WIP contribution nav

Reviewed-on: #133

.env.example

@@ -1,16 +1,39 @@
+AKKOUNTS_DOMAIN=accounts.example.com
+
+SMTP_SERVER=smtp.example.com
+SMTP_PORT=587
+SMTP_LOGIN=accounts
+SMTP_PASSWORD=123abc
+SMTP_FROM_ADDRESS=accounts@example.com
+SMTP_DOMAIN=example.com
+SMTP_AUTH_METHOD=plain
+SMTP_ENABLE_STARTTLS=auto
+
+REDIS_URL='redis://localhost:6379/1'
+
 LDAP_HOST=localhost
 LDAP_PORT=389
 LDAP_ADMIN_PASSWORD=passthebutter
-LDAP_SUFFIX="dc=kosmos,dc=org"
+LDAP_SUFFIX='dc=kosmos,dc=org'
 
 WEBHOOKS_ALLOWED_IPS='10.1.1.163'
 
+DISCOURSE_PUBLIC_URL='https://community.kosmos.org'
+DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
+
+GITEA_PUBLIC_URL='https://gitea.kosmos.org'
+MASTODON_PUBLIC_URL='https://kosmos.social'
+MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
+RS_STORAGE_URL='https://storage.kosmos.org'
+
+EJABBERD_ADMIN_URL='https://xmpp.kosmos.org/admin'
 EJABBERD_API_URL='https://xmpp.kosmos.org/api'
 
 BTCPAY_API_URL='http://localhost:23001/api/v1'
 
 LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+LNDHUB_PUBLIC_KEY='0123d3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
 LNDHUB_ADMIN_UI=true
 LNDHUB_PG_HOST=localhost
 LNDHUB_PG_PORT=5432

.env.test

@@ -1,8 +1,14 @@
+DISCOURSE_PUBLIC_URL='http://discourse.example.com'
+DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
+
 EJABBERD_API_URL='http://xmpp.example.com/api'
 
 BTCPAY_API_URL='http://btcpay.example.com/api/v1'
 
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
+
+RS_STORAGE_URL='https://storage.kosmos.org'
 
 WEBHOOKS_ALLOWED_IPS='10.1.1.23'

.gitea/release-drafter.yml

@@ -0,0 +1,13 @@
+name-template: 'v$RESOLVED_VERSION'
+tag-template: 'v$RESOLVED_VERSION'
+version-resolver:
+  major:
+    labels:
+      - 'release/major'
+  minor:
+    labels:
+      - 'release/minor'
+  patch:
+    labels:
+      - 'release/patch'
+  default: patch

.gitea/workflows/release_drafter.yml

@@ -0,0 +1,11 @@
+name: Release Drafter
+on:
+  pull_request:
+    types: [closed]
+jobs:
+  release_drafter_job:
+    name: Update release notes draft
+    runs-on: ubuntu-latest
+    steps:
+      - name: Release Drafter
+        uses: https://github.com/raucao/gitea-release-drafter@dev

Dockerfile

@@ -1,8 +1,13 @@
 # syntax=docker/dockerfile:1
 FROM ruby:2.7.6
-RUN apt-get update -qq && apt-get install -y curl ldap-utils
+
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
+RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
+      ldap-utils tini
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
+
 WORKDIR /akkounts
 COPY Gemfile /akkounts/Gemfile
 COPY Gemfile.lock /akkounts/Gemfile.lock
@@ -12,11 +17,5 @@ RUN gem install foreman
 RUN npm install -g yarn
 RUN yarn install
 
-# Add a script to be executed every time the container starts.
+ENTRYPOINT ["/usr/bin/tini", "--"]
-COPY docker/entrypoint.sh /usr/bin/
-RUN chmod +x /usr/bin/entrypoint.sh
-ENTRYPOINT ["entrypoint.sh"]
 EXPOSE 3000
-
-# Configure the main process to run when running the image
-CMD ["bin", "dev"]

Gemfile

@@ -32,13 +32,17 @@ gem 'lockbox'
 
 # Authentication
 gem 'warden'
-gem 'devise'
+gem 'devise', '~> 4.9.0'
 gem 'devise_ldap_authenticatable'
 gem 'net-ldap'
 
 # Utilities
 gem "rqrcode", "~> 2.0"
 gem 'rails-settings-cached', '~> 2.8.3'
+gem 'pagy', '~> 6.0', '>= 6.0.2'
+gem 'flipper'
+gem 'flipper-active_record'
+gem 'flipper-ui'
 
 # HTTP requests
 gem 'faraday'
@@ -47,6 +51,13 @@ gem 'faraday'
 gem 'sidekiq', '< 7'
 gem 'sidekiq-scheduler'
 
+# Service integrations
+gem 'discourse_api'
+
+# Monitoring
+gem "sentry-ruby"
+gem "sentry-rails"
+
 group :development, :test do
   # Use sqlite3 as the database for Active Record
   gem 'sqlite3', '~> 1.4'
@@ -61,6 +72,7 @@ group :development do
   gem 'letter_opener'
   gem 'letter_opener_web'
   gem 'faker'
+  gem 'solargraph'
 end
 
 group :test do

Gemfile.lock

@@ -68,7 +68,10 @@ GEM
       tzinfo (~> 2.0)
     addressable (2.8.1)
       public_suffix (>= 2.0.2, < 6.0)
+    ast (2.4.2)
+    backport (1.2.0)
     bcrypt (3.1.18)
+    benchmark (0.2.1)
     bindex (0.8.1)
     builder (3.2.4)
     byebug (11.1.3)
@@ -95,7 +98,7 @@ GEM
       activerecord (>= 5.a)
       database_cleaner-core (~> 2.0.0)
     database_cleaner-core (2.0.1)
-    devise (4.8.1)
+    devise (4.9.0)
       bcrypt (~> 3.0)
       orm_adapter (~> 0.1)
       railties (>= 4.1.0)
@@ -105,10 +108,16 @@ GEM
       devise (>= 3.4.1)
       net-ldap (>= 0.16.0)
     diff-lcs (1.5.0)
+    discourse_api (2.0.0)
+      faraday (~> 2.7)
+      faraday-follow_redirects
+      faraday-multipart
+      rack (>= 1.6)
     dotenv (2.8.1)
     dotenv-rails (2.8.1)
       dotenv (= 2.8.1)
       railties (>= 3.2)
+    e2mmap (0.1.0)
     erubi (1.11.0)
     et-orbi (1.2.7)
       tzinfo
@@ -122,8 +131,23 @@ GEM
     faraday (2.7.1)
       faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
+    faraday-follow_redirects (0.3.0)
+      faraday (>= 1, < 3)
+    faraday-multipart (1.0.4)
+      multipart-post (~> 2)
     faraday-net_http (3.0.2)
     ffi (1.15.5)
+    flipper (0.28.0)
+      concurrent-ruby (< 2)
+    flipper-active_record (0.28.0)
+      activerecord (>= 4.2, < 8)
+      flipper (~> 0.28.0)
+    flipper-ui (0.28.0)
+      erubi (>= 1.0.0, < 2.0.0)
+      flipper (~> 0.28.0)
+      rack (>= 1.4, < 3)
+      rack-protection (>= 1.5.3, <= 4.0.0)
+      sanitize (< 7)
     fugit (1.7.2)
       et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
@@ -135,9 +159,15 @@ GEM
     importmap-rails (1.1.5)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
+    jaro_winkler (1.5.4)
     jbuilder (2.11.5)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
+    json (2.6.3)
+    kramdown (2.4.0)
+      rexml
+    kramdown-parser-gfm (1.1.0)
+      kramdown (~> 2.0)
     launchy (2.5.0)
       addressable (~> 2.7)
     letter_opener (1.8.1)
@@ -162,6 +192,7 @@ GEM
     mini_mime (1.1.2)
     mini_portile2 (2.8.0)
     minitest (5.16.3)
+    multipart-post (2.3.0)
     net-imap (0.3.1)
       net-protocol
     net-ldap (0.17.1)
@@ -178,6 +209,10 @@ GEM
     nokogiri (1.13.9-x86_64-linux)
       racc (~> 1.4)
     orm_adapter (0.5.0)
+    pagy (6.0.2)
+    parallel (1.22.1)
+    parser (3.2.1.1)
+      ast (~> 2.4.1)
     pg (1.2.3)
     public_suffix (5.0.0)
     puma (4.3.12)
@@ -185,6 +220,8 @@ GEM
     raabro (1.4.0)
     racc (1.6.0)
     rack (2.2.4)
+    rack-protection (3.0.6)
+      rack
     rack-test (2.0.2)
       rack (>= 1.3)
     rails (7.0.4)
@@ -216,6 +253,7 @@ GEM
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
+    rainbow (3.1.1)
     rake (13.0.6)
     rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
@@ -225,9 +263,11 @@ GEM
     redis-client (0.11.2)
       connection_pool
     regexp_parser (2.6.1)
-    responders (3.0.1)
+    responders (3.1.0)
-      actionpack (>= 5.0)
+      actionpack (>= 5.2)
-      railties (>= 5.0)
+      railties (>= 5.2)
+    reverse_markdown (2.1.1)
+      nokogiri
     rexml (3.2.5)
     rqrcode (2.1.2)
       chunky_png (~> 1.0)
@@ -250,9 +290,30 @@ GEM
       rspec-mocks (~> 3.11)
       rspec-support (~> 3.11)
     rspec-support (3.12.0)
+    rubocop (1.48.1)
+      json (~> 2.3)
+      parallel (~> 1.10)
+      parser (>= 3.2.0.0)
+      rainbow (>= 2.2.2, < 4.0)
+      regexp_parser (>= 1.8, < 3.0)
+      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.26.0, < 2.0)
+      ruby-progressbar (~> 1.7)
+      unicode-display_width (>= 2.4.0, < 3.0)
+    rubocop-ast (1.28.0)
+      parser (>= 3.2.1.0)
+    ruby-progressbar (1.13.0)
     ruby2_keywords (0.0.5)
     rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
+    sanitize (6.0.1)
+      crass (~> 1.0.2)
+      nokogiri (>= 1.12.0)
+    sentry-rails (5.8.0)
+      railties (>= 5.0)
+      sentry-ruby (~> 5.8.0)
+    sentry-ruby (5.8.0)
+      concurrent-ruby (~> 1.0, >= 1.0.2)
     sidekiq (6.5.5)
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
@@ -262,6 +323,21 @@ GEM
       rufus-scheduler (~> 3.2)
       sidekiq (>= 4, < 7)
       tilt (>= 1.4.0)
+    solargraph (0.48.0)
+      backport (~> 1.2)
+      benchmark
+      bundler (>= 1.17.2)
+      diff-lcs (~> 1.4)
+      e2mmap
+      jaro_winkler (~> 1.5)
+      kramdown (~> 2.3)
+      kramdown-parser-gfm (~> 1.1)
+      parser (~> 3.0)
+      reverse_markdown (>= 1.0.5, < 3)
+      rubocop (>= 0.52)
+      thor (~> 1.0)
+      tilt (~> 2.0)
+      yard (~> 0.9, >= 0.9.24)
     sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
@@ -283,6 +359,7 @@ GEM
       railties (>= 6.0.0)
     tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
+    unicode-display_width (2.4.2)
     view_component (2.78.0)
       activesupport (>= 5.0.0, < 8.0)
       concurrent-ruby (~> 1.0)
@@ -298,11 +375,14 @@ GEM
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
+    webrick (1.7.0)
     websocket-driver (0.7.5)
       websocket-extensions (>= 0.1.0)
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
+    yard (0.9.28)
+      webrick (~> 1.7.0)
     zeitwerk (2.6.6)
 
 PLATFORMS
@@ -314,12 +394,16 @@ DEPENDENCIES
   capybara
   cssbundling-rails
   database_cleaner
-  devise
+  devise (~> 4.9.0)
   devise_ldap_authenticatable
+  discourse_api
   dotenv-rails
   factory_bot_rails
   faker
   faraday
+  flipper
+  flipper-active_record
+  flipper-ui
   importmap-rails
   jbuilder (~> 2.7)
   letter_opener
@@ -327,14 +411,18 @@ DEPENDENCIES
   listen (~> 3.2)
   lockbox
   net-ldap
+  pagy (~> 6.0, >= 6.0.2)
   pg (~> 1.2.3)
   puma (~> 4.1)
   rails (~> 7.0.2)
   rails-settings-cached (~> 2.8.3)
   rqrcode (~> 2.0)
   rspec-rails
+  sentry-rails
+  sentry-ruby
   sidekiq (< 7)
   sidekiq-scheduler
+  solargraph
   sprockets-rails
   sqlite3 (~> 1.4)
   stimulus-rails

README.md

@@ -14,18 +14,17 @@ so:
 
 1. Make sure [Docker Compose is installed][1] and Docker is running (included in
    Docker Desktop)
-2. Uncomment the `web` section in `docker-compose.yml`
+2. Uncomment the `redis`, `web`, and `sidekiq` sections in `docker-compose.yml`
 3. Run `docker compose up` and wait until 389ds announces its successful start
    in the log output
 4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`
 5. `docker compose run web rails ldap:setup`
-5. `docker compose run web rails db:setup`
+6. `docker compose run web rails db:setup`
 
 After these steps, you should have a working Rails app with a handful of test
 users running on [http://localhost:3000](http://localhost:3000).
-
 Log in with username "admin" and password "admin is admin". All users listed on
-[http://localhost:3000/admin/ldap_users](http://localhost:3000/admin/ldap_users)
+[http://localhost:3000/admin/users](http://localhost:3000/admin/users)
 have the password "user is user".
 
 ### Rails app
@@ -79,14 +78,26 @@ The setup task will first delete any existing entries in the directory tree
 Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
 with a fresh installation, delete both that directory as well as the container.
 
+### Solargraph
+
+[Solargraph](https://solargraph.org/) is a Ruby language server, which you may
+use with your editor to add features like auto-completion and syntax
+validation. You can add inline documentation for bundled gems with this
+command:
+
+    bundle exec yard gems
+
 ## Documentation
 
+### Rails
+
 * [Ruby on Rails](https://guides.rubyonrails.org/)
-* [Sass](https://sass-lang.com/documentation)
+* [Pagination](https://ddnexus.github.io/pagy/)
 
 ### Front-end
 
 * [Tailwind CSS](https://tailwindcss.com/)
+* [Sass](https://sass-lang.com/documentation)
 
 ### Testing
 
@@ -103,6 +114,10 @@ with a fresh installation, delete both that directory as well as the container.
 * [Sidekiq](https://github.com/mperham/sidekiq/wiki/)
 * [ActiveJob](https://github.com/mperham/sidekiq/wiki/Active-Job)
 
+### Feature Flags
+
+* [Flipper](https://www.flippercloud.io/docs/get-started/self-hosted)
+
 ## License
 
 [GNU Affero General Public License v3.0](https://choosealicense.com/licenses/agpl-3.0/)

app/assets/stylesheets/application.tailwind.css

@@ -4,7 +4,9 @@
 
 @import "components/base";
 @import "components/buttons";
+@import "components/dashboard_services";
 @import "components/forms";
 @import "components/links";
 @import "components/notifications";
+@import "components/pagination";
 @import "components/tables";

app/assets/stylesheets/components/base.css

@@ -36,10 +36,18 @@
     @apply mb-4 leading-6;
   }
 
+  main p:last-child {
+    @apply mb-0;
+  }
+
   main ul {
     @apply mb-6;
   }
 
+  main ul:last-child {
+    @apply mb-0;
+  }
+
   main ul li {
     @apply leading-6;
   }

app/assets/stylesheets/components/buttons.css

@@ -1,6 +1,6 @@
 @layer components {
   .btn {
-    @apply font-semibold rounded-md leading-none cursor-pointer text-center
+    @apply inline-block font-semibold rounded-md leading-none cursor-pointer text-center
            transition-colors duration-75 focus:outline-none focus:ring-4;
   }
 
@@ -32,8 +32,4 @@
     @apply bg-red-600 hover:bg-red-700 text-white
            focus:ring-red-500 focus:ring-opacity-75;
   }
-
-  input[type=text]:disabled {
-    @apply text-gray-700;
-  }
 }

app/assets/stylesheets/components/dashboard_services.css

@@ -0,0 +1,5 @@
+@layer components {
+  .services > div > a {
+    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 0, rgba(255,255,255,0.88) 100%);
+  }
+}

app/assets/stylesheets/components/forms.css

@@ -1,13 +1,18 @@
 @layer components {
   input[type=text], input[type=email], input[type=password],
   input[type=number], select, textarea {
-    @apply mt-1 rounded-md bg-gray-100 focus:bg-white
+    @apply rounded-md bg-gray-100 focus:bg-white
            border-transparent focus:border-transparent focus:ring-2
            focus:ring-blue-600 focus:ring-opacity-75;
   }
 
-  .field_with_errors {
+  input[type=text]:disabled,
-    @apply inline-block;
+  input[type=email]:disabled {
+    @apply text-gray-700;
+  }
+
+  input.field_with_errors {
+    @apply border-b-red-600;
   }
 
   .error-msg {

app/assets/stylesheets/components/links.css

@@ -5,10 +5,4 @@
     &:visited { @apply text-indigo-600; }
     &:active  { @apply text-red-600; }
   }
-
-  .devise-links {
-    a {
-      @apply ks-text-link;
-    }
-  }
 }

app/assets/stylesheets/components/pagination.css

@@ -0,0 +1,45 @@
+@layer components {
+  .pagy-nav.pagination {
+    @apply isolate inline-flex -space-x-px rounded-md shadow-sm;
+  }
+
+  .pagy-nav .page:not(.prev):not(.next) {
+    @apply hidden sm:inline-block;
+  }
+
+  .pagy-nav .page.next a {
+    @apply relative inline-flex items-center rounded-r-md border
+           border-gray-300 bg-white px-3 py-2 text-sm font-medium
+           text-gray-500 hover:bg-gray-100 focus:z-20;
+  }
+
+  .pagy-nav .page.prev a {
+    @apply relative inline-flex items-center rounded-l-md border
+           border-gray-300 bg-white px-3 py-2 text-sm font-medium
+           text-gray-500 hover:bg-gray-100 focus:z-20;
+  }
+
+  .pagy-nav .page.next.disabled {
+    @apply relative inline-flex items-center rounded-r-md border
+           border-gray-300 bg-gray-100 px-3 py-2 text-sm font-medium
+           text-gray-400 focus:z-20;
+  }
+
+  .pagy-nav .page.prev.disabled {
+    @apply relative inline-flex items-center rounded-l-md border
+           border-gray-300 bg-gray-100 px-3 py-2 text-sm font-medium
+           text-gray-400 focus:z-20;
+  }
+
+  .pagy-nav .page a, .page.gap {
+    @apply bg-white border-gray-300 text-gray-500 hover:bg-gray-100 relative
+           inline-flex items-center border px-4 py-2 text-sm font-medium
+           focus:z-20;
+  }
+
+  .pagy-nav .page.active {
+    @apply z-10 border-indigo-500 bg-indigo-50 text-indigo-600 relative
+           inline-flex items-center border px-4 py-2 text-sm font-medium
+           focus:z-20;
+  }
+}

app/assets/stylesheets/components/tables.css

@@ -7,16 +7,30 @@
     @apply text-left;
   }
 
-  table th {
+  table thead th {
     @apply pb-3.5 text-sm font-normal uppercase text-gray-500;
   }
 
+  table tbody th {
+    @apply text-left font-normal text-gray-500;
+  }
+
   table th:not(:last-of-type),
   table td:not(:last-of-type) {
     @apply pr-2;
   }
 
-  table td {
+  table td, tbody th {
     @apply py-2;
   }
+
+  table.divided {
+    @apply divide-y divide-gray-300;
+  }
+  table.divided tbody {
+    @apply divide-y divide-gray-200;
+  }
+  table.divided td, table.divided tbody th {
+    @apply py-3;
+  }
 }

app/components/form_elements/fieldset_component.html.erb

@@ -0,0 +1,29 @@
+<%= tag.public_send(@tag, class: "mb-6 last:mb-0") do %>
+  <% if @positioning == :vertical %>
+  <label class="block">
+    <p class="font-bold <%= @descripton.present? ? "mb-1" : "mb-2" %>">
+      <%= @title %>
+    </p>
+    <% if @descripton.present? %>
+    <p class="text-gray-500">
+      <%= @descripton %>
+    </p>
+    <% end %>
+    <%= content %>
+  </label>
+  <% elsif @positioning == :horizontal %>
+  <label class="block flex items-center justify-between">
+    <div class="flex flex-col">
+      <label class="font-bold mb-1"><%= @title %></label>
+      <% if @descripton.present? %>
+      <p class="text-gray-500"><%= @descripton %></p>
+      <% end %>
+    </div>
+    <div class="relative ml-4 inline-flex flex-shrink-0">
+      <%= content %>
+    </div>
+  </label>
+  <% else %>
+  <p>Invalid <code>positioning<code> argument for <code>FieldsetComponent</code>.</p>
+  <% end %>
+<% end %>

app/components/form_elements/fieldset_component.rb

@@ -0,0 +1,12 @@
+# frozen_string_literal: true
+
+module FormElements
+  class FieldsetComponent < ViewComponent::Base
+    def initialize(tag: "li", positioning: :vertical, title:, description: nil)
+      @tag         = tag
+      @positioning = positioning
+      @title       = title
+      @descripton  = description
+    end
+  end
+end

app/components/form_elements/fieldset_toggle_component.html.erb

@@ -0,0 +1,33 @@
+<%= tag.public_send @tag, class: "flex items-center justify-between mb-6 last:mb-0",
+      data: @form_enabled ? {
+        controller: "settings--toggle",
+        :'settings--toggle-switch-enabled-value' => @enabled.to_s
+      } : nil do %>
+  <div class="flex flex-col">
+    <label class="font-bold mb-1"><%= @title %></label>
+    <p class="text-gray-500"><%= @descripton %></p>
+  </div>
+  <div class="relative ml-4 inline-flex flex-shrink-0">
+    <%= render FormElements::ToggleComponent.new(
+          enabled: @enabled,
+          input_enabled: @input_enabled,
+          class_names: @form_enabled ? "hidden" : nil,
+          data: {
+            :'settings--toggle-target' => "button",
+            action: "settings--toggle#toggleSwitch"
+          }) %>
+    <% if @form_enabled %>
+      <% if @attribute.present? %>
+        <%= @form.check_box @attribute, {
+              checked: @enabled,
+              data: { :'settings--toggle-target' => "checkbox" }
+            }, "true", "false" %>
+      <% else %>
+        <input name="<%= @field_name %>" type="hidden" value="false" autocomplete="off">
+        <%= check_box_tag @field_name, "true", @enabled, {
+              data: { :'settings--toggle-target' => "checkbox" }
+            } %>
+      <% end %>
+    <% end %>
+  </div>
+<% end %>

app/components/form_elements/fieldset_toggle_component.rb

@@ -0,0 +1,19 @@
+# frozen_string_literal: true
+
+module FormElements
+  class FieldsetToggleComponent < ViewComponent::Base
+    def initialize(tag: "li", form: nil, attribute: nil, field_name: nil,
+                   enabled: false, input_enabled: true, title:, description:)
+      @tag = tag
+      @form = form
+      @attribute = attribute
+      @field_name = field_name
+      @form_enabled = @form.present? || @field_name.present?
+      @enabled = enabled
+      @input_enabled = input_enabled
+      @title = title
+      @descripton = description
+      @button_text = @enabled ? "Switch off" : "Switch on"
+    end
+  end
+end

app/components/form_elements/toggle_component.html.erb

@@ -0,0 +1,15 @@
+<%= button_tag type: "button", name: "toggle", data: @data,
+      role: "switch", aria: { checked: @enabled.to_s },
+      tabindex: @tabindex, disabled: !@input_enabled,
+      class: "#{ @enabled ? 'bg-blue-600' : 'bg-gray-200' }
+              #{ @class_names.present? ? @class_names : '' }
+              relative inline-flex h-6 w-11 flex-shrink-0 cursor-pointer
+              rounded-full border-2 border-transparent transition-colors
+              duration-200 ease-in-out focus:outline-none focus:ring-2
+              focus:ring-blue-600 focus:ring-offset-2" do %>
+  <span class="sr-only"><%= @button_text %></span>
+  <span aria-hidden="true" data-settings--toggle-target="switch"
+        class="<%= @enabled ? 'translate-x-5' : 'translate-x-0' %>
+               pointer-events-none inline-block h-5 w-5 transform rounded-full
+               bg-white shadow ring-0 transition duration-200 ease-in-out"></span>
+<% end %>

app/components/form_elements/toggle_component.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+module FormElements
+  class ToggleComponent < ViewComponent::Base
+    def initialize(enabled:, input_enabled: true, data: nil, class_names: nil, tabindex: nil)
+      @enabled = !!enabled
+      @input_enabled = input_enabled
+      @data = data
+      @class_names = class_names
+      @tabindex = tabindex
+    end
+  end
+end

app/components/header_tab_link_component.html.erb

@@ -0,0 +1,3 @@
+<%= link_to @path, class: @link_class do %>
+  <%= @name %>
+<% end %>

app/components/header_tab_link_component.rb

@@ -0,0 +1,20 @@
+# frozen_string_literal: true
+
+class HeaderTabLinkComponent < ViewComponent::Base
+  def initialize(name:, path:, active: false, disabled: false)
+    @name = name
+    @path = path
+    @active = active
+    @disabled = disabled
+    @link_class = class_names_link(path)
+  end
+
+  def class_names_link(path)
+    common = "block md:inline-block px-5 py-2 rounded-md font-medium text-base md:text-xl"
+    if @active
+      "#{common} bg-gray-900/50 text-white"
+    else
+      "#{common} text-gray-300 hover:bg-gray-900/30 hover:text-white active:bg-gray-900/30 active:text-white"
+    end
+  end
+end

app/components/header_with_tabs_component.html.erb

@@ -0,0 +1,12 @@
+<header class="py-10">
+  <div class="max-w-6xl md:flex md:gap-x-10 mx-auto px-4 sm:px-6 lg:px-8">
+    <% if @title.present? %>
+    <h1 class="text-3xl font-bold text-white">
+      <%= @title %>
+    </h1>
+    <% end %>
+    <nav class="md:grow flex gap-x-4 <%= @title.present? ? "justify-end" : "justify-start" %>" aria-label="Tabs">
+      <%= render partial: @tabnav_partial %>
+    </nav>
+  </div>
+</header>

app/components/header_with_tabs_component.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class HeaderWithTabsComponent < ViewComponent::Base
+  def initialize(title: nil, tabnav_partial:)
+    @title = title
+    @tabnav_partial = tabnav_partial
+  end
+end

app/components/sidenav_link_component.rb

@@ -1,8 +1,9 @@
 # frozen_string_literal: true
 
 class SidenavLinkComponent < ViewComponent::Base
-  def initialize(name:, path:, icon:, active: false, disabled: false)
+  def initialize(name:, level: 1, path:, icon:, active: false, disabled: false)
     @name = name
+    @level = level
     @path = path
     @icon = icon
     @active = active
@@ -12,12 +13,15 @@ class SidenavLinkComponent < ViewComponent::Base
   end
 
   def class_names_link(path)
+    px = @level == 1 ? "px-4" : "pl-8 pr-4"
+    base = "#{px} py-2 group border-l-4 flex items-center text-base font-medium"
+
     if @active
-      "bg-teal-50 border-teal-500 text-teal-700 hover:bg-teal-50 hover:text-teal-700 group border-l-4 px-4 py-2 flex items-center text-base font-medium" 
+      "#{base} bg-teal-50 border-teal-500 text-teal-700 hover:bg-teal-50 hover:text-teal-700"
     elsif @disabled
-      "border-transparent text-gray-400 hover:bg-gray-50 group border-l-4 px-4 py-2 flex items-center text-base font-medium"
+      "#{base} border-transparent text-gray-400 hover:bg-gray-50"
     else
-      "border-transparent text-gray-900 hover:bg-gray-50 hover:text-gray-900 group border-l-4 px-4 py-2 flex items-center text-base font-medium"
+      "#{base} border-transparent text-gray-900 hover:bg-gray-50 hover:text-gray-900"
     end
   end
 

app/controllers/account_controller.rb

@@ -1,5 +1,5 @@
 class AccountController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   def index
     @current_section = :account

app/controllers/admin/base_controller.rb

@@ -1,4 +1,5 @@
 class Admin::BaseController < ApplicationController
+  include Pagy::Backend
 
   before_action :authenticate_user!
   before_action :authorize_admin
@@ -7,5 +8,4 @@ class Admin::BaseController < ApplicationController
   def set_context
     @context = :admin
   end
-
 end

app/controllers/admin/donations_controller.rb

@@ -5,7 +5,8 @@ class Admin::DonationsController < Admin::BaseController
   # GET /donations
   # GET /donations.json
   def index
-    @donations = Donation.all.order('created_at desc')
+    @pagy, @donations = pagy(Donation.all.order('created_at desc'))
+
     @stats = {
       overall_sats: @donations.all.sum("amount_sats"),
       donor_count: Donation.distinct.count(:user_id)
@@ -40,7 +41,7 @@ class Admin::DonationsController < Admin::BaseController
         end
         format.json { render :show, status: :created, location: @donation }
       else
-        format.html { render :new }
+        format.html { render :new, status: :unprocessable_entity }
         format.json { render json: @donation.errors, status: :unprocessable_entity }
       end
     end
@@ -58,7 +59,7 @@ class Admin::DonationsController < Admin::BaseController
         end
         format.json { render :show, status: :ok, location: @donation }
       else
-        format.html { render :edit }
+        format.html { render :edit, status: :unprocessable_entity }
         format.json { render json: @donation.errors, status: :unprocessable_entity }
       end
     end

app/controllers/admin/invitations_controller.rb

@@ -1,7 +1,8 @@
 class Admin::InvitationsController < Admin::BaseController
   def index
     @current_section = :invitations
-    @invitations_used = Invitation.used.order('used_at desc')
+    @pagy, @invitations_used = pagy(Invitation.used.order('used_at desc'))
+
     @stats = {
       available: Invitation.unused.count,
       accepted: @invitations_used.length,

app/controllers/admin/ldap_users_controller.rb

@@ -1,20 +0,0 @@
-class Admin::LdapUsersController < Admin::BaseController
-  before_action :set_current_section
-
-  def index
-    ldap = LdapService.new
-    @ou = params[:ou] || "kosmos.org"
-    @orgs = ldap.fetch_organizations
-    @entries = ldap.fetch_users(ou: @ou)
-    @stats = {
-      users_confirmed: User.where(ou: @ou).confirmed.count,
-      users_pending: User.where(ou: @ou).pending.count
-    }
-  end
-
-  private
-
-  def set_current_section
-    @current_section = :ldap_users
-  end
-end

app/controllers/admin/settings/registrations_controller.rb

@@ -1,38 +1,12 @@
 class Admin::Settings::RegistrationsController < Admin::SettingsController
-
   def index
   end
 
   def create
-    @errors = ActiveModel::Errors.new(Setting.new)
+    update_settings
-
-    setting_params.keys.each do |key|
-      next if setting_params[key].nil?
-
-      setting = Setting.new(var: key)
-      setting.value = setting_params[key].strip
-      unless setting.valid?
-        @errors.merge!(setting.errors)
-      end
-    end
-
-    if @errors.any?
-      render :index
-    end
-
-    setting_params.keys.each do |key|
-      Setting.send("#{key}=", setting_params[key].strip) unless setting_params[key].nil?
-    end
 
     redirect_to admin_settings_registrations_path, flash: {
       success: "Settings saved"
     }
   end
-
-  private
-
-  def setting_params
-    params.require(:setting).permit(:reserved_usernames)
-  end
-
 end

app/controllers/admin/settings/services_controller.rb

@@ -1,9 +1,19 @@
 class Admin::Settings::ServicesController < Admin::SettingsController
-
   def index
+    @service = params[:s]
+
+    if @service.blank?
+      redirect_to admin_settings_services_path(params: { s: "discourse" })
+    end
   end
 
-  def update
+  def create
-  end
+    service = params.require(:service)
 
+    update_settings
+
+    redirect_to admin_settings_services_path(params: { s: service }), flash: {
+      success: "Settings saved"
+    }
+  end
 end

app/controllers/admin/settings_controller.rb

@@ -4,9 +4,37 @@ class Admin::SettingsController < Admin::BaseController
   def index
   end
 
+  def update_settings
+    @errors = ActiveModel::Errors.new(Setting.new)
+    changed_keys = []
+
+    setting_params.keys.each do |key|
+      next if setting_params[key].nil? ||
+              (Setting.send(key).to_s == setting_params[key].strip)
+      changed_keys.push(key)
+      setting = Setting.new(var: key)
+      setting.value = setting_params[key].strip
+      unless setting.valid?
+        @errors.merge!(setting.errors)
+      end
+    end
+
+    if @errors.any?
+      render :index and return
+    end
+
+    changed_keys.each do |key|
+      Setting.send("#{key}=", setting_params[key].strip)
+    end
+  end
+
   private
 
-  def set_current_section
+    def set_current_section
-    @current_section = :settings
+      @current_section = :settings
-  end
+    end
+
+    def setting_params
+      params.require(:setting).permit(Setting.editable_keys.map(&:to_sym))
+    end
 end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,35 @@
+class Admin::UsersController < Admin::BaseController
+  before_action :set_user, only: [:show]
+  before_action :set_current_section
+
+  def index
+    ldap   = LdapService.new
+    @ou    = params[:ou] || "kosmos.org"
+    @orgs  = ldap.fetch_organizations
+    @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
+
+    @stats = {
+      users_confirmed: User.where(ou: @ou).confirmed.count,
+      users_pending: User.where(ou: @ou).pending.count
+    }
+  end
+
+  def show
+    if Setting.lndhub_admin_enabled?
+      @lndhub_user = @user.lndhub_user
+    end
+
+    @services_enabled = @user.services_enabled
+  end
+
+  private
+
+  def set_user
+    address = params[:address].split("@")
+    @user = User.where(cn: address.first, ou: address.last).first
+  end
+
+  def set_current_section
+    @current_section = :users
+  end
+end

app/controllers/application_controller.rb

@@ -3,6 +3,18 @@ class ApplicationController < ActionController::Base
     render :text => exception, :status => 500
   end
 
+  before_action :sentry_set_user
+
+  def sentry_set_user
+    return unless Setting.sentry_enabled
+
+    if user_signed_in?
+      Sentry.set_user(id: current_user.id, username: current_user.cn)
+    else
+      Sentry.set_user({})
+    end
+  end
+
   def require_user_signed_in
     unless user_signed_in?
       redirect_to welcome_path and return

app/controllers/contributions/donations_controller.rb

@@ -1,5 +1,5 @@
 class Contributions::DonationsController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   # GET /donations
   # GET /donations.json

app/controllers/contributions/projects_controller.rb

@@ -1,5 +1,5 @@
 class Contributions::ProjectsController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
 
   # GET /contributions
   def index

app/controllers/dashboard_controller.rb

@@ -2,6 +2,6 @@ class DashboardController < ApplicationController
   before_action :require_user_signed_in
 
   def index
-    @current_section = :dashboard
+    @current_section = :services
   end
 end

app/controllers/discourse/sso_controller.rb

@@ -0,0 +1,17 @@
+class Discourse::SsoController < ApplicationController
+  before_action :authenticate_user!
+
+  def connect
+    secret = Setting.discourse_connect_secret
+    sso = DiscourseApi::SingleSignOn.parse(request.query_string, secret)
+    sso.external_id = current_user.id
+    sso.email = current_user.email
+    sso.username = current_user.cn
+    sso.name = current_user.display_name
+    sso.admin = current_user.is_admin?
+    sso.sso_secret = secret
+
+    redirect_to sso.to_url("#{Setting.discourse_public_url}/session/sso_login"),
+                allow_other_host: true
+  end
+end

app/controllers/invitations_controller.rb

@@ -1,5 +1,5 @@
 class InvitationsController < ApplicationController
-  before_action :require_user_signed_in, except: ["show"]
+  before_action :authenticate_user!, except: ["show"]
   before_action :require_user_signed_out, only: ["show"]
 
   # GET /invitations

app/controllers/lnurlpay_controller.rb

@@ -1,4 +1,5 @@
 class LnurlpayController < ApplicationController
+  before_action :check_feature_enabled
   before_action :find_user_by_address
 
   MIN_SATS = 10
@@ -17,6 +18,20 @@ class LnurlpayController < ApplicationController
     }
   end
 
+  def keysend
+    http_status :not_found and return unless Setting.lndhub_keysend_enabled?
+
+    render json: {
+      status: "OK",
+      tag: "keysend",
+      pubkey: Setting.lndhub_public_key,
+      customData: [{
+        customKey: "696969",
+        customValue: @user.ln_account
+      }]
+    }
+  end
+
   def invoice
     amount = params[:amount].to_i / 1000 # msats
     address = params[:address]
@@ -72,4 +87,9 @@ class LnurlpayController < ApplicationController
     comment.length <= MAX_COMMENT_CHARS
   end
 
+  private
+
+  def check_feature_enabled
+    http_status :not_found unless Setting.lndhub_enabled?
+  end
 end

app/controllers/services/lightning_controller.rb

@@ -1,7 +1,7 @@
 require "rqrcode"
 
-class WalletController < ApplicationController
+class Services::LightningController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
   before_action :authenticate_with_lndhub
   before_action :set_current_section
   before_action :fetch_balance
@@ -37,21 +37,21 @@ class WalletController < ApplicationController
       session[:ln_auth_token] = auth_token
       @ln_auth_token = auth_token
     end
-  rescue
+  rescue => e
-    # TODO add exception tracking
+    Sentry.capture_exception(e) if Setting.sentry_enabled?
   end
 
   def set_current_section
-    @current_section = :wallet
+    @current_section = :services
   end
 
   def fetch_balance
     lndhub = Lndhub.new
     data = lndhub.balance @ln_auth_token
     @balance = data["BTC"]["AvailableBalance"] rescue nil
-  rescue
+  rescue AuthError
     authenticate_with_lndhub(force_reauth: true)
-    return nil if @fetch_balance_retried
+    raise if @fetch_balance_retried
     @fetch_balance_retried = true
     fetch_balance
   end
@@ -61,9 +61,9 @@ class WalletController < ApplicationController
     txs = lndhub.gettxs @ln_auth_token
     invoices = lndhub.getuserinvoices(@ln_auth_token).select{|i| i["ispaid"]}
     process_transactions(txs + invoices)
-  rescue
+  rescue AuthError
     authenticate_with_lndhub(force_reauth: true)
-    return [] if @fetch_transactions_retried
+    raise if @fetch_transactions_retried
     @fetch_transactions_retried = true
     fetch_transactions
   end
@@ -78,6 +78,7 @@ class WalletController < ApplicationController
         tx["received"] = true
       else
         tx["amount_sats"] = tx["value"] || tx["amt"]
+        tx["fee"] = tx["type"] == "paid_invoice" ? tx["fee"] : nil
         tx["datetime"] = Time.at(tx["timestamp"].to_i)
         tx["title"] = tx["type"] == "paid_invoice" ? "Sent" : "Received"
         tx["description"] = tx["memo"] || tx["description"]
@@ -85,6 +86,10 @@ class WalletController < ApplicationController
       end
     end
 
+    # Handle an edge case where lndhub.go includes a failed payment in the
+    # list, which wasn't actually booked
+    txs.reject!{ |tx| tx["type"] == "paid_invoice" && tx["payment_preimage"].blank? }
+
     txs.sort{ |a,b| b["datetime"] <=> a["datetime"] }
   end
 end

app/controllers/services/remotestorage_controller.rb

@@ -0,0 +1,30 @@
+class Services::RemotestorageController < ApplicationController
+  before_action :require_user_signed_in
+  before_action :require_service_enabled
+  before_action :require_feature_enabled
+  before_action :set_current_section
+
+  def dashboard
+    # unless current_user.services_enabled.include?(:remotestorage)
+    #   redirect_to service_remotestorage_info_path
+    # end
+  end
+
+  private
+
+    def require_feature_enabled
+      unless Flipper.enabled?(:remotestorage, current_user)
+        http_status :forbidden
+      end
+    end
+
+    def require_service_enabled
+      unless Setting.remotestorage_enabled?
+        http_status :not_found
+      end
+    end
+
+    def set_current_section
+      @current_section = :services
+    end
+end

app/controllers/settings/account_controller.rb

@@ -1,13 +0,0 @@
-class Settings::AccountController < SettingsController
-
-  def index
-  end
-
-  def reset_password
-    current_user.send_reset_password_instructions
-    sign_out current_user
-    msg = "We have sent you an email with a link to reset your password."
-    redirect_to check_your_email_path, notice: msg
-  end
-
-end

app/controllers/settings/profile_controller.rb

@@ -1,11 +0,0 @@
-class Settings::ProfileController < SettingsController
-
-  def index
-    @user = current_user
-  end
-
-  def update
-
-  end
-
-end

app/controllers/settings_controller.rb

@@ -1,13 +1,85 @@
 class SettingsController < ApplicationController
-  before_action :require_user_signed_in
+  before_action :authenticate_user!
-  before_action :set_current_section
+  before_action :set_main_nav_section
+  before_action :set_settings_section, only: [:show, :update, :update_email]
+  before_action :set_user, only: [:show, :update, :update_email]
 
   def index
+    redirect_to setting_path(:profile)
+  end
+
+  def show
+  end
+
+  def update
+    @user.preferences.merge!(user_params[:preferences] || {})
+    @user.display_name = user_params[:display_name]
+
+    if @user.save
+      if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
+        LdapManager::UpdateDisplayName.call(@user.dn, user_params[:display_name])
+      end
+
+      redirect_to setting_path(@settings_section), flash: {
+        success: 'Settings saved.'
+      }
+    else
+      @validation_errors = @user.errors
+      render :show, status: :unprocessable_entity
+    end
+  end
+
+  def update_email
+    if @user.valid_ldap_authentication?(email_params[:current_password])
+      if @user.update email: email_params[:email]
+        redirect_to setting_path(:account), flash: {
+          notice: 'Please confirm your new address using the confirmation link we just sent you.'
+        }
+      else
+        @validation_errors = @user.errors
+        render :show, status: :unprocessable_entity
+      end
+    else
+      redirect_to setting_path(:account), flash: {
+        error: 'Password did not match your current password. Try again.'
+      }
+    end
+  end
+
+  def reset_password
+    current_user.send_reset_password_instructions
+    sign_out current_user
+    msg = "We have sent you an email with a link to reset your password."
+    redirect_to check_your_email_path, notice: msg
   end
 
   private
 
-  def set_current_section
+    def set_main_nav_section
-    @current_section = :settings
+      @current_section = :settings
-  end
+    end
+
+    def set_settings_section
+      @settings_section = params[:section]
+      allowed_sections = [:profile, :account, :lightning, :xmpp]
+
+      unless allowed_sections.include?(@settings_section.to_sym)
+        redirect_to setting_path(:profile)
+      end
+    end
+
+    def set_user
+      @user = current_user
+    end
+
+    def user_params
+      params.require(:user).permit(:display_name, preferences: [
+        :lightning_notify_sats_received,
+        :xmpp_exchange_contacts_with_invitees
+      ])
+    end
+
+    def email_params
+      params.require(:user).permit(:email, :current_password)
+    end
 end

app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Users::ConfirmationsController < Devise::ConfirmationsController
+  # GET /resource/confirmation?confirmation_token=abcdef
+  def show
+    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      set_flash_message!(:success, :confirmed)
+      resource.devise_after_confirmation
+      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
+    else
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
+    end
+  end
+end

app/controllers/webfinger_controller.rb

@@ -0,0 +1,57 @@
+class WebfingerController < ApplicationController
+  before_action :allow_cross_origin_requests, only: [:show]
+
+  layout false
+
+  def show
+    resource = params[:resource]
+
+    if resource && resource.match(/acct:\w+/)
+      useraddress = resource.split(":").last
+      username, org = useraddress.split("@")
+      username.downcase!
+      unless User.where(cn: username, ou: org).any?
+        head 404 and return
+      end
+
+      render json: webfinger(useraddress).to_json,
+             content_type: "application/jrd+json"
+    else
+      head 422 and return
+    end
+  end
+
+  private
+
+  def webfinger(useraddress)
+    links = [];
+
+    links << remotestorage_link(useraddress) if Setting.remotestorage_enabled
+
+    { "links" => links }
+  end
+
+  def remotestorage_link(useraddress)
+    # TODO use when OAuth routes are available
+    # auth_url = new_rs_oauth_url(useraddress)
+    auth_url = "https://example.com/rs/oauth"
+    storage_url = "#{Setting.rs_storage_url}/#{useraddress}"
+
+    {
+      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      "href" => storage_url,
+      "properties" => {
+        "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
+        "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
+        "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
+        "http://tools.ietf.org/html/rfc7233": "GET", # content range requests
+        "http://remotestorage.io/spec/web-authoring": nil
+      }
+    }
+  end
+
+  def allow_cross_origin_requests
+    headers['Access-Control-Allow-Origin'] = '*'
+    headers['Access-Control-Allow-Methods'] = 'GET, POST, PUT, OPTIONS'
+  end
+end

app/controllers/webhooks_controller.rb

@@ -12,22 +12,28 @@ class WebhooksController < ApplicationController
     end
 
     user = User.find_by!(ln_account: payload[:user_login])
-
+    notify = user.preferences[:lightning_notify_sats_received]
-    # TODO make configurable
+    case notify
-    notify_xmpp(user.address, payload[:amount], payload[:memo])
+    when "xmpp"
+      notify_xmpp(user.address, payload[:amount], payload[:memo])
+    when "email"
+      NotificationMailer.with(user: user, amount_sats: payload[:amount])
+                        .lightning_sats_received.deliver_later
+    end
 
     head :ok
   end
 
   private
 
+  # TODO refactor into mailer-like generic class/service
   def notify_xmpp(address, amt_sats, memo)
     payload = {
       type: "normal",
       from: "kosmos.org", # TODO domain config
       to: address,
       subject: "Sats received!",
-      body: "#{amt_sats} sats received in your Lightning wallet:\n> #{memo}"
+      body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"
     }
     XmppSendMessageJob.perform_later(payload)
   end

app/errors/auth_error.rb

@@ -0,0 +1 @@
+class AuthError < StandardError; end

app/helpers/application_helper.rb

@@ -1,4 +1,6 @@
 module ApplicationHelper
+  include Pagy::Frontend
+
   def sats_to_btc(sats)
     sats.to_f / 100000000
   end
@@ -10,5 +12,10 @@ module ApplicationHelper
       "text-gray-300 hover:bg-gray-900/30 hover:text-white active:bg-gray-900/30 active:text-white px-3 py-2 rounded-md font-medium text-base md:text-sm block md:inline-block"
     end
   end
-end
 
+  # Colors available: gray, red, yellow, green, blue, purple, pink
+  # (Add more colors by adding classes to the safelist in tailwind.config.js)
+  def badge(text, color)
+    tag.span text, class: "inline-flex items-center rounded-full bg-#{color}-100 px-2.5 py-0.5 text-xs font-medium text-#{color}-800"
+  end
+end

app/helpers/ldap_users_helper.rb

@@ -1,2 +0,0 @@
-module LdapUsersHelper
-end

app/helpers/users_helper.rb

@@ -0,0 +1,2 @@
+module UsersHelper
+end

app/javascript/controllers/notification_controller.js

@@ -4,6 +4,10 @@ export default class extends Controller {
   static targets = ["buttons", "countdown"]
 
   connect() {
+    // Devise timeoutable ends up adding a second flash message without content
+    // TODO investigate bug
+    if (this.element.textContent.trim() == "true") return;
+
     const timeoutSeconds = parseInt(this.data.get("timeout"));
 
     setTimeout(() => {

app/javascript/controllers/settings/account/email_controller.js

@@ -0,0 +1,27 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [ "emailField", "editEmailButton" ]
+  static values = { validationFailed: Boolean }
+
+  connect () {
+    if (this.validationFailedValue) return;
+
+    this.emailFieldTarget.disabled = true;
+    this.element.querySelectorAll(".initial-hidden").forEach(el => {
+      el.classList.add("hidden");
+    })
+    this.element.querySelectorAll(".initial-visible").forEach(el => {
+      el.classList.remove("hidden");
+    })
+  }
+
+  editEmail () {
+    this.emailFieldTarget.disabled = false;
+    this.emailFieldTarget.select();
+    this.editEmailButtonTarget.classList.add("hidden");
+    this.element.querySelectorAll(".initial-hidden").forEach(el => {
+      el.classList.remove("hidden");
+    })
+  }
+}

app/javascript/controllers/settings/toggle_controller.js

@@ -0,0 +1,30 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = [ "button", "switch", "checkbox" ]
+  static values = { switchEnabled: Boolean }
+
+  connect () {
+    this.buttonTarget.classList.remove("hidden")
+    this.checkboxTarget.classList.add("hidden")
+  }
+
+  toggleSwitch () {
+    this.switchEnabledValue = !this.switchEnabledValue
+    this.checkboxTarget.checked = this.switchEnabledValue
+
+    if (this.switchEnabledValue) {
+      this.buttonTarget.setAttribute("aria-checked", "true");
+      this.buttonTarget.classList.remove("bg-gray-200")
+      this.buttonTarget.classList.add("bg-blue-600")
+      this.switchTarget.classList.remove("translate-x-0")
+      this.switchTarget.classList.add("translate-x-5")
+    } else {
+      this.buttonTarget.setAttribute("aria-checked", "false");
+      this.buttonTarget.classList.remove("bg-blue-600")
+      this.buttonTarget.classList.add("bg-gray-200")
+      this.switchTarget.classList.remove("translate-x-5")
+      this.switchTarget.classList.add("translate-x-0")
+    }
+  }
+}

app/jobs/xmpp_exchange_contacts_job.rb

@@ -1,18 +1,22 @@
 class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
-  def perform(inviter, username, domain)
+  def perform(inviter, invitee)
+    return unless inviter.services_enabled.include?("xmpp") &&
+                  invitee.services_enabled.include?("xmpp") &&
+                  inviter.preferences[:xmpp_exchange_contacts_with_invitees]
+
     ejabberd = EjabberdApiClient.new
 
     ejabberd.add_rosteritem({
-      "localuser": username, "localhost": domain,
+      "localuser": invitee.cn, "localhost": invitee.ou,
       "user": inviter.cn, "host": inviter.ou,
-      "nick": inviter.cn, "group": "Friends", "subs": "both"
+      "nick": inviter.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
     })
     ejabberd.add_rosteritem({
       "localuser": inviter.cn, "localhost": inviter.ou,
-      "user": username, "host": domain,
+      "user": invitee.cn, "host": invitee.ou,
-      "nick": username, "group": "Friends", "subs": "both"
+      "nick": invitee.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
     })
   end
 end

app/jobs/xmpp_set_default_bookmarks_job.rb

@@ -0,0 +1,26 @@
+class XmppSetDefaultBookmarksJob < ApplicationJob
+  queue_as :default
+
+  def perform(user)
+    return unless Setting.xmpp_default_rooms.any?
+    @user = user
+    ejabberd = EjabberdApiClient.new
+    ejabberd.private_set user, storage_content
+  end
+
+  def storage_content
+    bookmarks = ""
+    Setting.xmpp_default_rooms.each do |r|
+      bookmarks << conference_element(
+        jid: r[/<(.+)>/, 1], name: r[/^(.+)\s/, 1], nick: @user.cn,
+        autojoin: Setting.xmpp_autojoin_default_rooms
+      )
+    end
+
+    "<storage xmlns='storage:bookmarks'>#{bookmarks}</storage>"
+  end
+
+  def conference_element(jid:, name:, autojoin: false, nick:)
+    "<conference jid='#{jid}' name='#{name}' autojoin='#{autojoin.to_s}'><nick>#{nick}</nick></conference>"
+  end
+end

app/mailers/application_mailer.rb

@@ -1,4 +1,3 @@
 class ApplicationMailer < ActionMailer::Base
-  default from: 'from@example.com'
   layout 'mailer'
 end

app/mailers/custom_mailer.rb

@@ -0,0 +1,23 @@
+# A custom mailer that can be used from the Rails console for one-off emails
+# today, and later connected from an admin panel mailing page.
+#
+# Assign any template variables you want to use:
+#
+#     user = User.first
+#
+# Create the email body from a custom email template file:
+#
+#     body = ERB.new(File.read('./tmp/mailer-1.txt.erb')).result binding
+#
+# Send email via Sidekiq:
+#
+#     CustomMailer.with(user: user, subject: "Important announcement", body: body).custom_message.deliver_later
+#
+class CustomMailer < ApplicationMailer
+  def custom_message
+    @user = params[:user]
+    @subject = params[:subject]
+    @body = params[:body]
+    mail(to: @user.email, subject: @subject)
+  end
+end

app/mailers/devise/mailer.rb

@@ -0,0 +1,34 @@
+# frozen_string_literal: true
+
+if defined?(ActionMailer)
+  class Devise::Mailer < Devise.parent_mailer.constantize
+    include Devise::Mailers::Helpers
+
+    def confirmation_instructions(record, token, opts = {})
+      @token = token
+      if record.pending_reconfirmation?
+        devise_mail(record, :reconfirmation_instructions, opts)
+      else
+        devise_mail(record, :confirmation_instructions, opts)
+      end
+    end
+
+    def reset_password_instructions(record, token, opts = {})
+      @token = token
+      devise_mail(record, :reset_password_instructions, opts)
+    end
+
+    def unlock_instructions(record, token, opts = {})
+      @token = token
+      devise_mail(record, :unlock_instructions, opts)
+    end
+
+    def email_changed(record, opts = {})
+      devise_mail(record, :email_changed, opts)
+    end
+
+    def password_change(record, opts = {})
+      devise_mail(record, :password_change, opts)
+    end
+  end
+end

app/mailers/notification_mailer.rb

@@ -0,0 +1,8 @@
+class NotificationMailer < ApplicationMailer
+  def lightning_sats_received
+    @user = params[:user]
+    @amount_sats = params[:amount_sats]
+    @subject = "Sats received"
+    mail to: @user.email, subject: @subject
+  end
+end

app/models/donation.rb

@@ -3,7 +3,9 @@ class Donation < ApplicationRecord
   belongs_to :user
 
   # Validations
+  validates_presence_of :user
   validates_presence_of :amount_sats
+  validates_presence_of :paid_at
 
   # Hooks
   # TODO before_create :store_fiat_value

app/models/invitation.rb

@@ -1,6 +1,7 @@
 class Invitation < ApplicationRecord
   # Relations
   belongs_to :user
+  belongs_to :invitee, class_name: "User", foreign_key: 'invited_user_id', optional: true
 
   # Validations
   validates_presence_of :user

app/models/lndhub_user.rb

@@ -10,6 +10,18 @@ class LndhubUser < LndhubBase
                     foreign_key: "login"
 
   def balance
-    accounts.current.first.ledgers.sum("account_ledgers.amount")
+    accounts.current.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+
+  def sum_outgoing
+    accounts.outgoing.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+
+  def sum_incoming
+    accounts.incoming.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+
+  def sum_fees
+    accounts.fees.first.ledgers.sum("account_ledgers.amount").to_i.abs
   end
 end

app/models/setting.rb

@@ -2,10 +2,129 @@
 class Setting < RailsSettings::Base
   cache_prefix { "v1" }
 
+  field :accounts_domain, type: :string,
+    default: ENV["AKKOUNTS_DOMAIN"].presence
+
+  #
+  # Internal services
+  #
+
+  field :redis_url, type: :string, readonly: true,
+    default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
+
+  #
+  # Registrations
+  #
+
   field :reserved_usernames, type: :array, default: %w[
-    account accounts admin donations mail webmaster support
+    account accounts donations mail webmaster support
   ]
 
-  field :lndhub_enabled, default: (ENV["LNDHUB_API_URL"].present?.to_s || "false"), type: :boolean
+  #
-  field :lndhub_admin_enabled, default: (ENV["LNDHUB_ADMIN_UI"] || "false"), type: :boolean
+  # XMPP
+  #
+
+  field :xmpp_default_rooms, type: :array, default: []
+  field :xmpp_autojoin_default_rooms, type: :boolean, default: false
+
+  #
+  # Sentry
+  #
+
+  field :sentry_enabled, type: :boolean, readonly: true,
+    default: (ENV["SENTRY_DSN"].present?.to_s || false)
+
+  #
+  # Discourse
+  #
+
+  field :discourse_public_url, type: :string, readonly: true,
+    default: ENV["DISCOURSE_PUBLIC_URL"].presence
+
+  field :discourse_enabled, type: :boolean,
+    default: (ENV["DISCOURSE_PUBLIC_URL"].present?.to_s || false)
+
+  field :discourse_connect_secret, type: :string, readonly: true,
+    default: ENV["DISCOURSE_CONNECT_SECRET"].presence
+
+  #
+  # ejabberd
+  #
+
+  field :ejabberd_enabled, type: :boolean,
+    default: (ENV["EJABBERD_API_URL"].present?.to_s || false)
+
+  field :ejabberd_api_url, type: :string, readonly: true,
+    default: ENV["EJABBERD_API_URL"].presence
+
+  field :ejabberd_admin_url, type: :string, readonly: true,
+    default: ENV["EJABBERD_ADMIN_URL"].presence
+
+  field :ejabberd_buddy_roster, type: :string,
+    default: "Buddies"
+
+  #
+  # Gitea
+  #
+
+  field :gitea_public_url, type: :string, readonly: true,
+    default: ENV["GITEA_PUBLIC_URL"].presence
+
+  field :gitea_enabled, type: :boolean,
+    default: (ENV["GITEA_PUBLIC_URL"].present?.to_s || false)
+
+  #
+  # Lightning Network
+  #
+
+  field :lndhub_api_url, type: :string, readonly: true,
+    default: ENV["LNDHUB_API_URL"].presence
+
+  field :lndhub_enabled, type: :boolean,
+    default: (ENV["LNDHUB_API_URL"].present?.to_s || false)
+
+  field :lndhub_admin_enabled, type: :boolean,
+    default: (ENV["LNDHUB_ADMIN_UI"] || false)
+
+  field :lndhub_public_key, type: :string, readonly: true,
+    default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
+
+  field :lndhub_keysend_enabled, type: :boolean,
+    default: -> { self.lndhub_public_key.present?.to_s || false }
+
+  #
+  # Mastodon
+  #
+
+  field :mastodon_public_url, type: :string, readonly: true,
+    default: ENV["MASTODON_PUBLIC_URL"].presence
+
+  field :mastodon_enabled, type: :boolean,
+    default: (ENV["MASTODON_PUBLIC_URL"].present?.to_s || false)
+
+  #
+  # MediaWiki
+  #
+
+  field :mediawiki_public_url, type: :string, readonly: true,
+    default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
+
+  field :mediawiki_enabled, type: :boolean,
+    default: (ENV["MEDIAWIKI_PUBLIC_URL"].present?.to_s || false)
+
+  #
+  # Nostr
+  #
+
+  field :nostr_enabled, type: :boolean, default: true
+
+  #
+  # RemoteStorage
+  #
+
+  field :remotestorage_enabled, type: :boolean,
+    default: (ENV["RS_STORAGE_URL"].present?.to_s || false)
+
+  field :rs_storage_url, type: :string,
+    default: ENV["RS_STORAGE_URL"].presence
 end

app/models/user.rb

@@ -1,8 +1,16 @@
 class User < ApplicationRecord
   include EmailValidatable
 
+  attr_accessor :display_name
+
+  serialize :preferences, UserPreferences
+
   # Relations
   has_many :invitations, dependent: :destroy
+  has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
+  has_one  :inviter, through: :invitation, source: :user
+  has_many :invitees, through: :invitations
+
   has_many :donations, dependent: :nullify
 
   has_one  :lndhub_user, class_name: "LndhubUser", inverse_of: "user",
@@ -11,19 +19,23 @@ class User < ApplicationRecord
   has_many :accounts, through: :lndhub_user
 
   validates_uniqueness_of :cn
-  validates_length_of :cn, :minimum => 3
+  validates_length_of :cn, minimum: 3
   validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,
                            if: Proc.new{ |u| u.cn.present? },
                            message: "is invalid. Please use only letters, numbers and -"
   validates_format_of :cn, without: /\A-/,
                            if: Proc.new{ |u| u.cn.present? },
                            message: "is invalid. Usernames need to start with a letter."
+  # FIXME This needs a server restart to apply values
   validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i,
                            message: "has already been taken"
 
   validates_uniqueness_of :email
   validates :email, email: true
 
+  validates_length_of :display_name, minimum: 3, maximum: 35, allow_blank: true,
+                                     if: -> { defined?(@display_name) }
+
   scope :confirmed, -> { where.not(confirmed_at: nil) }
   scope :pending,   -> { where(confirmed_at: nil) }
 
@@ -34,13 +46,15 @@ class User < ApplicationRecord
   devise :ldap_authenticatable,
          :confirmable,
          :recoverable,
-         :validatable
+         :validatable,
+         :timeoutable,
+         :rememberable
 
   def ldap_before_save
     self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first
-
+    self.ou    = dn.split(',')
-    dn = Devise::LDAP::Adapter.get_ldap_param(self.cn, "dn")
+                   .select{|e| e[0..1] == "ou"}.first
-    self.ou = dn.split(',').select{|e| e[0..1] == "ou"}.first.delete_prefix("ou=")
+                   .delete_prefix("ou=")
 
     if self.confirmed_at.blank? && self.confirmation_token.blank?
       # User had an account with a trusted email address before akkounts was a thing
@@ -48,6 +62,26 @@ class User < ApplicationRecord
     end
   end
 
+  def devise_after_confirmation
+    if ldap_entry[:mail] != self.email
+      # E-Mail update confirmed
+      LdapManager::UpdateEmail.call(self.dn, self.email)
+    else
+      # E-Mail from signup confirmed (i.e. account activation)
+      enable_service %w[ discourse gitea mediawiki xmpp ]
+
+      #TODO enable in development when we have easy setup of ejabberd etc.
+      return if Rails.env.development? || !Setting.ejabberd_enabled?
+
+      XmppExchangeContactsJob.perform_later(inviter, self) if inviter.present?
+      XmppSetDefaultBookmarksJob.perform_later(self)
+    end
+  end
+
+  def send_devise_notification(notification, *args)
+    devise_mailer.send(notification, self, *args).deliver_later
+  end
+
   def reset_password(new_password, new_password_confirmation)
     self.password = new_password
     self.password_confirmation = new_password_confirmation
@@ -80,4 +114,47 @@ class User < ApplicationRecord
     lndhub.authenticate self
     lndhub.addinvoice payload
   end
+
+  def dn
+    return @dn if defined?(@dn)
+    @dn = Devise::LDAP::Adapter.get_dn(self.cn)
+  end
+
+  def ldap_entry(reload: false)
+    return @ldap_entry if defined?(@ldap_entry) && !reload
+    @ldap_entry = ldap.fetch_users(uid: self.cn, ou: self.ou).first
+  end
+
+  def display_name
+    @display_name ||= ldap_entry[:display_name]
+  end
+
+  def services_enabled
+    ldap_entry[:service] || []
+  end
+
+  def enable_service(service)
+    current_services = services_enabled
+    new_services = Array(service).map(&:to_s)
+    services = (current_services + new_services).uniq
+    ldap.replace_attribute(dn, :service, services)
+  end
+
+  def disable_service(service)
+    current_services = services_enabled
+    disabled_services = Array(service).map(&:to_s)
+    services = (current_services - disabled_services).uniq
+    ldap.replace_attribute(dn, :service, services)
+  end
+
+  def disable_all_services
+    ldap.delete_attribute(dn,:service)
+  end
+
+  private
+
+    def ldap
+      return @ldap_service if defined?(@ldap_service)
+      @ldap_service = LdapService.new
+    end
 end

app/models/user_preferences.rb

@@ -0,0 +1,29 @@
+DEFAULT_PREFS = YAML.load_file("#{Rails.root}/config/default_preferences.yml")
+
+class UserPreferences
+  def self.dump(value)
+    process(value).to_yaml
+  end
+
+  def self.load(string)
+    stored_prefs = YAML.load(string || "{}")
+    DEFAULT_PREFS.merge(stored_prefs).with_indifferent_access
+  end
+
+  def self.is_integer?(value)
+    value.to_i.to_s == value
+  end
+
+  def self.process(hash)
+    hash.each do |key, value|
+      if value == "true"
+        hash[key] = true
+      elsif value == "false"
+        hash[key] = false
+      elsif value.is_a?(String) && is_integer?(value)
+        hash[key] = value.to_i
+      end
+    end
+    hash.stringify_keys!.to_h
+  end
+end

app/services/create_account.rb

@@ -11,11 +11,10 @@ class CreateAccount < ApplicationService
   def call
     user = create_user_in_database
     add_ldap_document
-    create_lndhub_account(user)
+    create_lndhub_account(user) if Setting.lndhub_enabled
 
     if @invitation.present?
       update_invitation(user.id)
-      exchange_xmpp_contacts
     end
   end
 
@@ -43,12 +42,6 @@ class CreateAccount < ApplicationService
     CreateLdapUserJob.perform_later(@username, @domain, @email, hashed_pw)
   end
 
-  def exchange_xmpp_contacts
-    #TODO enable in development when we have easy setup of ejabberd etc.
-    return if Rails.env.development?
-    XmppExchangeContactsJob.perform_later(@invitation.user, @username, @domain)
-  end
-
   def create_lndhub_account(user)
     #TODO enable in development when we have a local lndhub (mock?) API
     return if Rails.env.development?

app/services/ejabberd_api_client.rb

@@ -1,6 +1,6 @@
 class EjabberdApiClient
   def initialize
-    @base_url = ENV["EJABBERD_API_URL"]
+    @base_url = Setting.ejabberd_api_url
   end
 
   def post(endpoint, payload)
@@ -10,7 +10,7 @@ class EjabberdApiClient
     if res.status != 200
       Rails.logger.error "[ejabberd] API request failed:"
       Rails.logger.error res.body
-      #TODO add some kind of exception tracking/notifications
+      #TODO Send custom event to Sentry
     end
   end
 
@@ -21,4 +21,9 @@ class EjabberdApiClient
   def send_message(payload)
     post "send_message", payload
   end
+
+  def private_set(user, content)
+    payload = { user: user.cn, host: user.ou, element: content }
+    post "private_set", payload
+  end
 end

app/services/ldap_manager/update_display_name.rb

@@ -0,0 +1,12 @@
+module LdapManager
+  class UpdateDisplayName < LdapManagerService
+    def initialize(dn, display_name)
+      @dn = dn
+      @display_name = display_name
+    end
+
+    def call
+      replace_attribute @dn, :displayName, @display_name
+    end
+  end
+end

app/services/ldap_manager/update_email.rb

@@ -0,0 +1,12 @@
+module LdapManager
+  class UpdateEmail < LdapManagerService
+    def initialize(dn, address)
+      @dn = dn
+      @address = address
+    end
+
+    def call
+      replace_attribute @dn, :mail, @address
+    end
+  end
+end

app/services/ldap_manager_service.rb

@@ -0,0 +1,2 @@
+class LdapManagerService < LdapService
+end

app/services/ldap_service.rb

@@ -3,6 +3,18 @@ class LdapService < ApplicationService
     @suffix = ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
   end
 
+  def add_attribute(dn, attr, values)
+    ldap_client.add_attribute dn, attr, values
+  end
+
+  def replace_attribute(dn, attr, values)
+    ldap_client.replace_attribute dn, attr, values
+  end
+
+  def delete_attribute(dn, attr)
+    ldap_client.delete_attribute dn, attr
+  end
+
   def add_entry(dn, attrs, interactive=false)
     puts "Adding entry: #{dn}" if interactive
     res = ldap_client.add dn: dn, attributes: attrs
@@ -10,10 +22,6 @@ class LdapService < ApplicationService
     res
   end
 
-  def add_attribute(dn, attr, value)
-    ldap_client.add_attribute dn, attr, value
-  end
-
   def delete_entry(dn, interactive=false)
     puts "Deleting entry: #{dn}" if interactive
     res = ldap_client.delete dn: dn
@@ -42,18 +50,18 @@ class LdapService < ApplicationService
       treebase = ldap_config["base"]
     end
 
-    attributes = %w{dn cn uid mail admin}
+    attributes = %w{dn cn uid mail displayName admin service}
-    filter     = Net::LDAP::Filter.eq("uid", "*")
+    filter     = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
 
     entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
     entries.sort_by! { |e| e.cn[0] }
-
     entries = entries.collect do |e|
       {
         uid: e.uid.first,
         mail: e.try(:mail) ? e.mail.first : nil,
-        admin: e.try(:admin) ? 'admin' : nil
+        display_name: e.try(:displayName) ? e.displayName.first : nil,
-        # password: e.userpassword.first
+        admin: e.try(:admin) ? 'admin' : nil,
+        service: e.try(:service)
       }
     end
   end
@@ -131,5 +139,4 @@ class LdapService < ApplicationService
   def ldap_config
     ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
   end
-
 end

app/services/lndhub.rb

@@ -12,12 +12,7 @@ class Lndhub
     end
 
     res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
-
+    log_error(res) if res.status != 200
-    if res.status != 200
-      Rails.logger.error "[lndhub] API request failed:"
-      Rails.logger.error res.body
-      #TODO add some kind of exception tracking/notifications
-    end
 
     JSON.parse(res.body)
   end
@@ -31,7 +26,7 @@ class Lndhub
     data = JSON.parse(res.body)
 
     if data.is_a?(Hash) && data["error"] && data["message"] == "bad auth"
-      raise "BAD_AUTH"
+      raise AuthError
     else
       data
     end
@@ -68,4 +63,13 @@ class Lndhub
 
     invoice["payment_request"]
   end
+
+  def log_error(res)
+    Rails.logger.error "[lndhub] API request failed:"
+    Rails.logger.error res.body
+
+    if Setting.sentry_enabled?
+      Sentry.capture_message("Lndhub API request failed: #{res.body}")
+    end
+  end
 end

app/services/lndhub_v2.rb

@@ -1,9 +1,4 @@
-class LndhubV2
+class LndhubV2 < Lndhub
-  attr_accessor :auth_token
-
-  def initialize
-    @base_url = ENV["LNDHUB_API_URL"]
-  end
 
   def post(endpoint, payload, options={})
     headers = { "Content-Type" => "application/json" }
@@ -12,64 +7,12 @@ class LndhubV2
     elsif options[:admin_token]
       headers.merge!({ "Authorization" => "Bearer #{options[:admin_token]}" })
     end
-
     res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
-
+    log_error(res) if res.status != 200
-    if res.status != 200
-      Rails.logger.error "[lndhub] API request failed:"
-      Rails.logger.error res.body
-      #TODO add some kind of exception tracking/notifications
-    end
 
     JSON.parse(res.body)
   end
 
-  def get(endpoint, auth_token)
-    res = Faraday.get("#{@base_url}/#{endpoint}", {}, {
-      "Content-Type" => "application/json",
-      "Accept" => "application/json",
-      "Authorization" => "Bearer #{auth_token}"
-    })
-
-    JSON.parse(res.body)
-  end
-
-  def create(payload)
-    post "create", payload
-  end
-
-  def authenticate(user)
-    credentials = post "auth?type=auth", { login: user.ln_account, password: user.ln_password }
-    self.auth_token = credentials["access_token"]
-    self.auth_token
-  end
-
-  def balance(user_token=nil)
-    get "balance", user_token || auth_token
-  end
-
-  def gettxs(user_token)
-    get "gettxs", user_token || auth_token
-  end
-
-  def getuserinvoices(user_token)
-    get "getuserinvoices", user_token || auth_token
-  end
-
-  def addinvoice(payload)
-    invoice = post "addinvoice", {
-      amt: payload[:amount],
-      memo: payload[:memo],
-      description_hash: payload[:description_hash]
-    }
-
-    invoice["payment_request"]
-  end
-
-  #
-  # V2
-  #
-
   def create_account(payload={})
     post "v2/users", payload, admin_token: Rails.application.credentials.lndhub[:admin_token]
   end
@@ -78,4 +21,5 @@ class LndhubV2
     # Payload: { amount: 1000, description: "", description_hash: "" }
     post "v2/invoices", payload
   end
+
 end

app/views/admin/donations/_form.html.erb

@@ -1,58 +1,41 @@
 <%= form_with(url: url, model: donation, local: true) do |form| %>
   <% if donation.errors.any? %>
-    <div id="error_explanation">
+    <section id="error_explanation">
       <h3><%= pluralize(donation.errors.count, "error") %> prohibited this donation from being saved:</h3>
-      <ul>
+      <ul class="list-disc list-inside">
         <% donation.errors.full_messages.each do |message| %>
           <li><%= message %></li>
         <% end %>
       </ul>
-    </div>
+    </section>
   <% end %>
 
-  <div class="field">
+  <section class="sm:w-1/2 grid grid-cols-2 items-center gap-y-2">
-    <p>
+    <%= form.label :user_id %>
-      <%= form.label :user_id %>
+    <%= form.collection_select :user_id, User.where(ou: "kosmos.org").order(:cn), :id, :cn, {} %>
-      <%= form.collection_select :user_id, User.where(ou: "kosmos.org").order(:cn), :id, :cn %>
-    </p>
-  </div>
 
-  <div class="field">
+    <%= form.label :amount_sats, "Amount BTC (sats)" %>
-    <p>
+    <%= form.number_field :amount_sats %>
-      <%= form.label :amount_sats, "Amount BTC (sats)" %>
-      <%= form.number_field :amount_sats %>
-    </p>
-  </div>
 
-  <div class="field">
+    <%= form.label :amount_eur, "Amount EUR (cents)" %>
-    <p>
+    <%= form.number_field :amount_eur %>
-      <%= form.label :amount_eur, "Amount EUR (cents)" %>
-      <%= form.number_field :amount_eur %>
-    </p>
-  </div>
 
-  <div class="field">
+    <%= form.label :amount_usd, "Amount USD (cents)"%>
-    <p>
+    <%= form.number_field :amount_usd %>
-      <%= form.label :amount_usd, "Amount USD (cents)"%>
-      <%= form.number_field :amount_usd %>
-    </p>
-  </div>
 
-  <div class="field">
+    <%= form.label :public_name %>
-    <p>
+    <%= form.text_field :public_name %>
-      <%= form.label :public_name %>
-      <%= form.text_field :public_name %>
-    </p>
-  </div>
 
-  <div class="field">
+    <%= form.label :paid_at %>
-    <p>
+    <%= form.text_field :paid_at %>
-      <%= form.label :paid_at %>
+  </section>
-      <%= form.text_field :paid_at %>
-    </p>
-  </div>
 
-  <p class="mt-8">
+  <section>
-    <%= form.submit class: 'btn-md btn-blue' %>
+    <p class="pt-6 border-t border-gray-200 text-right">
-  </p>
+      <%= link_to 'Cancel',
+            @donation.id.present? ? admin_donation_path(@donation) : admin_donations_path,
+            class: 'btn-md btn-gray' %>
+      <%= form.submit class: 'ml-2 btn-md btn-blue' %>
+    </p>
+  </section>
 <% end %>

app/views/admin/donations/edit.html.erb

@@ -1,12 +1,5 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Donation ##{@donation.id}") %>
 
 <%= render MainSimpleComponent.new do %>
-  <h2>Editing Donation</h2>
-
   <%= render 'form', donation: @donation, url: admin_donation_path(@donation) %>
-
-  <p class="mt-8">
-    <%= link_to 'Show', admin_donation_path(@donation), class: 'ks-text-link' %> |
-    <%= link_to 'Back', admin_donations_path, class: 'ks-text-link' %>
-  <p>
 <% end %>

app/views/admin/donations/index.html.erb

@@ -21,7 +21,7 @@
   <section>
   <% if @donations.any? %>
     <h3>Recent Donations</h3>
-    <table>
+    <table class="divided mb-8">
       <thead>
         <tr>
           <th>User</th>
@@ -33,11 +33,10 @@
           <th></th>
         </tr>
       </thead>
-
       <tbody>
         <% @donations.each do |donation| %>
           <tr>
-            <td><%= donation.user.address %></td>
+            <td><%= link_to donation.user.address, admin_user_path(donation.user.address), class: 'ks-text-link' %></td>
             <td class="text-right"><%= sats_to_btc donation.amount_sats %></td>
             <td class="text-right"><% if donation.amount_eur.present? %><%= number_to_currency donation.amount_eur / 100, unit: "" %><% end %></td>
             <td class="text-right"><% if donation.amount_usd.present? %><%= number_to_currency donation.amount_usd / 100, unit: "" %><% end %></td>
@@ -53,6 +52,7 @@
         <% end %>
       </tbody>
     </table>
+    <%== pagy_nav @pagy %>
   <% else %>
     <p>
       No donations yet.

app/views/admin/donations/new.html.erb

@@ -1,11 +1,5 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Add Donation") %>
 
 <%= render MainSimpleComponent.new do %>
-  <h2>New Donation</h2>
-
   <%= render 'form', donation: @donation, url: admin_donations_path %>
-
-  <p class="mt-8">
-    <%= link_to 'Back', admin_donations_path, class: 'ks-text-link' %>
-  </p>
 <% end %>

app/views/admin/donations/show.html.erb

@@ -1,38 +1,41 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Donation ##{@donation.id}") %>
 
 <%= render MainSimpleComponent.new do %>
-  <p>
+  <section>
-    <strong>User:</strong>
+    <table class="w-1/2 divided">
-    <%= @donation.user.address %>
+      <tbody>
-  </p>
+        <tr>
+          <th>User</th>
+          <td><%= link_to @donation.user.address, admin_user_path(@donation.user.address), class: 'ks-text-link' %></td>
+        </tr>
+        <tr>
+          <th>Amount sats</th>
+          <td><%= @donation.amount_sats %></td>
+        </tr>
+        <tr>
+          <th>Amount EUR</th>
+          <td><%= @donation.amount_eur %></td>
+        </tr>
+        <tr>
+          <th>Amount USD</th>
+          <td><%= @donation.amount_usd %></td>
+        </tr>
+        <tr>
+          <th>Public name</th>
+          <td><%= @donation.public_name %></td>
+        </tr>
+        <tr>
+          <th>Date</th>
+          <td><%= @donation.paid_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
+        </tr>
+      </tbody>
+    </table>
+  </section>
 
-  <p>
+  <section>
-    <strong>Amount sats:</strong>
+    <p class="pt-6 border-t border-gray-200 text-right">
-    <%= @donation.amount_sats %>
+      <%= link_to 'Back', admin_donations_path, class: 'btn-md btn-gray' %>
-  </p>
+      <%= link_to 'Edit', edit_admin_donation_path(@donation), class: 'ml-2 btn-md btn-blue mr-1' %>
-
+    </p>
-  <p>
+  </section>
-    <strong>Amount eur:</strong>
-    <%= @donation.amount_eur %>
-  </p>
-
-  <p>
-    <strong>Amount usd:</strong>
-    <%= @donation.amount_usd %>
-  </p>
-
-  <p>
-    <strong>Public name:</strong>
-    <%= @donation.public_name %>
-  </p>
-
-  <p>
-    <strong>Date:</strong>
-    <%= @donation.paid_at %>
-  </p>
-
-  <p class="mt-8">
-    <%= link_to 'Edit', edit_admin_donation_path(@donation), class: 'ks-text-link' %> |
-    <%= link_to 'Back', admin_donations_path, class: 'ks-text-link' %>
-  </p>
 <% end %>

app/views/admin/invitations/index.html.erb

@@ -24,7 +24,7 @@
   <% if @invitations_used.any? %>
     <section>
       <h3>Recently Accepted</h3>
-      <table>
+      <table class="divided mb-8">
         <thead>
           <tr>
             <th>Token</th>
@@ -38,12 +38,13 @@
             <tr>
               <td class="overflow-ellipsis font-mono"><%= invitation.token %></td>
               <td><%= invitation.used_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
-              <td><%= invitation.user.address %></td>
+              <td><%= link_to invitation.user.address, admin_user_path(invitation.user.address), class: "ks-text-link" %></td>
-              <td><%= User.find(invitation.invited_user_id).address %></td>
+              <td><%= link_to invitation.invitee.address, admin_user_path(invitation.invitee.address), class: "ks-text-link" %></td>
             </tr>
           <% end %>
         </tbody>
       </table>
+      <%== pagy_nav @pagy %>
     </section>
   <% end %>
 <% end %>

app/views/admin/lightning/index.html.erb

@@ -20,7 +20,7 @@
 
   <section>
     <h3>Accounts</h3>
-    <table>
+    <table class="divided">
       <thead>
         <tr>
           <th>LN Account</th>
@@ -36,7 +36,7 @@
             </td>
             <td>
               <% if user = @users.find{ |u| u[2] == account.login } %>
-                <%= "#{user[0]}@#{user[1]}" %>
+                <%= link_to "#{user[0]}@#{user[1]}", admin_user_path("#{user[0]}@#{user[1]}"), class: "ks-text-link" %>
               <% end %>
             </td>
             <td><%= number_with_delimiter account.balance.to_i.to_s %></td>

app/views/admin/settings/_errors.html.erb

@@ -0,0 +1,7 @@
+<section>
+  <ul>
+    <% errors.full_messages.each do |msg| %>
+      <li><%= msg %></li>
+    <% end %>
+  </ul>
+</section>

app/views/admin/settings/registrations/index.html.erb

@@ -4,14 +4,9 @@
   <%= form_for(Setting.new, url: admin_settings_registrations_path) do |f| %>
     <section>
       <h3>Registrations</h3>
+
       <% if @errors && @errors.any? %>
-        <div>
+        <%= render partial: "admin/settings/errors", locals: { errors: @errors } %>
-          <ul>
-            <% @errors.full_messages.each do |msg| %>
-              <li><%= msg %></li>
-            <% end %>
-          </ul>
-        </div>
       <% end %>
 
       <label class="block">
@@ -22,14 +17,14 @@
         <%= f.text_area :reserved_usernames,
           value: Setting.reserved_usernames.join("\n"),
           class: "h-44 mb-2" %>
-        <p class="mb-0 text-sm text-gray-500">
+        <p class="text-sm text-gray-500">
           One username per line
         </p>
       </label>
     </section>
 
     <section>
-      <p class="mb-0 pt-6 border-t border-gray-200">
+      <p class="pt-6 border-t border-gray-200 text-right">
         <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>
       </p>
     </section>

app/views/admin/settings/services/_discourse.html.erb

@@ -0,0 +1,52 @@
+<h3>Discourse</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :discourse_enabled,
+    enabled: Setting.discourse_enabled?,
+    title: "Enable Discourse integration",
+    description: "Discourse configuration present and features enabled"
+  ) %>
+<% if Setting.discourse_enabled? %>
+  <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
+    <%= f.text_field :discourse_public_url,
+      value: Setting.discourse_public_url,
+      class: "w-full", disabled: true %>
+  <% end %>
+  <%= render FormElements::FieldsetComponent.new(title: "Connect secret") do %>
+    <%= f.password_field :discourse_connect_secret,
+      value: Setting.discourse_connect_secret,
+      class: "w-full", disabled: true %>
+  <% end %>
+<% end %>
+</ul>
+<% if Setting.discourse_enabled? %>
+  <% content_for :documentation do %>
+    <h3 class="mt-8">How to configure Discourse</h3>
+    <ol class="list-decimal list-inside">
+    <li class="mb-6">
+      Set the <strong>Discourse Connect URL</strong> to the following URL:
+    </li>
+    <li data-controller="clipboard" class="mb-6 flex gap-1">
+      <input type="text" class="grow" disabled="disabled"
+             value="https://<%= Setting.accounts_domain %>/discourse/connect"
+             data-clipboard-target="source" />
+      <button class="btn-md btn-icon btn-blue shrink-0"
+              data-clipboard-target="trigger" data-action="clipboard#copy"
+              title="Copy to clipboard">
+        <span class="content-initial">
+          <%= render partial: "icons/copy", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+        <span class="content-active hidden">
+          <%= render partial: "icons/check", locals: { custom_class: "text-white h-4 w-4 inline" } %>
+        </span>
+      </button>
+    </li>
+    <li class="mb-6">
+      Set the <strong>Discourse Connect Secret</strong> to the value above.
+    </li>
+    <li>
+      Enable Discourse Connect.
+    </li>
+  <% end %>
+<% end %>

app/views/admin/settings/services/_ejabberd.html.erb

@@ -0,0 +1,49 @@
+<h3>ejabberd (XMPP)</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :ejabberd_enabled,
+    enabled: Setting.ejabberd_enabled?,
+    title: "Enable ejabberd integration",
+    description: "ejabberd configuration present and features enabled"
+  ) %>
+<% if Setting.ejabberd_enabled? %>
+  <%= render FormElements::FieldsetComponent.new(title: "API URL") do %>
+    <%= f.text_field :ejabberd_api_url,
+      value: Setting.ejabberd_api_url,
+      class: "w-full", disabled: true %>
+  <% end %>
+  <%= render FormElements::FieldsetComponent.new(title: "Admin URL") do %>
+    <%= f.text_field :ejabberd_admin_url,
+      value: Setting.ejabberd_admin_url,
+      class: "w-full", disabled: true %>
+  <% end %>
+</ul>
+<h3 class="mt-10">User default settings</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetComponent.new(
+        title: "Default rooms",
+        description: "Add these default rooms to new users' bookmarks"
+      ) do %>
+    <%= f.text_area :xmpp_default_rooms,
+          value: Setting.xmpp_default_rooms.join("\n"),
+          placeholder: "Welcome <welcome@kosmos.chat>\nKosmos <kosmos@kosmos.chat>",
+          class: "h-24 w-full" %>
+  <% end %>
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :xmpp_autojoin_default_rooms,
+    enabled: Setting.xmpp_autojoin_default_rooms?,
+    title: "Auto-join default rooms",
+    description: "Automatically join above default rooms in chat clients"
+  ) %>
+  <%= render FormElements::FieldsetComponent.new(
+        title: "Contact roster name",
+        description: "Used when exchanging contacts after signup from invitation"
+      ) do %>
+    <%= f.text_field :ejabberd_buddy_roster,
+      value: Setting.ejabberd_buddy_roster,
+      class: "w-full" %>
+  <% end %>
+<% end %>
+</ul>

app/views/admin/settings/services/_gitea.html.erb

@@ -0,0 +1,17 @@
+<h3>Gitea</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :gitea_enabled,
+    enabled: Setting.gitea_enabled?,
+    title: "Enable Gitea integration",
+    description: "Gitea configuration present and features enabled"
+  ) %>
+  <% if Setting.gitea_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
+      <%= f.text_field :gitea_public_url,
+        value: Setting.gitea_public_url,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+</ul>

app/views/admin/settings/services/_lndhub.html.erb

@@ -0,0 +1,38 @@
+<h3>Lightning Network</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :lndhub_enabled,
+    enabled: Setting.lndhub_enabled?,
+    title: "Enable LNDHub integration",
+    description: "LNDHub configuration present and wallet features enabled"
+  ) %>
+  <% if Setting.lndhub_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "API URL") do %>
+      <%= f.text_field :lndhub_api_url,
+        value: Setting.lndhub_api_url,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :lndhub_admin_enabled,
+    enabled: Setting.lndhub_admin_enabled?,
+    title: "Enable LNDHub admin panel",
+    description: "LNDHub database configuration present and admin panel enabled"
+  ) %>
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :lndhub_keysend_enabled,
+    enabled: Setting.lndhub_keysend_enabled?,
+    title: "Enable keysend payments",
+    description: "Allow users to receive invoice-less payments to their Lightning Address"
+  ) %>
+  <% if Setting.lndhub_keysend_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "Public key", description: "The public key of the Lightning node used by LNDHub") do %>
+      <%= f.text_field :lndhub_public_key,
+        value: Setting.lndhub_public_key,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+</ul>

app/views/admin/settings/services/_mastodon.html.erb

@@ -0,0 +1,17 @@
+<h3>Mastodon</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :mastodon_enabled,
+    enabled: Setting.mastodon_enabled?,
+    title: "Enable Mastodon integration",
+    description: "Mastodon configuration present and features enabled"
+  ) %>
+  <% if Setting.mastodon_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
+      <%= f.text_field :mastodon_public_url,
+        value: Setting.mastodon_public_url,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+</ul>

app/views/admin/settings/services/_mediawiki.html.erb

@@ -0,0 +1,17 @@
+<h3>MediaWiki</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :mediawiki_enabled,
+    enabled: Setting.mediawiki_enabled?,
+    title: "Enable MediaWiki integration",
+    description: "MediaWiki configuration present and features enabled"
+  ) %>
+  <% if Setting.mediawiki_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "Public URL") do %>
+      <%= f.text_field :mediawiki_public_url,
+        value: Setting.mediawiki_public_url,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+</ul>

app/views/admin/settings/services/_nostr.html.erb

@@ -0,0 +1,10 @@
+<h3>Nostr</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :nostr_enabled,
+    enabled: Setting.nostr_enabled?,
+    title: "Enable Nostr integration (experimental)",
+    description: "Allow adding nostr pubkeys and resolve user addresses via NIP-05"
+  ) %>
+</ul>

app/views/admin/settings/services/_remotestorage.html.erb

@@ -0,0 +1,17 @@
+<h3>RemoteStorage</h3>
+<ul role="list">
+  <%= render FormElements::FieldsetToggleComponent.new(
+    form: f,
+    attribute: :remotestorage_enabled,
+    enabled: Setting.remotestorage_enabled?,
+    title: "Enable RemoteStorage integration",
+    description: "RemoteStorage configuration present and features enabled"
+  ) %>
+  <% if Setting.remotestorage_enabled? %>
+    <%= render FormElements::FieldsetComponent.new(title: "Storage URL") do %>
+      <%= f.text_field :rs_storage_url,
+        value: Setting.rs_storage_url,
+        class: "w-full", disabled: true %>
+    <% end %>
+  <% end %>
+</ul>

app/views/admin/settings/services/index.html.erb

@@ -1,39 +1,29 @@
 <%= render HeaderComponent.new(title: "Settings") %>
 
 <%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/admin_sidenav_settings') do %>
-  <section>
+  <%= form_for(Setting.new, url: admin_settings_services_path) do |f| %>
-    <h3>Lightning Network</h3>
+    <%= hidden_field_tag :service, @service %>
-    <%= form_for(Setting.new, url: admin_settings_services_path) do |f| %>
-      <% if @errors && @errors.any? %>
-        <div>
-          <ul>
-            <% @errors.full_messages.each do |msg| %>
-              <li><%= msg %></li>
-            <% end %>
-          </ul>
-        </div>
-      <% end %>
 
-      <ul role="list" class="mt-2 divide-y divide-gray-200">
+    <% if @errors && @errors.any? %>
-        <li class="flex items-center justify-between py-6">
+      <section>
-          <div class="flex flex-col">
+        <%= render partial: "admin/settings/errors", locals: { errors: @errors } %>
-            <label class="font-bold mb-1">Enable LNDHub integration</label>
+      </section>
-            <p class="text-gray-500 mb-0">LNDHub configuration present and wallet features enabled</p>
-          </div>
-          <%= f.check_box :lndhub_enabled, checked: Setting.lndhub_enabled?,
-                          disabled: true,
-                          class: "relative ml-4 inline-flex flex-shrink-0" %>
-        </li>
-        <li class="flex items-center justify-between py-6">
-          <div class="flex flex-col">
-            <label class="font-bold mb-1">Enable LNDHub admin panel</label>
-            <p class="text-gray-500 mb-0">LNDHub database configuration present and admin panel enabled</p>
-          </div>
-          <%= f.check_box :lndhub_admin_enabled, checked: Setting.lndhub_admin_enabled?,
-                          disabled: true,
-                          class: "relative ml-4 inline-flex flex-shrink-0" %>
-        </li>
-      </ul>
     <% end %>
+
+    <section>
+      <%= render partial: @service, locals: { f: f } %>
+    </section>
+
+    <section>
+      <p class="pt-6 border-t border-gray-200 text-right">
+        <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>
+      </p>
+    </section>
+  <% end %>
+
+  <% if content_for?(:documentation) %>
+  <section>
+    <%= yield :documentation %>
   </section>
+  <% end %>
 <% end %>

app/views/admin/users/index.html.erb

@@ -1,4 +1,4 @@
-<%= render HeaderComponent.new(title: "LDAP Users: #{@ou}") %>
+<%= render HeaderComponent.new(title: "Users: #{@ou}") %>
 
 <%= render MainSimpleComponent.new do %>
   <section>
@@ -22,7 +22,7 @@
       <ul>
         <% @orgs.each do |org| %>
           <li class="inline-block">
-            <%= link_to org[:ou], admin_ldap_users_path(ou: org[:ou]), class: "ks-text-link" %>
+            <%= link_to org[:ou], admin_users_path(ou: org[:ou]), class: "ks-text-link" %>
           </li>
         <% end %>
       </ul>
@@ -30,25 +30,25 @@
   <% end %>
 
   <section>
-    <table>
+    <table class="divided mb-8">
       <thead>
         <tr>
           <th>UID</th>
-          <th>E-Mail</th>
+          <th>Status</th>
-          <th>Admin</th>
+          <th>Roles</th>
           <!-- <th>Password</th> -->
         </tr>
       </thead>
       <tbody>
-        <% @entries.each do |entry| %>
+        <% @users.each do |user| %>
         <tr>
-          <td><%= entry[:uid] %></td>
+          <td><%= link_to(user.cn, admin_user_path(user.address), class: 'ks-text-link') %></td>
-          <td><%= entry[:mail] %></td>
+          <td><%= user.confirmed_at.nil? ? badge("pending", :yellow) : "" %></td>
-          <td><%= entry[:admin] %></td>
+          <td><%= user.is_admin? ? badge("admin", :red) : "" %></td>
-          <!-- <td><%= entry[:password] %></td> -->
         </tr>
         <% end %>
       </tbody>
     </table>
+    <%== pagy_nav @pagy %>
   </section>
 <% end %>

app/views/admin/users/show.html.erb

@@ -0,0 +1,186 @@
+<%= render HeaderComponent.new(title: "User: #{@user.address}") %>
+
+<%= render MainSimpleComponent.new do %>
+  <div class="mb-12 sm:flex sm:flex-row sm:gap-x-8">
+    <section class="sm:flex-1">
+      <h3>Account</h3>
+      <table class="divided">
+        <tbody>
+          <tr>
+            <th>ID</th>
+            <td><%= @user.id %></td>
+          </tr>
+          <tr>
+            <th>Created at</th>
+            <td><%= @user.created_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
+          </tr>
+          <tr>
+            <th>Confirmed at</th>
+            <td>
+            <% if @user.confirmed_at %>
+              <%= @user.confirmed_at.strftime("%Y-%m-%d (%H:%M UTC)") %>
+            <% else %>
+              <%= badge "pending", :yellow %>
+            <% end %>
+            </td>
+          </tr>
+          <tr>
+            <th>Email</th>
+            <td><%= @user.email %></td>
+          </tr>
+          <tr>
+            <th>Roles</th>
+            <td><%= @user.is_admin? ? badge("admin", :red) : "—" %></td>
+          </tr>
+          <tr>
+            <th>Invited by</th>
+            <td>
+            <% if @user.inviter %>
+              <%= link_to @user.inviter.address, admin_user_path(@user.inviter.address), class: 'ks-text-link' %>
+            <% else %>&mdash;<% end %>
+            </td>
+          </tr>
+          <tr>
+            <th>Invitations available</th>
+            <td>
+              <%= @user.invitations.count %>
+            </td>
+          </tr>
+          <tr>
+            <th class="align-top">Invited users</th>
+            <td class="align-top">
+            <% if @user.invitees.length > 0 %>
+              <ul class="mb-0">
+              <% @user.invitees.order(cn: :asc).each do |invitee| %>
+                <li class="leading-none mb-2 last:mb-0"><%= link_to invitee.address, admin_user_path(invitee.address), class: 'ks-text-link' %></li>
+              <% end %>
+              </ul>
+            <% else %>&mdash;<% end %>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+
+    <section class="sm:flex-1 sm:pt-0">
+      <!-- <h3>Actions</h3> -->
+    </section>
+  </div>
+
+  <section>
+    <h3>Services</h3>
+    <table class="divided">
+      <thead>
+        <tr>
+          <th>Name</th>
+          <th>Enabled</th>
+          <th></th>
+        </tr>
+      </thead>
+      <tbody>
+        <% if Setting.discourse_enabled %>
+        <tr>
+          <td>Discourse</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: @services_enabled.include?("discourse"),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+            <%= link_to "Open profile", "#{Setting.discourse_public_url}/u/#{@user.cn}/summary", class: "btn-sm btn-gray" %>
+          </td>
+        </tr>
+        <% end %>
+        <% if Setting.gitea_enabled %>
+        <tr>
+          <td>Gitea</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: @services_enabled.include?("gitea"),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+            <%= link_to "Open profile", "#{Setting.gitea_public_url}/#{@user.cn}", class: "btn-sm btn-gray" %>
+          </td>
+        </tr>
+        <% end %>
+        <% if Setting.mastodon_enabled %>
+        <tr>
+          <td>Mastodon</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: @services_enabled.include?("mastodon"),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+            <%= link_to "Open profile", "#{Setting.mastodon_public_url}/@#{@user.cn}", class: "btn-sm btn-gray" %>
+          </td>
+        </tr>
+        <% end %>
+        <% if Setting.mediawiki_enabled %>
+        <tr>
+          <td>MediaWiki</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: @services_enabled.include?("mediawiki"),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+            <%= link_to "Open profile", "#{Setting.mediawiki_public_url}/Special:Contributions/#{@user.cn}", class: "btn-sm btn-gray" %>
+          </td>
+        </tr>
+        <% end %>
+        <% if Setting.ejabberd_enabled %>
+        <tr>
+          <td>XMPP (ejabberd)</td>
+          <td>
+            <%= render FormElements::ToggleComponent.new(
+              enabled: @services_enabled.include?("xmpp"),
+              input_enabled: false
+            ) %>
+          </td>
+          <td class="text-right">
+            <% if Setting.ejabberd_admin_url.present? %>
+            <%= link_to "Open profile", "#{Setting.ejabberd_admin_url}/server/#{@user.ou}/user/#{@user.cn}/", class: "btn-sm btn-gray" %>
+            <% end %>
+          </td>
+        </tr>
+        <% end %>
+      </tbody>
+    </table>
+  </section>
+
+  <% if Setting.lndhub_admin_enabled? && @user.confirmed? %>
+  <section>
+    <h3>LndHub</h3>
+    <% if @lndhub_user %>
+    <table>
+      <thead>
+        <tr>
+          <th>Account</th>
+          <th>Balance</th>
+          <th>Incoming</th>
+          <th>Outgoing</th>
+          <th>Fees</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td><%= @user.ln_account %></td>
+          <td><%= number_with_delimiter @lndhub_user.balance %> sats</td>
+          <td><%= number_with_delimiter @lndhub_user.sum_incoming %> sats</td>
+          <td><%= number_with_delimiter @lndhub_user.sum_outgoing %> sats</td>
+          <td><%= number_with_delimiter @lndhub_user.sum_fees %> sats</td>
+        </tr>
+      </tbody>
+    </table>
+    <% else %>
+      <p>No LndHub user found for account <strong class="font-mono"><%= @user.ln_account %></strong>.
+    <% end %>
+  </section>
+  <% end %>
+<% end %>

app/views/contributions/donations/index.html.erb

@@ -1,6 +1,10 @@
-<%= render HeaderComponent.new(title: "Contributions") %>
+<%# <%= render HeaderComponent.new(title: "Contributions") %>
+<%= render HeaderWithTabsComponent.new(
+  # title: "Contributions",
+  tabnav_partial: "shared/tabnav_contributions"
+) %>
 
-<%= render MainWithTabnavComponent.new(tabnav_partial: "shared/tabnav_contributions") do %>
+<%= render MainSimpleComponent.new do %>
   <section>
     <% if @donations.any? %>
       <p class="mb-12">

app/views/contributions/projects/index.html.erb

@@ -1,6 +1,9 @@
-<%= render HeaderComponent.new(title: "Contributions") %>
+<%= render HeaderWithTabsComponent.new(
+  # title: "Contributions",
+  tabnav_partial: "shared/tabnav_contributions"
+) %>
 
-<%= render MainWithTabnavComponent.new(tabnav_partial: "shared/tabnav_contributions") do %>
+<%= render MainSimpleComponent.new do %>
   <section>
     <p class="mb-8">
       Project contributions are how we develop and run all Kosmos software and