16302ed309
Stock strfry + a default-deny write-policy plugin (kinds 0,3,5,13,1059, 10002,10050,27235 only), NIP-42 auth, neutral NIP-11, a bundled name authority (paid names/uses via GoblinPay), and a config-toggled co-located mixnet exit. Docker Compose + Caddy + hardened systemd. strfry core stays stock (plugin + config only). Validated end to end against real strfry.
108 lines
4.2 KiB
Bash
108 lines
4.2 KiB
Bash
# floonet-strfry configuration. Copy to `.env` (for docker compose) and edit
|
|
# for your deployment. Every value shown is the built-in default, so an unset
|
|
# variable behaves exactly like the line below.
|
|
|
|
# --- Identity (the part you MUST change to run your own relay) ---
|
|
|
|
# Bare host this relay and its names live under: the `@domain` in
|
|
# `name@domain` and the domain Caddy obtains a TLS certificate for.
|
|
FLOONET_DOMAIN=floonet.example
|
|
|
|
# Public base URL clients actually reach. LOAD-BEARING: NIP-98 auth events
|
|
# are verified against `<FLOONET_BASE_URL><path>`, so this MUST be https://
|
|
# and its host MUST equal FLOONET_DOMAIN (a port is allowed). A wrong value
|
|
# silently breaks every authenticated call. The authority refuses to start
|
|
# if it and FLOONET_DOMAIN disagree.
|
|
FLOONET_BASE_URL=https://floonet.example
|
|
|
|
# Comma-separated relays advertised in /.well-known/nostr.json. Point this
|
|
# at your own wss:// URL (normally wss://FLOONET_DOMAIN).
|
|
FLOONET_RELAYS=wss://floonet.example
|
|
|
|
# --- The kind whitelist (the keystone) ---
|
|
|
|
# Comma-separated event kinds the relay stores. DEFAULT-DENY: anything not
|
|
# listed here is rejected at ingest. The shipped set is exactly what the
|
|
# Goblin wallet uses:
|
|
# 0 profile, 3 contacts, 5 delete (NIP-09), 13 seal, 1059 gift wrap
|
|
# (NIP-59), 10002 relay list (NIP-65), 10050 DM relays (NIP-17),
|
|
# 27235 NIP-98 HTTP auth
|
|
# To accept another kind, add it here and restart the relay.
|
|
FLOONET_ALLOWED_KINDS=0,3,5,13,1059,10002,10050,27235
|
|
|
|
# --- Authentication (optional) ---
|
|
|
|
# Require NIP-42 AUTH before accepting writes. Set to true AND flip
|
|
# relay.auth.enabled to true in deploy/strfry/strfry.conf (strfry issues the
|
|
# challenges; the plugin enforces the requirement).
|
|
FLOONET_REQUIRE_AUTH=false
|
|
|
|
# --- Charge GRIN for your relay (optional; all off by default) ---
|
|
|
|
# off = everything free
|
|
# name = claiming a name@domain costs FLOONET_NAME_PRICE_GRIN
|
|
# write = publishing to the relay needs a one-time payment of
|
|
# FLOONET_WRITE_PRICE_GRIN (clients must also NIP-42 AUTH, since
|
|
# payment grants are per pubkey)
|
|
FLOONET_PAY_MODE=off
|
|
|
|
# Prices, in GRIN (decimals allowed, e.g. 1.5). You set the price; edit and
|
|
# restart, no code change.
|
|
FLOONET_NAME_PRICE_GRIN=0
|
|
FLOONET_WRITE_PRICE_GRIN=0
|
|
|
|
# Your GoblinPay server (https://code.gri.mw/GRIN/GoblinPay). The authority
|
|
# creates invoices there and payers land on its hosted pay page.
|
|
GOBLINPAY_URL=
|
|
# The GoblinPay API token (GP_API_TOKEN on the GoblinPay side).
|
|
GOBLINPAY_TOKEN=
|
|
# Optional: GoblinPay webhook secret. When set, point a GoblinPay webhook at
|
|
# https://FLOONET_DOMAIN/api/v1/goblinpay/webhook and payments confirm
|
|
# instantly instead of on the next status poll.
|
|
GOBLINPAY_WEBHOOK_SECRET=
|
|
|
|
# Seconds the write policy plugin caches paid-status verdicts.
|
|
FLOONET_PAID_CACHE_SECS=60
|
|
|
|
# --- Mixnet exit (optional) ---
|
|
|
|
# Uncomment to ALSO run the bundled scoped mixnet exit, so wallets can reach
|
|
# this relay over the mixnet. The exit forwards ONLY to this stack's own TLS
|
|
# front (never arbitrary targets) and sees only ciphertext. On first start it
|
|
# prints (and stores) its stable mixnet address; publish that address in the
|
|
# relay pool listing so wallets can use it.
|
|
#COMPOSE_PROFILES=exit
|
|
|
|
# Where the exit pipes accepted streams. The default is this stack's own
|
|
# proxy; only change it if your TLS terminates elsewhere.
|
|
FLOONET_EXIT_UPSTREAM=caddy:443
|
|
|
|
# --- Name authority policy tunables ---
|
|
|
|
# Seconds a key must wait to claim a new name after releasing one (anti-churn).
|
|
FLOONET_NAME_CHANGE_COOLDOWN_SECS=600
|
|
|
|
# Max age (seconds) of an accepted NIP-98 auth event.
|
|
FLOONET_AUTH_MAX_AGE_SECS=60
|
|
|
|
# Allowed name length, in characters.
|
|
FLOONET_NAME_MIN=3
|
|
FLOONET_NAME_MAX=20
|
|
|
|
# --- Rate-limit ceilings (per X-Real-IP) ---
|
|
|
|
# Read endpoints: max requests per window / window length in seconds.
|
|
FLOONET_READ_RATE_MAX=120
|
|
FLOONET_READ_RATE_WINDOW_SECS=60
|
|
|
|
# Write endpoints (register/release/quote).
|
|
FLOONET_WRITE_RATE_MAX=10
|
|
FLOONET_WRITE_RATE_WINDOW_SECS=3600
|
|
|
|
# --- Optional ---
|
|
|
|
# Path to a file of additional reserved names (one per line, # comments).
|
|
# Extends the built-in generic list and your domain's own labels (which are
|
|
# always reserved). Leave unset to use only those defaults.
|
|
#FLOONET_RESERVED_FILE=/etc/floonet-authority.reserved
|