Merge pull request 'Improve design of service grid on dashboard' (#97) from feature/dashboard_layout into master

Reviewed-on: #97
Reviewed-by: greg <greg@noreply.kosmos.org>

.drone.yml

@@ -17,7 +17,7 @@ steps:
       branch:
         - master
   - name: rspec
-    image: guildeducation/rails:2.7.2-12.22.0
+    image: guildeducation/rails:2.7.2-14.20.0
     environment:
       RAILS_ENV: test
     commands:
@@ -28,10 +28,7 @@ steps:
       - bundle install --jobs=3 --retry=3
       - yarn install
       - rake css:build
-      - rake spec
-    when:
-      branch:
-        - master
+      - bundle exec rspec
   - name: rebuild-cache
     image: drillster/drone-volume-cache
     volumes:

.env.example

@@ -1,3 +1,19 @@
+LDAP_HOST=localhost
+LDAP_PORT=389
+LDAP_ADMIN_PASSWORD=passthebutter
+LDAP_SUFFIX="dc=kosmos,dc=org"
+
+WEBHOOKS_ALLOWED_IPS='10.1.1.163'
+
 EJABBERD_API_URL='https://xmpp.kosmos.org/api'
+
+BTCPAY_API_URL='http://localhost:23001/api/v1'
+
 LNDHUB_API_URL='http://localhost:3023'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+LNDHUB_ADMIN_UI=true
+LNDHUB_PG_HOST=localhost
+LNDHUB_PG_PORT=5432
+LNDHUB_PG_DATABASE=lndhub
+LNDHUB_PG_USERNAME=lndhub
+LNDHUB_PG_PASSWORD=''

.env.production

@@ -1,3 +0,0 @@
-EJABBERD_API_URL='https://xmpp.kosmos.org:5443/api'
-LNDHUB_API_URL='http://10.1.1.163:3023'
-LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'

.env.test

@@ -1,3 +1,8 @@
 EJABBERD_API_URL='http://xmpp.example.com/api'
-LNDHUB_API_URL='http://localhost:3023'
+
+BTCPAY_API_URL='http://btcpay.example.com/api/v1'
+
+LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
+
+WEBHOOKS_ALLOWED_IPS='10.1.1.23'

Dockerfile

@@ -0,0 +1,22 @@
+# syntax=docker/dockerfile:1
+FROM ruby:2.7.6
+RUN apt-get update -qq && apt-get install -y curl ldap-utils
+RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
+RUN apt-get update && apt-get install -y nodejs
+WORKDIR /akkounts
+COPY Gemfile /akkounts/Gemfile
+COPY Gemfile.lock /akkounts/Gemfile.lock
+COPY package.json /akkounts/package.json
+RUN bundle install
+RUN gem install foreman
+RUN npm install -g yarn
+RUN yarn install
+
+# Add a script to be executed every time the container starts.
+COPY docker/entrypoint.sh /usr/bin/
+RUN chmod +x /usr/bin/entrypoint.sh
+ENTRYPOINT ["entrypoint.sh"]
+EXPOSE 3000
+
+# Configure the main process to run when running the image
+CMD ["bin", "dev"]

Gemfile

@@ -38,18 +38,21 @@ gem 'net-ldap'
 
 # Utilities
 gem "rqrcode", "~> 2.0"
+gem 'rails-settings-cached', '~> 2.8.3'
+gem 'pagy', '~> 6.0', '>= 6.0.2'
 
 # HTTP requests
 gem 'faraday'
 
 # Background/scheduled jobs
-gem 'sidekiq'
+gem 'sidekiq', '< 7'
 gem 'sidekiq-scheduler'
 
 group :development, :test do
   # Use sqlite3 as the database for Active Record
   gem 'sqlite3', '~> 1.4'
   gem 'rspec-rails'
+  gem "byebug", "~> 11.1"
 end
 
 group :development do
@@ -58,6 +61,7 @@ group :development do
   gem 'listen', '~> 3.2'
   gem 'letter_opener'
   gem 'letter_opener_web'
+  gem 'faker'
 end
 
 group :test do

Gemfile.lock

@@ -1,77 +1,78 @@
 GEM
   remote: https://rubygems.org/
   specs:
-    actioncable (7.0.2.2)
-      actionpack (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    actioncable (7.0.4)
+      actionpack (= 7.0.4)
+      activesupport (= 7.0.4)
       nio4r (~> 2.0)
       websocket-driver (>= 0.6.1)
-    actionmailbox (7.0.2.2)
-      actionpack (= 7.0.2.2)
-      activejob (= 7.0.2.2)
-      activerecord (= 7.0.2.2)
-      activestorage (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    actionmailbox (7.0.4)
+      actionpack (= 7.0.4)
+      activejob (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
       mail (>= 2.7.1)
       net-imap
       net-pop
       net-smtp
-    actionmailer (7.0.2.2)
-      actionpack (= 7.0.2.2)
-      actionview (= 7.0.2.2)
-      activejob (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    actionmailer (7.0.4)
+      actionpack (= 7.0.4)
+      actionview (= 7.0.4)
+      activejob (= 7.0.4)
+      activesupport (= 7.0.4)
       mail (~> 2.5, >= 2.5.4)
       net-imap
       net-pop
       net-smtp
       rails-dom-testing (~> 2.0)
-    actionpack (7.0.2.2)
-      actionview (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    actionpack (7.0.4)
+      actionview (= 7.0.4)
+      activesupport (= 7.0.4)
       rack (~> 2.0, >= 2.2.0)
       rack-test (>= 0.6.3)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.0, >= 1.2.0)
-    actiontext (7.0.2.2)
-      actionpack (= 7.0.2.2)
-      activerecord (= 7.0.2.2)
-      activestorage (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    actiontext (7.0.4)
+      actionpack (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
       globalid (>= 0.6.0)
       nokogiri (>= 1.8.5)
-    actionview (7.0.2.2)
-      activesupport (= 7.0.2.2)
+    actionview (7.0.4)
+      activesupport (= 7.0.4)
       builder (~> 3.1)
       erubi (~> 1.4)
       rails-dom-testing (~> 2.0)
       rails-html-sanitizer (~> 1.1, >= 1.2.0)
-    activejob (7.0.2.2)
-      activesupport (= 7.0.2.2)
+    activejob (7.0.4)
+      activesupport (= 7.0.4)
       globalid (>= 0.3.6)
-    activemodel (7.0.2.2)
-      activesupport (= 7.0.2.2)
-    activerecord (7.0.2.2)
-      activemodel (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
-    activestorage (7.0.2.2)
-      actionpack (= 7.0.2.2)
-      activejob (= 7.0.2.2)
-      activerecord (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    activemodel (7.0.4)
+      activesupport (= 7.0.4)
+    activerecord (7.0.4)
+      activemodel (= 7.0.4)
+      activesupport (= 7.0.4)
+    activestorage (7.0.4)
+      actionpack (= 7.0.4)
+      activejob (= 7.0.4)
+      activerecord (= 7.0.4)
+      activesupport (= 7.0.4)
       marcel (~> 1.0)
       mini_mime (>= 1.1.0)
-    activesupport (7.0.2.2)
+    activesupport (7.0.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
       i18n (>= 1.6, < 2)
       minitest (>= 5.1)
       tzinfo (~> 2.0)
-    addressable (2.8.0)
-      public_suffix (>= 2.0.2, < 5.0)
-    bcrypt (3.1.16)
+    addressable (2.8.1)
+      public_suffix (>= 2.0.2, < 6.0)
+    bcrypt (3.1.18)
     bindex (0.8.1)
     builder (3.2.4)
-    capybara (3.36.0)
+    byebug (11.1.3)
+    capybara (3.38.0)
       addressable
       matrix
       mini_mime (>= 0.1.3)
@@ -81,12 +82,12 @@ GEM
       regexp_parser (>= 1.5, < 3.0)
       xpath (~> 3.2)
     chunky_png (1.4.0)
-    concurrent-ruby (1.1.9)
-    connection_pool (2.2.5)
+    concurrent-ruby (1.1.10)
+    connection_pool (2.3.0)
     crack (0.4.5)
       rexml
     crass (1.0.6)
-    cssbundling-rails (1.0.0)
+    cssbundling-rails (1.1.1)
       railties (>= 6.0.0)
     database_cleaner (2.0.1)
       database_cleaner-active_record (~> 2.0.0)
@@ -104,44 +105,43 @@ GEM
       devise (>= 3.4.1)
       net-ldap (>= 0.16.0)
     diff-lcs (1.5.0)
-    digest (3.1.0)
-    dotenv (2.7.6)
-    dotenv-rails (2.7.6)
-      dotenv (= 2.7.6)
+    dotenv (2.8.1)
+    dotenv-rails (2.8.1)
+      dotenv (= 2.8.1)
       railties (>= 3.2)
-    e2mmap (0.1.0)
-    erubi (1.10.0)
-    et-orbi (1.2.6)
+    erubi (1.11.0)
+    et-orbi (1.2.7)
       tzinfo
-    factory_bot (6.2.0)
+    factory_bot (6.2.1)
       activesupport (>= 5.0.0)
     factory_bot_rails (6.2.0)
       factory_bot (~> 6.2.0)
       railties (>= 5.0.0)
-    faraday (2.2.0)
-      faraday-net_http (~> 2.0)
+    faker (3.0.0)
+      i18n (>= 1.8.11, < 2)
+    faraday (2.7.1)
+      faraday-net_http (>= 2.0, < 3.1)
       ruby2_keywords (>= 0.0.4)
-    faraday-net_http (2.0.1)
+    faraday-net_http (3.0.2)
     ffi (1.15.5)
-    fugit (1.5.2)
-      et-orbi (~> 1.1, >= 1.1.8)
+    fugit (1.7.2)
+      et-orbi (~> 1, >= 1.2.7)
       raabro (~> 1.4)
     globalid (1.0.0)
       activesupport (>= 5.0)
     hashdiff (1.0.1)
-    i18n (1.9.1)
+    i18n (1.12.0)
       concurrent-ruby (~> 1.0)
-    importmap-rails (1.0.2)
+    importmap-rails (1.1.5)
       actionpack (>= 6.0.0)
       railties (>= 6.0.0)
-    io-wait (0.2.1)
     jbuilder (2.11.5)
       actionview (>= 5.0.0)
       activesupport (>= 5.0.0)
     launchy (2.5.0)
       addressable (~> 2.7)
-    letter_opener (1.7.0)
-      launchy (~> 2.2)
+    letter_opener (1.8.1)
+      launchy (>= 2.2, < 3)
     letter_opener_web (2.0.0)
       actionmailer (>= 5.2)
       letter_opener (~> 1.7)
@@ -150,8 +150,8 @@ GEM
     listen (3.7.1)
       rb-fsevent (~> 0.10, >= 0.10.3)
       rb-inotify (~> 0.9, >= 0.9.10)
-    lockbox (0.6.8)
-    loofah (2.14.0)
+    lockbox (1.1.0)
+    loofah (2.19.0)
       crass (~> 1.0.2)
       nokogiri (>= 1.5.9)
     mail (2.7.1)
@@ -160,130 +160,133 @@ GEM
     matrix (0.4.2)
     method_source (1.0.0)
     mini_mime (1.1.2)
-    minitest (5.15.0)
-    net-imap (0.2.3)
-      digest
+    mini_portile2 (2.8.0)
+    minitest (5.16.3)
+    net-imap (0.3.1)
       net-protocol
-      strscan
-    net-ldap (0.17.0)
-    net-pop (0.1.1)
-      digest
+    net-ldap (0.17.1)
+    net-pop (0.1.2)
       net-protocol
+    net-protocol (0.1.3)
       timeout
-    net-protocol (0.1.2)
-      io-wait
-      timeout
-    net-smtp (0.3.1)
-      digest
+    net-smtp (0.3.3)
       net-protocol
-      timeout
     nio4r (2.5.8)
-    nokogiri (1.13.1-x86_64-linux)
+    nokogiri (1.13.9)
+      mini_portile2 (~> 2.8.0)
+      racc (~> 1.4)
+    nokogiri (1.13.9-x86_64-linux)
       racc (~> 1.4)
     orm_adapter (0.5.0)
+    pagy (6.0.2)
     pg (1.2.3)
-    public_suffix (4.0.6)
-    puma (4.3.11)
+    public_suffix (5.0.0)
+    puma (4.3.12)
       nio4r (~> 2.0)
     raabro (1.4.0)
     racc (1.6.0)
-    rack (2.2.3)
-    rack-test (1.1.0)
-      rack (>= 1.0, < 3)
-    rails (7.0.2.2)
-      actioncable (= 7.0.2.2)
-      actionmailbox (= 7.0.2.2)
-      actionmailer (= 7.0.2.2)
-      actionpack (= 7.0.2.2)
-      actiontext (= 7.0.2.2)
-      actionview (= 7.0.2.2)
-      activejob (= 7.0.2.2)
-      activemodel (= 7.0.2.2)
-      activerecord (= 7.0.2.2)
-      activestorage (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    rack (2.2.4)
+    rack-test (2.0.2)
+      rack (>= 1.3)
+    rails (7.0.4)
+      actioncable (= 7.0.4)
+      actionmailbox (= 7.0.4)
+      actionmailer (= 7.0.4)
+      actionpack (= 7.0.4)
+      actiontext (= 7.0.4)
+      actionview (= 7.0.4)
+      activejob (= 7.0.4)
+      activemodel (= 7.0.4)
+      activerecord (= 7.0.4)
+      activestorage (= 7.0.4)
+      activesupport (= 7.0.4)
       bundler (>= 1.15.0)
-      railties (= 7.0.2.2)
+      railties (= 7.0.4)
     rails-dom-testing (2.0.3)
       activesupport (>= 4.2.0)
       nokogiri (>= 1.6)
-    rails-html-sanitizer (1.4.2)
+    rails-html-sanitizer (1.4.3)
       loofah (~> 2.3)
-    railties (7.0.2.2)
-      actionpack (= 7.0.2.2)
-      activesupport (= 7.0.2.2)
+    rails-settings-cached (2.8.3)
+      activerecord (>= 5.0.0)
+      railties (>= 5.0.0)
+    railties (7.0.4)
+      actionpack (= 7.0.4)
+      activesupport (= 7.0.4)
       method_source
       rake (>= 12.2)
       thor (~> 1.0)
       zeitwerk (~> 2.5)
     rake (13.0.6)
-    rb-fsevent (0.11.1)
+    rb-fsevent (0.11.2)
     rb-inotify (0.10.1)
       ffi (~> 1.0)
-    redis (4.6.0)
-    regexp_parser (2.2.1)
+    redis (5.0.5)
+      redis-client (>= 0.9.0)
+    redis-client (0.11.2)
+      connection_pool
+    regexp_parser (2.6.1)
     responders (3.0.1)
       actionpack (>= 5.0)
       railties (>= 5.0)
     rexml (3.2.5)
-    rqrcode (2.1.1)
+    rqrcode (2.1.2)
       chunky_png (~> 1.0)
       rqrcode_core (~> 1.0)
     rqrcode_core (1.2.0)
-    rspec-core (3.11.0)
-      rspec-support (~> 3.11.0)
-    rspec-expectations (3.11.0)
+    rspec-core (3.12.0)
+      rspec-support (~> 3.12.0)
+    rspec-expectations (3.12.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-mocks (3.11.0)
+      rspec-support (~> 3.12.0)
+    rspec-mocks (3.12.0)
       diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.11.0)
-    rspec-rails (5.1.0)
-      actionpack (>= 5.2)
-      activesupport (>= 5.2)
-      railties (>= 5.2)
-      rspec-core (~> 3.10)
-      rspec-expectations (~> 3.10)
-      rspec-mocks (~> 3.10)
-      rspec-support (~> 3.10)
-    rspec-support (3.11.0)
+      rspec-support (~> 3.12.0)
+    rspec-rails (6.0.1)
+      actionpack (>= 6.1)
+      activesupport (>= 6.1)
+      railties (>= 6.1)
+      rspec-core (~> 3.11)
+      rspec-expectations (~> 3.11)
+      rspec-mocks (~> 3.11)
+      rspec-support (~> 3.11)
+    rspec-support (3.12.0)
     ruby2_keywords (0.0.5)
-    rufus-scheduler (3.8.1)
+    rufus-scheduler (3.8.2)
       fugit (~> 1.1, >= 1.1.6)
-    sidekiq (6.4.1)
+    sidekiq (6.5.5)
       connection_pool (>= 2.2.2)
       rack (~> 2.0)
+      redis (>= 4.5.0)
+    sidekiq-scheduler (4.0.3)
       redis (>= 4.2.0)
-    sidekiq-scheduler (3.1.1)
-      e2mmap
-      redis (>= 3, < 5)
       rufus-scheduler (~> 3.2)
-      sidekiq (>= 3)
-      thwait
+      sidekiq (>= 4, < 7)
       tilt (>= 1.4.0)
-    sprockets (4.0.2)
+    sprockets (4.1.1)
       concurrent-ruby (~> 1.0)
       rack (> 1, < 3)
     sprockets-rails (3.4.2)
       actionpack (>= 5.2)
       activesupport (>= 5.2)
       sprockets (>= 3.0.0)
-    sqlite3 (1.4.2)
-    stimulus-rails (1.0.2)
+    sqlite3 (1.5.4)
+      mini_portile2 (~> 2.8.0)
+    sqlite3 (1.5.4-x86_64-linux)
+    stimulus-rails (1.2.1)
       railties (>= 6.0.0)
-    strscan (3.0.1)
     thor (1.2.1)
-    thwait (0.2.0)
-      e2mmap
-    tilt (2.0.10)
-    timeout (0.2.0)
-    turbo-rails (1.0.1)
+    tilt (2.0.11)
+    timeout (0.3.0)
+    turbo-rails (1.3.2)
       actionpack (>= 6.0.0)
+      activejob (>= 6.0.0)
       railties (>= 6.0.0)
-    tzinfo (2.0.4)
+    tzinfo (2.0.5)
       concurrent-ruby (~> 1.0)
-    view_component (2.49.0)
+    view_component (2.78.0)
       activesupport (>= 5.0.0, < 8.0)
+      concurrent-ruby (~> 1.0)
       method_source (~> 1.0)
     warden (1.2.9)
       rack (>= 2.0.9)
@@ -292,7 +295,7 @@ GEM
       activemodel (>= 6.0.0)
       bindex (>= 0.4.0)
       railties (>= 6.0.0)
-    webmock (3.14.0)
+    webmock (3.18.1)
       addressable (>= 2.8.0)
       crack (>= 0.3.2)
       hashdiff (>= 0.4.0, < 2.0.0)
@@ -301,12 +304,14 @@ GEM
     websocket-extensions (0.1.5)
     xpath (3.2.0)
       nokogiri (~> 1.8)
-    zeitwerk (2.5.4)
+    zeitwerk (2.6.6)
 
 PLATFORMS
+  ruby
   x86_64-linux
 
 DEPENDENCIES
+  byebug (~> 11.1)
   capybara
   cssbundling-rails
   database_cleaner
@@ -314,6 +319,7 @@ DEPENDENCIES
   devise_ldap_authenticatable
   dotenv-rails
   factory_bot_rails
+  faker
   faraday
   importmap-rails
   jbuilder (~> 2.7)
@@ -322,12 +328,14 @@ DEPENDENCIES
   listen (~> 3.2)
   lockbox
   net-ldap
+  pagy (~> 6.0, >= 6.0.2)
   pg (~> 1.2.3)
   puma (~> 4.1)
   rails (~> 7.0.2)
+  rails-settings-cached (~> 2.8.3)
   rqrcode (~> 2.0)
   rspec-rails
-  sidekiq
+  sidekiq (< 7)
   sidekiq-scheduler
   sprockets-rails
   sqlite3 (~> 1.4)

Procfile.dev

@@ -1,2 +1,2 @@
-web: bin/rails server -p 3000
+web: bin/rails server -b 0.0.0.0 -p 3000
 css: yarn build:css --watch

README.md

@@ -7,6 +7,27 @@ credentials, invites, donations, etc..
 
 ## Development
 
+### Quick Start
+
+The easiest way to get a working development setup is using Docker Compose like
+so:
+
+1. Make sure [Docker Compose is installed][1] and Docker is running (included in
+   Docker Desktop)
+2. Uncomment the `web` section in `docker-compose.yml`
+3. Run `docker compose up` and wait until 389ds announces its successful start
+   in the log output
+4. `docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"`
+5. `docker compose run web rails ldap:setup`
+6. `docker compose run web rails db:setup`
+
+After these steps, you should have a working Rails app with a handful of test
+users running on [http://localhost:3000](http://localhost:3000).
+
+Log in with username "admin" and password "admin is admin". All users listed on
+[http://localhost:3000/admin/ldap_users](http://localhost:3000/admin/ldap_users)
+have the password "user is user".
+
 ### Rails app
 
 Installing dependencies:
@@ -31,19 +52,44 @@ Running all specs:
 
     bundle exec rspec
 
-### LDAP server
+### Docker (Compose)
 
-TODO make it easy to run a local Kosmos LDAP server for development, without
-manual LDIF imports etc. (or provide a staging instance)
+There is a working Docker Compose config file, which allows you to spin up both
+an app server for Rails as well as a local 389ds (LDAP) server.
+
+By default, `docker-compose up` will only start the LDAP server, listening on
+port 389 on your machine. Uncomment other services in `docker-compose.yml` if
+you want to use them.
+
+#### LDAP server
+
+After creating the Docker container for the first time (or after deleting it),
+you need to run the following command once, in order to create the dirsrv
+back-end:
+
+    docker-compose exec ldap dsconf localhost backend create --suffix="dc=kosmos,dc=org" --be-name="dev"
+
+Now you can seed the back-end with data using this Rails task:
+
+    bundle exec rails ldap:setup
+
+The setup task will first delete any existing entries in the directory tree
+("dc=kosmos,dc=org"), and then create our development entries.
+
+Note that all 389ds data is stored in `tmp/389ds`. So if you want to start over
+with a fresh installation, delete both that directory as well as the container.
 
 ## Documentation
 
+### Rails
+
 * [Ruby on Rails](https://guides.rubyonrails.org/)
-* [Sass](https://sass-lang.com/documentation)
+* [Pagination](https://ddnexus.github.io/pagy/)
 
 ### Front-end
 
 * [Tailwind CSS](https://tailwindcss.com/)
+* [Sass](https://sass-lang.com/documentation)
 
 ### Testing
 
@@ -63,3 +109,5 @@ manual LDIF imports etc. (or provide a staging instance)
 ## License
 
 [GNU Affero General Public License v3.0](https://choosealicense.com/licenses/agpl-3.0/)
+
+[1]: https://docs.docker.com/compose/install/

app/assets/stylesheets/application.tailwind.css

@@ -4,6 +4,9 @@
 
 @import "components/base";
 @import "components/buttons";
+@import "components/dashboard_services";
 @import "components/forms";
 @import "components/links";
 @import "components/notifications";
+@import "components/pagination";
+@import "components/tables";

app/assets/stylesheets/components/base.css

@@ -1,11 +1,16 @@
 @layer base {
-  body {
-    @apply leading-none
+  html {
+    font-size: 14px;
   }
 
-  /* h1, h2, h3 { */
-  /*   @apply font-light; */
-  /* } */
+  body {
+    @apply leading-none bg-cover bg-fixed;
+    background-image: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(13,79,153,0.8) 100%), url('/img/bg-1.jpg');
+  }
+
+  body#admin {
+    background-image: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(153,12,14,0.9) 100%), url('/img/bg-1.jpg');
+  }
 
   h1 {
     @apply text-3xl uppercase;
@@ -26,4 +31,24 @@
   main section:first-of-type {
     @apply pt-0;
   }
+
+  main p {
+    @apply mb-4 leading-6;
+  }
+
+  main p:last-child {
+    @apply mb-0;
+  }
+
+  main ul {
+    @apply mb-6;
+  }
+
+  main ul:last-child {
+    @apply mb-0;
+  }
+
+  main ul li {
+    @apply leading-6;
+  }
 }

app/assets/stylesheets/components/buttons.css

@@ -1,17 +1,21 @@
 @layer components {
   .btn {
-    @apply font-semibold rounded-md leading-none cursor-pointer text-center
+    @apply inline-block font-semibold rounded-md leading-none cursor-pointer text-center
            transition-colors duration-75 focus:outline-none focus:ring-4;
   }
 
   .btn-md {
     @apply btn;
-    @apply py-2.5 px-5 shadow-md;
+    @apply py-3 px-6;
   }
 
   .btn-sm {
     @apply btn;
-    @apply py-1 px-2 text-sm shadow-sm;
+    @apply py-1 px-2 text-sm;
+  }
+
+  .btn-icon {
+    @apply px-3;
   }
 
   .btn-gray {
@@ -28,4 +32,8 @@
     @apply bg-red-600 hover:bg-red-700 text-white
            focus:ring-red-500 focus:ring-opacity-75;
   }
+
+  input[type=text]:disabled {
+    @apply text-gray-700;
+  }
 }

app/assets/stylesheets/components/dashboard_services.css

@@ -0,0 +1,5 @@
+@layer components {
+  .services > div > a {
+    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 0, rgba(255,255,255,0.88) 100%);
+  }
+}

app/assets/stylesheets/components/forms.css

@@ -1,6 +1,6 @@
 @layer components {
   input[type=text], input[type=email], input[type=password],
-  input[type=number], select {
+  input[type=number], select, textarea {
     @apply mt-1 rounded-md bg-gray-100 focus:bg-white
            border-transparent focus:border-transparent focus:ring-2
            focus:ring-blue-600 focus:ring-opacity-75;

app/assets/stylesheets/components/pagination.css

@@ -0,0 +1,45 @@
+@layer components {
+  .pagy-nav.pagination {
+    @apply isolate inline-flex -space-x-px rounded-md shadow-sm;
+  }
+
+  .pagy-nav .page:not(.prev):not(.next) {
+    @apply hidden sm:inline-block;
+  }
+
+  .pagy-nav .page.next a {
+    @apply relative inline-flex items-center rounded-r-md border
+           border-gray-300 bg-white px-3 py-2 text-sm font-medium
+           text-gray-500 hover:bg-gray-100 focus:z-20;
+  }
+
+  .pagy-nav .page.prev a {
+    @apply relative inline-flex items-center rounded-l-md border
+           border-gray-300 bg-white px-3 py-2 text-sm font-medium
+           text-gray-500 hover:bg-gray-100 focus:z-20;
+  }
+
+  .pagy-nav .page.next.disabled {
+    @apply relative inline-flex items-center rounded-r-md border
+           border-gray-300 bg-gray-100 px-3 py-2 text-sm font-medium
+           text-gray-400 focus:z-20;
+  }
+
+  .pagy-nav .page.prev.disabled {
+    @apply relative inline-flex items-center rounded-l-md border
+           border-gray-300 bg-gray-100 px-3 py-2 text-sm font-medium
+           text-gray-400 focus:z-20;
+  }
+
+  .pagy-nav .page a, .page.gap {
+    @apply bg-white border-gray-300 text-gray-500 hover:bg-gray-100 relative
+           inline-flex items-center border px-4 py-2 text-sm font-medium
+           focus:z-20;
+  }
+
+  .pagy-nav .page.active {
+    @apply z-10 border-indigo-500 bg-indigo-50 text-indigo-600 relative
+           inline-flex items-center border px-4 py-2 text-sm font-medium
+           focus:z-20;
+  }
+}

app/assets/stylesheets/components/tables.css

@@ -0,0 +1,36 @@
+@layer components {
+  table {
+    @apply w-full;
+  }
+
+  table thead tr {
+    @apply text-left;
+  }
+
+  table thead th {
+    @apply pb-3.5 text-sm font-normal uppercase text-gray-500;
+  }
+
+  table tbody th {
+    @apply text-left font-normal text-gray-500;
+  }
+
+  table th:not(:last-of-type),
+  table td:not(:last-of-type) {
+    @apply pr-2;
+  }
+
+  table td, tbody th {
+    @apply py-2;
+  }
+
+  table.divided {
+    @apply divide-y divide-gray-300;
+  }
+  table.divided tbody {
+    @apply divide-y divide-gray-200;
+  }
+  table.divided td, table.divided tbody th {
+    @apply py-3;
+  }
+}

app/assets/stylesheets/legacy.sass.scss

@@ -1,2 +0,0 @@
-@import "legacy/layout";
-@import "legacy/main_nav";

app/assets/stylesheets/legacy/_layout.scss

@@ -1,118 +0,0 @@
-@import "variables";
-@import "mediaqueries";
-
-body {
-  background: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(13,79,153,0.8) 100%),
-              url('/img/bg-1.jpg');
-  background-size: cover;
-  background-attachment: fixed;
-}
-
-body#admin {
-  background: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(153,12,14,0.9) 100%),
-              url('/img/bg-1.jpg');
-  background-size: cover;
-  background-attachment: fixed;
-}
-
-.ks-site-icon {
-  svg {
-    display: inline-block;
-    height: 1.875rem;
-    vertical-align: top;
-    width: auto;
-  }
-}
-
-#wrapper {
-  width: 100%;
-  text-align: center;
-
-  > header {
-    margin: 0 auto;
-    padding: 4rem 0;
-    text-align: center;
-    background: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(13,79,153,0.8) 100%),
-                url('/img/bg-1.jpg');
-    background-size: cover;
-
-    @include media-max(small) {
-      padding: 3rem 0;
-    }
-
-    h1 {
-      color: #fff;
-
-      span.project-name {
-        display: none;
-      }
-    }
-
-    p.current-user {
-      color: rgba(255,255,255,0.6);
-
-      @include media-max(small) {
-        font-size: 0.85rem;
-      }
-    }
-
-    a {
-      color: rgba(255,255,255,0.6);
-      transition: color 0.1s linear;
-
-      &:hover, &:active {
-        color: #fff;
-      }
-    }
-  }
-}
-
-main {
-  p {
-    line-height: 1.5rem;
-    margin-bottom: 1rem;
-
-    &.notice {
-      text-align: center;
-    }
-  }
-
-  ul {
-    margin-bottom: 1.5rem;
-
-    li {
-      line-height: 1.5rem;
-    }
-  }
-
-  table {
-    width: 100%;
-
-    th {
-      color: $text-color-discreet;
-      font-weight: normal;
-      text-transform: uppercase;
-      font-size: 0.85rem;
-      padding-bottom: 0.825rem;
-    }
-
-    td {
-      padding-top: 0.5rem;
-      padding-bottom: 0.5rem;
-    }
-  }
-}
-
-.grid {
-  display: grid;
-
-  &.services {
-    grid-template-columns: 1fr 1fr 1fr;
-    grid-row-gap: 1rem;
-    grid-column-gap: 2rem;
-
-    @include media-max(small) {
-      grid-template-columns: 1fr;
-    }
-  }
-}

app/assets/stylesheets/legacy/_main_nav.scss

@@ -1,54 +0,0 @@
-@import "variables";
-@import "mediaqueries";
-
-#main-nav {
-  width: 100%;
-  text-align: center;
-  background-color: #efefef;
-
-  .wrapper {
-    width: $content-width;
-    max-width: $content-max-width;
-    margin: 0 auto;
-  }
-
-  ul {
-    @include media-max(large) {
-      display: grid;
-      grid-template-columns: 1fr 1fr 1fr 1fr 1fr;
-    }
-
-    li {
-      @include media-min(large) {
-        display: inline;
-      }
-
-      @include media-max(large) {
-        display: block;
-      }
-
-      a {
-        display: inline-block;
-        padding: 1.5rem 2rem;
-        text-decoration: none;
-        color: $text-color-discreet;
-
-        @include media-max(large) {
-          display: block;
-          text-align: center;
-          padding-left: 0;
-          padding-right: 0;
-        }
-
-        @include media-max(small) {
-          font-size: 0.85rem;
-        }
-
-        &.active {
-          color: $text-color-body;
-          border-bottom: 2px solid #4ea2df;
-        }
-      }
-    }
-  }
-}

app/assets/stylesheets/legacy/_mediaqueries.scss

@@ -1,33 +0,0 @@
-$breakpoints-max: (
-  small: 600px,
-  medium: 960px,
-  large: 1280px
-);
-
-$breakpoints-min: (
-  small: 601px,
-  medium: 961px,
-  large: 1281px
-);
-
-@mixin media-max($screen-size) {
-  @if map-has-key($breakpoints-max, $screen-size) {
-    @media (max-width: map-get($breakpoints-max, $screen-size)) {
-      @content;
-    }
-  } @else {
-    // Debugging
-    @warn "'#{$screen-size}' has not been declared as a breakpoint."
-  }
-}
-
-@mixin media-min($screen-size) {
-  @if map-has-key($breakpoints-min, $screen-size) {
-    @media (min-width: map-get($breakpoints-min, $screen-size)) {
-      @content;
-    }
-  } @else {
-    // Debugging
-    @warn "'#{$screen-size}' has not been declared as a breakpoint."
-  }
-}

app/assets/stylesheets/legacy/_variables.scss

@@ -1,13 +0,0 @@
-$content-width: 800px;
-$content-max-width: 100%;
-
-$text-color-body: #222;
-$text-color-discreet: #888;
-
-$background-color-notice: #efffc4;
-$background-color-alert: #fff4c2;
-
-$color-blue: #0d4f99;
-$color-purple: #8955a0;
-$color-red-bright: #c00;
-$color-red-dark: #990c0e;

app/components/main_simple_component.html.erb

@@ -1,5 +1,5 @@
 <main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
-  <div class="bg-white rounded-lg shadow px-6 sm:px-12 py-8 sm:py-12">
+  <div class="md:min-h-[50vh] bg-white rounded-lg shadow px-6 sm:px-12 py-8 sm:py-12">
     <%= content %>
   </div>
 </main>

app/components/main_with_sidenav_component.html.erb

@@ -1,6 +1,6 @@
 <main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
   <div class="bg-white rounded-lg shadow">
-    <div class="divide-y divide-gray-200 lg:grid lg:grid-cols-12 lg:divide-y-0 lg:divide-x">
+    <div class="md:min-h-[50vh] divide-y divide-gray-200 lg:grid lg:grid-cols-12 lg:divide-y-0 lg:divide-x">
       <aside class="py-6 sm:py-8 lg:col-span-3">
         <nav class="space-y-1">
           <%= render partial: @sidenav_partial %>

app/components/main_with_tabnav_component.html.erb

@@ -0,0 +1,10 @@
+<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
+  <div class="bg-white rounded-lg shadow">
+    <div class="px-6 sm:px-12 pt-2 sm:pt-4">
+      <%= render partial: @tabnav_partial %>
+    </div>
+    <div class="px-6 sm:px-12 py-8 sm:py-12">
+      <%= content %>
+    </div>
+  </div>
+</main>

app/components/main_with_tabnav_component.rb

@@ -0,0 +1,7 @@
+# frozen_string_literal: true
+
+class MainWithTabnavComponent < ViewComponent::Base
+  def initialize(tabnav_partial:)
+    @tabnav_partial = tabnav_partial
+  end
+end

app/components/quickstats_container_component.html.erb

@@ -0,0 +1,3 @@
+<dl class="grid grid-cols-2 lg:grid-cols-4 gap-6 sm:gap-12">
+  <%= content %>
+</dl>

app/components/quickstats_container_component.rb

@@ -0,0 +1,4 @@
+# frozen_string_literal: true
+
+class QuickstatsContainerComponent < ViewComponent::Base
+end

app/components/quickstats_item_component.html.erb

@@ -0,0 +1,18 @@
+<div class="">
+  <dt class="mb-2 text-gray-500">
+    <%= @title %>
+  </dt>
+  <dd>
+    <% if @type == :number %>
+      <span class="text-2xl"><%= number_with_delimiter @value %></span>
+    <% else %>
+      <span class="text-2xl"><%= @value %></span>
+    <% end %>
+    <% if @unit %>
+      <span><%= @unit %></span>
+    <% end %>
+    <% if @meta %>
+      <span class="text-gray-500"><%= @meta %></span>
+    <% end %>
+  </dd>
+</div>

app/components/quickstats_item_component.rb

@@ -0,0 +1,13 @@
+# frozen_string_literal: true
+
+class QuickstatsItemComponent < ViewComponent::Base
+  def initialize(type:, title:, value:, unit: nil, meta: nil, icon_name: nil, icon_color_class: nil)
+    @type = type
+    @title = title
+    @value = value
+    @unit = unit
+    @meta = meta
+    @icon_name = icon_name
+    @icon_color_class = icon_color_class
+  end
+end

app/components/sidenav_link_component.html.erb

@@ -1,4 +1,4 @@
-<%= link_to @path, class: @link_class do %>
+<%= link_to @path, class: @link_class, title: (@disabled ? "Coming soon" : nil) do %>
   <%= render partial: "icons/#{@icon}", locals: { custom_class: @icon_class } %>
   <span class="truncate"><%= @name %></span>
 <% end %>

app/components/tabnav_link_component.html.erb

@@ -0,0 +1,3 @@
+<%= link_to @path, class: @link_class do %>
+  <%= @name %>
+<% end %>

app/components/tabnav_link_component.rb

@@ -0,0 +1,21 @@
+# frozen_string_literal: true
+
+class TabnavLinkComponent < ViewComponent::Base
+  def initialize(name:, path:, active: false, disabled: false)
+    @name = name
+    @path = path
+    @active = active
+    @disabled = disabled
+    @link_class = class_names_link(path)
+  end
+
+  def class_names_link(path)
+    if @active
+      "border-indigo-500 text-indigo-600 w-1/2 py-4 px-1 text-center border-b-2"
+    elsif @disabled
+      "border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 w-1/2 py-4 px-1 text-center border-b-2"
+    else
+      "border-transparent text-gray-500 hover:text-gray-700 hover:border-gray-300 w-1/2 py-4 px-1 text-center border-b-2"
+    end
+  end
+end

app/components/wallet_summary_component.html.erb

@@ -0,0 +1,22 @@
+<section class="w-full grid grid-cols-1 md:grid-cols-12 md:mb-0">
+  <div class="md:col-span-8">
+    <p>
+      Send and receive sats via the Bitcoin Lightning Network.
+    </p>
+  </div>
+  <div class="md:col-span-4 mt-4 md:mt-0">
+    <p class="font-mono md:text-right mb-0 p-4 border border-gray-300 rounded-lg overflow-hidden">
+    <% if @balance %>
+      <span class="text-2xl"><%= number_with_delimiter @balance %></span>
+      <span class="text-xl">sats</span>
+      <br>
+      <span class="text-sm text-gray-500">Available balance</span>
+    <% else %>
+      <span class="text-2xl">n/a</span>
+      <span class="text-xl">sats</span>
+      <br>
+      <span class="text-sm text-gray-500">Balance unavailable</span>
+    <% end %>
+    </p>
+  </div>
+</section>

app/components/wallet_summary_component.rb

@@ -0,0 +1,8 @@
+# frozen_string_literal: true
+
+class WalletSummaryComponent < ViewComponent::Base
+  def initialize(balance:)
+    @balance = balance
+  end
+
+end

app/controllers/account_controller.rb

@@ -0,0 +1,7 @@
+class AccountController < ApplicationController
+  before_action :require_user_signed_in
+
+  def index
+    @current_section = :account
+  end
+end

app/controllers/admin/base_controller.rb

@@ -1,4 +1,5 @@
 class Admin::BaseController < ApplicationController
+  include Pagy::Backend
 
   before_action :authenticate_user!
   before_action :authorize_admin
@@ -7,5 +8,4 @@ class Admin::BaseController < ApplicationController
   def set_context
     @context = :admin
   end
-
 end

app/controllers/admin/donations_controller.rb

@@ -5,7 +5,12 @@ class Admin::DonationsController < Admin::BaseController
   # GET /donations
   # GET /donations.json
   def index
-    @donations = Donation.all
+    @pagy, @donations = pagy(Donation.all.order('created_at desc'))
+
+    @stats = {
+      overall_sats: @donations.all.sum("amount_sats"),
+      donor_count: Donation.distinct.count(:user_id)
+    }
   end
 
   # GET /donations/1
@@ -29,7 +34,11 @@ class Admin::DonationsController < Admin::BaseController
 
     respond_to do |format|
       if @donation.save
-        format.html { redirect_to admin_donation_url(@donation), notice: 'Donation was successfully created.' }
+        format.html do
+          redirect_to admin_donation_url(@donation), flash: {
+            success: 'Donation was successfully created.'
+          }
+        end
         format.json { render :show, status: :created, location: @donation }
       else
         format.html { render :new }
@@ -43,7 +52,11 @@ class Admin::DonationsController < Admin::BaseController
   def update
     respond_to do |format|
       if @donation.update(donation_params)
-        format.html { redirect_to admin_donation_url(@donation), notice: 'Donation was successfully updated.' }
+        format.html do
+          redirect_to admin_donation_url(@donation), flash: {
+            success: 'Donation was successfully updated.'
+          }
+        end
         format.json { render :show, status: :ok, location: @donation }
       else
         format.html { render :edit }
@@ -57,7 +70,10 @@ class Admin::DonationsController < Admin::BaseController
   def destroy
     @donation.destroy
     respond_to do |format|
-      format.html { redirect_to admin_donations_url, notice: 'Donation was successfully destroyed.' }
+      format.html do redirect_to admin_donations_url, flash: {
+        success: 'Donation was successfully destroyed.'
+      }
+      end
       format.json { head :no_content }
     end
   end

app/controllers/admin/invitations_controller.rb

@@ -1,8 +1,12 @@
 class Admin::InvitationsController < Admin::BaseController
   def index
     @current_section = :invitations
-    @invitations_unused_count = Invitation.unused.count
-    @users_with_referrals_count = Invitation.used.distinct.count(:user_id)
-    @invitations_used = Invitation.used.order('used_at desc')
+    @pagy, @invitations_used = pagy(Invitation.used.order('used_at desc'))
+
+    @stats = {
+      available: Invitation.unused.count,
+      accepted: @invitations_used.length,
+      users_with_referrals: Invitation.used.distinct.count(:user_id)
+    }
   end
 end

app/controllers/admin/ldap_users_controller.rb

@@ -1,45 +0,0 @@
-class Admin::LdapUsersController < Admin::BaseController
-  before_action :set_current_section
-
-  def index
-    attributes = %w{dn cn uid mail admin}
-    filter = Net::LDAP::Filter.eq("uid", "*")
-
-    @ou = params[:ou] || "kosmos.org"
-    treebase = "ou=#{@ou},cn=users,dc=kosmos,dc=org"
-
-    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
-    entries.sort_by! { |e| e.cn[0] }
-
-    @entries = entries.collect do |e|
-      {
-        uid: e.uid.first,
-        mail: e.try(:mail) ? e.mail.first : nil,
-        admin: e.try(:admin) ? 'admin' : nil
-        # password: e.userpassword.first
-      }
-    end
-    # ldap_client.get_operation_result
-  end
-
-  private
-
-  def ldap_client
-    ldap_client ||= Net::LDAP.new host: ldap_config['host'],
-      port: ldap_config['port'],
-      encryption: ldap_config['ssl'],
-      auth: {
-        method: :simple,
-        username: ldap_config['admin_user'],
-        password: ldap_config['admin_password']
-      }
-  end
-
-  def ldap_config
-    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
-  end
-
-  def set_current_section
-    @current_section = :ldap_users
-  end
-end

app/controllers/admin/lightning_controller.rb

@@ -0,0 +1,21 @@
+class Admin::LightningController < Admin::BaseController
+  before_action :check_feature_enabled
+
+  def index
+    @current_section = :lightning
+
+    @users = User.pluck(:cn, :ou, :ln_account)
+    @accounts = LndhubAccount.with_balances.order(balance: :desc).to_a
+
+    @ln = {}
+    @ln[:current_balance] = LndhubAccount.current.joins(:ledgers).sum("account_ledgers.amount")
+    @ln[:users_with_sats] = @accounts.length
+  end
+
+  def check_feature_enabled
+    if !Setting.lndhub_admin_enabled?
+      flash[:alert] = "Lightning Admin UI not enabled"
+      redirect_to admin_root_path and return
+    end
+  end
+end

app/controllers/admin/settings/registrations_controller.rb

@@ -0,0 +1,38 @@
+class Admin::Settings::RegistrationsController < Admin::SettingsController
+
+  def index
+  end
+
+  def create
+    @errors = ActiveModel::Errors.new(Setting.new)
+
+    setting_params.keys.each do |key|
+      next if setting_params[key].nil?
+
+      setting = Setting.new(var: key)
+      setting.value = setting_params[key].strip
+      unless setting.valid?
+        @errors.merge!(setting.errors)
+      end
+    end
+
+    if @errors.any?
+      render :index
+    end
+
+    setting_params.keys.each do |key|
+      Setting.send("#{key}=", setting_params[key].strip) unless setting_params[key].nil?
+    end
+
+    redirect_to admin_settings_registrations_path, flash: {
+      success: "Settings saved"
+    }
+  end
+
+  private
+
+  def setting_params
+    params.require(:setting).permit(:reserved_usernames)
+  end
+
+end

app/controllers/admin/settings/services_controller.rb

@@ -0,0 +1,9 @@
+class Admin::Settings::ServicesController < Admin::SettingsController
+
+  def index
+  end
+
+  def update
+  end
+
+end

app/controllers/admin/settings_controller.rb

@@ -0,0 +1,12 @@
+class Admin::SettingsController < Admin::BaseController
+  before_action :set_current_section
+
+  def index
+  end
+
+  private
+
+  def set_current_section
+    @current_section = :settings
+  end
+end

app/controllers/admin/users_controller.rb

@@ -0,0 +1,35 @@
+class Admin::UsersController < Admin::BaseController
+  before_action :set_user, only: [:show]
+  before_action :set_current_section
+
+  def index
+    ldap   = LdapService.new
+    @ou    = params[:ou] || "kosmos.org"
+    @orgs  = ldap.fetch_organizations
+    @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
+
+    @stats = {
+      users_confirmed: User.where(ou: @ou).confirmed.count,
+      users_pending: User.where(ou: @ou).pending.count
+    }
+  end
+
+  def show
+    if Setting.lndhub_admin_enabled?
+      @lndhub_user = @user.lndhub_user
+    end
+
+    @services_enabled = @user.services_enabled
+  end
+
+  private
+
+  def set_user
+    address = params[:address].split("@")
+    @user = User.where(cn: address.first, ou: address.last).first
+  end
+
+  def set_current_section
+    @current_section = :users
+  end
+end

app/controllers/api/base_controller.rb

@@ -0,0 +1,5 @@
+class Api::BaseController < ApplicationController
+
+  layout false
+
+end

app/controllers/api/kredits_controller.rb

@@ -0,0 +1,13 @@
+class Api::KreditsController < Api::BaseController
+
+  def onchain_btc_balance
+    btcpay = BtcPay.new
+    balance = btcpay.onchain_wallet_balance
+    render json: balance
+  rescue => error
+    Rails.logger.warn "Failed to fetch kredits BTC wallet balance: #{error.message}"
+    render json: { error: 'Failed to fetch wallet balance' },
+           status: 500
+  end
+
+end

app/controllers/contributions/donations_controller.rb

@@ -1,4 +1,4 @@
-class DonationsController < ApplicationController
+class Contributions::DonationsController < ApplicationController
   before_action :require_user_signed_in
 
   # GET /donations

app/controllers/contributions/projects_controller.rb

@@ -0,0 +1,8 @@
+class Contributions::ProjectsController < ApplicationController
+  before_action :require_user_signed_in
+
+  # GET /contributions
+  def index
+    @current_section = :contributions
+  end
+end

app/controllers/invitations_controller.rb

@@ -5,7 +5,7 @@ class InvitationsController < ApplicationController
   # GET /invitations
   def index
     @invitations_unused = current_user.invitations.unused
-    @invitations_used   = current_user.invitations.used
+    @invitations_used   = current_user.invitations.used.order('used_at desc')
     @current_section = :invitations
   end
 
@@ -27,7 +27,10 @@ class InvitationsController < ApplicationController
 
     respond_to do |format|
       if @invitation.save
-        format.html { redirect_to @invitation, notice: 'Invitation was successfully created.' }
+        format.html do redirect_to @invitation, flash: {
+          success: 'Invitation was successfully created.'
+        }
+        end
         format.json { render :show, status: :created, location: @invitation }
       else
         format.html { render :new }

app/controllers/lnurlpay_controller.rb

@@ -1,7 +1,7 @@
 class LnurlpayController < ApplicationController
   before_action :find_user_by_address
 
-  MIN_SATS = 100
+  MIN_SATS = 10
   MAX_SATS = 1_000_000
   MAX_COMMENT_CHARS = 100
 
@@ -32,7 +32,7 @@ class LnurlpayController < ApplicationController
       return
     end
 
-    memo = "Sats for #{address}"
+    memo = "To #{address}"
     memo = "#{memo}: \"#{comment}\"" if comment.present?
 
     payment_request = @user.ln_create_invoice({

app/controllers/security_controller.rb

@@ -1,7 +0,0 @@
-class SecurityController < ApplicationController
-  before_action :require_user_signed_in
-
-  def index
-    @current_section = :security
-  end
-end

app/controllers/settings/account_controller.rb

@@ -0,0 +1,13 @@
+class Settings::AccountController < SettingsController
+
+  def index
+  end
+
+  def reset_password
+    current_user.send_reset_password_instructions
+    sign_out current_user
+    msg = "We have sent you an email with a link to reset your password."
+    redirect_to check_your_email_path, notice: msg
+  end
+
+end

app/controllers/settings/profile_controller.rb

@@ -0,0 +1,11 @@
+class Settings::ProfileController < SettingsController
+
+  def index
+    @user = current_user
+  end
+
+  def update
+
+  end
+
+end

app/controllers/settings_controller.rb

@@ -1,13 +1,13 @@
 class SettingsController < ApplicationController
   before_action :require_user_signed_in
+  before_action :set_current_section
 
   def index
   end
 
-  def reset_password
-    current_user.send_reset_password_instructions
-    sign_out current_user
-    msg = "We have sent you an email with a link to reset your password."
-    redirect_to check_your_email_path, notice: msg
+  private
+
+  def set_current_section
+    @current_section = :settings
   end
 end

app/controllers/turbo_controller.rb

@@ -0,0 +1,18 @@
+class TurboController < ApplicationController
+  class Responder < ActionController::Responder
+    def to_turbo_stream
+      controller.render(options.merge(formats: :html))
+    rescue ActionView::MissingTemplate => error
+      if get?
+        raise error
+      elsif has_errors? && default_action
+        render rendering_options.merge(formats: :html, status: :unprocessable_entity)
+      else
+        redirect_to navigation_location
+      end
+    end
+  end
+
+  self.responder = Responder
+  respond_to :html, :turbo_stream
+end

app/controllers/users/confirmations_controller.rb

@@ -0,0 +1,17 @@
+# frozen_string_literal: true
+
+class Users::ConfirmationsController < Devise::ConfirmationsController
+  # GET /resource/confirmation?confirmation_token=abcdef
+  def show
+    self.resource = resource_class.confirm_by_token(params[:confirmation_token])
+    yield resource if block_given?
+
+    if resource.errors.empty?
+      set_flash_message!(:success, :confirmed)
+      resource.devise_after_confirmation
+      respond_with_navigational(resource){ redirect_to after_confirmation_path_for(resource_name, resource) }
+    else
+      respond_with_navigational(resource.errors, status: :unprocessable_entity){ render :new }
+    end
+  end
+end

app/controllers/users/devise_controller.rb

@@ -0,0 +1,18 @@
+class Users::DeviseController < ApplicationController
+  class Responder < ActionController::Responder
+    def to_turbo_stream
+      controller.render(options.merge(formats: :html))
+    rescue ActionView::MissingTemplate => error
+      if get?
+        raise error
+      elsif has_errors? && default_action
+        render rendering_options.merge(formats: :html, status: :unprocessable_entity)
+      else
+        redirect_to navigation_location
+      end
+    end
+  end
+
+  self.responder = Responder
+  respond_to :html, :turbo_stream
+end

app/controllers/wallet_controller.rb

@@ -3,11 +3,11 @@ require "rqrcode"
 class WalletController < ApplicationController
   before_action :require_user_signed_in
   before_action :authenticate_with_lndhub
+  before_action :set_current_section
+  before_action :fetch_balance
 
   def index
-    @current_section = :wallet
-
-    @wallet_url = "lndhub://#{current_user.ln_login}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
+    @wallet_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
 
     qrcode = RQRCode::QRCode.new(@wallet_url)
     @svg = qrcode.as_svg(
@@ -20,28 +20,71 @@ class WalletController < ApplicationController
         class: 'inline-block'
       }
     )
+  end
 
-    @balance = fetch_balance rescue nil
+  def transactions
+    @transactions = fetch_transactions
   end
 
   private
 
-  def authenticate_with_lndhub
-    if session["ln_auth_token"].present?
-      @ln_auth_token = session["ln_auth_token"]
+  def authenticate_with_lndhub(options={})
+    if session[:ln_auth_token].present? && !options[:force_reauth]
+      @ln_auth_token = session[:ln_auth_token]
     else
       lndhub = Lndhub.new
       auth_token = lndhub.authenticate(current_user)
-      session["ln_auth_token"] = auth_token
+      session[:ln_auth_token] = auth_token
       @ln_auth_token = auth_token
     end
   rescue
     # TODO add exception tracking
   end
 
+  def set_current_section
+    @current_section = :wallet
+  end
+
   def fetch_balance
     lndhub = Lndhub.new
     data = lndhub.balance @ln_auth_token
-    data["BTC"]["AvailableBalance"]
+    @balance = data["BTC"]["AvailableBalance"] rescue nil
+  rescue
+    authenticate_with_lndhub(force_reauth: true)
+    return nil if @fetch_balance_retried
+    @fetch_balance_retried = true
+    fetch_balance
+  end
+
+  def fetch_transactions
+    lndhub = Lndhub.new
+    txs = lndhub.gettxs @ln_auth_token
+    invoices = lndhub.getuserinvoices(@ln_auth_token).select{|i| i["ispaid"]}
+    process_transactions(txs + invoices)
+  rescue
+    authenticate_with_lndhub(force_reauth: true)
+    return [] if @fetch_transactions_retried
+    @fetch_transactions_retried = true
+    fetch_transactions
+  end
+
+  def process_transactions(txs)
+    txs.collect do |tx|
+      if tx["type"] == "bitcoind_tx"
+        tx["amount_sats"] = (tx["amount"] * 100000000).to_i
+        tx["datetime"] = Time.at(tx["time"].to_i)
+        tx["title"] = "Received"
+        tx["description"] = "On-chain topup"
+        tx["received"] = true
+      else
+        tx["amount_sats"] = tx["value"] || tx["amt"]
+        tx["datetime"] = Time.at(tx["timestamp"].to_i)
+        tx["title"] = tx["type"] == "paid_invoice" ? "Sent" : "Received"
+        tx["description"] = tx["memo"] || tx["description"]
+        tx["received"] = tx["type"] == "user_invoice"
+      end
+    end
+
+    txs.sort{ |a,b| b["datetime"] <=> a["datetime"] }
   end
 end

app/controllers/webhooks_controller.rb

@@ -0,0 +1,40 @@
+class WebhooksController < ApplicationController
+  skip_forgery_protection
+
+  before_action :authorize_request
+
+  def lndhub
+    begin
+      payload = JSON.parse(request.body.read, symbolize_names: true)
+      head :no_content and return unless payload[:type] == "incoming"
+    rescue
+      head :unprocessable_entity and return
+    end
+
+    user = User.find_by!(ln_account: payload[:user_login])
+
+    # TODO make configurable
+    notify_xmpp(user.address, payload[:amount], payload[:memo])
+
+    head :ok
+  end
+
+  private
+
+  def notify_xmpp(address, amt_sats, memo)
+    payload = {
+      type: "normal",
+      from: "kosmos.org", # TODO domain config
+      to: address,
+      subject: "Sats received!",
+      body: "#{amt_sats} sats received in your Lightning wallet:\n> #{memo}"
+    }
+    XmppSendMessageJob.perform_later(payload)
+  end
+
+  def authorize_request
+    if !ENV['WEBHOOKS_ALLOWED_IPS'].split(',').include?(request.remote_ip)
+      head :forbidden and return
+    end
+  end
+end

app/helpers/application_helper.rb

@@ -1,4 +1,6 @@
 module ApplicationHelper
+  include Pagy::Frontend
+
   def sats_to_btc(sats)
     sats.to_f / 100000000
   end
@@ -10,5 +12,10 @@ module ApplicationHelper
       "text-gray-300 hover:bg-gray-900/30 hover:text-white active:bg-gray-900/30 active:text-white px-3 py-2 rounded-md font-medium text-base md:text-sm block md:inline-block"
     end
   end
-end
 
+  # Colors available: gray, red, yellow, green, blue, purple, pink
+  # (Add more colors by adding classes to the safelist in tailwind.config.js)
+  def badge(text, color)
+    tag.span text, class: "inline-flex items-center rounded-full bg-#{color}-100 px-2.5 py-0.5 text-xs font-medium text-#{color}-800"
+  end
+end

app/helpers/ldap_users_helper.rb

@@ -1,2 +0,0 @@
-module LdapUsersHelper
-end

app/helpers/users_helper.rb

@@ -0,0 +1,2 @@
+module UsersHelper
+end

app/javascript/controllers/clipboard_controller.js

@@ -0,0 +1,16 @@
+import { Controller } from "@hotwired/stimulus"
+
+export default class extends Controller {
+  static targets = ["source", "trigger"]
+
+  copy (event) {
+    event.preventDefault();
+    navigator.clipboard.writeText(this.sourceTarget.value);
+    this.triggerTarget.querySelector('.content-initial').classList.add('hidden');
+    this.triggerTarget.querySelector('.content-active').classList.remove('hidden');
+    setTimeout(() => {
+      this.triggerTarget.querySelector('.content-initial').classList.remove('hidden');
+      this.triggerTarget.querySelector('.content-active').classList.add('hidden');
+    }, 2000)
+  }
+}

app/jobs/create_ldap_user_job.rb

@@ -18,7 +18,7 @@ class CreateLdapUserJob < ApplicationJob
   def ldap_client
     ldap_client ||= Net::LDAP.new host: ldap_config['host'],
       port: ldap_config['port'],
-      encryption: ldap_config['ssl'],
+      # encryption: ldap_config['ssl'],
       auth: {
         method: :simple,
         username: ldap_config['admin_user'],

app/jobs/create_lndhub_account_job.rb

@@ -0,0 +1,13 @@
+class CreateLndhubAccountJob < ApplicationJob
+  queue_as :default
+
+  def perform(user)
+    return if user.ln_account.present? && user.ln_password.present?
+
+    lndhub = LndhubV2.new
+    credentials = lndhub.create_account
+
+    user.update! ln_account: credentials["login"],
+                 ln_password: credentials["password"]
+  end
+end

app/jobs/create_lndhub_wallet_job.rb

@@ -1,13 +0,0 @@
-class CreateLndhubWalletJob < ApplicationJob
-  queue_as :default
-
-  def perform(user)
-    return if user.ln_login.present? && user.ln_password.present?
-
-    lndhub = Lndhub.new
-    credentials = lndhub.create({ partnerid: user.ou, accounttype: "user" })
-
-    user.update! ln_login: credentials["login"],
-                 ln_password: credentials["password"]
-  end
-end

app/jobs/xmpp_exchange_contacts_job.rb

@@ -1,4 +1,4 @@
-class ExchangeXmppContactsJob < ApplicationJob
+class XmppExchangeContactsJob < ApplicationJob
   queue_as :default
 
   def perform(inviter, username, domain)

app/jobs/xmpp_send_message_job.rb

@@ -0,0 +1,8 @@
+class XmppSendMessageJob < ApplicationJob
+  queue_as :default
+
+  def perform(payload)
+    ejabberd = EjabberdApiClient.new
+    ejabberd.send_message payload
+  end
+end

app/models/invitation.rb

@@ -1,6 +1,7 @@
 class Invitation < ApplicationRecord
   # Relations
   belongs_to :user
+  belongs_to :invitee, class_name: "User", foreign_key: 'invited_user_id', optional: true
 
   # Validations
   validates_presence_of :user

app/models/lndhub_account.rb

@@ -0,0 +1,21 @@
+class LndhubAccount < LndhubBase
+  self.table_name = "accounts"
+  self.inheritance_column = :_type_disabled
+
+  has_many :ledgers, class_name: "LndhubAccountLedger",
+                     foreign_key: "account_id"
+
+  belongs_to :user, class_name: "LndhubUser",
+                    foreign_key: "user_id"
+
+  scope :current,  -> { where(type: "current") }
+  scope :outgoing, -> { where(type: "outgoing") }
+  scope :incoming, -> { where(type: "incoming") }
+  scope :fees,     -> { where(type: "fees") }
+
+  scope :with_balances, -> {
+    current.joins(:user).joins(:ledgers)
+      .group("accounts.id", "users.login")
+      .select("accounts.id, users.login, SUM(account_ledgers.amount) AS balance")
+  }
+end

app/models/lndhub_account_ledger.rb

@@ -0,0 +1,3 @@
+class LndhubAccountLedger < LndhubBase
+  self.table_name = "account_ledgers"
+end

app/models/lndhub_base.rb

@@ -0,0 +1,4 @@
+class LndhubBase < ActiveRecord::Base
+  self.abstract_class = true
+  establish_connection :lndhub
+end

app/models/lndhub_user.rb

@@ -0,0 +1,27 @@
+class LndhubUser < LndhubBase
+  self.table_name = "users"
+  self.inheritance_column = :_type_disabled
+
+  has_many :accounts, class_name: "LndhubAccount",
+                      foreign_key: "user_id"
+
+  belongs_to :user, class_name: "User",
+                    primary_key: "ln_account",
+                    foreign_key: "login"
+
+  def balance
+    accounts.current.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+
+  def sum_outgoing
+    accounts.outgoing.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+
+  def sum_incoming
+    accounts.incoming.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+
+  def sum_fees
+    accounts.fees.first.ledgers.sum("account_ledgers.amount").to_i.abs
+  end
+end

app/models/setting.rb

@@ -0,0 +1,11 @@
+# RailsSettings Model
+class Setting < RailsSettings::Base
+  cache_prefix { "v1" }
+
+  field :reserved_usernames, type: :array, default: %w[
+    account accounts donations mail webmaster support
+  ]
+
+  field :lndhub_enabled, default: (ENV["LNDHUB_API_URL"].present?.to_s || "false"), type: :boolean
+  field :lndhub_admin_enabled, default: (ENV["LNDHUB_ADMIN_UI"] || "false"), type: :boolean
+end

app/models/user.rb

@@ -3,15 +3,35 @@ class User < ApplicationRecord
 
   # Relations
   has_many :invitations, dependent: :destroy
+  has_one  :invitation, inverse_of: :invitee, foreign_key: 'invited_user_id'
+  has_one  :inviter, through: :invitation, source: :user
+  has_many :invitees, through: :invitations
+
   has_many :donations, dependent: :nullify
 
+  has_one  :lndhub_user, class_name: "LndhubUser", inverse_of: "user",
+                         primary_key: "ln_account", foreign_key: "login"
+
+  has_many :accounts, through: :lndhub_user
+
   validates_uniqueness_of :cn
   validates_length_of :cn, :minimum => 3
+  validates_format_of :cn, with: /\A([a-z0-9\-])*\z/,
+                           if: Proc.new{ |u| u.cn.present? },
+                           message: "is invalid. Please use only letters, numbers and -"
+  validates_format_of :cn, without: /\A-/,
+                           if: Proc.new{ |u| u.cn.present? },
+                           message: "is invalid. Usernames need to start with a letter."
+  validates_format_of :cn, without: /\A(#{Setting.reserved_usernames.join('|')})\z/i,
+                           message: "has already been taken"
+
   validates_uniqueness_of :email
   validates :email, email: true
 
-  lockbox_encrypts :ln_login
-  lockbox_encrypts :ln_password
+  scope :confirmed, -> { where.not(confirmed_at: nil) }
+  scope :pending,   -> { where(confirmed_at: nil) }
+
+  has_encrypted :ln_login, :ln_password
 
   # Include default devise modules. Others available are:
   # :confirmable, :lockable, :timeoutable, :trackable and :omniauthable
@@ -22,9 +42,9 @@ class User < ApplicationRecord
 
   def ldap_before_save
     self.email = Devise::LDAP::Adapter.get_ldap_param(self.cn, "mail").first
-
-    dn = Devise::LDAP::Adapter.get_ldap_param(self.cn, "dn")
-    self.ou = dn.split(',').select{|e| e[0..1] == "ou"}.first.delete_prefix("ou=")
+    self.ou    = dn.split(',')
+                   .select{|e| e[0..1] == "ou"}.first
+                   .delete_prefix("ou=")
 
     if self.confirmed_at.blank? && self.confirmation_token.blank?
       # User had an account with a trusted email address before akkounts was a thing
@@ -32,11 +52,17 @@ class User < ApplicationRecord
     end
   end
 
+  def devise_after_confirmation
+    enable_service %w[discourse gitea wiki xmpp]
+  end
+
   def reset_password(new_password, new_password_confirmation)
-    if new_password == new_password_confirmation && ::Devise.ldap_update_password
-      Devise::LDAP::Adapter.update_password(login_with, new_password)
-    end
-    clear_reset_password_token if valid?
+    self.password = new_password
+    self.password_confirmation = new_password_confirmation
+    return false unless valid?
+
+    Devise::LDAP::Adapter.update_password(login_with, new_password)
+    clear_reset_password_token
     save
   end
 
@@ -62,4 +88,42 @@ class User < ApplicationRecord
     lndhub.authenticate self
     lndhub.addinvoice payload
   end
+
+  def dn
+    return @dn if defined?(@dn)
+    @dn = Devise::LDAP::Adapter.get_dn(self.cn)
+  end
+
+  def ldap_entry
+    ldap.fetch_users(uid: self.cn, ou: self.ou).first
+  end
+
+  def services_enabled
+    ldap_entry[:service] || []
+  end
+
+  def enable_service(service)
+    current_services = services_enabled
+    new_services = Array(service).map(&:to_s)
+    services = (current_services + new_services).uniq
+    ldap.replace_attribute(dn, :service, services)
+  end
+
+  def disable_service(service)
+    current_services = services_enabled
+    disabled_services = Array(service).map(&:to_s)
+    services = (current_services - disabled_services).uniq
+    ldap.replace_attribute(dn, :service, services)
+  end
+
+  def disable_all_services
+    ldap.delete_attribute(dn,:service)
+  end
+
+  private
+
+    def ldap
+      return @ldap_service if defined?(@ldap_service)
+      @ldap_service = LdapService.new
+    end
 end

app/services/btc_pay.rb

@@ -0,0 +1,32 @@
+#
+# API Docs: https://docs.btcpayserver.org/API/Greenfield/v1/
+#
+class BtcPay
+  def initialize
+    @base_url = ENV["BTCPAY_API_URL"]
+    @store_id = Rails.application.credentials.btcpay[:store_id]
+    @auth_token = Rails.application.credentials.btcpay[:auth_token]
+  end
+
+  def onchain_wallet_balance
+    res = get "stores/#{@store_id}/payment-methods/onchain/BTC/wallet"
+
+    {
+      balance: res["balance"].to_f,
+      unconfirmed_balance: res["unconfirmedBalance"].to_f,
+      confirmed_balance: res["confirmedBalance"].to_f
+    }
+  end
+
+  private
+
+  def get(endpoint)
+    res = Faraday.get("#{@base_url}/#{endpoint}", {}, {
+      "Content-Type" => "application/json",
+      "Accept" => "application/json",
+      "Authorization" => "token #{@auth_token}"
+    })
+
+    JSON.parse(res.body)
+  end
+end

app/services/create_account.rb

@@ -5,12 +5,13 @@ class CreateAccount < ApplicationService
     @email      = args[:email]
     @password   = args[:password]
     @invitation = args[:invitation]
+    @confirmed  = args[:confirmed]
   end
 
   def call
     user = create_user_in_database
     add_ldap_document
-    create_lndhub_wallet(user)
+    create_lndhub_account(user)
 
     if @invitation.present?
       update_invitation(user.id)
@@ -26,7 +27,8 @@ class CreateAccount < ApplicationService
       ou: @domain,
       email: @email,
       password: @password,
-      password_confirmation: @password
+      password_confirmation: @password,
+      confirmed_at: @confirmed ? DateTime.now : nil
     )
   end
 
@@ -35,6 +37,7 @@ class CreateAccount < ApplicationService
   end
 
   # TODO move to confirmation
+  # (and/or add email_confirmed to entry and use in login filter)
   def add_ldap_document
     hashed_pw = Devise.ldap_auth_password_builder.call(@password)
     CreateLdapUserJob.perform_later(@username, @domain, @email, hashed_pw)
@@ -43,24 +46,12 @@ class CreateAccount < ApplicationService
   def exchange_xmpp_contacts
     #TODO enable in development when we have easy setup of ejabberd etc.
     return if Rails.env.development?
-    ExchangeXmppContactsJob.perform_later(@invitation.user, @username, @domain)
+    XmppExchangeContactsJob.perform_later(@invitation.user, @username, @domain)
   end
 
-  def create_lndhub_wallet(user)
-    CreateLndhubWalletJob.perform_later(user)
-  end
-
-  def exchange_xmpp_contacts_between_inviter_and_invitee
-    ejabberd = EjabberdApiClient.new
-
-    EjabberdApiClient.add_roster_item({
-      "localuser": @username,
-      "localhost": @domain,
-      "user": @inviter.cn,
-      "host": @inviter.ou,
-      "nick": @username,
-      "group": "Friends",
-      "subs": "both"
-    })
+  def create_lndhub_account(user)
+    #TODO enable in development when we have a local lndhub (mock?) API
+    return if Rails.env.development?
+    CreateLndhubAccountJob.perform_later(user)
   end
 end

app/services/ejabberd_api_client.rb

@@ -17,4 +17,8 @@ class EjabberdApiClient
   def add_rosteritem(payload)
     post "add_rosteritem", payload
   end
+
+  def send_message(payload)
+    post "send_message", payload
+  end
 end

app/services/ldap_service.rb

@@ -0,0 +1,141 @@
+class LdapService < ApplicationService
+  def initialize
+    @suffix = ENV["LDAP_SUFFIX"] || "dc=kosmos,dc=org"
+  end
+
+  def add_attribute(dn, attr, values)
+    ldap_client.add_attribute dn, attr, values
+  end
+
+  def replace_attribute(dn, attr, values)
+    ldap_client.replace_attribute dn, attr, values
+  end
+
+  def delete_attribute(dn, attr)
+    ldap_client.delete_attribute dn, attr
+  end
+
+  def add_entry(dn, attrs, interactive=false)
+    puts "Adding entry: #{dn}" if interactive
+    res = ldap_client.add dn: dn, attributes: attrs
+    puts res.inspect if interactive && !res
+    res
+  end
+
+  def delete_entry(dn, interactive=false)
+    puts "Deleting entry: #{dn}" if interactive
+    res = ldap_client.delete dn: dn
+    puts res.inspect if interactive && !res
+    res
+  end
+
+  def delete_all_entries!
+    if Rails.env.production?
+      raise "Mass deletion of entries not allowed in production"
+    end
+
+    filter  = Net::LDAP::Filter.eq("objectClass", "*")
+    entries = ldap_client.search(base: @suffix, filter: filter, attributes: %w{dn})
+    entries.sort_by!{ |e| e.dn.length }.reverse!
+
+    entries.each do |e|
+      delete_entry e.dn, true
+    end
+  end
+
+  def fetch_users(args={})
+    if args[:ou]
+      treebase = "ou=#{args[:ou]},cn=users,#{@suffix}"
+    else
+      treebase = ldap_config["base"]
+    end
+
+    attributes = %w{dn cn uid mail admin service}
+    filter     = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
+
+    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
+    entries.sort_by! { |e| e.cn[0] }
+    entries = entries.collect do |e|
+      {
+        uid: e.uid.first,
+        mail: e.try(:mail) ? e.mail.first : nil,
+        admin: e.try(:admin) ? 'admin' : nil,
+        service: e.try(:service)
+      }
+    end
+  end
+
+  def fetch_organizations
+    attributes = %w{dn ou description}
+    filter     = Net::LDAP::Filter.eq("objectClass", "organizationalUnit")
+    # filter     = Net::LDAP::Filter.eq("objectClass", "*")
+    treebase   = "cn=users,#{@suffix}"
+
+    entries = ldap_client.search(base: treebase, filter: filter, attributes: attributes)
+
+    entries.sort_by! { |e| e.ou[0] }
+
+    entries = entries.collect do |e|
+      {
+        dn: e.dn,
+        ou: e.ou.first,
+        description: e.try(:description) ? e.description.first : nil,
+      }
+    end
+  end
+
+  def add_organization(ou, description, interactive=false)
+    dn = "ou=#{ou},cn=users,#{@suffix}"
+
+    aci = <<-EOS
+(target="ldap:///cn=*,ou=#{ou},cn=users,#{@suffix}")(targetattr="cn || sn || uid || mail || userPassword || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{@suffix}";)
+    EOS
+
+    attrs = {
+      objectClass: ["top", "organizationalUnit"],
+      description: description,
+      ou: ou,
+      aci: aci
+    }
+
+    add_entry dn, attrs, interactive
+  end
+
+  def reset_directory!
+    if Rails.env.production?
+      raise "Resetting the directory not allowed in production"
+    end
+
+    delete_all_entries!
+
+    user_read_aci = <<-EOS
+(target="ldap:///#{@suffix}")(targetattr="*") (version 3.0; acl "user-read-search-own-attributes"; allow (read,search) userdn="ldap:///self";)
+    EOS
+
+    add_entry @suffix, {
+      dc: "kosmos", objectClass: ["top", "domain"], aci: user_read_aci
+    }, true
+
+    add_entry "cn=users,#{@suffix}", {
+       cn: "users", objectClass: ["top", "organizationalRole"]
+    }, true
+  end
+
+  private
+
+  def ldap_client
+    ldap_client ||= Net::LDAP.new host: ldap_config['host'],
+      port: ldap_config['port'],
+      # TODO has to be :simple_tls if TLS is enabled
+      # encryption: ldap_config['ssl'],
+      auth: {
+        method: :simple,
+        username: ldap_config['admin_user'],
+        password: ldap_config['admin_password']
+      }
+  end
+
+  def ldap_config
+    ldap_config ||= YAML.load(ERB.new(File.read("#{Rails.root}/config/ldap.yml")).result)[Rails.env]
+  end
+end

app/services/lndhub.rb

@@ -28,8 +28,13 @@ class Lndhub
       "Accept" => "application/json",
       "Authorization" => "Bearer #{auth_token}"
     })
+    data = JSON.parse(res.body)
 
-    JSON.parse(res.body)
+    if data.is_a?(Hash) && data["error"] && data["message"] == "bad auth"
+      raise "BAD_AUTH"
+    else
+      data
+    end
   end
 
   def create(payload)
@@ -37,15 +42,23 @@ class Lndhub
   end
 
   def authenticate(user)
-    credentials = post "auth?type=auth", { login: user.ln_login, password: user.ln_password }
+    credentials = post "auth?type=auth", { login: user.ln_account, password: user.ln_password }
     self.auth_token = credentials["access_token"]
     self.auth_token
   end
 
-  def balance(user_token)
+  def balance(user_token=nil)
     get "balance", user_token || auth_token
   end
 
+  def gettxs(user_token=nil)
+    get "gettxs", user_token || auth_token
+  end
+
+  def getuserinvoices(user_token=nil)
+    get "getuserinvoices", user_token || auth_token
+  end
+
   def addinvoice(payload)
     invoice = post "addinvoice", {
       amt: payload[:amount],

app/services/lndhub_v2.rb

@@ -0,0 +1,81 @@
+class LndhubV2
+  attr_accessor :auth_token
+
+  def initialize
+    @base_url = ENV["LNDHUB_API_URL"]
+  end
+
+  def post(endpoint, payload, options={})
+    headers = { "Content-Type" => "application/json" }
+    if auth_token
+      headers.merge!({ "Authorization" => "Bearer #{auth_token}" })
+    elsif options[:admin_token]
+      headers.merge!({ "Authorization" => "Bearer #{options[:admin_token]}" })
+    end
+
+    res = Faraday.post "#{@base_url}/#{endpoint}", payload.to_json, headers
+
+    if res.status != 200
+      Rails.logger.error "[lndhub] API request failed:"
+      Rails.logger.error res.body
+      #TODO add some kind of exception tracking/notifications
+    end
+
+    JSON.parse(res.body)
+  end
+
+  def get(endpoint, auth_token)
+    res = Faraday.get("#{@base_url}/#{endpoint}", {}, {
+      "Content-Type" => "application/json",
+      "Accept" => "application/json",
+      "Authorization" => "Bearer #{auth_token}"
+    })
+
+    JSON.parse(res.body)
+  end
+
+  def create(payload)
+    post "create", payload
+  end
+
+  def authenticate(user)
+    credentials = post "auth?type=auth", { login: user.ln_account, password: user.ln_password }
+    self.auth_token = credentials["access_token"]
+    self.auth_token
+  end
+
+  def balance(user_token=nil)
+    get "balance", user_token || auth_token
+  end
+
+  def gettxs(user_token)
+    get "gettxs", user_token || auth_token
+  end
+
+  def getuserinvoices(user_token)
+    get "getuserinvoices", user_token || auth_token
+  end
+
+  def addinvoice(payload)
+    invoice = post "addinvoice", {
+      amt: payload[:amount],
+      memo: payload[:memo],
+      description_hash: payload[:description_hash]
+    }
+
+    invoice["payment_request"]
+  end
+
+  #
+  # V2
+  #
+
+  def create_account(payload={})
+    post "v2/users", payload, admin_token: Rails.application.credentials.lndhub[:admin_token]
+  end
+
+  def create_invoice(payload)
+    # Payload: { amount: 1000, description: "", description_hash: "" }
+    post "v2/invoices", payload
+  end
+end

app/views/admin/dashboard/index.html.erb

@@ -1,7 +1,12 @@
 <%= render HeaderComponent.new(title: "Admin Panel") %>
 
 <%= render MainSimpleComponent.new do %>
-  <p class="text-center">
-    With great power comes great responsibility.
-  </p>
+  <div class="text-center">
+    <p class="my-12 inline-flex align-center items-center">
+      <%= image_tag("/img/illustrations/undraw_vault_re_s4my.svg", class: 'h-48') %>
+    </p>
+    <p class="text-gray-500">
+      With great power comes great responsibility.
+    </p>
+  </div>
 <% end %>

app/views/admin/donations/_form.html.erb

@@ -10,46 +10,24 @@
     </div>
   <% end %>
 
-  <div class="field">
-    <p>
-      <%= form.label :user_id %>
-      <%= form.collection_select :user_id, User.where(ou: "kosmos.org").order(:cn), :id, :cn %>
-    </p>
-  </div>
+  <div class="sm:w-1/2 grid grid-cols-2 items-center gap-y-2">
+    <%= form.label :user_id %>
+    <%= form.collection_select :user_id, User.where(ou: "kosmos.org").order(:cn), :id, :cn, {} %>
 
-  <div class="field">
-    <p>
-      <%= form.label :amount_sats, "Amount BTC (sats)" %>
-      <%= form.number_field :amount_sats %>
-    </p>
-  </div>
+    <%= form.label :amount_sats, "Amount BTC (sats)" %>
+    <%= form.number_field :amount_sats %>
 
-  <div class="field">
-    <p>
-      <%= form.label :amount_eur, "Amount EUR (cents)" %>
-      <%= form.number_field :amount_eur %>
-    </p>
-  </div>
+    <%= form.label :amount_eur, "Amount EUR (cents)" %>
+    <%= form.number_field :amount_eur %>
 
-  <div class="field">
-    <p>
-      <%= form.label :amount_usd, "Amount USD (cents)"%>
-      <%= form.number_field :amount_usd %>
-    </p>
-  </div>
+    <%= form.label :amount_usd, "Amount USD (cents)"%>
+    <%= form.number_field :amount_usd %>
 
-  <div class="field">
-    <p>
-      <%= form.label :public_name %>
-      <%= form.text_field :public_name %>
-    </p>
-  </div>
+    <%= form.label :public_name %>
+    <%= form.text_field :public_name %>
 
-  <div class="field">
-    <p>
-      <%= form.label :paid_at %>
-      <%= form.text_field :paid_at %>
-    </p>
+    <%= form.label :paid_at %>
+    <%= form.text_field :paid_at %>
   </div>
 
   <p class="mt-8">

app/views/admin/donations/edit.html.erb

@@ -1,12 +1,9 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Donation ##{@donation.id}") %>
 
 <%= render MainSimpleComponent.new do %>
-  <h2>Editing Donation</h2>
-
   <%= render 'form', donation: @donation, url: admin_donation_path(@donation) %>
 
   <p class="mt-8">
-    <%= link_to 'Show', admin_donation_path(@donation), class: 'ks-text-link' %> |
-    <%= link_to 'Back', admin_donations_path, class: 'ks-text-link' %>
+    <%= link_to 'Cancel', admin_donation_path(@donation), class: 'btn-sm btn-gray' %>
   <p>
 <% end %>

app/views/admin/donations/index.html.erb

@@ -1,42 +1,64 @@
 <%= render HeaderComponent.new(title: "Donations") %>
 
 <%= render MainSimpleComponent.new do %>
+  <section>
+    <%= render QuickstatsContainerComponent.new do %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Overall',
+          value: @stats[:overall_sats],
+          unit: 'sats'
+      ) %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Donors',
+          value: @stats[:donor_count],
+          meta: "/ #{User.count} users"
+      ) %>
+    <% end %>
+  </section>
+
+  <section>
   <% if @donations.any? %>
-    <table class="w-full">
+    <h3>Recent Donations</h3>
+    <table class="divided mb-8">
       <thead>
-        <tr class="text-left">
+        <tr>
           <th>User</th>
-          <th>Amount BTC</th>
-          <th>in EUR</th>
-          <th>in USD</th>
-          <th>Public name</th>
+          <th class="text-right">Amount BTC</th>
+          <th class="text-right">in EUR</th>
+          <th class="text-right">in USD</th>
+          <th class="pl-2">Public name</th>
           <th>Date</th>
-          <th colspan="3"></th>
+          <th></th>
         </tr>
       </thead>
-
       <tbody>
         <% @donations.each do |donation| %>
           <tr>
-            <td><%= donation.user.address %></td>
-            <td><%= sats_to_btc donation.amount_sats %> BTC</td>
-            <td><% if donation.amount_eur.present? %><%= number_to_currency donation.amount_eur / 100, unit: "" %><% end %></td>
-            <td><% if donation.amount_usd.present? %><%= number_to_currency donation.amount_usd / 100, unit: "" %><% end %></td>
-            <td><%= donation.public_name %></td>
-            <td><%= donation.paid_at ? donation.paid_at.strftime("%Y-%m-%d") : "" %></td>
-            <td><%= link_to 'Show', admin_donation_path(donation), class: 'btn btn-sm btn-gray' %></td>
-            <td><%= link_to 'Edit', edit_admin_donation_path(donation), class: 'btn btn-sm btn-gray' %></td>
-            <td><%= link_to 'Destroy', admin_donation_path(donation), class: 'btn btn-sm btn-red',
-                      data: { turbo_method: :delete, turbo_confirm: 'Are you sure?' } %></td>
+            <td><%= link_to donation.user.address, admin_user_path(donation.user.address), class: 'ks-text-link' %></td>
+            <td class="text-right"><%= sats_to_btc donation.amount_sats %></td>
+            <td class="text-right"><% if donation.amount_eur.present? %><%= number_to_currency donation.amount_eur / 100, unit: "" %><% end %></td>
+            <td class="text-right"><% if donation.amount_usd.present? %><%= number_to_currency donation.amount_usd / 100, unit: "" %><% end %></td>
+            <td class="pl-2"><%= donation.public_name %></td>
+            <td><%= donation.paid_at ? donation.paid_at.strftime("%Y-%m-%d (%H:%M UTC)") : "" %></td>
+            <td class="text-right">
+              <%= link_to 'Show', admin_donation_path(donation), class: 'btn btn-sm btn-gray' %>
+              <%= link_to 'Edit', edit_admin_donation_path(donation), class: 'btn btn-sm btn-gray' %>
+              <%= link_to 'Destroy', admin_donation_path(donation), class: 'btn btn-sm btn-red',
+                data: { turbo_method: :delete, turbo_confirm: 'Are you sure?' } %>
+            </td>
           </tr>
         <% end %>
       </tbody>
     </table>
+    <%== pagy_nav @pagy %>
   <% else %>
     <p>
       No donations yet.
     </p>
   <% end %>
+  </section>
 
   <p class="mt-12">
     <%= link_to 'Record an out-of-system donation', new_admin_donation_path, class: 'btn-md btn-gray' %>

app/views/admin/donations/new.html.erb

@@ -1,8 +1,6 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Add Donation") %>
 
 <%= render MainSimpleComponent.new do %>
-  <h2>New Donation</h2>
-
   <%= render 'form', donation: @donation, url: admin_donations_path %>
 
   <p class="mt-8">

app/views/admin/donations/show.html.erb

@@ -1,38 +1,41 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Donation ##{@donation.id}") %>
 
 <%= render MainSimpleComponent.new do %>
-  <p>
-    <strong>User:</strong>
-    <%= @donation.user.address %>
-  </p>
+  <section>
+    <table class="w-1/2 divided">
+      <tbody>
+        <tr>
+          <th>User</th>
+          <td><%= link_to @donation.user.address, admin_user_path(@donation.user.address), class: 'ks-text-link' %></td>
+        </tr>
+        <tr>
+          <th>Amount sats</th>
+          <td><%= @donation.amount_sats %></td>
+        </tr>
+        <tr>
+          <th>Amount EUR</th>
+          <td><%= @donation.amount_eur %></td>
+        </tr>
+        <tr>
+          <th>Amount USD</th>
+          <td><%= @donation.amount_usd %></td>
+        </tr>
+        <tr>
+          <th>Public name</th>
+          <td><%= @donation.public_name %></td>
+        </tr>
+        <tr>
+          <th>Date</th>
+          <td><%= @donation.paid_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
+        </tr>
+      </tbody>
+    </table>
+  </section>
 
-  <p>
-    <strong>Amount sats:</strong>
-    <%= @donation.amount_sats %>
-  </p>
-
-  <p>
-    <strong>Amount eur:</strong>
-    <%= @donation.amount_eur %>
-  </p>
-
-  <p>
-    <strong>Amount usd:</strong>
-    <%= @donation.amount_usd %>
-  </p>
-
-  <p>
-    <strong>Public name:</strong>
-    <%= @donation.public_name %>
-  </p>
-
-  <p>
-    <strong>Date:</strong>
-    <%= @donation.paid_at %>
-  </p>
-
-  <p class="mt-8">
-    <%= link_to 'Edit', edit_admin_donation_path(@donation), class: 'ks-text-link' %> |
-    <%= link_to 'Back', admin_donations_path, class: 'ks-text-link' %>
-  </p>
+  <section>
+    <p>
+      <%= link_to 'Edit', edit_admin_donation_path(@donation), class: 'btn-md btn-blue mr-1' %>
+      <%= link_to 'Back', admin_donations_path, class: 'btn-md btn-gray' %>
+    </p>
+  </section>
 <% end %>

app/views/admin/invitations/index.html.erb

@@ -2,21 +2,34 @@
 
 <%= render MainSimpleComponent.new do %>
   <section>
-    <p>
-      There are currently <strong><%= @invitations_unused_count %>
-      unused invitations</strong> available to existing users.
-      <strong><%= @users_with_referrals_count %> users</strong> have successfully
-      invited new users.
-    </p>
+    <%= render QuickstatsContainerComponent.new do %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Available',
+          value: @stats[:available],
+      ) %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Accepted',
+          value: @stats[:accepted],
+      ) %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Users with referrals',
+          value: @stats[:users_with_referrals],
+          meta: "/ #{User.count}"
+      ) %>
+    <% end %>
   </section>
   <% if @invitations_used.any? %>
     <section>
-      <h3>Accepted (<%= @invitations_used.length %>)</h3>
-      <table>
+      <h3>Recently Accepted</h3>
+      <table class="divided mb-8">
         <thead>
-          <tr class="text-left">
+          <tr>
             <th>Token</th>
             <th>Accepted</th>
+            <th>Inviter</th>
             <th>Invited user</th>
           </tr>
         </thead>
@@ -24,12 +37,14 @@
           <% @invitations_used.each do |invitation| %>
             <tr>
               <td class="overflow-ellipsis font-mono"><%= invitation.token %></td>
-              <td><%= invitation.used_at.strftime("%Y-%m-%d") %></td>
-              <td><%= User.find(invitation.invited_user_id).address %></td>
+              <td><%= invitation.used_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
+              <td><%= link_to invitation.user.address, admin_user_path(invitation.user.address), class: "ks-text-link" %></td>
+              <td><%= link_to invitation.invitee.address, admin_user_path(invitation.invitee.address), class: "ks-text-link" %></td>
             </tr>
           <% end %>
         </tbody>
       </table>
+      <%== pagy_nav @pagy %>
     </section>
   <% end %>
 <% end %>

app/views/admin/ldap_users/index.html.erb

@@ -1,34 +0,0 @@
-<%= render HeaderComponent.new(title: "LDAP Users: #{@ou}") %>
-
-<%= render MainSimpleComponent.new do %>
-  <h3 class="hidden">Domains</h3>
-  <ul class="mb-10">
-    <li class="inline-block">
-      <%= link_to 'kosmos.org', admin_ldap_users_path, class: "ks-text-link" %>
-    </li>
-    <li class="inline-block ml-6">
-      <%= link_to '5apps.com', admin_ldap_users_path(ou: '5apps.com'), class: "ks-text-link" %>
-    </li>
-  </ul>
-
-  <table>
-    <thead>
-      <tr class="text-left">
-        <th>UID</th>
-        <th>E-Mail</th>
-        <th>Admin</th>
-        <!-- <th>Password</th> -->
-      </tr>
-    </thead>
-    <tbody>
-      <% @entries.each do |entry| %>
-      <tr>
-        <td><%= entry[:uid] %></td>
-        <td><%= entry[:mail] %></td>
-        <td><%= entry[:admin] %></td>
-        <!-- <td><%= entry[:password] %></td> -->
-      </tr>
-      <% end %>
-    </tbody>
-  </table>
-<% end %>

app/views/admin/lightning/index.html.erb

@@ -0,0 +1,48 @@
+<%= render HeaderComponent.new(title: "Lightning Network") %>
+
+<%= render MainSimpleComponent.new do %>
+  <section>
+    <%= render QuickstatsContainerComponent.new do %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Current user balance',
+          value: @ln[:current_balance],
+          unit: 'sats'
+      ) %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Users with sats',
+          value: @ln[:users_with_sats],
+          meta: "/ #{User.count}"
+      ) %>
+    <% end %>
+  </section>
+
+  <section>
+    <h3>Accounts</h3>
+    <table class="divided">
+      <thead>
+        <tr>
+          <th>LN Account</th>
+          <th>User</th>
+          <th>Balance</th>
+        </tr>
+      </thead>
+      <tbody>
+        <% @accounts.each do |account| %>
+          <tr>
+            <td class="font-mono">
+              <%= account.login %>
+            </td>
+            <td>
+              <% if user = @users.find{ |u| u[2] == account.login } %>
+                <%= link_to "#{user[0]}@#{user[1]}", admin_user_path("#{user[0]}@#{user[1]}"), class: "ks-text-link" %>
+              <% end %>
+            </td>
+            <td><%= number_with_delimiter account.balance.to_i.to_s %></td>
+          </tr>
+        <% end %>
+      </tbody>
+    </table>
+  </section>
+<% end %>

app/views/admin/settings/registrations/index.html.erb

@@ -0,0 +1,37 @@
+<%= render HeaderComponent.new(title: "Settings") %>
+
+<%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/admin_sidenav_settings') do %>
+  <%= form_for(Setting.new, url: admin_settings_registrations_path) do |f| %>
+    <section>
+      <h3>Registrations</h3>
+      <% if @errors && @errors.any? %>
+        <div>
+          <ul>
+            <% @errors.full_messages.each do |msg| %>
+              <li><%= msg %></li>
+            <% end %>
+          </ul>
+        </div>
+      <% end %>
+
+      <label class="block">
+        <p class="font-bold mb-1">Reserved usernames</p>
+        <p class="text-gray-500">
+          These usernames cannot be registered as accounts:
+        </p>
+        <%= f.text_area :reserved_usernames,
+          value: Setting.reserved_usernames.join("\n"),
+          class: "h-44 mb-2" %>
+        <p class="text-sm text-gray-500">
+          One username per line
+        </p>
+      </label>
+    </section>
+
+    <section>
+      <p class="pt-6 border-t border-gray-200">
+        <%= f.submit 'Save', class: "btn-md btn-blue w-full md:w-auto" %>
+      </p>
+    </section>
+  <% end %>
+<% end %>

app/views/admin/settings/services/index.html.erb

@@ -0,0 +1,39 @@
+<%= render HeaderComponent.new(title: "Settings") %>
+
+<%= render MainWithSidenavComponent.new(sidenav_partial: 'shared/admin_sidenav_settings') do %>
+  <section>
+    <h3>Lightning Network</h3>
+    <%= form_for(Setting.new, url: admin_settings_services_path) do |f| %>
+      <% if @errors && @errors.any? %>
+        <div>
+          <ul>
+            <% @errors.full_messages.each do |msg| %>
+              <li><%= msg %></li>
+            <% end %>
+          </ul>
+        </div>
+      <% end %>
+
+      <ul role="list" class="mt-2 divide-y divide-gray-200">
+        <li class="flex items-center justify-between py-6">
+          <div class="flex flex-col">
+            <label class="font-bold mb-1">Enable LNDHub integration</label>
+            <p class="text-gray-500">LNDHub configuration present and wallet features enabled</p>
+          </div>
+          <%= f.check_box :lndhub_enabled, checked: Setting.lndhub_enabled?,
+                          disabled: true,
+                          class: "relative ml-4 inline-flex flex-shrink-0" %>
+        </li>
+        <li class="flex items-center justify-between py-6">
+          <div class="flex flex-col">
+            <label class="font-bold mb-1">Enable LNDHub admin panel</label>
+            <p class="text-gray-500">LNDHub database configuration present and admin panel enabled</p>
+          </div>
+          <%= f.check_box :lndhub_admin_enabled, checked: Setting.lndhub_admin_enabled?,
+                          disabled: true,
+                          class: "relative ml-4 inline-flex flex-shrink-0" %>
+        </li>
+      </ul>
+    <% end %>
+  </section>
+<% end %>

app/views/admin/users/index.html.erb

@@ -0,0 +1,54 @@
+<%= render HeaderComponent.new(title: "Users: #{@ou}") %>
+
+<%= render MainSimpleComponent.new do %>
+  <section>
+    <%= render QuickstatsContainerComponent.new do %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Confirmed',
+          value: @stats[:users_confirmed],
+      ) %>
+      <%= render QuickstatsItemComponent.new(
+          type: :number,
+          title: 'Pending',
+          value: @stats[:users_pending],
+      ) %>
+    <% end %>
+  </section>
+
+  <% if @orgs.length > 1 %>
+    <section>
+      <h3 class="hidden">Domains</h3>
+      <ul>
+        <% @orgs.each do |org| %>
+          <li class="inline-block">
+            <%= link_to org[:ou], admin_users_path(ou: org[:ou]), class: "ks-text-link" %>
+          </li>
+        <% end %>
+      </ul>
+    </section>
+  <% end %>
+
+  <section>
+    <table class="divided mb-8">
+      <thead>
+        <tr>
+          <th>UID</th>
+          <th>Status</th>
+          <th>Roles</th>
+          <!-- <th>Password</th> -->
+        </tr>
+      </thead>
+      <tbody>
+        <% @users.each do |user| %>
+        <tr>
+          <td><%= link_to(user.cn, admin_user_path(user.address), class: 'ks-text-link') %></td>
+          <td><%= user.confirmed_at.nil? ? badge("pending", :yellow) : "" %></td>
+          <td><%= user.is_admin? ? badge("admin", :red) : "" %></td>
+        </tr>
+        <% end %>
+      </tbody>
+    </table>
+    <%== pagy_nav @pagy %>
+  </section>
+<% end %>

app/views/admin/users/show.html.erb

@@ -0,0 +1,123 @@
+<%= render HeaderComponent.new(title: "User: #{@user.address}") %>
+
+<%= render MainSimpleComponent.new do %>
+  <div class="mb-12 sm:flex sm:flex-row sm:gap-x-8">
+    <section class="sm:flex-1">
+      <h3>Account</h3>
+      <table class="divided">
+        <tbody>
+          <tr>
+            <th>Created at</th>
+            <td><%= @user.created_at.strftime("%Y-%m-%d (%H:%M UTC)") %></td>
+          </tr>
+          <tr>
+            <th>Confirmed at</th>
+            <td>
+            <% if @user.confirmed_at %>
+              <%= @user.confirmed_at.strftime("%Y-%m-%d (%H:%M UTC)") %>
+            <% else %>
+              <%= badge "pending", :yellow %>
+            <% end %>
+            </td>
+          </tr>
+          <tr>
+            <th>Email</th>
+            <td><%= @user.email %></td>
+          </tr>
+          <tr>
+            <th>Roles</th>
+            <td><%= @user.is_admin? ? badge("admin", :red) : "—" %></td>
+          </tr>
+          <tr>
+            <th>Invited by</th>
+            <td>
+            <% if @user.inviter %>
+              <%= link_to @user.inviter.address, admin_user_path(@user.inviter.address), class: 'ks-text-link' %>
+            <% else %>&mdash;<% end %>
+            </td>
+          </tr>
+          <tr>
+            <th>Invitations available</th>
+            <td>
+              <%= @user.invitations.count %>
+            </td>
+          </tr>
+          <tr>
+            <th class="align-top">Invited users</th>
+            <td class="align-top">
+            <% if @user.invitees.length > 0 %>
+              <ul class="mb-0">
+              <% @user.invitees.order(cn: :asc).each do |invitee| %>
+                <li class="leading-none mb-2 last:mb-0"><%= link_to invitee.address, admin_user_path(invitee.address), class: 'ks-text-link' %></li>
+              <% end %>
+              </ul>
+            <% else %>&mdash;<% end %>
+            </td>
+          </tr>
+        </tbody>
+      </table>
+    </section>
+
+    <section class="sm:flex-1 sm:pt-0">
+      <!-- <h3>Actions</h3> -->
+    </section>
+  </div>
+
+  <section>
+    <h3>Services</h3>
+    <table class="sm:w-1/4">
+      <tbody>
+        <tr>
+          <td>Discourse</td>
+          <td><%= check_box_tag 'service_discourse', 'enabled', @services_enabled.include?("discourse"), disabled: true %></td>
+        </tr>
+        <tr>
+          <td>Gitea</td>
+          <td><%= check_box_tag 'service_gitea', 'enabled', @services_enabled.include?("gitea"), disabled: true %></td>
+        </tr>
+        <tr>
+          <td>Mastodon</td>
+          <td><%= check_box_tag 'service_mastodon', 'enabled', @services_enabled.include?("mastodon"), disabled: true %></td>
+        </tr>
+        <tr>
+          <td>Wiki</td>
+          <td><%= check_box_tag 'service_wiki', 'enabled', @services_enabled.include?("wiki"), disabled: true %></td>
+        </tr>
+        <tr>
+          <td>XMPP</td>
+          <td><%= check_box_tag 'service_xmpp', 'enabled', @services_enabled.include?("xmpp"), disabled: true %></td>
+        </tr>
+      </tbody>
+    </table>
+  </section>
+
+  <% if Setting.lndhub_admin_enabled? && @user.confirmed? %>
+  <section>
+    <h3>LndHub</h3>
+    <% if @lndhub_user %>
+    <table>
+      <thead>
+        <tr>
+          <th>Account</th>
+          <th>Balance</th>
+          <th>Incoming</th>
+          <th>Outgoing</th>
+          <th>Fees</th>
+        </tr>
+      </thead>
+      <tbody>
+        <tr>
+          <td><%= @user.ln_account %></td>
+          <td><%= number_with_delimiter @lndhub_user.balance %> sats</td>
+          <td><%= number_with_delimiter @lndhub_user.sum_incoming %> sats</td>
+          <td><%= number_with_delimiter @lndhub_user.sum_outgoing %> sats</td>
+          <td><%= number_with_delimiter @lndhub_user.sum_fees %> sats</td>
+        </tr>
+      </tbody>
+    </table>
+    <% else %>
+      <p>No LndHub user found for account <strong class="font-mono"><%= @user.ln_account %></strong>.
+    <% end %>
+  </section>
+  <% end %>
+<% end %>

app/views/contributions/donations/index.html.erb

@@ -1,12 +1,12 @@
-<%= render HeaderComponent.new(title: "Donations") %>
+<%= render HeaderComponent.new(title: "Contributions") %>
 
-<%= render MainSimpleComponent.new do %>
+<%= render MainWithTabnavComponent.new(tabnav_partial: "shared/tabnav_contributions") do %>
   <section>
-    <p class="mb-12">
-      Your financial contributions to the development and upkeep of Kosmos
-      software and services.
-    </p>
     <% if @donations.any? %>
+      <p class="mb-12">
+        Your financial contributions to the development and upkeep of Kosmos
+        software and services.
+      </p>
       <ul class="list-none">
         <% @donations.each do |donation| %>
           <li class="mb-8 grid gap-y-2 gap-x-8 grid-cols-2 items-center">
@@ -33,9 +33,19 @@
         <% end %>
       </ul>
     <% else %>
-      <p class="text-gray-500">
-        No donations to show.
-      </p>
+      <div class="text-center">
+        <p class="mt-8 mb-12 inline-flex align-center items-center">
+          <%= image_tag("/img/illustrations/undraw_savings_re_eq4w.svg", class: 'h-48') %>
+        </p>
+        <h3>
+          No donations yet
+        </h3>
+        <p class="text-gray-500">
+          The donation process is not automated yet.<br>Please
+          <a href="https://wiki.kosmos.org/Main_Page#Community_.2F_Getting_in_touch_.2F_Getting_involved" class="ks-text-link" target="_blank">contact us</a>
+          if you'd like to contribute this way right now.
+        </p>
+      </div>
     <% end %>
   </section>
 <% end %>

app/views/contributions/projects/index.html.erb

@@ -0,0 +1,49 @@
+<%= render HeaderComponent.new(title: "Contributions") %>
+
+<%= render MainWithTabnavComponent.new(tabnav_partial: "shared/tabnav_contributions") do %>
+  <section>
+    <p class="mb-8">
+      Project contributions are how we develop and run all Kosmos software and
+      services. Everything we create and provide is free and open-source
+      software, even the page you're looking at right now!
+    </p>
+    <h3>Start contributing</h3>
+    <p>
+      Check out our
+      <a href="https://kosmos.org/projects/" target="_blank" class="ks-text-link">projects page</a>
+      for some (but not all) potential places that can use your help.
+    </p>
+    <p>
+      There's something to do for everyone, especially non-programmers! For
+      example, we need more help with graphics, UI/UX design, and
+      content/copywriting. We also need moderators for social media. And beta
+      testers for our software. The list doesn't end there.
+    </p>
+    <p>
+      A good way to get started is to join one of our
+      <a href="https://community.kosmos.org/t/kosmos-weekly-call/36" target="_blank" class="ks-text-link">weekly calls</a>
+      and introduce yourself. Alternatively, you can also ping us on any other
+      medium, or even just grab an open issue on
+      <a href="https://github.com/67P/" target="_blank" class="ks-text-link">GitHub</a>
+      or our
+      <a href="https://gitea.kosmos.org/kosmos/" target="_blank" class="ks-text-link">Gitea</a>
+      and dive right in (be sure to comment first, to prevent double efforts).
+    </p>
+    <p class="mb-8">
+      Last but not least, if you want to help by proposing new features or
+      services, head over to the
+      <a href="https://community.kosmos.org/" target="_blank" class="ks-text-link">community forums</a>,
+      where you can do just that.
+    </p>
+    <h3>Open Source Grants</h3>
+    <p>
+      Money coming in from financial contributions is first used to pay for our
+      bills. Additional funds are being paid out directly to our contributors,
+      including you, according to their rough share of contributions.
+    </p>
+    <p>
+      We have run two 6-month trials so far, with the next trial period
+      starting sometime in Q1 2023. Watch your email for notifications about it!
+    </p>
+  </section>
+<% end %>

app/views/dashboard/index.html.erb

@@ -2,60 +2,87 @@
 
 <%= render MainSimpleComponent.new do %>
   <section>
-    <p>
+    <p class="mb-8">
       Your Kosmos account and password currently give you access to these
       services:
     </p>
-    <div class="grid services mt-12">
-      <div>
-        <h3 class="mb-3.5">
-          <%= link_to "Chat", "https://wiki.kosmos.org/Services:Chat", class: "ks-text-link" %>
-        </h3>
-        <p class="text-gray-500">
-          Chat rooms and instant messaging (XMPP/Jabber)
-        </p>
+    <div class="services grid grid-cols-1 sm:grid-cols-2 gap-4 sm:gap-6">
+      <div class="border border-gray-300 rounded-md hover:border-gray-400
+                  bg-cover bg-[center_top_-50px] bg-no-repeat
+                  bg-[url(/img/logos/icon_xmpp.svg)]">
+        <%= link_to "https://wiki.kosmos.org/Services:Chat",
+              class: "block h-full px-6 py-6 rounded-md" do %>
+          <h3 class="mb-3.5">Chat</h3>
+          <p class="text-gray-600">
+            Federated chat rooms and instant messaging
+          </p>
+        <% end %>
       </div>
-      <div>
-        <h3 class="mb-3.5">
-          <%= link_to "Discourse", "https://community.kosmos.org", class: "ks-text-link" %>
-        </h3>
-        <p class="text-gray-500">
-          Kosmos community forums and user support/help site
-        </p>
+      <div class="border border-gray-300 rounded-md hover:border-gray-400
+                  bg-[length:95%] bg-center bg-no-repeat
+                  bg-[url(/img/logos/icon_discourse.svg)]">
+        <%= link_to "https://community.kosmos.org",
+              class: "block h-full px-6 py-6 rounded-md" do %>
+          <h3 class="mb-3.5">Discourse</h3>
+          <p class="text-gray-600">
+            Kosmos community forums and user support/help site
+          </p>
+        <% end %>
       </div>
-      <div>
-        <h3 class="mb-3.5">
-          <span class="text-yellow-500">🗲</span>
-          <%= link_to "Lightning Wallet", wallet_path, class: "ks-text-link" %>
-        </h3>
-        <p class="text-gray-500">
-          Send and receive sats over the Bitcoin Lightning Network
-        </p>
+      <div class="border border-gray-300 rounded-md hover:border-gray-400
+                  bg-cover bg-[center_top_-20px] bg-no-repeat
+                  bg-[url(/img/logos/icon_mediawiki.svg)]">
+        <%= link_to "https://wiki.kosmos.org",
+              class: "block h-full px-6 py-6 rounded-md" do %>
+          <h3 class="mb-3.5">Wiki</h3>
+          <p class="text-gray-600">
+            Kosmos documentation and knowledge base
+          </p>
+        <% end %>
       </div>
-      <div>
-        <h3 class="mb-3.5">
-          <%= link_to "Wiki", "https://wiki.kosmos.org", class: "ks-text-link" %>
-        </h3>
-        <p class="text-gray-500">
-          Kosmos documentation and knowledge base
-        </p>
+      <div class="border border-gray-300 rounded-md hover:border-gray-400
+                  bg-cover bg-center sm:bg-[center_top_-140px] bg-no-repeat
+                  bg-[url(/img/logos/icon_lightning.svg)]">
+        <%= link_to wallet_path,
+              class: "block h-full px-6 py-6 rounded-md" do %>
+          <h3 class="mb-3.5">Wallet</h3>
+          <p class="text-gray-600">
+            Send and receive sats over the Bitcoin Lightning Network
+          </p>
+        <% end %>
       </div>
-      <div>
-        <h3 class="mb-3.5">
-          <%= link_to "Gitea", "https://gitea.kosmos.org", class: "ks-text-link" %>
-        </h3>
-        <p class="text-gray-500">
-          Code hosting and collaboration for software projects
-        </p>
+      <div class="border border-gray-300 rounded-md hover:border-gray-400
+                  bg-cover bg-center bg-no-repeat
+                  bg-[url(/img/logos/icon_gitea.png)]">
+        <%= link_to "https://gitea.kosmos.org",
+              class: "block h-full px-6 py-6 rounded-md" do %>
+          <h3 class="mb-3.5">Gitea</h3>
+          <p class="text-gray-600">
+            Code hosting and collaboration for software projects
+          </p>
+        <% end %>
       </div>
-      <div>
-        <h3 class="mb-3.5">
-          <%= link_to "Drone CI", "https://drone.kosmos.org", class: "ks-text-link" %>
-        </h3>
-        <p class="text-gray-500">
-          Continuous integration for software projects on Gitea
-        </p>
+      <div class="border border-gray-300 rounded-md hover:border-gray-400
+                  bg-cover bg-[center_top_-70px] bg-no-repeat
+                  bg-[url(/img/logos/icon_droneci.svg)]">
+        <%= link_to "https://drone.kosmos.org",
+              class: "block h-full px-6 py-6 rounded-md" do %>
+          <h3 class="mb-3.5">Drone CI</h3>
+          <p class="text-gray-600">
+            Continuous integration for software projects on Gitea
+          </p>
+        <% end %>
       </div>
+      <!-- <div class="border border&#45;gray&#45;300 rounded&#45;md hover:border&#45;gray&#45;400 -->
+      <!--             bg&#45;[length:80%] bg&#45;[right_top_&#45;30px] bg&#45;no&#45;repeat -->
+      <!--             bg&#45;[url(/img/logos/icon_mastodon.svg)]"> -->
+      <!--   <%= link_to "https://kosmos.social", class: "block h&#45;full px&#45;6 py&#45;6 rounded&#45;md" do %> -->
+      <!--     <h3 class="mb&#45;3.5">Mastodon</h3> -->
+      <!--     <p class="text&#45;gray&#45;400"> -->
+      <!--       Your account on the Open Social Web -->
+      <!--     </p> -->
+      <!--   <% end %> -->
+      <!-- </div> -->
     </div>
   </section>
 <% end %>

app/views/devise/passwords/edit.html.erb

@@ -11,7 +11,7 @@
       <%= f.label :password, "New password" %>
     </p>
     <p>
-      <%= f.password_field :password, autofocus: true, autocomplete: "new-password" %>
+      <%= f.password_field :password, autofocus: true, autocomplete: "new-password", class: "w-full" %>
       <% if @minimum_password_length %>
         <br><em class="text-sm text-gray-500">(<%= @minimum_password_length %> characters minimum)</em>
       <% end %>
@@ -20,10 +20,10 @@
       <%= f.label :password_confirmation, "Confirm new password" %>
     </p>
     <p>
-      <%= f.password_field :password_confirmation, autocomplete: "new-password" %>
+      <%= f.password_field :password_confirmation, autocomplete: "new-password", class: "w-full" %>
     </p>
     <p class="mt-8">
-      <%= f.submit "Change my password", class: 'btn-md btn-blue' %>
+      <%= f.submit "Change my password", class: 'btn-md btn-blue w-full' %>
     </p>
   <% end %>
 

app/views/devise/shared/_error_messages.html.erb

@@ -2,7 +2,7 @@
   <div id="error_explanation">
     <ul>
       <% resource.errors.full_messages.each do |message| %>
-        <li><%= message %></li>
+        <li class="text-red-600"><%= message %></li>
       <% end %>
     </ul>
   </div>

app/views/donations/index.json.jbuilder

@@ -1 +0,0 @@
-json.array! @donations, partial: "donations/donation", as: :donation