style: remove unnecessary .dockerignore

update

.actions/init/action.yaml

@@ -0,0 +1,21 @@
+name: "Initialize"
+description: "Install nix & use cachix"
+
+inputs:
+  token:
+    description: "cachix auth token"
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Install nix
+      uses: cachix/install-nix-action@v31
+      with:
+        nix_path: nixpkgs=channel:nixos-unstable
+
+    - name: Use cachix
+      uses: cachix/cachix-action@v16
+      with:
+        name: trevstack
+        authToken: "${{ inputs.token }}"

.actions/push/action.yaml

@@ -0,0 +1,63 @@
+name: "Docker Push"
+description: "Push to docker registry"
+
+inputs:
+  server_url:
+    required: true
+  repository:
+    required: true
+  tag:
+    required: true
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set env
+      shell: bash
+      run: |
+        REGISTRY=$(basename ${{ inputs.server_url }})
+
+        NR=${{ inputs.repository }}
+        NAMESPACE="${NR%%/*}"
+        REPOSITORY="${NR##*/}"
+
+        TAG=${{ inputs.tag }}
+        VERSION=${TAG#v}
+
+        echo "REGISTRY=${REGISTRY}" >> $GITHUB_ENV
+        echo "NAMESPACE=${NAMESPACE}" >> $GITHUB_ENV
+        echo "REPOSITORY=${REPOSITORY}" >> $GITHUB_ENV
+        echo "VERSION=${VERSION}" >> $GITHUB_ENV
+
+    - name: Push images
+      shell: bash
+      run: |
+        docker image tag $REPOSITORY:$VERSION-amd64 $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64
+        docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64
+
+        docker image tag $REPOSITORY:$VERSION-arm64 $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64
+        docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64
+
+        docker image tag $REPOSITORY:$VERSION-arm $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
+        docker push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
+
+    - name: Push manifest
+      shell: bash
+      run: |
+        docker manifest create $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION \
+          $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 \
+          $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 \
+          $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
+        docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 --arch amd64
+        docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 --arch arm64
+        docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm --arch arm
+        docker manifest push $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION
+
+        docker manifest create $REGISTRY/$NAMESPACE/$REPOSITORY:latest \
+          $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 \
+          $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 \
+          $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm
+        docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-amd64 --arch amd64
+        docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm64 --arch arm64
+        docker manifest annotate $REGISTRY/$NAMESPACE/$REPOSITORY:latest $REGISTRY/$NAMESPACE/$REPOSITORY:$VERSION-arm --arch arm
+        docker manifest push $REGISTRY/$NAMESPACE/$REPOSITORY:latest

.dockerignore

@@ -1,14 +0,0 @@
-.env
-/docker-compose.*
-/result*
-/.direnv/
-/build/
-
-# Client
-/client/node_modules/
-/client/.svelte-kit/
-
-# Server
-/server/client/
-/server/tmp/
-/server/build/

.gitea/workflows/check.yaml

@@ -15,19 +15,9 @@ jobs:
       contains(github.event.head_commit.message, 'bump:') == false &&
       contains(github.event.head_commit.message, 'Merge pull request') == false
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
-      - name: Use Cachix
+      - run: nix flake check
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Check
-        run: nix flake check

.gitea/workflows/release.yaml

@@ -9,43 +9,23 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
-      - name: Use Cachix
+      - run: nix flake check
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Check
-        run: nix flake check
 
   release:
     runs-on: ubuntu-latest
     needs: check
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
-      - name: Use Cachix
+      - run: >
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Build
-        run: >
           nix build
           .#trevstack-linux-amd64
           .#trevstack-linux-arm64
@@ -54,45 +34,35 @@ jobs:
           .#trevstack-darwin-amd64
           .#trevstack-darwin-arm64
 
-      - name: Release
+      - uses: akkuman/gitea-release-action@v1
-        uses: akkuman/gitea-release-action@v1
         with:
           files: |-
             result*/bin/*
 
-  # https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
   package:
     runs-on: ubuntu-latest
-    needs: release # Wait for binary cache to propagate
+    needs: release
     steps:
-      - name: Docker meta
+      - uses: actions/checkout@v4
-        id: meta
+      - uses: ./.actions/init
-        uses: docker/metadata-action@v5
         with:
-          # list of Docker images to use as base name for tags
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-          images: |
-            ${{ github.repository }}
-          # generate Docker tags based on the following events/attributes
-          tags: |
-            type=ref,event=branch
-            type=semver,pattern={{version}}
 
-      - name: Login to Gitea Container Registry
+      - uses: docker/login-action@v3
-        uses: docker/login-action@v3
         with:
-          registry: ${{ vars.URL }}
+          registry: ${{ github.server_url }}
-          username: ${{ vars.USERNAME }}
+          username: ${{ github.actor }}
-          password: ${{ secrets.PASSWORD }}
+          password: ${{ secrets.PAT }}
 
-      - name: Set up QEMU
+      - name: Build & load images
-        uses: docker/setup-qemu-action@v3
+        run: |
+          nix build .#trevstack-linux-amd64-image && ./result | docker load
+          nix build .#trevstack-linux-arm64-image && ./result | docker load
+          nix build .#trevstack-linux-arm-image && ./result | docker load
 
-      - name: Set up Docker Buildx
+      - name: Push images
-        uses: docker/setup-buildx-action@v3
+        uses: ./.actions/push
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
         with:
-          push: true
+          server_url: ${{ github.server_url }}
-          tags: ${{ steps.meta.outputs.tags }}
+          repository: ${{ github.repository }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tag: ${{ github.ref_name }}

.gitea/workflows/update.yaml

@@ -9,31 +9,42 @@ jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Use Cachix
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
       # https://github.com/actions/checkout/issues/13
-      - name: Set Git Config
+      - name: Set git config
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git checkout -B update
 
-      - name: Update
+      - run: nix run .#update
-        run: nix run .#update
 
-      - name: Create Pull Request
+      - name: Create pull request
-        uses: peter-evans/create-pull-request@v7
+        env:
-        with:
+          PAT: ${{ secrets.PAT }}
-          title: update
+        run: |
-          body: automatic update
+          URL="${{ gitea.server_url }}"
+          REPO_OWNER_SLASH_NAME="${{ gitea.repository }}"
+
+          if ! git ls-remote --exit-code origin update; then
+            git push origin update --force
+
+            PR_RESPONSE=$(curl -s -X POST -H "Authorization: token $PAT" \
+              -H "Content-Type: application/json" \
+              -d '{"title":"update","body":"automatic update","head":"update","base":"main"}' \
+              "$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls")
+            
+            PR_NUMBER=$(echo "$PR_RESPONSE" | jq -r '.number')
+
+            curl -s -X POST -H "Authorization: token $PAT" \
+              -H "Content-Type: application/json" \
+              -d '{"Do":"merge","merge_when_checks_succeed":true,"delete_branch_after_merge":true}' \
+              "$URL/api/v1/repos/$REPO_OWNER_SLASH_NAME/pulls/$PR_NUMBER/merge"
+
+          else
+            git push origin update --force
+          fi

.github/workflows/check.yaml

@@ -15,19 +15,9 @@ jobs:
       contains(github.event.head_commit.message, 'bump:') == false &&
       contains(github.event.head_commit.message, 'Merge pull request') == false
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
-      - name: Use Cachix
+      - run: nix flake check
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Check
-        run: nix flake check

.github/workflows/release.yaml

@@ -13,43 +13,23 @@ jobs:
   check:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
-      - name: Use Cachix
+      - run: nix flake check
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Check
-        run: nix flake check
 
   release:
     runs-on: ubuntu-latest
     needs: check
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
-      - name: Use Cachix
+      - run: >
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Build
-        run: >
           nix build
           .#trevstack-linux-amd64
           .#trevstack-linux-arm64
@@ -58,53 +38,36 @@ jobs:
           .#trevstack-darwin-amd64
           .#trevstack-darwin-arm64
 
-      - name: Release
+      - uses: softprops/action-gh-release@v2
-        uses: softprops/action-gh-release@v2
         with:
           generate_release_notes: true
           files: |-
             result*/bin/*
 
-  # https://docs.docker.com/build/ci/github-actions/manage-tags-labels/
   package:
     runs-on: ubuntu-latest
-    needs: release # Wait for binary cache to propagate
+    needs: release
     steps:
-      - name: Docker meta
+      - uses: actions/checkout@v4
-        id: meta
+      - uses: ./.actions/init
-        uses: docker/metadata-action@v5
         with:
-          # list of Docker images to use as base name for tags
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-          images: |
-            ${{ github.repository }}
-            ghcr.io/${{ github.repository }}
-          # generate Docker tags based on the following events/attributes
-          tags: |
-            type=ref,event=branch
-            type=semver,pattern={{version}}
 
-      - name: Login to Docker Hub
+      - uses: docker/login-action@v3
-        uses: docker/login-action@v3
-        with:
-          username: ${{ vars.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Login to GitHub Container Registry
-        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Set up QEMU
+      - name: Build & load images
-        uses: docker/setup-qemu-action@v3
+        run: |
+          nix build .#trevstack-linux-amd64-image && ./result | docker load
+          nix build .#trevstack-linux-arm64-image && ./result | docker load
+          nix build .#trevstack-linux-arm-image && ./result | docker load
 
-      - name: Set up Docker Buildx
+      - name: Push images
-        uses: docker/setup-buildx-action@v3
+        uses: ./.actions/push
-
-      - name: Build and push
-        uses: docker/build-push-action@v6
         with:
-          push: true
+          server_url: ghcr.io
-          tags: ${{ steps.meta.outputs.tags }}
+          repository: ${{ github.repository }}
-          labels: ${{ steps.meta.outputs.labels }}
+          tag: ${{ github.ref_name }}

.github/workflows/update.yaml

@@ -13,36 +13,28 @@ jobs:
   update:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout
+      - uses: actions/checkout@v4
-        uses: actions/checkout@v4
+      - uses: ./.actions/init
-
-      - name: Install Nix
-        uses: cachix/install-nix-action@v31
         with:
-          nix_path: nixpkgs=channel:nixos-unstable
+          token: "${{ secrets.CACHIX_AUTH_TOKEN }}"
-
-      - name: Use Cachix
-        uses: cachix/cachix-action@v16
-        with:
-          name: trevstack
-          authToken: "${{ secrets.CACHIX_AUTH_TOKEN }}"
 
       # https://github.com/actions/checkout/issues/13
-      - name: Set Git Config
+      - name: Set git config
         run: |
           git config user.name "github-actions[bot]"
           git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
 
-      - name: Update
+      - run: nix run .#update
-        run: nix run .#update
 
-      - name: Create Pull Request
+      - name: Create pull request
+        id: cpr
         uses: peter-evans/create-pull-request@v7
         with:
+          branch: update
           title: update
           body: automatic update
 
-      - name: Enable Automerge
+      - name: Enable automerge
-        run: gh pr merge --merge --auto "1"
+        run: gh pr merge --merge --auto "${{ steps.cpr.outputs.pull-request-number }}"
         env:
           GH_TOKEN: ${{ secrets.PAT }}

.scripts/bump.sh

@@ -19,7 +19,9 @@ echo "${version} -> ${next_version}"
 echo "bumping openapi"
 cd "${git_root}"
 sed -i -e "s/${version}/${next_version}/g" openapi.yaml
+sed -i -e "s/${version}/${next_version}/g" client/static/openapi/openapi.yaml
 git add openapi.yaml
+git add client/static/openapi/openapi.yaml
 
 echo "bumping client"
 cd "${git_root}/client"

.scripts/update.sh

@@ -12,6 +12,7 @@ if ! git diff --exit-code flake.lock; then
 fi
 
 echo "updating protobuf deps"
+cd "${git_root}/proto"
 buf dep update
 if ! git diff --exit-code buf.lock; then
     git add buf.lock

.vscode/extensions.json

@@ -2,7 +2,7 @@
   "recommendations": [
     "golang.go",
     "dorzey.vscode-sqlfluff",
-    "zxh404.vscode-proto3",
+    "bufbuild.vscode-buf",
     "dbaeumer.vscode-eslint",
     "svelte.svelte-vscode",
     "esbenp.prettier-vscode"

.vscode/settings.json

@@ -18,8 +18,8 @@
   },
 
   // Proto
-  "[proto3]": {
+  "[proto]": {
-    "editor.defaultFormatter": "zxh404.vscode-proto3"
+    "editor.defaultFormatter": "bufbuild.vscode-buf"
   },
 
   // ESLint

Dockerfile

@@ -1,29 +0,0 @@
-# Nix builder
-FROM nixos/nix:latest AS builder
-
-# Copy our source and setup our working dir.
-COPY . /tmp/build
-WORKDIR /tmp/build
-
-# Build our Nix environment
-RUN nix \
-    --extra-experimental-features "nix-command flakes" \
-    --option filter-syscalls false \
-    --accept-flake-config \
-    build
-
-# Copy the Nix store closure into a directory. The Nix store closure is the
-# entire set of Nix store values that we need for our build.
-RUN mkdir /tmp/nix-store-closure
-RUN cp -R $(nix-store -qR result/) /tmp/nix-store-closure
-
-# Final image is based on scratch. We copy a bunch of Nix dependencies
-# but they're fully self-contained so we don't need Nix anymore.
-FROM scratch
-
-WORKDIR /app
-
-# Copy /nix/store
-COPY --from=builder /tmp/nix-store-closure /nix/store
-COPY --from=builder /tmp/build/result /app
-CMD ["/app/bin/trevstack"]

README.md

@@ -7,6 +7,7 @@ This is a CRUD app to use as a template for starting projects
 - **Communicate anywhere**. Define a [protocol buffer](https://protobuf.dev/), and [Connect](https://connectrpc.com/) generates type-safe code to facilitate communication between the server and any client (web, mobile, embedded, etc). The protocol buffers can contain annotations to validate fields on the client and server. For clients that cannot use Connect, an OpenAPI spec is also generated
 - **Build anywhere**. The dev environment, testing and building is all declared in a single [Nix](https://nixos.org/) flake. Every developer and server can use the same environment
 - **Deploy anywhere**. CI/CD is already set up using github actions. New versions are automatically released for every major platform, along with a docker image. The binaries created require zero run-time dependencies and are relatively small (this app is 26 MiB)
+- Can be entirely self-hosted
 - Authentication is rolled in, including API key, fingerprint & passkey
 - Automatic database migration on startup
 - Light & dark modes with the [catppuccin](https://catppuccin.com/palette/) color palette
@@ -27,7 +28,7 @@ URL=http://localhost:5173
 DATABASE_URL=sqlite:/home/trev/.config/trevstack/sqlite.db
 ```
 
-4. Run `treli`
+4. Run `treli` to start the server & client
 
 It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/) and the dev environment will load automatically.
 
@@ -37,11 +38,52 @@ It's that simple. If you're feeling fancy, install [direnv](https://direnv.net/)
 
 - `nix run #bump [major | minor]`: bumps the current version up one. Defaults to "patch" (0.0.1 -> 0.0.2)
 
-- `buf lint` & `buf generate`: Lints and generates code from protocol buffers
+- `nix build [#trevstack-(GOOS)-(GOARCH)]`: builds the application. Defaults to building for your current platform, but can be built to many by specifying the GOOS and GOARCH values
 
-- `sqlc vet` & `sqlc generate`: Verifies and generates code from SQL files
+- `nix flake check`: runs all validations
 
-- `dbmate new` & `dbmate up`: Creates a new migration file and runs pending migrations
+- `buf lint proto` & `buf generate`: lints and generates code from protocol buffers
+
+- `sqlc vet` & `sqlc generate`: verifies and generates code from SQL files
+
+- `dbmate new` & `dbmate up`: creates a new migration file and runs pending migrations
+
+### Github Actions
+
+To use github actions for CI/CD, you'll need to create a fine-grained personal access token for the repository with the permissions:
+
+- Contents (read and write)
+- Pull requests (read and write)
+
+And change some settings for the repository:
+
+- General -> Allow auto-merge: true
+- Rules -> Rulesets -> New ruleset
+  - Branch targeting criteria: Default
+  - Branch rules
+    - Require status checks to pass -> Add checks -> "check"
+- Actions -> General -> Workflow permissions
+  - Read and write permissions: true
+  - Allow GitHub Actions to create and approve pull requests: true
+- Secrets and variables -> Actions -> Repository secrets
+  - PAT: (personal access token)
+
+### Gitea Actions
+
+To use gitea actions for CI/CD, you'll need to create an [API token](https://docs.gitea.com/development/api-usage) with the scopes:
+
+- write:repository
+- write:package
+
+And change some settings for the repository:
+
+- Repository -> Delete pull request branch after merge by default: true
+- Branches -> Add New Rule
+  - Protected Branch Name Pattern: main
+  - Enable Status Check: true
+  - Status check patterns: Check / check\*
+- Actions -> Secrets
+  - PAT: (API token)
 
 ## Components
 

buf.gen.yaml

@@ -1,5 +1,8 @@
 version: v2
 clean: true
+inputs:
+  - directory: proto
+
 managed:
   enabled: true
   override:

client/package.json

@@ -1,7 +1,7 @@
 {
 	"name": "trevstack",
 	"private": true,
-	"version": "0.0.29",
+	"version": "0.0.47",
 	"type": "module",
 	"scripts": {
 		"dev": "vite dev",
@@ -21,29 +21,29 @@
 		"@eslint/js": "^9.18.0",
 		"@ianvs/prettier-plugin-sort-imports": "^4.4.1",
 		"@lucide/svelte": "^0.479.0",
-		"@scalar/api-reference": "^1.28.33",
+		"@scalar/api-reference": "^1.28.34",
 		"@simplewebauthn/browser": "^13.1.0",
 		"@sveltejs/adapter-static": "^3.0.8",
-		"@sveltejs/kit": "^2.21.0",
+		"@sveltejs/kit": "^2.21.1",
 		"@sveltejs/vite-plugin-svelte": "^5.0.3",
-		"@tailwindcss/vite": "^4.1.6",
+		"@tailwindcss/vite": "^4.1.7",
-		"bits-ui": "^1.4.8",
+		"bits-ui": "^1.5.3",
 		"clsx": "^2.1.1",
-		"eslint": "^9.26.0",
+		"eslint": "^9.27.0",
 		"eslint-config-prettier": "^10.1.5",
-		"eslint-plugin-svelte": "^3.6.0",
+		"eslint-plugin-svelte": "^3.8.1",
 		"globals": "^16.1.0",
 		"mode-watcher": "^1.0.7",
 		"prettier": "^3.5.3",
-		"prettier-plugin-svelte": "^3.3.3",
+		"prettier-plugin-svelte": "^3.4.0",
 		"prettier-plugin-tailwindcss": "^0.6.11",
-		"svelte": "^5.28.6",
+		"svelte": "^5.31.1",
-		"svelte-check": "^4.1.7",
+		"svelte-check": "^4.2.1",
 		"svelte-sonner": "^0.3.28",
 		"tailwind-merge": "^3.3.0",
 		"tailwind-variants": "^1.0.0",
 		"tailwindcss": "^4.0.13",
-		"tw-animate-css": "^1.2.9",
+		"tw-animate-css": "^1.3.0",
 		"typescript": "^5.8.3",
 		"typescript-eslint": "^8.32.1",
 		"vite": "^6.3.5"

client/static/openapi/openapi.yaml

@@ -3,8 +3,8 @@ servers:
   - url: /grpc
 info:
   title: Trevstack API
-  version: 1.0.0
+  version: 0.0.33
-  description: API for trevstack
+  description: API for Trevstack
   contact:
     name: Trev
     email: spam@trev.xyz

flake.lock

@@ -2,11 +2,11 @@
   "nodes": {
     "nixpkgs": {
       "locked": {
-        "lastModified": 1746904237,
+        "lastModified": 1747542820,
-        "narHash": "sha256-3e+AVBczosP5dCLQmMoMEogM57gmZ2qrVSrmq9aResQ=",
+        "narHash": "sha256-GaOZntlJ6gPPbbkTLjbd8BMWaDYafhuuYRNrxCGnPJw=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "d89fc19e405cb2d55ce7cc114356846a0ee5e956",
+        "rev": "292fa7d4f6519c074f0a50394dbbe69859bb6043",
         "type": "github"
       },
       "original": {

flake.nix

@@ -21,7 +21,7 @@
     ...
   }: let
     pname = "trevstack";
-    version = "0.0.29";
+    version = "0.0.47";
 
     build-systems = [
       "x86_64-linux"
@@ -83,7 +83,10 @@
         packages = with pkgs; [
           treli.packages."${system}".default
           git
+
+          # Nix
           nix-update
+          alejandra
 
           # Server
           go
@@ -127,7 +130,7 @@
           pname = "check-client";
           inherit version;
           src = ./client;
-          npmDepsHash = "sha256-1Af4eOcvYIL6Y/gGn8PYaYAwPds/NOtSvyU13ByUH4A=";
+          npmDepsHash = "sha256-dl32ehKir0dZ4uiJ4s59xPIIbMkkZtH9dlTm4W0PZag=";
           dontNpmInstall = true;
 
           buildPhase = ''
@@ -190,7 +193,7 @@
         client = pkgs.buildNpmPackage {
           inherit pname version;
           src = ./client;
-          npmDepsHash = "sha256-1Af4eOcvYIL6Y/gGn8PYaYAwPds/NOtSvyU13ByUH4A=";
+          npmDepsHash = "sha256-dl32ehKir0dZ4uiJ4s59xPIIbMkkZtH9dlTm4W0PZag=";
 
           installPhase = ''
             cp -r build "$out"
@@ -208,11 +211,8 @@
             HOME=$PWD
           '';
         };
-      in
+
-        {
+        binaries = builtins.listToAttrs (builtins.map (x: {
-          default = server;
-        }
-        // builtins.listToAttrs (builtins.map (x: {
             name = "${pname}-${x.GOOS}-${x.GOARCH}";
             value = server.overrideAttrs {
               nativeBuildInputs =
@@ -235,7 +235,28 @@
               '';
             };
           })
-          host-systems)
+          host-systems);
+
+        images = builtins.listToAttrs (builtins.map (x: {
+            name = "${pname}-${x.GOOS}-${x.GOARCH}-image";
+            value = pkgs.dockerTools.streamLayeredImage {
+              name = "${pname}";
+              tag = "${version}-${x.GOARCH}";
+              created = "now";
+              architecture = "${x.GOARCH}";
+              contents = [binaries."${pname}-${x.GOOS}-${x.GOARCH}"];
+              config = {
+                Cmd = ["${binaries."${pname}-${x.GOOS}-${x.GOARCH}"}/bin/${pname}-${x.GOOS}-${x.GOARCH}-${version}"];
+              };
+            };
+          })
+          (builtins.filter (x: x.GOOS == "linux") host-systems));
+      in
+        {
+          default = server;
+        }
+        // binaries
+        // images
     );
   };
 }

openapi.yaml

@@ -3,7 +3,7 @@ servers:
   - url: /grpc
 info:
   title: Trevstack API
-  version: 0.0.29
+  version: 0.0.47
   description: API for Trevstack
   contact:
     name: Trev

proto/buf.yaml

@@ -1,6 +1,6 @@
 # For details on buf.yaml configuration, visit https://buf.build/docs/configuration/v2/buf-yaml
 version: v2
 modules:
-  - path: proto
+  - path: .
 deps:
   - buf.build/bufbuild/protovalidate

server/cmd/trevstack/main.go

@@ -68,7 +68,7 @@ func main() {
 	// Serve gRPC Handlers
 	api := http.NewServeMux()
 	api.Handle(interceptors.WithCORS(user.NewAuthHandler(vi, sqlc, webAuthn, name, env.Key)))
-	api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, env.Key)))
+	api.Handle(interceptors.WithCORS(user.NewHandler(vi, sqlc, webAuthn, name, env.Key)))
 	api.Handle(interceptors.WithCORS(item.NewHandler(vi, sqlc, env.Key)))
 
 	// Serve web interface

server/internal/handlers/user/v1/user.go

@@ -36,6 +36,7 @@ type Handler struct {
 	db       *sqlc.Queries
 	webAuthn *webauthn.WebAuthn
 	key      []byte
+	name     string
 
 	sessions *map[int64]*webauthn.SessionData
 	mu       sync.Mutex
@@ -132,7 +133,7 @@ func (h *Handler) GetAPIKey(ctx context.Context, req *connect.Request[userv1.Get
 
 	// Generate JWT
 	t := jwt.NewWithClaims(jwt.SigningMethodHS256, jwt.RegisteredClaims{
-		Issuer:  "trevstack",
+		Issuer:  h.name,
 		Subject: strconv.FormatInt(user.ID, 10),
 		IssuedAt: &jwt.NumericDate{
 			Time: time.Now(),
@@ -341,8 +342,8 @@ func transportsToString(transports []protocol.AuthenticatorTransport) string {
 	return s
 }
 
-func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, key string) (string, http.Handler) {
+func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.WebAuthn, name string, key string) (string, http.Handler) {
-	interceptors := connect.WithInterceptors(interceptors.NewAuthInterceptor(key), vi)
+	interceptors := connect.WithInterceptors(vi, interceptors.NewAuthInterceptor(key))
 
 	sd := map[int64]*webauthn.SessionData{}
 	return userv1connect.NewUserServiceHandler(
@@ -350,6 +351,7 @@ func NewHandler(vi *validate.Interceptor, db *sqlc.Queries, webauth *webauthn.We
 			db:       db,
 			webAuthn: webauth,
 			key:      []byte(key),
+			name:     name,
 
 			sessions: &sd,
 			mu:       sync.Mutex{},