## ## floonet-strfry relay configuration. ## ## strfry (https://github.com/hoytech/strfry) is a high-performance C++/LMDB ## relay. strfry core ships stock; all Floonet policy lives in the write ## policy plugin (plugin/floonet_writepolicy.py), which enforces a ## default-deny kind whitelist and the optional auth and paid-write gates. ## The plugin reads its configuration from environment variables set on the ## strfry process (see .env.example at the repo root). ## # Directory that contains the strfry LMDB database. Mounted as a volume so # the data survives container restarts. db = "/strfry-db/" dbParams { maxreaders = 256 # 10 TB virtual mmap; does NOT preallocate disk. mapsize = 10995116277760 noReadAhead = false } events { # Reject oversized events. 128 KiB matches maxWebsocketPayloadSize below and # fits a maximum-size NIP-59 gift-wrapped slatepack payment (~66 KiB worst # case per the wallet's relay research), which the old 64 KiB cap could # silently reject. maxEventSize = 131072 # Clock-skew tolerance for future-dated events. NIP-59 gift wraps tweak # created_at backwards (up to ~2 days), so they are unaffected by the # future bound; keep it tight (the strfry default) to limit future-dated # spam and replaceable-event games. rejectEventsNewerThanSeconds = 900 # Accept back-dated events for a long window; gift-wrap timestamp # tweaking stays far inside this (~3 years). rejectEventsOlderThanSeconds = 94608000 rejectEphemeralEventsOlderThanSeconds = 60 ephemeralEventsLifetimeSeconds = 300 maxNumTags = 2000 maxTagValSize = 1024 } relay { # Listen on all interfaces inside the container; the reverse proxy in # front is the only thing that reaches it. bind = "0.0.0.0" port = 7777 nofiles = 524288 # The reverse proxy (Caddy/nginx) sets this from the real client address. # Used for logging and any IP-based policy. realIpHeader = "x-real-ip" auth { # NIP-42 authentication. OFF by default: wallets publish and read # gift wraps without authenticating. To require AUTH before writes, # set enabled = true here AND FLOONET_REQUIRE_AUTH=true in the # environment (the plugin enforces; strfry only issues challenges). enabled = false serviceUrl = "" } info { # NIP-11 relay information document, served on GET / with # `Accept: application/nostr+json`. Deliberately neutral: this # metadata says nothing about what clients exchange over the relay. # `nips` empty = advertise strfry's built-in supported NIPs; # `software`/`version` are filled automatically. name = "Floonet Relay" description = "A strfry Floonet relay for the Grin community Nostr network." pubkey = "" contact = "" # The bundled proxy serves the Floonet logo at /floonet-logo.svg. # Set to your own domain, e.g. "https://your.domain/floonet-logo.svg". icon = "" nips = "" } maxWebsocketPayloadSize = 131072 maxReqFilterSize = 200 autoPingSeconds = 55 enableTcpKeepalive = true queryTimesliceBudgetMicroseconds = 10000 # Plenty for a wallet's gift-wrap history scan; bounds a single REQ's work. maxFilterLimit = 500 # A wallet keeps one live subscription plus a few one-shot fetches. Cap # low so an unauthenticated client cannot open a flood of scanning subs. maxSubsPerConnection = 20 maxPendingOutboundBytes = 33554432 writePolicy { # The Floonet policy plugin: default-deny kind whitelist plus the # optional NIP-42 and paid-write gates. Configured via FLOONET_* # environment variables (see the plugin header and .env.example). plugin = "/usr/local/bin/floonet_writepolicy.py" timeoutSeconds = 10 } compression { enabled = true slidingWindow = true } logging { dumpInAll = false dumpInEvents = false dumpInReqs = false dbScanPerf = false invalidEvents = true } numThreads { ingester = 3 reqWorker = 3 reqMonitor = 3 negentropy = 2 } negentropy { # Set reconciliation (NIP-77) so community mirrors can sync cheaply. enabled = true maxSyncEvents = 1000000 } filterValidation { # Leave OFF: wallets legitimately query several kinds in one filter, # which strict validation (maxKindsPerFilter) would reject. Stored # kinds are restricted by the write policy above. enabled = false } }