Files
floonet-rs/docker-compose.yml
Goblin 9fa97ebb5c
Test and build / test_floonet-rs (push) Has been cancelled
floonet-rs: hardened nostr-rs-relay for the Grin community
nostr-rs-relay + a default-deny admission pipeline (kinds 0,3,5,13,1059,
10002,10050,27235 only), NIP-42 auth, neutral NIP-11, a built-in name
authority (paid names via GoblinPay), and a config-toggled co-located
mixnet exit supervisor. Single binary + installer + hardened systemd, or
Docker Compose. Relay core untouched (additive admission + authority).
2026-07-02 08:22:18 -04:00

49 lines
1.4 KiB
YAML

# One-command deploy: the relay plus a Caddy TLS proxy.
#
# 1. cp config.toml my-config.toml
# edit: info.relay_url, and set [network] address = "0.0.0.0"
# (Caddy reaches the relay over the compose network)
# 2. echo 'FLOONET_DOMAIN=relay.example.com' > .env
# 3. docker compose up -d
#
# The relay container runs as a non-root user with a read-only root
# filesystem; only the data volume is writable. Caddy terminates TLS and
# forwards the real client IP in X-Real-IP (load-bearing for the per-IP
# rate limits).
services:
relay:
build: .
restart: unless-stopped
read_only: true
volumes:
- relay-data:/usr/src/app/db
- ./my-config.toml:/usr/src/app/config.toml:ro
environment:
RUST_LOG: warn,floonet_rs=info
# Paid mode without baking secrets into the config file:
# FLOONET_PAY_MODE: "name"
# FLOONET_GOBLINPAY_URL: "https://pay.example.com"
# FLOONET_GOBLINPAY_TOKEN: "..."
# FLOONET_NAME_PRICE_GRIN: "1.0"
expose:
- "8080"
caddy:
image: caddy:2-alpine
restart: unless-stopped
environment:
FLOONET_DOMAIN: ${FLOONET_DOMAIN:?set FLOONET_DOMAIN in .env}
ports:
- "80:80"
- "443:443"
volumes:
- ./deploy/Caddyfile.compose:/etc/caddy/Caddyfile:ro
- caddy-data:/data
- caddy-config:/config
volumes:
relay-data:
caddy-data:
caddy-config: