Added initial NOSTR support; NIP-05 compliance.

Signed-off-by: Derek Smith <derek@farscapian.com>

defaults.sh

@@ -9,6 +9,7 @@ export DEPLOY_UMBREL_VPS=false
 # if true, then we deploy a VPS with Jitsi/Matrix
 export DEPLOY_GHOST=true
 export DEPLOY_MATRIX=false
+export DEPLOY_NOSTR=false
 export DEPLOY_ONION_SITE=false
 export DEPLOY_NEXTCLOUD=false
 export DEPLOY_GITEA=false

shared.sh

@@ -38,6 +38,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
 #export DEPLOY_UMBREL_VPS=false
 export DEPLOY_GHOST=true
 export DEPLOY_MATRIX=true
+export DEPLOY_NOSTR=false
 export DEPLOY_NEXTCLOUD=true
 export DEPLOY_ONION_SITE=false
 # valid options: 'testnet' and 'mainnet'
@@ -188,6 +189,18 @@ if [ "$DEPLOY_MATRIX" = true ]; then
     fi
 fi
 
+if [ "$DEPLOY_NOSTR" = true ]; then
+    if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
+        echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
+        exit 1
+    fi
+
+    if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
+        echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
+        exit 1
+    fi    
+fi
+
 if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
     echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
     exit 1
@@ -224,3 +237,8 @@ if [ -z "$DEPLOY_UMBREL_VPS" ]; then
     exit 1
 fi
 
+if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then 
+    echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
+    echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
+    exit 1
+fi

stub_docker_yml.sh

@@ -143,6 +143,15 @@ fi
 
 
 
+if [ "$DEPLOY_NOSTR" = true ]; then
+cat >>"$DOCKER_YAML_PATH" <<EOL
+  # TODO
+
+
+EOL
+fi
+
+
 if [ "$DEPLOY_GITEA" = true ]; then
 cat >>"$DOCKER_YAML_PATH" <<EOL
   gitea:

stub_nginxconf.sh

@@ -40,10 +40,17 @@ cat >>"$NGINX_CONF_PATH" <<EOL
     server {
         listen 80;
         listen [::]:80;
-        server_name ${DOMAIN_NAME};
-        return 301 https://${FQDN}\$request_uri;
-    }
         
+        server_name ${DOMAIN_NAME};
+
+        location / {
+            # request MAY get another redirect at https://domain.tld for www.
+            return 301 https://${DOMAIN_NAME}\$request_uri;
+        }
+    }
+EOL
+
+cat >>"$NGINX_CONF_PATH" <<EOL
     # http://${FQDN} redirect to https://${FQDN}
     server {
         listen 80;
@@ -127,12 +134,38 @@ cat >>"$NGINX_CONF_PATH" <<EOL
     server {
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
+        
         server_name ${DOMAIN_NAME};
-        return 301 https://${FQDN}\$request_uri;
+
+EOL
+###########################################
+
+if [ "$DEPLOY_NOSTR" = true ]; then
+cat >>"$NGINX_CONF_PATH" <<EOL
+        # We return a JSON object with name/pubkey mapping per NIP05.
+        # https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
+        # TODO I'm not sure about the security of this Access-Control-Allow-Origin. Read up and restrict it if possible.
+        location = /.well-known/nostr.json {
+            add_header Content-Type application/json;
+            add_header Access-Control-Allow-Origin *;
+            return 200 '{ "names": { "_": "${NOSTR_ACCOUNT_PUBKEY}" } }';
+        }
+        
+EOL
+fi
+
+cat >>"$NGINX_CONF_PATH" <<EOL
+        # catch all; send request to ${FQDN}
+        location / {
+            return 301 https://${FQDN}\$request_uri;
+        }
+EOL
+#####################################################
+cat >>"$NGINX_CONF_PATH" <<EOL
     }
 
-    access_log /var/log/nginx/ghost-access.log;
+    #access_log /var/log/nginx/ghost-access.log;
-    error_log /var/log/nginx/ghost-error.log;
+    #error_log /var/log/nginx/ghost-error.log;
 
 EOL
 
@@ -148,6 +181,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
     server {
         listen 443 ssl http2;
         listen [::]:443 ssl http2;
+
         server_name ${FQDN};
 
 EOL
@@ -324,12 +358,12 @@ cat >>"$NGINX_CONF_PATH" <<EOL
         listen [::]:443 ssl http2;
         
         # for the federation port
-        listen 8448 ssl http2;
+        listen 8448 ssl http2 default_server;
-        listen [::]:8448 ssl http2;
+        listen [::]:8448 ssl http2 default_server;
 
         server_name ${MATRIX_FQDN};
         
-        location ~* ^(\/_matrix|\/_synapse\/client) {
+        location ~ ^(/_matrix|/_synapse/client) {
             proxy_pass http://matrix:8008;
             proxy_set_header X-Forwarded-For \$remote_addr;
             proxy_set_header X-Forwarded-Proto \$scheme;