Skip to content

GitLab

Switch branch/tag
  1. 18 Dec, 2020 1 commit
  3. 13 Dec, 2020 1 commit
  5. 07 Dec, 2020 2 commits
  7. 06 Dec, 2020 10 commits
    • doshitan's avatar
      Update to terraform 0.13 (as step to 0.14) · 766bc5f2
      doshitan authored
      766bc5f2
    • doshitan's avatar
      Update CloudFront Security Policy to TLSv1.2_2019 · 0495517f
      doshitan authored 
      Drops support for the last few `TLS_RSA_*` ciphers, specifically:

- TLS_RSA_WITH_AES_128_GCM_SHA256
- TLS_RSA_WITH_AES_256_GCM_SHA384
- TLS_RSA_WITH_AES_128_CBC_SHA256

Which at this point in history, should not impact many systems.
      0495517f
    • doshitan's avatar
      files.doshitan.com infra · 13de3726
      doshitan authored
      13de3726
    • doshitan's avatar
      Allow Let's Encrypt to issue certs for doshitan.com · 911ca226
      doshitan authored 
      And move CAA block towards the top of DNS stuff.
      911ca226
    • doshitan's avatar
      Minor terraform formatting tweaks · 684d2f36
      doshitan authored
      684d2f36
    • doshitan's avatar
      Use time period variables in makefile for clarity · 18fbb5b5
      doshitan authored
      18fbb5b5
    • doshitan's avatar
      Switch CloudFront Lambda to origin-response · 6c8c3bde
      doshitan authored 
      Actually been running this configuration for a year or so, but never
committed it.

`viewer-response` Lambdas are invoked for every response from CloudFront
-> user, so the response after processing by the Lambda is not stored in
CloudFront. Good for highly dynamic stuff. But also means the Lambda
gets invoked on *every* response from CloudFront, which can add
latency (and monetary cost).

`origin-response` Lambdas are invoked for every response from the origin
-> CloudFront, so the output *is* cached in CloudFront. This means the
cost of the Lambda is only paid when CloudFront needs to reach back to
the origin for a resource. But it also means if there are changes made
the Lambda, will need to invalidate everything in CloudFront in order to
pick up the changes uniformly.

Since the current deploy process invalidates updated paths in
CloudFront, we can set the cache control header for files that are not
versioned by name, e.g., the HTML pages, to have a long cache lifetime
in CloudFront (`s-maxage`), while ensuring browsers/users also check
they are getting the latest content (`max-age=0,must-revalidate`)
CloudFront has. Goal being to help CloudFront have to check with the
origin as little as possible, should serve from it's cache immediately.
      6c8c3bde
    • doshitan's avatar
      Remove dependency on the makefile for content package · 9c8d65e1
      doshitan authored
      9c8d65e1
    • doshitan's avatar
      Version assets in the correct order · 84880a34
      doshitan authored
      84880a34
    • doshitan's avatar
      flake-ify nix setup · acf3de1a
      doshitan authored 
      Nix flakes are still experimental, but why not experiment.
      acf3de1a
  9. 15 Oct, 2020 1 commit
  11. 28 Sep, 2020 2 commits
  13. 27 Sep, 2020 2 commits
  15. 25 Sep, 2020 5 commits
  17. 23 May, 2020 1 commit
  19. 18 May, 2020 2 commits
  21. 11 Apr, 2020 2 commits
  23. 15 Mar, 2020 3 commits
  25. 15 Jan, 2020 2 commits
    • doshitan's avatar
      Pass absolute path to build in CI script · 78cb842f
      doshitan authored 
      In particular the link checker is not happy with a relative path, but
good practice anyway.
      78cb842f
    • doshitan's avatar
      Basic, but better nix syntax highlighting · 5d1e2f4e
      doshitan authored 
      Previously nix code would used bash/shell highlighting (the bash
definition lists `*.nix` as a supported extension), which is wrong and
looks broken.

This new definition is minimal, but at least differentiates comments,
strings, and some built-ins. It can grow over time. Eventually hope to
make it back up stream unless some else beats me to it.
      5d1e2f4e
  27. 04 Jan, 2020 3 commits
  29. 03 Jan, 2020 3 commits