akkoma/lib/pleroma/config/release_runtime_provider.ex

defmodule Pleroma.Config.ReleaseRuntimeProvider do
  @moduledoc """
  Imports runtime config and `{env}.exported_from_db.secret.exs` for releases.
  """
  @behaviour Config.Provider

  @impl true
  def init(opts), do: opts

  @impl true
  def load(config, opts) do
    with_defaults = Config.Reader.merge(config, Pleroma.Config.Holder.release_defaults())

    config_path =
      cond do
        opts[:config_path] -> opts[:config_path]
        System.get_env("AKKOMA_CONFIG_PATH") -> System.get_env("AKKOMA_CONFIG_PATH")
        System.get_env("PLEROMA_CONFIG_PATH") -> System.get_env("PLEROMA_CONFIG_PATH")
        File.exists?("/etc/pleroma/config.exs") -> "/etc/pleroma/config.exs"
        true -> "/etc/akkoma/config.exs"
      end

    with_runtime_config =
      if File.exists?(config_path) do
        # <https://git.pleroma.social/pleroma/pleroma/-/issues/3135>
        %File.Stat{mode: mode} = File.stat!(config_path)

        if Bitwise.band(mode, 0o007) > 0 do
          raise "Configuration at #{config_path} has world-permissions, execute the following: chmod o= #{config_path}"
        end

        if Bitwise.band(mode, 0o020) > 0 do
          raise "Configuration at #{config_path} has group-wise write permissions, execute the following: chmod g-w #{config_path}"
        end

        # Note: Elixir doesn't provides a getuid(2)
        # so cannot forbid group-read only when config is owned by us

        runtime_config = Config.Reader.read!(config_path)

        with_defaults
        |> Config.Reader.merge(pleroma: [config_path: config_path])
        |> Config.Reader.merge(runtime_config)
      else
        warning = [
          IO.ANSI.red(),
          IO.ANSI.bright(),
          "!!! Config path is not declared! Please ensure it exists and that AKKOMA_CONFIG_PATH and/or PLEROMA_CONFIG_PATH is unset or points to an existing file",
          IO.ANSI.reset()
        ]

        IO.puts(warning)
        with_defaults
      end

    exported_config_path =
      opts[:exported_config_path] ||
        config_path
        |> Path.dirname()
        |> Path.join("#{Pleroma.Config.get(:env)}.exported_from_db.secret.exs")

    with_exported =
      if File.exists?(exported_config_path) do
        exported_config = Config.Reader.read!(exported_config_path)
        Config.Reader.merge(with_runtime_config, exported_config)
      else
        with_runtime_config
      end

    with_exported
  end
end