868cc84b20
Match the advertised maxWebsocketPayloadSize so a maximum-size NIP-59 gift-wrapped slatepack payment (~66 KiB worst case) is accepted; the old 64 KiB cap could silently reject the largest payments on the money path.
135 lines
4.5 KiB
Plaintext
135 lines
4.5 KiB
Plaintext
##
|
|
## floonet-strfry relay configuration.
|
|
##
|
|
## strfry (https://github.com/hoytech/strfry) is a high-performance C++/LMDB
|
|
## relay. strfry core ships stock; all Floonet policy lives in the write
|
|
## policy plugin (plugin/floonet_writepolicy.py), which enforces a
|
|
## default-deny kind whitelist and the optional auth and paid-write gates.
|
|
## The plugin reads its configuration from environment variables set on the
|
|
## strfry process (see .env.example at the repo root).
|
|
##
|
|
|
|
# Directory that contains the strfry LMDB database. Mounted as a volume so
|
|
# the data survives container restarts.
|
|
db = "/strfry-db/"
|
|
|
|
dbParams {
|
|
maxreaders = 256
|
|
# 10 TB virtual mmap; does NOT preallocate disk.
|
|
mapsize = 10995116277760
|
|
noReadAhead = false
|
|
}
|
|
|
|
events {
|
|
# Reject oversized events. 128 KiB matches maxWebsocketPayloadSize below and
|
|
# fits a maximum-size NIP-59 gift-wrapped slatepack payment (~66 KiB worst
|
|
# case per the wallet's relay research), which the old 64 KiB cap could
|
|
# silently reject.
|
|
maxEventSize = 131072
|
|
|
|
# Clock-skew tolerance for future-dated events. NIP-59 gift wraps tweak
|
|
# created_at backwards (up to ~2 days), so they are unaffected by the
|
|
# future bound; keep it tight (the strfry default) to limit future-dated
|
|
# spam and replaceable-event games.
|
|
rejectEventsNewerThanSeconds = 900
|
|
|
|
# Accept back-dated events for a long window; gift-wrap timestamp
|
|
# tweaking stays far inside this (~3 years).
|
|
rejectEventsOlderThanSeconds = 94608000
|
|
|
|
rejectEphemeralEventsOlderThanSeconds = 60
|
|
ephemeralEventsLifetimeSeconds = 300
|
|
maxNumTags = 2000
|
|
maxTagValSize = 1024
|
|
}
|
|
|
|
relay {
|
|
# Listen on all interfaces inside the container; the reverse proxy in
|
|
# front is the only thing that reaches it.
|
|
bind = "0.0.0.0"
|
|
port = 7777
|
|
nofiles = 524288
|
|
|
|
# The reverse proxy (Caddy/nginx) sets this from the real client address.
|
|
# Used for logging and any IP-based policy.
|
|
realIpHeader = "x-real-ip"
|
|
|
|
auth {
|
|
# NIP-42 authentication. OFF by default: wallets publish and read
|
|
# gift wraps without authenticating. To require AUTH before writes,
|
|
# set enabled = true here AND FLOONET_REQUIRE_AUTH=true in the
|
|
# environment (the plugin enforces; strfry only issues challenges).
|
|
enabled = false
|
|
serviceUrl = ""
|
|
}
|
|
|
|
info {
|
|
# NIP-11 relay information document, served on GET / with
|
|
# `Accept: application/nostr+json`. Deliberately neutral: this
|
|
# metadata says nothing about what clients exchange over the relay.
|
|
# `nips` empty = advertise strfry's built-in supported NIPs;
|
|
# `software`/`version` are filled automatically.
|
|
name = "Floonet Relay"
|
|
description = "A strfry Floonet relay for the Grin community Nostr network."
|
|
pubkey = ""
|
|
contact = ""
|
|
# The bundled proxy serves the Floonet logo at /floonet-logo.svg.
|
|
# Set to your own domain, e.g. "https://your.domain/floonet-logo.svg".
|
|
icon = ""
|
|
nips = ""
|
|
}
|
|
|
|
maxWebsocketPayloadSize = 131072
|
|
maxReqFilterSize = 200
|
|
autoPingSeconds = 55
|
|
enableTcpKeepalive = true
|
|
queryTimesliceBudgetMicroseconds = 10000
|
|
# Plenty for a wallet's gift-wrap history scan; bounds a single REQ's work.
|
|
maxFilterLimit = 500
|
|
# A wallet keeps one live subscription plus a few one-shot fetches. Cap
|
|
# low so an unauthenticated client cannot open a flood of scanning subs.
|
|
maxSubsPerConnection = 20
|
|
maxPendingOutboundBytes = 33554432
|
|
|
|
writePolicy {
|
|
# The Floonet policy plugin: default-deny kind whitelist plus the
|
|
# optional NIP-42 and paid-write gates. Configured via FLOONET_*
|
|
# environment variables (see the plugin header and .env.example).
|
|
plugin = "/usr/local/bin/floonet_writepolicy.py"
|
|
timeoutSeconds = 10
|
|
}
|
|
|
|
compression {
|
|
enabled = true
|
|
slidingWindow = true
|
|
}
|
|
|
|
logging {
|
|
dumpInAll = false
|
|
dumpInEvents = false
|
|
dumpInReqs = false
|
|
dbScanPerf = false
|
|
invalidEvents = true
|
|
}
|
|
|
|
numThreads {
|
|
ingester = 3
|
|
reqWorker = 3
|
|
reqMonitor = 3
|
|
negentropy = 2
|
|
}
|
|
|
|
negentropy {
|
|
# Set reconciliation (NIP-77) so community mirrors can sync cheaply.
|
|
enabled = true
|
|
maxSyncEvents = 1000000
|
|
}
|
|
|
|
filterValidation {
|
|
# Leave OFF: wallets legitimately query several kinds in one filter,
|
|
# which strict validation (maxKindsPerFilter) would reject. Stored
|
|
# kinds are restricted by the write policy above.
|
|
enabled = false
|
|
}
|
|
}
|