diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-12 21:32:38 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-12 21:33:15 +0000 |
| commit | 70c577f10bbe150b6b13bec545dc8720ad005a64 (patch) | |
| tree | 4f390cd523248db007ecb4335a61598b930ccad9 /nix | |
| parent | 1948312d40f34fca868d1ef6d6d94e165c09738c (diff) | |
feat(config): add repository blacklist to block specific repos/npubs/identifiers
Adds NGIT_REPOSITORY_BLACKLIST option for blocking repositories, taking precedence
over all whitelists (archive and repository) to enable moderation without affecting
curation policy.
Key features:
- Three blacklist formats: <npub>, <npub>/<identifier>, <identifier>
- Blacklist checked first before any other validation
- Overrides archive whitelist and repository whitelist
- Specific rejection reasons based on match type (npub/identifier/both)
- Not flagged in NIP-11 curation (operational, not policy)
Implementation:
- Add BlacklistConfig struct with check() method returning detailed reasons
- Add NGIT_REPOSITORY_BLACKLIST config option and blacklist_config() method
- Update validate_announcement() to check blacklist first with specific reasons
- 12 new unit tests covering all blacklist behavior and precedence
Configuration synced across all four sources:
- src/config.rs: Core implementation with BlacklistConfig
- .env.example: Comprehensive documentation with examples
- docs/reference/configuration.md: Complete reference documentation
- nix/module.nix: NixOS module option with environment mapping
Testing:
- 12 new tests for blacklist functionality (config + validation)
- All 332 library tests passing
- All 38 integration tests passing
Use cases:
- Block spam/malware repos by identifier
- Block abusive users by npub
- Block specific problematic repos by npub/identifier
- Temporary blocks for investigation
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/module.nix | 14 |
1 files changed, 14 insertions, 0 deletions
diff --git a/nix/module.nix b/nix/module.nix index d5dfd88..cfac0fc 100644 --- a/nix/module.nix +++ b/nix/module.nix | |||
| @@ -224,6 +224,19 @@ let | |||
| 224 | ''; | 224 | ''; |
| 225 | }; | 225 | }; |
| 226 | 226 | ||
| 227 | repositoryBlacklist = mkOption { | ||
| 228 | type = types.listOf types.str; | ||
| 229 | default = [ ]; | ||
| 230 | example = [ "npub1spam..." "npub1alice.../bad-repo" "malware" ]; | ||
| 231 | description = '' | ||
| 232 | Repository blacklist for blocking specific repositories/pubkeys/identifiers. | ||
| 233 | Blacklist takes precedence over ALL whitelists (archive and repository). | ||
| 234 | Formats: <npub>, <npub>/<identifier>, <identifier> | ||
| 235 | Blacklisted repos are rejected with specific reasons (npub/identifier/both). | ||
| 236 | Does not affect NIP-11 curation field (operational, not curation policy). | ||
| 237 | ''; | ||
| 238 | }; | ||
| 239 | |||
| 227 | user = mkOption { | 240 | user = mkOption { |
| 228 | type = types.str; | 241 | type = types.str; |
| 229 | default = "ngit-grasp-${name}"; | 242 | default = "ngit-grasp-${name}"; |
| @@ -267,6 +280,7 @@ let | |||
| 267 | NGIT_ARCHIVE_ALL = toString cfg.archiveAll; | 280 | NGIT_ARCHIVE_ALL = toString cfg.archiveAll; |
| 268 | NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist; | 281 | NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist; |
| 269 | NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist; | 282 | NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist; |
| 283 | NGIT_REPOSITORY_BLACKLIST = concatStringsSep "," cfg.repositoryBlacklist; | ||
| 270 | RUST_LOG = cfg.logLevel; | 284 | RUST_LOG = cfg.logLevel; |
| 271 | } // optionalAttrs (cfg.relayName != null) { | 285 | } // optionalAttrs (cfg.relayName != null) { |
| 272 | NGIT_RELAY_NAME = cfg.relayName; | 286 | NGIT_RELAY_NAME = cfg.relayName; |