Added initial NOSTR support; NIP-05 compliance.

Signed-off-by: Derek Smith <derek@farscapian.com>
This commit is contained in:
Derek Smith 2022-04-22 15:38:42 -04:00
parent 11f9389f95
commit b38d129f56
Signed by: farscapian
GPG Key ID: 8F1CD799CCA516CC
4 changed files with 70 additions and 8 deletions

View File

@ -9,6 +9,7 @@ export DEPLOY_UMBREL_VPS=false
# if true, then we deploy a VPS with Jitsi/Matrix
export DEPLOY_GHOST=true
export DEPLOY_MATRIX=false
export DEPLOY_NOSTR=false
export DEPLOY_ONION_SITE=false
export DEPLOY_NEXTCLOUD=false
export DEPLOY_GITEA=false

View File

@ -38,6 +38,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
#export DEPLOY_UMBREL_VPS=false
export DEPLOY_GHOST=true
export DEPLOY_MATRIX=true
export DEPLOY_NOSTR=false
export DEPLOY_NEXTCLOUD=true
export DEPLOY_ONION_SITE=false
# valid options: 'testnet' and 'mainnet'
@ -188,6 +189,18 @@ if [ "$DEPLOY_MATRIX" = true ]; then
fi
fi
if [ "$DEPLOY_NOSTR" = true ]; then
if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
exit 1
fi
if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
exit 1
fi
fi
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
exit 1
@ -224,3 +237,8 @@ if [ -z "$DEPLOY_UMBREL_VPS" ]; then
exit 1
fi
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
exit 1
fi

View File

@ -143,6 +143,15 @@ fi
if [ "$DEPLOY_NOSTR" = true ]; then
cat >>"$DOCKER_YAML_PATH" <<EOL
# TODO
EOL
fi
if [ "$DEPLOY_GITEA" = true ]; then
cat >>"$DOCKER_YAML_PATH" <<EOL
gitea:

View File

@ -40,10 +40,17 @@ cat >>"$NGINX_CONF_PATH" <<EOL
server {
listen 80;
listen [::]:80;
server_name ${DOMAIN_NAME};
return 301 https://${FQDN}\$request_uri;
}
server_name ${DOMAIN_NAME};
location / {
# request MAY get another redirect at https://domain.tld for www.
return 301 https://${DOMAIN_NAME}\$request_uri;
}
}
EOL
cat >>"$NGINX_CONF_PATH" <<EOL
# http://${FQDN} redirect to https://${FQDN}
server {
listen 80;
@ -127,12 +134,38 @@ cat >>"$NGINX_CONF_PATH" <<EOL
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${DOMAIN_NAME};
return 301 https://${FQDN}\$request_uri;
EOL
###########################################
if [ "$DEPLOY_NOSTR" = true ]; then
cat >>"$NGINX_CONF_PATH" <<EOL
# We return a JSON object with name/pubkey mapping per NIP05.
# https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
# TODO I'm not sure about the security of this Access-Control-Allow-Origin. Read up and restrict it if possible.
location = /.well-known/nostr.json {
add_header Content-Type application/json;
add_header Access-Control-Allow-Origin *;
return 200 '{ "names": { "_": "${NOSTR_ACCOUNT_PUBKEY}" } }';
}
access_log /var/log/nginx/ghost-access.log;
error_log /var/log/nginx/ghost-error.log;
EOL
fi
cat >>"$NGINX_CONF_PATH" <<EOL
# catch all; send request to ${FQDN}
location / {
return 301 https://${FQDN}\$request_uri;
}
EOL
#####################################################
cat >>"$NGINX_CONF_PATH" <<EOL
}
#access_log /var/log/nginx/ghost-access.log;
#error_log /var/log/nginx/ghost-error.log;
EOL
@ -148,6 +181,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name ${FQDN};
EOL
@ -324,12 +358,12 @@ cat >>"$NGINX_CONF_PATH" <<EOL
listen [::]:443 ssl http2;
# for the federation port
listen 8448 ssl http2;
listen [::]:8448 ssl http2;
listen 8448 ssl http2 default_server;
listen [::]:8448 ssl http2 default_server;
server_name ${MATRIX_FQDN};
location ~* ^(\/_matrix|\/_synapse\/client) {
location ~ ^(/_matrix|/_synapse/client) {
proxy_pass http://matrix:8008;
proxy_set_header X-Forwarded-For \$remote_addr;
proxy_set_header X-Forwarded-Proto \$scheme;