diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-12 20:30:13 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-12 20:30:13 +0000 |
| commit | a12927181c571fc1641772ad44dd4c6a4ab209d9 (patch) | |
| tree | d7cb99fa87606e9fb13d91305cda8a0f919e6528 /nix | |
| parent | c29191b1e1239e931c575a926ec9480e594476d6 (diff) | |
feat(grasp-05): add read-only mode with auto-enable for archive configs
Implements NGIT_ARCHIVE_READ_ONLY configuration option that defaults to true
when archive mode is enabled, allowing relays to operate as read-only syncs
of archived repositories.
Key changes:
- Add NGIT_ARCHIVE_READ_ONLY config option (defaults to true if archive enabled)
- NIP-11 advertises GRASP-05 support and includes curation field when read-only
- Validation logic rejects non-whitelisted repos in read-only mode
- Comprehensive tests for read-only behavior and defaults
- Full documentation in config reference, .env.example, and NixOS module
Read-only mode enables passive mirroring without being listed in announcements,
useful for backup/archive operations while preventing accidental write acceptance.
Diffstat (limited to 'nix')
| -rw-r--r-- | nix/module.nix | 16 |
1 files changed, 16 insertions, 0 deletions
diff --git a/nix/module.nix b/nix/module.nix index f82f069..516fb04 100644 --- a/nix/module.nix +++ b/nix/module.nix | |||
| @@ -196,6 +196,20 @@ let | |||
| 196 | ''; | 196 | ''; |
| 197 | }; | 197 | }; |
| 198 | 198 | ||
| 199 | archiveReadOnly = mkOption { | ||
| 200 | type = types.nullOr types.bool; | ||
| 201 | default = null; | ||
| 202 | description = '' | ||
| 203 | Archive read-only mode (relay is read-only sync of archived repositories). | ||
| 204 | When true: | ||
| 205 | - NIP-11 includes GRASP-05 in supported_grasps | ||
| 206 | - NIP-11 curation field describes archive scope | ||
| 207 | - Repository announcements not listing this service are accepted per whitelist/archive-all | ||
| 208 | Default: true if archiveAll or archiveWhitelist is set, false otherwise | ||
| 209 | Note: Setting to true without archive config causes startup error | ||
| 210 | ''; | ||
| 211 | }; | ||
| 212 | |||
| 199 | user = mkOption { | 213 | user = mkOption { |
| 200 | type = types.str; | 214 | type = types.str; |
| 201 | default = "ngit-grasp-${name}"; | 215 | default = "ngit-grasp-${name}"; |
| @@ -241,6 +255,8 @@ let | |||
| 241 | RUST_LOG = cfg.logLevel; | 255 | RUST_LOG = cfg.logLevel; |
| 242 | } // optionalAttrs (cfg.relayName != null) { | 256 | } // optionalAttrs (cfg.relayName != null) { |
| 243 | NGIT_RELAY_NAME = cfg.relayName; | 257 | NGIT_RELAY_NAME = cfg.relayName; |
| 258 | } // optionalAttrs (cfg.archiveReadOnly != null) { | ||
| 259 | NGIT_ARCHIVE_READ_ONLY = toString cfg.archiveReadOnly; | ||
| 244 | } // optionalAttrs cfg.metricsEnabled { NGIT_METRICS_ENABLED = "true"; } | 260 | } // optionalAttrs cfg.metricsEnabled { NGIT_METRICS_ENABLED = "true"; } |
| 245 | // optionalAttrs (cfg.syncBootstrapRelayUrl != null) { | 261 | // optionalAttrs (cfg.syncBootstrapRelayUrl != null) { |
| 246 | NGIT_SYNC_BOOTSTRAP_RELAY_URL = cfg.syncBootstrapRelayUrl; | 262 | NGIT_SYNC_BOOTSTRAP_RELAY_URL = cfg.syncBootstrapRelayUrl; |