from upstream MR https://gitlab.com/famedly/conduit/-/merge_requests/347
with the following changes (so far):
- remove hardcoded list of allowed hosts (strongly disagree with this,
even if it is desired, it should not be harcoded)
- add more allow config options for granularity via URL contains,
host contains, and domain is (explicit match) for security
- warn if a user is allowing all URLs to be previewed for security reasons
- replace an expect with proper error handling
- bump webpage to 2.0
- improved code style a tad
Co-authored-by: rooot <hey@rooot.gay>
Signed-off-by: rooot <hey@rooot.gay>
Signed-off-by: strawberry <strawberry@puppygock.gay>
This uses flakes-compat to read the `flake.nix` and expose it
to non-flake users.
Signed-off-by: Raito Bezarius <masterancpp@gmail.com>
Signed-off-by: strawberry <strawberry@puppygock.gay>
`IndexMap::remove` was deprecated in favor of explicitly named methods.
I assume that we actually needed to be using `shift_remove`, otherwise
we probably wouldn't be bothering with `indexmap` here in the first
place. I wonder if this fixes any bugs lol
from: https://gitlab.com/famedly/conduit/-/merge_requests/580
Signed-off-by: strawberry <strawberry@puppygock.gay>
This fixes a bug where the aarch64 OCI image had metadata saying it was
an x86_64 OCI image. On top of that, I think the metadata was actually
right (aside from Conduit's binary): since all other packages were being
pulled from `pkgsHost`, an OCI image cross compiled for aarch64 from a
different architecture would result in unexecutable binaries (e.g. tini)
since they were compiled for the completely wrong architecture.
from: https://gitlab.com/famedly/conduit/-/merge_requests/579
Signed-off-by: strawberry <strawberry@puppygock.gay>
Thanks to the crane maintainer to fixing my issue in a way that doesn't
suck, unlike my attempt in the fork we were briefly using.
from: https://gitlab.com/famedly/conduit/-/merge_requests/576
Signed-off-by: strawberry <strawberry@puppygock.gay>
Well, kinda. It crashed on me after 10 minutes because the tests timed
out like in <https://github.com/matrix-org/complement/issues/394>.
Sounds like this means it's a them problem though.
I want to use Nix to build this image instead in the future but this
will at least make it work for now and give me a reference for while I'm
porting it. I also want to make Conduit natively understand Complement's
requirements instead of `sed`ing a bunch of stuff and needing a reverse
proxy in the container. Should be more reliable that way.
I'm not making this run in CI until the above stuff is addressed and
until I can decide on a way to pin the revision of Complement being
tested against.
from: https://gitlab.com/famedly/conduit/-/merge_requests/575
Signed-off-by: strawberry <strawberry@puppygock.gay>
Without this, checking the authority of TLS certificates fails, making
Conduit (rightly) refuse to connect to anything.
Signed-off-by: strawberry <strawberry@puppygock.gay>
