42 lines
1.6 KiB
Go
42 lines
1.6 KiB
Go
// Package nadir exists only to embed shared documentation (the README) so a
|
|
// single source of truth can feed both GitHub and the OpenAPI description.
|
|
package nadir
|
|
|
|
import _ "embed"
|
|
|
|
// README is the project README. Content up to the "<!-- api-desc-end -->" marker
|
|
// is reused as the API description; see cmd/main.go.
|
|
//
|
|
//go:embed README.md
|
|
var README string
|
|
|
|
// Favicon is the orbit icon (lucide.dev, recolored midnight-blue) served as
|
|
// both the app favicon and the /docs page icon.
|
|
//
|
|
//go:embed favicon.svg
|
|
var Favicon string
|
|
|
|
// InstallScriptTemplate is the curl|sh bootstrap script served at /install.sh.
|
|
// It contains the placeholder __NADIR_BASE_URL__, substituted at request time
|
|
// with the scheme+host the script was fetched from - so it downloads the
|
|
// binary from the very instance that served it. See cmd/server/server.go.
|
|
//
|
|
//go:embed install.sh.tmpl
|
|
var InstallScriptTemplate string
|
|
|
|
// Version is set by the linker at build time:
|
|
// go build -ldflags "-X nadir.Version=v1.2.3"
|
|
// Local dev builds leave it as "dev".
|
|
var Version = "dev"
|
|
|
|
// ReleasePublicKey is the minisign public key whose signature on a release's
|
|
// sha256sums.txt is required by the auto-updater. Replacing the binary is the
|
|
// most dangerous thing nadir does, so it gets the strongest verification: the
|
|
// updater downloads sha256sums.txt + .minisig from the configured Gitea repo,
|
|
// verifies the signature against this embedded key, then verifies the binary's
|
|
// sha256 against the file. Rotation requires a rebuild — intentional, so a
|
|
// compromised Gitea instance cannot also rotate the trust anchor.
|
|
//
|
|
//go:embed minisign.pub
|
|
var ReleasePublicKey string
|