n4vysh.dev

This repository contains the source code of the website to show technical skillsets and expertise.

Clearnet	Darknet
https://n4vysh.dev	https://xdd456duxxh47o3uxu2ql3lj76i6e7paofm7shfts2p6gavqbvngfpqd.onion

Features

• Immutable infrastructure with Docker
• Infrastructure as Code with Terraform and Terragrunt
• Policy as Code with Rego
• CIOps with GitHub Actions
• DevSecOps with terrascan, Trivy and checkov

Website specifications

Common

• Static Site Generation with Next.js

Clearnet

• Score 100% on Google PageSpeed Insights
• Support Onion-Location header
• Deploy with Vercel

Darknet

• Run Nginx and tor as unprivileged user
• Run Onion Services over Unix sockets and s6-overlay
• Deploy with Fly.io

Requirements

Need Linux (64-bit) machine and following tools.

Name	Description	Version
direnv	Shell extension	~> 2.32.3
devbox	Version manager	~> 0.10.4
Docker	Virtualization software	~> 20.10.14

Suggest use Editor or IDE that supports EditorConfig, LSP, formatter, and linter. For windows or macos user, suggest use WSL or Lima. Probably it works.

Development setup

Preview and edit the website on local machine as follows:

1. Download binary of direnv with system package manager
2. Setup shell hook of direnv
3. Setup Nix for devbox
4. Download binary of devbox
5. Download docker client and start docker daemon
6. Download git client with system package manager
7. Clone this repository on local machine
8. Go to the project root directory of this repository in terminal
9. Run ./scripts/install-packages.bash to install packages via devbox and mise

frontend - clearnet:

1. Run cd frontend/ to change frontend directory
2. Run pnpm dev to start the server of Next.js in development mode
3. Open http://localhost:3000/ in browser
4. After done with the preview, press Ctrl-C in terminal to stop the server

While the preview is running, edit tsx and css files and automatically rebuild them. Suggest IDE or editor setup with TypeScript Language Server and eslint installed by pnpm.

frontend - darknet:

1. Run cd frontend/ to change frontend directory
2. Run just to build container image and start the server
3. Run just url to show onion address and open in Tor Browser
4. After done with the preview, press Ctrl-C in terminal to stop the server

infra:

Suggest IDE or editor setup with terraform-ls and yamllint installed by mise.

---

Use Conventional Commits 1.0.0 when create commits.

Test

Run just test to lint and format the source code with lefthook. lefthook run following tools.

Name	Target type
eslint	js, ts, and tsx
yamllint	YAML files
taplo	TOML files
just	justfile
markdownlint + markdown-link-check	Markdown files
vale	prose
shfmt + shellharden + shellcheck	shell scripts
commitlint	commit messages
gitleaks	secrets
typos	misspellings
actionlint	GitHub Actions workflow files
terraform fmt + terraform validate + terrascan + trivy + tflint + terraform-docs + checkov	tf files
terragrunt hclfmt	terragrunt.hcl

Update

Renovate create update pull requests every 3 months on the first day of the month.

List

Run just list to list available commands in command runner.

Deploy

Run ENV=prd just deploy to deploy server resources with Terraform and Terragrunt. Terragrunt use following terraform modules.

Tier	Name
Verified	terraform-aws-modules/iam/aws//modules/iam-assumable-role-with-oidc
Verified	terraform-aws-modules/iam/aws//modules/iam-policy
Verified	terraform-aws-modules/route53/aws//modules/delegation-sets
Verified	terraform-aws-modules/route53/aws//modules/records
Verified	terraform-aws-modules/route53/aws//modules/zones
Self‐made	aws-iam-idp
Self‐made	aws-route53-dnssec

Self-made modules follow Terraform Best Practices. Terragrunt show cost estimate with infracost and check budget with conftest after the call to Terraform.

License

Icon distributed under the CC-BY 4.0. All other files distributed under the Unlicense. See the LICENSE file and UNLICENSE file for details.