lost/rskio
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

separate site from infra

Browse Source
This commit is contained in:
rskntroot
2025-02-13 20:09:47 -07:00
parent 425222d2a0
commit 4444307123
11 changed files with 57 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
.gitignore vendored
View File

@@ -1,5 +1 @@
mkdocs/site
traefik/log/*.log
traefik/log/*.gz
traefik/tls/*.json
.local

14
README.md
View File

@@ -1,13 +1,5 @@
# rskio mkdocs
# rskio
rskio.com website using:
## brief
- squidfunk/mkdocs-material to build static html
- nginx to host static html
- traefik as front end proxy, tls, and http3
## Setup
```
docker compose up -d
```
a mkdocs site for rskio.com

40
compose.yml
View File

@@ -1,40 +0,0 @@
services:
mkdocs:
image: squidfunk/mkdocs-material
command:
- build
volumes:
- ./mkdocs:/docs
traefik:
image: traefik:latest
command:
- --configFile=/etc/traefik/traefik.yml
ports:
- 80:80/tcp
- 443:443/tcp
- 443:443/udp
- 8080:8080/tcp
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./traefik/etc:/etc/traefik:ro
- ./traefik/log:/var/log/traefik
- ./traefik/tls:/letsencrypt
nginx:
image: nginx:latest
labels:
- traefik.enable=true
- traefik.http.routers.rskio.entrypoints=websecure
- traefik.http.routers.rskio.rule=Host(`rskio.com`)
- traefik.http.routers.rskio.tls=true
- traefik.http.routers.rskio.tls.certresolver=rskio_certresolver
- traefik.http.routers.rskio.service=rskio@docker
- traefik.http.services.rskio.loadbalancer.server.port=80
volumes:
- ./mkdocs/site:/opt/share/mkdocs/html:ro
- ./nginx/etc/conf.d:/etc/nginx/conf.d:ro
depends_on:
mkdocs:
condition: service_completed_successfully

42
mkdocs/docs/about.md Normal file
View File

@@ -0,0 +1,42 @@
# About
## Brief
So you want to read a story?
- by `rskntroot` on `2024-06-01`
## Story
It's been what now? Just over 10 years since I started working in computing professionally.
Right after dropping out of a Computer Science program too (oops)! Oh, and about 14 since I learned my first programming language.
Guess Im not just some random kid on the internet anymore.
My story starts like many others'.
My family couldn't get the WiFi working when broadband internet hit the shelves, leaving me to pick up the slack.
What was seen as a knack for electronics quickly snowballed into a middle school robotics class, followed by a summer school course in C# programming.
In high school, I managed three semesters of plain ol C, along with a few summer courses in electrical engineering, photography, and web design.
University Java courses were a breeze.
However, failing to attend Discrete Math II, Physics, and Calculus classes ended in disaster.
One would imagine that studying computer science would impart the imperative of having some semblance of structure in ones life.
Yet, naivety sounded the horns of triumph: I dropped out.
"Real life" had started for me; I didn't have $100 to my name, let alone a bed.
I pleaded with both friends and extended family to host me while I figured things out.
Within a few months, I managed to secure a job as a C++ programmer for a company that provided custom software solutions aimed at healthcare—wild!
This time was short-lived, and out of desperation I decided to enlist.
As God would have it, I ended up in computer networking despite my best efforts at Navscoleod.
Looking back at that time, I marvel at how I operated.
A boy fixed on dreams of grandeur, yet consumed by the consequences of naivety.
Imagine being a hobbyist and pseudo-classically trained programmer in the military.
Your only task: to maintain critical communications networks.
What a treat!
Delving into networking, protocol analysis, and network services, I found myself involved in everything related.
This led to redesigning network management systems, building data center environments, employing remote communication systems, and eventually becoming the lead for a cybersecurity initiative.
After separating, I held several contracting positions, including a multi-year stint as a Security Operations Center Lead Engineer.
While tackling cybersecurity challenges in air-gapped environments, I grew weary of the pace of government work.
These days, Im a full-time network development engineer, designing and deploying network infrastructure for a Tier-1 cloud provider.
In my spare time, I either work on personal projects or daydream of the financial freedom that would allow me to dedicate myself to those projects full-time.

29
mkdocs/docs/index.md
View File

@@ -2,21 +2,11 @@
## Rskio
This site is meant to catalog my efforts. Over the years, I've "spun my wheels" to learn, get things working, or explore interesting ideas--only for them to be lost to time. You might see this site as a collection of my notes or at times my memoirs, words shaped only by my inspiration in the moment. However, I intend for it to be much more. This site exists for me along with the hope that something I've done might help you.
## About Me
It's been what now? Just over 10 years since I started working in computing professionally. Right after dropping out of a Computer Science program too (oops)! Oh, and about 14 since I learned my first programming language. What?! Im in my thirties?! Guess I cant go saying Im just some random kid on the internet anymore.
My story starts like many others'. My family couldn't get the WiFi working when broadband internet hit the shelves, leaving me to pick up the slack. What was seen as a knack for electronics quickly snowballed into a middle school robotics class, followed by a summer school course in C# programming. In high school, I managed three semesters of plain ol C, along with a few summer courses in electrical engineering, photography, and web design.
University Java courses were a breeze. However, failing to attend Discrete Mathematics II, Physics, and Calculus classes ended in disaster, showcasing just how much I was in need of some serious structure. One would imagine that studying computer science would impart the imperative of having some semblance of structure in ones life. Yet, naivety sounded the horns of triumph: I dropped out.
"Real life" had started for me; I didn't have $100 to my name, let alone a bed. I pleaded with both friends and family to host me while I figured things out. Within a few months, I managed to secure a job as a C++ programmer for a company that provided custom software solutions aimed at healthcare—wild! This time was short-lived, and out of fear of my own lack of structure, I decided to enlist. As God would have it, I ended up in computer networking despite my best efforts at Navscoleod. Looking back at that time, I marvel at how I operated, chasing dreams of grandeur, only to be consumed by the consequences of my own naivety.
Imagine being a hobbyist and pseudo-classically trained programmer in the military. Your only task: to maintain critical communications networks. What a treat! I was determined to make the most of each opportunity that came my way. Delving into networking, protocol analysis, and network services, I found myself involved in everything related. This led to redesigning network maintenance systems, building data center environments, employing remote communication systems, and eventually becoming the lead for a cybersecurity initiative.
After separating, I held several contracting positions, including a multi-year stint as a Security Operations Center Lead Engineer. While tackling cybersecurity challenges in air-gapped environments, I grew weary of the pace of government work. These days, Im a full-time network development engineer, designing and deploying network infrastructure for a Tier-1 cloud provider. In my spare time, I either work on personal projects or dream of the financial freedom that would allow me to dedicate my time to them full-time.
This site is meant to catalog my efforts.
Over the years, I've "spun my wheels" to learn, get things working, or explore interesting ideas--only for them to be lost to time.
You might see this site as a collection of my notes or at times my memoirs, words shaped only by my inspiration in the moment.
However, I intend for it to be much more.
This site exists for me along with the hope that something I've done might help you.
## What does Rskio Mean?
@@ -28,9 +18,12 @@ Prounciation:
=== "IPA"
`ɑːr-ɛs-keɪ-aɪ-əʊ`
Nothing. Just like QUIC and the G in GNU. As a "programmer" from a young age, I too struggle with naming variables and cache invalidation. It's a blend of a nickname I had when I was younger and Input/Output, or IO. After trying to come up with something clever that pays homage to Nihei's TOHA Heavy Industries, I inevitably gave up and wrestled with Route53 until it provided me with a 5-letter .com that made sense to me.
The same goes for "Rskntroot", it's a mix of that same nickname and the classic "root" term.
Nothing.
Just like QUIC and the G in GNU.
As with anyone who has been "coding" since 2008, I struggle with naming variables and cache invalidation.
After trying to pay homage to Nihei's TOHA Heavy Industries, but inevitably settling on the first reasonable sounding 5-letter .com there was.
I decided to use a blend of a nickname (ruskonator) I was given and Input/Output (IO) and get to work.
The same goes for "Rskntroot", it's a mix of that same nickname and the classic "root" term.
## Projects

31
nginx/etc/conf.d/default.conf
View File

@@ -1,31 +0,0 @@
server {
listen 80;
listen [::]:80;
server_name rskio.com;
server_tokens off;
add_header X-Frame-Options "SAMEORIGIN";
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains; preload";
add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
add_header X-XSS-Protection "1; mode=block";
# rskio logging is handled via traefik
#access_log /var/log/nginx/host.access.log main;
location / {
root /opt/share/mkdocs/html;
index index.html index.htm;
limit_except GET HEAD POST { deny all; }
}
# rskio auth is handled via traefik
#error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
limit_except GET HEAD POST { deny all; }
}
}

14
rskio.service
View File

@@ -1,14 +0,0 @@
[Unit]
Description=Rskio Website
After=docker.service
Requires=docker.service
[Service]
Type=oneshot
RemainAfterExit=yes
WorkingDirectory=/opt/docker/rskio
ExecStart=/bin/bash -c "docker compose -f ./compose.yml up -d"
ExecStop=/bin/bash -c "docker compose -f ./compose.yml down"
[Install]
WantedBy=multi-user.target

29
traefik/etc/dynamic.yml
View File

@@ -1,29 +0,0 @@
# To enable update provider in traefik.yml
tls:
options:
default:
minVersion: VersionTLS12
mintls13:
minVersion: VersionTLS13
cipherSuites:
- TLS_AES_256_GCM_SHA384
- TLS_AES_128_GCM_SHA256
- TLS_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
- TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
- TLS_FALLBACK_SCSV
http:
middlewares:
secureHeaders:
headers:
browserXssFilter: true
contentTypeNosniff: true
forceSTSHeader: true
frameDeny: true
referrerPolicy: "same-origin"
sslRedirect: true
stsSeconds: 31536000

48
traefik/etc/traefik.yml
View File

@@ -1,48 +0,0 @@
global:
checkNewVersion: false
sendAnonymousUsage: false
entryPoints:
web:
address: :80
http:
redirections:
entryPoint:
to: websecure
priority: 10
middlewares:
- secureHeaders@file
websecure:
address: :443
http3:
advertisedPort: 443
certificatesResolvers:
rskio_certresolver:
acme:
tlschallenge: true
email: rskntroot@gmail.com
storage: /letsencrypt/acme.json
log:
level: INFO
format: json
filePath: /var/log/traefik/traefik.log
accessLog:
format: json
filePath: /var/log/traefik/access.log
api:
insecure: true
# dashboard: false
providers:
docker:
endpoint: unix:///var/run/docker.sock
network: rskio_default
exposedByDefault: false
file:
filename: /etc/traefik/dynamic.yml
watch: true

5
traefik/log/.required.md
View File

@@ -1,5 +0,0 @@
# Required
this dir is required to enable traefik to start as it is bound
this enables traefik log persistence

3
traefik/tls/.required.md
View File

@@ -1,3 +0,0 @@
# Required
this dir is required to enable traefik letsencrypt