# floonet-strfry configuration. Copy to `.env` (for docker compose) and edit # for your deployment. Every value shown is the built-in default, so an unset # variable behaves exactly like the line below. # --- Identity (the part you MUST change to run your own relay) --- # Bare host this relay and its names live under: the `@domain` in # `name@domain` and the domain Caddy obtains a TLS certificate for. FLOONET_DOMAIN=floonet.example # Public base URL clients actually reach. LOAD-BEARING: NIP-98 auth events # are verified against ``, so this MUST be https:// # and its host MUST equal FLOONET_DOMAIN (a port is allowed). A wrong value # silently breaks every authenticated call. The authority refuses to start # if it and FLOONET_DOMAIN disagree. FLOONET_BASE_URL=https://floonet.example # Comma-separated relays advertised in /.well-known/nostr.json. Point this # at your own wss:// URL (normally wss://FLOONET_DOMAIN). FLOONET_RELAYS=wss://floonet.example # Co-located names (FLOONET_AUTHORITY_COLOCATED): this compose stack is single # domain, so names AND the relay are already served on FLOONET_DOMAIN # (`name@FLOONET_DOMAIN` resolves) — on by default, nothing to set here. Only a # SPLIT deploy that puts the relay and the authority on separate subdomains # behind nginx needs to opt in; see "Co-locating names on the relay domain" in # the README and deploy/us-east/colocated-authority.conf. # --- The kind whitelist (the keystone) --- # Comma-separated event kinds the relay stores. DEFAULT-DENY: anything not # listed here is rejected at ingest. The shipped set is exactly what the # Goblin wallet uses: # 0 profile, 3 contacts, 5 delete (NIP-09), 13 seal, 1059 gift wrap # (NIP-59), 10002 relay list (NIP-65), 10050 DM relays (NIP-17), # 27235 NIP-98 HTTP auth # To accept another kind, add it here and restart the relay. FLOONET_ALLOWED_KINDS=0,3,5,13,1059,10002,10050,27235 # --- Authentication (optional) --- # Require NIP-42 AUTH before accepting writes. Set to true AND flip # relay.auth.enabled to true in deploy/strfry/strfry.conf (strfry issues the # challenges; the plugin enforces the requirement). FLOONET_REQUIRE_AUTH=false # --- Charge GRIN for your relay (optional; all off by default) --- # off = everything free # name = claiming a name@domain costs FLOONET_NAME_PRICE_GRIN # write = publishing to the relay needs a one-time payment of # FLOONET_WRITE_PRICE_GRIN (clients must also NIP-42 AUTH, since # payment grants are per pubkey) FLOONET_PAY_MODE=off # Prices, in GRIN (decimals allowed, e.g. 1.5). You set the price; edit and # restart, no code change. FLOONET_NAME_PRICE_GRIN=0 FLOONET_WRITE_PRICE_GRIN=0 # Your GoblinPay server (https://code.gri.mw/GRIN/GoblinPay). The authority # creates invoices there and payers land on its hosted pay page. GOBLINPAY_URL= # The GoblinPay API token (GP_API_TOKEN on the GoblinPay side). GOBLINPAY_TOKEN= # Optional: GoblinPay webhook secret. When set, point a GoblinPay webhook at # https://FLOONET_DOMAIN/api/v1/goblinpay/webhook and payments confirm # instantly instead of on the next status poll. GOBLINPAY_WEBHOOK_SECRET= # Seconds the write policy plugin caches paid-status verdicts. FLOONET_PAID_CACHE_SECS=60 # --- Mixnet exit (optional) --- # Uncomment to ALSO run the bundled scoped mixnet exit, so wallets can reach # this relay over the mixnet. The exit forwards ONLY to this stack's own TLS # front (never arbitrary targets) and sees only ciphertext. On first start it # prints (and stores) its stable mixnet address; publish that address in the # relay pool listing so wallets can use it. #COMPOSE_PROFILES=exit # Where the exit pipes accepted streams. The default is this stack's own # proxy; only change it if your TLS terminates elsewhere. FLOONET_EXIT_UPSTREAM=caddy:443 # --- Name authority policy tunables --- # Seconds a key must wait to claim a new name after releasing one (anti-churn). FLOONET_NAME_CHANGE_COOLDOWN_SECS=600 # Max age (seconds) of an accepted NIP-98 auth event. FLOONET_AUTH_MAX_AGE_SECS=60 # Allowed name length, in characters. FLOONET_NAME_MIN=3 FLOONET_NAME_MAX=20 # --- Rate-limit ceilings (per X-Real-IP) --- # Read endpoints: max requests per window / window length in seconds. FLOONET_READ_RATE_MAX=120 FLOONET_READ_RATE_WINDOW_SECS=60 # Write endpoints (register/release/quote). FLOONET_WRITE_RATE_MAX=10 FLOONET_WRITE_RATE_WINDOW_SECS=3600 # --- Optional --- # Path to a file of additional reserved names (one per line, # comments). # Extends the built-in generic list and your domain's own labels (which are # always reserved). Leave unset to use only those defaults. #FLOONET_RESERVED_FILE=/etc/floonet-authority.reserved