annex.listen can be configured, instead of using --listen

Assistant.hs

@@ -124,7 +124,7 @@ startDaemon assistant foreground startdelay cannotrun listenhost startbrowser =
 		notice ["starting", desc, "version", SysConfig.packageversion]
 		urlrenderer <- liftIO newUrlRenderer
 #ifdef WITH_WEBAPP
-		let webappthread = [ assist $ webAppThread d urlrenderer False cannotrun listenhost Nothing webappwaiter ]
+		let webappthread = [ assist $ webAppThread d urlrenderer False cannotrun Nothing listenhost webappwaiter ]
 #else
 		let webappthread = []
 #endif

Assistant/Threads/WebApp.hs

@@ -1,6 +1,6 @@
 {- git-annex assistant webapp thread
  -
- - Copyright 2012 Joey Hess <joey@kitenet.net>
+ - Copyright 2012-2014 Joey Hess <joey@kitenet.net>
  -
  - Licensed under the GNU GPL version 3 or higher.
  -}
@@ -41,6 +41,7 @@ import Utility.WebApp
 import Utility.Tmp
 import Utility.FileMode
 import Git
+import qualified Annex
 
 import Yesod
 import Network.Socket (SockAddr, HostName)
@@ -56,13 +57,17 @@ webAppThread
 	-> UrlRenderer
 	-> Bool
 	-> Maybe String
-	-> Maybe HostName
 	-> Maybe (IO Url)
+	-> Maybe HostName
 	-> Maybe (Url -> FilePath -> IO ())
 	-> NamedThread
-webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun onstartup = thread $ liftIO $ do
+webAppThread assistantdata urlrenderer noannex cannotrun postfirstrun listenhost onstartup = thread $ liftIO $ do
+	listenhost' <- if isJust listenhost
+		then pure listenhost
+		else getAnnex $ annexListen <$> Annex.getGitConfig
+	tlssettings <- getAnnex getTlsSettings
 #ifdef __ANDROID__
-	when (isJust listenhost) $
+	when (isJust listenhost') $
 		-- See Utility.WebApp
 		error "Sorry, --listen is not currently supported on Android"
 #endif
@@ -74,22 +79,20 @@ webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun
 		<*> pure postfirstrun
 		<*> pure cannotrun
 		<*> pure noannex
-		<*> pure listenhost
+		<*> pure listenhost'
 	setUrlRenderer urlrenderer $ yesodRender webapp (pack "")
 	app <- toWaiAppPlain webapp
 	app' <- ifM debugEnabled
 		( return $ httpDebugLogger app
 		, return app
 		)
-	tlssettings <- runThreadState (threadState assistantdata) getTlsSettings
+	runWebApp tlssettings listenhost' app' $ \addr -> if noannex
-	runWebApp tlssettings listenhost app' $ \addr -> if noannex
 		then withTmpFile "webapp.html" $ \tmpfile h -> do
 			hClose h
 			go tlssettings addr webapp tmpfile Nothing
 		else do
-			let st = threadState assistantdata
+			htmlshim <- getAnnex' $ fromRepo gitAnnexHtmlShim
-			htmlshim <- runThreadState st $ fromRepo gitAnnexHtmlShim
+			urlfile <- getAnnex' $ fromRepo gitAnnexUrlFile
-			urlfile <- runThreadState st $ fromRepo gitAnnexUrlFile
 			go tlssettings addr webapp htmlshim (Just urlfile)
   where
   	-- The webapp thread does not wait for the startupSanityCheckThread
@@ -100,13 +103,18 @@ webAppThread assistantdata urlrenderer noannex cannotrun listenhost postfirstrun
 		| noannex = return Nothing
 		| otherwise = Just <$>
 			(relHome =<< absPath
-				=<< runThreadState (threadState assistantdata) (fromRepo repoPath))
+				=<< getAnnex' (fromRepo repoPath))
 	go tlssettings addr webapp htmlshim urlfile = do
 		let url = myUrl tlssettings webapp addr
 		maybe noop (`writeFileProtected` url) urlfile
 		writeHtmlShim "Starting webapp..." url htmlshim
 		maybe noop (\a -> a url htmlshim) onstartup
 
+	getAnnex a
+		| noannex = pure Nothing
+		| otherwise = getAnnex' a
+	getAnnex' = runThreadState (threadState assistantdata)
+
 myUrl :: Maybe TLS.TLSSettings -> WebApp -> SockAddr -> Url
 myUrl tlssettings webapp addr = unpack $ yesodRender webapp urlbase DashboardR []
   where

Command/WebApp.hs

@@ -68,16 +68,22 @@ start' allowauto listenhost = do
 		cannotrun <- needsUpgrade . fromMaybe (error "no version") =<< getVersion
 		browser <- fromRepo webBrowser
 		f <- liftIO . absPath =<< fromRepo gitAnnexHtmlShim
+		listenhost' <- if isJust listenhost
+			then pure listenhost
+			else annexListen <$> Annex.getGitConfig
 		ifM (checkpid <&&> checkshim f)
 			( if isJust listenhost
 				then error "The assistant is already running, so --listen cannot be used."
 				else do
 					url <- liftIO . readFile
 						=<< fromRepo gitAnnexUrlFile
-					liftIO $ openBrowser browser f url Nothing Nothing
+					liftIO $ if isJust listenhost'
-			, startDaemon True True Nothing cannotrun listenhost $ Just $ 
+						then putStrLn url
+						else liftIO $ openBrowser browser f url Nothing Nothing
+			, do
+				startDaemon True True Nothing cannotrun listenhost' $ Just $ 
 					\origout origerr url htmlshim ->
-					if isJust listenhost
+						if isJust listenhost'
 							then maybe noop (`hPutStrLn` url) origout
 							else openBrowser browser htmlshim url origout origerr
 			)
@@ -142,8 +148,9 @@ firstRun listenhost = do
 	let callback a = Just $ a v
 	runAssistant d $ do
 		startNamedThread urlrenderer $
-			webAppThread d urlrenderer True Nothing listenhost
+			webAppThread d urlrenderer True Nothing
 				(callback signaler)
+				listenhost
 				(callback mainthread)
 		waitNamedThreads
   where

Types/GitConfig.hs

@@ -50,6 +50,7 @@ data GitConfig = GitConfig
 	, annexExpireUnused :: Maybe (Maybe Duration)
 	, annexSecureEraseCommand :: Maybe String
 	, annexGenMetaData :: Bool
+	, annexListen :: Maybe String
 	, coreSymlinks :: Bool
 	, gcryptId :: Maybe String
 	}
@@ -83,6 +84,7 @@ extractGitConfig r = GitConfig
 		<$> getmaybe (annex "expireunused")
 	, annexSecureEraseCommand = getmaybe (annex "secure-erase-command")
 	, annexGenMetaData = getbool (annex "genmetadata") False
+	, annexListen = getmaybe (annex "listen")
 	, coreSymlinks = getbool "core.symlinks" True
 	, gcryptId = getmaybe "core.gcrypt-id"
 	}

debian/changelog

@@ -3,6 +3,7 @@ git-annex (5.20140228) UNRELEASED; urgency=medium
   * webapp: Now supports HTTPS.
   * webapp: No longer supports a port specified after --listen, since
     it was buggy, and that use case is better supported by setting up HTTPS.
+  * annex.listen can be configured, instead of using --listen
   * Probe for quvi version at run time.
   * webapp: Filter out from Switch Repository list any
     repositories listed in autostart file that don't have a

doc/git-annex.mdwn

@@ -308,7 +308,8 @@ subdirectories).
   it opens a browser window.
 
   To use the webapp on a remote computer, use the `--listen=address`
-  option to specify the address the web server should listen on.
+  option to specify the address the web server should listen on
+  (or set annex.listen).
   This disables running a local web browser, and outputs the url you
   can use to open the webapp.
 
@@ -1376,6 +1377,12 @@ Here are all the supported configuration settings.
   Set to false to prevent the git-annex assistant from automatically
   committing changes to files in the repository.
 
+* `annex.listen`
+
+  Configures which address the webapp listens on. The default is localhost.
+  Can be either an IP address, or a hostname that resolves to the desired
+  address.
+
 * `annex.debug`
 
   Set to true to enable debug logging by default.

doc/tips/remote_webapp_setup.mdwn

@@ -4,7 +4,13 @@ web browser.
 
 Sure, no problem! It can even be done securely!
 
-First, you need to generate a private key and a certificate for HTTPS.
+Let's start by making the git-annex repository on the remote server.
+
+	git init annex
+	cd annex
+	git annex init
+
+Now, you need to generate a private key and a certificate for HTTPS.
 These files are stored in `.git/annex/privkey.pem` and 
 `.git/annex/certificate.pem` inside the git repository. Here's
 one way to generate those files, using a self-signed certificate:
@@ -17,22 +23,28 @@ With those files in place, git-annex will automatically only accept HTTPS
 connections. That's good, since HTTP connections are not secure over the
 big bad internet.
 
-All that remains is to start the webapp listening on the external interface
+All that remains is to make the webapp listen on the external interface
 of the server. Normally, for security, git-annex only listens on localhost.
+Tell it what hostname to listen on:
 
-	git annex webapp --listen=host.example.com
+	git config annex.listen host.example.com
 
 (If your hostname doesn't work, its IP address certianly will..)
 
-When you run the webapp like that, it'll print out the URL to use to open
+When you run the webapp configured like that, it'll print out the
-it. You can paste that into your web browser.
+URL to use to open it. You can paste that into your web browser.
 
-Notice that the URL has a big jumble of letters at the end -- this is a secret
+	git annex webapp
-token that the webapp uses to verify you're you. So random attackers can't find
+	http://host.example.com:42232/?auth=ea7857ad...
-your webapp and do bad things with it.
 
-The webapp also writes its url to `.git/annex/url`, so you can use that
+Notice that the URL has a big jumble of letters at the end -- this is a
-file to automate opening the url. For example, you could make your server
+secret token that the webapp uses to verify you're you. So random attackers
-start the webapp on boot, and then to open it, run:
+can't find your webapp and do bad things with it.
 
-	xdg-open "$(ssh host.example.com cat annex/.git/annex/url)"
+If you like, you can make the server run `git annex assistant --autostart`
+on boot.
+
+To automate opening the remote server's webapp in your local browser,
+just run this:
+
+	firefox "$(ssh host.example.com git annex webapp)"