From c51acba26fb6aaa77843252feef21d118704f5f7 Mon Sep 17 00:00:00 2001
From: not-nullptr <nullptr@vert.sh>
Date: Sun, 19 Oct 2025 18:23:49 +0100
Subject: [PATCH] docs: add references to PUB_DISABLE_ALL_EXTERNAL_REQUESTS

---
 .env.example                 |   1 +
 .github/workflows/docker.yml | 125 ++++++++++++++++++-----------------
 Dockerfile                   |   4 +-
 docker-compose.yml           |   1 +
 docs/DOCKER.md               |   8 +++
 5 files changed, 76 insertions(+), 63 deletions(-)

diff --git a/.env.example b/.env.example
index e9d99fd..ce04f8b 100644
--- a/.env.example
+++ b/.env.example
@@ -2,6 +2,7 @@ PUB_HOSTNAME=localhost:5173 # only gets used for plausible (for now)
 PUB_PLAUSIBLE_URL=https://plausible.example.com # can be empty
 PUB_ENV=development # "production", "development", or "nightly"
 PUB_VERTD_URL=https://vertd.vert.sh # default vertd instance
+DISABLE_ALL_EXTERNAL_REQUESTS=false # disables vertd, stripe, plausible, etc. use if your boss complains about privacy
 
 # please do not change these. donations help a lot
 PUB_DONATION_URL=https://donations.vert.sh
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
index 84ea7f1..7e1c0dd 100644
--- a/.github/workflows/docker.yml
+++ b/.github/workflows/docker.yml
@@ -1,67 +1,68 @@
 name: Docker Image CI
 
 on:
-  push:
-    branches: [ "main" ]
-    tags: [ 'v*' ]
-    paths:
-      - 'src/**'
-      - 'static/**'
-  pull_request:
-    branches: [ "main" ]
-    paths:
-      - 'src/**'
-      - 'static/**'
-  workflow_dispatch:
+    push:
+        branches: ["main"]
+        tags: ["v*"]
+        paths:
+            - "src/**"
+            - "static/**"
+    pull_request:
+        branches: ["main"]
+        paths:
+            - "src/**"
+            - "static/**"
+    workflow_dispatch:
 
 jobs:
-  build-and-push:
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
-    
-    steps:
-    - uses: actions/checkout@v4
-    
-    - name: Set up Docker Buildx
-      uses: docker/setup-buildx-action@v3
-    
-    - name: Login to GitHub Container Registry
-      if: github.event_name != 'pull_request'
-      uses: docker/login-action@v3
-      with:
-        registry: ghcr.io
-        username: ${{ github.actor }}
-        password: ${{ secrets.GITHUB_TOKEN }}
-    
-    - name: Extract metadata
-      id: meta
-      uses: docker/metadata-action@v5
-      with:
-        images: ghcr.io/${{ github.repository }}
-        tags: |
-          type=ref,event=branch
-          type=ref,event=pr
-          type=semver,pattern={{version}}
-          type=semver,pattern={{major}}.{{minor}}
-          type=sha,format=short
-          type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
-    
-    - name: Build and push
-      uses: docker/build-push-action@v5
-      with:
-        context: .
-        push: ${{ github.event_name != 'pull_request' }}
-        platforms: linux/amd64,linux/arm64
-        tags: ${{ steps.meta.outputs.tags }}
-        labels: ${{ steps.meta.outputs.labels }}
-        cache-from: type=gha
-        cache-to: type=gha,mode=max
-        build-args: |
-          PUB_ENV=production
-          PUB_HOSTNAME=${{ vars.PUB_HOSTNAME || '' }}
-          PUB_PLAUSIBLE_URL=${{ vars.PUB_PLAUSIBLE_URL || '' }}
-          PUB_VERTD_URL=https://vertd.vert.sh
-          PUB_DONATION_URL=https://donations.vert.sh
-          PUB_STRIPE_KEY=pk_live_51RDVmAGSxPVad6bQwzVNnbc28nlmzA30krLWk1fefCMpUPiSRPkavMMbGqa8A3lUaOCMlsUEVy2CWDYg0ip3aPpL00ZJlsMkf2
+    build-and-push:
+        runs-on: ubuntu-latest
+        permissions:
+            contents: read
+            packages: write
+
+        steps:
+            - uses: actions/checkout@v4
+
+            - name: Set up Docker Buildx
+              uses: docker/setup-buildx-action@v3
+
+            - name: Login to GitHub Container Registry
+              if: github.event_name != 'pull_request'
+              uses: docker/login-action@v3
+              with:
+                  registry: ghcr.io
+                  username: ${{ github.actor }}
+                  password: ${{ secrets.GITHUB_TOKEN }}
+
+            - name: Extract metadata
+              id: meta
+              uses: docker/metadata-action@v5
+              with:
+                  images: ghcr.io/${{ github.repository }}
+                  tags: |
+                      type=ref,event=branch
+                      type=ref,event=pr
+                      type=semver,pattern={{version}}
+                      type=semver,pattern={{major}}.{{minor}}
+                      type=sha,format=short
+                      type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
+
+            - name: Build and push
+              uses: docker/build-push-action@v5
+              with:
+                  context: .
+                  push: ${{ github.event_name != 'pull_request' }}
+                  platforms: linux/amd64,linux/arm64
+                  tags: ${{ steps.meta.outputs.tags }}
+                  labels: ${{ steps.meta.outputs.labels }}
+                  cache-from: type=gha
+                  cache-to: type=gha,mode=max
+                  build-args: |
+                      PUB_ENV=production
+                      PUB_HOSTNAME=${{ vars.PUB_HOSTNAME || '' }}
+                      PUB_PLAUSIBLE_URL=${{ vars.PUB_PLAUSIBLE_URL || '' }}
+                      PUB_VERTD_URL=https://vertd.vert.sh
+                      PUB_DISABLE_ALL_EXTERNAL_REQUESTS=false
+                      PUB_DONATION_URL=https://donations.vert.sh
+                      PUB_STRIPE_KEY=pk_live_51RDVmAGSxPVad6bQwzVNnbc28nlmzA30krLWk1fefCMpUPiSRPkavMMbGqa8A3lUaOCMlsUEVy2CWDYg0ip3aPpL00ZJlsMkf2
diff --git a/Dockerfile b/Dockerfile
index 79b6be9..d9f48e1 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -6,6 +6,7 @@ ARG PUB_ENV
 ARG PUB_HOSTNAME
 ARG PUB_PLAUSIBLE_URL
 ARG PUB_VERTD_URL
+ARG PUB_DISABLE_ALL_EXTERNAL_REQUESTS
 ARG PUB_DONATION_URL
 ARG PUB_STRIPE_KEY
 
@@ -13,6 +14,7 @@ ENV PUB_ENV=${PUB_ENV}
 ENV PUB_HOSTNAME=${PUB_HOSTNAME}
 ENV PUB_PLAUSIBLE_URL=${PUB_PLAUSIBLE_URL}
 ENV PUB_VERTD_URL=${PUB_VERTD_URL}
+ENV PUB_DISABLE_ALL_EXTERNAL_REQUESTS=${PUB_DISABLE_ALL_EXTERNAL_REQUESTS}
 ENV PUB_DONATION_URL=${PUB_DONATION_URL}
 ENV PUB_STRIPE_KEY=${PUB_STRIPE_KEY}
 
@@ -33,4 +35,4 @@ COPY ./nginx/default.conf /etc/nginx/conf.d/default.conf
 COPY --from=builder /app/build /usr/share/nginx/html
 
 HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \
-    CMD curl --fail --silent --output /dev/null http://localhost || exit 1
\ No newline at end of file
+	CMD curl --fail --silent --output /dev/null http://localhost || exit 1
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 7372f1f..a5a3ae1 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,7 @@ services:
         PUB_HOSTNAME: ${PUB_HOSTNAME:-localhost:5173}
         PUB_PLAUSIBLE_URL: ${PUB_PLAUSIBLE_URL:-}
         PUB_ENV: ${PUB_ENV:-production}
+        PUB_DISABLE_ALL_EXTERNAL_REQUESTS: ${DISABLE_ALL_EXTERNAL_REQUESTS:-false}
         PUB_VERTD_URL: ${PUB_VERTD_URL:-}
         PUB_DONATION_URL: ${PUB_DONATION_URL:-https://donations.vert.sh}
         PUB_STRIPE_KEY: ${PUB_STRIPE_KEY:-pk_live_51RDVmAGSxPVad6bQwzVNnbc28nlmzA30krLWk1fefCMpUPiSRPkavMMbGqa8A3lUaOCMlsUEVy2CWDYg0ip3aPpL00ZJlsMkf2}
diff --git a/docs/DOCKER.md b/docs/DOCKER.md
index 957f450..37169d2 100644
--- a/docs/DOCKER.md
+++ b/docs/DOCKER.md
@@ -6,13 +6,16 @@ This file covers how to run VERT under a Docker container.
 - [Using an image from the GitHub Container Registry](#using-an-image-from-the-github-container-registry)
 
 ### Manually building the image
+
 First, clone the repository:
+
 ```shell
 $ git clone https://github.com/VERT-sh/VERT
 $ cd VERT/
 ```
 
 Then build a Docker image with:
+
 ```shell
 $ docker build -t vert-sh/vert \
     --build-arg PUB_ENV=production \
@@ -20,10 +23,12 @@ $ docker build -t vert-sh/vert \
     --build-arg PUB_PLAUSIBLE_URL=https://plausible.example.com \
     --build-arg PUB_VERTD_URL=https://vertd.vert.sh \
     --build-arg PUB_DONATION_URL=https://donations.vert.sh \
+	--build-arg PUB_DISABLE_ALL_EXTERNAL_REQUESTS=false
     --build-arg PUB_STRIPE_KEY="" .
 ```
 
 You can then run it by using:
+
 ```shell
 $ docker run -d \
     --restart unless-stopped \
@@ -33,6 +38,7 @@ $ docker run -d \
 ```
 
 This will do the following:
+
 - Use the previously built image as the container `vert`, in detached mode
 - Continuously restart the container until manually stopped
 - Map `3000/tcp` (host) to `80/tcp` (container)
@@ -40,7 +46,9 @@ This will do the following:
 We also have a [`docker-compose.yml`](/docker-compose.yml) file available. Use `docker compose up` if you want to start the stack, or `docker compose down` to bring it down. You can pass `--build` to `docker compose up` to rebuild the Docker image (useful if you've changed any of the environment variables) as well as `-d` to start it in detached mode. You can read more about Docker Compose in general [here](https://docs.docker.com/compose/intro/compose-application-model/).
 
 ### Using an image from the GitHub Container Registry
+
 While there's an image you can pull instead of cloning the repo and building the image yourself, you will not be able to update any of the environment variables (e.g. `PUB_PLAUSIBLE_URL`) as they're baked directly into the image and not obtained during runtime. If you're okay with this, you can simply run this command instead:
+
 ```shell
 $ docker run -d \
     --restart unless-stopped \