use just as a task runner

author: Franck Cuny <franck@fcuny.net> 2024-07-19 17:31:22 -0700
committer: Franck Cuny <franck@fcuny.net> 2024-07-19 17:31:22 -0700
commit: 8e3e7a0c4551583493e212d70449cee308ef04c0 (patch)
tree: 61eadc2daa598a145e54190fcbcf14c759d5eccc
parent: check for broken links (diff)
download: fcuny.net-8e3e7a0c4551583493e212d70449cee308ef04c0.tar.gz
6 files changed, 95 insertions, 144 deletions
diff --git a/content/blog/tailscale-docker-https.md b/content/blog/tailscale-docker-https.md
index 9a836d9..5a40809 100644
--- a/content/blog/tailscale-docker-https.md
+++ b/content/blog/tailscale-docker-https.md
@@ -20,23 +20,25 @@ The public domain I'm using is managed through [Google Cloud Domain](https://clo
 
 For routing the traffic I use [traefik](https://traefik.io/). The configuration for traefik looks like this:
 
-    global:
-      sendAnonymousUsage: false
-    providers:
-      docker:
-        exposedByDefault: false
-    entryPoints:
-      http:
-        address: ":80"
-      https:
-        address: ":443"
-    certificatesResolvers:
-      dash:
-        acme:
-          email: franck@fcuny.net
-          storage: acme.json
-          dnsChallenge:
-            provider: gcloud
+```yaml
+global:
+  sendAnonymousUsage: false
+providers:
+  docker:
+    exposedByDefault: false
+entryPoints:
+  http:
+    address: ":80"
+  https:
+    address: ":443"
+certificatesResolvers:
+  dash:
+    acme:
+      email: franck@fcuny.net
+      storage: acme.json
+      dnsChallenge:
+        provider: gcloud
+```
 
 The important bit here is the `certificatesResolvers` part. I'll be using the [dnsChallenge](https://doc.traefik.io/traefik/user-guides/docker-compose/acme-dns/) instead of the [httpChallenge](https://doc.traefik.io/traefik/user-guides/docker-compose/acme-http/) to obtain the certificate from let's encrypt. For this to work, I need to specify the `provider` to be [gcloud](https://go-acme.github.io/lego/dns/gcloud/). I'll also need a service account (see [this doc](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application) to create it). I run `traefik` in a docker container, and the `systemd` unit file is below. The required bits for using the `dnsChallenge` with `gcloud` are:
 
@@ -44,7 +46,7 @@ The important bit here is the `certificatesResolvers` part. I'll be using the [d
 - the environment variable `GCP_PROJECT`: the name of the GCP project
 - mounting the service account file inside the container (I store it on the host under `/data/containers/traefik/config/sa.json`)
 
-```systemd
+```ini
 [Unit]
 Description=traefik proxy
 Documentation=https://doc.traefik.io/traefik/
@@ -77,45 +79,47 @@ WantedBy=multi-user.target
 
 As an example, I run [grafana](https://grafana.com/) on my home network to view metrics from the various containers / hosts. Let's pretend I use `example.net` as my domain. I want to be able to access `grafana` via <https://dash.example.net>. Here's the `systemd` unit configuration I use for this:
 
-    [Unit]
-    Description=Grafana in a docker container
-    Documentation=https://grafana.com/docs/
-    After=docker.service
-    Requires=docker.service
-
-    [Service]
-    Restart=on-failure
-    RuntimeDirectory=grafana
-    ExecStartPre=-/usr/bin/docker kill grafana-server
-    ExecStartPre=-/usr/bin/docker rm grafana-server
-    ExecStartPre=-/usr/bin/docker pull grafana/grafana:latest
-
-    ExecStart=/usr/bin/docker run \
-      -p 3000:3000 \
-      -e TZ='America/Los_Angeles' \
-      --name grafana-server \
-      -v /data/containers/grafana/etc/grafana:/etc/grafana \
-      -v /data/containers/grafana/var/lib/grafana:/var/lib/grafana \
-      -v /data/containers/grafana/var/log/grafana:/var/log/grafana \
-      --user=grafana \
-      --label traefik.enable=true \
-      --label traefik.http.middlewares.grafana-https-redirect.redirectscheme.scheme=https \
-      --label traefik.http.middlewares.grafana-https-redirect.redirectscheme.permanent=true \
-      --label traefik.http.routers.grafana-http.rule=Host(`dash.example.net`) \
-      --label traefik.http.routers.grafana-http.entrypoints=http \
-      --label traefik.http.routers.grafana-http.service=grafana-svc \
-      --label traefik.http.routers.grafana-http.middlewares=grafana-https-redirect \
-      --label traefik.http.routers.grafana-https.rule=Host(`dash.example.net`) \
-      --label traefik.http.routers.grafana-https.entrypoints=https \
-      --label traefik.http.routers.grafana-https.tls=true \
-      --label traefik.http.routers.grafana-https.tls.certresolver=dash \
-      --label traefik.http.routers.grafana-https.service=grafana-svc \
-      --label traefik.http.services.grafana-svc.loadbalancer.server.port=3000 \
-      grafana/grafana:latest
-
-    ExecStop=/usr/bin/docker stop unifi-controller
-
-    [Install]
-    WantedBy=multi-user.target
+```ini
+[Unit]
+Description=Grafana in a docker container
+Documentation=https://grafana.com/docs/
+After=docker.service
+Requires=docker.service
+
+[Service]
+Restart=on-failure
+RuntimeDirectory=grafana
+ExecStartPre=-/usr/bin/docker kill grafana-server
+ExecStartPre=-/usr/bin/docker rm grafana-server
+ExecStartPre=-/usr/bin/docker pull grafana/grafana:latest
+
+ExecStart=/usr/bin/docker run \
+  -p 3000:3000 \
+  -e TZ='America/Los_Angeles' \
+  --name grafana-server \
+  -v /data/containers/grafana/etc/grafana:/etc/grafana \
+  -v /data/containers/grafana/var/lib/grafana:/var/lib/grafana \
+  -v /data/containers/grafana/var/log/grafana:/var/log/grafana \
+  --user=grafana \
+  --label traefik.enable=true \
+  --label traefik.http.middlewares.grafana-https-redirect.redirectscheme.scheme=https \
+  --label traefik.http.middlewares.grafana-https-redirect.redirectscheme.permanent=true \
+  --label traefik.http.routers.grafana-http.rule=Host(`dash.example.net`) \
+  --label traefik.http.routers.grafana-http.entrypoints=http \
+  --label traefik.http.routers.grafana-http.service=grafana-svc \
+  --label traefik.http.routers.grafana-http.middlewares=grafana-https-redirect \
+  --label traefik.http.routers.grafana-https.rule=Host(`dash.example.net`) \
+  --label traefik.http.routers.grafana-https.entrypoints=https \
+  --label traefik.http.routers.grafana-https.tls=true \
+  --label traefik.http.routers.grafana-https.tls.certresolver=dash \
+  --label traefik.http.routers.grafana-https.service=grafana-svc \
+  --label traefik.http.services.grafana-svc.loadbalancer.server.port=3000 \
+  grafana/grafana:latest
+
+ExecStop=/usr/bin/docker stop unifi-controller
+
+[Install]
+WantedBy=multi-user.target
+```
 
 Now I can access my grafana instance via HTTPS (and <http://dash.example.net> would redirect to HTTPS) while my tailscale interface is up on the machine I'm using (e.g. my desktop or my phone).
diff --git a/flake.lock b/flake.lock
index cb3c0ca..1cf2d9f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -103,22 +103,6 @@
         "type": "github"
       }
     },
-    "nixpkgs_3": {
-      "locked": {
-        "lastModified": 1719690277,
-        "narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
-        "owner": "nixos",
-        "repo": "nixpkgs",
-        "rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nixos",
-        "ref": "nixos-unstable",
-        "repo": "nixpkgs",
-        "type": "github"
-      }
-    },
     "pre-commit-hooks": {
       "inputs": {
         "flake-compat": "flake-compat",
@@ -144,8 +128,7 @@
       "inputs": {
         "flake-utils": "flake-utils",
         "nixpkgs": "nixpkgs",
-        "pre-commit-hooks": "pre-commit-hooks",
-        "treefmt-nix": "treefmt-nix"
+        "pre-commit-hooks": "pre-commit-hooks"
       }
     },
     "systems": {
@@ -162,24 +145,6 @@
         "repo": "default",
         "type": "github"
       }
-    },
-    "treefmt-nix": {
-      "inputs": {
-        "nixpkgs": "nixpkgs_3"
-      },
-      "locked": {
-        "lastModified": 1719887753,
-        "narHash": "sha256-p0B2r98UtZzRDM5miGRafL4h7TwGRC4DII+XXHDHqek=",
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "rev": "bdb6355009562d8f9313d9460c0d3860f525bc6c",
-        "type": "github"
-      },
-      "original": {
-        "owner": "numtide",
-        "repo": "treefmt-nix",
-        "type": "github"
-      }
     }
   },
   "root": "root",
diff --git a/flake.nix b/flake.nix
index ac945a4..7a250c3 100644
--- a/flake.nix
+++ b/flake.nix
@@ -5,38 +5,14 @@
     nixpkgs.url = "github:nixos/nixpkgs/master";
     flake-utils.url = "github:numtide/flake-utils";
     pre-commit-hooks.url = "github:cachix/pre-commit-hooks.nix";
-    treefmt-nix.url = "github:numtide/treefmt-nix";
   };
 
-  outputs = { self, nixpkgs, flake-utils, pre-commit-hooks, treefmt-nix, }:
+  outputs = { self, nixpkgs, flake-utils, pre-commit-hooks, }:
     flake-utils.lib.eachDefaultSystem (system:
       let
         pkgs = nixpkgs.legacyPackages.${system};
-        treefmtEval = treefmt-nix.lib.evalModule pkgs ./treefmt.nix;
       in
       {
-        formatter = treefmtEval.config.build.wrapper;
-
-        packages = {
-          default = with pkgs;
-            stdenv.mkDerivation {
-              pname = "fcuny.net";
-              version = self.lastModifiedDate;
-              src = ./.;
-              buildInputs = [ zola git ];
-              buildPhase = ''
-                mkdir -p $out
-                ${pkgs.zola}/bin/zola build -o $out -f
-              '';
-              dontInstall = true;
-            };
-          zola = pkgs.writeShellScriptBin "zola" ''
-            set -euo pipefail
-            export PATH=${pkgs.lib.makeBinPath [ pkgs.zola pkgs.git ]}
-            zola serve
-          '';
-        };
-
         checks = {
           pre-commit-check = pre-commit-hooks.lib.${system}.run {
             src = ./.;
@@ -49,19 +25,11 @@
               actionlint.enable = true;
             };
           };
-          formatting = treefmtEval.config.build.check self;
-        };
-
-        apps = {
-          default = {
-            type = "app";
-            program = "${self.packages."${system}".zola}/bin/zola";
-          };
         };
 
         devShells.default = pkgs.mkShell {
           inherit (self.checks.${system}.pre-commit-check) shellHook;
-          buildInputs = with pkgs; [ zola git treefmt lychee ];
+          buildInputs = with pkgs; [ zola git treefmt lychee just taplo nodePackages.prettier ];
         };
       });
 }
diff --git a/justfile b/justfile
new file mode 100644
index 0000000..5e383e8
--- /dev/null
+++ b/justfile
@@ -0,0 +1,14 @@
+run:
+  zola serve
+
+build:
+  zola build
+
+fmt:
+  treefmt
+
+check-links: build
+  lychee ./docs/**/*.html
+
+update-deps:
+  nix flake update --commit-lock-file
diff --git a/treefmt.nix b/treefmt.nix
deleted file mode 100644
index 2fecfa5..0000000
--- a/treefmt.nix
+++ /dev/null
@@ -1,16 +0,0 @@
-{
-  projectRootFile = "flake.nix";
-  programs = {
-    nixpkgs-fmt.enable = true; # nix
-    taplo.enable = true; # toml
-    yamlfmt.enable = true; # yaml
-    prettier.enable = true; # css
-  };
-  settings.formatter = {
-    prettier = {
-      includes = [ "*.css" "*.md" ];
-      excludes = [ "*.html" ];
-      options = [ "-w" ];
-    };
-  };
-}
diff --git a/treefmt.toml b/treefmt.toml
new file mode 100644
index 0000000..ece9c3e
--- /dev/null
+++ b/treefmt.toml
@@ -0,0 +1,16 @@
+[formatter.nix]
+command = "nixpkgs-fmt"
+includes = ["*.nix"]
+
+[formatter.toml]
+command  = "taplo"
+options  = ["format", "$@"]
+includes = ["*.toml"]
+
+[formatter.prettier]
+command = "prettier"
+options = ["--write"]
+includes = [
+  "*.css",
+  "*.md",
+]
author	Franck Cuny <franck@fcuny.net>	2024-07-19 17:31:22 -0700
committer	Franck Cuny <franck@fcuny.net>	2024-07-19 17:31:22 -0700
commit	8e3e7a0c4551583493e212d70449cee308ef04c0 (patch)
tree	61eadc2daa598a145e54190fcbcf14c759d5eccc
parent	check for broken links (diff)
download	fcuny.net-8e3e7a0c4551583493e212d70449cee308ef04c0.tar.gz