Merge remote-tracking branch 'upstream/master'

Reviewed-on: #1

.docker/.conf/nginx/conf.d/http/main.conf

@@ -0,0 +1,8 @@
+server {
+    listen 80;
+    location / {
+        root /var/www/build;
+        autoindex off;
+        try_files $uri $uri/ =404;
+    }
+}

.docker/.conf/nginx/nginx.conf

@@ -0,0 +1,69 @@
+worker_processes 4;
+pid /tmp/nginx.pid;
+
+
+error_log /dev/stderr info;
+
+
+events {
+    worker_connections 1024;
+    multi_accept off;
+}
+
+http {
+
+
+    ## asynchronous input/output policy.
+    tcp_nopush on;
+    sendfile on;
+
+
+    ## Security policy
+    ssl_protocols TLSv1.3 TLSv1.2;
+    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA HIGH !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS";
+    server_tokens off;                              # disable server version response header.
+    add_header X-Content-Type-Options nosniff;      # Disable sniffing
+    add_header X-Frame-Options SAMEORIGIN always;   # Prevent clickjacking.
+    add_header "X-XSS-Protection" "1; mode=block";  # Prevent cross-site-scripting
+    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;  # Force HSTS, prevent mitm attack between 301 redirect for http, and https server.
+
+
+    ## Log file policy.
+    log_format logformat    '$remote_addr - $remote_user [$time_local] "$request" '
+                            '$status $body_bytes_sent "$http_referer" '
+                            '"$http_user_agent" "$http_x_forwarded_for"';
+    access_log /dev/stdout logformat;
+
+
+    ## Temp file policy.
+    client_body_temp_path /tmp/client_temp;
+    fastcgi_temp_path /tmp/fastcgi_temp;
+    uwsgi_temp_path /tmp/uwsgi_temp;
+    proxy_temp_path /tmp/proxy_temp;
+    scgi_temp_path /tmp/scgi_temp;
+
+
+    ## Buffer Policy.
+    client_body_buffer_size 1K;
+    client_header_buffer_size 1k;
+    client_max_body_size 1k;
+    large_client_header_buffers 2 1k;
+
+
+    ## Client timeout policy
+    client_body_timeout   10;
+    client_header_timeout 10;
+    keepalive_timeout     5 5;
+    send_timeout          10;
+
+
+    ## Default mime type.
+    include snippets/mime-types.conf;
+    default_type text/html;
+
+
+    ## http vhosts
+    include conf.d/http/*.conf;
+
+
+}

.docker/.conf/nginx/snippets/fastcgi.conf

@@ -0,0 +1,26 @@
+
+fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;
+fastcgi_param  QUERY_STRING       $query_string;
+fastcgi_param  REQUEST_METHOD     $request_method;
+fastcgi_param  CONTENT_TYPE       $content_type;
+fastcgi_param  CONTENT_LENGTH     $content_length;
+
+fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
+fastcgi_param  REQUEST_URI        $request_uri;
+fastcgi_param  DOCUMENT_URI       $document_uri;
+fastcgi_param  DOCUMENT_ROOT      $document_root;
+fastcgi_param  SERVER_PROTOCOL    $server_protocol;
+fastcgi_param  REQUEST_SCHEME     $scheme;
+fastcgi_param  HTTPS              $https if_not_empty;
+
+fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
+fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;
+
+fastcgi_param  REMOTE_ADDR        $remote_addr;
+fastcgi_param  REMOTE_PORT        $remote_port;
+fastcgi_param  SERVER_ADDR        $server_addr;
+fastcgi_param  SERVER_PORT        $server_port;
+fastcgi_param  SERVER_NAME        $server_name;
+
+# PHP only, required if PHP was built with --enable-force-cgi-redirect
+fastcgi_param  REDIRECT_STATUS    200;

.docker/.conf/nginx/snippets/mime-types.conf

@@ -0,0 +1,48 @@
+types {
+  text/html                             html htm shtml;
+  text/css                              css;
+  text/xml                              xml rss;
+  image/gif                             gif;
+  image/jpeg                            jpeg jpg;
+  application/x-javascript              js;
+  text/plain                            txt;
+  text/x-component                      htc;
+  text/mathml                           mml;
+  image/png                             png;
+  image/x-icon                          ico;
+  image/x-jng                           jng;
+  image/vnd.wap.wbmp                    wbmp;
+  application/java-archive              jar war ear;
+  application/mac-binhex40              hqx;
+  application/pdf                       pdf;
+  application/x-cocoa                   cco;
+  application/x-java-archive-diff       jardiff;
+  application/x-java-jnlp-file          jnlp;
+  application/x-makeself                run;
+  application/x-perl                    pl pm;
+  application/x-pilot                   prc pdb;
+  application/x-rar-compressed          rar;
+  application/x-redhat-package-manager  rpm;
+  application/x-sea                     sea;
+  application/x-shockwave-flash         swf;
+  application/x-stuffit                 sit;
+  application/x-tcl                     tcl tk;
+  application/x-x509-ca-cert            der pem crt;
+  application/x-xpinstall               xpi;
+  application/zip                       zip;
+  application/octet-stream              deb;
+  application/octet-stream              bin exe dll;
+  application/octet-stream              dmg;
+  application/octet-stream              eot;
+  application/octet-stream              iso img;
+  application/octet-stream              msi msp msm;
+  audio/mpeg                            mp3;
+  audio/x-realaudio                     ra;
+  video/mpeg                            mpeg mpg;
+  video/quicktime                       mov;
+  video/x-flv                           flv;
+  video/x-msvideo                       avi;
+  video/x-ms-wmv                        wmv;
+  video/x-ms-asf                        asx asf;
+  video/x-mng                           mng;
+}

.docker/.conf/nginx/snippets/proxy.conf

@@ -0,0 +1,10 @@
+proxy_redirect off;
+proxy_set_header Host $host;
+proxy_set_header X-Real-IP $remote_addr;
+proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+client_max_body_size 10m;
+client_body_buffer_size 128k;
+proxy_connect_timeout 90;
+proxy_send_timeout 90;
+proxy_read_timeout 90;
+proxy_buffers 32 4k;

.docker/.conf/nginx/snippets/scgi.conf

@@ -0,0 +1,17 @@
+
+scgi_param  REQUEST_METHOD     $request_method;
+scgi_param  REQUEST_URI        $request_uri;
+scgi_param  QUERY_STRING       $query_string;
+scgi_param  CONTENT_TYPE       $content_type;
+
+scgi_param  DOCUMENT_URI       $document_uri;
+scgi_param  DOCUMENT_ROOT      $document_root;
+scgi_param  SCGI               1;
+scgi_param  SERVER_PROTOCOL    $server_protocol;
+scgi_param  REQUEST_SCHEME     $scheme;
+scgi_param  HTTPS              $https if_not_empty;
+
+scgi_param  REMOTE_ADDR        $remote_addr;
+scgi_param  REMOTE_PORT        $remote_port;
+scgi_param  SERVER_PORT        $server_port;
+scgi_param  SERVER_NAME        $server_name;

.docker/.conf/nginx/snippets/uwsgi.conf

@@ -0,0 +1,17 @@
+
+uwsgi_param  QUERY_STRING       $query_string;
+uwsgi_param  REQUEST_METHOD     $request_method;
+uwsgi_param  CONTENT_TYPE       $content_type;
+uwsgi_param  CONTENT_LENGTH     $content_length;
+
+uwsgi_param  REQUEST_URI        $request_uri;
+uwsgi_param  PATH_INFO          $document_uri;
+uwsgi_param  DOCUMENT_ROOT      $document_root;
+uwsgi_param  SERVER_PROTOCOL    $server_protocol;
+uwsgi_param  REQUEST_SCHEME     $scheme;
+uwsgi_param  HTTPS              $https if_not_empty;
+
+uwsgi_param  REMOTE_ADDR        $remote_addr;
+uwsgi_param  REMOTE_PORT        $remote_port;
+uwsgi_param  SERVER_PORT        $server_port;
+uwsgi_param  SERVER_NAME        $server_name;

.docker/.conf/supervisor/supervisord.conf

@@ -0,0 +1,15 @@
+[supervisord]
+nodaemon=true
+logfile=/dev/null
+logfile_maxbytes=0
+pidfile=/tmp/supervisord.pid
+
+
+[program:nginx]
+command=nginx -g 'daemon off;'
+stdout_logfile=/dev/stdout
+stdout_logfile_maxbytes=0
+stderr_logfile=/dev/stderr
+stderr_logfile_maxbytes=0
+autorestart=true
+startretries=3

.docker/Dockerfile

@@ -0,0 +1,20 @@
+####
+##
+##      Build a docker image out of the static html book generated by mdbook.
+##      Used by automation. Can be built manually for testing.
+##
+####
+FROM alpine:3.20
+RUN apk add nginx supervisor
+RUN mkdir -p /var/www
+RUN rm -rf /etc/nginx
+COPY dist /var/www/build
+COPY .conf/nginx /etc/nginx
+COPY .conf/supervisor/supervisord.conf /etc/supervisor/conf.d/supervisord.conf
+RUN chown -R nobody /var/www
+RUN chown -R nobody /etc/nginx
+RUN chown -R nobody /var/www/build
+RUN chown -R nobody /etc/supervisor/conf.d/
+USER nobody
+CMD ["/usr/bin/supervisord", "-c", "/etc/supervisor/conf.d/supervisord.conf"]
+EXPOSE 80

.gitea/workflows/deploy.yml

@@ -0,0 +1,127 @@
+name: Build and deploy website.
+on:
+  push:
+    branches:
+      - "master"
+
+jobs:
+  job1:
+    name: Build static site.
+    runs-on: catthehacker-ubuntu
+    steps:
+      -
+        name: Get current date
+        id: date
+        run: echo "::set-output name=date::$(date +'%Y%m%d%H%M%S')"
+      -
+        name: Set up docker buildx...
+        uses: https://github.com/docker/setup-buildx-action@v3
+      -
+        name: Login to gitea registry
+        uses: https://github.com/docker/login-action@v3
+        with:
+          registry: gitea.raer.me
+          username: ${{ secrets.REGISTRY_USERNAME }}
+          password: ${{ secrets.REGISTRY_TOKEN }}
+      -
+        name: Checkout the git repo...
+        uses: https://github.com/actions/checkout@v3
+        with:
+          ref: master
+      -
+        name: Checkout the docker build branch...
+        uses: https://github.com/actions/checkout@v3
+        with:
+          ref: master
+          path: docker
+      -
+        name: Install required system packages...
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          apt update
+          apt upgrade -y
+          apt install -y graphicsmagick p7zip-full
+      -
+        name: Use Node.js
+        uses: https://github.com/actions/setup-node@v2
+        with:
+          node-version: '14'
+      -
+        name: Install node dependencies
+        run: npm ci
+      -
+        name: Lint JS code
+        run: npm test
+      -
+        name: Build site
+        run: npm run build
+      -
+        name: Copy dist to docker...
+        run: npm cache clean --force;cp -a dist docker/.docker/dist
+      -
+        name: Use Node.js
+        uses: https://github.com/actions/setup-node@v2
+        with:
+          node-version: '20'
+      -
+        name: Build and push docker image to gitea package store
+        uses: https://github.com/docker/build-push-action@v5
+        with:
+          context: docker/.docker
+          push: true
+          platforms: linux/arm64
+          tags: gitea.raer.me/${{ gitea.repository }}:${{ gitea.ref_name }}
+      -
+        name: Create artifact...
+        run: 7z a -mx=9 artifact.7z dist
+      -
+        name: Upload artifact...
+        uses: https://github.com/actions/upload-artifact@v3
+        with:
+          name: build_artifact
+          path: artifact.7z
+          retention-days: 7
+  job2:
+    needs: job1
+    name: Connect to deployment host, update, and redeploy docs website.
+    runs-on: ubuntu-latest
+    steps:
+      -
+        name: Install required system packages...
+        run: |
+          export DEBIAN_FRONTEND=noninteractive
+          apt update
+          apt upgrade -y
+          apt install -y iputils-ping
+      -
+        name: Configure SSH...
+        env:
+          SSH_USER: ${{ secrets.DEPLOYMENT_USER }}
+          SSH_KEY: ${{ secrets.DEPLOYMENT_KEY }}
+          SSH_HOST: ${{ secrets.DEPLOYMENT_HOST }}
+        run: |
+          mkdir -p ~/.ssh/
+          echo "$SSH_KEY" > ~/.ssh/staging.key
+          chmod 600 ~/.ssh/staging.key
+          cat >> ~/.ssh/config <<END
+          Host staging
+            HostName $SSH_HOST
+            User $SSH_USER
+            IdentityFile ~/.ssh/staging.key
+            StrictHostKeyChecking no
+          END
+          cat ~/.ssh/config
+      -
+        name: Ping ssh host...
+        env:
+          SSH_HOST: ${{ secrets.DEPLOYMENT_HOST }}
+        run: |
+          ping -c 3 $SSH_HOST
+      -
+        name: Run deployment script...
+        env:
+          SSH_HOST: ${{ secrets.DEPLOYMENT_HOST }}
+        run:
+          ssh staging
+
+

.github/FUNDING.yml

@@ -1,3 +0,0 @@
-github: Twipped
-ko-fi:   curvyandtrans
-patreon: curvyandtrans

.github/dependabot.yml

@@ -1,11 +0,0 @@
-# To get started with Dependabot version updates, you'll need to specify which
-# package ecosystems to update and where the package manifests are located.
-# Please see the documentation for all configuration options:
-# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
-
-version: 2
-updates:
-  - package-ecosystem: "" # See documentation for possible values
-    directory: "/" # Location of package manifests
-    schedule:
-      interval: "weekly"

.github/workflows/build.yml

@@ -1,108 +0,0 @@
-name: Ensure Site Builds Cleanly
-on:
-  push:
-    branches: [ master ]
-
-jobs:
-  build-site:
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Install GraphicsMagick
-        run: sudo apt install graphicsmagick
-
-      - name: Install Chrome
-        run: |
-          wget https://dl.google.com/linux/direct/google-chrome-stable_current_amd64.deb
-          sudo apt install ./google-chrome-stable_current_amd64.deb
-
-      - name: Use Node.js ${{ matrix.node-version }}
-        uses: actions/setup-node@v2
-        with:
-          node-version: '14'
-          cache: 'npm'
-
-      - name: Restore node_modules cache
-        uses: actions/cache@v2
-        with:
-          path: node_modules
-          key: ${{ runner.os }}-node_modules-${{ hashFiles('**/package-lock.json') }}
-          restore-keys: |
-            ${{ runner.os }}-node_modules
-
-      - name: Restore Asset Cache
-        uses: actions/cache@v2
-        with:
-          key: if-cache
-          path: |
-            ./if-cache/*
-            ./if-cache.json
-            ./twitter-cache.json
-
-      - name: Install node dependencies
-        run: npm ci
-
-      - name: Lint JS code
-        run: npm test
-
-      - name: Build site
-        run: npm run build
-
-      - name: (EN) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/en.pdf" \
-          http://127.0.0.1:8080/en/printable/index.html
-
-      - name: (ZH) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/zh.pdf" \
-          http://127.0.0.1:8080/zh/printable/index.html
-
-      - name: (DE) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/de.pdf" \
-          http://127.0.0.1:8080/de/druckbar/index.html
-
-      - name: (HU) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/hu.pdf" \
-          http://127.0.0.1:8080/hu/nyomtathato/index.html
-
-      - name: (PL) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/pl.pdf" \
-          http://127.0.0.1:8080/pl/do-druku/index.html
-
-      - name: (PT) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/pt.pdf" \
-          http://127.0.0.1:8080/pt/imprimivel/index.html
-
-      - name: (FR) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/fr.pdf" \
-          http://127.0.0.1:8080/fr/a-imprimer/index.html
-
-      - name: (NL) Generate PDF from HTML
-        run: |
-          google-chrome --headless --print-to-pdf-no-header \
-          --run-all-compositor-stages-before-draw --print-to-pdf="${{ github.workspace }}/dist/nl.pdf" \
-          http://127.0.0.1:8080/nl/afdrukbaar/index.html
-
-      - name: List dist
-        run: ls -la ${{ github.workspace }}/dist
-
-      - name: Upload PDFs
-        uses: actions/upload-artifact@v3
-        with:
-          name: site-pdfs
-          path: |
-            ${{ github.workspace }}/dist/**.pdf

README.md

@@ -7,7 +7,7 @@ Site content such as essays and photo materials are copyright Jocelyn Badgley &
 
 ## How to use this repository
 
-The GDB is a static content site generated using a custom built framework written in Node.js. The majority of the code that drives the build process sits in the `build` directory. This code is activated via a [GulpJS](https://gulpjs.com/) command interface.
+The GDB is a static content site generated using a custom built framework written in Node.js. The majority of the code that drives the build process sits in the `build` directory. This code is activated via a [GulpJS](https://gulpjs.com/) command interface
 
 You do not need to be able to execute the generation code in order to contribute content. All site content is stored in the `public` folder, with the GDB content under `public/gdb`. Changes to this content can be done to anyone who is experienced with HTML and git source control.
 

public/en/index.md

@@ -11,6 +11,8 @@ siblings:
   nextCaption: What is Gender?
 ---
 
+This mirror is being hosted by a trans tech hobbyist for funsies.
+
 
 {!{
 {{import