into networking, protocol analysis, and network services, I found myself involved in everything related. This led to redesigning network maintenance systems, building data center environments, employing remote communication systems, and eventually becoming the lead for a cybersecurity initiative.
 After separating, I held several contracting positions, including a multi-year stint as a Security Operations Center Lead Engineer. While tackling cybersecurity challenges in air-gapped environments, I grew weary of the pace of government work. These days, I’m a full-time network development engineer, designing and deploying network infrastructure for a Tier-1 cloud provider. In my spare time, I either work on personal projects or dream of the financial freedom that would allow me to dedicate my time to them full-time.
 ## What does Rskio Mean?
 Prounciation:
 === "English"
-    `R-S-K-I-O`	
+    `R-S-K-I-O`
 === "IPA"
    `ɑːr-ɛs-keɪ-aɪ-əʊ`
-Nothing. Just like QUIC and the G in GNU. As a "programmer" from a young age, I too struggle with naming variables and cache invalidation. It's a blend of a nickname I had when I was younger and Input/Output, or IO. After trying to come up with something clever that pays homage to Nihei's TOHA Heavy Industries, I inevitably gave up and wrestled with Route53 until it provided me with a 5-letter .com that made sense to me.
+Nothing.
-
+ Just like QUIC and the G in GNU.
-The same goes for "Rskntroot", it's a mix of that same nickname and the classic "root" term. 
+ As with anyone who has been "coding" since 2008, I struggle with naming variables and cache invalidation.
 After trying to pay homage to Nihei's TOHA Heavy Industries, but inevitably settling on the first reasonable sounding 5-letter .com there was.
 I decided to use a blend of a nickname (ruskonator) I was given and Input/Output (IO) and get to work.
 The same goes for "Rskntroot", it's a mix of that same nickname and the classic "root" term.
 ## Projects
--- a/nginx/etc/conf.d/default.conf
+++ b/nginx/etc/conf.d/default.conf
@@ -1,31 +0,0 @@
 server {
    listen       80;
    listen  [::]:80;
    server_name rskio.com;
    server_tokens off;
    add_header X-Frame-Options "SAMEORIGIN";
    add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
    add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
    add_header X-XSS-Protection "1; mode=block";
    # rskio logging is handled via traefik
    #access_log  /var/log/nginx/host.access.log  main;
    location / {
        root   /opt/share/mkdocs/html;
        index  index.html index.htm;
        limit_except GET HEAD POST { deny all; }
    }
    # rskio auth is handled via traefik
    #error_page  404              /404.html;
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
        limit_except GET HEAD POST { deny all; }
    }
 }
--- a/rskio.service
+++ b/rskio.service
@@ -1,14 +0,0 @@
 [Unit]
 Description=Rskio Website
 After=docker.service
 Requires=docker.service
 [Service]
 Type=oneshot
 RemainAfterExit=yes
 WorkingDirectory=/opt/docker/rskio
 ExecStart=/bin/bash -c "docker compose -f ./compose.yml up -d"
 ExecStop=/bin/bash -c "docker compose -f ./compose.yml down"
 [Install]
 WantedBy=multi-user.target
--- a/traefik/etc/dynamic.yml
+++ b/traefik/etc/dynamic.yml
@@ -1,29 +0,0 @@
 # To enable update provider in traefik.yml
 tls:
  options:
    default:
      minVersion: VersionTLS12
    mintls13:
      minVersion: VersionTLS13
    cipherSuites:
      - TLS_AES_256_GCM_SHA384
      - TLS_AES_128_GCM_SHA256
      - TLS_CHACHA20_POLY1305_SHA256
      - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
      - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
      - TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
      - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
      - TLS_FALLBACK_SCSV
 http:
  middlewares:
    secureHeaders:
      headers:
        browserXssFilter: true
        contentTypeNosniff: true
        forceSTSHeader: true
        frameDeny: true
        referrerPolicy: "same-origin"
        sslRedirect: true
        stsSeconds: 31536000
--- a/traefik/etc/traefik.yml
+++ b/traefik/etc/traefik.yml
@@ -1,48 +0,0 @@
 global:
  checkNewVersion: false
  sendAnonymousUsage: false
 entryPoints:
  web:
    address: :80
    http:
      redirections:
        entryPoint:
          to: websecure
          priority: 10
      middlewares:
        - secureHeaders@file
  websecure:
    address: :443
    http3:
      advertisedPort: 443
 certificatesResolvers:
  rskio_certresolver:
    acme:
      tlschallenge: true
      email: rskntroot@gmail.com
      storage: /letsencrypt/acme.json
 log:
  level: INFO
  format: json
  filePath: /var/log/traefik/traefik.log
 accessLog:
  format: json
  filePath: /var/log/traefik/access.log
 api:
  insecure: true
 #  dashboard: false
 providers:
  docker:
    endpoint: unix:///var/run/docker.sock
    network: rskio_default
    exposedByDefault: false
  file:
    filename: /etc/traefik/dynamic.yml
    watch: true
--- a/traefik/log/.required.md
+++ b/traefik/log/.required.md
@@ -1,5 +0,0 @@
 # Required
 this dir is required to enable traefik to start as it is bound 
 this enables traefik log persistence
--- a/traefik/tls/.required.md
+++ b/traefik/tls/.required.md
@@ -1,3 +0,0 @@
 # Required
 this dir is required to enable traefik letsencrypt
		`@@ -1,3 +0,0 @@`
			`# Required`

			`this dir is required to enable traefik letsencrypt`