diff --git a/flake.lock b/flake.lock index dbe2b3c..1d9469c 100644 --- a/flake.lock +++ b/flake.lock @@ -511,11 +511,11 @@ "secrets": { "flake": false, "locked": { - "lastModified": 1757519344, - "narHash": "sha256-wLwVbKDPkFCPh9UYLDqCPb62hp6mHBAgjn3Dech54YU=", + "lastModified": 1757583391, + "narHash": "sha256-q5ZXkTv0SJw7OMbu2K3b03Fbb+1Hz6ZafqdqGneyX9A=", "ref": "refs/heads/main", - "rev": "8ae051ad0936cb8fbf10b3ab2130f09a07ca1ce6", - "revCount": 39, + "rev": "42df461dac05dccd22df0c36007174dd73aa0aea", + "revCount": 40, "type": "git", "url": "ssh://git@karaolidis.com/karaolidis/nix-secrets.git" }, diff --git a/hosts/common/configs/system/nix/default.nix b/hosts/common/configs/system/nix/default.nix index 06a0160..350bc8f 100644 --- a/hosts/common/configs/system/nix/default.nix +++ b/hosts/common/configs/system/nix/default.nix @@ -43,7 +43,9 @@ ]; download-buffer-size = 524288000; substituters = lib.mkBefore [ "https://nix.karaolidis.com/main" ]; - trusted-public-keys = lib.mkBefore [ "main:nJVRBnv73MDkwuV5sgm52m4E2ImOhWHvY12qzjPegAk=" ]; + trusted-public-keys = lib.mkBefore [ + "nix.karaolidis.com:1yz1tIVLGDEOFC1p/uYtR4Sx+nIbdYDqsDv4kkV0uyk=" + ]; netrc-file = config.sops.templates.nix-netrc.path; }; diff --git a/hosts/jupiter/users/storm/configs/console/podman/attic/default.nix b/hosts/jupiter/users/storm/configs/console/podman/attic/default.nix index 846176f..4cb9073 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/attic/default.nix +++ b/hosts/jupiter/users/storm/configs/console/podman/attic/default.nix @@ -16,6 +16,7 @@ in "attic/postgresql".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "attic/rs256".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; "attic/admin".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; + "attic/keypairs/main".sopsFile = "${inputs.secrets}/hosts/jupiter/secrets.yaml"; }; templates = { @@ -94,6 +95,7 @@ in [ "/mnt/storage/private/storm/containers/storage/volumes/attic/_data:/var/lib/attic" "${hmConfig.sops.templates.attic-server.path}:/etc/attic/server.toml:ro" + "${hmConfig.sops.secrets."attic/keypairs/main".path}:/etc/attic/keypairs/main:ro" "${postStart}:/etc/attic/post-start.sh:ro" ]; environmentFiles = [ hmConfig.sops.templates.attic-env.path ]; diff --git a/hosts/jupiter/users/storm/configs/console/podman/attic/post-start.sh b/hosts/jupiter/users/storm/configs/console/podman/attic/post-start.sh index 169cdaa..021b128 100644 --- a/hosts/jupiter/users/storm/configs/console/podman/attic/post-start.sh +++ b/hosts/jupiter/users/storm/configs/console/podman/attic/post-start.sh @@ -11,9 +11,11 @@ while true; do set -o errexit if [ $status -eq 0 ]; then + attic cache configure "$CACHE_NAME" --keypair-path "/etc/attic/keypairs/$CACHE_NAME" break elif echo "$out" | grep -q "NoSuchCache"; then - attic cache create "$CACHE_NAME" + attic cache create "$CACHE_NAME" --keypair-path "/etc/attic/keypairs/$CACHE_NAME" + break elif echo "$out" | grep -q "404"; then sleep 0.1 else diff --git a/overlays/attic-client/declarative-key-pair.patch b/overlays/attic-client/declarative-key-pair.patch new file mode 100644 index 0000000..21293b0 --- /dev/null +++ b/overlays/attic-client/declarative-key-pair.patch @@ -0,0 +1,162 @@ +diff --git a/client/src/cli.rs b/client/src/cli.rs +index ee86783..e96b1b6 100644 +--- a/client/src/cli.rs ++++ b/client/src/cli.rs +@@ -9,6 +9,7 @@ use enum_as_inner::EnumAsInner; + + use crate::command::cache::{self, Cache}; + use crate::command::get_closure::{self, GetClosure}; ++use crate::command::key::{self, Key}; + use crate::command::login::{self, Login}; + use crate::command::push::{self, Push}; + use crate::command::r#use::{self, Use}; +@@ -30,6 +31,7 @@ pub enum Command { + Push(Push), + Cache(Cache), + WatchStore(WatchStore), ++ Key(Key), + + #[clap(hide = true)] + GetClosure(GetClosure), +@@ -57,6 +59,7 @@ pub async fn run() -> Result<()> { + Command::Cache(_) => cache::run(opts).await, + Command::WatchStore(_) => watch_store::run(opts).await, + Command::GetClosure(_) => get_closure::run(opts).await, ++ Command::Key(_) => key::run(opts).await, + } + } + +diff --git a/client/src/command/cache.rs b/client/src/command/cache.rs +index af01378..af24d8c 100644 +--- a/client/src/command/cache.rs ++++ b/client/src/command/cache.rs +@@ -7,8 +7,11 @@ use crate::api::ApiClient; + use crate::cache::CacheRef; + use crate::cli::Opts; + use crate::config::Config; +-use attic::api::v1::cache_config::{ +- CacheConfig, CreateCacheRequest, KeypairConfig, RetentionPeriodConfig, ++use attic::{ ++ api::v1::cache_config::{ ++ CacheConfig, CreateCacheRequest, KeypairConfig, RetentionPeriodConfig, ++ }, ++ signing::NixKeypair, + }; + + /// Manage caches on an Attic server. +@@ -72,6 +75,12 @@ struct Create { + default_value = "cache.nixos.org-1" + )] + upstream_cache_key_names: Vec, ++ ++ /// The signing keypair to use for the cache. ++ /// ++ /// If not specified, a new keypair will be generated. ++ #[clap(long)] ++ keypair_path: Option, + } + + /// Configure a cache. +@@ -91,6 +100,14 @@ struct Configure { + #[clap(long)] + regenerate_keypair: bool, + ++ /// Set a keypair for the cache. ++ /// ++ /// The server-side signing key will be set to the ++ /// specified keypair. This is useful for setting up ++ /// a cache with a pre-existing keypair. ++ #[clap(long, conflicts_with = "regenerate_keypair")] ++ keypair_path: Option, ++ + /// Make the cache public. + /// + /// Use `--private` to make it private. +@@ -179,9 +196,15 @@ async fn create_cache(sub: Create) -> Result<()> { + let (server_name, server, cache) = config.resolve_cache(&sub.cache)?; + let api = ApiClient::from_server_config(server.clone())?; + ++ let keypair = if let Some(keypair_path) = &sub.keypair_path { ++ let contents = std::fs::read_to_string(keypair_path)?; ++ KeypairConfig::Keypair(NixKeypair::from_str(&contents)?) ++ } else { ++ KeypairConfig::Generate ++ }; ++ + let request = CreateCacheRequest { +- // TODO: Make this configurable? +- keypair: KeypairConfig::Generate, ++ keypair, + is_public: sub.public, + priority: sub.priority, + store_dir: sub.store_dir, +@@ -230,6 +253,10 @@ async fn configure_cache(sub: Configure) -> Result<()> { + + if sub.regenerate_keypair { + patch.keypair = Some(KeypairConfig::Generate); ++ } else if let Some(keypair_path) = &sub.keypair_path { ++ let contents = std::fs::read_to_string(keypair_path)?; ++ let keypair = KeypairConfig::Keypair(NixKeypair::from_str(&contents)?); ++ patch.keypair = Some(keypair); + } + + patch.store_dir = sub.store_dir; +diff --git a/client/src/command/key.rs b/client/src/command/key.rs +new file mode 100644 +index 0000000..807d8a7 +--- /dev/null ++++ b/client/src/command/key.rs +@@ -0,0 +1,42 @@ ++use anyhow::Result; ++use clap::{Parser, Subcommand}; ++ ++use crate::cli::Opts; ++use attic::signing::NixKeypair; ++ ++/// Manage signing keys. ++#[derive(Debug, Parser)] ++pub struct Key { ++ #[clap(subcommand)] ++ command: KeyCommand, ++} ++ ++#[derive(Debug, Subcommand)] ++enum KeyCommand { ++ Generate(Generate), ++} ++ ++/// Generate a key. ++#[derive(Debug, Clone, Parser)] ++pub struct Generate { ++ /// Name of the key (must not contain colons). ++ name: String, ++} ++ ++pub async fn run(opts: Opts) -> Result<()> { ++ let sub = opts.command.as_key().unwrap(); ++ match &sub.command { ++ KeyCommand::Generate(sub) => generate_key(sub).await, ++ } ++} ++ ++async fn generate_key(sub: &Generate) -> Result<()> { ++ let keypair = NixKeypair::generate(&sub.name)?; ++ ++ println!("🔑 Generated keypair \"{}\"", sub.name); ++ println!(); ++ println!(" Private key: {}", keypair.export_keypair()); ++ println!(" Public key: {}", keypair.export_public_key()); ++ ++ Ok(()) ++} +diff --git a/client/src/command/mod.rs b/client/src/command/mod.rs +index cca423f..26b105a 100644 +--- a/client/src/command/mod.rs ++++ b/client/src/command/mod.rs +@@ -1,5 +1,6 @@ + pub mod cache; + pub mod get_closure; ++pub mod key; + pub mod login; + pub mod push; + pub mod r#use; diff --git a/overlays/attic-client/default.nix b/overlays/attic-client/default.nix index 941d163..ded636e 100644 --- a/overlays/attic-client/default.nix +++ b/overlays/attic-client/default.nix @@ -1,5 +1,11 @@ final: prev: -# FIXME: https://github.com/zhaofengli/attic/pull/280 prev.attic-client.overrideAttrs (oldAttrs: { - patches = oldAttrs.patches or [ ] ++ [ ./stdout-logging.patch ]; + patches = oldAttrs.patches or [ ] ++ [ + # fix: log non-errors to stdout + (builtins.fetchurl { + url = "https://github.com/zhaofengli/attic/pull/280.patch"; + sha256 = "sha256:0j6ay6d9is7053sq5njakjmlpwk24db296rma694jggpl19ibxjv"; + }) + ./declarative-key-pair.patch + ]; }) diff --git a/overlays/attic-client/stdout-logging.patch b/overlays/attic-client/stdout-logging.patch deleted file mode 100644 index 4005c55..0000000 --- a/overlays/attic-client/stdout-logging.patch +++ /dev/null @@ -1,321 +0,0 @@ -diff --git a/client/src/command/cache.rs b/client/src/command/cache.rs -index af01378..0602b3b 100644 ---- a/client/src/command/cache.rs -+++ b/client/src/command/cache.rs -@@ -189,7 +189,7 @@ async fn create_cache(sub: Create) -> Result<()> { - }; - - api.create_cache(cache, request).await?; -- eprintln!( -+ println!( - "✨ Created cache \"{}\" on \"{}\"", - cache.as_str(), - server_name.as_str() -@@ -239,7 +239,7 @@ async fn configure_cache(sub: Configure) -> Result<()> { - let api = ApiClient::from_server_config(server.clone())?; - api.configure_cache(cache, &patch).await?; - -- eprintln!( -+ println!( - "✅ Configured \"{}\" on \"{}\"", - cache.as_str(), - server_name.as_str() -@@ -254,12 +254,12 @@ async fn destroy_cache(sub: Destroy) -> Result<()> { - let (server_name, server, cache) = config.resolve_cache(&sub.cache)?; - - if !sub.no_confirm { -- eprintln!("When you destory a cache:"); -- eprintln!(); -- eprintln!("1. Everyone will lose access."); -- eprintln!("2. The underlying data won't be deleted immediately."); -- eprintln!("3. You may not be able to create a cache of the same name."); -- eprintln!(); -+ println!("When you destory a cache:"); -+ println!(); -+ println!("1. Everyone will lose access."); -+ println!("2. The underlying data won't be deleted immediately."); -+ println!("3. You may not be able to create a cache of the same name."); -+ println!(); - - let answer: String = Input::new() - .with_prompt(format!( -@@ -278,7 +278,7 @@ async fn destroy_cache(sub: Destroy) -> Result<()> { - let api = ApiClient::from_server_config(server.clone())?; - api.destroy_cache(cache).await?; - -- eprintln!("🗑️ The cache was destroyed."); -+ println!("🗑️ The cache was destroyed."); - - Ok(()) - } -@@ -291,40 +291,40 @@ async fn show_cache_config(sub: Info) -> Result<()> { - let cache_config = api.get_cache_config(cache).await?; - - if let Some(is_public) = cache_config.is_public { -- eprintln!(" Public: {}", is_public); -+ println!(" Public: {}", is_public); - } - - if let Some(public_key) = cache_config.public_key { -- eprintln!(" Public Key: {}", public_key); -+ println!(" Public Key: {}", public_key); - } - - if let Some(substituter_endpoint) = cache_config.substituter_endpoint { -- eprintln!("Binary Cache Endpoint: {}", substituter_endpoint); -+ println!("Binary Cache Endpoint: {}", substituter_endpoint); - } - - if let Some(api_endpoint) = cache_config.api_endpoint { -- eprintln!(" API Endpoint: {}", api_endpoint); -+ println!(" API Endpoint: {}", api_endpoint); - } - - if let Some(store_dir) = cache_config.store_dir { -- eprintln!(" Store Directory: {}", store_dir); -+ println!(" Store Directory: {}", store_dir); - } - - if let Some(priority) = cache_config.priority { -- eprintln!(" Priority: {}", priority); -+ println!(" Priority: {}", priority); - } - - if let Some(upstream_cache_key_names) = cache_config.upstream_cache_key_names { -- eprintln!(" Upstream Cache Keys: {:?}", upstream_cache_key_names); -+ println!(" Upstream Cache Keys: {:?}", upstream_cache_key_names); - } - - if let Some(retention_period) = cache_config.retention_period { - match retention_period { - RetentionPeriodConfig::Period(period) => { -- eprintln!(" Retention Period: {:?}", period); -+ println!(" Retention Period: {:?}", period); - } - RetentionPeriodConfig::Global => { -- eprintln!(" Retention Period: Global Default"); -+ println!(" Retention Period: Global Default"); - } - } - } -diff --git a/client/src/command/login.rs b/client/src/command/login.rs -index 9abcea7..6cadd59 100644 ---- a/client/src/command/login.rs -+++ b/client/src/command/login.rs -@@ -28,7 +28,7 @@ pub async fn run(opts: Opts) -> Result<()> { - let mut config_m = config.as_mut(); - - if let Some(server) = config_m.servers.get_mut(&sub.name) { -- eprintln!("✍️ Overwriting server \"{}\"", sub.name.as_str()); -+ println!("✍️ Overwriting server \"{}\"", sub.name.as_str()); - - server.endpoint = sub.endpoint.to_owned(); - -@@ -38,7 +38,7 @@ pub async fn run(opts: Opts) -> Result<()> { - }); - } - } else { -- eprintln!("✍️ Configuring server \"{}\"", sub.name.as_str()); -+ println!("✍️ Configuring server \"{}\"", sub.name.as_str()); - - config_m.servers.insert( - sub.name.to_owned(), -diff --git a/client/src/command/push.rs b/client/src/command/push.rs -index b2bb661..5d39549 100644 ---- a/client/src/command/push.rs -+++ b/client/src/command/push.rs -@@ -91,7 +91,7 @@ impl PushContext { - - return Ok(()); - } else { -- eprintln!("⚙️ Pushing {num_missing_paths} paths to \"{cache}\" on \"{server}\" ({num_already_cached} already cached, {num_upstream} in upstream)...", -+ println!("⚙️ Pushing {num_missing_paths} paths to \"{cache}\" on \"{server}\" ({num_already_cached} already cached, {num_upstream} in upstream)...", - cache = self.cache_name.as_str(), - server = self.server_name.as_str(), - num_missing_paths = plan.store_path_map.len(), -diff --git a/client/src/command/use.rs b/client/src/command/use.rs -index 37d8cd6..d87f65e 100644 ---- a/client/src/command/use.rs -+++ b/client/src/command/use.rs -@@ -34,15 +34,15 @@ pub async fn run(opts: Opts) -> Result<()> { - let public_key = cache_config.public_key - .ok_or_else(|| anyhow!("The server did not tell us which public key it uses. Is signing managed by the client?"))?; - -- eprintln!( -+ println!( - "Configuring Nix to use \"{cache}\" on \"{server_name}\":", - cache = cache.as_str(), - server_name = server_name.as_str(), - ); - - // Modify nix.conf -- eprintln!("+ Substituter: {}", substituter); -- eprintln!("+ Trusted Public Key: {}", public_key); -+ println!("+ Substituter: {}", substituter); -+ println!("+ Trusted Public Key: {}", public_key); - - let mut nix_config = NixConfig::load().await?; - nix_config.add_substituter(&substituter); -@@ -50,7 +50,7 @@ pub async fn run(opts: Opts) -> Result<()> { - - // Modify netrc - if let Some(token) = server.token()? { -- eprintln!("+ Access Token"); -+ println!("+ Access Token"); - - let mut nix_netrc = NixNetrc::load().await?; - let host = Url::parse(&substituter)? -diff --git a/client/src/command/watch_store.rs b/client/src/command/watch_store.rs -index 24eaf7a..aec0c33 100644 ---- a/client/src/command/watch_store.rs -+++ b/client/src/command/watch_store.rs -@@ -91,7 +91,7 @@ pub async fn run(opts: Opts) -> Result<()> { - - watcher.watch(&store_dir, RecursiveMode::NonRecursive)?; - -- eprintln!( -+ println!( - "👀 Pushing new store paths to \"{cache}\" on \"{server}\"", - cache = cache.as_str(), - server = server_name.as_str(), -diff --git a/client/src/push.rs b/client/src/push.rs -index 309bd4b..2fea414 100644 ---- a/client/src/push.rs -+++ b/client/src/push.rs -@@ -595,7 +595,7 @@ pub async fn upload_path( - }; - - mp.suspend(|| { -- eprintln!( -+ println!( - "✅ {} ({})", - path.as_os_str().to_string_lossy(), - info_string -diff --git a/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs b/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs -index 42d70a6..6bbe585 100644 ---- a/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs -+++ b/server/src/database/migration/m20230112_000004_migrate_nar_remote_files_to_chunks.rs -@@ -24,7 +24,7 @@ impl MigrationTrait for Migration { - // When this migration is run, we assume that there are no - // preexisting chunks. - -- eprintln!("* Migrating NARs to chunks..."); -+ println!("* Migrating NARs to chunks..."); - - // Add a temporary column into `chunk` to store the related `nar_id`. - manager -diff --git a/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs b/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs -index 9d29b66..7436b4a 100644 ---- a/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs -+++ b/server/src/database/migration/m20230112_000005_drop_old_nar_columns.rs -@@ -16,7 +16,7 @@ impl MigrationName for Migration { - #[async_trait::async_trait] - impl MigrationTrait for Migration { - async fn up(&self, manager: &SchemaManager) -> Result<(), DbErr> { -- eprintln!("* Migrating NAR schema..."); -+ println!("* Migrating NAR schema..."); - - if manager.get_database_backend() == DatabaseBackend::Sqlite { - // Just copy all data to a new table -diff --git a/server/src/lib.rs b/server/src/lib.rs -index 0314e69..89644e1 100644 ---- a/server/src/lib.rs -+++ b/server/src/lib.rs -@@ -217,7 +217,7 @@ async fn fallback(_: Uri) -> ServerResult<()> { - - /// Runs the API server. - pub async fn run_api_server(cli_listen: Option, config: Config) -> Result<()> { -- eprintln!("Starting API server..."); -+ println!("Starting API server..."); - - let state = StateInner::new(config).await; - -@@ -239,7 +239,7 @@ pub async fn run_api_server(cli_listen: Option, config: Config) -> R - .layer(TraceLayer::new_for_http()) - .layer(CatchPanicLayer::new()); - -- eprintln!("Listening on {:?}...", listen); -+ println!("Listening on {:?}...", listen); - - let listener = TcpListener::bind(&listen).await?; - -@@ -256,7 +256,7 @@ pub async fn run_api_server(cli_listen: Option, config: Config) -> R - - /// Runs database migrations. - pub async fn run_migrations(config: Config) -> Result<()> { -- eprintln!("Running migrations..."); -+ println!("Running migrations..."); - - let state = StateInner::new(config).await; - let db = state.database().await?; -diff --git a/server/src/main.rs b/server/src/main.rs -index c5f08df..3a37c23 100644 ---- a/server/src/main.rs -+++ b/server/src/main.rs -@@ -121,14 +121,14 @@ fn init_logging(tokio_console: bool) { - .init(); - - if tokio_console { -- eprintln!("Note: tokio-console is enabled"); -+ println!("Note: tokio-console is enabled"); - } - } - - fn dump_version() { - #[cfg(debug_assertions)] -- eprintln!("Attic Server {} (debug)", env!("CARGO_PKG_VERSION")); -+ println!("Attic Server {} (debug)", env!("CARGO_PKG_VERSION")); - - #[cfg(not(debug_assertions))] -- eprintln!("Attic Server {} (release)", env!("CARGO_PKG_VERSION")); -+ println!("Attic Server {} (release)", env!("CARGO_PKG_VERSION")); - } -diff --git a/server/src/oobe.rs b/server/src/oobe.rs -index d3d912d..98ef88c 100644 ---- a/server/src/oobe.rs -+++ b/server/src/oobe.rs -@@ -77,25 +77,25 @@ pub async fn run_oobe() -> Result<()> { - token.encode(&SignatureType::RS256(key), &None, &None)? - }; - -- eprintln!(); -- eprintln!("-----------------"); -- eprintln!("Welcome to Attic!"); -- eprintln!(); -- eprintln!("A simple setup using SQLite and local storage has been configured for you in:"); -- eprintln!(); -- eprintln!(" {}", config_path.to_str().unwrap()); -- eprintln!(); -- eprintln!("Run the following command to log into this server:"); -- eprintln!(); -- eprintln!(" attic login local http://localhost:8080 {root_token}"); -- eprintln!(); -- eprintln!("Documentations and guides:"); -- eprintln!(); -- eprintln!(" https://docs.attic.rs"); -- eprintln!(); -- eprintln!("Enjoy!"); -- eprintln!("-----------------"); -- eprintln!(); -+ println!(); -+ println!("-----------------"); -+ println!("Welcome to Attic!"); -+ println!(); -+ println!("A simple setup using SQLite and local storage has been configured for you in:"); -+ println!(); -+ println!(" {}", config_path.to_str().unwrap()); -+ println!(); -+ println!("Run the following command to log into this server:"); -+ println!(); -+ println!(" attic login local http://localhost:8080 {root_token}"); -+ println!(); -+ println!("Documentations and guides:"); -+ println!(); -+ println!(" https://docs.attic.rs"); -+ println!(); -+ println!("Enjoy!"); -+ println!("-----------------"); -+ println!(); - - Ok(()) - } diff --git a/overlays/tea/default.nix b/overlays/tea/default.nix index 5dabc75..470f999 100644 --- a/overlays/tea/default.nix +++ b/overlays/tea/default.nix @@ -1,10 +1,15 @@ final: prev: prev.tea.overrideAttrs (oldAttrs: { patches = oldAttrs.patches or [ ] ++ [ + # feat: add user auth via env (builtins.fetchurl { url = "https://gitea.com/gitea/tea/pulls/639.patch"; sha256 = "sha256:0c5gpi6aajd3h0wp7lrvj5qk9wsqhgbap7ijvl0x117v0g8mgzvs"; }) - ./instance-ssh-host-env.patch + # fix: evaluate env login in repo context + (builtins.fetchurl { + url = "https://gitea.com/gitea/tea/pulls/809.patch"; + sha256 = "sha256:1f9cyizwmza6kg0r3q5d8h7vvph4wnh7kh3wvi5aqnbw100j7igg"; + }) ]; }) diff --git a/overlays/tea/instance-ssh-host-env.patch b/overlays/tea/instance-ssh-host-env.patch deleted file mode 100644 index 91629df..0000000 --- a/overlays/tea/instance-ssh-host-env.patch +++ /dev/null @@ -1,174 +0,0 @@ -diff --git a/modules/config/login.go b/modules/config/login.go -index 3b77fb9..94de9cd 100644 ---- a/modules/config/login.go -+++ b/modules/config/login.go -@@ -13,6 +13,7 @@ import ( - "net/http/cookiejar" - "net/url" - "os" -+ "strconv" - "strings" - "time" - -@@ -200,6 +201,63 @@ func UpdateLogin(login *Login) error { - return saveConfig() - } - -+// CreateLoginFromEnvVars returns a login based on environment variables, or nil if no login can be created -+func CreateLoginFromEnvVars() (*Login, error) { -+ var token string -+ -+ giteaToken := os.Getenv("GITEA_TOKEN") -+ githubToken := os.Getenv("GH_TOKEN") -+ giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL") -+ instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE") -+ giteaInstanceSSHHost := os.Getenv("GITEA_INSTANCE_SSH_HOST") -+ insecure := false -+ if len(instanceInsecure) > 0 { -+ insecure, _ = strconv.ParseBool(instanceInsecure) -+ } -+ -+ // if no tokens are set, or no instance url for gitea fail fast -+ if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) { -+ return nil, nil -+ } -+ -+ token = giteaToken -+ if len(giteaToken) == 0 { -+ token = githubToken -+ } -+ -+ login := &Login{ -+ Name: "GITEA_LOGIN_VIA_ENV", -+ URL: giteaInstanceURL, -+ Token: token, -+ SSHHost: giteaInstanceSSHHost, -+ Insecure: insecure, -+ SSHKey: "", -+ SSHCertPrincipal: "", -+ SSHKeyFingerprint: "", -+ SSHAgent: false, -+ VersionCheck: true, -+ Created: time.Now().Unix(), -+ } -+ -+ client := login.Client() -+ u, _, err := client.GetMyUserInfo() -+ if err != nil { -+ return nil, fmt.Errorf("failed to validate token: %s", err) -+ } -+ -+ login.User = u.UserName -+ -+ if login.SSHHost == "" { -+ parsedURL, err := url.Parse(giteaInstanceURL) -+ if err != nil { -+ return nil, err -+ } -+ login.SSHHost = parsedURL.Host -+ } -+ -+ return login, nil -+} -+ - // Client returns a client to operate Gitea API. You may provide additional modifiers - // for the client like gitea.SetBasicAuth() for customization - func (l *Login) Client(options ...gitea.ClientOption) *gitea.Client { -diff --git a/modules/context/context.go b/modules/context/context.go -index aec5592..636eeec 100644 ---- a/modules/context/context.go -+++ b/modules/context/context.go -@@ -9,9 +9,7 @@ import ( - "log" - "os" - "path" -- "strconv" - "strings" -- "time" - - "code.gitea.io/tea/modules/config" - "code.gitea.io/tea/modules/git" -@@ -108,16 +106,6 @@ func InitCommand(cmd *cli.Command) *TeaContext { - c.RepoSlug = repoFlag - } - -- // override config user with env variable -- envLogin := GetLoginByEnvVar() -- if envLogin != nil { -- _, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "") -- if err != nil { -- log.Fatal(err.Error()) -- } -- c.Login = envLogin -- } -- - // override login from flag, or use default login if repo based detection failed - if len(loginFlag) != 0 { - c.Login = config.GetLoginByName(loginFlag) -@@ -196,10 +184,25 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L - return repo, nil, "", fmt.Errorf("Remote '%s' not found in this Git repository", remoteValue) - } - -+ envLogin, err := config.CreateLoginFromEnvVars() -+ if err != nil { -+ log.Fatal(err.Error()) -+ } -+ - logins, err := config.GetLogins() - if err != nil { - return repo, nil, "", err - } -+ -+ if envLogin != nil { -+ _, err := utils.ValidateAuthenticationMethod(envLogin.URL, envLogin.Token, "", "", false, "", "") -+ if err != nil { -+ log.Fatal(err.Error()) -+ } -+ -+ logins = append([]config.Login{*envLogin}, logins...) -+ } -+ - for _, l := range logins { - sshHost := l.GetSSHHost() - for _, u := range remoteConfig.URLs { -@@ -223,40 +226,3 @@ func contextFromLocalRepo(repoPath, remoteValue string) (*git.TeaRepo, *config.L - - return repo, nil, "", errNotAGiteaRepo - } -- --// GetLoginByEnvVar returns a login based on environment variables, or nil if no login can be created --func GetLoginByEnvVar() *config.Login { -- var token string -- -- giteaToken := os.Getenv("GITEA_TOKEN") -- githubToken := os.Getenv("GH_TOKEN") -- giteaInstanceURL := os.Getenv("GITEA_INSTANCE_URL") -- instanceInsecure := os.Getenv("GITEA_INSTANCE_INSECURE") -- insecure := false -- if len(instanceInsecure) > 0 { -- insecure, _ = strconv.ParseBool(instanceInsecure) -- } -- -- // if no tokens are set, or no instance url for gitea fail fast -- if len(giteaInstanceURL) == 0 || (len(giteaToken) == 0 && len(githubToken) == 0) { -- return nil -- } -- -- token = giteaToken -- if len(giteaToken) == 0 { -- token = githubToken -- } -- -- return &config.Login{ -- Name: "GITEA_LOGIN_VIA_ENV", -- URL: giteaInstanceURL, -- Token: token, -- Insecure: insecure, -- SSHKey: "", -- SSHCertPrincipal: "", -- SSHKeyFingerprint: "", -- SSHAgent: false, -- Created: time.Now().Unix(), -- VersionCheck: false, -- } --} diff --git a/packages/comentario/default.nix b/packages/comentario/default.nix index 82642f4..b4cde96 100644 --- a/packages/comentario/default.nix +++ b/packages/comentario/default.nix @@ -13,8 +13,11 @@ pkgs.buildGo125Module (finalAttrs: { }; patches = [ - # FIXME: https://gitlab.com/comentario/comentario/-/merge_requests/23 - ./dynamic-config-env-vars.patch + # fe: dynamic configuration env vars + (builtins.fetchurl { + url = "https://gitlab.com/comentario/comentario/-/merge_requests/23.patch"; + sha256 = "sha256:0iagj3sfjg8nb0zk673nrppsgdi3hy2crzhd84i2znwqlnhq0m5h"; + }) ./superuser-claim.patch ]; diff --git a/packages/comentario/dynamic-config-env-vars.patch b/packages/comentario/dynamic-config-env-vars.patch deleted file mode 100644 index c7d716d..0000000 --- a/packages/comentario/dynamic-config-env-vars.patch +++ /dev/null @@ -1,312 +0,0 @@ -From 2ef5994a21d694bdf50d1d9d4c524c9584368917 Mon Sep 17 00:00:00 2001 -From: Nikolaos Karaolidis -Date: Mon, 28 Jul 2025 15:33:55 +0100 -Subject: [PATCH] fe: dynamic configuration env vars - -Signed-off-by: Nikolaos Karaolidis ---- - .../dynamic/auth.emailupdate.enabled.en.md | 1 + - .../auth.login.local.maxattempts.en.md | 2 ++ - .../auth.signup.confirm.commenter.en.md | 2 ++ - .../dynamic/auth.signup.confirm.user.en.md | 2 ++ - .../backend/dynamic/auth.signup.enabled.en.md | 2 ++ - ...in.defaults.comments.deletion.author.en.md | 2 ++ - ...defaults.comments.deletion.moderator.en.md | 2 ++ - ...ain.defaults.comments.editing.author.en.md | 2 ++ - ....defaults.comments.editing.moderator.en.md | 2 ++ - ...omain.defaults.comments.enablevoting.en.md | 2 ++ - ...domain.defaults.comments.rss.enabled.en.md | 2 ++ - ...domain.defaults.comments.showdeleted.en.md | 2 ++ - ...ain.defaults.comments.text.maxlength.en.md | 2 ++ - .../domain.defaults.login.showforunauth.en.md | 2 ++ - ...ain.defaults.markdown.images.enabled.en.md | 2 ++ - ...main.defaults.markdown.links.enabled.en.md | 2 ++ - ...ain.defaults.markdown.tables.enabled.en.md | 4 ++- - ...main.defaults.signup.enablefederated.en.md | 2 ++ - .../domain.defaults.signup.enablelocal.en.md | 2 ++ - .../domain.defaults.signup.enablesso.en.md | 2 ++ - .../dynamic/integrations.usegravatar.en.md | 1 + - .../dynamic/operation.newowner.enabled.en.md | 2 ++ - internal/data/dyn_config.go | 28 +++++++++++++++++-- - 23 files changed, 69 insertions(+), 3 deletions(-) - -diff --git a/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md b/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md -index 5b9c5716..a139c953 100644 ---- a/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/auth.emailupdate.enabled.en.md -@@ -20,3 +20,4 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter defines w - * If no operational mailer is configured, the email will be updated right away, without intermediate confirmation. - * If set to `Off`, users cannot change their emails themselves. Email can only be updated by a [superuser](/kb/permissions/superuser) (for example, at a user's request). - -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_EMAILUPDATE_ENABLED`. -diff --git a/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md b/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md -index bada14ec..5a3993a8 100644 ---- a/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md -+++ b/docs/content/configuration/backend/dynamic/auth.login.local.maxattempts.en.md -@@ -20,3 +20,5 @@ Comentario keeps a counter of failed login attempts for each user. - * The failed login attempt counter gets reset to zero as soon as the user has successfully logged in. - - This mechanism is mostly intended to safeguard users against brute-force attacks on their passwords. In order to disable it, set the value to `0`. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_LOGIN_LOCAL_MAXATTEMPTS`. -diff --git a/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md b/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md -index 6ad25e5a..fbb38b3b 100644 ---- a/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md -+++ b/docs/content/configuration/backend/dynamic/auth.signup.confirm.commenter.en.md -@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - * If set to `Off`, commenters will be logged in immediately upon registration. This is not recommended due to security considerations; it may also render the user account unusable in the future if they misspelled their email address. - - This setting applies only to websites embedding Comentario. For the Administration UI there's a [separate configuration item](auth.signup.confirm.user). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_SIGNUP_CONFIRM_COMMENTER`. -diff --git a/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md b/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md -index 6a14a1d3..3aee4ae6 100644 ---- a/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md -+++ b/docs/content/configuration/backend/dynamic/auth.signup.confirm.user.en.md -@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - * If set to `Off`, users can log in immediately upon registration. This is not recommended due to security considerations; it may also render the user account unusable in the future if they misspelled their email address. - - This setting applies only to the Administration UI. For websites embedding Comentario there's a [separate configuration item](auth.signup.confirm.commenter). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_SIGNUP_CONFIRM_USER`. -diff --git a/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md b/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md -index 35acc2ba..d8a38804 100644 ---- a/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/auth.signup.enabled.en.md -@@ -20,3 +20,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls - * If set to `Off`, new user registrations are forbidden. - - This setting applies only to the Administration UI. It can be useful for (temporarily) preventing new sign-ups. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_AUTH_SIGNUP_ENABLED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md -index 9fef72b4..93f280cf 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.author.en.md -@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us - - * When set to `On`, comment authors will see a *trashcan* button on their comments, which allows them to delete a written comment. - * If set to `Off`, comments cannot be removed by their authors once submitted (but possibly can [by domain moderators](domain.defaults.comments.deletion.moderator) if enabled). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_DELETION_AUTHOR`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md -index 97c3b3e0..f1c002f8 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.deletion.moderator.en.md -@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us - - * When set to `On`, users with the moderator or owner [role](/kb/permissions/roles) and [superusers](/kb/permissions/superuser) will see a *trashcan* button on every comment, allowing them to delete any comment on the domain's pages. - * If set to `Off`, comments cannot be removed by moderators (but possibly can [by their authors](domain.defaults.comments.deletion.author) if enabled). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_DELETION_MODERATOR`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md -index 346a93b6..de989f59 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.author.en.md -@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us - - * When set to `On`, comment authors will see a *pencil* button on their comments, which allows them to edit a written comment. - * If set to `Off`, comments cannot be changed by their authors once submitted (but possibly can [by domain moderators](domain.defaults.comments.editing.moderator) if enabled). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_EDITING_AUTHOR`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md -index 0b35d1e3..25bfcbf1 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.editing.moderator.en.md -@@ -17,3 +17,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us - - * When set to `On`, users with the moderator or owner [role](/kb/permissions/roles) and [superusers](/kb/permissions/superuser) will see a *pencil* button on every comment, allowing them to edit any comment on the domain's pages. - * If set to `Off`, comments cannot be changed by moderators (but possibly can [by their authors](domain.defaults.comments.editing.author) if enabled). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_EDITING_MODERATOR`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md -index a2e72f5b..17ec769e 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.enablevoting.en.md -@@ -13,3 +13,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter can be us - - * When set to `On`, every comment card will contain a score and a set of upvote/downvote buttons. Also, any commenter will be able to upvote or downvote others' comments (bot not those they authored self). - * If set to `Off`, the score and the voting buttons will be hidden. It will also disable sorting comments by votes. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_ENABLEVOTING`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md -index 3981741e..4108ed90 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.rss.enabled.en.md -@@ -21,3 +21,5 @@ When RSS is enabled, the users will be able to subscribe to comment feeds using: - - * `RSS` dropdown button under the [comment editor](/kb/comment-editor) (left of the sorting buttons). - * `Comment RSS feed` links in Domain properties and Domain page properties. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_RSS_ENABLED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md -index 89b26859..f2293dba 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.showdeleted.en.md -@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls - * If set to `Off`, deleted comments will be hidden in the comment tree immediately, as well as all its child comments. - - This setting doesn't affect comment display in the Administration UI (it has a separate switch for hiding deleted comments). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_SHOWDELETED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md -index a87b2fff..9e068c5a 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.comments.text.maxlength.en.md -@@ -21,3 +21,5 @@ It defines how long comment texts can be on a specific domain, representing the - - * The lowest possible value for this setting is the "Twitter limit" of `140` characters. - * The top (physical) limit is `1048576` (1 MiB). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_COMMENTS_TEXT_MAXLENGTH`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md -index 85b264e6..65a29ea4 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.login.showforunauth.en.md -@@ -19,3 +19,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter allows to - * If set to `Off`, the login dialog will be skipped if [commenting without registration](/configuration/frontend/domain/authentication) is enabled for this domain. Otherwise the dialog will be shown and user will be requested to log in or sign up. - - When this setting is `Off`, the user can still authenticate explicitly using the `Sign in` button above the comment editor. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_LOGIN_SHOWFORUNAUTH`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md -index f229294c..6af7d884 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.images.enabled.en.md -@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - * If set to `Off`, commenters won't be able to insert images, and the corresponding markup will be removed from the resulting text. - - This setting only applies to newly written comments and does not affect images in existing comments. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_MARKDOWN_IMAGES_ENABLED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md -index cfaaddcb..bb171b1e 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.links.enabled.en.md -@@ -18,3 +18,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - * If set to `Off`, commenters won't be able to insert links, and the corresponding string will be rendered as plain, non-clickable text. - - This setting only applies to newly written comments and does not affect links in existing comments. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_MARKDOWN_LINKS_ENABLED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md -index 243affed..f38c097e 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.markdown.tables.enabled.en.md -@@ -16,5 +16,7 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - - * If set to `On`, commenters can insert [tables](/kb/markdown#tables) in comments. - * If set to `Off`, commenters won't be able to insert tables, and the corresponding markup will be removed from the resulting text. -- -+ - This setting only applies to newly written comments and does not affect tables in existing comments. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_MARKDOWN_TABLES_ENABLED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md -index 7a5d92a9..c6015fdb 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablefederated.en.md -@@ -21,3 +21,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls - This setting doesn't apply to the Administration UI, which uses a [separate configuration item](auth.signup.enabled) for that. - - It also doesn't affect *existing users*, i.e. those already registered. They will be able to log in even when this setting is disabled. To disable federated login completely, switch off undesirable providers in the domain's [authentication settings](/configuration/frontend/domain/authentication). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_SIGNUP_ENABLEFEDERATED`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md -index 874d6dc4..f2dff20e 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablelocal.en.md -@@ -23,3 +23,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls - This setting doesn't apply to the Administration UI, which uses a [separate configuration item](auth.signup.enabled) for that. - - It also doesn't affect *existing users*. They will be able to log in even when this setting is disabled. To disable login with email/password completely, switch it off in the domain's [authentication settings](/configuration/frontend/domain/authentication). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_SIGNUP_ENABLELOCAL`. -diff --git a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md -index 6da28064..86bc6826 100644 ---- a/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md -+++ b/docs/content/configuration/backend/dynamic/domain.defaults.signup.enablesso.en.md -@@ -22,3 +22,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter controls - * If set to `Off`, SSO registration on websites embedding comments will be forbidden. - - This setting doesn't affect *SSO users who are already registered*. They will be able to log in even when this setting is disabled. To disable SSO login completely, switch it off in the domain's [authentication settings](/configuration/frontend/domain/authentication). -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_DOMAIN_DEFAULTS_SIGNUP_ENABLESSO`. -diff --git a/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md b/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md -index 8509944d..b81d1766 100644 ---- a/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md -+++ b/docs/content/configuration/backend/dynamic/integrations.usegravatar.en.md -@@ -16,3 +16,4 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - It also enables the use of Gravatar during import (e.g. from [Commento](/installation/migration/commento) or [WordPress](/installation/migration/wordpress)). - * If set to `Off`, Gravatar won't be contacted. - -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_INTEGRATIONS_USEGRAVATAR`. -diff --git a/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md b/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md -index a3025d96..d2a27b15 100644 ---- a/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md -+++ b/docs/content/configuration/backend/dynamic/operation.newowner.enabled.en.md -@@ -15,3 +15,5 @@ This [dynamic configuration](/configuration/backend/dynamic) parameter configure - * If set to `Off`, users without domains (for example, commenters) won't be able to register their own domains in Comentario, and thus become domain owners. Most likely, this is what you want, therefore `Off` is the default. - - This setting doesn't affect users who already own at least one domain. -+ -+This default value of this setting can be overridden at startup using the environment variable `DYN_DEFAULT_OPERATION_NEWOWNER_ENABLED`. -diff --git a/internal/data/dyn_config.go b/internal/data/dyn_config.go -index 8595ea2a..ad5b9894 100644 ---- a/internal/data/dyn_config.go -+++ b/internal/data/dyn_config.go -@@ -2,14 +2,21 @@ package data - - import ( - "fmt" -+ "os" -+ "strconv" -+ "strings" -+ "time" -+ - "github.com/go-openapi/strfmt" - "github.com/go-openapi/swag" - "github.com/google/uuid" -+ "github.com/op/go-logging" - "gitlab.com/comentario/comentario/internal/api/models" -- "strconv" -- "time" - ) - -+// logger represents a package-wide logger instance -+var logger = logging.MustGetLogger("data") -+ - // DynConfigItemSectionKey is a key of dynamic configuration item section - type DynConfigItemSectionKey string - -@@ -196,6 +203,11 @@ const ( - // ConfigKeyDomainDefaultsPrefix is a prefix given to domain setting keys that turn them into global domain defaults keys - const ConfigKeyDomainDefaultsPrefix = "domain.defaults." - -+func getInitialDynConfigItemEnvVar(key DynConfigItemKey) (string, bool) { -+ name := "DYN_DEFAULT_" + strings.ToUpper(strings.ReplaceAll(string(key), ".", "_")) -+ return os.LookupEnv(name) -+} -+ - // DefaultDynInstanceConfig is the default dynamic instance configuration - var DefaultDynInstanceConfig = DynConfigMap{ - ConfigKeyAuthEmailUpdateEnabled: {DefaultValue: "false", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth}, -@@ -221,3 +233,15 @@ var DefaultDynInstanceConfig = DynConfigMap{ - ConfigKeyDomainDefaultsPrefix + DomainConfigKeyFederatedSignupEnabled: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth}, - ConfigKeyDomainDefaultsPrefix + DomainConfigKeySsoSignupEnabled: {DefaultValue: "true", Datatype: ConfigDatatypeBool, Section: DynConfigItemSectionAuth}, - } -+ -+func init() { -+ for key, item := range DefaultDynInstanceConfig { -+ value, override := getInitialDynConfigItemEnvVar(key) -+ if override { -+ if err := item.ValidateValue(value); err != nil { -+ logger.Fatalf("bad override for %q: %v", key, err) -+ } -+ item.DefaultValue = value -+ } -+ } -+} --- -GitLab - diff --git a/packages/obsidian/plugins/languagetool/default.nix b/packages/obsidian/plugins/languagetool/default.nix index fadb715..cfd3d32 100644 --- a/packages/obsidian/plugins/languagetool/default.nix +++ b/packages/obsidian/plugins/languagetool/default.nix @@ -12,8 +12,12 @@ pkgs.stdenv.mkDerivation (finalAttrs: { }; patches = [ + # Fix variety typo + (builtins.fetchurl { + url = "https://patch-diff.githubusercontent.com/raw/Clemens-E/obsidian-languagetool-plugin/pull/132.patch"; + sha256 = "sha256:13lzp0920h1kc9yl3r04r505zb417hlciyiwii0fm5b12g35av8v"; + }) ./settings-notification.patch - ./variety-typo.patch ]; offlineCache = pkgs.fetchYarnDeps { diff --git a/packages/obsidian/plugins/languagetool/variety-typo.patch b/packages/obsidian/plugins/languagetool/variety-typo.patch deleted file mode 100644 index 419b34f..0000000 --- a/packages/obsidian/plugins/languagetool/variety-typo.patch +++ /dev/null @@ -1,149 +0,0 @@ -diff --git a/src/SettingsTab.ts b/src/SettingsTab.ts -index d0d65bb..2a211b0 100644 ---- a/src/SettingsTab.ts -+++ b/src/SettingsTab.ts -@@ -33,10 +33,10 @@ export interface LanguageToolPluginSettings { - staticLanguage?: string; - motherTongue?: string; - -- englishVeriety?: undefined | 'en-US' | 'en-GB' | 'en-CA' | 'en-AU' | 'en-ZA' | 'en-NZ'; -- germanVeriety?: undefined | 'de-DE' | 'de-AT' | 'de-CH'; -- portugueseVeriety?: undefined | 'pt-BR' | 'pt-PT' | 'pt-AO' | 'pt-MZ'; -- catalanVeriety?: undefined | 'ca-ES' | 'ca-ES-valencia'; -+ englishVariety?: undefined | 'en-US' | 'en-GB' | 'en-CA' | 'en-AU' | 'en-ZA' | 'en-NZ'; -+ germanVariety?: undefined | 'de-DE' | 'de-AT' | 'de-CH'; -+ portugueseVariety?: undefined | 'pt-BR' | 'pt-PT' | 'pt-AO' | 'pt-MZ'; -+ catalanVariety?: undefined | 'ca-ES' | 'ca-ES-valencia'; - - pickyMode: boolean; - -@@ -286,13 +286,13 @@ export class LanguageToolSettingsTab extends PluginSettingTab { - component.onChange(async value => { - this.plugin.settings.staticLanguage = value; - if (value !== 'auto') { -- this.plugin.settings.englishVeriety = undefined; -+ this.plugin.settings.englishVariety = undefined; - englishVarietyDropdown?.setValue('default'); -- this.plugin.settings.germanVeriety = undefined; -+ this.plugin.settings.germanVariety = undefined; - germanVarietyDropdown?.setValue('default'); -- this.plugin.settings.portugueseVeriety = undefined; -+ this.plugin.settings.portugueseVariety = undefined; - portugueseVarietyDropdown?.setValue('default'); -- this.plugin.settings.catalanVeriety = undefined; -+ this.plugin.settings.catalanVariety = undefined; - catalanVarietyDropdown?.setValue('default'); - } - await this.plugin.saveSettings(); -@@ -338,14 +338,14 @@ export class LanguageToolSettingsTab extends PluginSettingTab { - 'en-ZA': 'English (South Africa)', - 'en-NZ': 'English (New Zealand)', - }) -- .setValue(this.plugin.settings.englishVeriety ?? 'default') -+ .setValue(this.plugin.settings.englishVariety ?? 'default') - .onChange(async value => { - if (value === 'default') { -- this.plugin.settings.englishVeriety = undefined; -+ this.plugin.settings.englishVariety = undefined; - } else { - this.plugin.settings.staticLanguage = 'auto'; - staticLanguageComponent?.setValue('auto'); -- this.plugin.settings.englishVeriety = value as 'en-US' | 'en-GB' | 'en-CA' | 'en-AU' | 'en-ZA' | 'en-NZ'; -+ this.plugin.settings.englishVariety = value as 'en-US' | 'en-GB' | 'en-CA' | 'en-AU' | 'en-ZA' | 'en-NZ'; - } - await this.plugin.saveSettings(); - }); -@@ -360,14 +360,14 @@ export class LanguageToolSettingsTab extends PluginSettingTab { - 'de-CH': 'German (Switzerland)', - 'de-AT': 'German (Austria)', - }) -- .setValue(this.plugin.settings.germanVeriety ?? 'default') -+ .setValue(this.plugin.settings.germanVariety ?? 'default') - .onChange(async value => { - if (value === 'default') { -- this.plugin.settings.germanVeriety = undefined; -+ this.plugin.settings.germanVariety = undefined; - } else { - this.plugin.settings.staticLanguage = 'auto'; - staticLanguageComponent?.setValue('auto'); -- this.plugin.settings.germanVeriety = value as 'de-DE' | 'de-CH' | 'de-AT'; -+ this.plugin.settings.germanVariety = value as 'de-DE' | 'de-CH' | 'de-AT'; - } - await this.plugin.saveSettings(); - }); -@@ -383,14 +383,14 @@ export class LanguageToolSettingsTab extends PluginSettingTab { - 'pt-AO': 'Portuguese (Angola)', - 'pt-MZ': 'Portuguese (Mozambique)', - }) -- .setValue(this.plugin.settings.portugueseVeriety ?? 'default') -+ .setValue(this.plugin.settings.portugueseVariety ?? 'default') - .onChange(async value => { - if (value === 'default') { -- this.plugin.settings.portugueseVeriety = undefined; -+ this.plugin.settings.portugueseVariety = undefined; - } else { - this.plugin.settings.staticLanguage = 'auto'; - staticLanguageComponent?.setValue('auto'); -- this.plugin.settings.portugueseVeriety = value as 'pt-BR' | 'pt-PT' | 'pt-AO' | 'pt-MZ'; -+ this.plugin.settings.portugueseVariety = value as 'pt-BR' | 'pt-PT' | 'pt-AO' | 'pt-MZ'; - } - await this.plugin.saveSettings(); - }); -@@ -404,14 +404,14 @@ export class LanguageToolSettingsTab extends PluginSettingTab { - 'ca-ES': 'Catalan', - 'ca-ES-valencia': 'Catalan (Valencian)', - }) -- .setValue(this.plugin.settings.catalanVeriety ?? 'default') -+ .setValue(this.plugin.settings.catalanVariety ?? 'default') - .onChange(async value => { - if (value === 'default') { -- this.plugin.settings.catalanVeriety = undefined; -+ this.plugin.settings.catalanVariety = undefined; - } else { - this.plugin.settings.staticLanguage = 'auto'; - staticLanguageComponent?.setValue('auto'); -- this.plugin.settings.catalanVeriety = value as 'ca-ES' | 'ca-ES-valencia'; -+ this.plugin.settings.catalanVariety = value as 'ca-ES' | 'ca-ES-valencia'; - } - await this.plugin.saveSettings(); - }); -diff --git a/src/api.ts b/src/api.ts -index 109984c..4cd1700 100644 ---- a/src/api.ts -+++ b/src/api.ts -@@ -58,27 +58,27 @@ export async function getDetectionResult( - params.disabledRules = settings.ruleOtherDisabledRules; - } - -- if (settings.englishVeriety) { -+ if (settings.englishVariety) { - params.preferredVariants = `${params.preferredVariants ? `${params.preferredVariants},` : ''}${ -- settings.englishVeriety -+ settings.englishVariety - }`; - } - -- if (settings.germanVeriety) { -+ if (settings.germanVariety) { - params.preferredVariants = `${params.preferredVariants ? `${params.preferredVariants},` : ''}${ -- settings.germanVeriety -+ settings.germanVariety - }`; - } - -- if (settings.portugueseVeriety) { -+ if (settings.portugueseVariety) { - params.preferredVariants = `${params.preferredVariants ? `${params.preferredVariants},` : ''}${ -- settings.portugueseVeriety -+ settings.portugueseVariety - }`; - } - -- if (settings.catalanVeriety) { -+ if (settings.catalanVariety) { - params.preferredVariants = `${params.preferredVariants ? `${params.preferredVariants},` : ''}${ -- settings.catalanVeriety -+ settings.catalanVariety - }`; - } - diff --git a/submodules/secrets b/submodules/secrets index 8ae051a..42df461 160000 --- a/submodules/secrets +++ b/submodules/secrets @@ -1 +1 @@ -Subproject commit 8ae051ad0936cb8fbf10b3ab2130f09a07ca1ce6 +Subproject commit 42df461dac05dccd22df0c36007174dd73aa0aea