Update the nginx config to use a single well-known location block.

Previously, this was using a pre-defined pipeline that had to be loaded into the kubernetes context before this ran. Now, the pipeline is inlined with resolvers for the various tasks used from the catalog.

.dockerignore

@@ -0,0 +1,2 @@
+**/.git
+**/.gitignore

.gitignore

@@ -0,0 +1 @@
+output/

.lighthouse/pipeline-build-homepage-staging.yaml

@@ -0,0 +1,264 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: build-homepage-staging
+spec:
+  pipelineSpec:
+    params:
+      - name: image-name
+        description: The name for the built image
+        type: string
+      - name: path-to-image-context
+        description: The path to the build context
+        type: string
+      - name: path-to-dockerfile
+        description: The path to the Dockerfile
+        type: string
+    tasks:
+      - name: get-time
+        taskSpec:
+          metadata: {}
+          stepTemplate:
+            image: alpine:3.18
+            name: ""
+            resources:
+              requests:
+                cpu: 10m
+                memory: 600Mi
+            workingDir: /workspace/source
+          results:
+            - name: unix-time
+              description: The current date in unix timestamp format
+          steps:
+            - image: alpine:3.18
+              name: get-time-step
+              script: |
+                #!/usr/bin/env sh
+                set -euo pipefail
+                echo -n "$(date +%s)" | tee $(results.unix-time.path)
+      - name: report-pending
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/gitea-set-status/0.1/gitea-set-status.yaml
+        runAfter:
+          - fetch-repository
+          - fetch-repository-private
+        params:
+          - name: CONTEXT
+            value: "$(params.JOB_NAME)"
+          - name: REPO_FULL_NAME
+            value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
+          - name: GITEA_HOST_URL
+            value: code.fizz.buzz
+          - name: SHA
+            value: "$(tasks.fetch-repository.results.commit)"
+          - name: DESCRIPTION
+            value: "Build $(params.JOB_NAME) has started"
+          - name: STATE
+            value: pending
+          - name: TARGET_URL
+            value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
+      - name: fetch-repository
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/git-clone/0.9/git-clone.yaml
+        workspaces:
+          - name: output
+            workspace: git-source
+        params:
+          - name: url
+            value: $(params.REPO_URL)
+          - name: revision
+            value: $(params.PULL_BASE_SHA)
+          - name: deleteExisting
+            value: "true"
+      - name: fetch-repository-private
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/git-clone/0.9/git-clone.yaml
+        workspaces:
+          - name: output
+            workspace: git-source-private
+        params:
+          - name: url
+            value: git@code.fizz.buzz:talexander/homepage_private.git
+          - name: revision
+            value: main
+          - name: deleteExisting
+            value: "true"
+      - name: copy-private-files
+        taskSpec:
+          metadata: {}
+          stepTemplate:
+            image: alpine:3.18
+            name: ""
+            resources:
+              requests:
+                cpu: 10m
+                memory: 600Mi
+            workingDir: "$(workspaces.source.path)"
+          steps:
+            - image: alpine:3.18
+              name: copy-private-files
+              script: |
+                #!/usr/bin/env sh
+                set -euo pipefail
+                cp -r "$(workspaces.source-private.path)/static/"* "$(workspaces.source.path)/static/"
+        workspaces:
+          - name: source
+            workspace: git-source
+          - name: source-private
+            workspace: git-source-private
+        runAfter:
+          - get-time
+          - report-pending
+      - name: build-image
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/kaniko/0.6//kaniko.yaml
+        params:
+          - name: IMAGE
+            value: "$(params.image-name):$(tasks.get-time.results.unix-time)"
+          - name: CONTEXT
+            value: $(params.path-to-image-context)
+          - name: DOCKERFILE
+            value: $(params.path-to-dockerfile)
+          - name: BUILDER_IMAGE
+            value: "gcr.io/kaniko-project/executor:v1.12.1"
+          - name: EXTRA_ARGS
+            value:
+              - "--destination=$(params.image-name)" # Also write the :latest image
+              - --cache=true
+              - --cache-copy-layers
+              - --cache-repo=harbor.fizz.buzz/kanikocache/cache
+              - --use-new-run # Should result in a speed-up
+              - --reproducible # To remove timestamps so layer caching works.
+              - --snapshot-mode=redo
+              - --skip-unused-stages=true
+              - --registry-mirror=dockerhub.dockerhub.svc.cluster.local
+        workspaces:
+          - name: source
+            workspace: git-source
+          - name: dockerconfig
+            workspace: docker-credentials
+        runAfter:
+          - copy-private-files
+    finally:
+      - name: report-success
+        when:
+          - input: "$(tasks.status)"
+            operator: in
+            values: ["Succeeded", "Completed"]
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/gitea-set-status/0.1/gitea-set-status.yaml
+        params:
+          - name: CONTEXT
+            value: "$(params.JOB_NAME)"
+          - name: REPO_FULL_NAME
+            value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
+          - name: GITEA_HOST_URL
+            value: code.fizz.buzz
+          - name: SHA
+            value: "$(tasks.fetch-repository.results.commit)"
+          - name: DESCRIPTION
+            value: "Build $(params.JOB_NAME) has succeeded"
+          - name: STATE
+            value: success
+          - name: TARGET_URL
+            value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
+      - name: report-failure
+        when:
+          - input: "$(tasks.status)"
+            operator: in
+            values: ["Failed"]
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/gitea-set-status/0.1/gitea-set-status.yaml
+        params:
+          - name: CONTEXT
+            value: "$(params.JOB_NAME)"
+          - name: REPO_FULL_NAME
+            value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
+          - name: GITEA_HOST_URL
+            value: code.fizz.buzz
+          - name: SHA
+            value: "$(tasks.fetch-repository.results.commit)"
+          - name: DESCRIPTION
+            value: "Build $(params.JOB_NAME) has failed"
+          - name: STATE
+            value: failure
+          - name: TARGET_URL
+            value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
+    workspaces:
+      - name: git-source
+      - name: docker-credentials
+  workspaces:
+    - name: git-source
+      volumeClaimTemplate:
+        spec:
+          storageClassName: "nfs-client"
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+      subPath: rust-source
+    - name: git-source-private
+      volumeClaimTemplate:
+        spec:
+          storageClassName: "nfs-client"
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+      subPath: git-source
+    - name: docker-credentials
+      secret:
+        secretName: harbor-plain
+  serviceAccountName: build-bot
+  timeout: 240h0m0s
+  params:
+    - name: image-name
+      value: "harbor.fizz.buzz/private/homepage-staging"
+    - name: path-to-image-context
+      value: .
+    - name: path-to-dockerfile
+      value: docker/server/Dockerfile

.lighthouse/pipeline-build-homepage.yaml

@@ -0,0 +1,275 @@
+apiVersion: tekton.dev/v1beta1
+kind: PipelineRun
+metadata:
+  name: build-homepage
+spec:
+  pipelineSpec:
+    params:
+      - name: image-name
+        description: The name for the built image
+        type: string
+      - name: path-to-image-context
+        description: The path to the build context
+        type: string
+      - name: path-to-dockerfile
+        description: The path to the Dockerfile
+        type: string
+    tasks:
+      - name: detect-tag
+        taskSpec:
+          metadata: {}
+          stepTemplate:
+            image: alpine:3.18
+            name: ""
+            resources:
+              requests:
+                cpu: 10m
+                memory: 600Mi
+            workingDir: "$(workspaces.repo.path)"
+          results:
+            - name: tag
+              description: The tag to use for the docker container.
+          steps:
+            - image: alpine/git:v2.34.2
+              name: detect-tag-step
+              script: |
+                #!/usr/bin/env sh
+                set -euo pipefail
+                git fetch --tags
+                current_tag=$(git tag --points-at HEAD --list 'v*.*.*')
+                if [ -z "$current_tag" ]; then
+                  echo "No tag at current commit"
+                  exit 1
+                else
+                  echo -n "${current_tag}" | tee $(results.tag.path)
+                fi
+        workspaces:
+          - name: repo
+            workspace: git-source
+        runAfter:
+          - fetch-repository
+      - name: report-pending
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/gitea-set-status/0.1/gitea-set-status.yaml
+        runAfter:
+          - fetch-repository
+          - fetch-repository-private
+        params:
+          - name: CONTEXT
+            value: "$(params.JOB_NAME)"
+          - name: REPO_FULL_NAME
+            value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
+          - name: GITEA_HOST_URL
+            value: code.fizz.buzz
+          - name: SHA
+            value: "$(tasks.fetch-repository.results.commit)"
+          - name: DESCRIPTION
+            value: "Build $(params.JOB_NAME) has started"
+          - name: STATE
+            value: pending
+          - name: TARGET_URL
+            value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
+      - name: fetch-repository
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/git-clone/0.9/git-clone.yaml
+        workspaces:
+          - name: output
+            workspace: git-source
+        params:
+          - name: url
+            value: $(params.REPO_URL)
+          - name: revision
+            value: $(params.PULL_BASE_SHA)
+          - name: deleteExisting
+            value: "true"
+      - name: fetch-repository-private
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/git-clone/0.9/git-clone.yaml
+        workspaces:
+          - name: output
+            workspace: git-source-private
+        params:
+          - name: url
+            value: git@code.fizz.buzz:talexander/homepage_private.git
+          - name: revision
+            value: main
+          - name: deleteExisting
+            value: "true"
+      - name: copy-private-files
+        taskSpec:
+          metadata: {}
+          stepTemplate:
+            image: alpine:3.18
+            name: ""
+            resources:
+              requests:
+                cpu: 10m
+                memory: 600Mi
+            workingDir: "$(workspaces.source.path)"
+          steps:
+            - image: alpine:3.18
+              name: copy-private-files
+              script: |
+                #!/usr/bin/env sh
+                set -euo pipefail
+                cp -r "$(workspaces.source-private.path)/static/"* "$(workspaces.source.path)/static/"
+        workspaces:
+          - name: source
+            workspace: git-source
+          - name: source-private
+            workspace: git-source-private
+        runAfter:
+          - report-pending
+      - name: build-image
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/kaniko/0.6//kaniko.yaml
+        params:
+          - name: IMAGE
+            value: "$(params.image-name):$(tasks.detect-tag.results.tag)"
+          - name: CONTEXT
+            value: $(params.path-to-image-context)
+          - name: DOCKERFILE
+            value: $(params.path-to-dockerfile)
+          - name: BUILDER_IMAGE
+            value: "gcr.io/kaniko-project/executor:v1.12.1"
+          - name: EXTRA_ARGS
+            value:
+              - "--destination=$(params.image-name)" # Also write the :latest image
+              - --cache=true
+              - --cache-copy-layers
+              - --cache-repo=harbor.fizz.buzz/kanikocache/cache
+              - --use-new-run # Should result in a speed-up
+              - --reproducible # To remove timestamps so layer caching works.
+              - --snapshot-mode=redo
+              - --skip-unused-stages=true
+              - --registry-mirror=dockerhub.dockerhub.svc.cluster.local
+        workspaces:
+          - name: source
+            workspace: git-source
+          - name: dockerconfig
+            workspace: docker-credentials
+        runAfter:
+          - copy-private-files
+    finally:
+      - name: report-success
+        when:
+          - input: "$(tasks.status)"
+            operator: in
+            values: ["Succeeded", "Completed"]
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/gitea-set-status/0.1/gitea-set-status.yaml
+        params:
+          - name: CONTEXT
+            value: "$(params.JOB_NAME)"
+          - name: REPO_FULL_NAME
+            value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
+          - name: GITEA_HOST_URL
+            value: code.fizz.buzz
+          - name: SHA
+            value: "$(tasks.fetch-repository.results.commit)"
+          - name: DESCRIPTION
+            value: "Build $(params.JOB_NAME) has succeeded"
+          - name: STATE
+            value: success
+          - name: TARGET_URL
+            value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
+      - name: report-failure
+        when:
+          - input: "$(tasks.status)"
+            operator: in
+            values: ["Failed"]
+        taskRef:
+          resolver: git
+          params:
+            - name: url
+              value: https://github.com/tektoncd/catalog.git
+            - name: revision
+              value: df36b3853a5657fd883015cdbf07ad6466918acf
+            - name: pathInRepo
+              value: task/gitea-set-status/0.1/gitea-set-status.yaml
+        params:
+          - name: CONTEXT
+            value: "$(params.JOB_NAME)"
+          - name: REPO_FULL_NAME
+            value: "$(params.REPO_OWNER)/$(params.REPO_NAME)"
+          - name: GITEA_HOST_URL
+            value: code.fizz.buzz
+          - name: SHA
+            value: "$(tasks.fetch-repository.results.commit)"
+          - name: DESCRIPTION
+            value: "Build $(params.JOB_NAME) has failed"
+          - name: STATE
+            value: failure
+          - name: TARGET_URL
+            value: "https://tekton.fizz.buzz/#/namespaces/$(context.pipelineRun.namespace)/pipelineruns/$(context.pipelineRun.name)"
+    workspaces:
+      - name: git-source
+      - name: docker-credentials
+  workspaces:
+    - name: git-source
+      volumeClaimTemplate:
+        spec:
+          storageClassName: "nfs-client"
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+      subPath: rust-source
+    - name: git-source-private
+      volumeClaimTemplate:
+        spec:
+          storageClassName: "nfs-client"
+          accessModes:
+            - ReadWriteOnce
+          resources:
+            requests:
+              storage: 10Gi
+      subPath: git-source
+    - name: docker-credentials
+      secret:
+        secretName: harbor-plain
+  serviceAccountName: build-bot
+  timeout: 240h0m0s
+  params:
+    - name: image-name
+      value: "harbor.fizz.buzz/private/homepage"
+    - name: path-to-image-context
+      value: .
+    - name: path-to-dockerfile
+      value: docker/server/Dockerfile

.lighthouse/triggers.yaml

@@ -28,36 +28,16 @@ spec:
                     storage: 10Gi
             subPath: homepage-source
         params: []
-    - name: build-homepage
+    - name: build-homepage-staging
-      agent: tekton-pipeline
+      source: "pipeline-build-homepage-staging.yaml"
-      branches:
-        - "^v[0-9]+\\.[0-9]+\\.[0-9]+$"
-      context: build-docker
-      max_concurrency: 1
       # Override https-based url from lighthouse events.
       clone_uri: "git@code.fizz.buzz:talexander/homepage.git"
-      pipeline_run_spec:
+      skip_branches:
-        serviceAccountName: build-bot
+        # We already run on every commit, so running when the semver tags get pushed is causing needless double-processing.
-        pipelineRef:
+        - "^v[0-9]+\\.[0-9]+\\.[0-9]+$"
-          name: build-docker-pipeline
+    - name: build-homepage
-        workspaces:
+      source: "pipeline-build-homepage.yaml"
-          - name: git-source
+      # Override https-based url from lighthouse events.
-            volumeClaimTemplate:
+      clone_uri: "git@code.fizz.buzz:talexander/homepage.git"
-              spec:
+      branches:
-                storageClassName: "nfs-client"
+        - "^v[0-9]+\\.[0-9]+\\.[0-9]+$"
-                accessModes:
-                  - ReadWriteOnce
-                resources:
-                  requests:
-                    storage: 10Gi
-            subPath: git-source
-          - name: docker-credentials
-            secret:
-              secretName: harbor-plain
-        params:
-          - name: image-name
-            value: "harbor.fizz.buzz/private/homepage"
-          - name: path-to-image-context
-            value: .
-          - name: path-to-dockerfile
-            value: docker/server/Dockerfile

docker/server/Dockerfile

@@ -1,4 +1,10 @@
-FROM alpine:3.18
+FROM harbor.fizz.buzz/private/natter:latest AS builder
+
+COPY . /source
+RUN ls /source/
+RUN natter build --config /source/natter.toml
+
+FROM alpine:3.18 AS server
 
 RUN apk add --no-cache bash nginx
 RUN addgroup web && adduser -D -G web web && install -d -D -o web -g web -m 700 /srv/http/public
@@ -6,6 +12,6 @@ RUN ln -sf /dev/stdout /var/log/nginx/access.log && ln -sf /dev/stderr /var/log/
 
 COPY --chown=web:web docker/server/nginx.conf /srv/http
 COPY --chown=web:web docker/server/headers.include /srv/http
-COPY --chown=web:web static/ /srv/http/public/
+COPY --from=builder --chown=web:web /source/output/ /srv/http/public/
 
 ENTRYPOINT ["/usr/sbin/nginx", "-c", "/srv/http/nginx.conf", "-e", "stderr", "-g", "daemon off;"]

docker/server/Makefile

@@ -1,35 +1,52 @@
+SHELL := bash
+.ONESHELL:
+.SHELLFLAGS := -eu -o pipefail -c
+.DELETE_ON_ERROR:
+MAKEFLAGS += --warn-undefined-variables
+MAKEFLAGS += --no-builtin-rules
+OS:=$(shell uname -s)
+
+ifeq ($(origin .RECIPEPREFIX), undefined)
+  $(error This Make does not support .RECIPEPREFIX. Please use GNU Make 4.0 or later)
+endif
+.RECIPEPREFIX = >
+
 IMAGE_NAME:=homepage
 # REMOTE_REPO:=harbor.fizz.buzz/private
+TARGET :=
 
-.PHONY: all
+.PHONY: help
-all: build push
+help:
+> @grep -h "##" $(MAKEFILE_LIST) | grep -v grep | sed -E 's/^([^:]*): *## */\1:  /'
 
 .PHONY: build
-build:
+build: ## Build the docker image.
-	docker build -t $(IMAGE_NAME) -f Dockerfile ../
+> docker build --tag $(IMAGE_NAME) --target=$(TARGET) --file Dockerfile ../../
 
 .PHONY: push
-push:
+push: ## Push the docker image to a remote repository.
 ifdef REMOTE_REPO
-	docker tag $(IMAGE_NAME) $(REMOTE_REPO)/$(IMAGE_NAME)
+> docker tag $(IMAGE_NAME) $(REMOTE_REPO)/$(IMAGE_NAME)
-	docker push $(REMOTE_REPO)/$(IMAGE_NAME)
+> docker push $(REMOTE_REPO)/$(IMAGE_NAME)
 else
-	@echo "REMOTE_REPO not defined, not pushing to a remote repo."
+> @echo "REMOTE_REPO not defined, not pushing to a remote repo."
 endif
 
 .PHONY: clean
 clean:
-	docker rmi $(IMAGE_NAME)
+> docker rmi $(IMAGE_NAME)
 ifdef REMOTE_REPO
-	docker rmi $(REMOTE_REPO)/$(IMAGE_NAME)
+> docker rmi $(REMOTE_REPO)/$(IMAGE_NAME)
 else
-	@echo "REMOTE_REPO not defined, not removing from remote repo."
+> @echo "REMOTE_REPO not defined, not removing from remote repo."
 endif
 
 .PHONY: run
-run:
+run: build
-	docker run --rm -i -t -p "8080:8080" $(IMAGE_NAME)
+run: ## Launch the docker image
+> docker run --rm -i -t -p "8080:8080" $(IMAGE_NAME)
 
 .PHONY: shell
-shell:
+shell: ## Launch an interactive shell inside the docker image.
-	docker run --rm -i -t -p "8080:8080" --entrypoint /bin/bash $(IMAGE_NAME)
+shell: build
+> docker run --rm -i -t -p "8080:8080" --entrypoint /bin/bash --mount type=tmpfs,destination=/tmp $(IMAGE_NAME)

docker/server/nginx.conf

@@ -14,6 +14,11 @@ events {
 http {
     include /etc/nginx/mime.types;
     default_type application/octet-stream;
+
+    types {
+        text/plain asc;
+    }
+
     server_tokens off;
     client_max_body_size 1m;
     sendfile on;
@@ -38,6 +43,13 @@ http {
             return 200 '{"status":"OK"}';
         }
 
+        location /.well-known/ {
+            alias /srv/http/public/well-known/;
+            # default_type text/plain;
+            default_type        "application/octet-stream";
+            add_header          Access-Control-Allow-Origin * always;
+        }
+
         location /.well-known/matrix/server {
           default_type application/json;
           add_header "Access-Control-Allow-Origin" *;

natter.toml

@@ -0,0 +1 @@
+site_title = "FizzBuzz Blog"

pages/index.org

@@ -0,0 +1,24 @@
+#+OPTIONS: html-postamble:nil
+#+date: <2023-12-23 Sat>
+#+author: Tom Alexander
+#+email:
+#+language: en
+#+select_tags: export
+#+exclude_tags: noexport
+
+My dev blog will appear here as soon as I finish writing articles worthy of publishing. In the mean time, please check out my repos at [[https://code.fizz.buzz/explore/repos][code.fizz.buzz]].
+
+Links:
+- My personal repos: [[https://code.fizz.buzz/explore/repos][code.fizz.buzz]]
+- LinkedIn: https://www.linkedin.com/in/tom-alexander-b6a18216/
+- GitHub: https://github.com/tomalexander
+- Resume: https://fizz.buzz/resume.pdf
+- PGP Key: https://fizz.buzz/pgp.asc
+
+* Why is your website the way it is?
+
+I used to have a developer blog hosted at this domain. I quickly developed an appreciation for the power of org-mode for writing the content of the blog but I grew tired of inconsistent build results. The static site generators at the time would function by calling out to emacs itself to parse the org-mode and export HTML which meant that updates to emacs, my elisp packages, or the static site generator could cause compatibility issues. This often lead to things like escaping issues in old blog posts going unnoticed.
+
+To solve the issue, and to seize the opportunity to gain more experience in Rust, I decided to write my own static site generator that would not depend on outside tools. So far I have written [[https://code.fizz.buzz/talexander/duster][the template engine]] and I am in the process of writing [[https://code.fizz.buzz/talexander/organic][an org-mode parser]]. When that is done, it should just be a matter of tying those two together with some minor glue to make a static site generator to create the new version of this site. Until that is done, I am using this hastily thrown-together manually-written html file as a placeholder.
+
+That isn't to say that there are no exciting things hosted on this server, just not at the root domain. For example, this server is running kubernetes that I set up manually following [[https://github.com/kelseyhightower/kubernetes-the-hard-way][kubernetes-the-hard-way]] in a bunch of [[https://man.freebsd.org/cgi/man.cgi?bhyve][bhyve VMs]] that I networked together using [[https://man.freebsd.org/cgi/man.cgi?netgraph(4)][netgraph]]. On it I host my own [[https://www.powerdns.com/][PowerDNS]] server as the authoratative DNS server for fizz.buzz. It is integrated with [[https://cert-manager.io/][cert-manager]] and [[https://github.com/kubernetes-sigs/external-dns][ExternalDNS]] so Ingresses/LoadBalancers on my cluster automatically get valid TLS certificates and update the DNS records. I have a fully open-source self-hosted gitops workflow where a commit to a git repo I'm hosting in [[https://code.fizz.buzz/][gitea]], triggers a [[https://tekton.dev/][tekton pipeline]] through [[https://github.com/jenkins-x/lighthouse][lighthouse]] to build a docker image with [[https://github.com/GoogleContainerTools/kaniko][kaniko]], which gets pushed to my self-hosted [[https://goharbor.io/][harbor]] instance, which then gets deployed to my cluster via [[https://fluxcd.io/][flux]]. The end result is I make a commit to a repo and the result is deployed to my website in minutes.

static/index.html

@@ -1,34 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <title>FizzBuzz</title>
-  </head>
-  <body>
-    <h1>FizzBuzz Dev Blog.</h1>
-    <p><strong>Coming Eventually!</strong></p>
-
-    <br/>
-
-    <p>Please check out my repos at <a href="https://code.fizz.buzz/explore/repos">code.fizz.buzz</a>.</p>
-
-    <p>
-      Links
-     </br>
-     <ul>
-       <li>My Personal Repos: <a href="https://code.fizz.buzz/explore/repos">code.fizz.buzz</a></li>
-       <li>LinkedIn: <a href="https://www.linkedin.com/in/tom-alexander-b6a18216/">https://www.linkedin.com/in/tom-alexander-b6a18216/</a></li>
-       <li>GitHub: <a href="https://github.com/tomalexander">https://github.com/tomalexander</a></li>
-       <li>Resume: <a href="https://fizz.buzz/resume.pdf">https://fizz.buzz/resume.pdf</a></li>
-       <li>PGP Key: <a href="https://fizz.buzz/pgp.asc">https://fizz.buzz/pgp.asc</a></li>
-     </ul>
-    </p>
-
-    <h3>Why is your website the way it is?</h3>
-    <p>I used to have a developer blog hosted at this domain. I quickly developed an appreciation for the power of org-mode for writing the content of the blog but I grew tired of inconsistent build results. The static site generators at the time would function by calling out to emacs itself to parse the org-mode and export HTML which meant that updates to emacs, my elisp packages, or the static site generator could cause compatibility issues. This often lead to things like escaping issues in old blog posts going unnoticed.</p>
-
-    <p>To solve the issue, and to seize the opportunity to gain more experience in Rust, I decided to write my own static site generator that would not depend on outside tools. So far I have written <a href="https://code.fizz.buzz/talexander/duster">the template engine</a> and I am in the process of writing <a href="https://code.fizz.buzz/talexander/organic">an org-mode parser</a>. When that is done, it should just be a matter of tying those two together with some minor glue to make a static site generator to create the new version of this site. Until that is done, I am using this hastily thrown-together manually-written html file as a placeholder.</p>
-
-    <p>That isn't to say that there are no exciting things hosted on this server, just not at the root domain. For example, this server is running kubernetes that I set up manually following <a href="https://github.com/kelseyhightower/kubernetes-the-hard-way">kubernetes-the-hard-way</a> in a bunch of <a href="https://man.freebsd.org/cgi/man.cgi?bhyve">bhyve VMs</a> that I networked together using <a href="https://man.freebsd.org/cgi/man.cgi?netgraph(4)">netgraph</a>. On it I host my own <a href="https://www.powerdns.com/">PowerDNS</a> server as the authoratative DNS server for fizz.buzz. It is integrated with <a href="https://cert-manager.io/">cert-manager</a> and <a href="https://github.com/kubernetes-sigs/external-dns">ExternalDNS</a> so Ingresses/LoadBalancers on my cluster automatically get valid TLS certificates and update the DNS records. I have a fully open-source self-hosted gitops workflow where a commit to a git repo I'm hosting in <a href="https://code.fizz.buzz/">gitea</a>, triggers a <a href="https://tekton.dev/">tekton pipeline</a> through <a href="https://github.com/jenkins-x/lighthouse">lighthouse</a> to build a docker image with <a href="https://github.com/GoogleContainerTools/kaniko">kaniko</a>, which gets pushed to my self-hosted <a href="https://goharbor.io/">harbor</a> instance, which then gets deployed to my cluster via <a href="https://fluxcd.io/">flux</a>. The end result is I make a commit to a repo and the result is deployed to my website in minutes.</p>
-
-  </body>
-</html>

static/pgp.asc

@@ -1,31 +0,0 @@
------BEGIN PGP PUBLIC KEY BLOCK-----
-
-mDMEXZwWGhYJKwYBBAHaRw8BAQdAfv7qozKkmf4D+5PDzADsMm4aAKDGLha7+Cu0
-0H+RsWG0HVRvbSBBbGV4YW5kZXIgPHRvbUBmaXp6LmJ1eno+iJAEExYIADgWIQS4
-SBWTY8KHeReVS+En3kDZuEVcGwUCXZwWGgIbAwULCQgHAgYVCAkKCwIEFgIDAQIe
-AQIXgAAKCRAn3kDZuEVcG9glAQDX3Bzaz9sQpycc40LeLxSKQsWplfJigfr8wWOg
-C15TywEAqkTtCrTNsltdZERLMre7qnv/6RSo54OW0C4pdN7UUAa0HlRvbSBBbGV4
-YW5kZXIgPHdvcmtAZml6ei5idXp6PoiQBBMWCAA4FiEEuEgVk2PCh3kXlUvhJ95A
-2bhFXBsFAl+w+R0CGwMFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQJ95A2bhF
-XBt6fgD+NOYnw9gz5K/q3H5LE/JvqzCSHezJmeGgif0CuU4m1/MA+gPDKME7syEt
-JsTpELEMrxWWpDW0tD/W1iJE7roGYPQPuDgEXZwWGhIKKwYBBAGXVQEFAQEHQK20
-2EIAwTBuxARUygOvn+AloMJdui39m+nMghn1MNo+AwEIB4h4BBgWCAAgFiEEuEgV
-k2PCh3kXlUvhJ95A2bhFXBsFAl2cFhoCGwwACgkQJ95A2bhFXBtNzAEAq5I6xPjI
-bb23xmhxh5cM/UJxdGedfWMyvF6/JtDvtPUBAPQRQn5AMwTOA+CSnliYf7ZjfVOl
-Hscy60XWPlvXLoAJuDMEXZwWyhYJKwYBBAHaRw8BAQdAPyIL4EGg4T5JO9q2kpVD
-y2WjMiXz3nZXwYW4GLoTYkiI9QQYFggAJgIbAhYhBLhIFZNjwod5F5VL4SfeQNm4
-RVwbBQJlC4ZhBQkLMdaXAIF2IAQZFggAHRYhBIHmRDmWdVAusSUWutOhecmlPA7e
-BQJdnBbKAAoJENOhecmlPA7ejJ4A/iq7N2mMhx+ovOXm1REoASPF3l4YAAjOHsXq
-cPtFHKGJAQCiuA71d6CQ+qNZLuka/KVB/etkkJvDzvaTtiQQQG+gAwkQJ95A2bhF
-XBtRDgEAqymMavroD5c/4+M/EZ3/d8wxfA9E3Fb/1mt4c2ZrNnkBAKYOM+pz/pnc
-FnV+kF7h7TQEEYuGw1JhJVT/duA4lwsLuDMEXZwXARYJKwYBBAHaRw8BAQdAa76T
-mWuKuiR1bnNV1FUE6oQ4C8A+UiQb8x0k1z2DmTKIfgQYFggAJgIbIBYhBLhIFZNj
-wod5F5VL4SfeQNm4RVwbBQJlC4ZwBQkLMdZgAAoJECfeQNm4RVwb8TkA/RkBu9Ev
-8iDE5nvn8YF8FRiY56Z5d+SBPG4VvrCzXrmlAP46wUjIRpkMrTbb1GMbvYnkeOrB
-s/qiWjEtHHc3ZLMWD7g4BF2cFygSCisGAQQBl1UBBQEBB0AO0t3BUxLuokTqKVch
-eFAZd4UKxAGznPQlvsVyhWWIEgMBCAeIfgQYFggAJgIbDBYhBLhIFZNjwod5F5VL
-4SfeQNm4RVwbBQJlC4ZwBQkLMdY5AAoJECfeQNm4RVwbXscA/A8zRRTCwQKxJ8iz
-5jmTcVFAhl2vD781Dtv8NvcWd5t8APwIwcuFVZZA3yayhIxi3aqYpMRxpn2t6Nsw
-ax1MIM8DBQ==
-=dyR/
------END PGP PUBLIC KEY BLOCK-----