Merge remote-tracking branch 'self/master'

.envrc

@@ -0,0 +1,3 @@
+source_url "https://raw.githubusercontent.com/cachix/devenv/d1f7b48e35e6dee421cfd0f51481d17f77586997/direnvrc" "sha256-YBzqskFZxmNb3kYVoKD9ZixoPXJh1C9ZvTLGFRkauZ0="
+
+use devenv

.github/workflows/infra.repo.dispatch.yml

@@ -0,0 +1,25 @@
+name: Infra Run
+
+on:
+  repository_dispatch:
+    types:
+      - infra_run
+
+jobs:
+  infra_run:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+      - uses: cachix/install-nix-action@v23
+      - uses: cachix/cachix-action@v12
+        with:
+          name: devenv
+      - name: Install devenv.sh
+        run: nix profile install tarball+https://install.devenv.sh/latest
+      - name: Build the devenv shell and run any pre-commit hooks
+        run: devenv ci
+      - name: devenv shell
+        shell: devenv shell bash -e {0}
+        run: |
+          terragrunt --version
+          echo ${{ github.event.client_payload }}

.github/workflows/infra.yml

@@ -0,0 +1,37 @@
+---
+name: infra
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [master]
+    paths:
+    - 'infra/**'
+    - 'resume/**'
+
+env:
+  OP_SERVICE_ACCOUNT_TOKEN: ${{ secrets.OP_SERVICE_ACCOUNT_TOKEN }}
+
+jobs:
+  deployment:
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    steps:
+    - uses: actions/checkout@v4
+    - uses: cachix/install-nix-action@v23
+    - uses: cachix/cachix-action@v12
+      with:
+        name: devenv
+    - name: Install devenv.sh
+      run: nix profile install tarball+https://install.devenv.sh/latest
+    - name: Build the devenv shell and run any pre-commit hooks
+      run: devenv ci
+    - name: devenv shell
+      shell: devenv shell bash -e {0}
+      run: |
+        op --version
+        terragrunt --version
+        curl -v https://tf.kaipov.com/self/infra/tfstate
+        ./scripts/run.sh infra/tfstate plan
+        ./scripts/run.sh infra/kaipov.com plan

.github/workflows/resume.yml

@@ -0,0 +1,66 @@
+---
+name: resume
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [master]
+    paths: [resume/**]
+  pull_request:
+    branches: [master]
+    paths: [resume/**]
+
+env:
+  tectonic_version: 0.8.0
+  commit_message_resume: 'gh-actions: add resume.pdf'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    outputs:
+      leave-comment: ${{ steps.push.outputs.committed && steps.push.outputs.pushed }}
+    steps:
+    - uses: actions/checkout@v2
+    - name: Download Tectonic
+      uses: wtfjoke/setup-tectonic@main
+      with:
+        tectonic-version: ${{ env.tectonic_version }}
+        github-token: ${{ secrets.GITHUB_TOKEN }}
+    - name: Cache Tectonic
+      uses: actions/cache@v2
+      env: {cache-name: cache-tectonic}
+      with:
+        path: ~/.cache/Tectonic
+        key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/*.tex') }}
+        restore-keys: |
+          ${{ runner.os }}-build-${{ env.cache-name }}-
+          ${{ runner.os }}-build-
+          ${{ runner.os }}-
+    - name: Build our resume
+      id: build
+      run: |
+        ./scripts/resume.build.sh
+        echo "::set-output name=msg::${{ env.commit_message_resume }}"
+    - name: Push that bitch up
+      id: push
+      if: ${{ success() && steps.build.outputs.msg != '' }}
+      uses: EndBug/add-and-commit@v7.1.2
+      with:
+        add: website/static
+        push: true
+        message: ${{ steps.build.outputs.msg }}
+        author_name: github-actions
+        author_email: 41898282+github-actions[bot]@users.noreply.github.com
+    - name: Leave a comment
+      if: |
+        success() &&
+        steps.push.outputs.committed == 'true' &&
+        steps.push.outputs.pushed == 'true'
+      uses: mshick/add-pr-comment@v1
+      with:
+        repo-token: ${{ secrets.GITHUB_TOKEN }}
+        repo-token-user-login: github-actions[bot]
+        message: |
+          ${{ env.commit_message_resume }}

.github/workflows/vercel.delete.deployments.yml

@@ -0,0 +1,13 @@
+name: Delete all non-production Vercel deployments
+
+on:
+  workflow_dispatch
+
+jobs:
+  clean:
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v2
+    - run: ./scripts/vercel.delete.deployments.sh
+      env:
+        VERCEL_TOKEN: ${{ secrets.VERCEL_TOKEN }}

.gitignore

@@ -0,0 +1,15 @@
+infra/**/terragrunt-debug.tfvars.json
+infra/**/.terraform
+infra/**/.terragrunt-cache
+infra/**/.terraform.lock.hcl
+infra/**/zz_generated.*.tf
+
+# Devenv
+.devenv*
+devenv.local.nix
+
+# direnv
+.direnv
+
+# pre-commit
+.pre-commit-config.yaml

.gitmodules

@@ -0,0 +1,3 @@
+[submodule "resume/moderncv"]
+	path = resume/moderncv
+	url = https://github.com/moderncv/moderncv.git

README.md

@@ -0,0 +1,59 @@
+# self
+
+## what is this?
+
+It's an overengineered and bundled monorepo for my personal website, resume, the
+infrastructure behind that, and the CI for all of it. If we want to get all
+metaphoric about it, it's a representation of self.
+
+## contents
+
+At a glance, the repo is organized as follows:
+
+| directory              | description                       |
+|------------------------|-----------------------------------|
+| [`infra`](./infra)     | Terragrunt and Terraform modules  |
+| [`resume`](./resume)   | Resume markup                     |
+| [`website`](./website) | Hugo static site config           |
+
+Please note the [`shell.nix`](./shell.nix) at the root of this repo. If any
+necessary tools are unavailable on our system, the tool will be invoked via
+a Nix shell.
+
+### `infra`
+
+Terraform state is stored in a Cloudflare Workers KV store. The backend had to
+be bootstrapped by the Terraform configuration in
+[`infra/tfstate`](./infra/tfstate). Yes, the state for the backend is stored in
+the very same infrastructure it spun up. If you ain't living dangerously, are
+you even living?
+
+The `infra/kaipov.com` module manages all the Cloudflare configuration for
+`kaipov.com` -- DNS records, routes, security, whatever.
+
+We can use `./script/run.sh` to manage our infrastructure too, e.g.:
+
+```console
+$ ./scripts/run.sh infra/kaipov.com plan
+$ ./scripts/run.sh infra/kaipov.com state show cloudflare_zone.kaipov
+```
+
+### resume
+
+The resume is written in TeX using the [`moderncv`](./resume/moderncv) class,
+with some of my own custom patches.
+
+Thanks to [Tectonic](https://github.com/tectonic-typesetting/tectonic), building
+the TeX document is astonglishly **not** a giant pain in the ass!
+Unbelievable--I know!
+Typically I'll run `./scripts/resume.dev.sh` and have _Sumatra
+PDF_ open on the side to get a live preview. When I'm done, the resume should
+already be moved into the appropriate place under `website` so that our Hugo
+site can serve it accordingly.
+
+### website
+
+The Hugo website is hosted on Cloudflare Pages (can you tell he's a fan of
+Cloudflare?). Despite not being the most feature-full and sophisticated static
+site host, Pages integrates well with the rest of the Cloudflare suite, so it's
+hard justifying the use of another provider!

devenv.lock

@@ -0,0 +1,156 @@
+{
+  "nodes": {
+    "devenv": {
+      "locked": {
+        "dir": "src/modules",
+        "lastModified": 1703939110,
+        "narHash": "sha256-GgjYWkkHQ8pUBwXX++ah+4d07DqOeCDaaQL6Ab86C50=",
+        "owner": "cachix",
+        "repo": "devenv",
+        "rev": "7354096fc026f79645fdac73e9aeea71a09412c3",
+        "type": "github"
+      },
+      "original": {
+        "dir": "src/modules",
+        "owner": "cachix",
+        "repo": "devenv",
+        "type": "github"
+      }
+    },
+    "flake-compat": {
+      "flake": false,
+      "locked": {
+        "lastModified": 1673956053,
+        "narHash": "sha256-4gtG9iQuiKITOjNQQeQIpoIB6b16fm+504Ch3sNKLd8=",
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "rev": "35bb57c0c8d8b62bbfd284272c928ceb64ddbde9",
+        "type": "github"
+      },
+      "original": {
+        "owner": "edolstra",
+        "repo": "flake-compat",
+        "type": "github"
+      }
+    },
+    "flake-utils": {
+      "inputs": {
+        "systems": "systems"
+      },
+      "locked": {
+        "lastModified": 1685518550,
+        "narHash": "sha256-o2d0KcvaXzTrPRIo0kOLV0/QXHhDQ5DTi+OxcjO8xqY=",
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "rev": "a1720a10a6cfe8234c0e93907ffe81be440f4cef",
+        "type": "github"
+      },
+      "original": {
+        "owner": "numtide",
+        "repo": "flake-utils",
+        "type": "github"
+      }
+    },
+    "gitignore": {
+      "inputs": {
+        "nixpkgs": [
+          "pre-commit-hooks",
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1660459072,
+        "narHash": "sha256-8DFJjXG8zqoONA1vXtgeKXy68KdJL5UaXR8NtVMUbx8=",
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "rev": "a20de23b925fd8264fd7fad6454652e142fd7f73",
+        "type": "github"
+      },
+      "original": {
+        "owner": "hercules-ci",
+        "repo": "gitignore.nix",
+        "type": "github"
+      }
+    },
+    "nixpkgs": {
+      "locked": {
+        "lastModified": 1703499205,
+        "narHash": "sha256-lF9rK5mSUfIZJgZxC3ge40tp1gmyyOXZ+lRY3P8bfbg=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "e1fa12d4f6c6fe19ccb59cac54b5b3f25e160870",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixpkgs-unstable",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "nixpkgs-stable": {
+      "locked": {
+        "lastModified": 1685801374,
+        "narHash": "sha256-otaSUoFEMM+LjBI1XL/xGB5ao6IwnZOXc47qhIgJe8U=",
+        "owner": "NixOS",
+        "repo": "nixpkgs",
+        "rev": "c37ca420157f4abc31e26f436c1145f8951ff373",
+        "type": "github"
+      },
+      "original": {
+        "owner": "NixOS",
+        "ref": "nixos-23.05",
+        "repo": "nixpkgs",
+        "type": "github"
+      }
+    },
+    "pre-commit-hooks": {
+      "inputs": {
+        "flake-compat": "flake-compat",
+        "flake-utils": "flake-utils",
+        "gitignore": "gitignore",
+        "nixpkgs": [
+          "nixpkgs"
+        ],
+        "nixpkgs-stable": "nixpkgs-stable"
+      },
+      "locked": {
+        "lastModified": 1703939133,
+        "narHash": "sha256-Gxe+mfOT6bL7wLC/tuT2F+V+Sb44jNr8YsJ3cyIl4Mo=",
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "rev": "9d3d7e18c6bc4473d7520200d4ddab12f8402d38",
+        "type": "github"
+      },
+      "original": {
+        "owner": "cachix",
+        "repo": "pre-commit-hooks.nix",
+        "type": "github"
+      }
+    },
+    "root": {
+      "inputs": {
+        "devenv": "devenv",
+        "nixpkgs": "nixpkgs",
+        "pre-commit-hooks": "pre-commit-hooks"
+      }
+    },
+    "systems": {
+      "locked": {
+        "lastModified": 1681028828,
+        "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
+        "owner": "nix-systems",
+        "repo": "default",
+        "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-systems",
+        "repo": "default",
+        "type": "github"
+      }
+    }
+  },
+  "root": "root",
+  "version": 7
+}