From 655cd79991ec9204afb9f5acf52495c13af14d25 Mon Sep 17 00:00:00 2001 From: sanine Date: Thu, 12 Jan 2023 17:24:25 -0600 Subject: begin go refactor --- .gitignore | 1 + config.lua | 12 -- data/about.lua | 19 +++ .../03-remote_full_system_encryption_with_arch.lua | 103 ++++++++++++ data/blog/announcing_honeysuckle.lua | 37 +++++ data/blog/refactor-argent.lua | 24 +++ data/cgit.css | 176 +++++++++++++++++++++ data/favicon.svg | 148 +++++++++++++++++ data/index.lua | 30 ++++ data/index.md | 30 ++++ data/projects/index.lua | 19 +++ data/style.css | 85 ++++++++++ layouts/base.lua | 63 -------- layouts/blog.lua | 8 - plugins/navigation.lua | 0 plugins/toolkit.lua | 42 ----- serve-http.sh | 19 --- server/go.mod | 10 ++ server/go.sum | 17 ++ server/main.go | 48 ++++++ server/md-page.go | 95 +++++++++++ site_root/about.lua | 19 --- .../03-remote_full_system_encryption_with_arch.lua | 103 ------------ site_root/blog/announcing_honeysuckle.lua | 37 ----- site_root/blog/refactor-argent.lua | 24 --- site_root/cgit.css | 176 --------------------- site_root/favicon.svg | 148 ----------------- site_root/index.lua | 30 ---- site_root/projects/index.lua | 19 --- site_root/style.css | 85 ---------- 30 files changed, 842 insertions(+), 785 deletions(-) delete mode 100644 config.lua create mode 100644 data/about.lua create mode 100644 data/blog/03-remote_full_system_encryption_with_arch.lua create mode 100644 data/blog/announcing_honeysuckle.lua create mode 100644 data/blog/refactor-argent.lua create mode 100644 data/cgit.css create mode 100644 data/favicon.svg create mode 100644 data/index.lua create mode 100644 data/index.md create mode 100644 data/projects/index.lua create mode 100644 data/style.css delete mode 100644 layouts/base.lua delete mode 100644 layouts/blog.lua delete mode 100644 plugins/navigation.lua delete mode 100644 plugins/toolkit.lua delete mode 100755 serve-http.sh create mode 100644 server/go.mod create mode 100644 server/go.sum create mode 100644 server/main.go create mode 100644 server/md-page.go delete mode 100644 site_root/about.lua delete mode 100644 site_root/blog/03-remote_full_system_encryption_with_arch.lua delete mode 100644 site_root/blog/announcing_honeysuckle.lua delete mode 100644 site_root/blog/refactor-argent.lua delete mode 100644 site_root/cgit.css delete mode 100644 site_root/favicon.svg delete mode 100644 site_root/index.lua delete mode 100644 site_root/projects/index.lua delete mode 100644 site_root/style.css diff --git a/.gitignore b/.gitignore index c79a3e0..dcd763b 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ *~ public/ publish.sh +server/sanine.net-server diff --git a/config.lua b/config.lua deleted file mode 100644 index 1f797ce..0000000 --- a/config.lua +++ /dev/null @@ -1,12 +0,0 @@ -return { - site_name = 'sanine.net', - site_address = 'https://sanine.net/', - site_directory = 'site_root', - - layout_directory = 'layouts', - plugin_directory = 'plugins', - - exclude = { '.*~' }, - - rss_include = { 'blog' }, -} diff --git a/data/about.lua b/data/about.lua new file mode 100644 index 0000000..9f87357 --- /dev/null +++ b/data/about.lua @@ -0,0 +1,19 @@ +local md = [[ +about me +======== + +hey! i'm kate (aka sanine) and i like to write code, hack circuits, and grow plants. +i mostly use this site for documenting and sharing various projects, with the exception +of my game engine honey, which [has its own website](https://honey3d.org). +i also (very occasionally) make games!! you can see them [over on itch.io](https://sanine.itch.io/). + +if you need to get in contact with me, you can send me an email at `kate AT sanine DOT net`. + +i hope you're having a good day. <3 +]] + +return { + title='about me', + layout='base', + markdown=md, +} diff --git a/data/blog/03-remote_full_system_encryption_with_arch.lua b/data/blog/03-remote_full_system_encryption_with_arch.lua new file mode 100644 index 0000000..43fccfa --- /dev/null +++ b/data/blog/03-remote_full_system_encryption_with_arch.lua @@ -0,0 +1,103 @@ +return { + title='remote-unlocking full system encryption with arch linux', + layout='blog', + date='2022-11-17', + markdown=[[ +I recently needed to set up a server with full system encryption and was faced with the conundrum: if I need to reboot, the keys are either (a) on the server, and thus not actually secure, or (b) need to be entered at boot, which typically means (I thought) that one needs to actually enter a password. However! I searched around a bit and saw that people used the dropbear ssh server in their initramfs images to log in remotely and thereby allow for a genuinely headless full-disk encrypted system. Unfortunately, almost all of the resources I could find on this was for Debian-based systems, and I had a hell of a time getting it to work on Arch. + +So, to spare others the pain I went through getting this to work, here is **sanine's guide to remote-unlocking encrypted Arch systems**. + + +## 1. set up arch with full system encryption + +The Arch wiki has fairly complete guides on how to do this! I used the [installation guide] and [encrypting an entire system guide] to get my initial installs set up. + +A note on the bootloader steps, because this was not made clear to me the first time I did it: the kernel parameters are passed as *command-line* parameters. If you're using GRUB, for instance, they should be put in the `GRUB_CMDLINE_LINUX` variable, not as config variables in their own right. + + +## 2. install the needed packages + +This should be a pretty easy step. On your lovely fresh install, just do + +``` +pacman -S mkinitcpio-netconf mkinitcpio-dropbear +``` + +The `netconf` hook will set up networking for us; the `dropbear` hook sets up an ssh server for us. + + +## 3. write a completely new initcpio hook + +Yeah, sorry, this is where it got weird for me and I spent several days just reading the man pages convinced I had done something wrong. Nope! As it is now, if we set up the hooks, the dropbear server would run just fine but wouldn't actually accept any logins because there's no `/etc/passwd` file in the initramfs image for it to check if a user is valid. Luckily, it's pretty easy to create a hook that adds one for us. Create the file `/usr/lib/initcpio/install/rootpasswd` and write in it + +``` +#!/bin/bash + +build () +{ + echo "root::0:0::/root:/bin/sh" > /tmp/rootpasswd + add_file /tmp/rootpasswd /etc/passwd +} +``` + +You can change the user if you want to, though you'll have to go modify the dropbear install file so that it sets up the `root_key` in the correct folder. + + +## 4. hack the encrypt hook + +(If you're using the sd-encrypt hook: I have no idea how applicable any of this section will be to you. Try it and let me know!) + +Okay, now it's possible to log in to the ssh server so what's the problem? Well, the default encrypt hook only checks if the target volume is present at the beginning. If you unlock it halfway through, when it's already prompted you for a password (say, for instance, by sshing in and decrypting it) it will just break. So we need to write *another* new hook. We still need the encrypt hook's install file though, so do + +``` +cd /usr/lib/initcpio/install +cp encrypt remote-encrypt +``` + +In your favorite text editor, enter the following into `/usr/lib/initcpio/hooks/remote-encrypt`: + +``` +#!/bin/sh + +run_hook () +{ + echo "waiting for ${root} to be available..." + while ! [ -e "${root}" ]; do + sleep 2; + done +} +``` + +Okay, now you're finished writing hooks. Time to bring everything together. + + +## 5. bring everything together + +Edit your `/etc/mkinitcpio.conf` HOOKS line so that it looks a little like this: + +``` +HOOKS=(base udev rootpasswd keyboard keymap consolefont +autodetect modconf block netconf dropbear remote-encrypt +lvm2 filesystems fsck) +``` + +Remember that the order of your hooks is important! When you're done, run `mkinitcpio -P` to regenerate your initramfs images. + +Now, edit your chosen bootloader to add the kernel parameter `ip=dhcp` so that the `netconf` hook will work correctly. (If you're using GRUB, don't forget to regenerate your `grub.cfg`.) + +Last but not least, make sure the ssh keys you want to use for unlocking are stored like an authorized_keys file in `/etc/dropbear/root_key`. + + +## 6. unlock remotely + +If all went well, you should now be able to reboot and ssh into your machine before disk decryption. Decryption will be different based on how you set up your machine, but if you did LVM on LUKS like me, you can do + +``` +cryptsetup open [cryptdevice] [target] && exit +``` + +The "&& exit" isn't *critical*, but it does lead to some weird effects because for some reason you won't get booted out when dropbear is supposed to die? And this triggered some ugly segfault error messages when I actually did exit after the machine fully booted. Oh well. + +[installation guide]: https://wiki.archlinux.org/title/Installation_guide +[encrypting an entire system guide]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system +]]} diff --git a/data/blog/announcing_honeysuckle.lua b/data/blog/announcing_honeysuckle.lua new file mode 100644 index 0000000..f078585 --- /dev/null +++ b/data/blog/announcing_honeysuckle.lua @@ -0,0 +1,37 @@ +return { + title='announcing honeysuckle', + layout='blog', + date='2021-05-23', + markdown=[[ +as i’ve been working on various projects for the past couple of years +i have continued to find that a combination of c and lua is my favorite +way to write code. the ongoing development of [my game engine honey](https://honey3d.org/) +uses that pair and i’m planning on using it (whenever i get around to it) for my [dream +atlas project](https://sanine.net/projects/dream-atlas). but, and i’ll be the first +to admit this, the c api is a little clunky. +i don’t generally mind that all too much (after all, one of my favorite things about +both c and lua is that they’re languages you can carry around in your head, and having +a very explicit api means you only need to understand the fundamental concepts to use it) +but it does mean that dev work goes a bit slower. + +i did a good bit of work streamlining the process of writing lua bindings in c when +tinkering with honey and ever since then i’ve found myself peeking back at that code +and re-implementing it in other projects. a colleague of mine once said that the time +to write a library is when you’ve done something once, you’re doing it now, and you +re pretty sure you’ll do it again, and i think i’ve quite handily cleared that condition +so! i’m splitting that code out and refactoring it into its own library which, due +to its historical roots, i’ve chosen to call honeysuckle. + +honeysuckle is still under development – the api is a bit different from the one i +came up with when working on honey and imo is easier to use – but when it’s ready +it will provide a whole host of helpful functions that make integrating lua scripting +into c applications simple and fast. i am (attempting) to employ readme-driven development +so i’ve written up a readme for honeysuckle. any feedback on the proposed api and +features would be much appreciated! as of writing, honeysuckle is planned to include +functions for parsing arguments to c functions from lua, creating and processing tables +throwing and handling lua errors, using the lua registry, and creating printf-formatted strings. + +i’ve already created a repository for honeysuckle. there’s just a readme in there +for now, but that will probably have changed even just later today, since i’m planning +on working on it more this afternoon. :p +]]} diff --git a/data/blog/refactor-argent.lua b/data/blog/refactor-argent.lua new file mode 100644 index 0000000..6b7ca4d --- /dev/null +++ b/data/blog/refactor-argent.lua @@ -0,0 +1,24 @@ +local md = [[ +hey there! you might be noticing that things look a little... different around here. +that's because i've refactored this site to use my custom static site generator, [argent]. +i used to use jekyll, but i wanted to be able to do more *direct programming* in building my +pages, and i wanted to be able to do that in lua. i tried looking at some of the other +static site generators out there using lua (and python too) but so many of them rely on +packages that no longer exist, or language features from seven versions ago, or similar +types of problems, that i wanted to have a site generator that *just works*. + +so i wrote one! i called it argent because (a) it sounds kinda cool and (b) argent, as a +silver-white color, is used in heraldry to represent the moon, and i like the oblique reference +to lua. it relies on posix filesystem calls (sorry windows users, you'll need msys or something +to run it) but otherwise is totally standalone -- it packages its own lua interpreter, so language +version (ideally) will never change. + +[argent]: /git/argent +]] + +return { + title = 'refactor: argent', + date = '2022-01-13', + layout = 'blog', + markdown = md, +} diff --git a/data/cgit.css b/data/cgit.css new file mode 100644 index 0000000..9242499 --- /dev/null +++ b/data/cgit.css @@ -0,0 +1,176 @@ +:root { + --light: #eee; + --dark: #1c1c1c; + --highlight: #f5ae2e; +} + +body { + color: var(--light); + background: var(--dark); + font-family: monospace; + font-size: 14px; +} + +#navigation { + text-align: center; +} + +.centered { + text-align: center; +} + +#content { + width: 600px; + max-width: 100%; + margin: auto; +} + +a { + color: var(--highlight); +} + +a:hover { + color: var(--dark); + background: var(--highlight); + text-decoration: none; +} + +ul { + list-style: none; +} + +li:before { + content: '* '; +} + +code { + background: black; + padding: 0 6px; + border-radius: 4px; +} + +pre code { + padding: 0; +} + + +/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + * + * cgit-specific css + * + * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + */ + +div#cgit { + width: 700px; + max-width: 100%; + margin: auto; +} + +div#cgit table#header { + width: 100%; + margin-bottom: 1em; +} + +div#cgit table#header tbody tr td.logo a { + display: none; +} + +div#cgit table#header td.form { + text-align: right; + vertical-align: bottom; + padding-right: 1em; + padding-bottom: 2px; + white-space: nowrap; +} + +div#cgit table.tabs { + border-bottom: solid 3px var(--highlight); + border-collapse: collapse; + margin-top: 2em; + margin-bottom: 0; + width: 100%; +} + +div#cgit table.tabs td { + padding: 0px 1em; + vertical-align: bottom; +} + +div#cgit table.tabs td a { + padding: 2px 0.75em; + text-decoration: none; +} + +div#cgit table.tabs td a.active { + color: var(--dark); + background-color: var(--highlight); +} + + +div#cgit table.tabs td.form { + text-align: right; +} + +div#cgit table.tabs td.form form { + padding-bottom: 2px; + white-space: nowrap; +} + + +div#cgit div.content { + margin: 0px; + padding: 2em 0; + border-bottom: solid 3px var(--light); +} + +div#cgit select, input { + font-family: monospace; +} + + +div#cgit table.list { + width: 100%; + border: none; + border-collapse: collapse; +} + +div#cgit table.list tr { + background: white; +} + +div#cgit table.list tr.logheader { + background: #eee; +} + +div#cgit table.list tr:nth-child(even) { + background: #151515; +} + +div#cgit table.list tr:nth-child(odd) { + background: var(--dark); +} + + +div#cgit table.blob td.hashes, +div#cgit table.blob td.lines { + margin: 0; padding: 0 0 0 0.5em; + vertical-align: top; + background-color: #151515; +} + +div#cgit table.blob td.lines code { + background-color: #151515; +} + +div#cgit span.decoration { + margin: 0 1em; +} + +div#cgit span.decoration a::before { + content: "["; +} + +div#cgit span.decoration a::after { + content: "]"; +} diff --git a/data/favicon.svg b/data/favicon.svg new file mode 100644 index 0000000..142a88c --- /dev/null +++ b/data/favicon.svg @@ -0,0 +1,148 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + image/svg+xml + + + + + + + + + diff --git a/data/index.lua b/data/index.lua new file mode 100644 index 0000000..c419830 --- /dev/null +++ b/data/index.lua @@ -0,0 +1,30 @@ +local tk = require 'toolkit' + +function get_blog_links() + local links = '' +end + + +local md = string.format([[ +home +==== + +welcome to sanine.net! + +%s + +[subscribe via rss](/rss.xml) +]], get_blog_links()) + +return { + title='home', + layout='base', + markdown=md, +} diff --git a/data/index.md b/data/index.md new file mode 100644 index 0000000..c419830 --- /dev/null +++ b/data/index.md @@ -0,0 +1,30 @@ +local tk = require 'toolkit' + +function get_blog_links() + local links = '' +end + + +local md = string.format([[ +home +==== + +welcome to sanine.net! + +%s + +[subscribe via rss](/rss.xml) +]], get_blog_links()) + +return { + title='home', + layout='base', + markdown=md, +} diff --git a/data/projects/index.lua b/data/projects/index.lua new file mode 100644 index 0000000..d8751b3 --- /dev/null +++ b/data/projects/index.lua @@ -0,0 +1,19 @@ +local md = [[ +projects +======== + +[sona e toki pona](/utils/toki-pona-trainer) - an interactive trainer for toki pona vocabulary. + +[学文字](/utils/chinese-characters) - an interactive trainer for chinese characters. + +[glyph generator](utils/glyph) - generate novel runes. + +[amaryllis](/utils/amaryllis/amaryllis.cgi) - conlang word-creation tool. + +]] + +return { + title='projects', + layout='base', + markdown=md, +} diff --git a/data/style.css b/data/style.css new file mode 100644 index 0000000..897b490 --- /dev/null +++ b/data/style.css @@ -0,0 +1,85 @@ +:root { + --light: #eee; + --dark: #1c1c1c; + /*--highlight: #ff3a21*/ + --highlight: #f5ae2e; +} + +body { + color: var(--light); + background: var(--dark); + font: 1.3em monospace; + text-size-adjust: auto; +} + +h1 { + font: 1.0em monospace; + font-weight: bold; + text-align: left; + text-size-adjust: auto; + margin-bottom: 0; +} + +h2 { + font: 1.0em monospace; + font-weight: bold; + text-align: left; + text-size-adjust: auto; + margin-bottom: 0; + margin-top: 3em; +} + +a { + color: var(--highlight); +} + +a:hover { + color: var(--dark); + background: var(--highlight); + text-decoration: none; +} + +ul { + list-style: none; +} + +li:before { + content: '* '; +} + +pre { + border-width: 0 0 0 2px; + border-style: solid; + border-color: var(--highlight); + background: black; + padding: 6px; + border-radius: 2px; +} + +code { + background: black; + padding: 0 6px; + border-radius: 4px; +} + +pre code { + padding: 0; +} + +#content { + max-width: 40em; + margin: auto; +} + +#navigation { + text-align: center; +} + +#navigation pre { + border: none; + background: var(--dark); +} + +.centered { + text-align: center; +} diff --git a/layouts/base.lua b/layouts/base.lua deleted file mode 100644 index 1c585d7..0000000 --- a/layouts/base.lua +++ /dev/null @@ -1,63 +0,0 @@ -local navigation_table = { - {'home', '/index.html'}, - {'projects', '/projects/'}, - {'git', '/git'}, - {'about', '/about.html'}, -} - -local navlinks = '' - -for _, link in pairs(navigation_table) do - navlinks = navlinks .. - string.format('%s ', link[2], link[1]) -end -navlinks = string.sub(navlinks, 1, -4) - -local navigation = string.format('', navlinks) - -return function(html, page_tbl) - local html = string.gsub( - html, - '

(.-)

', - function(s) - return string.format( - '

%s

%s
', - s, string.rep('=', string.len(s)) - ) - end - ) - - html = string.gsub( - html, - '

(.-)

', - function(s) - return string.format( - '

%s

%s
', - s, string.rep('-', string.len(s)) - ) - end - ) - - local fmt = [[ - - - - - - %s - - - -
- %s - %s -
- - -]] -return string.format( - fmt, - string.format('%s | %s', page_tbl.title, argent.config.site_name), - navigation, - html) -end diff --git a/layouts/blog.lua b/layouts/blog.lua deleted file mode 100644 index eaed8a2..0000000 --- a/layouts/blog.lua +++ /dev/null @@ -1,8 +0,0 @@ -local base = require('layouts.base') - -return function(html, page_tbl) - local html = string.format( - '

%s

\n\n%s', - page_tbl.title, html) - return base(html, page_tbl) -end diff --git a/plugins/navigation.lua b/plugins/navigation.lua deleted file mode 100644 index e69de29..0000000 diff --git a/plugins/toolkit.lua b/plugins/toolkit.lua deleted file mode 100644 index e5f162a..0000000 --- a/plugins/toolkit.lua +++ /dev/null @@ -1,42 +0,0 @@ -local toolkit = {} - -toolkit.file_iterator = function(directory) - local _, files = argent.scanDirectory(directory) - local i = 0 - local n = table.getn(files) - return function() - i = i+1 - if i<=n then return files[i] end - end -end - - -toolkit.basename = function(filename) - return string.gsub(filename, '%.lua$', '') -end - - -local function extract_page(file) - if not string.match(file, '%.lua$') then return nil end - - local success, result = pcall(loadfile(file), 0, 1) - if not success then return nil end - return result -end - -toolkit.pages = function(directory) - page_array = {} - local path = argent.config.site_directory..directory - for file in toolkit.file_iterator(path) do - local page = extract_page(path..file) - if page then - page.href = '/'..directory..toolkit.basename(file)..'.html' - table.insert(page_array, page) - end - end - - return page_array -end - - -return toolkit diff --git a/serve-http.sh b/serve-http.sh deleted file mode 100755 index 874b586..0000000 --- a/serve-http.sh +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/bash - -# this script is for previewing site changes ONLY!! it should not be used to -# actually serve a site. use apache or nginx or something for that. - -# launch webserver -python3 -m http.server --directory public/ & -server_pid="$!" -echo "server launched with PID $server_pid" - -# kill server on exit -trap "kill $server_pid && echo && echo \"bye!\"" EXIT - -# rebuild on file changes (inotifywait is from inotify-tools) -while inotifywait -qr --event modify .; do - echo "rebuilding site..." - argent - echo "done." -done diff --git a/server/go.mod b/server/go.mod new file mode 100644 index 0000000..6328a03 --- /dev/null +++ b/server/go.mod @@ -0,0 +1,10 @@ +module sanine.net/sanine.net-server + +go 1.19 + +require ( + github.com/russross/blackfriday/v2 v2.1.0 + github.com/sirupsen/logrus v1.9.0 +) + +require golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 // indirect diff --git a/server/go.sum b/server/go.sum new file mode 100644 index 0000000..900e85f --- /dev/null +++ b/server/go.sum @@ -0,0 +1,17 @@ +github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= +github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= +github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf35Ld67mk= +github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM= +github.com/sirupsen/logrus v1.9.0 h1:trlNQbNUG3OdDrDil03MCb1H2o9nJ1x4/5LYw7byDE0= +github.com/sirupsen/logrus v1.9.0/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= +github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= +github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= +github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8 h1:0A+M6Uqn+Eje4kHMK80dtF3JCXC4ykBgQG4Fe06QRhQ= +golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c h1:dUUwHk2QECo/6vqA44rthZ8ie2QXMNeKRTHCNY2nXvo= +gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM= diff --git a/server/main.go b/server/main.go new file mode 100644 index 0000000..63aadb5 --- /dev/null +++ b/server/main.go @@ -0,0 +1,48 @@ +package main + +import ( + "fmt" + "net/http" + "flag" + "path/filepath" + log "github.com/sirupsen/logrus" +) + + +func main() { + log.SetFormatter(&log.TextFormatter{ + FullTimestamp: true, + }); + + pathFlag := flag.String( + "path", "data", "the path to load site data from", + ); + addrFlag := flag.String( + "addr", "127.0.0.1:8080", "the address to serve from", + ); + flag.Parse(); + log.Infof("data path: %v", *pathFlag); + log.Infof("serving from %v", *addrFlag); + + mux := http.NewServeMux() + mux.HandleFunc("/ip", func(w http.ResponseWriter, req *http.Request) { + fmt.Fprintf(w, "%v", req.RemoteAddr); + }); + mux.HandleFunc("/", func(w http.ResponseWriter, req *http.Request) { + if req.URL.Path != "/" { + path := filepath.Join(*pathFlag, req.URL.Path); + Serve(w, req, path); + } else { + Serve(w, req, filepath.Join(*pathFlag, "index.md")); + } + }); + + server := http.Server{ + Addr: *addrFlag, + Handler: mux, + }; + err := server.ListenAndServe(); + if err != nil { + log.Fatal(err); + } +} diff --git a/server/md-page.go b/server/md-page.go new file mode 100644 index 0000000..8b378c5 --- /dev/null +++ b/server/md-page.go @@ -0,0 +1,95 @@ +package main + +import ( + "os" + "strings" + "net/http" + log "github.com/sirupsen/logrus" + md "github.com/russross/blackfriday/v2" +) + + +func ServeForbidden(w http.ResponseWriter, r *http.Request) { + w.WriteHeader(403); + w.Write([]byte("403 forbidden")); +} + + +func ServeNotFound(w http.ResponseWriter, r *http.Request) { + http.NotFound(w, r); +} + + +func RenderMarkdown(path string) ([]byte, error) { + data, err := os.ReadFile(path); + if err != nil { + return []byte{}, err; + } + return md.Run(data), nil; +} + + +func ServeMarkdown(w http.ResponseWriter, r *http.Request, path string) (int, error) { + page, err := RenderMarkdown(path); + if err != nil { + return 404, err; + } + w.WriteHeader(200); + w.Write(page); + return 200, nil; +} + +func ServeFile(w http.ResponseWriter, r *http.Request, path string) (int, error) { + if strings.Contains(r.URL.Path, "..") { + // reject requests with ".." in the URL + return 403, nil; + } + data, err := os.ReadFile(path); + if err != nil { + return 404, err; + } + + w.WriteHeader(200); + w.Write(data); + return 200, nil; +} + + +func IsMarkdown(path string) bool { + return strings.HasSuffix(path, ".md"); +} + + +func Serve(w http.ResponseWriter, r *http.Request, path string) { + var status int; + var err error; + + if IsMarkdown(path) { + // render and serve markdown content + status, err = ServeMarkdown(w, r, path); + } else { + // serve raw file + status, err = ServeFile(w, r, path); + } + + if status == 200 { + log.Infof( + "%v 200\t%v <- %v", + r.Method, r.RemoteAddr, r.URL.Path, + ); + } else { + log.Errorf( + "%v %v\t%v <- %v: %v", + r.Method, status, r.RemoteAddr, r.URL.Path, err, + ); + switch status { + case 403: + ServeForbidden(w, r); + case 404: + ServeNotFound(w, r); + default: + w.WriteHeader(status); + w.Write([]byte("error")); + } + } +} diff --git a/site_root/about.lua b/site_root/about.lua deleted file mode 100644 index 9f87357..0000000 --- a/site_root/about.lua +++ /dev/null @@ -1,19 +0,0 @@ -local md = [[ -about me -======== - -hey! i'm kate (aka sanine) and i like to write code, hack circuits, and grow plants. -i mostly use this site for documenting and sharing various projects, with the exception -of my game engine honey, which [has its own website](https://honey3d.org). -i also (very occasionally) make games!! you can see them [over on itch.io](https://sanine.itch.io/). - -if you need to get in contact with me, you can send me an email at `kate AT sanine DOT net`. - -i hope you're having a good day. <3 -]] - -return { - title='about me', - layout='base', - markdown=md, -} diff --git a/site_root/blog/03-remote_full_system_encryption_with_arch.lua b/site_root/blog/03-remote_full_system_encryption_with_arch.lua deleted file mode 100644 index 43fccfa..0000000 --- a/site_root/blog/03-remote_full_system_encryption_with_arch.lua +++ /dev/null @@ -1,103 +0,0 @@ -return { - title='remote-unlocking full system encryption with arch linux', - layout='blog', - date='2022-11-17', - markdown=[[ -I recently needed to set up a server with full system encryption and was faced with the conundrum: if I need to reboot, the keys are either (a) on the server, and thus not actually secure, or (b) need to be entered at boot, which typically means (I thought) that one needs to actually enter a password. However! I searched around a bit and saw that people used the dropbear ssh server in their initramfs images to log in remotely and thereby allow for a genuinely headless full-disk encrypted system. Unfortunately, almost all of the resources I could find on this was for Debian-based systems, and I had a hell of a time getting it to work on Arch. - -So, to spare others the pain I went through getting this to work, here is **sanine's guide to remote-unlocking encrypted Arch systems**. - - -## 1. set up arch with full system encryption - -The Arch wiki has fairly complete guides on how to do this! I used the [installation guide] and [encrypting an entire system guide] to get my initial installs set up. - -A note on the bootloader steps, because this was not made clear to me the first time I did it: the kernel parameters are passed as *command-line* parameters. If you're using GRUB, for instance, they should be put in the `GRUB_CMDLINE_LINUX` variable, not as config variables in their own right. - - -## 2. install the needed packages - -This should be a pretty easy step. On your lovely fresh install, just do - -``` -pacman -S mkinitcpio-netconf mkinitcpio-dropbear -``` - -The `netconf` hook will set up networking for us; the `dropbear` hook sets up an ssh server for us. - - -## 3. write a completely new initcpio hook - -Yeah, sorry, this is where it got weird for me and I spent several days just reading the man pages convinced I had done something wrong. Nope! As it is now, if we set up the hooks, the dropbear server would run just fine but wouldn't actually accept any logins because there's no `/etc/passwd` file in the initramfs image for it to check if a user is valid. Luckily, it's pretty easy to create a hook that adds one for us. Create the file `/usr/lib/initcpio/install/rootpasswd` and write in it - -``` -#!/bin/bash - -build () -{ - echo "root::0:0::/root:/bin/sh" > /tmp/rootpasswd - add_file /tmp/rootpasswd /etc/passwd -} -``` - -You can change the user if you want to, though you'll have to go modify the dropbear install file so that it sets up the `root_key` in the correct folder. - - -## 4. hack the encrypt hook - -(If you're using the sd-encrypt hook: I have no idea how applicable any of this section will be to you. Try it and let me know!) - -Okay, now it's possible to log in to the ssh server so what's the problem? Well, the default encrypt hook only checks if the target volume is present at the beginning. If you unlock it halfway through, when it's already prompted you for a password (say, for instance, by sshing in and decrypting it) it will just break. So we need to write *another* new hook. We still need the encrypt hook's install file though, so do - -``` -cd /usr/lib/initcpio/install -cp encrypt remote-encrypt -``` - -In your favorite text editor, enter the following into `/usr/lib/initcpio/hooks/remote-encrypt`: - -``` -#!/bin/sh - -run_hook () -{ - echo "waiting for ${root} to be available..." - while ! [ -e "${root}" ]; do - sleep 2; - done -} -``` - -Okay, now you're finished writing hooks. Time to bring everything together. - - -## 5. bring everything together - -Edit your `/etc/mkinitcpio.conf` HOOKS line so that it looks a little like this: - -``` -HOOKS=(base udev rootpasswd keyboard keymap consolefont -autodetect modconf block netconf dropbear remote-encrypt -lvm2 filesystems fsck) -``` - -Remember that the order of your hooks is important! When you're done, run `mkinitcpio -P` to regenerate your initramfs images. - -Now, edit your chosen bootloader to add the kernel parameter `ip=dhcp` so that the `netconf` hook will work correctly. (If you're using GRUB, don't forget to regenerate your `grub.cfg`.) - -Last but not least, make sure the ssh keys you want to use for unlocking are stored like an authorized_keys file in `/etc/dropbear/root_key`. - - -## 6. unlock remotely - -If all went well, you should now be able to reboot and ssh into your machine before disk decryption. Decryption will be different based on how you set up your machine, but if you did LVM on LUKS like me, you can do - -``` -cryptsetup open [cryptdevice] [target] && exit -``` - -The "&& exit" isn't *critical*, but it does lead to some weird effects because for some reason you won't get booted out when dropbear is supposed to die? And this triggered some ugly segfault error messages when I actually did exit after the machine fully booted. Oh well. - -[installation guide]: https://wiki.archlinux.org/title/Installation_guide -[encrypting an entire system guide]: https://wiki.archlinux.org/title/Dm-crypt/Encrypting_an_entire_system -]]} diff --git a/site_root/blog/announcing_honeysuckle.lua b/site_root/blog/announcing_honeysuckle.lua deleted file mode 100644 index f078585..0000000 --- a/site_root/blog/announcing_honeysuckle.lua +++ /dev/null @@ -1,37 +0,0 @@ -return { - title='announcing honeysuckle', - layout='blog', - date='2021-05-23', - markdown=[[ -as i’ve been working on various projects for the past couple of years -i have continued to find that a combination of c and lua is my favorite -way to write code. the ongoing development of [my game engine honey](https://honey3d.org/) -uses that pair and i’m planning on using it (whenever i get around to it) for my [dream -atlas project](https://sanine.net/projects/dream-atlas). but, and i’ll be the first -to admit this, the c api is a little clunky. -i don’t generally mind that all too much (after all, one of my favorite things about -both c and lua is that they’re languages you can carry around in your head, and having -a very explicit api means you only need to understand the fundamental concepts to use it) -but it does mean that dev work goes a bit slower. - -i did a good bit of work streamlining the process of writing lua bindings in c when -tinkering with honey and ever since then i’ve found myself peeking back at that code -and re-implementing it in other projects. a colleague of mine once said that the time -to write a library is when you’ve done something once, you’re doing it now, and you -re pretty sure you’ll do it again, and i think i’ve quite handily cleared that condition -so! i’m splitting that code out and refactoring it into its own library which, due -to its historical roots, i’ve chosen to call honeysuckle. - -honeysuckle is still under development – the api is a bit different from the one i -came up with when working on honey and imo is easier to use – but when it’s ready -it will provide a whole host of helpful functions that make integrating lua scripting -into c applications simple and fast. i am (attempting) to employ readme-driven development -so i’ve written up a readme for honeysuckle. any feedback on the proposed api and -features would be much appreciated! as of writing, honeysuckle is planned to include -functions for parsing arguments to c functions from lua, creating and processing tables -throwing and handling lua errors, using the lua registry, and creating printf-formatted strings. - -i’ve already created a repository for honeysuckle. there’s just a readme in there -for now, but that will probably have changed even just later today, since i’m planning -on working on it more this afternoon. :p -]]} diff --git a/site_root/blog/refactor-argent.lua b/site_root/blog/refactor-argent.lua deleted file mode 100644 index 6b7ca4d..0000000 --- a/site_root/blog/refactor-argent.lua +++ /dev/null @@ -1,24 +0,0 @@ -local md = [[ -hey there! you might be noticing that things look a little... different around here. -that's because i've refactored this site to use my custom static site generator, [argent]. -i used to use jekyll, but i wanted to be able to do more *direct programming* in building my -pages, and i wanted to be able to do that in lua. i tried looking at some of the other -static site generators out there using lua (and python too) but so many of them rely on -packages that no longer exist, or language features from seven versions ago, or similar -types of problems, that i wanted to have a site generator that *just works*. - -so i wrote one! i called it argent because (a) it sounds kinda cool and (b) argent, as a -silver-white color, is used in heraldry to represent the moon, and i like the oblique reference -to lua. it relies on posix filesystem calls (sorry windows users, you'll need msys or something -to run it) but otherwise is totally standalone -- it packages its own lua interpreter, so language -version (ideally) will never change. - -[argent]: /git/argent -]] - -return { - title = 'refactor: argent', - date = '2022-01-13', - layout = 'blog', - markdown = md, -} diff --git a/site_root/cgit.css b/site_root/cgit.css deleted file mode 100644 index 9242499..0000000 --- a/site_root/cgit.css +++ /dev/null @@ -1,176 +0,0 @@ -:root { - --light: #eee; - --dark: #1c1c1c; - --highlight: #f5ae2e; -} - -body { - color: var(--light); - background: var(--dark); - font-family: monospace; - font-size: 14px; -} - -#navigation { - text-align: center; -} - -.centered { - text-align: center; -} - -#content { - width: 600px; - max-width: 100%; - margin: auto; -} - -a { - color: var(--highlight); -} - -a:hover { - color: var(--dark); - background: var(--highlight); - text-decoration: none; -} - -ul { - list-style: none; -} - -li:before { - content: '* '; -} - -code { - background: black; - padding: 0 6px; - border-radius: 4px; -} - -pre code { - padding: 0; -} - - -/* ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - * - * cgit-specific css - * - * ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ - */ - -div#cgit { - width: 700px; - max-width: 100%; - margin: auto; -} - -div#cgit table#header { - width: 100%; - margin-bottom: 1em; -} - -div#cgit table#header tbody tr td.logo a { - display: none; -} - -div#cgit table#header td.form { - text-align: right; - vertical-align: bottom; - padding-right: 1em; - padding-bottom: 2px; - white-space: nowrap; -} - -div#cgit table.tabs { - border-bottom: solid 3px var(--highlight); - border-collapse: collapse; - margin-top: 2em; - margin-bottom: 0; - width: 100%; -} - -div#cgit table.tabs td { - padding: 0px 1em; - vertical-align: bottom; -} - -div#cgit table.tabs td a { - padding: 2px 0.75em; - text-decoration: none; -} - -div#cgit table.tabs td a.active { - color: var(--dark); - background-color: var(--highlight); -} - - -div#cgit table.tabs td.form { - text-align: right; -} - -div#cgit table.tabs td.form form { - padding-bottom: 2px; - white-space: nowrap; -} - - -div#cgit div.content { - margin: 0px; - padding: 2em 0; - border-bottom: solid 3px var(--light); -} - -div#cgit select, input { - font-family: monospace; -} - - -div#cgit table.list { - width: 100%; - border: none; - border-collapse: collapse; -} - -div#cgit table.list tr { - background: white; -} - -div#cgit table.list tr.logheader { - background: #eee; -} - -div#cgit table.list tr:nth-child(even) { - background: #151515; -} - -div#cgit table.list tr:nth-child(odd) { - background: var(--dark); -} - - -div#cgit table.blob td.hashes, -div#cgit table.blob td.lines { - margin: 0; padding: 0 0 0 0.5em; - vertical-align: top; - background-color: #151515; -} - -div#cgit table.blob td.lines code { - background-color: #151515; -} - -div#cgit span.decoration { - margin: 0 1em; -} - -div#cgit span.decoration a::before { - content: "["; -} - -div#cgit span.decoration a::after { - content: "]"; -} diff --git a/site_root/favicon.svg b/site_root/favicon.svg deleted file mode 100644 index 142a88c..0000000 --- a/site_root/favicon.svg +++ /dev/null @@ -1,148 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - image/svg+xml - - - - - - - - - diff --git a/site_root/index.lua b/site_root/index.lua deleted file mode 100644 index c419830..0000000 --- a/site_root/index.lua +++ /dev/null @@ -1,30 +0,0 @@ -local tk = require 'toolkit' - -function get_blog_links() - local links = '' -end - - -local md = string.format([[ -home -==== - -welcome to sanine.net! - -%s - -[subscribe via rss](/rss.xml) -]], get_blog_links()) - -return { - title='home', - layout='base', - markdown=md, -} diff --git a/site_root/projects/index.lua b/site_root/projects/index.lua deleted file mode 100644 index d8751b3..0000000 --- a/site_root/projects/index.lua +++ /dev/null @@ -1,19 +0,0 @@ -local md = [[ -projects -======== - -[sona e toki pona](/utils/toki-pona-trainer) - an interactive trainer for toki pona vocabulary. - -[学文字](/utils/chinese-characters) - an interactive trainer for chinese characters. - -[glyph generator](utils/glyph) - generate novel runes. - -[amaryllis](/utils/amaryllis/amaryllis.cgi) - conlang word-creation tool. - -]] - -return { - title='projects', - layout='base', - markdown=md, -} diff --git a/site_root/style.css b/site_root/style.css deleted file mode 100644 index 897b490..0000000 --- a/site_root/style.css +++ /dev/null @@ -1,85 +0,0 @@ -:root { - --light: #eee; - --dark: #1c1c1c; - /*--highlight: #ff3a21*/ - --highlight: #f5ae2e; -} - -body { - color: var(--light); - background: var(--dark); - font: 1.3em monospace; - text-size-adjust: auto; -} - -h1 { - font: 1.0em monospace; - font-weight: bold; - text-align: left; - text-size-adjust: auto; - margin-bottom: 0; -} - -h2 { - font: 1.0em monospace; - font-weight: bold; - text-align: left; - text-size-adjust: auto; - margin-bottom: 0; - margin-top: 3em; -} - -a { - color: var(--highlight); -} - -a:hover { - color: var(--dark); - background: var(--highlight); - text-decoration: none; -} - -ul { - list-style: none; -} - -li:before { - content: '* '; -} - -pre { - border-width: 0 0 0 2px; - border-style: solid; - border-color: var(--highlight); - background: black; - padding: 6px; - border-radius: 2px; -} - -code { - background: black; - padding: 0 6px; - border-radius: 4px; -} - -pre code { - padding: 0; -} - -#content { - max-width: 40em; - margin: auto; -} - -#navigation { - text-align: center; -} - -#navigation pre { - border: none; - background: var(--dark); -} - -.centered { - text-align: center; -} -- cgit v1.2.1