Added initial NOSTR support; NIP-05 compliance.
Signed-off-by: Derek Smith <derek@farscapian.com>
This commit is contained in:
parent
11f9389f95
commit
b38d129f56
@ -9,6 +9,7 @@ export DEPLOY_UMBREL_VPS=false
|
||||
# if true, then we deploy a VPS with Jitsi/Matrix
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_MATRIX=false
|
||||
export DEPLOY_NOSTR=false
|
||||
export DEPLOY_ONION_SITE=false
|
||||
export DEPLOY_NEXTCLOUD=false
|
||||
export DEPLOY_GITEA=false
|
||||
|
18
shared.sh
18
shared.sh
@ -38,6 +38,7 @@ export DUPLICITY_BACKUP_PASSPHRASE="$(new_pass)"
|
||||
#export DEPLOY_UMBREL_VPS=false
|
||||
export DEPLOY_GHOST=true
|
||||
export DEPLOY_MATRIX=true
|
||||
export DEPLOY_NOSTR=false
|
||||
export DEPLOY_NEXTCLOUD=true
|
||||
export DEPLOY_ONION_SITE=false
|
||||
# valid options: 'testnet' and 'mainnet'
|
||||
@ -188,6 +189,18 @@ if [ "$DEPLOY_MATRIX" = true ]; then
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||
if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
|
||||
echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$NOSTR_ADMIN_ACCOUNT_PUBKEY" ]; then
|
||||
echo "ERROR: Ensure NOSTR_ADMIN_ACCOUNT_PUBKEY is configured in your site_definition."
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -z "$DUPLICITY_BACKUP_PASSPHRASE" ]; then
|
||||
echo "ERROR: Ensure DUPLICITY_BACKUP_PASSPHRASE is configured in your site_definition."
|
||||
exit 1
|
||||
@ -224,3 +237,8 @@ if [ -z "$DEPLOY_UMBREL_VPS" ]; then
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [ -z "$NOSTR_ACCOUNT_PUBKEY" ]; then
|
||||
echo "ERROR: You MUST specify a Nostr public key. This is how you get all your social features."
|
||||
echo "INFO: Go to your site_definition file and set the NOSTR_ACCOUNT_PUBKEY variable."
|
||||
exit 1
|
||||
fi
|
||||
|
@ -143,6 +143,15 @@ fi
|
||||
|
||||
|
||||
|
||||
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||
# TODO
|
||||
|
||||
|
||||
EOL
|
||||
fi
|
||||
|
||||
|
||||
if [ "$DEPLOY_GITEA" = true ]; then
|
||||
cat >>"$DOCKER_YAML_PATH" <<EOL
|
||||
gitea:
|
||||
|
@ -40,10 +40,17 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name ${DOMAIN_NAME};
|
||||
return 301 https://${FQDN}\$request_uri;
|
||||
}
|
||||
|
||||
server_name ${DOMAIN_NAME};
|
||||
|
||||
location / {
|
||||
# request MAY get another redirect at https://domain.tld for www.
|
||||
return 301 https://${DOMAIN_NAME}\$request_uri;
|
||||
}
|
||||
}
|
||||
EOL
|
||||
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# http://${FQDN} redirect to https://${FQDN}
|
||||
server {
|
||||
listen 80;
|
||||
@ -127,12 +134,38 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${DOMAIN_NAME};
|
||||
return 301 https://${FQDN}\$request_uri;
|
||||
|
||||
EOL
|
||||
###########################################
|
||||
|
||||
if [ "$DEPLOY_NOSTR" = true ]; then
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# We return a JSON object with name/pubkey mapping per NIP05.
|
||||
# https://www.reddit.com/r/nostr/comments/rrzk76/nip05_mapping_usernames_to_dns_domains_by_fiatjaf/sssss
|
||||
# TODO I'm not sure about the security of this Access-Control-Allow-Origin. Read up and restrict it if possible.
|
||||
location = /.well-known/nostr.json {
|
||||
add_header Content-Type application/json;
|
||||
add_header Access-Control-Allow-Origin *;
|
||||
return 200 '{ "names": { "_": "${NOSTR_ACCOUNT_PUBKEY}" } }';
|
||||
}
|
||||
|
||||
access_log /var/log/nginx/ghost-access.log;
|
||||
error_log /var/log/nginx/ghost-error.log;
|
||||
EOL
|
||||
fi
|
||||
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
# catch all; send request to ${FQDN}
|
||||
location / {
|
||||
return 301 https://${FQDN}\$request_uri;
|
||||
}
|
||||
EOL
|
||||
#####################################################
|
||||
cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
}
|
||||
|
||||
#access_log /var/log/nginx/ghost-access.log;
|
||||
#error_log /var/log/nginx/ghost-error.log;
|
||||
|
||||
EOL
|
||||
|
||||
@ -148,6 +181,7 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
server_name ${FQDN};
|
||||
|
||||
EOL
|
||||
@ -324,12 +358,12 @@ cat >>"$NGINX_CONF_PATH" <<EOL
|
||||
listen [::]:443 ssl http2;
|
||||
|
||||
# for the federation port
|
||||
listen 8448 ssl http2;
|
||||
listen [::]:8448 ssl http2;
|
||||
listen 8448 ssl http2 default_server;
|
||||
listen [::]:8448 ssl http2 default_server;
|
||||
|
||||
server_name ${MATRIX_FQDN};
|
||||
|
||||
location ~* ^(\/_matrix|\/_synapse\/client) {
|
||||
location ~ ^(/_matrix|/_synapse/client) {
|
||||
proxy_pass http://matrix:8008;
|
||||
proxy_set_header X-Forwarded-For \$remote_addr;
|
||||
proxy_set_header X-Forwarded-Proto \$scheme;
|
||||
|
Loading…
Reference in New Issue
Block a user