hi, i'm rob

giteagrenade/moments

Rust 58.2%TypeScript 26.8%Shell 11.6%CSS 1.4%JavaScript 1.3%HTML 0.7%

moments

personal activity timeline and portfolio site. polls public sources (github, gitea, mercurial, bugzilla), stores raw payloads in postgres, and serves a dashboard + project detail views to a react frontend.

successor to the now-defunct grenade-events-react, which depended on mongodb stitch (retired by mongodb in september 2022).

layout

crates/
  moments-entities/   # types and dtos (event, source, project/daily summaries)
  moments-core/       # ingestion traits, presentation reshape, poller loop
  moments-data/       # postgres adapter, migrations, all event-source impls
  moments-api/        # axum read-only http api + forge proxy + og image (binary)
  moments-worker/     # ingestion daemon (binary)
ui/                   # vite + react + swc + typescript frontend
asset/                # systemd, nginx, firewalld, manifest.yml
script/
  deploy.sh           # manifest-driven deploy to prod
  hg-ingest.sh        # one-shot local hg clone + psql ingest
  certify.sh          # letsencrypt cert management
  teardown.sh         # service removal
  db-perms.sh         # postgres role + ident setup

architectural conventions follow grenade/architecture/generic.md.

data sources

sourceimplendpointnotes
github eventsgithub.rs/users/{user}/eventslast 90 days, etag-optimised polling
github searchgithub_search.rs/search/commits + /search/issueshistorical backfill, 1000-result cap
github repogithub_repo.rs/user/repos + /repos/{o}/{r}/commitsfull commit history, no cap, weekly poll
giteagitea.rsuser + org activity feedsauto-discovers orgs, filters by user
mercurialhg.rsjson-log?rev=author()revset-based, one-shot backfill then skip
bugzillabugzilla.rs/rest/bug?creator=mozilla bugzilla

hg repos are archived (mozilla retired hg). the worker skips hg after the first successful scan. for bulk ingestion, script/hg-ingest.sh clones repos locally and inserts via psql, avoiding rate limits on hg-edge.mozilla.org.

frontend routes

pathpagedescription
/ or /dashdashboardcontribution graphs (daily + all-time weekly) + ranked project cards with forge icons and language info
/activitytimelinefilterable activity feed with source toggles, date range slider, and event limit
/activity/:timespantimelinepre-filtered by date (YYYY-MM-DD) or range (YYYY-MM-DD..YYYY-MM-DD)
/project/:source/*project detailrepo readme, language breakdown bar, per-repo activity timeline
/cvresumeloaded from github gist, markdown-rendered

shared layout provides nav header (dash, activity, cv + external links) and footer across all routes.

api endpoints

methodpathdescription
GET/v1/healthzliveness probe
GET/v1/events?from=&to=&source=&repo=&limit=reshaped timeline items
GET/v1/sourcesper-source summary (count, earliest, latest)
GET/v1/projectsper-repo aggregated stats (commits, issues, prs, date range)
GET/v1/activity/daily?from=&to=per-day event counts for contribution graphs
GET/v1/forge/{source}/*?host=proxy to github/gitea apis (avoids cors)
GET/v1/og/contributions.pngserver-rendered contribution graph as png (resvg)

the og image endpoint renders the all-time weekly contribution graph as svg, rasterizes to png via resvg, and serves it with a 1-hour cache. used as the og:image meta tag for social media previews.

local development

cargo build --workspace
cargo run -p moments-api      # serves on 127.0.0.1:8080
cargo run -p moments-worker   # starts all pollers
cd ui && npm install && npm run dev  # vite dev server on :5173

the api expects a postgres reachable at DATABASE_URL. in production this is an mtls connection using the host cert. for local dev against a throwaway database:

DATABASE_URL=postgres://localhost/moments cargo run -p moments-api

migrations live in crates/moments-data/migrations/ and run automatically on worker startup. the api connects as moments_ro and never runs migrations — the worker (as moments_rw) is the schema owner.

deployment

./script/deploy.sh <env> all          # api + worker + web
./script/deploy.sh <env> api worker   # subset
./script/deploy.sh <env> default      # api + web only (worker untouched)
./script/deploy.sh <env> all --dry-run

concrete hosts, ports, and the site's server_name live in asset/manifest.yml. the shape of the deployment:

componentnotes
apibinds the port from api.config.bind; firewalld service moments-api
workerno listening port; pollers only
webper-site nginx ingress; /api/* reverse-proxies to the api host
dbpostgres mtls, passwordless

postgres roles moments_rw and moments_ro must exist on the primary, with pg_ident.conf.d/<host>.conf mapping the api host's fqdn to moments_ro and the worker host's fqdn to moments_rw. see asset/sql/bootstrap-moments.sql, asset/postgres/ident.conf.tmpl, and script/db-perms.sh.

secrets are resolved at deploy time via pass. the mapping of env-var name to pass-store path lives under worker.secrets in manifest.yml; deploy.sh iterates the map, fetches each secret, and substitutes the matching {{NAME}} placeholder in worker.env.tmpl.

environment variables

worker

variabledefaultdescription
DATABASE_URLrequiredpostgres connection string
GITHUB_USERgrenadegithub username
GITHUB_TOKENoptionalgithub pat for higher rate limits + private events
POLL_INTERVAL_SECS600github events api poll interval
SEARCH_POLL_INTERVAL_SECS86400github search backfill interval
REPO_POLL_INTERVAL_SECS604800github per-repo commit enumeration (weekly)
GITEA_HOSTgit.lair.cafegitea instance hostname
GITEA_USERgrenadegitea username
GITEA_TOKENoptionalgitea token for org discovery
GITEA_POLL_INTERVAL_SECS600gitea activity feed poll interval
HG_HOSThg-edge.mozilla.orgmercurial host
HG_GROUPSbuild,integrationhg repo groups to discover
HG_REPOSmozilla-centralindividual hg repos
HG_AUTHOR_TERMSrthijssen,grenadeauthor substrings for revset queries
HG_POLL_INTERVAL_SECS86400hg poll interval (skips after first scan)
BUGZILLA_HOSTbugzilla.mozilla.orgbugzilla instance
BUGZILLA_EMAIL[email protected]bugzilla creator email filter
BUGZILLA_POLL_INTERVAL_SECS86400bugzilla poll interval

api

variabledefaultdescription
DATABASE_URLrequiredpostgres connection string (read-only role)
BIND_ADDR127.0.0.1:8080api listen address

59 activities