WIP Nostr onboarding

With X-Forwarded-Host set on the proxied request, Rails uses that host
for URLs. But we need it to be the accounts domain.

Dockerfile

@@ -1,18 +1,11 @@
 # syntax=docker/dockerfile:1
-FROM debian:bullseye-slim as base
+FROM ruby:3.3.4
 
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
 
-# TODO Remove when upstream Ruby works properly on Apple silicon
-RUN apt update && apt install -y build-essential wget autoconf libpq-dev pkg-config
-RUN wget https://github.com/postmodern/ruby-install/releases/download/v0.9.3/ruby-install-0.9.3.tar.gz \
-  && tar -xzvf ruby-install-0.9.3.tar.gz \
-  && cd ruby-install-0.9.3/ \
-  && make install
-RUN ruby-install -p https://github.com/ruby/ruby/pull/9371.diff ruby 3.3.0
-ENV PATH="/opt/rubies/ruby-3.3.0/bin:${PATH}"
+RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
+      ldap-utils tini libvips
 
-RUN apt-get install -y --no-install-recommends curl ldap-utils tini libvips
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
 

Gemfile

@@ -61,7 +61,7 @@ gem "sentry-rails"
 # Services
 gem 'discourse_api'
 gem "lnurl"
-gem 'manifique'
+gem 'manifique', '~> 1.1.0'
 gem 'nostr', '~> 0.6.0'
 
 group :development, :test do

Gemfile.lock

@@ -245,7 +245,7 @@ GEM
       net-imap
       net-pop
       net-smtp
-    manifique (1.0.1)
+    manifique (1.1.0)
       faraday (~> 2.9.0)
       faraday-follow_redirects (= 0.3.0)
       nokogiri (~> 1.16.0)
@@ -515,7 +515,7 @@ DEPENDENCIES
   listen (~> 3.2)
   lnurl
   lockbox
-  manifique
+  manifique (~> 1.1.0)
   net-ldap
   nostr (~> 0.6.0)
   pagy (~> 6.0, >= 6.0.2)

app/controllers/admin/settings/registrations_controller.rb

@@ -9,4 +9,12 @@ class Admin::Settings::RegistrationsController < Admin::SettingsController
       success: "Settings saved"
     }
   end
+
+  private
+
+    def setting_params
+      params.require(:setting).permit([
+        :reserved_usernames, default_services: []
+      ])
+    end
 end

app/controllers/admin/settings_controller.rb

@@ -9,11 +9,12 @@ class Admin::SettingsController < Admin::BaseController
     changed_keys = []
 
     setting_params.keys.each do |key|
-      next if setting_params[key].nil? ||
-              (Setting.send(key).to_s == setting_params[key].strip)
+      next if clean_param(key).nil? ||
+        (Setting.send(key).to_s == clean_param(key))
+
       changed_keys.push(key)
       setting = Setting.new(var: key)
-      setting.value = setting_params[key].strip
+      setting.value = clean_param(key)
       unless setting.valid?
         @errors.merge!(setting.errors)
       end
@@ -24,7 +25,7 @@ class Admin::SettingsController < Admin::BaseController
     end
 
     changed_keys.each do |key|
-      Setting.send("#{key}=", setting_params[key].strip)
+      Setting.send("#{key}=", clean_param(key))
     end
   end
 
@@ -37,4 +38,12 @@ class Admin::SettingsController < Admin::BaseController
     def setting_params
       params.require(:setting).permit(Setting.editable_keys.map(&:to_sym))
     end
+
+    def clean_param(key)
+      if Setting.get_field(key)[:type] == :string
+        setting_params[key].strip
+      else
+        setting_params[key]
+      end
+    end
 end

app/controllers/lnurlpay_controller.rb

@@ -1,7 +1,7 @@
 class LnurlpayController < ApplicationController
   before_action :check_service_available
   before_action :find_user
-  before_action :set_cors_access_control_headers, only: [:invoice]
+  before_action :set_cors_access_control_headers
 
   MIN_SATS = 10
   MAX_SATS = 1_000_000

app/controllers/services/chat_controller.rb

@@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
   before_action :require_service_available
 
   def show
-    @service_enabled = current_user.service_enabled?(:xmpp)
+    @service_enabled = current_user.service_enabled?(:ejabberd)
   end
 
   private

app/controllers/services/remotestorage_controller.rb

@@ -8,8 +8,7 @@ class Services::RemotestorageController < Services::BaseController
     # unless current_user.service_enabled?(:remotestorage)
     #   redirect_to service_remotestorage_info_path
     # end
-    @rs_auths = current_user.remote_storage_authorizations
-    # TODO sort by app name
+    # @rs_apps_connected = current_user.remote_storage_authorizations.any?
   end
 
   private

app/controllers/services/rs_auths_controller.rb

@@ -3,13 +3,18 @@ class Services::RsAuthsController < Services::BaseController
   before_action :require_feature_enabled
   before_action :require_service_available
   # before_action :require_service_enabled
-  before_action :find_rs_auth
+  before_action :find_rs_auth, only: [:destroy, :launch_app]
+
+  def index
+    @rs_auths = current_user.remote_storage_authorizations
+    # TODO sort by app name?
+  end
 
   def destroy
     @auth.destroy!
 
     respond_to do |format|
-      format.html do redirect_to services_storage_url, flash: {
+      format.html do redirect_to apps_services_storage_url, flash: {
         success: 'App authorization revoked'
       }
       end

app/controllers/webfinger_controller.rb

@@ -1,8 +1,6 @@
-class WebfingerController < ApplicationController
+class WebfingerController < WellKnownController
   before_action :allow_cross_origin_requests, only: [:show]
 
-  layout false
-
   def show
     resource = params[:resource]
 
@@ -76,7 +74,7 @@ class WebfingerController < ApplicationController
   end
 
   def remotestorage_link
-    auth_url = new_rs_oauth_url(@username)
+    auth_url = new_rs_oauth_url(@username, host: Setting.accounts_domain)
     storage_url = "#{Setting.rs_storage_url}/#{@username}"
 
     {
@@ -91,10 +89,4 @@ class WebfingerController < ApplicationController
       }
     }
   end
-
-  def allow_cross_origin_requests
-    return unless Rails.env.development?
-    headers['Access-Control-Allow-Origin'] = "*"
-    headers['Access-Control-Allow-Methods'] = "GET"
-  end
 end

app/controllers/well_known_controller.rb

@@ -1,14 +1,23 @@
 class WellKnownController < ApplicationController
   before_action :require_nostr_enabled, only: [ :nostr ]
+  before_action :allow_cross_origin_requests, only: [ :nostr ]
+
+  layout false
 
   def nostr
     http_status :unprocessable_entity and return if params[:name].blank?
     domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
-    relay_url = Setting.nostr_relay_url
+    relay_url = Setting.nostr_relay_url.presence
 
     if params[:name] == "_"
-      # pubkey for the primary domain without a username (e.g. kosmos.org)
-      res = { names: { "_": Setting.nostr_public_key } }
+      if domain == Setting.primary_domain
+        # pubkey for the primary domain without a username (e.g. kosmos.org)
+        res = { names: { "_": Setting.nostr_public_key_primary_domain.presence || Setting.nostr_public_key } }
+      else
+        # pubkey for the akkounts domain without a username (e.g. accounts.kosmos.org)
+        res = { names: { "_": Setting.nostr_public_key } }
+      end
+
       res[:relays] = { "_" => [ relay_url ] } if relay_url
     else
       @user = User.where(cn: params[:name], ou: domain).first
@@ -30,4 +39,9 @@ class WellKnownController < ApplicationController
     def require_nostr_enabled
       http_status :not_found unless Setting.nostr_enabled?
     end
+
+    def allow_cross_origin_requests
+      headers['Access-Control-Allow-Origin'] = "*"
+      headers['Access-Control-Allow-Methods'] = "GET"
+    end
 end

app/helpers/dashboard_helper.rb

@@ -1,2 +0,0 @@
-module DashboardHelper
-end

app/helpers/donations_helper.rb

@@ -1,2 +0,0 @@
-module DonationsHelper
-end

app/helpers/invitations_helper.rb

@@ -1,2 +0,0 @@
-module InvitationsHelper
-end

app/helpers/lnurlpay_helper.rb

@@ -1,2 +0,0 @@
-module LnurlpayHelper
-end

app/helpers/services_helper.rb

@@ -0,0 +1,12 @@
+module ServicesHelper
+
+  def service_human_name(key, category = :external)
+    SERVICES[category][key][:name] || key.to_s
+  end
+
+  def service_display_name(key, category = :external)
+    SERVICES[category][key][:display_name] ||
+    service_human_name(key, category)
+  end
+
+end

app/helpers/settings_helper.rb

@@ -1,2 +0,0 @@
-module SettingsHelper
-end

app/helpers/signup_helper.rb

@@ -1,2 +0,0 @@
-module SignupHelper
-end

app/helpers/users_helper.rb

@@ -1,2 +0,0 @@
-module UsersHelper
-end

app/helpers/wallet_helper.rb

@@ -1,2 +0,0 @@
-module WalletHelper
-end

app/helpers/welcome_helper.rb

@@ -1,2 +0,0 @@
-module WelcomeHelper
-end

app/javascript/controllers/settings/nostr_pubkey_controller.js

@@ -1,8 +1,14 @@
 import { Controller } from "@hotwired/stimulus"
+import { Nostrify } from "nostrify"
 
 // Connects to data-controller="settings--nostr-pubkey"
 export default class extends Controller {
-  static targets = [ "noExtension", "setPubkey", "pubkeyBech32Input" ]
+  static targets = [
+    "noExtension",
+    "setPubkey", "pubkeyBech32Input",
+    "relayList", "relayListStatus",
+    "profileStatusNip05", "profileStatusLud16"
+  ]
   static values  = {
     userAddress: String,
     pubkeyHex: String,
@@ -15,6 +21,14 @@ export default class extends Controller {
       if (this.hasSetPubkeyTarget) {
         this.setPubkeyTarget.disabled = false
       }
+
+      if (this.pubkeyHexValue) {
+        this.discoverUserOnNostr().then(() => {
+          this.renderRelayStatus()
+          this.renderProfileNip05Status()
+          this.renderProfileLud16Status()
+        })
+      }
     } else {
       this.noExtensionTarget.classList.remove("hidden")
     }
@@ -49,8 +63,172 @@ export default class extends Controller {
     }
   }
 
+  async discoverUserOnNostr () {
+    this.nip65Relays = await this.findUserRelays()
+    this.profile = await this.findUserProfile()
+  }
+
+  async findUserRelays () {
+    const controller = new AbortController();
+    const signal = controller.signal;
+    const filters = [{ kinds: [10002], authors: [this.pubkeyHexValue], limit: 1 }]
+    const messages = []
+
+    for await (const msg of this.discoveryPool.req(filters, { signal })) {
+      if (msg[0] === 'EVENT') {
+        if (!messages.find(m => m.id === msg[2].id)) {
+          messages.push(msg[2])
+        }
+      }
+      if (msg[0] === 'EOSE') { break }
+    }
+
+    // Close the relay subscription
+    controller.abort()
+    if (messages.length === 0) { return messages }
+
+    const sortedMessages = messages.sort((a, b) => a.createdAt - b.createdAt)
+    const newestMessage = messages[messages.length - 1]
+
+    return newestMessage.tags.filter(t => t[0] === 'r')
+                             .map(t => { return { url: t[1], marker: t[2] } })
+  }
+
+  async findUserProfile () {
+    const controller = new AbortController();
+    const signal = controller.signal;
+    const filters = [{ kinds: [0], authors: [this.pubkeyHexValue], limit: 1 }]
+    const messages = []
+
+    for await (const msg of this.discoveryPool.req(filters, { signal })) {
+      if (msg[0] === 'EVENT') {
+        if (!messages.find(m => m.id === msg[2].id)) {
+          messages.push(msg[2])
+        }
+      }
+      if (msg[0] === 'EOSE') { break }
+    }
+
+    // Close the relay subscription
+    controller.abort()
+    if (messages.length === 0) { return null }
+
+    const sortedMessages = messages.sort((a, b) => a.createdAt - b.createdAt)
+    const newestMessage = messages[messages.length - 1]
+
+    return JSON.parse(newestMessage.content)
+  }
+
+  renderRelayStatus () {
+    let showStatus
+
+    if (this.nip65Relays.length > 0) {
+      if (this.relaysContainAccountsRelay) {
+        showStatus = 'green'
+      } else {
+        showStatus = 'orange'
+      }
+    } else {
+      showStatus = 'red'
+    }
+    // showStatus = 'red'
+
+    this.relayListStatusTarget
+      .querySelector(`.status-${showStatus}`)
+      .classList.remove("hidden")
+  }
+
+  renderProfileNip05Status () {
+    let showStatus
+
+    if (this.profile?.nip05) {
+      if (this.profile.nip05 === this.userAddressValue) {
+        showStatus = 'green'
+      } else {
+        showStatus = 'red'
+      }
+    } else {
+      showStatus = 'orange'
+    }
+
+    this.profileStatusNip05Target
+      .querySelector(`.status-${showStatus}`)
+      .classList.remove("hidden")
+  }
+
+  renderProfileLud16Status () {
+    let showStatus
+
+    if (this.profile?.lud16) {
+      if (this.profile.lud16 === this.userAddressValue) {
+        showStatus = 'green'
+      } else {
+        showStatus = 'red'
+      }
+    } else {
+      showStatus = 'orange'
+    }
+
+    this.profileStatusLud16Target
+      .querySelector(`.status-${showStatus}`)
+      .classList.remove("hidden")
+  }
+
+  // renderRelayList (relays) {
+  //   const html = relays.map(relay => `
+  //     <li class="flex items-center justify-between p-2 border-b">
+  //       <span>${relay.url}</span>
+  //       <button 
+  //         data-action="click->list#handleItemClick" 
+  //         data-item="${relay.url}"
+  //         class="bg-blue-500 text-white px-3 py-1 rounded">
+  //         Action
+  //       </button>
+  //     </li>
+  //   `).join("")
+  //
+  //   this.relayListTarget.innerHTML = html
+  // }
+
   get csrfToken () {
     const element = document.head.querySelector('meta[name="csrf-token"]')
     return element.getAttribute("content")
   }
+
+  // Used to find a user's profile and relays
+  get discoveryRelays () {
+    return [
+      'ws://localhost:4777',
+      'wss://nostr.kosmos.org',
+      'wss://purplepag.es',
+      // 'wss://relay.nostr.band',
+      // 'wss://njump.me',
+      // 'wss://relay.damus.io',
+      // 'wss://nos.lol',
+      // 'wss://eden.nostr.land',
+      // 'wss://relay.snort.social',
+      // 'wss://nostr.wine',
+      // 'wss://relay.primal.net',
+      // 'wss://nostr.bitcoiner.social',
+    ]
+  }
+
+  get discoveryPool () {
+    if (!this._discoveryPool) {
+      this._discoveryPool = new Nostrify.NPool({
+        open: (url) => new Nostrify.NRelay1(url),
+        reqRouter: async (filters) => new Map(
+          this.discoveryRelays.map(relayUrl => [ relayUrl, filters ])
+        ),
+        eventRouter: async (event) => [],
+      })
+    }
+
+    return this._discoveryPool
+  }
+
+  get relaysContainAccountsRelay () {
+    // TODO use URL from view/settings
+    return !!this.nip65Relays.find(r => r.url.match('wss://nostr.kosmos.org'))
+  }
 }

app/jobs/xmpp_exchange_contacts_job.rb

@@ -2,8 +2,8 @@ class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
   def perform(inviter, invitee)
-    return unless inviter.service_enabled?(:xmpp) &&
-                  invitee.service_enabled?(:xmpp) &&
+    return unless inviter.service_enabled?(:ejabberd) &&
+                  invitee.service_enabled?(:ejabberd) &&
                   inviter.preferences[:xmpp_exchange_contacts_with_invitees]
 
     ejabberd = EjabberdApiClient.new

app/models/concerns/settings/btcpay_settings.rb

@@ -0,0 +1,24 @@
+module Settings
+  module BtcpaySettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :btcpay_api_url, type: :string,
+        default: ENV["BTCPAY_API_URL"].presence
+
+      field :btcpay_enabled, type: :boolean,
+        default: ENV["BTCPAY_API_URL"].present?
+
+      field :btcpay_public_url, type: :string,
+        default: ENV["BTCPAY_PUBLIC_URL"].presence
+
+      field :btcpay_store_id, type: :string,
+        default: ENV["BTCPAY_STORE_ID"].presence
+
+      field :btcpay_auth_token, type: :string,
+        default: ENV["BTCPAY_AUTH_TOKEN"].presence
+
+      field :btcpay_publish_wallet_balances, type: :boolean, default: true
+    end
+  end
+end

app/models/concerns/settings/discourse_settings.rb

@@ -0,0 +1,16 @@
+module Settings
+  module DiscourseSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :discourse_public_url, type: :string,
+        default: ENV["DISCOURSE_PUBLIC_URL"].presence
+
+      field :discourse_enabled, type: :boolean,
+        default: ENV["DISCOURSE_PUBLIC_URL"].present?
+
+      field :discourse_connect_secret, type: :string,
+        default: ENV["DISCOURSE_CONNECT_SECRET"].presence
+    end
+  end
+end

app/models/concerns/settings/drone_ci_settings.rb

@@ -0,0 +1,13 @@
+module Settings
+  module DroneCiSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :droneci_public_url, type: :string,
+        default: ENV["DRONECI_PUBLIC_URL"].presence
+
+      field :droneci_enabled, type: :boolean,
+        default: ENV["DRONECI_PUBLIC_URL"].present?
+    end
+  end
+end

app/models/concerns/settings/ejabberd_settings.rb

@@ -0,0 +1,19 @@
+module Settings
+  module EjabberdSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :ejabberd_enabled, type: :boolean,
+        default: ENV["EJABBERD_API_URL"].present?
+
+      field :ejabberd_api_url, type: :string,
+        default: ENV["EJABBERD_API_URL"].presence
+
+      field :ejabberd_admin_url, type: :string,
+        default: ENV["EJABBERD_ADMIN_URL"].presence
+
+      field :ejabberd_buddy_roster, type: :string,
+        default: "Buddies"
+    end
+  end
+end

app/models/concerns/settings/email_settings.rb

@@ -0,0 +1,28 @@
+module Settings
+  module EmailSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :email_enabled, type: :boolean,
+        default: ENV["EMAIL_SMTP_HOST"].present?
+
+      # field :email_smtp_host, type: :string,
+      #   default: ENV["EMAIL_SMTP_HOST"].presence
+      #
+      # field :email_smtp_port, type: :string,
+      #   default: ENV["EMAIL_SMTP_PORT"].presence || 587
+      #
+      # field :email_smtp_enable_starttls, type: :string,
+      #   default: ENV["EMAIL_SMTP_PORT"].presence || true
+      #
+      # field :email_auth_method, type: :string,
+      #   default: ENV["EMAIL_AUTH_METHOD"].presence || "plain"
+      #
+      # field :email_imap_host, type: :string,
+      #   default: ENV["EMAIL_IMAP_HOST"].presence
+      #
+      # field :email_imap_port, type: :string,
+      #   default: ENV["EMAIL_IMAP_PORT"].presence || 993
+    end
+  end
+end

app/models/concerns/settings/general_settings.rb

@@ -0,0 +1,34 @@
+module Settings
+  module GeneralSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :primary_domain, type: :string,
+        default: ENV["PRIMARY_DOMAIN"].presence
+
+      field :accounts_domain, type: :string,
+        default: ENV["AKKOUNTS_DOMAIN"].presence
+
+      #
+      # Internal services
+      #
+
+      field :redis_url, type: :string,
+        default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
+
+      field :s3_enabled, type: :boolean,
+        default: ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
+
+      field :sentry_enabled, type: :boolean, readonly: true,
+        default: ENV["SENTRY_DSN"].present?
+
+      #
+      # Registrations
+      #
+
+      field :reserved_usernames, type: :array, default: %w[
+        account accounts donations mail webmaster support
+      ]
+    end
+  end
+end

app/models/concerns/settings/gitea_settings.rb

@@ -0,0 +1,13 @@
+module Settings
+  module GiteaSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :gitea_public_url, type: :string,
+        default: ENV["GITEA_PUBLIC_URL"].presence
+
+      field :gitea_enabled, type: :boolean,
+        default: ENV["GITEA_PUBLIC_URL"].present?
+    end
+  end
+end

app/models/concerns/settings/lightning_network_settings.rb

@@ -0,0 +1,25 @@
+module Settings
+  module LightningNetworkSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :lndhub_api_url, type: :string,
+        default: ENV["LNDHUB_API_URL"].presence
+
+      field :lndhub_enabled, type: :boolean,
+        default: ENV["LNDHUB_API_URL"].present?
+
+      field :lndhub_admin_token, type: :string,
+        default: ENV["LNDHUB_ADMIN_TOKEN"].presence
+
+      field :lndhub_admin_enabled, type: :boolean,
+        default: ENV["LNDHUB_ADMIN_UI"] || false
+
+      field :lndhub_public_key, type: :string,
+        default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
+
+      field :lndhub_keysend_enabled, type: :boolean,
+        default: -> { self.lndhub_public_key.present? }
+    end
+  end
+end

app/models/concerns/settings/mastodon_settings.rb

@@ -0,0 +1,16 @@
+module Settings
+  module MastodonSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :mastodon_public_url, type: :string,
+        default: ENV["MASTODON_PUBLIC_URL"].presence
+
+      field :mastodon_enabled, type: :boolean,
+        default: ENV["MASTODON_PUBLIC_URL"].present?
+
+      field :mastodon_address_domain, type: :string,
+        default: ENV["MASTODON_ADDRESS_DOMAIN"].presence || self.primary_domain
+    end
+  end
+end

app/models/concerns/settings/media_wiki_settings.rb

@@ -0,0 +1,13 @@
+module Settings
+  module MediaWikiSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :mediawiki_public_url, type: :string,
+        default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
+
+      field :mediawiki_enabled, type: :boolean,
+        default: ENV["MEDIAWIKI_PUBLIC_URL"].present?
+    end
+  end
+end

app/models/concerns/settings/nostr_settings.rb

@@ -0,0 +1,25 @@
+module Settings
+  module NostrSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :nostr_enabled, type: :boolean,
+        default: ENV["NOSTR_PRIVATE_KEY"].present?
+
+      field :nostr_private_key, type: :string,
+        default: ENV["NOSTR_PRIVATE_KEY"].presence
+
+      field :nostr_public_key, type: :string,
+        default: ENV["NOSTR_PUBLIC_KEY"].presence
+
+      field :nostr_public_key_primary_domain, type: :string,
+        default: ENV["NOSTR_PUBLIC_KEY_PRIMARY_DOMAIN"].presence
+
+      field :nostr_relay_url, type: :string,
+        default: ENV["NOSTR_RELAY_URL"].presence
+
+      field :nostr_zaps_relay_limit, type: :integer,
+        default: 12
+    end
+  end
+end

app/models/concerns/settings/open_collective_settings.rb

@@ -0,0 +1,9 @@
+module Settings
+  module OpenCollectiveSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :opencollective_enabled, type: :boolean, default: true
+    end
+  end
+end

app/models/concerns/settings/remote_storage_settings.rb

@@ -0,0 +1,16 @@
+module Settings
+  module RemoteStorageSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :remotestorage_enabled, type: :boolean,
+        default: ENV["RS_STORAGE_URL"].present?
+
+      field :rs_storage_url, type: :string,
+        default: ENV["RS_STORAGE_URL"].presence
+
+      field :rs_redis_url, type: :string,
+        default: ENV["RS_REDIS_URL"] || "redis://localhost:6379/1"
+    end
+  end
+end

app/models/concerns/settings/xmpp_settings.rb

@@ -0,0 +1,11 @@
+module Settings
+  module XmppSettings
+    extend ActiveSupport::Concern
+
+    included do
+      field :xmpp_default_rooms, type: :array, default: []
+      field :xmpp_autojoin_default_rooms, type: :boolean, default: false
+      field :xmpp_notifications_from_address, type: :string, default: primary_domain
+    end
+  end
+end

app/models/setting.rb

@@ -2,226 +2,30 @@
 class Setting < RailsSettings::Base
   cache_prefix { "v1" }
 
-  field :primary_domain, type: :string,
-    default: ENV["PRIMARY_DOMAIN"].presence
-
-  field :accounts_domain, type: :string,
-    default: ENV["AKKOUNTS_DOMAIN"].presence
-
-  #
-  # Internal services
-  #
-
-  field :redis_url, type: :string,
-    default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
-
-  field :s3_enabled, type: :boolean,
-    default: ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
-
-  #
-  # Registrations
-  #
-
-  field :reserved_usernames, type: :array, default: %w[
-    account accounts donations mail webmaster support
-  ]
-
-  #
-  # XMPP
-  #
-
-  field :xmpp_default_rooms, type: :array, default: []
-  field :xmpp_autojoin_default_rooms, type: :boolean, default: false
-  field :xmpp_notifications_from_address, type: :string, default: primary_domain
-
-  #
-  # Sentry
-  #
-
-  field :sentry_enabled, type: :boolean, readonly: true,
-    default: ENV["SENTRY_DSN"].present?
-
-  #
-  # BTCPay Server
-  #
-
-  field :btcpay_api_url, type: :string,
-    default: ENV["BTCPAY_API_URL"].presence
-
-  field :btcpay_enabled, type: :boolean,
-    default: ENV["BTCPAY_API_URL"].present?
-
-  field :btcpay_public_url, type: :string,
-    default: ENV["BTCPAY_PUBLIC_URL"].presence
-
-  field :btcpay_store_id, type: :string,
-    default: ENV["BTCPAY_STORE_ID"].presence
-
-  field :btcpay_auth_token, type: :string,
-    default: ENV["BTCPAY_AUTH_TOKEN"].presence
-
-  field :btcpay_publish_wallet_balances, type: :boolean, default: true
-
-  #
-  # Discourse
-  #
-
-  field :discourse_public_url, type: :string,
-    default: ENV["DISCOURSE_PUBLIC_URL"].presence
-
-  field :discourse_enabled, type: :boolean,
-    default: ENV["DISCOURSE_PUBLIC_URL"].present?
-
-  field :discourse_connect_secret, type: :string,
-    default: ENV["DISCOURSE_CONNECT_SECRET"].presence
-
-  #
-  # Drone CI
-  #
-
-  field :droneci_public_url, type: :string,
-    default: ENV["DRONECI_PUBLIC_URL"].presence
-
-  field :droneci_enabled, type: :boolean,
-    default: ENV["DRONECI_PUBLIC_URL"].present?
-
-  #
-  # ejabberd
-  #
-
-  field :ejabberd_enabled, type: :boolean,
-    default: ENV["EJABBERD_API_URL"].present?
-
-  field :ejabberd_api_url, type: :string,
-    default: ENV["EJABBERD_API_URL"].presence
-
-  field :ejabberd_admin_url, type: :string,
-    default: ENV["EJABBERD_ADMIN_URL"].presence
-
-  field :ejabberd_buddy_roster, type: :string,
-    default: "Buddies"
-
-  #
-  # Gitea
-  #
-
-  field :gitea_public_url, type: :string,
-    default: ENV["GITEA_PUBLIC_URL"].presence
-
-  field :gitea_enabled, type: :boolean,
-    default: ENV["GITEA_PUBLIC_URL"].present?
-
-  #
-  # Lightning Network
-  #
-
-  field :lndhub_api_url, type: :string,
-    default: ENV["LNDHUB_API_URL"].presence
-
-  field :lndhub_enabled, type: :boolean,
-    default: ENV["LNDHUB_API_URL"].present?
-
-  field :lndhub_admin_token, type: :string,
-    default: ENV["LNDHUB_ADMIN_TOKEN"].presence
-
-  field :lndhub_admin_enabled, type: :boolean,
-    default: ENV["LNDHUB_ADMIN_UI"] || false
-
-  field :lndhub_public_key, type: :string,
-    default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
-
-  field :lndhub_keysend_enabled, type: :boolean,
-    default: -> { self.lndhub_public_key.present? }
-
-  #
-  # Mastodon
-  #
-
-  field :mastodon_public_url, type: :string,
-    default: ENV["MASTODON_PUBLIC_URL"].presence
-
-  field :mastodon_enabled, type: :boolean,
-    default: ENV["MASTODON_PUBLIC_URL"].present?
-
-  field :mastodon_address_domain, type: :string,
-    default: ENV["MASTODON_ADDRESS_DOMAIN"].presence || self.primary_domain
-
-  #
-  # MediaWiki
-  #
-
-  field :mediawiki_public_url, type: :string,
-    default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
-
-  field :mediawiki_enabled, type: :boolean,
-    default: ENV["MEDIAWIKI_PUBLIC_URL"].present?
-
-  #
-  # Nostr
-  #
-
-  field :nostr_enabled, type: :boolean,
-    default: ENV["NOSTR_PRIVATE_KEY"].present?
-
-  field :nostr_private_key, type: :string,
-    default: ENV["NOSTR_PRIVATE_KEY"].presence
-
-  field :nostr_public_key, type: :string,
-    default: ENV["NOSTR_PUBLIC_KEY"].presence
-
-  field :nostr_relay_url, type: :string,
-    default: ENV["NOSTR_RELAY_URL"].presence
-
-  field :nostr_zaps_relay_limit, type: :integer,
-    default: 12
-
-  #
-  # OpenCollective
-  #
-
-  field :opencollective_enabled, type: :boolean, default: true
-
-  #
-  # RemoteStorage
-  #
-
-  field :remotestorage_enabled, type: :boolean,
-    default: ENV["RS_STORAGE_URL"].present?
-
-  field :rs_storage_url, type: :string,
-    default: ENV["RS_STORAGE_URL"].presence
-
-  field :rs_redis_url, type: :string,
-    default: ENV["RS_REDIS_URL"] || "redis://localhost:6379/1"
-
-
-  #
-  # E-Mail Service
-  #
-
-  field :email_enabled, type: :boolean,
-    default: ENV["EMAIL_SMTP_HOST"].present?
-
-  # field :email_smtp_host, type: :string,
-  #   default: ENV["EMAIL_SMTP_HOST"].presence
-  #
-  # field :email_smtp_port, type: :string,
-  #   default: ENV["EMAIL_SMTP_PORT"].presence || 587
-  #
-  # field :email_smtp_enable_starttls, type: :string,
-  #   default: ENV["EMAIL_SMTP_PORT"].presence || true
-  #
-  # field :email_auth_method, type: :string,
-  #   default: ENV["EMAIL_AUTH_METHOD"].presence || "plain"
-  #
-  # field :email_imap_host, type: :string,
-  #   default: ENV["EMAIL_IMAP_HOST"].presence
-  #
-  # field :email_imap_port, type: :string,
-  #   default: ENV["EMAIL_IMAP_PORT"].presence || 993
-
-  def self.default_services
-    # TODO Make configurable from respective service settings page
-    %w[ discourse gitea mastodon mediawiki xmpp ]
+  Dir[Rails.root.join('app', 'models', 'concerns', 'settings', '*.rb')].each do |file|
+    require file
   end
+
+  include Settings::GeneralSettings
+  include Settings::BtcpaySettings
+  include Settings::DiscourseSettings
+  include Settings::DroneCiSettings
+  include Settings::EjabberdSettings
+  include Settings::EmailSettings
+  include Settings::GiteaSettings
+  include Settings::LightningNetworkSettings
+  include Settings::MastodonSettings
+  include Settings::MediaWikiSettings
+  include Settings::NostrSettings
+  include Settings::OpenCollectiveSettings
+  include Settings::RemoteStorageSettings
+  include Settings::XmppSettings
+
+  def self.available_services
+    known_services = SERVICES[:external].keys
+    known_services.select {|s| Setting.send "#{s}_enabled?" }
+  end
+
+  field :default_services, type: :array,
+    default: self.available_services
 end

app/models/user.rb

@@ -180,14 +180,14 @@ class User < ApplicationRecord
   def enable_service(service)
     current_services = services_enabled
     new_services = Array(service).map(&:to_s)
-    services = (current_services + new_services).uniq
+    services = (current_services + new_services).uniq.sort
     ldap.replace_attribute(dn, :serviceEnabled, services)
   end
 
   def disable_service(service)
     current_services = services_enabled
     disabled_services = Array(service).map(&:to_s)
-    services = (current_services - disabled_services).uniq
+    services = (current_services - disabled_services).uniq.sort
     ldap.replace_attribute(dn, :serviceEnabled, services)
   end
 

app/views/admin/settings/registrations/show.html.erb

@@ -9,18 +9,36 @@
         <%= render partial: "admin/settings/errors", locals: { errors: @errors } %>
       <% end %>
 
-      <label class="block">
-        <p class="font-bold mb-1">Reserved usernames</p>
-        <p class="text-gray-500">
-          These usernames cannot be registered as accounts:
-        </p>
-        <%= f.text_area :reserved_usernames,
-          value: Setting.reserved_usernames.join("\n"),
-          class: "h-44 mb-2" %>
-        <p class="text-sm text-gray-500">
-          One username per line
-        </p>
-      </label>
+      <ul role="list">
+        <%= render FormElements::FieldsetComponent.new(
+              title: "Reserved usernames",
+              description: "These usernames cannot be registered as accounts."
+            ) do %>
+          <%= f.text_area :reserved_usernames,
+            value: Setting.reserved_usernames.join("\n"),
+            class: "h-44 w-60" %>
+          <p class="text-sm text-gray-500">
+            One username per line
+          </p>
+        <% end %>
+        <li>
+          <p class="font-bold mb-1">Default services</p>
+          <p class="text-gray-500">
+            These services are enabled for new users by default after signup.
+          </p>
+          <div class="flex flex-wrap gap-x-6 gap-y-2">
+            <% Setting.available_services.each do |option| %>
+              <div class="md:inline-block">
+                <%= f.check_box :default_services,
+                  { multiple: true, checked: Setting.default_services.include?(option),
+                    class: "h-4 w-4 rounded border-gray-300 text-blue-600 focus:ring-blue-600 mr-0.5" },
+                  option, nil %>
+                <%= f.label "default_services_#{option.parameterize}", service_human_name(option) %>
+              </div>
+            <% end %>
+          </div>
+        </li>
+      </ul>
     </section>
 
     <section>

app/views/admin/settings/services/_nostr.html.erb

@@ -19,6 +19,11 @@
         title: "Public key",
         description: "The corresponding public key of the accounts service"
       ) %>
+  <%= render FormElements::FieldsetResettableSettingComponent.new(
+        key: :nostr_public_key_primary_domain,
+        title: "Public key for primary domain (NIP-05)",
+        description: "(optional) A different pubkey to announce for the _@#{Setting.primary_domain} Nostr address"
+      ) %>
   <%= render FormElements::FieldsetResettableSettingComponent.new(
         key: :nostr_relay_url,
         title: "Relay URL",

app/views/admin/settings/services/_remotestorage.html.erb

@@ -1,5 +1,4 @@
 <h3>RemoteStorage</h3>
-<p class="text-red-600 mb-8">Feature currently in development.</p>
 <ul role="list">
   <%= render FormElements::FieldsetToggleComponent.new(
     form: f,

app/views/admin/users/show.html.erb

@@ -184,7 +184,7 @@
           <td>XMPP (ejabberd)</td>
           <td>
             <%= render FormElements::ToggleComponent.new(
-              enabled: @services_enabled.include?("xmpp"),
+              enabled: @services_enabled.include?("ejabberd"),
               input_enabled: false
             ) %>
           </td>

app/views/contributions/projects/index.html.erb

@@ -43,7 +43,7 @@
     </p>
     <p>
       We have run two 6-month trials so far, with the next trial period
-      starting sometime in Q2 2024. Watch your email for notifications about it!
+      starting sometime soon. Watch your email for notifications about it!
     </p>
   </section>
 <% end %>

app/views/dashboard/index.html.erb

@@ -41,15 +41,16 @@
           <% end %>
         </div>
       <% end %>
-      <% if Setting.discourse_enabled? %>
+      <% if Setting.remotestorage_enabled? &&
+            Flipper.enabled?(:remotestorage, current_user) %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-[length:80%] bg-center bg-no-repeat
-                    bg-[url(/img/logos/icon_discourse.svg)]">
-          <%= link_to "#{Setting.discourse_public_url}/session/sso?return_path=/",
+                    bg-[length:80%] bg-[center_top_-156px] bg-no-repeat
+                    bg-[url(/img/logos/icon_remotestorage.svg)]">
+          <%= link_to services_storage_path,
                 class: "block h-full px-6 py-6 rounded-md" do %>
-            <h3 class="mb-3.5">Discourse</h3>
+            <h3 class="mb-3.5">Storage</h3>
             <p class="text-gray-600">
-              Community forums and support/help site
+              Sync your data between apps and devices
             </p>
           <% end %>
         </div>
@@ -67,16 +68,15 @@
           <% end %>
         </div>
       <% end %>
-      <% if Setting.remotestorage_enabled? &&
-            Flipper.enabled?(:remotestorage, current_user) %>
+      <% if Setting.discourse_enabled? %>
         <div class="border border-gray-300 rounded-md hover:border-gray-400
-                    bg-[length:80%] bg-[center_top_-156px] bg-no-repeat
-                    bg-[url(/img/logos/icon_remotestorage.svg)]">
-          <%= link_to services_storage_path,
+                    bg-[length:80%] bg-center bg-no-repeat
+                    bg-[url(/img/logos/icon_discourse.svg)]">
+          <%= link_to "#{Setting.discourse_public_url}/session/sso?return_path=/",
                 class: "block h-full px-6 py-6 rounded-md" do %>
-            <h3 class="mb-3.5">Storage</h3>
+            <h3 class="mb-3.5">Discourse</h3>
             <p class="text-gray-600">
-              Sync your data between apps and devices
+              Community forums and support/help site
             </p>
           <% end %>
         </div>

app/views/services/remotestorage/show.html.erb

@@ -2,15 +2,162 @@
 
 <%= render MainSimpleComponent.new do %>
   <section>
-    <h3 class="mb-10">Connected Apps</h3>
-    <% if @rs_auths.any? %>
-    <div class="w-full grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-y-10 gap-x-12">
-    <% @rs_auths.each do |auth| %>
-      <%= render RsAuthComponent.new(auth: auth) %>
-    <% end %>
+    <p class="mb-6">
+      Store and synchronize your app data across different devices.
+    </p>
+  </section>
+
+  <%= render partial: "shared/tabnav_remotestorage" %>
+
+  <section>
+    <h3>Your Storage Address</h3>
+    <p class="mb-6">
+      In order to connect an app to your storage account, give it your address:
+    </p>
+    <p data-controller="clipboard" class="flex items-center gap-1 sm:w-2/5">
+      <img src="/img/logos/icon_remotestorage.svg" class="inline-block h-6 w-6 mr-1">
+      <input type="text" id="user_address" class="grow"
+             value=<%= current_user.address %> disabled="disabled"
+             data-clipboard-target="source" />
+      <button id="copy-user-address" class="btn-md btn-icon btn-outline shrink-0"
+              data-clipboard-target="trigger" data-action="clipboard#copy"
+              title="Copy to clipboard">
+        <span class="content-initial">
+          <%= render partial: "icons/copy", locals: { custom_class: "text-blue-600 h-4 w-4 inline" } %>
+        </span>
+        <span class="content-active hidden">
+          <%= render partial: "icons/check", locals: { custom_class: "text-blue-600 h-4 w-4 inline" } %>
+        </span>
+      </button>
+    </p>
+  </section>
+
+  <section>
+    <h3>Compatible Apps</h3>
+    <p>
+      Your Storage account is based on a new open standard called
+      <a href="https://remotestorage.io" target="_blank">
+        <img src="/img/logos/icon_remotestorage.svg" class="h-4 w-4 inline">
+        <strong>remoteStorage</strong>
+      </a>, which is not yet widely supported.  Look
+      for the remoteStorage icon, or check the Sync settings in apps.
+    </p>
+    <p>
+      If you want your favorite apps to support syncing data with your own
+      Storage account, let the developers know! All relevant information is
+      available on the <a href="https://remotestorage.io"
+        target="_blank" class="ks-text-link">remoteStorage website</a>.
+    </p>
+  </section>
+
+  <section>
+    <h3>Recommended Apps</h3>
+    <div data-controller="tabs"
+         data-tabs-active-tab-class="-mb-px border-gray-200 border-l border-t border-r rounded-t text-indigo-600 hover:text-indigo-600"
+         data-tabs-inactive-tab-class="text-gray-500 hover:text-gray-700"
+         class="mb-12">
+      <select data-action="tabs#change" data-tabs-target="select"
+              class="block w-full mb-8 sm:hidden">
+        <option>Productivity</option>
+        <option>Bookmarks</option>
+        <option>Reading</option>
+        <option>File sharing</option>
+        <option>Learning</option>
+      </select>
+      <ul class="hidden sm:flex list-reset mb-8 border-gray-200 border-b">
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Productivity
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Bookmarks
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Reading
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            File sharing
+          </a>
+        </li>
+        <li class="mr-2" data-tabs-target="tab" data-action="click->tabs#change:prevent">
+          <a href="#" class="bg-white inline-block py-2 px-4 font-semibold no-underline">
+            Learning
+          </a>
+        </li>
+      </ul>
+
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Hyperdraft",
+          description: "Create text notes and (optionally) turn them into a website",
+          icon_path: "/img/app_icons/hyperdraft.png",
+          links: [
+            ["Website", "https://hyperdraft.rosano.ca"],
+          ]
+        ) %>
+        <%= render AppInfoComponent.new(
+          name: "Notes Together",
+          description: "A powerful note-taking app, with support for attaching images and other files",
+          icon_path: "/img/app_icons/notes-together.png",
+          links: [
+            ["Web App", "https://notestogether.hominidsoftware.com"],
+          ]
+        ) %>
+        <%= render AppInfoComponent.new(
+          name: "Papiers",
+          description: "A simple note-taking app",
+          icon_path: "/img/app_icons/papiers.png",
+          links: [
+            ["Web App", "https://papiers.gitlab.io"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Webmarks",
+          description: "Archive your bookmarks in your remote storage",
+          icon_path: "/img/app_icons/webmarks.png",
+          links: [
+            ["Web App", "https://webmarks.5apps.com"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Pétrolette",
+          description: "A news aggregator that syncs with your remote storage",
+          icon_path: "/img/app_icons/petrolette.png",
+          links: [
+            ["Web App", "https://petrolette.space"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Sharesome",
+          description: "Quickly and easily share files from your remote storage",
+          icon_path: "/img/app_icons/sharesome.png",
+          links: [
+            ["Web App", "https://sharesome.5apps.com"],
+          ]
+        ) %>
+      </div>
+      <div class="hidden grid grid-cols-1 gap-6" data-tabs-target="panel">
+        <%= render AppInfoComponent.new(
+          name: "Kommit",
+          description: "Create flashcards and learn them with spaced-repetition",
+          icon_path: "/img/app_icons/kommit.png",
+          links: [
+            ["Website", "https://kommit.rosano.ca"],
+          ]
+        ) %>
+      </div>
     </div>
-    <% else %>
-    <p>No apps connected yet.</p>
-    <% end %>
   </section>
 <% end %>

app/views/services/rs_auths/index.html.erb

@@ -0,0 +1,33 @@
+<%= render HeaderComponent.new(title: "Storage") %>
+
+<%= render MainSimpleComponent.new do %>
+  <section>
+    <p class="mb-6">
+      Store and synchronize your app data across different devices.
+    </p>
+  </section>
+
+  <%= render partial: "shared/tabnav_remotestorage" %>
+
+  <section>
+    <% if @rs_auths.any? %>
+      <div class="w-full grid grid-cols-1 sm:grid-cols-2 lg:grid-cols-3 gap-y-10 gap-x-12 mt-4">
+      <% @rs_auths.each do |auth| %>
+        <%= render RsAuthComponent.new(auth: auth) %>
+      <% end %>
+    </div>
+    <% else %>
+      <div class="text-center">
+        <p class="mt-4 mb-12 inline-flex align-center items-center">
+          <%= image_tag("/img/illustrations/undraw_friends_r511.svg", class: 'h-48') %>
+        </p>
+        <h3>
+          No apps connected
+        </h3>
+        <p class="text-gray-500">
+          When connected, your apps will show up here.
+        </p>
+      </div>
+    <% end %>
+  </section>
+<% end %>

app/views/settings/_nostr.html.erb

@@ -1,46 +1,32 @@
-<section>
-  <h3>Nostr</h3>
-  <h4 class="mb-0">Public Key</h4>
-  <div data-controller="settings--nostr-pubkey"
-       data-settings--nostr-pubkey-user-address-value="<%= current_user.address %>"
-       data-settings--nostr-pubkey-site-value="<%= Setting.accounts_domain %>"
-       data-settings--nostr-pubkey-shared-secret-value="<%= session[:shared_secret] %>"
-       data-settings--nostr-pubkey-pubkey-hex-value="<%= current_user.nostr_pubkey %>">
-
-    <p class="<%= current_user.nostr_pubkey.present? ? '' : 'hidden' %> mt-2 flex gap-1">
+<div data-controller="settings--nostr-pubkey"
+     data-settings--nostr-pubkey-user-address-value="<%= current_user.address %>"
+     data-settings--nostr-pubkey-site-value="<%= Setting.accounts_domain %>"
+     data-settings--nostr-pubkey-shared-secret-value="<%= session[:shared_secret] %>"
+     data-settings--nostr-pubkey-pubkey-hex-value="<%= current_user.nostr_pubkey %>">
+  <section>
+    <h3>Nostr</h3>
+    <h4 class="mb-0">
+      Public Key
+    </h4>
+    <p class="<%= current_user.nostr_pubkey.present? ? '' : 'hidden' %> mt-2 flex gap-x-1">
       <input type="text" value="<%= current_user.nostr_pubkey_bech32 %>" disabled
              data-settings--nostr-pubkey-target="pubkeyBech32Input"
-             name="nostr_public_key" class="relative grow" />
+             name="nostr_public_key" class="w-full" />
       <%= link_to nostr_pubkey_settings_path,
-            class: 'btn-md btn-outline text-red-700 relative shrink-0',
+            class: 'btn-md btn-outline relative grow-0 shrink-0 text-red-700',
             data: { turbo_method: :delete, turbo_confirm: 'Are you sure?' } do %>
         Remove
       <% end %>
     </p>
 
     <% if current_user.nostr_pubkey.present? %>
-    <div class="rounded-md bg-blue-50 p-4">
-      <div class="flex">
-        <div class="flex-shrink-0">
-          <svg class="h-5 w-5 text-blue-400" viewBox="0 0 20 20" fill="currentColor" aria-hidden="true">
-            <path fill-rule="evenodd" d="M18 10a8 8 0 11-16 0 8 8 0 0116 0zm-7-4a1 1 0 11-2 0 1 1 0 012 0zM9 9a.75.75 0 000 1.5h.253a.25.25 0 01.244.304l-.459 2.066A1.75 1.75 0 0010.747 15H11a.75.75 0 000-1.5h-.253a.25.25 0 01-.244-.304l.459-2.066A1.75 1.75 0 009.253 9H9z" clip-rule="evenodd" />
-          </svg>
-        </div>
-        <div class="ml-3 flex-1">
-          <p class="text-sm text-blue-800">
-            Your user address <strong><%= current_user.address %></strong> is
-            also a Nostr address now. Use your favorite Nostr app, or for
-            example <a href="http://metadata.nostr.com" target="_blank"
-              class="underline">metadata.nostr.com</a>, to add this
-            <strong>NIP-05</strong> address to your public profile.
-          </p>
-        </div>
-      </div>
-    </div>
+    <!-- <div> -->
+    <!--   Pubkey present -->
+    <!-- </div> -->
     <% else %>
     <p class="my-4">
-      If you use any apps on the Nostr network, you can verify your public key
-      with us in order to enable Nostr-specific features for your account.
+      Verify your Nostr public key with us in order to enable Nostr-specific
+      features for your account.
     </p>
     <% end %>
 
@@ -58,8 +44,8 @@
           </h3>
           <div class="mt-2 mb-0 text-sm text-blue-800">
             <p>
-              We recommend Alby, which you can also use for your Lightning
-              Wallet.
+              We recommend Alby, which you can also use a wallet for your
+              Lightning account.
             </p>
           </div>
           <div class="mt-4">
@@ -86,5 +72,113 @@
       </button>
     </p>
     <% end %>
-  </div>
-</section>
+  </section>
+
+  <% if current_user.nostr_pubkey.present? %>
+    <section>
+      <h3>Profile</h3>
+      <div data-settings--nostr-pubkey-target="profileStatus" class="mb-4">
+        <p class="status-green hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-emerald-500 %>">
+            <%= render "icons/check-circle" %>
+          </span>
+          <span>
+            You already have a profile for your public key
+          </span>
+        </p>
+        <p class="status-orange hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            <strong><%= current_user.address %></strong> is not set as your Nostr address
+          </span>
+        </p>
+      </div>
+      <div data-settings--nostr-pubkey-target="profileStatusNip05" class="mb-4">
+        <p class="status-green hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-emerald-500 %>">
+            <%= render "icons/check-circle" %>
+          </span>
+          <span>
+            <strong><%= current_user.address %></strong> is set as your Nostr address
+          </span>
+        </p>
+        <p class="status-orange hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            <strong><%= current_user.address %></strong> is not set as your Nostr address
+          </span>
+        </p>
+        <p class="status-red hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            Your profile's Nostr address is not set to <strong><%= current_user.address %></strong> yet
+          </span>
+        </p>
+      </div>
+      <div data-settings--nostr-pubkey-target="profileStatusLud16">
+        <p class="status-green hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-emerald-500 %>">
+            <%= render "icons/check-circle" %>
+          </span>
+          <span>
+            <strong><%= current_user.address %></strong> is set as your Lightning address
+          </span>
+        </p>
+        <p class="status-orange hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            <strong><%= current_user.address %></strong> is not set as your Lightning address yet
+          </span>
+        </p>
+        <p class="status-red hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            Your profile's Lightning address is not set to <strong><%= current_user.address %></strong> yet
+          </span>
+        </p>
+      </div>
+    </section>
+
+    <section>
+      <h3>Relays</h3>
+      <div data-settings--nostr-pubkey-target="relayListStatus">
+        <p class="status-green hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-emerald-500 %>">
+            <%= render "icons/check-circle" %>
+          </span>
+          <span>
+            You have a relay list, and the Kosmos relay is part of it
+          </span>
+        </p>
+        <p class="status-orange hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            The Kosmos relay is missing from your relay list
+          </span>
+        </p>
+        <p class="status-red hidden flex gap-x-4 items-center">
+          <span class="inline-block h-6 w-6 grow-0 text-amber-500 %>">
+            <%= render "icons/alert-octagon" %>
+          </span>
+          <span>
+            We could not find a relay list for your public key
+          </span>
+        </p>
+      </div>
+      <ul data-settings--nostr-pubkey-target="relayList">
+      </ul>
+    </section>
+  <% end %>
+</div>

app/views/shared/_tabnav_remotestorage.html.erb

@@ -0,0 +1,14 @@
+<section>
+  <div class="border-b border-gray-200">
+    <nav class="-mb-px flex" aria-label="Tabs">
+      <%= render TabnavLinkComponent.new(
+        name: "Info", path: services_storage_path,
+        active: current_page?(services_storage_path)
+      ) %>
+      <%= render TabnavLinkComponent.new(
+        name: "Connected Apps", path: apps_services_storage_path,
+        active: current_page?(apps_services_storage_path)
+      ) %>
+    </nav>
+  </div>
+</section>

config/importmap.rb

@@ -6,3 +6,4 @@ pin "@hotwired/stimulus", to: "stimulus.min.js", preload: true
 pin "@hotwired/stimulus-loading", to: "stimulus-loading.js", preload: true
 pin_all_from "app/javascript/controllers", under: "controllers"
 pin "tailwindcss-stimulus-components" # @4.0.3
+pin "nostrify"

config/initializers/service_details.rb

@@ -0,0 +1,2 @@
+config_path = Rails.root.join('config', 'services.yml')
+SERVICES = YAML.load_file(config_path).deep_symbolize_keys.with_indifferent_access

config/routes.rb

@@ -48,7 +48,8 @@ Rails.application.routes.draw do
     end
 
     resource :storage, controller: 'remotestorage', only: [:show] do
-      resources :rs_auths, only: [:destroy] do
+      get :apps, to: "rs_auths#index"
+      resources :rs_auths, only: [:index, :destroy] do
         member do
           get :revoke, to: 'rs_auths#destroy'
           get :launch_app

config/services.yml

@@ -0,0 +1,30 @@
+internal:
+  btcpay:
+    name: BTCPay Server
+  postgres:
+    name: PostgreSQL
+  sentry:
+    name: Sentry
+external:
+  discourse:
+    name: Discourse
+  droneci:
+    name: Drone CI
+  ejabberd:
+    display_name: Chat
+  email:
+    name: E-Mail
+  gitea:
+    name: Gitea
+  lndhub:
+    name: LNDHub
+    display_name: Lightning Network
+  mastodon:
+    name: Mastodon
+  mediawiki:
+    name: MediaWiki
+  nostr:
+    name: Nostr
+  remotestorage:
+    name: remoteStorage
+    display_name: Storage

package.json

@@ -11,7 +11,7 @@
     "postcss-preset-env": "^7.8.3",
     "tailwindcss": "^3.2.4"
   },
-  "version": "0.9.0",
+  "version": "0.10.0",
   "scripts": {
     "build:css:tailwind": "tailwindcss --postcss -i ./app/assets/stylesheets/application.tailwind.css -o ./app/assets/builds/application.css",
     "build:css": "yarn run build:css:tailwind"

spec/helpers/services_helper_spec.rb

@@ -0,0 +1,25 @@
+require 'rails_helper'
+
+describe ServicesHelper do
+
+  describe "#service_human_name" do
+    it "returns the human name when it's configured" do
+      expect(service_human_name("mastodon")).to eq("Mastodon")
+    end
+
+    it "returns the key when there is no human name" do
+      expect(service_human_name("ejabberd")).to eq("ejabberd")
+    end
+  end
+
+  describe "#service_display_name" do
+    it "returns the display name when it's configured" do
+      expect(service_display_name("lndhub")).to eq("Lightning Network")
+    end
+
+    it "returns the human name when there is no display name" do
+      expect(service_display_name("mastodon")).to eq("Mastodon")
+    end
+  end
+
+end

spec/jobs/create_ldap_user_job_spec.rb

@@ -44,7 +44,7 @@ RSpec.describe CreateLdapUserJob, type: :job do
 
   it "adds default services for pre-confirmed accounts" do
     allow(ldap_client_mock).to receive(:add) # spy on mock
-    allow(Setting).to receive(:default_services).and_return(["xmpp", "discourse"])
+    Setting.default_services = ["ejabberd", "discourse"]
 
     perform_enqueued_jobs { job_for_preconfirmed_account }
 
@@ -56,7 +56,7 @@ RSpec.describe CreateLdapUserJob, type: :job do
         sn: "halfinney",
         uid: "halfinney",
         mail: "halfinney@example.com",
-        serviceEnabled: ["xmpp", "discourse"],
+        serviceEnabled: ["ejabberd", "discourse"],
         userPassword: "remember-remember-the-5th-of-november"
       }
     )

spec/jobs/xmpp_exchange_contacts_job_spec.rb

@@ -13,7 +13,7 @@ RSpec.describe XmppExchangeContactsJob, type: :job do
   before do
     stub_request(:post, "http://xmpp.example.com/api/add_rosteritem")
       .to_return(status: 200, body: "", headers: {})
-    allow_any_instance_of(User).to receive(:services_enabled).and_return(["xmpp"])
+    allow_any_instance_of(User).to receive(:services_enabled).and_return(["ejabberd"])
   end
 
   it "posts add_rosteritem commands to the ejabberd API" do

spec/models/setting_spec.rb

@@ -0,0 +1,25 @@
+require 'rails_helper'
+
+RSpec.describe Setting, type: :model do
+
+  describe ".available_services" do
+    before do
+      Setting.discourse_enabled = true
+      Setting.ejabberd_enabled = true
+      Setting.email_enabled = false
+      Setting.gitea_enabled = false
+      Setting.lndhub_enabled = true
+      Setting.mastodon_enabled = true
+      Setting.mediawiki_enabled = false
+      Setting.nostr_enabled = false
+      Setting.remotestorage_enabled = true
+    end
+
+    it "contains all enabled services" do
+      expect(Setting.available_services).to eq(%w[
+        discourse ejabberd lndhub mastodon remotestorage
+      ])
+    end
+  end
+
+end

spec/models/user_spec.rb

@@ -78,9 +78,9 @@ RSpec.describe User, type: :model do
     it "returns the entries from the LDAP service attribute" do
       expect(user).to receive(:ldap_entry).and_return({
         uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-        services_enabled: ["discourse", "email", "gitea", "wiki", "xmpp"]
+        services_enabled: ["discourse", "ejabberd", "email", "gitea", "wiki"]
       })
-      expect(user.services_enabled).to eq(["discourse", "email", "gitea", "wiki", "xmpp"])
+      expect(user.services_enabled).to eq(["discourse", "ejabberd", "email", "gitea", "wiki"])
     end
   end
 
@@ -88,7 +88,7 @@ RSpec.describe User, type: :model do
     before do
       allow(user).to receive(:ldap_entry).and_return({
         uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-        services_enabled: ["gitea", "xmpp"]
+        services_enabled: ["ejabberd", "gitea"]
       })
     end
 
@@ -121,9 +121,9 @@ RSpec.describe User, type: :model do
 
     it "adds multiple service to the LDAP entry" do
       expect_any_instance_of(LdapService).to receive(:replace_attribute)
-        .with(dn, :serviceEnabled, ["discourse", "gitea", "wiki", "xmpp"]).and_return(true)
+        .with(dn, :serviceEnabled, ["discourse", "ejabberd", "gitea", "wiki"]).and_return(true)
 
-      user.enable_service([:wiki, :xmpp])
+      user.enable_service([:ejabberd, :wiki])
     end
   end
 
@@ -131,7 +131,7 @@ RSpec.describe User, type: :model do
     before do
       allow(user).to receive(:ldap_entry).and_return({
         uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-        services_enabled: ["discourse", "gitea", "xmpp"]
+        services_enabled: ["discourse", "ejabberd", "gitea"]
       })
       allow(user).to receive(:dn).and_return(dn)
     end
@@ -140,14 +140,14 @@ RSpec.describe User, type: :model do
       expect_any_instance_of(LdapService).to receive(:replace_attribute)
         .with(dn, :serviceEnabled, ["discourse", "gitea"]).and_return(true)
 
-      user.disable_service(:xmpp)
+      user.disable_service(:ejabberd)
     end
 
     it "removes multiple services from the LDAP entry" do
       expect_any_instance_of(LdapService).to receive(:replace_attribute)
         .with(dn, :serviceEnabled, ["discourse"]).and_return(true)
 
-      user.disable_service([:xmpp, "gitea"])
+      user.disable_service([:ejabberd, "gitea"])
     end
   end
 
@@ -178,7 +178,7 @@ RSpec.describe User, type: :model do
     after { clear_enqueued_jobs }
 
     it "enables default services" do
-      expect(user).to receive(:enable_service).with(%w[ discourse gitea mastodon mediawiki xmpp ])
+      expect(user).to receive(:enable_service).with(Setting.default_services)
       user.send :devise_after_confirmation
     end
 

spec/requests/webfinger_spec.rb

@@ -44,7 +44,7 @@ RSpec.describe "WebFinger", type: :request do
         before do
           allow_any_instance_of(User).to receive(:ldap_entry).and_return({
             uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-            services_enabled: ["xmpp"]
+            services_enabled: ["ejabberd"]
           })
         end
 
@@ -92,7 +92,13 @@ RSpec.describe "WebFinger", type: :request do
           expect(rs_link["href"]).to eql("#{Setting.rs_storage_url}/tony")
 
           oauth_url = rs_link["properties"]["http://tools.ietf.org/html/rfc6749#section-4.2"]
-          expect(oauth_url).to eql("http://www.example.com/rs/oauth/tony")
+          expect(oauth_url).to eql("http://accounts.kosmos.org/rs/oauth/tony")
+        end
+
+        it "returns CORS headers" do
+          get "/.well-known/nostr.json?name=bobdylan"
+          expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
+          expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
         end
       end
 
@@ -100,7 +106,7 @@ RSpec.describe "WebFinger", type: :request do
         before do
           allow_any_instance_of(User).to receive(:ldap_entry).and_return({
             uid: user.cn, ou: user.ou, mail: user.email, admin: nil,
-            services_enabled: ["xmpp"]
+            services_enabled: ["ejabberd"]
           })
         end
 

spec/requests/well_known_spec.rb

@@ -46,7 +46,17 @@ RSpec.describe "Well-known URLs", type: :request do
         expect(res["names"]["bobdylan"]).to eq(user.nostr_pubkey)
       end
 
+      it "returns CORS headers" do
+        get "/.well-known/nostr.json?name=bobdylan"
+        expect(response.headers['Access-Control-Allow-Origin']).to eq("*")
+        expect(response.headers['Access-Control-Allow-Methods']).to eq('GET')
+      end
+
       context "without relay configured" do
+        before do
+          Setting.nostr_relay_url = ""
+        end
+
         it "does not include a recommended relay" do
           get "/.well-known/nostr.json?name=bobdylan"
           res = JSON.parse(response.body)
@@ -69,10 +79,36 @@ RSpec.describe "Well-known URLs", type: :request do
     end
 
     describe "placeholder username for domain's own pubkey" do
-      it "returns the configured nostr pubkey" do
-        get "/.well-known/nostr.json?name=_"
-        res = JSON.parse(response.body)
-        expect(res["names"]["_"]).to eq(Setting.nostr_public_key)
+      describe "for primary domain" do
+        context "no different pubkey configured for primary domain" do
+          it "returns the akkounts nostr pubkey" do
+            get "/.well-known/nostr.json?name=_"
+            res = JSON.parse(response.body)
+            expect(res["names"]["_"]).to eq("bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf")
+          end
+        end
+
+        context "different pubkey configured for primary domain" do
+          before do
+            Setting.nostr_public_key_primary_domain = "b3e8f62fbe41217ffc0aa1e178d297339932d8ba4f46d9c7df3b61575e78fecc"
+          end
+
+          it "returns the primary domain's nostr pubkey" do
+            get "/.well-known/nostr.json?name=_"
+            res = JSON.parse(response.body)
+            expect(res["names"]["_"]).to eq("b3e8f62fbe41217ffc0aa1e178d297339932d8ba4f46d9c7df3b61575e78fecc")
+          end
+        end
+      end
+
+      describe "for akkounts domain" do
+        it "returns the configured nostr pubkey" do
+          headers = { "X-Forwarded-Host" => "accounts.kosmos.org" }
+          get "/.well-known/nostr.json?name=_"
+
+          res = JSON.parse(response.body)
+          expect(res["names"]["_"]).to eq("bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf")
+        end
       end
 
       context "with relay configured" do

spec/services/nostr_manager/publish_zap_receipt_spec.rb

@@ -4,6 +4,10 @@ RSpec.describe NostrManager::PublishZapReceipt, type: :model do
   let(:user) { create :user, ln_account: "123456abcdef" }
   let(:zap) { create :zap, user: user }
 
+  before do
+    Setting.nostr_relay_url = ""
+  end
+
   describe "Default/delayed execution" do
     it "publishes zap receipts to all requested relays" do
       expect(NostrPublishEventJob).to receive(:perform_later)