1. 18 Dec, 2020 1 commit
  2. 13 Dec, 2020 1 commit
  3. 07 Dec, 2020 2 commits
  4. 06 Dec, 2020 10 commits
    • doshitan's avatar
      Update to terraform 0.13 (as step to 0.14) · 766bc5f2
      doshitan authored
      766bc5f2
    • doshitan's avatar
      Update CloudFront Security Policy to TLSv1.2_2019 · 0495517f
      doshitan authored
      Drops support for the last few `TLS_RSA_*` ciphers, specifically:
      
      - TLS_RSA_WITH_AES_128_GCM_SHA256
      - TLS_RSA_WITH_AES_256_GCM_SHA384
      - TLS_RSA_WITH_AES_128_CBC_SHA256
      
      Which at this point in history, should not impact many systems.
      0495517f
    • doshitan's avatar
      files.doshitan.com infra · 13de3726
      doshitan authored
      13de3726
    • doshitan's avatar
      Allow Let's Encrypt to issue certs for doshitan.com · 911ca226
      doshitan authored
      And move CAA block towards the top of DNS stuff.
      911ca226
    • doshitan's avatar
      Minor terraform formatting tweaks · 684d2f36
      doshitan authored
      684d2f36
    • doshitan's avatar
      18fbb5b5
    • doshitan's avatar
      Switch CloudFront Lambda to origin-response · 6c8c3bde
      doshitan authored
      Actually been running this configuration for a year or so, but never
      committed it.
      
      `viewer-response` Lambdas are invoked for every response from CloudFront
      -> user, so the response after processing by the Lambda is not stored in
      CloudFront. Good for highly dynamic stuff. But also means the Lambda
      gets invoked on *every* response from CloudFront, which can add
      latency (and monetary cost).
      
      `origin-response` Lambdas are invoked for every response from the origin
      -> CloudFront, so the output *is* cached in CloudFront. This means the
      cost of the Lambda is only paid when CloudFront needs to reach back to
      the origin for a resource. But it also means if there are changes made
      the Lambda, will need to invalidate everything in CloudFront in order to
      pick up the changes uniformly.
      
      Since the current deploy process invalidates updated paths in
      CloudFront, we can set the cache control header for files that are not
      versioned by name, e.g., the HTML pages, to have a long cache lifetime
      in CloudFront (`s-maxage`), while ensuring browsers/users also check
      they are getting the latest content (`max-age=0,must-revalidate`)
      CloudFront has. Goal being to help CloudFront have to check with the
      origin as little as possible, should serve from it's cache immediately.
      6c8c3bde
    • doshitan's avatar
      9c8d65e1
    • doshitan's avatar
      Version assets in the correct order · 84880a34
      doshitan authored
      84880a34
    • doshitan's avatar
      flake-ify nix setup · acf3de1a
      doshitan authored
      Nix flakes are still experimental, but why not experiment.
      acf3de1a
  5. 15 Oct, 2020 1 commit
  6. 28 Sep, 2020 2 commits
  7. 27 Sep, 2020 2 commits
  8. 25 Sep, 2020 5 commits
  9. 23 May, 2020 1 commit
  10. 18 May, 2020 2 commits
  11. 11 Apr, 2020 2 commits
  12. 15 Mar, 2020 3 commits
  13. 15 Jan, 2020 2 commits
    • doshitan's avatar
      Pass absolute path to build in CI script · 78cb842f
      doshitan authored
      In particular the link checker is not happy with a relative path, but
      good practice anyway.
      78cb842f
    • doshitan's avatar
      Basic, but better nix syntax highlighting · 5d1e2f4e
      doshitan authored
      Previously nix code would used bash/shell highlighting (the bash
      definition lists `*.nix` as a supported extension), which is wrong and
      looks broken.
      
      This new definition is minimal, but at least differentiates comments,
      strings, and some built-ins. It can grow over time. Eventually hope to
      make it back up stream unless some else beats me to it.
      5d1e2f4e
  14. 04 Jan, 2020 3 commits
  15. 03 Jan, 2020 3 commits