initial commit

8 files changed, 439 insertions, 0 deletions

diff --git a/infra/README.md b/infra/README.md
new file mode 100644
index 0000000..5b76059
--- /dev/null
+++ b/infra/README.md
@@ -0,0 +1,24 @@
+# Infrastructure
+
+Let's encrypt only supports up to 100 domains
+per certificate so the country TLDs are split up
+into three files:
+
+* ccTLDs1
+* ccTLDs2
+* ccTLDs3
+
+```
+sudo certbot -d lex.surf
+sudo certbot --cert-name cc1.lex.surf $(for tld in `cat ccTLDs1`; do echo -d $tld.lex.surf; done)
+sudo certbot --cert-name cc2.lex.surf $(for tld in `cat ccTLDs2`; do echo -d $tld.lex.surf; done)
+sudo certbot --cert-name cc3.lex.surf $(for tld in `cat ccTLDs3`; do echo -d $tld.lex.surf; done)
+```
+
+Generate NGINX `server_name` rules with:
+
+```
+printf '%s' $(for tld in `cat ccTLDs2`; do echo "$tld|"; done)
+```
+
+`/var/www/lex.surf` must be a symlink pointing to this repository.
diff --git a/infra/ccTLDs1 b/infra/ccTLDs1
new file mode 100644
index 0000000..9c1652a
--- /dev/null
+++ b/infra/ccTLDs1
@@ -0,0 +1,83 @@
+ac
+ad
+ae
+af
+ag
+ai
+al
+am
+ao
+aq
+ar
+as
+at
+au
+aw
+ax
+az
+ba
+bb
+bd
+be
+bf
+bg
+bh
+bi
+bj
+bl
+bm
+bn
+bo
+bq
+br
+bs
+bt
+bv
+bw
+by
+bz
+ca
+cc
+cd
+cf
+cg
+ch
+ci
+ck
+cl
+cm
+cn
+co
+cr
+cu
+cv
+cw
+cx
+cy
+cz
+de
+dj
+dk
+dm
+do
+dz
+ec
+ee
+eg
+eh
+er
+es
+et
+eu
+fi
+fj
+fk
+fm
+fo
+fr
+ga
+gd
+ge
+gf
+gg
+gh
diff --git a/infra/ccTLDs2 b/infra/ccTLDs2
new file mode 100644
index 0000000..59ace82
--- /dev/null
+++ b/infra/ccTLDs2
@@ -0,0 +1,84 @@
+gi
+gl
+gm
+gn
+gp
+gq
+gr
+gs
+gt
+gu
+gw
+gy
+hk
+hm
+hn
+hr
+ht
+hu
+id
+ie
+il
+im
+in
+io
+iq
+ir
+is
+it
+je
+jm
+jo
+jp
+ke
+kg
+kh
+ki
+km
+kn
+kp
+kr
+kw
+ky
+kz
+la
+lb
+lc
+li
+lk
+lr
+ls
+lt
+lu
+lv
+ly
+ma
+mc
+md
+me
+mf
+mg
+mh
+mk
+ml
+mm
+mn
+mo
+mp
+mq
+mr
+ms
+mt
+mu
+mv
+mw
+mx
+my
+mz
+na
+nc
+ne
+nf
+ng
+ni
+nl
diff --git a/infra/ccTLDs3 b/infra/ccTLDs3
new file mode 100644
index 0000000..3346214
--- /dev/null
+++ b/infra/ccTLDs3
@@ -0,0 +1,84 @@
+no
+np
+nr
+nu
+nz
+om
+pa
+pe
+pf
+pg
+ph
+pk
+pl
+pm
+pn
+pr
+ps
+pt
+pw
+py
+qa
+re
+ro
+rs
+ru
+rw
+sa
+sb
+sc
+sd
+se
+sg
+sh
+si
+sj
+sk
+sl
+sm
+sn
+so
+sr
+ss
+st
+su
+sv
+sx
+sy
+sz
+tc
+td
+tf
+tg
+th
+tj
+tk
+tl
+tm
+tn
+to
+tr
+tt
+tv
+tw
+tz
+ua
+ug
+uk
+us
+uy
+uz
+va
+vc
+ve
+vg
+vi
+vn
+vu
+wf
+ws
+ye
+yt
+za
+zm
+zw
diff --git a/infra/githooks/post-receive b/infra/githooks/post-receive
new file mode 100755
index 0000000..527b5b1
--- /dev/null
+++ b/infra/githooks/post-receive
@@ -0,0 +1,4 @@
+#!/bin/bash
+cd ..
+go build lexsurf.go
+sudo systemctl restart lexsurf
diff --git a/infra/lexsurf.service b/infra/lexsurf.service
new file mode 100644
index 0000000..3cdf6e4
--- /dev/null
+++ b/infra/lexsurf.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=lex.surf
+
+[Service]
+WorkingDirectory=/var/www/lex.surf/
+ExecStart=/var/www/lex.surf/lexsurf
+Restart=always
+RestartSec=30
+
+[Install]
+WantedBy=default.target
diff --git a/infra/nginx/lex.surf_dev b/infra/nginx/lex.surf_dev
new file mode 100644
index 0000000..a00ebba
--- /dev/null
+++ b/infra/nginx/lex.surf_dev
@@ -0,0 +1,35 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name lex.localhost;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host lex.localhost;
+	}
+
+	root /var/www/lex.surf;
+
+	location /assets/ {
+		try_files $uri =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ~^(?<cc>[a-z]+).lex.localhost$;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $cc.lex.localhost;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
diff --git a/infra/nginx/lex.surf_prod b/infra/nginx/lex.surf_prod
new file mode 100644
index 0000000..7d49f63
--- /dev/null
+++ b/infra/nginx/lex.surf_prod
@@ -0,0 +1,114 @@
+server {
+	listen 80;
+	listen [::]:80;
+	server_name lex.surf;
+	return 301 https://$host$request_uri;
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name lex.surf;
+
+    ssl_certificate /etc/letsencrypt/live/lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location /assets/ {
+		try_files $uri =404;
+	}
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ~^(ac|ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gd|ge|gf|gg|gh|gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl|no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw).lex.surf$;
+    return 301 https://$host$request_uri;
+}
+
+server {
+	listen 80;
+	listen [::]:80;
+	server_name ~\.lex\.surf$;
+	return 302 https://lex.surf/cc404;
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name ~^(?<cc>ac|ad|ae|af|ag|ai|al|am|ao|aq|ar|as|at|au|aw|ax|az|ba|bb|bd|be|bf|bg|bh|bi|bj|bl|bm|bn|bo|bq|br|bs|bt|bv|bw|by|bz|ca|cc|cd|cf|cg|ch|ci|ck|cl|cm|cn|co|cr|cu|cv|cw|cx|cy|cz|de|dj|dk|dm|do|dz|ec|ee|eg|eh|er|es|et|eu|fi|fj|fk|fm|fo|fr|ga|gd|ge|gf|gg|gh).lex.surf$;
+
+    ssl_certificate /etc/letsencrypt/live/cc1.lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cc1.lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name ~^(?<cc>gi|gl|gm|gn|gp|gq|gr|gs|gt|gu|gw|gy|hk|hm|hn|hr|ht|hu|id|ie|il|im|in|io|iq|ir|is|it|je|jm|jo|jp|ke|kg|kh|ki|km|kn|kp|kr|kw|ky|kz|la|lb|lc|li|lk|lr|ls|lt|lu|lv|ly|ma|mc|md|me|mf|mg|mh|mk|ml|mm|mn|mo|mp|mq|mr|ms|mt|mu|mv|mw|mx|my|mz|na|nc|ne|nf|ng|ni|nl).lex.surf$;
+
+    ssl_certificate /etc/letsencrypt/live/cc2.lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cc2.lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}
+
+server {
+    listen [::]:443 ssl;
+    listen 443 ssl;
+	server_name ~^(?<cc>no|np|nr|nu|nz|om|pa|pe|pf|pg|ph|pk|pl|pm|pn|pr|ps|pt|pw|py|qa|re|ro|rs|ru|rw|sa|sb|sc|sd|se|sg|sh|si|sj|sk|sl|sm|sn|so|sr|ss|st|su|sv|sx|sy|sz|tc|td|tf|tg|th|tj|tk|tl|tm|tn|to|tr|tt|tv|tw|tz|ua|ug|uk|us|uy|uz|va|vc|ve|vg|vi|vn|vu|wf|ws|ye|yt|za|zm|zw).lex.surf$;
+
+    ssl_certificate /etc/letsencrypt/live/cc3.lex.surf/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/cc3.lex.surf/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+	location / {
+		proxy_pass http://127.0.0.1:8000;
+		proxy_set_header Host $host;
+	}
+
+	root /var/www/lex.surf;
+
+	location = /laws.json {
+		gzip on;
+		gzip_types *;
+		try_files /laws/$cc.json =404;
+	}
+}