forked from ss/sovereign-stack
Added initial NOSTR support; NIP-05 compliance.
Signed-off-by: Derek Smith <derek@farscapian.com>
This commit is contained in:
parent
11f9389f95
commit
b38d129f56
@ -9,6 +9,7 @@ export DEPLOY_UMBREL_VPS=false
|
|||||||
# if true, then we deploy a VPS with Jitsi/Matrix
|
# if true, then we deploy a VPS with Jitsi/Matrix
|
||||||
export DEPLOY_GHOST=true
|
export DEPLOY_GHOST=true
|
||||||
export DEPLOY_MATRIX=false
|
export DEPLOY_MATRIX=false
|
||||||
|
export DEPLOY_NOSTR=false
|
||||||
export DEPLOY_ONION_SITE=false
|
export DEPLOY_ONION_SITE=false
|
||||||
export DEPLOY_NEXTCLOUD=false
|
export DEPLOY_NEXTCLOUD=false
|
||||||
export DEPLOY_GITEA=false
|
export DEPLOY_GITEA=false
|
||||||
|
18
shared.sh
18
shared.sh
@ -38,6 +38,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
|||||||
#export DEPLOY_UMBREL_VPS=false
|
#export DEPLOY_UMBREL_VPS=false
|
||||||
export DEPLOY_GHOST=true
|
export DEPLOY_GHOST=true
|
||||||
export DEPLOY_MATRIX=true
|
export DEPLOY_MATRIX=true
|
||||||
|
export DEPLOY_NOSTR=false
|
||||||
export DEPLOY_NEXTCLOUD=true
|
export DEPLOY_NEXTCLOUD=true
|
||||||
export DEPLOY_ONION_SITE=false
|
export DEPLOY_ONION_SITE=false
|
||||||
# valid options: 'testnet' and 'mainnet'
|
# valid options: 'testnet' and 'mainnet'
|
||||||
@ -188,6 +189,18 @@ if [ "$DEPLOY_MATRIX" = true ]; then
|
|||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||||
|
if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
|
||||||
|
echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
|
||||||
|
echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
||||||
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
|
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
|
||||||
exit 1
|
exit 1
|
||||||
@ -224,3 +237,8 @@ if [ -z "$DEPLOY_UMBREL_VPS" ]; then
|
|||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||||
|
echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
|
||||||
|
echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
@ -143,6 +143,15 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||||
|
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||||
|
# TODO
|
||||||
|
|
||||||
|
|
||||||
|
EOL
|
||||||
|
fi
|
||||||
|
|
||||||
|
|
||||||
if [ "$DEPLOY_GITEA" = true ]; then
|
if [ "$DEPLOY_GITEA" = true ]; then
|
||||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||||
gitea:
|
gitea:
|
||||||
|
@ -40,10 +40,17 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
|||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
listen [::]:80;
|
listen [::]:80;
|
||||||
|
|
||||||
server_name ${DOMAIN_NAME};
|
server_name ${DOMAIN_NAME};
|
||||||
return 301 https://${FQDN}\$request_uri;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
location / {
|
||||||
|
# request MAY get another redirect at https://domain.tld for www.
|
||||||
|
return 301 https://${DOMAIN_NAME}\$request_uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
EOL
|
||||||
|
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
# http://${FQDN} redirect to https://${FQDN}
|
# http://${FQDN} redirect to https://${FQDN}
|
||||||
server {
|
server {
|
||||||
listen 80;
|
listen 80;
|
||||||
@ -127,12 +134,38 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
|||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
server_name ${DOMAIN_NAME};
|
server_name ${DOMAIN_NAME};
|
||||||
return 301 https://${FQDN}\$request_uri;
|
|
||||||
|
EOL
|
||||||
|
###########################################
|
||||||
|
|
||||||
|
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
# We return a JSON object with name/pubkey mapping per NIP05.
|
||||||
|
# https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
|
||||||
|
# TODO I'm not sure about the security of this Access-Control-Allow-Origin. Read up and restrict it if possible.
|
||||||
|
location = /.well-known/nostr.json {
|
||||||
|
add_header Content-Type application/json;
|
||||||
|
add_header Access-Control-Allow-Origin *;
|
||||||
|
return 200 '{ "names": { "_": "${NOSTR_ACCOUNT_PUBKEY}" } }';
|
||||||
|
}
|
||||||
|
|
||||||
|
EOL
|
||||||
|
fi
|
||||||
|
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
|
# catch all; send request to ${FQDN}
|
||||||
|
location / {
|
||||||
|
return 301 https://${FQDN}\$request_uri;
|
||||||
|
}
|
||||||
|
EOL
|
||||||
|
#####################################################
|
||||||
|
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||||
}
|
}
|
||||||
|
|
||||||
access_log /var/log/nginx/ghost-access.log;
|
#access_log /var/log/nginx/ghost-access.log;
|
||||||
error_log /var/log/nginx/ghost-error.log;
|
#error_log /var/log/nginx/ghost-error.log;
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
|
|
||||||
@ -148,6 +181,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
|||||||
server {
|
server {
|
||||||
listen 443 ssl http2;
|
listen 443 ssl http2;
|
||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
server_name ${FQDN};
|
server_name ${FQDN};
|
||||||
|
|
||||||
EOL
|
EOL
|
||||||
@ -324,12 +358,12 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
|||||||
listen [::]:443 ssl http2;
|
listen [::]:443 ssl http2;
|
||||||
|
|
||||||
# for the federation port
|
# for the federation port
|
||||||
listen 8448 ssl http2;
|
listen 8448 ssl http2 default_server;
|
||||||
listen [::]:8448 ssl http2;
|
listen [::]:8448 ssl http2 default_server;
|
||||||
|
|
||||||
server_name ${MATRIX_FQDN};
|
server_name ${MATRIX_FQDN};
|
||||||
|
|
||||||
location ~* ^(\/_matrix|\/_synapse\/client) {
|
location ~ ^(/_matrix|/_synapse/client) {
|
||||||
proxy_pass http://matrix:8008;
|
proxy_pass http://matrix:8008;
|
||||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||||
|
Loading…
Reference in New Issue
Block a user