remove redundant parentheses

Rather than putting the source repo in a build dir and having a mount dir next to that, the
source repo itself is the deployment dir, with the mount dir inside of it. We do not want
to commit the contents of the database to the repo obviously

.gitignore

@@ -3,3 +3,4 @@
 
 **/*.pw
 **/*.secret
+mounts/

api/Dockerfile

@@ -16,7 +16,13 @@ RUN --mount=type=cache,target=/usr/local/cargo,from=rust:latest,source=/usr/loca
     cargo build --release --features $adaptor && mv ./target/release/crabfit-api ./api
 
 # Runtime image
-FROM debian:bullseye-slim
+FROM debian:bookworm-slim
+
+# install libssl3
+RUN apt-get update &&\
+    apt-get install -yq libssl3 &&\
+    apt-get clean &&\
+    rm -rf /var/cache/apt/lists/*
 
 # Run as "app" user
 RUN useradd -ms /bin/bash app

api/adaptors/sql/src/lib.rs

@@ -188,11 +188,14 @@ fn get_connection_string() -> String {
     if let Some(password_file_location) = env::var_os("DATABASE_PASSWORD_FILE") {
         // The password can be left out of the URL, we add it from the specified
         // file (presumably under /run/secrets/)
-        let password = fs::read(&password_file_location).unwrap_or_else(|err| {
-            panic!("could not read database password from {password_file_location:?}\n\t{err:?}")
-        });
+        let password = fs::read(&password_file_location)
+            .unwrap_or_else(|err| {
+                panic!("could not read database password from {password_file_location:?}\n\t{err:?}")
+            });
+        let password = String::from(String::from_utf8_lossy(password.as_slice()));
+        let password = password.trim_end();
         let mut url = Url::parse(&connection_string).expect("invalid connection string");
-        url.set_password(Some(String::from_utf8_lossy(password.as_slice()).as_ref()))
+        url.set_password(Some(password))
             .unwrap_or_else(|_| panic!("invalid database URL: {connection_string:?}"));
         url.to_string()
     } else {

api/src/routes/tasks.rs

@@ -35,7 +35,7 @@ pub async fn cleanup<A: Adaptor>(
             println!("Error reading CRON_KEY_FILE at {path:?}");
             return Err(ApiError::NotAuthorized);
         };
-        String::from_utf8_lossy(key.as_slice()).into()
+        String::from_utf8_lossy(key.as_slice()).to_owned().trim_end().to_string()
     } else {
         Default::default()
     };

docker-compose.yml

@@ -6,51 +6,57 @@ services:
       #   adaptor: sql-adaptor (default) | memory-adaptor | datastore-adaptor
       # # datastore is for Google Datastore
     secrets:
-      - crabfit database password
-      - crabfit cron key
+      - crabfit-database-password
+      - crabfit-cron-key
     environment:
-      DATABASE_PASSWORD_FILE: /run/secrets/crabfit database password
-      DATABASE_URL: psql://crabfit@crabfit-database:5432/crabfit
+      DATABASE_PASSWORD_FILE: /run/secrets/crabfit-database-password
+      DATABASE_URL: postgresql://crabfit@crabfit-database:5432/crabfit
       FRONTEND_URL: https://availability.techwork.zone
-      CRON_KEY_FILE: /run/secrets/crabfit cron key
+      CRON_KEY_FILE: /run/secrets/crabfit-cron-key
     labels:
       traefik.enable: true
       traefik.http.routers.crabfit-api.rule: Host(`api.a10y.techwork.zone`)
       traefik.http.routers.crabfit-api.tls: true
       traefik.http.routers.crabfit-api.tls.certresolver: letsencrypt_standalone
     networks:
-      - crabfit-internal
+      - crabfit
       - public
+
   crabfit-database:
     image: postgres:17
-    secrets: [ 'crabfit database password' ]
+    secrets: [ 'crabfit-database-password' ]
     environment:
-      POSTGRES_PASSWORD_FILE: /run/secrets/crabfit database password
+      POSTGRES_PASSWORD_FILE: /run/secrets/crabfit-database-password
       POSTGRES_USER: crabfit
       POSTGRES_DB: crabfit
     volumes:
-      ./mounts/database:/var/lib/postgresql/data
+      - ./mounts/database:/var/lib/postgresql/data
     healthcheck:
       test: ["CMD", "pg_isready"]
       interval: 30s
       timeout: 20s
       retries: 3
-    networks: [ crabfit-internal ]
+    networks: [ crabfit ]
 
   crabfit-frontend:
     build:
       context: ./frontend
     labels:
       traefik.enable: true
-      traefik.http.routers.crabfit-frontend.rule: (Host(`a10y.techwork.zone`) || Host(`availability.techwork.zone`))
+      traefik.http.routers.crabfit-frontend.rule: Host(`a10y.techwork.zone`) || Host(`availability.techwork.zone`)
       traefik.http.routers.crabfit-frontend.tls: true
       traefik.http.routers.crabfit-frontend.tls.certresolver: letsencrypt_standalone
     environment:
       NEXT_PUBLIC_API_URL: https://api.a10y.techwork.zone
+    networks: [ public ]
 
 
+networks:
+  crabfit:
+    internal: true
+
 secrets:
-  crabfit database password:
+  crabfit-database-password:
     file: ./postgres.pw
-  crabfit cron key:
+  crabfit-cron-key:
     file: ./cron.secret

frontend/Dockerfile

@@ -33,8 +33,8 @@ ENV NODE_ENV=production
 # Uncomment the following line in case you want to disable telemetry during runtime.
 ENV NEXT_TELEMETRY_DISABLED=1
 
-RUN addgroup --system --gid 1000 nodejs
-RUN adduser --system --uid 1000 nextjs
+RUN addgroup --system --gid 1001 nodejs
+RUN adduser --system --uid 1001 nextjs
 
 COPY --from=builder /app/public ./public
 

frontend/next.config.js

@@ -0,0 +1,4 @@
+/** @type {import('next').NextConfig} */
+module.exports = {
+    output: 'standalone'
+}