Fix pages views when signed out

Fix wrong variable
Remove superfluous link
2025-06-12 16:09:42 +04:00 · 2025-05-30 20:22:04 +04:00 · 2025-05-30 16:53:05 +04:00 · 2025-05-30 11:14:50 +00:00 · 2025-05-30 13:27:15 +04:00 · 2025-05-29 17:26:18 +04:00
652 changed files with 9235 additions and 2378 deletions
--- a/.env.example
+++ b/.env.example
@ -1,6 +1,23 @@
 # PRIMARY_DOMAIN=kosmos.org
 # AKKOUNTS_DOMAIN=accounts.example.com
 # Generate this using `rails secret`
 # SECRET_KEY_BASE=
 # Generate these using `rails db:encryption:init`
 # (Optional, needed for LndHub integration)
 # ENCRYPTION_PRIMARY_KEY=
 # ENCRYPTION_KEY_DERIVATION_SALT=
 # The default backend is SQLite
 # DB_ADAPTER=postgresql
 # PG_HOST=localhost
 # PG_PORT=5432
 # PG_DATABASE=akkounts
 # PG_DATABASE_QUEUE=akkounts_queue
 # PG_USERNAME=akkounts
 # PG_PASSWORD=
 # SMTP_SERVER=smtp.example.com
 # SMTP_PORT=587
 # SMTP_LOGIN=accounts
@ -20,8 +37,12 @@
 # LDAP_HOST=localhost
 # LDAP_PORT=389
 # LDAP_USE_TLS=false
 # LDAP_UID_ATTR=cn
 # LDAP_BASE="ou=kosmos.org,cn=users,dc=kosmos,dc=org"
 # LDAP_ADMIN_USER="cn=Directory Manager"
 # LDAP_ADMIN_PASSWORD=passthebutter
-# LDAP_SUFFIX='dc=kosmos,dc=org'
+# LDAP_SUFFIX="dc=kosmos,dc=org"
 # REDIS_URL='redis://localhost:6379/1'
@ -29,8 +50,10 @@
 #
 # Service Integrations
 # (sorted alphabetically by service name)
 #
 # BTCPAY_PUBLIC_URL='https://btcpay.example.com'
 # BTCPAY_API_URL='http://localhost:23001/api/v1'
 # BTCPAY_STORE_ID=''
 # BTCPAY_AUTH_TOKEN=''
@ -57,8 +80,13 @@
 # LNDHUB_PG_PASSWORD=''
 # MASTODON_PUBLIC_URL='https://kosmos.social'
 # MASTODON_ADDRESS_DOMAIN='https://kosmos.org'
 # MEDIAWIKI_PUBLIC_URL='https://wiki.kosmos.org'
 # NOSTR_PRIVATE_KEY='123456abcdef...'
 # NOSTR_PUBLIC_KEY='123456abcdef...'
 # NOSTR_RELAY_URL='wss://nostr.kosmos.org'
 # RS_STORAGE_URL='https://storage.kosmos.org'
 # RS_REDIS_URL='redis://localhost:6379/2'
--- a/.env.test
+++ b/.env.test
@ -1,7 +1,12 @@
 PRIMARY_DOMAIN=kosmos.org
 AKKOUNTS_DOMAIN=accounts.kosmos.org
 ENCRYPTION_PRIMARY_KEY=YhNLBgCFMAzw5dV3gISxnGrhNDMQwRdn
 ENCRYPTION_KEY_DERIVATION_SALT=h28g16MRZ1sghF2jTCos1DiLZXUswinR
 REDIS_URL='redis://localhost:6379/0'
 BTCPAY_PUBLIC_URL='https://btcpay.example.com'
 BTCPAY_API_URL='http://btcpay.example.com/api/v1'
 BTCPAY_STORE_ID='123456'
@ -10,11 +15,17 @@ DISCOURSE_CONNECT_SECRET='discourse_connect_ftw'
 EJABBERD_API_URL='http://xmpp.example.com/api'
 MASTODON_PUBLIC_URL='http://example.social'
 LNDHUB_API_URL='http://localhost:3026'
 LNDHUB_PUBLIC_URL='https://lndhub.kosmos.org'
 LNDHUB_PUBLIC_KEY='024cd3be18617f39cf645851e3ba63f51fc13f0bb09e3bb25e6fd4de556486d946'
-RS_STORAGE_URL='https://storage.kosmos.org'
+NOSTR_PRIVATE_KEY='7c3ef7e448505f0615137af38569d01807d3b05b5005d5ecf8aaafcd40323cea'
 NOSTR_PUBLIC_KEY='bdd76ce2934b2f591f9fad2ebe9da18f20d2921de527494ba00eeaa0a0efadcf'
 RS_REDIS_URL='redis://localhost:6379/1'
 RS_STORAGE_URL='https://storage.kosmos.org'
 RS_AKKOUNTS_DOMAIN=localhost
 WEBHOOKS_ALLOWED_IPS='10.1.1.23'
--- a/.gitignore
+++ b/.gitignore
@ -37,6 +37,7 @@
 /yarn-error.log
 yarn-debug.log*
 .yarn-integrity
 bun.lock
 # Ignore local dotenv config file
 .env
@ -47,3 +48,6 @@ dump.rdb
 /app/assets/builds/*
 !/app/assets/builds/.keep
 # Ignore generated ctags
 *.tags
--- a/13
+++ b/13
@ -1,18 +1,11 @@
 # syntax=docker/dockerfile:1
-FROM debian:bullseye-slim as base
+FROM ruby:3.3.4
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
-# TODO Remove when upstream Ruby works properly on Apple silicon
+RUN apt-get update -qq && apt-get install -y --no-install-recommends curl \
-RUN apt update && apt install -y build-essential wget autoconf libpq-dev pkg-config
+      ldap-utils tini libvips
 RUN wget https://github.com/postmodern/ruby-install/releases/download/v0.9.3/ruby-install-0.9.3.tar.gz \
  && tar -xzvf ruby-install-0.9.3.tar.gz \
  && cd ruby-install-0.9.3/ \
  && make install
 RUN ruby-install -p https://github.com/ruby/ruby/pull/9371.diff ruby 3.3.0
 ENV PATH="/opt/rubies/ruby-3.3.0/bin:${PATH}"
 RUN apt-get install -y --no-install-recommends curl ldap-utils tini libvips
 RUN curl -fsSL https://deb.nodesource.com/setup_lts.x | bash -
 RUN apt-get update && apt-get install -y nodejs
--- a/28
+++ b/28
@ -2,13 +2,13 @@ source 'https://rubygems.org'
 git_source(:github) { |repo| "https://github.com/#{repo}.git" }
 # Bundle edge Rails instead: gem 'rails', github: 'rails/rails'
-gem 'rails', '~> 7.1'
+gem 'rails', '~> 8.0'
 # Use Puma as the app server
-gem 'puma', '~> 4.1'
+gem 'puma', '~> 6.6'
 # View components
 gem "view_component"
-# Separate dependency since Rails 7.0
+# Asset bundler
-gem 'sprockets-rails'
+gem 'propshaft'
 # Allows custom JS build tasks to integrate with the asset pipeline
 gem 'cssbundling-rails'
 # Use JavaScript with ESM import maps [https://github.com/rails/importmap-rails]
@ -19,17 +19,12 @@ gem "turbo-rails"
 gem "stimulus-rails"
 # Build JSON APIs with ease. Read more: https://github.com/rails/jbuilder
 gem 'jbuilder', '~> 2.7'
 # Use Redis adapter to run Action Cable in production
 # gem 'redis', '~> 4.0'
 # Use Active Model has_secure_password
 gem 'bcrypt', '~> 3.1'
 # Configuration
 gem 'dotenv-rails'
 # Security
 gem 'lockbox'
 # Authentication
 gem 'warden'
 gem 'devise', '~> 4.9.0'
@ -37,6 +32,7 @@ gem 'devise_ldap_authenticatable'
 gem 'net-ldap'
 # Utilities
 gem 'aasm'
 gem "image_processing", "~> 1.12.2"
 gem "rqrcode", "~> 2.0"
 gem 'rails-settings-cached', '~> 2.8.3'
@ -44,6 +40,9 @@ gem 'pagy', '~> 6.0', '>= 6.0.2'
 gem 'flipper'
 gem 'flipper-active_record'
 gem 'flipper-ui'
 gem 'gpgme', '~> 2.0.24'
 gem 'zbase32', '~> 0.1.1'
 gem 'kramdown'
 # HTTP requests
 gem 'faraday'
@ -51,8 +50,8 @@ gem 'down'
 gem 'aws-sdk-s3', require: false
 # Background/scheduled jobs
-gem 'sidekiq', '< 7'
+gem 'solid_queue'
-gem 'sidekiq-scheduler'
+gem "mission_control-jobs"
 # Monitoring
 gem "sentry-ruby"
@ -61,12 +60,13 @@ gem "sentry-rails"
 # Services
 gem 'discourse_api'
 gem "lnurl"
-gem 'manifique'
+gem 'manifique', '~> 1.1.0'
-gem 'nostr'
+gem 'nostr', '~> 0.6.0'
 gem "redis", "~> 5.4"
 group :development, :test do
  # Use sqlite3 as the database for Active Record
-  gem 'sqlite3', '~> 1.7.2'
+  gem 'sqlite3', '>= 2.1'
  gem 'rspec-rails'
  gem 'rails-controller-testing'
 end
--- a/Gemfile.lock
+++ b/Gemfile.lock
@ -1,110 +1,111 @@
 GEM
  remote: https://rubygems.org/
  specs:
-    actioncable (7.1.3)
+    aasm (5.5.0)
-      actionpack (= 7.1.3)
+      concurrent-ruby (~> 1.0)
-      activesupport (= 7.1.3)
+    actioncable (8.0.2)
      actionpack (= 8.0.2)
      activesupport (= 8.0.2)
      nio4r (~> 2.0)
      websocket-driver (>= 0.6.1)
      zeitwerk (~> 2.6)
-    actionmailbox (7.1.3)
+    actionmailbox (8.0.2)
-      actionpack (= 7.1.3)
+      actionpack (= 8.0.2)
-      activejob (= 7.1.3)
+      activejob (= 8.0.2)
-      activerecord (= 7.1.3)
+      activerecord (= 8.0.2)
-      activestorage (= 7.1.3)
+      activestorage (= 8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
-      mail (>= 2.7.1)
+      mail (>= 2.8.0)
-      net-imap
+    actionmailer (8.0.2)
-      net-pop
+      actionpack (= 8.0.2)
-      net-smtp
+      actionview (= 8.0.2)
-    actionmailer (7.1.3)
+      activejob (= 8.0.2)
-      actionpack (= 7.1.3)
+      activesupport (= 8.0.2)
-      actionview (= 7.1.3)
+      mail (>= 2.8.0)
      activejob (= 7.1.3)
      activesupport (= 7.1.3)
      mail (~> 2.5, >= 2.5.4)
      net-imap
      net-pop
      net-smtp
      rails-dom-testing (~> 2.2)
-    actionpack (7.1.3)
+    actionpack (8.0.2)
-      actionview (= 7.1.3)
+      actionview (= 8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
      nokogiri (>= 1.8.5)
      racc
      rack (>= 2.2.4)
      rack-session (>= 1.0.1)
      rack-test (>= 0.6.3)
      rails-dom-testing (~> 2.2)
      rails-html-sanitizer (~> 1.6)
-    actiontext (7.1.3)
+      useragent (~> 0.16)
-      actionpack (= 7.1.3)
+    actiontext (8.0.2)
-      activerecord (= 7.1.3)
+      actionpack (= 8.0.2)
-      activestorage (= 7.1.3)
+      activerecord (= 8.0.2)
-      activesupport (= 7.1.3)
+      activestorage (= 8.0.2)
      activesupport (= 8.0.2)
      globalid (>= 0.6.0)
      nokogiri (>= 1.8.5)
-    actionview (7.1.3)
+    actionview (8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
      builder (~> 3.1)
      erubi (~> 1.11)
      rails-dom-testing (~> 2.2)
      rails-html-sanitizer (~> 1.6)
-    activejob (7.1.3)
+    activejob (8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
      globalid (>= 0.3.6)
-    activemodel (7.1.3)
+    activemodel (8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
-    activerecord (7.1.3)
+    activerecord (8.0.2)
-      activemodel (= 7.1.3)
+      activemodel (= 8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
      timeout (>= 0.4.0)
-    activestorage (7.1.3)
+    activestorage (8.0.2)
-      actionpack (= 7.1.3)
+      actionpack (= 8.0.2)
-      activejob (= 7.1.3)
+      activejob (= 8.0.2)
-      activerecord (= 7.1.3)
+      activerecord (= 8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
      marcel (~> 1.0)
-    activesupport (7.1.3)
+    activesupport (8.0.2)
      base64
      benchmark (>= 0.3)
      bigdecimal
-      concurrent-ruby (~> 1.0, >= 1.0.2)
+      concurrent-ruby (~> 1.0, >= 1.3.1)
      connection_pool (>= 2.2.5)
      drb
      i18n (>= 1.6, < 2)
      logger (>= 1.4.2)
      minitest (>= 5.1)
-      mutex_m
+      securerandom (>= 0.3)
-      tzinfo (~> 2.0)
+      tzinfo (~> 2.0, >= 2.0.5)
-    addressable (2.8.6)
+      uri (>= 0.13.1)
-      public_suffix (>= 2.0.2, < 6.0)
+    addressable (2.8.7)
-    ast (2.4.2)
+      public_suffix (>= 2.0.2, < 7.0)
-    aws-eventstream (1.3.0)
+    ast (2.4.3)
-    aws-partitions (1.886.0)
+    aws-eventstream (1.3.2)
-    aws-sdk-core (3.191.0)
+    aws-partitions (1.1092.0)
    aws-sdk-core (3.222.2)
      aws-eventstream (~> 1, >= 1.3.0)
-      aws-partitions (~> 1, >= 1.651.0)
+      aws-partitions (~> 1, >= 1.992.0)
-      aws-sigv4 (~> 1.8)
+      aws-sigv4 (~> 1.9)
      base64
      jmespath (~> 1, >= 1.6.1)
-    aws-sdk-kms (1.77.0)
+      logger
-      aws-sdk-core (~> 3, >= 3.191.0)
+    aws-sdk-kms (1.99.0)
-      aws-sigv4 (~> 1.1)
+      aws-sdk-core (~> 3, >= 3.216.0)
-    aws-sdk-s3 (1.143.0)
+      aws-sigv4 (~> 1.5)
-      aws-sdk-core (~> 3, >= 3.191.0)
+    aws-sdk-s3 (1.183.0)
      aws-sdk-core (~> 3, >= 3.216.0)
      aws-sdk-kms (~> 1)
-      aws-sigv4 (~> 1.8)
+      aws-sigv4 (~> 1.5)
-    aws-sigv4 (1.8.0)
+    aws-sigv4 (1.11.0)
      aws-eventstream (~> 1, >= 1.0.2)
    backport (1.2.0)
    base64 (0.2.0)
    bcrypt (3.1.20)
-    bech32 (1.4.2)
+    bech32 (1.5.0)
      thor (>= 1.1.0)
-    benchmark (0.3.0)
+    benchmark (0.4.0)
-    bigdecimal (3.1.6)
+    bigdecimal (3.1.9)
    bindex (0.8.1)
    bip-schnorr (0.7.0)
      ecdsa_ext (~> 0.5.0)
-    builder (3.2.4)
+    builder (3.3.0)
    capybara (3.40.0)
      addressable
      matrix
@ -114,23 +115,25 @@ GEM
      rack-test (>= 0.6.3)
      regexp_parser (>= 1.5, < 3.0)
      xpath (~> 3.2)
    childprocess (5.1.0)
      logger (~> 1.5)
    chunky_png (1.4.0)
-    concurrent-ruby (1.2.3)
+    concurrent-ruby (1.3.4)
-    connection_pool (2.4.1)
+    connection_pool (2.5.2)
-    crack (0.4.6)
+    crack (1.0.0)
      bigdecimal
      rexml
    crass (1.0.6)
-    cssbundling-rails (1.4.0)
+    cssbundling-rails (1.4.3)
      railties (>= 6.0.0)
-    database_cleaner (2.0.2)
+    database_cleaner (2.1.0)
      database_cleaner-active_record (>= 2, < 3)
-    database_cleaner-active_record (2.1.0)
+    database_cleaner-active_record (2.2.0)
      activerecord (>= 5.a)
      database_cleaner-core (~> 2.0.0)
    database_cleaner-core (2.0.1)
-    date (3.3.4)
+    date (3.4.1)
-    devise (4.9.3)
+    devise (4.9.4)
      bcrypt (~> 3.0)
      orm_adapter (~> 0.1)
      railties (>= 4.1.0)
@ -139,105 +142,112 @@ GEM
    devise_ldap_authenticatable (0.8.7)
      devise (>= 3.4.1)
      net-ldap (>= 0.16.0)
-    diff-lcs (1.5.1)
+    diff-lcs (1.6.1)
    discourse_api (2.0.1)
      faraday (~> 2.7)
      faraday-follow_redirects
      faraday-multipart
      rack (>= 1.6)
-    dotenv (2.8.1)
+    dotenv (3.1.8)
-    dotenv-rails (2.8.1)
+    dotenv-rails (3.1.8)
-      dotenv (= 2.8.1)
+      dotenv (= 3.1.8)
-      railties (>= 3.2)
+      railties (>= 6.1)
-    down (5.4.1)
+    down (5.4.2)
      addressable (~> 2.8)
-    drb (2.2.0)
+    drb (2.2.1)
      ruby2_keywords
    e2mmap (0.1.0)
    ecdsa (1.2.0)
-    ecdsa_ext (0.5.0)
+    ecdsa_ext (0.5.1)
      ecdsa (~> 1.2.0)
-    erubi (1.12.0)
+    erubi (1.13.1)
-    et-orbi (1.2.7)
+    et-orbi (1.2.11)
      tzinfo
    event_emitter (0.2.6)
    eventmachine (1.2.7)
-    factory_bot (6.4.6)
+    factory_bot (6.5.1)
-      activesupport (>= 5.0.0)
+      activesupport (>= 6.1.0)
-    factory_bot_rails (6.4.3)
+    factory_bot_rails (6.4.4)
-      factory_bot (~> 6.4)
+      factory_bot (~> 6.5)
      railties (>= 5.0.0)
-    faker (3.2.3)
+    faker (3.5.1)
      i18n (>= 1.8.11, < 2)
-    faraday (2.9.0)
+    faraday (2.9.2)
      faraday-net_http (>= 2.0, < 3.2)
    faraday-follow_redirects (0.3.0)
      faraday (>= 1, < 3)
-    faraday-multipart (1.0.4)
+    faraday-multipart (1.1.0)
-      multipart-post (~> 2)
+      multipart-post (~> 2.0)
-    faraday-net_http (3.1.0)
+    faraday-net_http (3.1.1)
      net-http
    faye-websocket (0.11.3)
      eventmachine (>= 0.12.0)
      websocket-driver (>= 0.5.1)
-    ffi (1.16.3)
+    ffi (1.17.2)
-    flipper (1.2.2)
+    ffi (1.17.2-arm64-darwin)
    ffi (1.17.2-x86_64-linux-gnu)
    flipper (1.3.4)
      concurrent-ruby (< 2)
-    flipper-active_record (1.2.2)
+    flipper-active_record (1.3.4)
-      activerecord (>= 4.2, < 8)
+      activerecord (>= 4.2, < 9)
-      flipper (~> 1.2.2)
+      flipper (~> 1.3.4)
-    flipper-ui (1.2.2)
+    flipper-ui (1.3.4)
      erubi (>= 1.0.0, < 2.0.0)
-      flipper (~> 1.2.2)
+      flipper (~> 1.3.4)
      rack (>= 1.4, < 4)
-      rack-protection (>= 1.5.3, <= 4.0.0)
+      rack-protection (>= 1.5.3, < 5.0.0)
-      sanitize (< 7)
+      rack-session (>= 1.0.2, < 3.0.0)
-    fugit (1.9.0)
+      sanitize (< 8)
-      et-orbi (~> 1, >= 1.2.7)
+    fugit (1.11.1)
      et-orbi (~> 1, >= 1.2.11)
      raabro (~> 1.4)
    globalid (1.2.1)
      activesupport (>= 6.1)
-    hashdiff (1.1.0)
+    gpgme (2.0.24)
-    i18n (1.14.1)
+      mini_portile2 (~> 2.7)
    hashdiff (1.1.2)
    i18n (1.14.7)
      concurrent-ruby (~> 1.0)
    image_processing (1.12.2)
      mini_magick (>= 4.9.5, < 5)
      ruby-vips (>= 2.0.17, < 3)
-    importmap-rails (2.0.1)
+    importmap-rails (2.1.0)
      actionpack (>= 6.0.0)
      activesupport (>= 6.0.0)
      railties (>= 6.0.0)
-    io-console (0.7.2)
+    io-console (0.8.0)
-    irb (1.11.1)
+    irb (1.15.2)
-      rdoc
+      pp (>= 0.6.0)
      rdoc (>= 4.0.0)
      reline (>= 0.4.2)
-    jaro_winkler (1.5.6)
+    jaro_winkler (1.6.0)
-    jbuilder (2.11.5)
+    jbuilder (2.13.0)
      actionview (>= 5.0.0)
      activesupport (>= 5.0.0)
    jmespath (1.6.2)
-    json (2.7.1)
+    json (2.11.3)
-    kramdown (2.4.0)
+    kramdown (2.5.1)
-      rexml
+      rexml (>= 3.3.9)
    kramdown-parser-gfm (1.1.0)
      kramdown (~> 2.0)
-    language_server-protocol (3.17.0.3)
+    language_server-protocol (3.17.0.4)
-    launchy (2.5.2)
+    launchy (3.1.1)
      addressable (~> 2.8)
-    letter_opener (1.8.1)
+      childprocess (~> 5.0)
-      launchy (>= 2.2, < 3)
+      logger (~> 1.6)
-    letter_opener_web (2.0.0)
+    letter_opener (1.10.0)
-      actionmailer (>= 5.2)
+      launchy (>= 2.2, < 4)
-      letter_opener (~> 1.7)
+    letter_opener_web (3.0.0)
-      railties (>= 5.2)
+      actionmailer (>= 6.1)
      letter_opener (~> 1.9)
      railties (>= 6.1)
      rexml
-    listen (3.8.0)
+    lint_roller (1.1.0)
    listen (3.9.0)
      rb-fsevent (~> 0.10, >= 0.10.3)
      rb-inotify (~> 0.9, >= 0.9.10)
-    lnurl (1.1.0)
+    lnurl (1.1.1)
      bech32 (~> 1.1)
-    lockbox (1.3.2)
+    logger (1.7.0)
-    loofah (2.22.0)
+    loofah (2.24.0)
      crass (~> 1.0.2)
      nokogiri (>= 1.12.0)
    mail (2.8.1)
@ -245,22 +255,31 @@ GEM
      net-imap
      net-pop
      net-smtp
-    manifique (1.0.1)
+    manifique (1.1.0)
      faraday (~> 2.9.0)
      faraday-follow_redirects (= 0.3.0)
      nokogiri (~> 1.16.0)
-    marcel (1.0.2)
+    marcel (1.0.4)
    matrix (0.4.2)
-    method_source (1.0.0)
+    method_source (1.1.0)
-    mini_magick (4.12.0)
+    mini_magick (4.13.2)
    mini_mime (1.1.5)
-    mini_portile2 (2.8.5)
+    mini_portile2 (2.8.8)
-    minitest (5.21.2)
+    minitest (5.25.5)
-    multipart-post (2.3.0)
+    mission_control-jobs (1.0.2)
-    mutex_m (0.2.0)
+      actioncable (>= 7.1)
-    net-http (0.4.1)
+      actionpack (>= 7.1)
      activejob (>= 7.1)
      activerecord (>= 7.1)
      importmap-rails (>= 1.2.1)
      irb (~> 1.13)
      railties (>= 7.1)
      stimulus-rails
      turbo-rails
    multipart-post (2.4.1)
    net-http (0.6.0)
      uri
-    net-imap (0.4.9.1)
+    net-imap (0.5.7)
      date
      net-protocol
    net-ldap (0.19.0)
@ -268,62 +287,74 @@ GEM
      net-protocol
    net-protocol (0.2.2)
      timeout
-    net-smtp (0.4.0.1)
+    net-smtp (0.5.1)
      net-protocol
-    nio4r (2.7.0)
+    nio4r (2.7.4)
-    nokogiri (1.16.0)
+    nokogiri (1.16.8)
      mini_portile2 (~> 2.8.2)
      racc (~> 1.4)
-    nokogiri (1.16.0-arm64-darwin)
+    nokogiri (1.16.8-arm64-darwin)
      racc (~> 1.4)
-    nokogiri (1.16.0-x86_64-linux)
+    nokogiri (1.16.8-x86_64-linux)
      racc (~> 1.4)
-    nostr (0.5.0)
+    nostr (0.6.0)
      bech32 (~> 1.4)
-      bip-schnorr (~> 0.6)
+      bip-schnorr (~> 0.7)
      ecdsa (~> 1.2)
      event_emitter (~> 0.2)
      faye-websocket (~> 0.11)
      json (~> 2.6)
    observer (0.1.2)
    orm_adapter (0.5.0)
-    pagy (6.4.3)
+    ostruct (0.6.1)
-    parallel (1.24.0)
+    pagy (6.5.0)
-    parser (3.3.0.5)
+    parallel (1.27.0)
    parser (3.3.8.0)
      ast (~> 2.4.1)
      racc
-    pg (1.5.4)
+    pg (1.5.9)
-    psych (5.1.2)
+    pp (0.6.2)
      prettyprint
    prettyprint (0.2.0)
    prism (1.4.0)
    propshaft (1.1.0)
      actionpack (>= 7.0.0)
      activesupport (>= 7.0.0)
      rack
      railties (>= 7.0.0)
    psych (5.2.3)
      date
      stringio
-    public_suffix (5.0.4)
+    public_suffix (6.0.1)
-    puma (4.3.12)
+    puma (6.6.0)
      nio4r (~> 2.0)
    raabro (1.4.0)
-    racc (1.7.3)
+    racc (1.8.1)
-    rack (2.2.8)
+    rack (2.2.13)
    rack-protection (3.2.0)
      base64 (>= 0.1.0)
      rack (~> 2.2, >= 2.2.4)
    rack-session (1.0.2)
      rack (< 3)
-    rack-test (2.1.0)
+    rack-test (2.2.0)
      rack (>= 1.3)
-    rackup (1.0.0)
+    rackup (1.0.1)
      rack (< 3)
      webrick
-    rails (7.1.3)
+    rails (8.0.2)
-      actioncable (= 7.1.3)
+      actioncable (= 8.0.2)
-      actionmailbox (= 7.1.3)
+      actionmailbox (= 8.0.2)
-      actionmailer (= 7.1.3)
+      actionmailer (= 8.0.2)
-      actionpack (= 7.1.3)
+      actionpack (= 8.0.2)
-      actiontext (= 7.1.3)
+      actiontext (= 8.0.2)
-      actionview (= 7.1.3)
+      actionview (= 8.0.2)
-      activejob (= 7.1.3)
+      activejob (= 8.0.2)
-      activemodel (= 7.1.3)
+      activemodel (= 8.0.2)
-      activerecord (= 7.1.3)
+      activerecord (= 8.0.2)
-      activestorage (= 7.1.3)
+      activestorage (= 8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
      bundler (>= 1.15.0)
-      railties (= 7.1.3)
+      railties (= 8.0.2)
    rails-controller-testing (1.0.5)
      actionpack (>= 5.0.1.rc1)
      actionview (>= 5.0.1.rc1)
@ -332,138 +363,140 @@ GEM
      activesupport (>= 5.0.0)
      minitest
      nokogiri (>= 1.6)
-    rails-html-sanitizer (1.6.0)
+    rails-html-sanitizer (1.6.2)
      loofah (~> 2.21)
-      nokogiri (~> 1.14)
+      nokogiri (>= 1.15.7, != 1.16.7, != 1.16.6, != 1.16.5, != 1.16.4, != 1.16.3, != 1.16.2, != 1.16.1, != 1.16.0.rc1, != 1.16.0)
    rails-settings-cached (2.8.3)
      activerecord (>= 5.0.0)
      railties (>= 5.0.0)
-    railties (7.1.3)
+    railties (8.0.2)
-      actionpack (= 7.1.3)
+      actionpack (= 8.0.2)
-      activesupport (= 7.1.3)
+      activesupport (= 8.0.2)
-      irb
+      irb (~> 1.13)
      rackup (>= 1.0.0)
      rake (>= 12.2)
      thor (~> 1.0, >= 1.2.2)
      zeitwerk (~> 2.6)
    rainbow (3.1.1)
-    rake (13.1.0)
+    rake (13.2.1)
    rb-fsevent (0.11.2)
-    rb-inotify (0.10.1)
+    rb-inotify (0.11.1)
      ffi (~> 1.0)
-    rbs (2.8.4)
+    rbs (3.9.2)
-    rdoc (6.6.2)
+      logger
    rdoc (6.13.1)
      psych (>= 4.0.0)
-    redis (4.8.1)
+    redis (5.4.0)
-    regexp_parser (2.9.0)
+      redis-client (>= 0.22.0)
-    reline (0.4.2)
+    redis-client (0.24.0)
      connection_pool
    regexp_parser (2.10.0)
    reline (0.6.1)
      io-console (~> 0.5)
    responders (3.1.1)
      actionpack (>= 5.2)
      railties (>= 5.2)
-    reverse_markdown (2.1.1)
+    reverse_markdown (3.0.0)
      nokogiri
-    rexml (3.2.6)
+    rexml (3.4.1)
    rqrcode (2.2.0)
      chunky_png (~> 1.0)
      rqrcode_core (~> 1.0)
    rqrcode_core (1.2.0)
-    rspec-core (3.12.2)
+    rspec-core (3.13.3)
-      rspec-support (~> 3.12.0)
+      rspec-support (~> 3.13.0)
-    rspec-expectations (3.12.3)
+    rspec-expectations (3.13.3)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
+      rspec-support (~> 3.13.0)
-    rspec-mocks (3.12.6)
+    rspec-mocks (3.13.2)
      diff-lcs (>= 1.2.0, < 2.0)
-      rspec-support (~> 3.12.0)
+      rspec-support (~> 3.13.0)
-    rspec-rails (6.1.1)
+    rspec-rails (7.1.1)
-      actionpack (>= 6.1)
+      actionpack (>= 7.0)
-      activesupport (>= 6.1)
+      activesupport (>= 7.0)
-      railties (>= 6.1)
+      railties (>= 7.0)
-      rspec-core (~> 3.12)
+      rspec-core (~> 3.13)
-      rspec-expectations (~> 3.12)
+      rspec-expectations (~> 3.13)
-      rspec-mocks (~> 3.12)
+      rspec-mocks (~> 3.13)
-      rspec-support (~> 3.12)
+      rspec-support (~> 3.13)
-    rspec-support (3.12.1)
+    rspec-support (3.13.2)
-    rubocop (1.60.2)
+    rubocop (1.75.3)
      json (~> 2.3)
-      language_server-protocol (>= 3.17.0)
+      language_server-protocol (~> 3.17.0.2)
      lint_roller (~> 1.1.0)
      parallel (~> 1.10)
      parser (>= 3.3.0.2)
      rainbow (>= 2.2.2, < 4.0)
-      regexp_parser (>= 1.8, < 3.0)
+      regexp_parser (>= 2.9.3, < 3.0)
-      rexml (>= 3.2.5, < 4.0)
+      rubocop-ast (>= 1.44.0, < 2.0)
      rubocop-ast (>= 1.30.0, < 2.0)
      ruby-progressbar (~> 1.7)
-      unicode-display_width (>= 2.4.0, < 3.0)
+      unicode-display_width (>= 2.4.0, < 4.0)
-    rubocop-ast (1.30.0)
+    rubocop-ast (1.44.1)
-      parser (>= 3.2.1.0)
+      parser (>= 3.3.7.2)
      prism (~> 1.4)
    ruby-progressbar (1.13.0)
-    ruby-vips (2.2.0)
+    ruby-vips (2.2.3)
      ffi (~> 1.12)
-    ruby2_keywords (0.0.5)
+      logger
-    rufus-scheduler (3.9.1)
+    sanitize (7.0.0)
      fugit (~> 1.1, >= 1.1.6)
    sanitize (6.1.0)
      crass (~> 1.0.2)
-      nokogiri (>= 1.12.0)
+      nokogiri (>= 1.16.8)
-    sentry-rails (5.16.1)
+    securerandom (0.4.1)
    sentry-rails (5.23.0)
      railties (>= 5.0)
-      sentry-ruby (~> 5.16.1)
+      sentry-ruby (~> 5.23.0)
-    sentry-ruby (5.16.1)
+    sentry-ruby (5.23.0)
      bigdecimal
      concurrent-ruby (~> 1.0, >= 1.0.2)
-    sidekiq (6.5.12)
+    solargraph (0.54.2)
      connection_pool (>= 2.2.5, < 3)
      rack (~> 2.0)
      redis (>= 4.5.0, < 5)
    sidekiq-scheduler (5.0.3)
      rufus-scheduler (~> 3.2)
      sidekiq (>= 6, < 8)
      tilt (>= 1.4.0)
    solargraph (0.50.0)
      backport (~> 1.2)
-      benchmark
+      benchmark (~> 0.4)
      bundler (~> 2.0)
      diff-lcs (~> 1.4)
-      e2mmap
+      jaro_winkler (~> 1.6)
      jaro_winkler (~> 1.5)
      kramdown (~> 2.3)
      kramdown-parser-gfm (~> 1.1)
      logger (~> 1.6)
      observer (~> 0.1)
      ostruct (~> 0.6)
      parser (~> 3.0)
-      rbs (~> 2.0)
+      rbs (~> 3.3)
-      reverse_markdown (~> 2.0)
+      reverse_markdown (~> 3.0)
      rubocop (~> 1.38)
      thor (~> 1.0)
      tilt (~> 2.0)
      yard (~> 0.9, >= 0.9.24)
-    sprockets (4.2.1)
+      yard-solargraph (~> 0.1)
-      concurrent-ruby (~> 1.0)
+    solid_queue (1.1.5)
-      rack (>= 2.2.4, < 4)
+      activejob (>= 7.1)
-    sprockets-rails (3.4.2)
+      activerecord (>= 7.1)
-      actionpack (>= 5.2)
+      concurrent-ruby (>= 1.3.1)
-      activesupport (>= 5.2)
+      fugit (~> 1.11.0)
-      sprockets (>= 3.0.0)
+      railties (>= 7.1)
-    sqlite3 (1.7.2)
+      thor (~> 1.3.1)
    sqlite3 (2.6.0)
      mini_portile2 (~> 2.8.0)
-    sqlite3 (1.7.2-arm64-darwin)
+    sqlite3 (2.6.0-arm64-darwin)
-    sqlite3 (1.7.2-x86_64-linux)
+    sqlite3 (2.6.0-x86_64-linux-gnu)
-    stimulus-rails (1.3.3)
+    stimulus-rails (1.3.4)
      railties (>= 6.0.0)
    stringio (3.1.0)
    thor (1.3.0)
    tilt (2.3.0)
    timeout (0.4.1)
    turbo-rails (1.5.0)
      actionpack (>= 6.0.0)
      activejob (>= 6.0.0)
      railties (>= 6.0.0)
    stringio (3.1.7)
    thor (1.3.2)
    tilt (2.6.0)
    timeout (0.4.3)
    turbo-rails (2.0.13)
      actionpack (>= 7.1.0)
      railties (>= 7.1.0)
    tzinfo (2.0.6)
      concurrent-ruby (~> 1.0)
-    unicode-display_width (2.5.0)
+    unicode-display_width (3.1.4)
-    uri (0.13.0)
+      unicode-emoji (~> 4.0, >= 4.0.4)
-    view_component (3.10.0)
+    unicode-emoji (4.0.4)
-      activesupport (>= 5.2.0, < 8.0)
+    uri (1.0.3)
-      concurrent-ruby (~> 1.0)
+    useragent (0.16.11)
    view_component (3.22.0)
      activesupport (>= 5.2.0, < 8.1)
      concurrent-ruby (= 1.3.4)
      method_source (~> 1.0)
    warden (1.2.9)
      rack (>= 2.0.9)
@ -472,18 +505,22 @@ GEM
      activemodel (>= 6.0.0)
      bindex (>= 0.4.0)
      railties (>= 6.0.0)
-    webmock (3.19.1)
+    webmock (3.25.1)
      addressable (>= 2.8.0)
      crack (>= 0.3.2)
      hashdiff (>= 0.4.0, < 2.0.0)
-    webrick (1.8.1)
+    webrick (1.9.1)
-    websocket-driver (0.7.6)
+    websocket-driver (0.7.7)
      base64
      websocket-extensions (>= 0.1.0)
    websocket-extensions (0.1.5)
    xpath (3.2.0)
      nokogiri (~> 1.8)
-    yard (0.9.34)
+    yard (0.9.37)
-    zeitwerk (2.6.12)
+    yard-solargraph (0.1.0)
      yard (~> 0.9)
    zbase32 (0.1.1)
    zeitwerk (2.7.2)
 PLATFORMS
  arm64-darwin-22
@ -491,6 +528,7 @@ PLATFORMS
  x86_64-linux
 DEPENDENCIES
  aasm
  aws-sdk-s3
  bcrypt (~> 3.1)
  capybara
@ -507,32 +545,34 @@ DEPENDENCIES
  flipper
  flipper-active_record
  flipper-ui
  gpgme (~> 2.0.24)
  image_processing (~> 1.12.2)
  importmap-rails
  jbuilder (~> 2.7)
  kramdown
  letter_opener
  letter_opener_web
  listen (~> 3.2)
  lnurl
-  lockbox
+  manifique (~> 1.1.0)
-  manifique
+  mission_control-jobs
  net-ldap
-  nostr
+  nostr (~> 0.6.0)
  pagy (~> 6.0, >= 6.0.2)
  pg (~> 1.5)
-  puma (~> 4.1)
+  propshaft
-  rails (~> 7.1)
+  puma (~> 6.6)
  rails (~> 8.0)
  rails-controller-testing
  rails-settings-cached (~> 2.8.3)
  redis (~> 5.4)
  rqrcode (~> 2.0)
  rspec-rails
  sentry-rails
  sentry-ruby
  sidekiq (< 7)
  sidekiq-scheduler
  solargraph
-  sprockets-rails
+  solid_queue
-  sqlite3 (~> 1.7.2)
+  sqlite3 (>= 2.1)
  stimulus-rails
  turbo-rails
  tzinfo-data
@ -540,6 +580,7 @@ DEPENDENCIES
  warden
  web-console (~> 4.2)
  webmock
  zbase32 (~> 0.1.1)
 BUNDLED WITH
   2.5.5
--- a/README.md
+++ b/README.md
@ -57,7 +57,7 @@ Running the test suite:
 Running the test suite with Docker Compose requires overriding the Rails
 environment:
-    docker-compose run -e "RAILS_ENV=test" web rspec
+    docker-compose exec -e "RAILS_ENV=test" web rspec
 ### Docker Compose
@ -128,6 +128,7 @@ command:
 ### Front-end
 * [Icons](https://feathericons.com)
 * [Tailwind CSS](https://tailwindcss.com/)
 * [Sass](https://sass-lang.com/documentation)
 * [Stimulus](https://stimulus.hotwired.dev/handbook/)
--- a/app/assets/config/manifest.js
+++ b/app/assets/config/manifest.js
@ -1,4 +0,0 @@
 //= link_tree ../images
 //= link_tree ../../javascript .js
 //= link_tree ../builds
 //= link_tree ../../../vendor/javascript .js
--- a/app/assets/stylesheets/application.tailwind.css
+++ b/app/assets/stylesheets/application.tailwind.css
@ -7,7 +7,6 @@
@import "components/buttons";
@import "components/dashboard_services";
@import "components/forms";
@import "components/links";
@import "components/notifications";
@import "components/pagination";
@import "components/tables";
--- a/app/assets/stylesheets/components/base.css
+++ b/app/assets/stylesheets/components/base.css
@ -6,6 +6,7 @@
  body {
    @apply leading-none bg-cover bg-fixed;
    background-image: linear-gradient(35deg, rgba(255,0,255,0.2) 0, rgba(13,79,153,0.8) 100%), url('/img/bg-1.jpg');
    color: black;
  }
  body#admin {
@ -32,6 +33,10 @@
    @apply pt-8 sm:pt-12;
  }
  main section h3:not(:first-child) {
    @apply mt-8;
  }
  main section:first-of-type {
    @apply pt-0;
  }
@ -55,4 +60,11 @@
  main ul li {
    @apply leading-6;
  }
  main a:not(nav > *) {
    @apply text-blue-600;
    &:hover   { @apply underline; }
    &:visited { @apply text-indigo-600; }
    &:active  { @apply text-red-600; }
  }
 }
--- a/app/assets/stylesheets/components/buttons.css
+++ b/app/assets/stylesheets/components/buttons.css
@ -1,5 +1,15 @@
@layer components {
  .btn-text-dark          { @apply text-black; }
  .btn-text-dark:hover    { @apply text-black no-underline; }
  .btn-text-dark:visited  { @apply text-black; }
  .btn-text-dark:active   { @apply text-black; }
  .btn-text-light         { @apply text-white; }
  .btn-text-light:hover   { @apply text-white no-underline; }
  .btn-text-light:visited { @apply text-white; }
  .btn-text-light:active  { @apply text-white; }
  .btn {
    @apply btn-text-dark;
    @apply inline-block font-semibold rounded-md leading-none cursor-pointer text-center
           transition-colors duration-75 focus:outline-none focus:ring-4;
  }
@ -28,15 +38,28 @@
  }
  .btn-blue {
-    @apply bg-blue-500 hover:bg-blue-600 text-white
+    @apply btn-text-light;
    @apply bg-blue-500 hover:bg-blue-600
           focus:ring-blue-400 focus:ring-opacity-75;
  }
  .btn-emerald {
    @apply btn-text-light;
    @apply bg-emerald-500 hover:bg-emerald-600
           focus:ring-emerald-400 focus:ring-opacity-75;
  }
  .btn-red {
-    @apply bg-red-600 hover:bg-red-700 text-white
+    @apply btn-text-light;
    @apply bg-red-600 hover:bg-red-700
           focus:ring-red-500 focus:ring-opacity-75;
  }
  .btn-outline-purple {
    @apply border-2 border-purple-500 hover:bg-purple-100
           focus:ring-purple-400 focus:ring-opacity-75;
  }
  .btn:disabled {
    @apply bg-gray-100 hover:bg-gray-200 text-gray-400
           focus:ring-gray-300 focus:ring-opacity-75;
--- a/app/assets/stylesheets/components/dashboard_services.css
+++ b/app/assets/stylesheets/components/dashboard_services.css
@ -1,5 +1,5 @@
@layer components {
  .services > div > a {
-    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 0, rgba(255,255,255,0.88) 100%);
+    background-image: linear-gradient(110deg, rgba(255,255,255,0.99) 20%, rgba(255,255,255,0.88) 100%);
  }
 }
--- a/app/assets/stylesheets/components/links.css
+++ b/app/assets/stylesheets/components/links.css
@ -1,8 +0,0 @@
@layer components {
  .ks-text-link {
    @apply text-blue-600;
    &:hover   { @apply underline; }
    &:visited { @apply text-indigo-600; }
    &:active  { @apply text-red-600; }
  }
 }
--- a/app/assets/stylesheets/components/pagination.css
+++ b/app/assets/stylesheets/components/pagination.css
@ -34,7 +34,7 @@
  .pagy-nav .page a, .page.gap {
    @apply bg-white border-gray-300 text-gray-500 hover:bg-gray-100 relative
           inline-flex items-center border px-4 py-2 text-sm font-medium
-           focus:z-20;
+           no-underline focus:z-20;
  }
  .pagy-nav .page.active {
--- a/app/components/app_catalog/web_app_icon_component.rb
+++ b/app/components/app_catalog/web_app_icon_component.rb
@ -2,6 +2,8 @@
 module AppCatalog
  class WebAppIconComponent < ViewComponent::Base
    include ApplicationHelper
    def initialize(web_app:)
      if web_app&.icon&.attached?
        @image_url = image_url_for(web_app.icon)
@ -9,13 +11,5 @@ module AppCatalog
        @image_url = image_url_for(web_app.apple_touch_icon)
      end
    end
    def image_url_for(attachment)
      if Setting.s3_enabled?
        s3_image_url(attachment)
      else
        Rails.application.routes.url_helpers.rails_blob_path(attachment, only_path: true)
      end
    end
  end
 end
--- a/app/components/dropdown_link_component.html.erb
+++ b/app/components/dropdown_link_component.html.erb
@ -1,4 +1,4 @@
-<%= link_to @href, class: @class, data: {
+<%= link_to @href, class: @class, target: @target, data: {
      'dropdown-target': "menuItem",
      'action': "keydown.up->dropdown#previousItem:prevent keydown.down->dropdown#nextItem:prevent"
    } do %>
--- a/app/components/dropdown_link_component.rb
+++ b/app/components/dropdown_link_component.rb
@ -1,8 +1,9 @@
 # frozen_string_literal: true
 class DropdownLinkComponent < ViewComponent::Base
-  def initialize(href:, separator: false, add_class: nil)
+  def initialize(href:, open_in_new_tab: false, separator: false, add_class: nil)
    @href = href
    @target = open_in_new_tab ? "_blank" : nil
    @class = class_str(separator, add_class)
  end
--- a/app/components/edit_content_button_component.html.erb
+++ b/app/components/edit_content_button_component.html.erb
@ -0,0 +1,30 @@
 <div class="inline-block text-left" data-controller="modal" data-action="keydown.esc->modal#close">
  <button class="btn-md btn-outline text-red-600" data-action="click->modal#open" title="Edit">
    <%= content || "Edit" %>
  </button>
  <%= render ModalComponent.new(show_close_button: false) do %>
    <%= form_with model: [:admin, @editable_content],
                  html: { autocomplete: "off" } do |form| %>
      <%= form.hidden_field :redirect_to, value: @redirect_to  %>
      <p class="mb-2">
        <%= form.label :content, @editable_content.key.capitalize, class: 'font-bold' %>
      </p>
      <% if @editable_content.rich_text %>
        <p>
          <%= form.textarea :content, class: "md:w-[56rem] md:h-[28rem]" %>
        </p>
        <p class="text-right">
          <%= form.submit "Save", class: "ml-2 btn-md btn-blue" %>
        </p>
      <% else %>
        <p class="">
          <%= form.text_field :content, class: "w-80" %>
        </p>
        <p>
          <%= form.submit "Save", class: "btn-md btn-blue w-full" %>
        </p>
      <% end %>
    <% end %>
  <% end %>
 </div>
--- a/app/components/edit_content_button_component.rb
+++ b/app/components/edit_content_button_component.rb
@ -0,0 +1,6 @@
 class EditContentButtonComponent < ViewComponent::Base
  def initialize(context:, key:, rich_text: false, redirect_to: nil)
    @editable_content = EditableContent.find_or_create_by(context:, key:, rich_text:)
    @redirect_to = redirect_to
  end
 end
--- a/app/components/editable_content_component.html.erb
+++ b/app/components/editable_content_component.html.erb
@ -0,0 +1,9 @@
 <% if @editable_content.has_content? %>
  <% if @editable_content.rich_text %>
    <%= helpers.markdown_to_html @editable_content.content %>
  <% else %>
    <%= @editable_content.content %>
  <% end %>
 <% else %>
  <%= @default %>
 <% end %>
--- a/app/components/editable_content_component.rb
+++ b/app/components/editable_content_component.rb
@ -0,0 +1,6 @@
 class EditableContentComponent < ViewComponent::Base
  def initialize(context:, key:, rich_text: false, default: nil)
    @editable_content = EditableContent.find_or_create_by(context:, key:, rich_text:)
    @default = default
  end
 end
--- a/app/components/form_elements/fieldset_resettable_setting_component.html.erb
+++ b/app/components/form_elements/fieldset_resettable_setting_component.html.erb
@ -6,6 +6,7 @@
    ) do %>
  <%= method("#{@type}_field").call :setting, @key,
    value: Setting.public_send(@key),
    placeholder: @placeholder,
    data: {
      :'default-value' => Setting.get_field(@key)[:default]
    },
--- a/app/components/form_elements/fieldset_resettable_setting_component.rb
+++ b/app/components/form_elements/fieldset_resettable_setting_component.rb
@ -2,7 +2,7 @@
 module FormElements
  class FieldsetResettableSettingComponent < ViewComponent::Base
-    def initialize(tag: "li", key:, type: :text, title:, description: nil)
+    def initialize(tag: "li", key:, type: :text, title:, description: nil, placeholder: nil)
      @tag         = tag
      @positioning = :vertical
      @title       = title
@ -10,6 +10,7 @@ module FormElements
      @key         = key.to_sym
      @type        = type
      @resettable  = is_resettable?(@key)
      @placeholder = placeholder
    end
    def is_resettable?(key)
--- a/app/components/form_elements/fieldset_toggle_component.html.erb
+++ b/app/components/form_elements/fieldset_toggle_component.html.erb
@ -6,7 +6,7 @@
  <div class="flex flex-col">
    <label class="font-bold mb-1"><%= @title %></label>
    <% if @description.present? %>
-    <p class="text-gray-500"><%= @descripton %></p>
+    <p class="text-gray-500"><%= @description %></p>
    <% end %>
  </div>
  <div class="relative ml-4 inline-flex flex-shrink-0">
--- a/app/components/form_elements/fieldset_toggle_component.rb
+++ b/app/components/form_elements/fieldset_toggle_component.rb
@ -12,7 +12,7 @@ module FormElements
      @enabled = enabled
      @input_enabled = input_enabled
      @title = title
-      @descripton = description
+      @description = description
      @button_text = @enabled ? "Switch off" : "Switch on"
    end
  end
--- a/app/components/main_compact_component.html.erb
+++ b/app/components/main_compact_component.html.erb
@ -1,4 +1,4 @@
-<main class="w-full max-w-xl mx-auto pb-12 px-4 sm:px-6 lg:px-8">
+<main class="w-full max-w-xl mx-auto px-4 sm:px-6 lg:px-8">
  <div class="bg-white rounded-lg shadow px-6 sm:px-12 py-8 sm:py-12">
    <%= content %>
  </div>
--- a/app/components/main_simple_component.html.erb
+++ b/app/components/main_simple_component.html.erb
@ -1,4 +1,4 @@
-<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
+<main class="w-full max-w-6xl mx-auto px-4 md:px-6 lg:px-8">
  <div class="md:min-h-[50vh] bg-white rounded-lg shadow px-6 sm:px-12 py-8 sm:py-12">
    <%= content %>
  </div>
--- a/app/components/main_with_sidenav_component.html.erb
+++ b/app/components/main_with_sidenav_component.html.erb
@ -1,4 +1,4 @@
-<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
+<main class="w-full max-w-6xl mx-auto px-4 md:px-6 lg:px-8">
  <div class="bg-white rounded-lg shadow">
    <div class="md:min-h-[50vh] divide-y divide-gray-200 lg:grid lg:grid-cols-12 lg:divide-y-0 lg:divide-x">
      <aside class="py-6 sm:py-8 lg:col-span-3">
--- a/app/components/main_with_tabnav_component.html.erb
+++ b/app/components/main_with_tabnav_component.html.erb
@ -1,5 +1,5 @@
-<main class="w-full max-w-6xl mx-auto pb-12 px-4 md:px-6 lg:px-8">
+<main class="w-full max-w-6xl mx-auto px-4 md:px-6 lg:px-8">
-  <div class="bg-white rounded-lg shadow">
+  <div class="md:min-h-[50vh] bg-white rounded-lg shadow">
    <div class="px-6 sm:px-12 pt-2 sm:pt-4">
      <%= render partial: @tabnav_partial %>
    </div>
--- a/app/components/modal_component.html.erb
+++ b/app/components/modal_component.html.erb
@ -12,7 +12,7 @@
    <!-- Modal Container -->
    <div data-modal-target="container"
-         class="max-h-screen w-auto max-w-lg relative
+         class="relative m-4 max-h-screen w-auto max-w-full
                hidden animate-scale-in fixed inset-0 overflow-y-auto flex items-center justify-center">
      <!-- Modal Card -->
      <div class="m-1 bg-white rounded shadow">
--- a/app/components/notification_component.rb
+++ b/app/components/notification_component.rb
@ -34,6 +34,8 @@ class NotificationComponent < ViewComponent::Base
      'alert-octagon'
    when 'alert'
      'alert-octagon'
    when 'warning'
      'alert-octagon'
    else
      'info'
    end
--- a/app/components/rs_auth_component.html.erb
+++ b/app/components/rs_auth_component.html.erb
@ -12,7 +12,8 @@
  </div>
  <%= render DropdownComponent.new do %>
    <%= render DropdownLinkComponent.new(
-          href: launch_app_services_storage_rs_auth_url(@auth)
+          href: launch_app_services_storage_rs_auth_url(@auth),
          open_in_new_tab: true
        ) do %>
      Launch app
    <% end %>
--- a/app/components/sidenav_link_component.rb
+++ b/app/components/sidenav_link_component.rb
@ -29,7 +29,7 @@ class SidenavLinkComponent < ViewComponent::Base
  def class_names_icon(path)
    if @active
-      "text-teal-500 group-hover:text-teal-500 flex-shrink-0 -ml-1 mr-3 h-6 w-6"
+      "text-teal-600 group-hover:text-teal-600 flex-shrink-0 -ml-1 mr-3 h-6 w-6"
    elsif @disabled
      "text-gray-300 group-hover:text-gray-300 flex-shrink-0 -ml-1 mr-3 h-6 w-6"
    else
--- a/app/controllers/admin/donations_controller.rb
+++ b/app/controllers/admin/donations_controller.rb
@ -3,18 +3,27 @@ class Admin::DonationsController < Admin::BaseController
  before_action :set_current_section, only: [:index, :show, :new, :edit]
  # GET /donations
  # GET /donations.json
  def index
-    @pagy, @donations = pagy(Donation.all.order('created_at desc'))
+    @username = params[:username].presence
    pending_scope   = Donation.incomplete.joins(:user).order('paid_at desc')
    completed_scope = Donation.completed.joins(:user).order('paid_at desc')
    if @username
      pending_scope   = pending_scope.where(users: { cn: @username })
      completed_scope = completed_scope.where(users: { cn: @username })
    end
    @pending_donations = pending_scope
    @pagy, @donations  = pagy(completed_scope)
    @stats = {
-      overall_sats: @donations.all.sum("amount_sats"),
+      overall_sats: completed_scope.sum("amount_sats"),
-      donor_count: Donation.distinct.count(:user_id)
+      donor_count: completed_scope.distinct.count(:user_id)
    }
  end
  # GET /donations/1
  # GET /donations/1.json
  def show
  end
@ -28,54 +37,41 @@ class Admin::DonationsController < Admin::BaseController
  end
  # POST /donations
  # POST /donations.json
  def create
    @donation = Donation.new(donation_params)
-    respond_to do |format|
+    if @donation.paid_at == nil
-      if @donation.save
+      @donation.errors.add(:paid_at, message: "is required")
-        format.html do
+      render :new, status: :unprocessable_entity and return
-          redirect_to admin_donation_url(@donation), flash: {
+    end
-            success: 'Donation was successfully created.'
+
-          }
+    if @donation.save
-        end
+      redirect_to admin_donation_url(@donation), flash: {
-        format.json { render :show, status: :created, location: @donation }
+        success: 'Donation was successfully created.'
-      else
+      }
-        format.html { render :new, status: :unprocessable_entity }
+    else
-        format.json { render json: @donation.errors, status: :unprocessable_entity }
+      render :new, status: :unprocessable_entity
      end
    end
  end
-  # PATCH/PUT /donations/1
+  # PUT /donations/1
  # PATCH/PUT /donations/1.json
  def update
-    respond_to do |format|
+    if @donation.update(donation_params)
-      if @donation.update(donation_params)
+      redirect_to admin_donation_url(@donation), flash: {
-        format.html do
+        success: 'Donation was successfully updated.'
-          redirect_to admin_donation_url(@donation), flash: {
+      }
-            success: 'Donation was successfully updated.'
+    else
-          }
+      render :edit, status: :unprocessable_entity
        end
        format.json { render :show, status: :ok, location: @donation }
      else
        format.html { render :edit, status: :unprocessable_entity }
        format.json { render json: @donation.errors, status: :unprocessable_entity }
      end
    end
  end
  # DELETE /donations/1
  # DELETE /donations/1.json
  def destroy
    @donation.destroy
-    respond_to do |format|
+
-      format.html do redirect_to admin_donations_url, flash: {
+    redirect_to admin_donations_url, flash: {
-        success: 'Donation was successfully destroyed.'
+      success: 'Donation was successfully destroyed.'
-      }
+    }
      end
      format.json { head :no_content }
    end
  end
  private
@ -86,7 +82,10 @@ class Admin::DonationsController < Admin::BaseController
    # Only allow a list of trusted parameters through.
    def donation_params
-      params.require(:donation).permit(:user_id, :amount_sats, :amount_eur, :amount_usd, :public_name, :paid_at)
+      params.require(:donation).permit(
        :user_id, :donation_method,
        :amount_sats, :fiat_amount, :fiat_currency,
        :public_name, :paid_at)
    end
    def set_current_section
--- a/app/controllers/admin/editable_contents_controller.rb
+++ b/app/controllers/admin/editable_contents_controller.rb
@ -0,0 +1,45 @@
 class Admin::EditableContentsController < Admin::BaseController
  before_action :set_content, only: [:show, :edit, :update]
  before_action :set_current_section, only: [:index, :show, :edit]
  def index
    @path = params[:path].presence
    scope = EditableContent.order(path: :asc)
    scope = scope.where(path: @path) if @path
    @pagy, @contents = pagy(scope)
  end
  def show
  end
  def edit
  end
  def update
    return_to = params[:editable_content][:redirect_to].presence
    if @editable_content.update(content_params)
      if return_to
        redirect_to return_to
      else
        render status: :ok
      end
    else
      render :edit, status: :unprocessable_entity
    end
  end
  private
  def set_content
    @editable_content = EditableContent.find(params[:id])
  end
  def content_params
    params.require(:editable_content).permit(:path, :key, :lang, :content, :rich_text)
  end
  def set_current_section
    @current_section = :content
  end
 end
--- a/app/controllers/admin/invitations_controller.rb
+++ b/app/controllers/admin/invitations_controller.rb
@ -1,12 +1,28 @@
 class Admin::InvitationsController < Admin::BaseController
  before_action :set_current_section
  def index
-    @current_section = :invitations
+    @username = params[:username].presence
-    @pagy, @invitations_used = pagy(Invitation.used.order('used_at desc'))
+    accepted_scope = Invitation.used.order('used_at desc')
    unused_scope = Invitation.unused
    if @username
      accepted_scope = accepted_scope.joins(:user).where(users: { cn: @username })
      unused_scope = unused_scope.joins(:user).where(users: { cn: @username })
    end
    @pagy, @invitations_used = pagy(accepted_scope)
    @stats = {
-      available: Invitation.unused.count,
+      available: unused_scope.count,
-      accepted: @invitations_used.length,
+      accepted: accepted_scope.count,
-      users_with_referrals: Invitation.used.distinct.count(:user_id)
+      users_with_referrals: accepted_scope.distinct.count(:user_id)
    }
  end
  private
    def set_current_section
      @current_section = :invitations
    end
 end
--- a/app/controllers/admin/lightning_controller.rb
+++ b/app/controllers/admin/lightning_controller.rb
@ -4,7 +4,7 @@ class Admin::LightningController < Admin::BaseController
  def index
    @current_section = :lightning
-    @users = User.pluck(:cn, :ou, :ln_account)
+    @users = User.pluck(:cn, :ou, :lndhub_username)
    @accounts = LndhubAccount.with_balances.order(balance: :desc).to_a
    @ln = {}
--- a/app/controllers/admin/settings/membership_controller.rb
+++ b/app/controllers/admin/settings/membership_controller.rb
@ -0,0 +1,23 @@
 class Admin::Settings::MembershipController < Admin::SettingsController
  def show
  end
  def update
    update_settings
    redirect_to admin_settings_membership_path, flash: {
      success: "Settings saved"
    }
  end
  private
    def setting_params
      params.require(:setting).permit([
        :member_status_contributor,
        :member_status_sustainer,
        :user_index_show_contributors,
        :user_index_show_sustainers
      ])
    end
 end
--- a/app/controllers/admin/settings/registrations_controller.rb
+++ b/app/controllers/admin/settings/registrations_controller.rb
@ -9,4 +9,12 @@ class Admin::Settings::RegistrationsController < Admin::SettingsController
      success: "Settings saved"
    }
  end
  private
    def setting_params
      params.require(:setting).permit([
        :reserved_usernames, default_services: []
      ])
    end
 end
--- a/app/controllers/admin/settings_controller.rb
+++ b/app/controllers/admin/settings_controller.rb
@ -9,11 +9,12 @@ class Admin::SettingsController < Admin::BaseController
    changed_keys = []
    setting_params.keys.each do |key|
-      next if setting_params[key].nil? ||
+      next if clean_param(key).nil? ||
-              (Setting.send(key).to_s == setting_params[key].strip)
+        (Setting.send(key).to_s == clean_param(key))
      changed_keys.push(key)
      setting = Setting.new(var: key)
-      setting.value = setting_params[key].strip
+      setting.value = clean_param(key)
      unless setting.valid?
        @errors.merge!(setting.errors)
      end
@ -24,7 +25,7 @@ class Admin::SettingsController < Admin::BaseController
    end
    changed_keys.each do |key|
-      Setting.send("#{key}=", setting_params[key].strip)
+      Setting.send("#{key}=", clean_param(key))
    end
  end
@ -37,4 +38,12 @@ class Admin::SettingsController < Admin::BaseController
    def setting_params
      params.require(:setting).permit(Setting.editable_keys.map(&:to_sym))
    end
    def clean_param(key)
      if Setting.get_field(key)[:type] == :string
        setting_params[key].strip
      else
        setting_params[key]
      end
    end
 end
--- a/app/controllers/admin/users_controller.rb
+++ b/app/controllers/admin/users_controller.rb
@ -4,25 +4,37 @@ class Admin::UsersController < Admin::BaseController
  # GET /admin/users
  def index
-    ldap   = LdapService.new
+    ldap = LdapService.new
-    @ou    = Setting.primary_domain
+    ou   = Setting.primary_domain
-    @pagy, @users = pagy(User.where(ou: @ou).order(cn: :asc))
+    @show_contributors = Setting.user_index_show_contributors
    @show_sustainers = Setting.user_index_show_sustainers
    @contributors = ldap.search_users(:memberStatus, :contributor, :cn) if @show_contributors
    @sustainers   = ldap.search_users(:memberStatus, :sustainer, :cn) if @show_sustainers
    @admins       = ldap.search_users(:admin, true, :cn)
    @pagy, @users = pagy(User.where(ou: ou).order(cn: :asc))
    @stats = {
-      users_confirmed: User.where(ou: @ou).confirmed.count,
+      users_confirmed: User.where(ou: ou).confirmed.count,
-      users_pending: User.where(ou: @ou).pending.count
+      users_pending: User.where(ou: ou).pending.count
    }
    @stats[:users_contributing] = @contributors.size if @show_contributors
    @stats[:users_paying] = @sustainers.size if @show_sustainers
  end
  # GET /admin/users/:username
  def show
    @invitees = @user.invitees
    @recent_invitees = @user.invitees.order(created_at: :desc).limit(5)
    @more_invitees = (@invitees - @recent_invitees).count
    if Setting.lndhub_admin_enabled?
      @lndhub_user = @user.lndhub_user
    end
    @services_enabled = @user.services_enabled
-    @avatar = LdapManager::FetchAvatar.call(cn: @user.cn)
+    @ldap_avatar = LdapManager::FetchAvatar.call(cn: @user.cn)
  end
  # POST /admin/users/:username/invitations
@ -30,7 +42,7 @@ class Admin::UsersController < Admin::BaseController
    amount = params[:amount].to_i
    notify_user = ActiveRecord::Type::Boolean.new.cast(params[:notify_user])
-    CreateInvitations.call(user: @user, amount: amount, notify: notify_user)
+    UserManager::CreateInvitations.call(user: @user, amount: amount, notify: notify_user)
    redirect_to admin_user_path(@user.cn), flash: {
      success: "Added #{amount} invitations to #{@user.cn}'s account"
--- a/app/controllers/application_controller.rb
+++ b/app/controllers/application_controller.rb
@ -41,4 +41,31 @@ class ApplicationController < ActionController::Base
  def after_sign_in_path_for(user)
    session[:user_return_to] || root_path
  end
  def lndhub_authenticate(options={})
    if session[:ln_auth_token].present? && !options[:force_reauth]
      @ln_auth_token = session[:ln_auth_token]
    else
      lndhub = Lndhub.new
      auth_token = lndhub.authenticate(current_user)
      session[:ln_auth_token] = auth_token
      @ln_auth_token = auth_token
    end
  rescue => e
    Sentry.capture_exception(e) if Setting.sentry_enabled?
  end
  def lndhub_fetch_balance
    @balance = LndhubManager::FetchUserBalance.call(auth_token: @ln_auth_token)
  rescue AuthError
    lndhub_authenticate(force_reauth: true)
    raise if @fetch_balance_retried
    @fetch_balance_retried = true
    lndhub_fetch_balance
  end
  def nostr_event_from_params
    params.permit!
    params[:signed_event].to_h.symbolize_keys
  end
 end
--- a/app/controllers/avatars_controller.rb
+++ b/app/controllers/avatars_controller.rb
@ -0,0 +1,27 @@
 class AvatarsController < ApplicationController
  def show
    if user = User.find_by(cn: params[:username])
      http_status :not_found and return unless user.avatar.attached?
      sha256_hash = params[:hash]
      format = params[:format]&.to_sym || :png
      # size = params[:size]&.to_sym || :original
      unless user.avatar.filename.to_s == "#{sha256_hash}.#{format}"
        http_status :not_found and return
      end
      # TODO See note for avatar_variant in user model
      # blob = if size == :original
      #          user.avatar.blob
      #        else
      #          user.avatar_variant(size: size)&.blob
      #        end
      data = user.avatar.blob.download
      send_data data, type: "image/#{format}", disposition: "inline"
    else
      http_status :not_found
    end
  end
 end
--- a/app/controllers/contributions/donations_controller.rb
+++ b/app/controllers/contributions/donations_controller.rb
@ -1,10 +1,126 @@
 class Contributions::DonationsController < ApplicationController
-  before_action :authenticate_user!
+  include BtcpayHelper
-  # GET /donations
+  before_action :authenticate_user!
-  # GET /donations.json
+  before_action :set_donation_methods, only: [:index, :create]
  before_action :require_donation_method_enabled, only: [:create]
  before_action :validate_donation_params, only: [:create]
  before_action :set_donation, only: [:confirm_btcpay]
  # GET /contributions/donations
  def index
    @donations = current_user.donations.completed
    @current_section = :contributions
    @donations_completed = current_user.donations.completed.order('paid_at desc')
    @donations_processing = current_user.donations.processing.order('created_at desc')
    if Setting.lndhub_enabled?
      begin
        lndhub_authenticate
        lndhub_fetch_balance
      rescue
        @balance = 0
      end
    end
  end
  # POST /contributions/donations
  def create
    if params[:currency] == "sats"
      fiat_amount = nil
      fiat_currency = nil
      amount_sats = params[:amount]
    else
      fiat_amount = params[:amount].to_i
      fiat_currency = params[:currency]
      amount_sats = nil
    end
    @donation = current_user.donations.create!(
      donation_method: params[:donation_method],
      payment_method: nil,
      paid_at: nil,
      amount_sats: amount_sats,
      fiat_amount: (fiat_amount.nil? ? nil : fiat_amount * 100), # store in cents
      fiat_currency: fiat_currency,
      public_name: params[:public_name]
    )
    case params[:donation_method]
    when "btcpay"
      res = BtcpayManager::CreateInvoice.call(
        amount: fiat_amount || (amount_sats.to_f / 100000000),
        currency: fiat_currency || "BTC",
        redirect_url: confirm_btcpay_contributions_donation_url(@donation)
      )
      @donation.update! btcpay_invoice_id: res["id"]
      redirect_to btcpay_checkout_url(res["id"]), allow_other_host: true
    else
      redirect_to contributions_donations_url, flash: {
        error: "Donation method currently not available"
      }
    end
  end
  def confirm_btcpay
    redirect_to contributions_donations_url and return if @donation.completed?
    invoice = BtcpayManager::FetchInvoice.call(invoice_id: @donation.btcpay_invoice_id)
    if @donation.amount_sats.present?
      # TODO make default fiat currency configurable and/or determine from user's
      # i18n browser settings
      @donation.fiat_currency = "EUR"
      exchange_rate = BtcpayManager::FetchExchangeRate.call(fiat_currency: @donation.fiat_currency)
      @donation.fiat_amount = (((@donation.amount_sats.to_f / 100000000) * exchange_rate) * 100).to_i
    else
      amt_str = invoice["paymentMethods"].first["amount"]
      @donation.amount_sats = amt_str.tr(".","").sub(/0*$/, "").to_i
    end
    case invoice["status"]
    when "Settled"
      @donation.complete!
      flash_message = { success: "Thank you!" }
    when "Processing"
      unless @donation.processing?
        @donation.start_processing!
        flash_message = { success: "Thank you! We will send you an email when the payment is confirmed." }
        BtcpayCheckDonationJob.set(wait: 20.seconds).perform_later(@donation)
      end
    when "Expired"
      flash_message = { warning: "The payment request for this donation has expired" }
    else
      flash_message = { warning: "Could not determine status of payment" }
    end
    redirect_to contributions_donations_url, flash: flash_message
  end
  private
    def set_donation
      @donation = current_user.donations.find_by(id: params[:id])
      http_status :not_found unless @donation.present?
    end
    def set_donation_methods
      @donation_methods = []
      @donation_methods.push :btcpay if Setting.btcpay_enabled?
      @donation_methods.push :lndhub if Setting.lndhub_enabled?
      @donation_methods.push :opencollective if Setting.opencollective_enabled?
    end
    def require_donation_method_enabled
      http_status :forbidden unless @donation_methods.include?(
        params[:donation_method].to_sym
      )
    end
    def validate_donation_params
      if !%w[EUR USD sats].include?(params[:currency]) || (params[:amount].to_i <= 0)
        http_status :unprocessable_entity
      end
    end
 end
--- a/app/controllers/contributions/other_controller.rb
+++ b/app/controllers/contributions/other_controller.rb
@ -0,0 +1,16 @@
 class Contributions::OtherController < ApplicationController
  before_action :authenticate_user!
  before_action :set_content_editing
  # GET /contributions/other
  def index
    @current_section = :contributions
  end
  private
    def set_content_editing
      return unless params[:edit] && current_user.is_admin?
      @edit_content = true
    end
 end
--- a/app/controllers/contributions/projects_controller.rb
+++ b/app/controllers/contributions/projects_controller.rb
@ -1,8 +0,0 @@
 class Contributions::ProjectsController < ApplicationController
  before_action :authenticate_user!
  # GET /contributions
  def index
    @current_section = :contributions
  end
 end
--- a/app/controllers/discourse/sso_controller.rb
+++ b/app/controllers/discourse/sso_controller.rb
@ -8,6 +8,9 @@ class Discourse::SsoController < ApplicationController
    sso.email = current_user.email
    sso.username = current_user.cn
    sso.name = current_user.display_name
    if current_user.avatar.attached?
      sso.avatar_url = helpers.image_url_for(current_user.avatar)
    end
    sso.admin = current_user.is_admin?
    sso.sso_secret = secret
--- a/app/controllers/lnurlpay_controller.rb
+++ b/app/controllers/lnurlpay_controller.rb
@ -1,13 +1,15 @@
 class LnurlpayController < ApplicationController
  before_action :check_service_available
  before_action :find_user
  before_action :set_cors_access_control_headers
  MIN_SATS = 10
  MAX_SATS = 1_000_000
  MAX_COMMENT_CHARS = 100
  # GET /.well-known/lnurlp/:username
  def index
-    render json: {
+    res = {
      status: "OK",
      callback: "https://#{Setting.accounts_domain}/lnurlpay/#{@user.cn}/invoice",
      tag: "payRequest",
@ -16,8 +18,16 @@ class LnurlpayController < ApplicationController
      metadata: metadata(@user.address),
      commentAllowed: MAX_COMMENT_CHARS
    }
    if Setting.nostr_enabled?
      res[:allowsNostr] = true
      res[:nostrPubkey] = Setting.nostr_public_key
    end
    render json: res
  end
  # GET /.well-known/keysend/:username
  def keysend
    http_status :not_found and return unless Setting.lndhub_keysend_enabled?
@ -27,13 +37,14 @@ class LnurlpayController < ApplicationController
      pubkey: Setting.lndhub_public_key,
      customData: [{
        customKey: "696969",
-        customValue: @user.ln_account
+        customValue: @user.lndhub_username
      }]
    }
  end
  # GET /lnurlpay/:username/invoice
  def invoice
-    amount = params[:amount].to_i / 1000 # msats
+    amount = params[:amount].to_i / 1000 # msats to sats
    comment = params[:comment] || ""
    address = @user.address
@ -42,53 +53,109 @@ class LnurlpayController < ApplicationController
      return
    end
-    if !valid_comment?(comment)
+    if params[:nostr].present? && Setting.nostr_enabled?
-      render json: { status: "ERROR", reason: "Comment too long" }
+      handle_zap_request amount, params[:nostr], params[:lnurl]
-      return
+    else
      handle_pay_request address, amount, comment
    end
  end
  private
    def set_cors_access_control_headers
      headers['Access-Control-Allow-Origin'] = "*"
      headers['Access-Control-Allow-Headers'] = "*"
      headers['Access-Control-Allow-Methods'] = "GET"
    end
-    memo = "To #{address}"
+    def check_service_available
-    memo = "#{memo}: \"#{comment}\"" if comment.present?
+      http_status :not_found unless Setting.lndhub_enabled?
    end
-    payment_request = @user.ln_create_invoice({
+    def find_user
-      amount: amount, # we create invoices in sats
+      @user = User.where(cn: params[:username], ou: Setting.primary_domain).first
-      memo: memo,
+      http_status :not_found if @user.nil?
-      description_hash: Digest::SHA2.hexdigest(metadata(address)),
+    end
    })
-    render json: {
+    def metadata(address)
-      status: "OK",
+      "[[\"text/identifier\",\"#{address}\"],[\"text/plain\",\"Sats for #{address}\"]]"
-      successAction: {
+    end
        tag: "message",
        message: "Sats received. Thank you!"
      },
      routes: [],
      pr: payment_request
    }
  end
-  private
+    def valid_amount?(amount_in_sats)
      amount_in_sats <= MAX_SATS && amount_in_sats >= MIN_SATS
    end
-  def find_user
+    def valid_comment?(comment)
-    @user = User.where(cn: params[:username], ou: Setting.primary_domain).first
+      comment.length <= MAX_COMMENT_CHARS
-    http_status :not_found if @user.nil?
+    end
  end
-  def metadata(address)
+    def handle_pay_request(address, amount, comment)
-    "[[\"text/identifier\", \"#{address}\"], [\"text/plain\", \"Send sats, receive thanks.\"]]"
+      if !valid_comment?(comment)
-  end
+        render json: { status: "ERROR", reason: "Comment too long" }
        return
      end
-  def valid_amount?(amount_in_sats)
+      desc = "To #{address}"
-    amount_in_sats <= MAX_SATS && amount_in_sats >= MIN_SATS
+      desc = "#{desc}: \"#{comment}\"" if comment.present?
  end
-  def valid_comment?(comment)
+      invoice = LndhubManager::CreateUserInvoice.call(
-    comment.length <= MAX_COMMENT_CHARS
+        user: @user, payload: {
-  end
+          amount: amount, # sats
          description: desc,
          description_hash: Digest::SHA256.hexdigest(metadata(address)),
        }
      )
-  private
+      render json: {
        status: "OK",
        successAction: {
          tag: "message",
          message: "Sats received. Thank you!"
        },
        routes: [],
        pr: invoice["payment_request"]
      }
    end
-  def check_service_available
+    def nostr_event_from_payload(nostr_param)
-    http_status :not_found unless Setting.lndhub_enabled?
+      event_obj = JSON.parse(nostr_param).transform_keys(&:to_sym)
-  end
+      Nostr::Event.new(**event_obj)
    rescue => e
      return nil
    end
    def valid_zap_request?(amount, event, lnurl)
      NostrManager::VerifyZapRequest.call(
        amount: amount, event: event, lnurl: lnurl
      )
    end
    def handle_zap_request(amount, nostr_param, lnurl_param)
      event = nostr_event_from_payload(nostr_param)
      unless event.present? && valid_zap_request?(amount*1000, event, lnurl_param)
        render json: { status: "ERROR", reason: "Invalid zap request" }
        return
      end
      # TODO might want to use the existing invoice and zap record if there are
      # multiple calls with the same zap request
      desc = "Zap for #{@user.address}"
      desc = "#{desc}: \"#{event.content}\"" if event.content.present?
      invoice = LndhubManager::CreateUserInvoice.call(
        user: @user, payload: {
          amount: amount, # sats
          description: desc,
          description_hash: Digest::SHA256.hexdigest(event.to_json),
        }
      )
      @user.zaps.create! request: event,
                         payment_request: invoice["payment_request"],
                         amount: amount
      render json: { status: "OK", pr: invoice["payment_request"] }
    end
 end
--- a/app/controllers/pages_controller.rb
+++ b/app/controllers/pages_controller.rb
@ -0,0 +1,9 @@
 class PagesController < ApplicationController
  def privacy
    @current_section = :privacy
  end
  def tos
    @current_section = :tos
  end
 end
--- a/app/controllers/services/chat_controller.rb
+++ b/app/controllers/services/chat_controller.rb
@ -3,7 +3,7 @@ class Services::ChatController < Services::BaseController
  before_action :require_service_available
  def show
-    @service_enabled = current_user.services_enabled.include?(:xmpp)
+    @service_enabled = current_user.service_enabled?(:ejabberd)
  end
  private
--- a/app/controllers/services/lightning_controller.rb
+++ b/app/controllers/services/lightning_controller.rb
@ -2,13 +2,14 @@ require "rqrcode"
 require "lnurl"
 class Services::LightningController < ApplicationController
  before_action :authenticate_user!
  before_action :authenticate_with_lndhub
  before_action :set_current_section
-  before_action :fetch_balance
+  before_action :require_service_available
  before_action :authenticate_user!
  before_action :lndhub_authenticate
  before_action :lndhub_fetch_balance
  def index
-    @wallet_setup_url = "lndhub://#{current_user.ln_account}:#{current_user.ln_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
+    @wallet_setup_url = "lndhub://#{current_user.lndhub_username}:#{current_user.lndhub_password}@#{ENV['LNDHUB_PUBLIC_URL']}"
  end
  def transactions
@ -55,32 +56,12 @@ class Services::LightningController < ApplicationController
  private
  def authenticate_with_lndhub(options={})
    if session[:ln_auth_token].present? && !options[:force_reauth]
      @ln_auth_token = session[:ln_auth_token]
    else
      lndhub = Lndhub.new
      auth_token = lndhub.authenticate(current_user)
      session[:ln_auth_token] = auth_token
      @ln_auth_token = auth_token
    end
  rescue => e
    Sentry.capture_exception(e) if Setting.sentry_enabled?
  end
  def set_current_section
    @current_section = :services
  end
-  def fetch_balance
+  def require_service_available
-    lndhub = Lndhub.new
+    http_status :not_found unless Setting.lndhub_enabled?
    data = lndhub.balance @ln_auth_token
    @balance = data["BTC"]["AvailableBalance"] rescue nil
  rescue AuthError
    authenticate_with_lndhub(force_reauth: true)
    raise if @fetch_balance_retried
    @fetch_balance_retried = true
    fetch_balance
  end
  def fetch_transactions
--- a/app/controllers/services/mastodon_controller.rb
+++ b/app/controllers/services/mastodon_controller.rb
@ -3,7 +3,7 @@ class Services::MastodonController < Services::BaseController
  before_action :require_service_available
  def show
-    @service_enabled = current_user.services_enabled.include?(:mastodon)
+    @service_enabled = current_user.service_enabled?(:mastodon)
  end
  private
--- a/app/controllers/services/remotestorage_controller.rb
+++ b/app/controllers/services/remotestorage_controller.rb
@ -5,11 +5,10 @@ class Services::RemotestorageController < Services::BaseController
  # Dashboard
  def show
-    # unless current_user.services_enabled.include?(:remotestorage)
+    # unless current_user.service_enabled?(:remotestorage)
    #   redirect_to service_remotestorage_info_path
    # end
-    @rs_auths = current_user.remote_storage_authorizations
+    # @rs_apps_connected = current_user.remote_storage_authorizations.any?
    # TODO sort by app name
  end
  private
--- a/app/controllers/services/rs_auths_controller.rb
+++ b/app/controllers/services/rs_auths_controller.rb
@ -3,13 +3,18 @@ class Services::RsAuthsController < Services::BaseController
  before_action :require_feature_enabled
  before_action :require_service_available
  # before_action :require_service_enabled
-  before_action :find_rs_auth
+  before_action :find_rs_auth, only: [:destroy, :launch_app]
  def index
    @rs_auths = current_user.remote_storage_authorizations
    # TODO sort by app name?
  end
  def destroy
    @auth.destroy!
    respond_to do |format|
-      format.html do redirect_to services_storage_url, flash: {
+      format.html do redirect_to apps_services_storage_url, flash: {
        success: 'App authorization revoked'
      }
      end
@ -18,7 +23,11 @@ class Services::RsAuthsController < Services::BaseController
  end
  def launch_app
-    launch_url = "#{@auth.launch_url}#remotestorage=#{current_user.address}&access_token=#{@auth.token}"
+    user_address = Rails.env.development? ?
      "#{current_user.cn}@localhost:3000" :
      current_user.address
    launch_url = "#{@auth.launch_url}#remotestorage=#{user_address}"
    redirect_to launch_url, allow_other_host: true
  end
--- a/app/controllers/settings_controller.rb
+++ b/app/controllers/settings_controller.rb
@ -12,15 +12,21 @@ class SettingsController < ApplicationController
  end
  def show
-    if @settings_section == "experiments"
+    case @settings_section
    when "lightning"
      @notifications_enabled = @user.preferences[:lightning_notify_sats_received] != "disabled" ||
                               @user.preferences[:lightning_notify_zap_received] != "disabled"
    when "nostr"
      session[:shared_secret] ||= SecureRandom.base64(12)
    end
  end
  # PUT /settings/:section
  def update
    @user.preferences.merge!(user_params[:preferences] || {})
    @user.display_name = user_params[:display_name]
-    @user.avatar_new = user_params[:avatar]
+    @user.avatar_new   = user_params[:avatar_new]
    @user.pgp_pubkey   = user_params[:pgp_pubkey]
    if @user.save
      if @user.display_name && (@user.display_name != @user.ldap_entry[:display_name])
@ -28,7 +34,16 @@ class SettingsController < ApplicationController
      end
      if @user.avatar_new.present?
-        LdapManager::UpdateAvatar.call(dn: @user.dn, file: @user.avatar_new)
+        if store_user_avatar
          UserManager::UpdateAvatar.call(user: @user)
        else
          @validation_errors = @user.errors
          render :show, status: :unprocessable_entity and return
        end
      end
      if @user.pgp_pubkey && (@user.pgp_pubkey != @user.ldap_entry[:pgp_key])
        UserManager::UpdatePgpKey.call(user: @user)
      end
      redirect_to setting_path(@settings_section), flash: {
@ -40,6 +55,7 @@ class SettingsController < ApplicationController
    end
  end
  # POST /settings/update_email
  def update_email
    if @user.valid_ldap_authentication?(security_params[:current_password])
      if @user.update email: email_params[:email]
@ -57,6 +73,7 @@ class SettingsController < ApplicationController
    end
  end
  # POST /settings/reset_email_password
  def reset_email_password
    @user.current_password = security_params[:current_password]
@ -79,6 +96,7 @@ class SettingsController < ApplicationController
    end
  end
  # POST /settings/reset_password
  def reset_password
    current_user.send_reset_password_instructions
    sign_out current_user
@ -86,41 +104,41 @@ class SettingsController < ApplicationController
    redirect_to check_your_email_path, notice: msg
  end
  # POST /settings/set_nostr_pubkey
  def set_nostr_pubkey
-    signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
+    signed_event = Nostr::Event.new(**nostr_event_from_params)
    is_valid_id  = NostrManager::ValidateId.call(event: signed_event)
    is_valid_sig = NostrManager::VerifySignature.call(event: signed_event)
    is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
-    unless is_valid_id && is_valid_sig && is_correct_content
+    is_valid_sig  = signed_event.verify_signature
    is_valid_auth = NostrManager::VerifyAuth.call(
      event: signed_event,
      challenge: session[:shared_secret]
    )
    unless is_valid_sig && is_valid_auth
      flash[:alert] = "Public key could not be verified"
      http_status :unprocessable_entity and return
    end
-    pubkey_taken = User.all_except(current_user).where(
+    user_with_pubkey = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event.pubkey)
      ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
    ).any?
-    if pubkey_taken
+    if user_with_pubkey.present? && (user_with_pubkey != current_user)
      flash[:alert] = "Public key already in use for a different account"
      http_status :unprocessable_entity and return
    end
-    current_user.update! nostr_pubkey: signed_event[:pubkey]
+    LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: signed_event.pubkey)
    session[:shared_secret] = nil
    flash[:success] = "Public key verification successful"
    http_status :ok
  rescue
    flash[:alert] = "Public key could not be verified"
    http_status :unprocessable_entity and return
  end
  # DELETE /settings/nostr_pubkey
  def remove_nostr_pubkey
-    current_user.update! nostr_pubkey: nil
+    # TODO require current pubkey or password to delete
    LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: nil)
-    redirect_to setting_path(:experiments), flash: {
+    redirect_to setting_path(:nostr), flash: {
      success: 'Public key removed from account'
    }
  end
@ -134,8 +152,8 @@ class SettingsController < ApplicationController
    def set_settings_section
      @settings_section = params[:section]
      allowed_sections = [
-        :profile, :account, :xmpp, :email, :lightning, :remotestorage,
+        :profile, :account, :xmpp, :email,
-        :experiments
+        :lightning, :remotestorage, :nostr
      ]
      unless allowed_sections.include?(@settings_section.to_sym)
@ -148,11 +166,10 @@ class SettingsController < ApplicationController
    end
    def user_params
-      params.require(:user).permit(:display_name, :avatar, preferences: [
+      params.require(:user).permit(
-        :lightning_notify_sats_received,
+        :display_name, :avatar_new, :pgp_pubkey,
-        :remotestorage_notify_auth_created,
+        preferences: UserPreferences.pref_keys
-        :xmpp_exchange_contacts_with_invitees
+      )
      ])
    end
    def email_params
@ -163,12 +180,6 @@ class SettingsController < ApplicationController
      params.require(:user).permit(:current_password)
    end
    def nostr_event_params
      params.permit(signed_event: [
        :id, :pubkey, :created_at, :kind, :tags, :content, :sig
      ])
    end
    def generate_email_password
      characters = [('a'..'z'), ('A'..'Z'), (0..9)].map(&:to_a).flatten
      SecureRandom.random_bytes(16).each_byte.map { |b| characters[b % characters.length] }.join
@ -178,4 +189,30 @@ class SettingsController < ApplicationController
      salt = BCrypt::Engine.generate_salt
      BCrypt::Engine.hash_secret(password, salt)
    end
    def store_user_avatar
      io = @user.avatar_new.tempfile
      img_data = UserManager::ProcessAvatar.call(io: io)
      if img_data.blank?
        @user.errors.add(:avatar, "failed to process file")
        false
      end
      tempfile = Tempfile.create
      tempfile.binmode
      tempfile.write(img_data)
      tempfile.rewind
      hash = Digest::SHA256.hexdigest(img_data)
      ext = @user.avatar_new.content_type == "image/png" ? "png" : "jpg"
      filename = "#{hash}.#{ext}"
      if filename == @user.avatar.filename.to_s
        @user.errors.add(:avatar, "must be a new file/picture")
        false
      else
        key = "users/#{@user.cn}/avatars/#{filename}"
        @user.avatar.attach io: tempfile, key: key, filename: filename
        @user.save
      end
    end
 end
--- a/app/controllers/signup_controller.rb
+++ b/app/controllers/signup_controller.rb
@ -96,7 +96,7 @@ class SignupController < ApplicationController
    session[:new_user] = nil
    session[:validation_error] = nil
-    CreateAccount.call(account: {
+    UserManager::CreateAccount.call(account: {
      username: @user.cn,
      domain: Setting.primary_domain,
      email: @user.email,
--- a/app/controllers/users/sessions_controller.rb
+++ b/app/controllers/users/sessions_controller.rb
@ -0,0 +1,62 @@
 # frozen_string_literal: true
 class Users::SessionsController < Devise::SessionsController
  # before_action :configure_sign_in_params, only: [:create]
  # GET /resource/sign_in
  def new
    session[:shared_secret] = SecureRandom.base64(12)
    super
  end
  # POST /resource/sign_in
  # def create
  #   super
  # end
  # DELETE /resource/sign_out
  # def destroy
  #   super
  # end
  # POST /users/nostr_login
  def nostr_login
    signed_event = Nostr::Event.new(**nostr_event_from_params)
    is_valid_sig  = signed_event.verify_signature
    is_valid_auth = NostrManager::VerifyAuth.call(
      event: signed_event,
      challenge: session[:shared_secret]
    )
    session[:shared_secret] = nil
    unless is_valid_sig && is_valid_auth
      flash[:alert] = "Login verification failed"
      http_status :unauthorized and return
    end
    user = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event.pubkey)
    if user.present?
      set_flash_message!(:notice, :signed_in)
      sign_in("user", user)
      render json: { redirect_url: after_sign_in_path_for(user) }, status: :ok
    else
      flash[:alert] = "Failed to find your account. Nostr login may be disabled."
      http_status :unauthorized
    end
  end
  protected
    def set_flash_message(key, kind, options = {})
      # Hide flash message after redirecting from a signin route while logged in
      super unless key == :alert && kind == "already_authenticated"
    end
  # If you have extra params to permit, append them to the sanitizer.
  # def configure_sign_in_params
  #   devise_parameter_sanitizer.permit(:sign_in, keys: [:attribute])
  # end
 end
--- a/app/controllers/web_key_directory_controller.rb
+++ b/app/controllers/web_key_directory_controller.rb
@ -0,0 +1,43 @@
 class WebKeyDirectoryController < WellKnownController
  before_action :allow_cross_origin_requests
  # /.well-known/openpgpkey/hu/:hashed_username(.txt)?l=username
  def show
    if params[:l].blank?
      # TODO store hashed username in db if existing implementations trigger
      # this a lot
      msg = "WKD request with \"l\" param omitted for hu: #{params[:hashed_username]}"
      Sentry.capture_message(msg) if Setting.sentry_enabled?
      http_status :bad_request and return
    end
    @user = User.find_by(cn: params[:l].downcase)
    if @user.nil? ||
       @user.pgp_pubkey.blank? ||
       !@user.pgp_pubkey_contains_user_address?
      http_status :not_found and return
    end
    if params[:hashed_username] != @user.wkd_hash
      http_status :unprocessable_entity and return
    end
    respond_to do |format|
      format.text do
        response.headers['Content-Type'] = 'text/plain'
        render plain: @user.pgp_pubkey
      end
      format.any do
        key = @user.gnupg_key.export
        send_data key, filename: "#{@user.wkd_hash}.pem",
                       type: "application/octet-stream"
      end
    end
  end
  def policy
    head :ok
  end
 end
--- a/app/controllers/webfinger_controller.rb
+++ b/app/controllers/webfinger_controller.rb
@ -1,20 +1,19 @@
-class WebfingerController < ApplicationController
+class WebfingerController < WellKnownController
  before_action :allow_cross_origin_requests, only: [:show]
  layout false
  def show
    resource = params[:resource]
    if resource && @useraddress = resource.match(/acct:(.+)/)&.[](1)
-      @username, @org = @useraddress.split("@")
+      @username, @domain = @useraddress.split("@")
      unless Rails.env.development?
        # Allow different domains (e.g. localhost:3000) in development only
-        head 404 and return unless @org == Setting.primary_domain
+        head 404 and return unless @domain == Setting.primary_domain
      end
-      unless User.where(cn: @username.downcase, ou: Setting.primary_domain).any?
+      unless @user = User.where(ou: Setting.primary_domain)
                         .find_by(cn: @username.downcase)
        head 404 and return
      end
@ -28,22 +27,74 @@ class WebfingerController < ApplicationController
  private
  def webfinger
-    links = [];
+    jrd = {
      subject: "acct:#{@user.address}",
      aliases: [],
      links: []
    }
-    # TODO check if storage service is enabled for user, not just globally
+    if @user.avatar.attached?
-    links << remotestorage_link if Setting.remotestorage_enabled
+      jrd[:links] += avatar_link
    end
-    { "links" => links }
+    if Setting.mastodon_enabled && @user.service_enabled?(:mastodon)
      # https://docs.joinmastodon.org/spec/webfinger/
      jrd[:aliases] += mastodon_aliases
      jrd[:links] += mastodon_links
    end
    if Setting.remotestorage_enabled && @user.service_enabled?(:remotestorage)
      # https://datatracker.ietf.org/doc/draft-dejong-remotestorage/
      jrd[:links] << remotestorage_link
    end
    jrd
  end
  def avatar_link
    [
      {
        rel: "http://webfinger.net/rel/avatar",
        type: @user.avatar.content_type,
        href: helpers.image_url_for(@user.avatar)
      }
    ]
  end
  def mastodon_aliases
    [
      "#{Setting.mastodon_public_url}/@#{@user.cn}",
      "#{Setting.mastodon_public_url}/users/#{@user.cn}"
    ]
  end
  def mastodon_links
    [
      {
        rel: "http://webfinger.net/rel/profile-page",
        type: "text/html",
        href: "#{Setting.mastodon_public_url}/@#{@user.cn}"
      },
      {
        rel: "self",
        type: "application/activity+json",
        href: "#{Setting.mastodon_public_url}/users/#{@user.cn}"
      },
      {
        rel: "http://ostatus.org/schema/1.0/subscribe",
        template: "#{Setting.mastodon_public_url}/authorize_interaction?uri={uri}"
      }
    ]
  end
  def remotestorage_link
-    auth_url = new_rs_oauth_url(@username)
+    auth_url = new_rs_oauth_url(@username, host: Setting.rs_accounts_domain)
    storage_url = "#{Setting.rs_storage_url}/#{@username}"
    {
-      "rel" => "http://tools.ietf.org/id/draft-dejong-remotestorage",
+      rel: "http://tools.ietf.org/id/draft-dejong-remotestorage",
-      "href" => storage_url,
+      href: storage_url,
-      "properties" => {
+      properties: {
        "http://remotestorage.io/spec/version" => "draft-dejong-remotestorage-13",
        "http://tools.ietf.org/html/rfc6749#section-4.2" => auth_url,
        "http://tools.ietf.org/html/rfc6750#section-2.3" => nil, # access token via a HTTP query parameter
@ -52,10 +103,4 @@ class WebfingerController < ApplicationController
      }
    }
  end
  def allow_cross_origin_requests
    return unless Rails.env.development?
    headers['Access-Control-Allow-Origin'] = "*"
    headers['Access-Control-Allow-Methods'] = "GET"
  end
 end
--- a/app/controllers/webhooks_controller.rb
+++ b/app/controllers/webhooks_controller.rb
@ -2,45 +2,76 @@ class WebhooksController < ApplicationController
  skip_forgery_protection
  before_action :authorize_request
  before_action :process_payload
  def lndhub
-    begin
+    @user = User.find_by!(lndhub_username: @payload[:user_login])
-      payload = JSON.parse(request.body.read, symbolize_names: true)
+
-      head :no_content and return unless payload[:type] == "incoming"
+    if @zap = @user.zaps.find_by(payment_request: @payload[:payment_request])
-    rescue
+      settled_at = Time.parse(@payload[:settled_at])
-      head :unprocessable_entity and return
+      zap_receipt = NostrManager::CreateZapReceipt.call(
        zap: @zap,
        paid_at: settled_at.to_i,
        preimage: @payload[:preimage]
      )
      @zap.update! settled_at: settled_at, receipt: zap_receipt.to_h
      NostrManager::PublishZapReceipt.call(zap: @zap)
    end
-    user = User.find_by!(ln_account: payload[:user_login])
+    send_notifications
    notify = user.preferences[:lightning_notify_sats_received]
    case notify
    when "xmpp"
      notify_xmpp(user.address, payload[:amount], payload[:memo])
    when "email"
      NotificationMailer.with(user: user, amount_sats: payload[:amount])
                        .lightning_sats_received.deliver_later
    end
    head :ok
  end
  private
  # TODO refactor into mailer-like generic class/service
  def notify_xmpp(address, amt_sats, memo)
    payload = {
      type: "normal",
      from: Setting.xmpp_notifications_from_address,
      to: address,
      subject: "Sats received!",
      body: "#{helpers.number_with_delimiter amt_sats} sats received in your Lightning wallet:\n> #{memo}"
    }
    XmppSendMessageJob.perform_later(payload)
  end
  def authorize_request
    if !ENV['WEBHOOKS_ALLOWED_IPS'].split(',').include?(request.remote_ip)
      head :forbidden and return
    end
  end
  def process_payload
    @payload = JSON.parse(request.body.read, symbolize_names: true)
    unless @payload[:type] == "incoming" &&
           @payload[:state] == "settled"
      head :no_content and return
    end
  rescue
    head :unprocessable_entity and return
  end
  def send_notifications
    return if @payload[:amount] < @user.preferences[:lightning_notify_min_sats]
    if @user.preferences[:lightning_notify_only_with_message]
      return if @payload[:memo].blank?
    end
    target = @zap.present? ? @user.preferences[:lightning_notify_zap_received] :
                             @user.preferences[:lightning_notify_sats_received]
    case target
    when "xmpp"
      notify_xmpp
    when "email"
      notify_email
    end
  end
  # TODO refactor into mailer-like generic class/service
  def notify_xmpp
    XmppSendMessageJob.perform_later({
      type: "normal",
      from: Setting.xmpp_notifications_from_address,
      to: @user.address,
      subject: "Sats received!",
      body: "#{helpers.number_with_delimiter @payload[:amount]} sats received in your Lightning wallet:\n> #{@payload[:memo]}"
    })
  end
  def notify_email
    NotificationMailer.with(user: @user, amount_sats: @payload[:amount])
                      .lightning_sats_received.deliver_later
  end
 end
--- a/app/controllers/well_known_controller.rb
+++ b/app/controllers/well_known_controller.rb
@ -1,16 +1,47 @@
 class WellKnownController < ApplicationController
  before_action :require_nostr_enabled, only: [ :nostr ]
  before_action :allow_cross_origin_requests, only: [ :nostr ]
  layout false
  def nostr
    http_status :unprocessable_entity and return if params[:name].blank?
    domain = request.headers["X-Forwarded-Host"].presence || Setting.primary_domain
-    @user = User.where(cn: params[:name], ou: domain).first
+    relay_url = Setting.nostr_relay_url.presence
-    http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
+
    if params[:name] == "_"
      if domain == Setting.primary_domain
        # pubkey for the primary domain without a username (e.g. kosmos.org)
        res = { names: { "_": Setting.nostr_public_key_primary_domain.presence || Setting.nostr_public_key } }
      else
        # pubkey for the akkounts domain without a username (e.g. accounts.kosmos.org)
        res = { names: { "_": Setting.nostr_public_key } }
      end
      res[:relays] = { "_" => [ relay_url ] } if relay_url
    else
      @user = User.where(cn: params[:name], ou: domain).first
      http_status :not_found and return if @user.nil? || @user.nostr_pubkey.blank?
      res = { names: { @user.cn => @user.nostr_pubkey } }
      res[:relays] = { @user.nostr_pubkey => [ relay_url ] } if relay_url
    end
    respond_to do |format|
      format.json do
-        render json: {
+        render json: res.to_json
          names: { "#{@user.cn}": @user.nostr_pubkey }
        }.to_json
      end
    end
  end
  private
    def require_nostr_enabled
      http_status :not_found unless Setting.nostr_enabled?
    end
    def allow_cross_origin_requests
      headers['Access-Control-Allow-Origin'] = "*"
      headers['Access-Control-Allow-Methods'] = "GET"
    end
 end
--- a/app/helpers/application_helper.rb
+++ b/app/helpers/application_helper.rb
@ -1,10 +1,6 @@
 module ApplicationHelper
  include Pagy::Frontend
  def sats_to_btc(sats)
    sats.to_f / 100000000
  end
  def main_nav_class(current_section, link_to_section)
    if current_section == link_to_section
      "bg-gray-900/50 text-white px-3 py-2 rounded-md font-medium text-base md:text-sm block md:inline-block"
@ -18,4 +14,23 @@ module ApplicationHelper
  def badge(text, color)
    tag.span text, class: "inline-flex items-center rounded-full bg-#{color}-100 px-2.5 py-0.5 text-xs font-medium text-#{color}-800"
  end
  def markdown_to_html(string)
    raw Kramdown::Document.new(string, { input: "GFM" }).to_html
  end
  def image_url_for(attachment)
    return s3_image_url(attachment) if Setting.s3_enabled?
    if attachment.record.is_a?(User) && attachment.name == "avatar"
      hash, format = attachment.blob.filename.to_s.split(".", 2)
      user_avatar_url(
        username: attachment.record.cn,
        hash: hash,
        format: format
      )
    else
      Rails.application.routes.url_helpers.rails_blob_path(attachment, only_path: true)
    end
  end
 end
--- a/app/helpers/btcpay_helper.rb
+++ b/app/helpers/btcpay_helper.rb
@ -0,0 +1,7 @@
 module BtcpayHelper
  def btcpay_checkout_url(invoice_id)
    "#{Setting.btcpay_public_url}/i/#{invoice_id}"
  end
 end
--- a/app/helpers/dashboard_helper.rb
+++ b/app/helpers/dashboard_helper.rb
@ -1,2 +0,0 @@
 module DashboardHelper
 end
--- a/app/helpers/donations_helper.rb
+++ b/app/helpers/donations_helper.rb
@ -1,2 +0,0 @@
 module DonationsHelper
 end
--- a/app/helpers/invitations_helper.rb
+++ b/app/helpers/invitations_helper.rb
@ -1,2 +0,0 @@
 module InvitationsHelper
 end
--- a/app/helpers/lnurlpay_helper.rb
+++ b/app/helpers/lnurlpay_helper.rb
@ -1,2 +0,0 @@
 module LnurlpayHelper
 end
--- a/app/helpers/services_helper.rb
+++ b/app/helpers/services_helper.rb
@ -0,0 +1,12 @@
 module ServicesHelper
  def service_human_name(key, category = :external)
    SERVICES[category][key][:name] || key.to_s
  end
  def service_display_name(key, category = :external)
    SERVICES[category][key][:display_name] ||
    service_human_name(key, category)
  end
 end
--- a/app/helpers/settings_helper.rb
+++ b/app/helpers/settings_helper.rb
@ -1,2 +0,0 @@
 module SettingsHelper
 end
--- a/app/helpers/signup_helper.rb
+++ b/app/helpers/signup_helper.rb
@ -1,2 +0,0 @@
 module SignupHelper
 end
--- a/app/helpers/users_helper.rb
+++ b/app/helpers/users_helper.rb
@ -1,2 +0,0 @@
 module UsersHelper
 end
--- a/app/helpers/wallet_helper.rb
+++ b/app/helpers/wallet_helper.rb
@ -1,2 +0,0 @@
 module WalletHelper
 end
--- a/app/helpers/welcome_helper.rb
+++ b/app/helpers/welcome_helper.rb
@ -1,2 +0,0 @@
 module WelcomeHelper
 end
--- a/app/javascript/controllers/nostr_login_controller.js
+++ b/app/javascript/controllers/nostr_login_controller.js
@ -0,0 +1,53 @@
 import { Controller } from "@hotwired/stimulus"
 // Connects to data-controller="nostr-login"
 export default class extends Controller {
  static targets = [ "loginForm", "loginButton" ]
  static values  = { site: String, sharedSecret: String }
  connect() {
    if (window.nostr) {
      this.loginButtonTarget.disabled = false
      this.loginFormTarget.classList.remove("hidden")
    }
  }
  async login () {
    this.loginButtonTarget.disabled = true
    try {
      // Auth based on NIP-42
      const signedEvent = await window.nostr.signEvent({
        created_at: Math.floor(Date.now() / 1000),
        kind: 22242,
        tags: [
          ["site", this.siteValue],
          ["challenge", this.sharedSecretValue]
        ],
        content: ""
      })
      const res = await fetch("/users/nostr_login", {
        method: "POST", credentials: "include", headers: {
          "Accept": "application/json", 'Content-Type': 'application/json',
          "X-CSRF-Token": this.csrfToken
        }, body: JSON.stringify({ signed_event: signedEvent })
      })
      if (res.status === 200) {
        res.json().then(r => { window.location.href = r.redirect_url })
      } else {
        window.location.reload()
      }
    } catch (error) {
      console.warn('Unable to authenticate:', error.message)
    } finally {
      this.loginButtonTarget.disabled = false
    }
  }
  get csrfToken () {
    const element = document.head.querySelector('meta[name="csrf-token"]')
    return element.getAttribute("content")
  }
 }
--- a/app/javascript/controllers/settings/nostr_pubkey_controller.js
+++ b/app/javascript/controllers/settings/nostr_pubkey_controller.js
@ -3,7 +3,12 @@ import { Controller } from "@hotwired/stimulus"
 // Connects to data-controller="settings--nostr-pubkey"
 export default class extends Controller {
  static targets = [ "noExtension", "setPubkey", "pubkeyBech32Input" ]
-  static values  = { userAddress: String, pubkeyHex: String, sharedSecret: String }
+  static values  = {
    userAddress: String,
    pubkeyHex: String,
    site: String,
    sharedSecret: String
  }
  connect () {
    if (window.nostr) {
@ -19,11 +24,15 @@ export default class extends Controller {
    this.setPubkeyTarget.disabled = true
    try {
      // Auth based on NIP-42
      const signedEvent = await window.nostr.signEvent({
        created_at: Math.floor(Date.now() / 1000),
-        kind: 1,
+        kind: 22242,
-        tags: [],
+        tags: [
-        content: `Connect my public key to ${this.userAddressValue} (confirmation ${this.sharedSecretValue})`
+          ["site", this.siteValue],
          ["challenge", this.sharedSecretValue]
        ],
        content: ""
      })
      const res = await fetch("/settings/set_nostr_pubkey", {
--- a/app/jobs/btcpay_check_donation_job.rb
+++ b/app/jobs/btcpay_check_donation_job.rb
@ -0,0 +1,26 @@
 class BtcpayCheckDonationJob < ApplicationJob
  queue_as :default
  def perform(donation)
    return if donation.completed?
    invoice = BtcpayManager::FetchInvoice.call(
      invoice_id: donation.btcpay_invoice_id
    )
    case invoice["status"]
    when "Settled"
      donation.complete!
      NotificationMailer.with(user: donation.user)
                        .bitcoin_donation_confirmed
                        .deliver_later
    when "Processing"
      re_enqueue_job(donation)
    end
  end
  def re_enqueue_job(donation)
    self.class.set(wait: 20.seconds).perform_later(donation)
  end
 end
--- a/app/jobs/create_ldap_user_job.rb
+++ b/app/jobs/create_ldap_user_job.rb
@ -1,10 +1,10 @@
 class CreateLdapUserJob < ApplicationJob
  queue_as :default
-  def perform(username, domain, email, hashed_pw)
+  def perform(username:, domain:, email:, hashed_pw:, confirmed: false)
    dn = "cn=#{username},ou=#{domain},cn=users,dc=kosmos,dc=org"
    attr = {
-      objectclass: ["top", "account", "person", "extensibleObject"],
+      objectclass: ["top", "account", "person", "inetOrgPerson", "extensibleObject"],
      cn: username,
      sn: username,
      uid: username,
@ -12,6 +12,10 @@ class CreateLdapUserJob < ApplicationJob
      userPassword: hashed_pw
    }
    if confirmed
      attr[:serviceEnabled] = Setting.default_services
    end
    ldap_client.add(dn: dn, attributes: attr)
  end
--- a/app/jobs/create_lndhub_account_job.rb
+++ b/app/jobs/create_lndhub_account_job.rb
@ -2,12 +2,12 @@ class CreateLndhubAccountJob < ApplicationJob
  queue_as :default
  def perform(user)
-    return if user.ln_account.present? && user.ln_password.present?
+    return if user.lndhub_username.present? && user.lndhub_password.present?
    lndhub = LndhubV2.new
    credentials = lndhub.create_account
-    user.update! ln_account: credentials["login"],
+    user.update! lndhub_username: credentials["login"],
-                 ln_password: credentials["password"]
+                 lndhub_password: credentials["password"]
  end
 end
--- a/app/jobs/nostr_publish_event_job.rb
+++ b/app/jobs/nostr_publish_event_job.rb
@ -0,0 +1,7 @@
 class NostrPublishEventJob < ApplicationJob
  queue_as :nostr
  def perform(event:, relay_url:)
    NostrManager::PublishEvent.call(event: event, relay_url: relay_url)
  end
 end
--- a/app/jobs/remote_storage_expire_authorization_job.rb
+++ b/app/jobs/remote_storage_expire_authorization_job.rb
@ -3,8 +3,6 @@ class RemoteStorageExpireAuthorizationJob < ApplicationJob
  def perform(rs_auth_id)
    rs_auth = RemoteStorageAuthorization.find rs_auth_id
    return unless rs_auth.expire_at.nil? || rs_auth.expire_at <= DateTime.now
    rs_auth.destroy!
  end
 end
--- a/app/jobs/xmpp_exchange_contacts_job.rb
+++ b/app/jobs/xmpp_exchange_contacts_job.rb
@ -2,21 +2,6 @@ class XmppExchangeContactsJob < ApplicationJob
  queue_as :default
  def perform(inviter, invitee)
-    return unless inviter.services_enabled.include?("xmpp") &&
+    EjabberdManager::ExchangeContacts.call(inviter:, invitee:)
                  invitee.services_enabled.include?("xmpp") &&
                  inviter.preferences[:xmpp_exchange_contacts_with_invitees]
    ejabberd = EjabberdApiClient.new
    ejabberd.add_rosteritem({
      "localuser": invitee.cn, "localhost": invitee.ou,
      "user": inviter.cn, "host": inviter.ou,
      "nick": inviter.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
    })
    ejabberd.add_rosteritem({
      "localuser": inviter.cn, "localhost": inviter.ou,
      "user": invitee.cn, "host": invitee.ou,
      "nick": invitee.cn, "group": Setting.ejabberd_buddy_roster, "subs": "both"
    })
  end
 end
--- a/app/jobs/xmpp_send_message_job.rb
+++ b/app/jobs/xmpp_send_message_job.rb
@ -2,7 +2,6 @@ class XmppSendMessageJob < ApplicationJob
  queue_as :default
  def perform(payload)
-    ejabberd = EjabberdApiClient.new
+    EjabberdManager::SendMessage.call(payload:)
    ejabberd.send_message payload
  end
 end
--- a/app/jobs/xmpp_set_avatar_job.rb
+++ b/app/jobs/xmpp_set_avatar_job.rb
@ -0,0 +1,7 @@
 class XmppSetAvatarJob < ApplicationJob
  queue_as :default
  def perform(user:, overwrite: false)
    EjabberdManager::SetAvatar.call(user:, overwrite:)
  end
 end
--- a/app/jobs/xmpp_set_default_bookmarks_job.rb
+++ b/app/jobs/xmpp_set_default_bookmarks_job.rb
@ -2,25 +2,6 @@ class XmppSetDefaultBookmarksJob < ApplicationJob
  queue_as :default
  def perform(user)
-    return unless Setting.xmpp_default_rooms.any?
+    EjabberdManager::SetDefaultBookmarks.call(user:)
    @user = user
    ejabberd = EjabberdApiClient.new
    ejabberd.private_set user, storage_content
  end
  def storage_content
    bookmarks = ""
    Setting.xmpp_default_rooms.each do |r|
      bookmarks << conference_element(
        jid: r[/<(.+)>/, 1], name: r[/^(.+)\s/, 1], nick: @user.cn,
        autojoin: Setting.xmpp_autojoin_default_rooms
      )
    end
    "<storage xmlns='storage:bookmarks'>#{bookmarks}</storage>"
  end
  def conference_element(jid:, name:, autojoin: false, nick:)
    "<conference jid='#{jid}' name='#{name}' autojoin='#{autojoin.to_s}'><nick>#{nick}</nick></conference>"
  end
 end
--- a/app/mailers/application_mailer.rb
+++ b/app/mailers/application_mailer.rb
@ -1,3 +1,90 @@
 class ApplicationMailer < ActionMailer::Base
  default Rails.application.config.action_mailer.default_options
  layout 'mailer'
  private
    def send_mail
      @template ||= "#{self.class.name.underscore}/#{caller[0][/`([^']*)'/, 1]}"
      headers['Message-ID'] = message_id
      if @user.pgp_pubkey.present?
        mail(to: @user.email, subject: "...", content_type: pgp_content_type) do |format|
          format.text { render plain: pgp_content }
        end
      else
        mail(to: @user.email, subject: @subject) do |format|
          format.text { render @template }
        end
      end
    end
    def from_address
      self.class.default[:from]
    end
    def from_domain
      Mail::Address.new(from_address).domain
    end
    def message_id
      @message_id ||= "#{SecureRandom.uuid}@#{from_domain}"
    end
    def boundary
      @boundary ||= SecureRandom.hex(8)
    end
    def pgp_content_type
      "multipart/encrypted; protocol=\"application/pgp-encrypted\"; boundary=\"------------#{boundary}\""
    end
    def pgp_nested_content
      message_content = render_to_string(template: @template)
      message_content_base64 = Base64.encode64(message_content)
      nested_boundary = SecureRandom.hex(8)
      <<~NESTED_CONTENT
        Content-Type: multipart/mixed; boundary="------------#{nested_boundary}"; protected-headers="v1"
        Subject: #{@subject}
        From: <#{from_address}>
        To: #{@user.display_name || @user.cn} <#{@user.email}>
        Message-ID: <#{message_id}>
        --------------#{nested_boundary}
        Content-Type: text/plain; charset=UTF-8; format=flowed
        Content-Transfer-Encoding: base64
        #{message_content_base64}
        --------------#{nested_boundary}--
      NESTED_CONTENT
    end
    def pgp_content
      encrypted_content = UserManager::PgpEncrypt.call(user: @user, text: pgp_nested_content)
      encrypted_base64 = Base64.encode64(encrypted_content.to_s)
      <<~EMAIL_CONTENT
        This is an OpenPGP/MIME encrypted message (RFC 4880 and 3156)
        --------------#{boundary}
        Content-Type: application/pgp-encrypted
        Content-Description: PGP/MIME version identification
        Version: 1
        --------------#{boundary}
        Content-Type: application/octet-stream; name="encrypted.asc"
        Content-Description: OpenPGP encrypted message
        Content-Disposition: inline; filename="encrypted.asc"
        -----BEGIN PGP MESSAGE-----
        #{encrypted_base64}
        -----END PGP MESSAGE-----
        --------------#{boundary}--
      EMAIL_CONTENT
    end
 end
--- a/app/mailers/custom_mailer.rb
+++ b/app/mailers/custom_mailer.rb
@ -18,6 +18,6 @@ class CustomMailer < ApplicationMailer
    @user = params[:user]
    @subject = params[:subject]
    @body = params[:body]
-    mail(to: @user.email, subject: @subject)
+    send_mail
  end
 end
--- a/app/mailers/notification_mailer.rb
+++ b/app/mailers/notification_mailer.rb
@ -3,7 +3,7 @@ class NotificationMailer < ApplicationMailer
    @user = params[:user]
    @amount_sats = params[:amount_sats]
    @subject = "Sats received"
-    mail to: @user.email, subject: @subject
+    send_mail
  end
  def remotestorage_auth_created
@ -15,12 +15,19 @@ class NotificationMailer < ApplicationMailer
      "#{access} #{directory}"
    end
    @subject = "New app connected to your storage"
-    mail to: @user.email, subject: @subject
+    send_mail
  end
  def new_invitations_available
    @user = params[:user]
    @subject = "New invitations added to your account"
-    mail to: @user.email, subject: @subject
+    send_mail
  end
  def bitcoin_donation_confirmed
    @user = params[:user]
    @donation = params[:donation]
    @subject = "Donation confirmed"
    send_mail
  end
 end
--- a/app/models/concerns/settings/btcpay_settings.rb
+++ b/app/models/concerns/settings/btcpay_settings.rb
@ -0,0 +1,24 @@
 module Settings
  module BtcpaySettings
    extend ActiveSupport::Concern
    included do
      field :btcpay_api_url, type: :string,
        default: ENV["BTCPAY_API_URL"].presence
      field :btcpay_enabled, type: :boolean,
        default: ENV["BTCPAY_API_URL"].present?
      field :btcpay_public_url, type: :string,
        default: ENV["BTCPAY_PUBLIC_URL"].presence
      field :btcpay_store_id, type: :string,
        default: ENV["BTCPAY_STORE_ID"].presence
      field :btcpay_auth_token, type: :string,
        default: ENV["BTCPAY_AUTH_TOKEN"].presence
      field :btcpay_publish_wallet_balances, type: :boolean, default: true
    end
  end
 end
--- a/app/models/concerns/settings/discourse_settings.rb
+++ b/app/models/concerns/settings/discourse_settings.rb
@ -0,0 +1,16 @@
 module Settings
  module DiscourseSettings
    extend ActiveSupport::Concern
    included do
      field :discourse_public_url, type: :string,
        default: ENV["DISCOURSE_PUBLIC_URL"].presence
      field :discourse_enabled, type: :boolean,
        default: ENV["DISCOURSE_PUBLIC_URL"].present?
      field :discourse_connect_secret, type: :string,
        default: ENV["DISCOURSE_CONNECT_SECRET"].presence
    end
  end
 end
--- a/app/models/concerns/settings/drone_ci_settings.rb
+++ b/app/models/concerns/settings/drone_ci_settings.rb
@ -0,0 +1,13 @@
 module Settings
  module DroneCiSettings
    extend ActiveSupport::Concern
    included do
      field :droneci_public_url, type: :string,
        default: ENV["DRONECI_PUBLIC_URL"].presence
      field :droneci_enabled, type: :boolean,
        default: ENV["DRONECI_PUBLIC_URL"].present?
    end
  end
 end
--- a/app/models/concerns/settings/ejabberd_settings.rb
+++ b/app/models/concerns/settings/ejabberd_settings.rb
@ -0,0 +1,19 @@
 module Settings
  module EjabberdSettings
    extend ActiveSupport::Concern
    included do
      field :ejabberd_enabled, type: :boolean,
        default: ENV["EJABBERD_API_URL"].present?
      field :ejabberd_api_url, type: :string,
        default: ENV["EJABBERD_API_URL"].presence
      field :ejabberd_admin_url, type: :string,
        default: ENV["EJABBERD_ADMIN_URL"].presence
      field :ejabberd_buddy_roster, type: :string,
        default: "Buddies"
    end
  end
 end
--- a/app/models/concerns/settings/email_settings.rb
+++ b/app/models/concerns/settings/email_settings.rb
@ -0,0 +1,28 @@
 module Settings
  module EmailSettings
    extend ActiveSupport::Concern
    included do
      field :email_enabled, type: :boolean,
        default: ENV["EMAIL_SMTP_HOST"].present?
      # field :email_smtp_host, type: :string,
      #   default: ENV["EMAIL_SMTP_HOST"].presence
      #
      # field :email_smtp_port, type: :string,
      #   default: ENV["EMAIL_SMTP_PORT"].presence || 587
      #
      # field :email_smtp_enable_starttls, type: :string,
      #   default: ENV["EMAIL_SMTP_PORT"].presence || true
      #
      # field :email_auth_method, type: :string,
      #   default: ENV["EMAIL_AUTH_METHOD"].presence || "plain"
      #
      # field :email_imap_host, type: :string,
      #   default: ENV["EMAIL_IMAP_HOST"].presence
      #
      # field :email_imap_port, type: :string,
      #   default: ENV["EMAIL_IMAP_PORT"].presence || 993
    end
  end
 end
--- a/app/models/concerns/settings/general_settings.rb
+++ b/app/models/concerns/settings/general_settings.rb
@ -0,0 +1,34 @@
 module Settings
  module GeneralSettings
    extend ActiveSupport::Concern
    included do
      field :primary_domain, type: :string,
        default: ENV["PRIMARY_DOMAIN"].presence
      field :accounts_domain, type: :string,
        default: ENV["AKKOUNTS_DOMAIN"].presence
      #
      # Internal services
      #
      field :redis_url, type: :string,
        default: ENV["REDIS_URL"] || "redis://localhost:6379/0"
      field :s3_enabled, type: :boolean,
        default: ENV["S3_ENABLED"] && ENV["S3_ENABLED"].to_s != "false"
      field :sentry_enabled, type: :boolean, readonly: true,
        default: ENV["SENTRY_DSN"].present?
      #
      # Registrations
      #
      field :reserved_usernames, type: :array, default: %w[
        account accounts donations mail webmaster support
      ]
    end
  end
 end
--- a/app/models/concerns/settings/gitea_settings.rb
+++ b/app/models/concerns/settings/gitea_settings.rb
@ -0,0 +1,13 @@
 module Settings
  module GiteaSettings
    extend ActiveSupport::Concern
    included do
      field :gitea_public_url, type: :string,
        default: ENV["GITEA_PUBLIC_URL"].presence
      field :gitea_enabled, type: :boolean,
        default: ENV["GITEA_PUBLIC_URL"].present?
    end
  end
 end
--- a/app/models/concerns/settings/lightning_network_settings.rb
+++ b/app/models/concerns/settings/lightning_network_settings.rb
@ -0,0 +1,25 @@
 module Settings
  module LightningNetworkSettings
    extend ActiveSupport::Concern
    included do
      field :lndhub_api_url, type: :string,
        default: ENV["LNDHUB_API_URL"].presence
      field :lndhub_enabled, type: :boolean,
        default: ENV["LNDHUB_API_URL"].present?
      field :lndhub_admin_token, type: :string,
        default: ENV["LNDHUB_ADMIN_TOKEN"].presence
      field :lndhub_admin_enabled, type: :boolean,
        default: ENV["LNDHUB_ADMIN_UI"] || false
      field :lndhub_public_key, type: :string,
        default: (ENV["LNDHUB_PUBLIC_KEY"] || "")
      field :lndhub_keysend_enabled, type: :boolean,
        default: -> { self.lndhub_public_key.present? }
    end
  end
 end
--- a/app/models/concerns/settings/mastodon_settings.rb
+++ b/app/models/concerns/settings/mastodon_settings.rb
@ -0,0 +1,19 @@
 module Settings
  module MastodonSettings
    extend ActiveSupport::Concern
    included do
      field :mastodon_public_url, type: :string,
        default: ENV["MASTODON_PUBLIC_URL"].presence
      field :mastodon_enabled, type: :boolean,
        default: ENV["MASTODON_PUBLIC_URL"].present?
      field :mastodon_address_domain, type: :string,
        default: ENV["MASTODON_ADDRESS_DOMAIN"].presence || self.primary_domain
      field :mastodon_auth_token, type: :string,
        default: ENV["MASTODON_AUTH_TOKEN"].presence
    end
  end
 end
--- a/app/models/concerns/settings/media_wiki_settings.rb
+++ b/app/models/concerns/settings/media_wiki_settings.rb
@ -0,0 +1,13 @@
 module Settings
  module MediaWikiSettings
    extend ActiveSupport::Concern
    included do
      field :mediawiki_public_url, type: :string,
        default: ENV["MEDIAWIKI_PUBLIC_URL"].presence
      field :mediawiki_enabled, type: :boolean,
        default: ENV["MEDIAWIKI_PUBLIC_URL"].present?
    end
  end
 end
--- a/app/models/concerns/settings/membership_settings.rb
+++ b/app/models/concerns/settings/membership_settings.rb
@ -0,0 +1,18 @@
 module Settings
  module MembershipSettings
    extend ActiveSupport::Concern
    included do
      field :member_status_contributor, type: :string,
        default: "Contributor"
      field :member_status_sustainer, type: :string,
        default: "Sustainer"
      # Admin panel
      field :user_index_show_contributors, type: :boolean,
        default: false
      field :user_index_show_sustainers, type: :boolean,
        default: false
    end
  end
 end
--- a/app/models/concerns/settings/nostr_settings.rb
+++ b/app/models/concerns/settings/nostr_settings.rb
@ -0,0 +1,25 @@
 module Settings
  module NostrSettings
    extend ActiveSupport::Concern
    included do
      field :nostr_enabled, type: :boolean,
        default: ENV["NOSTR_PRIVATE_KEY"].present?
      field :nostr_private_key, type: :string,
        default: ENV["NOSTR_PRIVATE_KEY"].presence
      field :nostr_public_key, type: :string,
        default: ENV["NOSTR_PUBLIC_KEY"].presence
      field :nostr_public_key_primary_domain, type: :string,
        default: ENV["NOSTR_PUBLIC_KEY_PRIMARY_DOMAIN"].presence
      field :nostr_relay_url, type: :string,
        default: ENV["NOSTR_RELAY_URL"].presence
      field :nostr_zaps_relay_limit, type: :integer,
        default: 12
    end
  end
 end
--- a/app/models/concerns/settings/open_collective_settings.rb
+++ b/app/models/concerns/settings/open_collective_settings.rb
@ -0,0 +1,9 @@
 module Settings
  module OpenCollectiveSettings
    extend ActiveSupport::Concern
    included do
      field :opencollective_enabled, type: :boolean, default: true
    end
  end
 end
--- a/Show More
+++ b/Show More