Repo is deployment dir

Rather than putting the source repo in a build dir and having a mount dir next to that, the
source repo itself is the deployment dir, with the mount dir inside of it. We do not want
to commit the contents of the database to the repo obviously

.gitignore

@@ -1,2 +1,6 @@
 /graphics
 .DS_Store
+
+**/*.secret
+**/*.pw
+mounts/

api/Cargo.lock

@@ -326,9 +326,9 @@ dependencies = [
 
 [[package]]
 name = "backtrace"
-version = "0.3.74"
+version = "0.3.75"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "8d82cb332cdfaed17ae235a638438ac4d4839913cc2af585c3c6746e8f8bee1a"
+checksum = "6806a6321ec58106fea15becdad98371e28d92ccbc7c8f1b3b6dd724fe8f1002"
 dependencies = [
  "addr2line",
  "cfg-if",
@@ -1697,9 +1697,9 @@ checksum = "d750af042f7ef4f724306de029d18836c26c1765a54a6a3f094cbd23a7267ffa"
 
 [[package]]
 name = "libm"
-version = "0.2.14"
+version = "0.2.15"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "a25169bd5913a4b437588a7e3d127cd6e90127b60e0ffbd834a38f1599e016b8"
+checksum = "f9fbbcab51052fe104eb5e5d351cf728d30a5be1fe14d9be8a3b097481fb97de"
 
 [[package]]
 name = "libredox"
@@ -4230,9 +4230,9 @@ checksum = "589f6da84c646204747d1270a2a5661ea66ed1cced2631d546fdfb155959f9ec"
 
 [[package]]
 name = "winnow"
-version = "0.7.9"
+version = "0.7.10"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "d9fb597c990f03753e08d3c29efbfcf2019a003b4bf4ba19225c158e1549f0f3"
+checksum = "c06928c8748d81b05c9be96aad92e1b6ff01833332f281e8cfca3be4b35fc9ec"
 dependencies = [
  "memchr",
 ]

api/adaptors/sql/src/lib.rs

@@ -188,11 +188,14 @@ fn get_connection_string() -> String {
     if let Some(password_file_location) = env::var_os("DATABASE_PASSWORD_FILE") {
         // The password can be left out of the URL, we add it from the specified
         // file (presumably under /run/secrets/)
-        let password = fs::read(&password_file_location).unwrap_or_else(|err| {
-            panic!("could not read database password from {password_file_location:?}\n\t{err:?}")
-        });
+        let password = fs::read(&password_file_location)
+            .unwrap_or_else(|err| {
+                panic!("could not read database password from {password_file_location:?}\n\t{err:?}")
+            });
+        let password = String::from(String::from_utf8_lossy(password.as_slice()));
+        let password = password.trim_end();
         let mut url = Url::parse(&connection_string).expect("invalid connection string");
-        url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref()))
+        url.set_password(Some(password))
             .unwrap_or_else(|_| panic!("invalid database URL: {connection_string:?}"));
         url.to_string()
     } else {

api/src/routes/tasks.rs

@@ -35,7 +35,7 @@ pub async fn cleanup<A: Adaptor>(
             println!("Error reading CRON_KEY_FILE at {path:?}");
             return Err(ApiError::NotAuthorized);
         };
-        String::from_utf8_lossy(key.as_slice()).into()
+        String::from_utf8_lossy(key.as_slice()).to_owned().trim_end().to_string()
     } else {
         Default::default()
     };

frontend/Dockerfile

@@ -33,8 +33,8 @@ ENV NODE_ENV=production
 # Uncomment the following line in case you want to disable telemetry during runtime.
 ENV NEXT_TELEMETRY_DISABLED=1
 
-RUN addgroup --system --gid 1000 nodejs
-RUN adduser --system --uid 1000 nextjs
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
 
 COPY --from=builder /app/public ./public
 

frontend/next.config.js

@@ -0,0 +1,4 @@
+/** @type {import('next').NextConfig} */
+module.exports = {
+    output: 'standalone'
+}