Added initial NOSTR support; NIP-05 compliance.

Signed-off-by: Derek Smith <derek@farscapian.com>
2022-04-22 15:38:42 -04:00 · 2022-04-22 15:38:42 -04:00 · b38d129f56
parent 11f9389f95
commit b38d129f56
4 changed files with 70 additions and 8 deletions
--- a/defaults.sh
+++ b/defaults.sh
@ -9,6 +9,7 @@ export DEPLOY_UMBREL_VPS=false
 # if true, then we deploy a VPS with Jitsi/Matrix
 export DEPLOY_GHOST=true
 export DEPLOY_MATRIX=false
+export DEPLOY_NOSTR=false
 export DEPLOY_ONION_SITE=false
 export DEPLOY_NEXTCLOUD=false
 export DEPLOY_GITEA=false
--- a/shared.sh
+++ b/shared.sh
@ -38,6 +38,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
 #export DEPLOY_UMBREL_VPS=false
 export DEPLOY_GHOST=true
 export DEPLOY_MATRIX=true
+export DEPLOY_NOSTR=false
 export DEPLOY_NEXTCLOUD=true
 export DEPLOY_ONION_SITE=false
 # valid options: 'testnet' and 'mainnet'
@ -188,6 +189,18 @@ if [ "$DEPLOY_MATRIX" = true ]; then
    fi
 fi

+if [ "$DEPLOY_NOSTR" = true ]; then
+    if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
+        echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
+        exit 1
+    fi
+
+    if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
+        echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
+        exit 1
+    fi    
+fi
+
 if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
    echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
    exit 1
@ -224,3 +237,8 @@ if [ -z "$DEPLOY_UMBREL_VPS" ]; then
    exit 1
 fi

+if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then 
+    echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
+    echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
+    exit 1
+fi
--- a/stub_docker_yml.sh
+++ b/stub_docker_yml.sh
@ -143,6 +143,15 @@ fi



+if [ "$DEPLOY_NOSTR" = true ]; then
+cat >>"$DOCKER_YAML_PATH" <<EOL
+  # TODO
+
+
+EOL
+fi
+
+
 if [ "$DEPLOY_GITEA" = true ]; then
 cat >>"$DOCKER_YAML_PATH" <<EOL
  gitea:
--- a/stub_nginxconf.sh
+++ b/stub_nginxconf.sh
@ -40,10 +40,17 @@ cat >>"$NGINX_CONF_PATH" <<EOL
    server {
        listen 80;
        listen [::]:80;
+        
        server_name ${DOMAIN_NAME};
-        return 301 https://${FQDN}\$request_uri;
-    }

+        location / {
+            # request MAY get another redirect at https://domain.tld for www.
+            return 301 https://${DOMAIN_NAME}\$request_uri;
+        }
+    }
+EOL
+
+cat >>"$NGINX_CONF_PATH" <<EOL
    # http://${FQDN} redirect to https://${FQDN}
    server {
        listen 80;
@ -127,12 +134,38 @@ cat >>"$NGINX_CONF_PATH" <<EOL
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
+        
        server_name ${DOMAIN_NAME};
-        return 301 https://${FQDN}\$request_uri;
+
+EOL
+###########################################
+
+if [ "$DEPLOY_NOSTR" = true ]; then
+cat >>"$NGINX_CONF_PATH" <<EOL
+        # We return a JSON object with name/pubkey mapping per NIP05.
+        # https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
+        # TODO I'm not sure about the security of this Access-Control-Allow-Origin. Read up and restrict it if possible.
+        location = /.well-known/nostr.json {
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+            return 200 '{ "names": { "_": "${NOSTR_ACCOUNT_PUBKEY}" } }';
+        }
+        
+EOL
+fi
+
+cat >>"$NGINX_CONF_PATH" <<EOL
+        # catch all; send request to ${FQDN}
+        location / {
+            return 301 https://${FQDN}\$request_uri;
+        }
+EOL
+#####################################################
+cat >>"$NGINX_CONF_PATH" <<EOL
    }

-    access_log /var/log/nginx/ghost-access.log;
-    error_log /var/log/nginx/ghost-error.log;
+    #access_log /var/log/nginx/ghost-access.log;
+    #error_log /var/log/nginx/ghost-error.log;

 EOL

@ -148,6 +181,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
    server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;
+
        server_name ${FQDN};

 EOL
@ -324,12 +358,12 @@ cat >>"$NGINX_CONF_PATH" <<EOL
        listen [::]:443 ssl http2;
        
        # for the federation port
-        listen 8448 ssl http2;
-        listen [::]:8448 ssl http2;
+        listen 8448 ssl http2 default_server;
+        listen [::]:8448 ssl http2 default_server;

        server_name ${MATRIX_FQDN};
        
-        location ~* ^(\/_matrix|\/_synapse\/client) {
+        location ~ ^(/_matrix|/_synapse/client) {
            proxy_pass http://matrix:8008;
            proxy_set_header X-Forwarded-For \$remote_addr;
            proxy_set_header X-Forwarded-Proto \$scheme;