From 488b08ffa8e26525ffa07a62ca238595f87bc194 Mon Sep 17 00:00:00 2001 From: Felix Zieger <67903933+felixzieger@users.noreply.github.com> Date: Fri, 21 Feb 2025 11:54:42 +0100 Subject: [PATCH 1/3] haven: init at 1.0.5 --- pkgs/by-name/ha/haven/package.nix | 33 +++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 pkgs/by-name/ha/haven/package.nix diff --git a/pkgs/by-name/ha/haven/package.nix b/pkgs/by-name/ha/haven/package.nix new file mode 100644 index 0000000000000..390770a86e63a --- /dev/null +++ b/pkgs/by-name/ha/haven/package.nix @@ -0,0 +1,33 @@ +{ + lib, + buildGoModule, + fetchFromGitHub, +}: + +buildGoModule rec { + pname = "haven"; + version = "1.0.5"; + + src = fetchFromGitHub { + owner = "bitvora"; + repo = "haven"; + rev = "v${version}"; + sha256 = "sha256-rSycrHW53TgqbsfgaRn3492EWtpu440GtbegozqnzMQ="; + }; + + vendorHash = "sha256-5d6C2sNG8aCaC+z+hyLgOiEPWP/NmAcRRbRVC4KuCEw="; + + postInstall = '' + mkdir -p $out/share/haven + cp -r $src/templates $out/share/haven/ + ''; + + meta = with lib; { + description = "High Availability Vault for Events on Nostr"; + homepage = "https://github.com/bitvora/haven"; + changelog = "https://github.com/bitvora/haven/releases/tag/v${version}"; + license = licenses.mit; + maintainers = with maintainers; [ felixzieger ]; + mainProgram = "haven"; + }; +} From 0609c194f99a3c41a9297a0fcc59343e2551ff5d Mon Sep 17 00:00:00 2001 From: Felix Zieger <67903933+felixzieger@users.noreply.github.com> Date: Fri, 21 Feb 2025 11:54:52 +0100 Subject: [PATCH 2/3] nixos/haven: init --- .../manual/release-notes/rl-2505.section.md | 2 + nixos/modules/module-list.nix | 1 + nixos/modules/services/web-apps/haven.nix | 243 ++++++++++++++++++ 3 files changed, 246 insertions(+) create mode 100644 nixos/modules/services/web-apps/haven.nix diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md index 4d7306ddf87ec..0eb029b337dd0 100644 --- a/nixos/doc/manual/release-notes/rl-2505.section.md +++ b/nixos/doc/manual/release-notes/rl-2505.section.md @@ -125,6 +125,8 @@ - [victorialogs][https://docs.victoriametrics.com/victorialogs/], log database from VictoriaMetrics. Available as [services.victorialogs](#opt-services.victorialogs.enable) +- [haven](https://github.com/bitvora/haven), is a high availability vault for events on nostr. Available as [services.haven](options.html#opt-services.haven.enable). + - [nostr-rs-relay](https://git.sr.ht/~gheartsfield/nostr-rs-relay/), This is a nostr relay, written in Rust. Available as [services.nostr-rs-relay](options.html#opt-services.nostr-rs-relay.enable). - [Prometheus Node Cert Exporter](https://github.com/amimof/node-cert-exporter), a prometheus exporter to check for SSL cert expiry. Available under [services.prometheus.exporters.node-cert](#opt-services.prometheus.exporters.node-cert.enable). diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix index a09388b9058a1..1a3213bef6490 100644 --- a/nixos/modules/module-list.nix +++ b/nixos/modules/module-list.nix @@ -1504,6 +1504,7 @@ ./services/web-apps/guacamole-client.nix ./services/web-apps/guacamole-server.nix ./services/web-apps/hatsu.nix + ./services/web-apps/haven.nix ./services/web-apps/healthchecks.nix ./services/web-apps/hedgedoc.nix ./services/web-apps/hledger-web.nix diff --git a/nixos/modules/services/web-apps/haven.nix b/nixos/modules/services/web-apps/haven.nix new file mode 100644 index 0000000000000..9fa801802648b --- /dev/null +++ b/nixos/modules/services/web-apps/haven.nix @@ -0,0 +1,243 @@ +{ + config, + pkgs, + lib, + ... +}: +let + cfg = config.services.haven; +in +{ + options.services.haven = { + enable = lib.mkEnableOption "haven"; + + package = lib.mkPackageOption pkgs "haven" { }; + + port = lib.mkOption { + default = 3355; + type = lib.types.port; + description = "Listen on this port."; + }; + + relayUrl = lib.mkOption { + type = lib.types.str; + description = "The URL of the relay."; + }; + + ownerNpub = lib.mkOption { + type = lib.types.str; + description = "The NPUB of the owner."; + }; + + ownerName = lib.mkOption { + type = lib.types.str; + description = "The name of the owner. Used for relay names and descriptions."; + default = "a nostrich"; + }; + + blastrRelays = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of relay configurations for blastr"; + example = lib.literalExpression '' + [ + "relay.example.com" + ] + ''; + }; + + importRelays = lib.mkOption { + type = lib.types.listOf lib.types.str; + default = [ ]; + description = "List of relay configurations for importing historical events"; + example = lib.literalExpression '' + [ + "relay.example.com" + ] + ''; + }; + + settings = lib.mkOption { + type = lib.types.attrsOf lib.types.str; + default = { }; + description = "Additional environment variables to set for the Haven service. See https://github.com/bitvora/haven for documentation."; + example = lib.literalExpression '' + { + PRIVATE_RELAY_NAME = "My Custom Relay Name"; + BACKUP_PROVIDER = "s3"; + } + ''; + }; + + environmentFile = lib.mkOption { + type = lib.types.nullOr lib.types.path; + default = null; + description = '' + Path to a file containing sensitive environment variables. See https://github.com/bitvora/haven for documentation. + The file should contain environment-variable assignments like: + S3_SECRET_KEY=mysecretkey + S3_ACCESS_KEY_ID=myaccesskey + ''; + example = "/var/lib/haven/secrets.env"; + }; + }; + + config = lib.mkIf cfg.enable { + users.users.haven = { + description = "Haven daemon user"; + group = "haven"; + isSystemUser = true; + }; + + users.groups.haven = { }; + + systemd.services.haven = { + description = "haven"; + wants = [ "network.target" ]; + wantedBy = [ "multi-user.target" ]; + environment = { + OWNER_NPUB = cfg.ownerNpub; + RELAY_URL = cfg.relayUrl; + RELAY_PORT = toString cfg.port; + RELAY_BIND_ADDRESS = "0.0.0.0"; # Can be set to a specific IP4 or IP6 address ("" for all interfaces) + DB_ENGINE = "badger"; # badger, lmdb (lmdb works best with an nvme, otherwise you might have stability issues) + LMDB_MAPSIZE = toString 0; # 0 for default (currently ~273GB), or set to a different size in bytes, e.g. 10737418240 for 10GB + BLOSSOM_PATH = "blossom/"; + + ## Private Relay Settings + PRIVATE_RELAY_NAME = " ${cfg.ownerName}'s private relay"; + PRIVATE_RELAY_NPUB = cfg.ownerNpub; + PRIVATE_RELAY_DESCRIPTION = "A safe place to store my drafts and ecash"; + PRIVATE_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + + ## Private Relay Rate Limiters + PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 50; + PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; + PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; + PRIVATE_RELAY_ALLOW_EMPTY_FILTERS = "true"; + PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS = "true"; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 5; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Chat Relay Settings + CHAT_RELAY_NAME = " ${cfg.ownerName}'s chat relay"; + CHAT_RELAY_NPUB = cfg.ownerNpub; + CHAT_RELAY_DESCRIPTION = "a relay for private chats"; + CHAT_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + CHAT_RELAY_WOT_DEPTH = toString 3; + CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS = toString 24; + CHAT_RELAY_MINIMUM_FOLLOWERS = toString 3; + + ## Chat Relay Rate Limiters + CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 50; + CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; + CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; + CHAT_RELAY_ALLOW_EMPTY_FILTERS = "false"; + CHAT_RELAY_ALLOW_COMPLEX_FILTERS = "false"; + CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 3; + CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Outbox Relay Settings + OUTBOX_RELAY_NAME = " ${cfg.ownerName}'s outbox relay"; + OUTBOX_RELAY_NPUB = cfg.ownerNpub; + OUTBOX_RELAY_DESCRIPTION = "a relay and Blossom server for public messages and media"; + OUTBOX_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + + ## Outbox Relay Rate Limiters + OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 10; + OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 60; + OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; + OUTBOX_RELAY_ALLOW_EMPTY_FILTERS = "false"; + OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS = "false"; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 1; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Inbox Relay Settings + INBOX_RELAY_NAME = " ${cfg.ownerName}'s inbox relay"; + INBOX_RELAY_NPUB = cfg.ownerNpub; + INBOX_RELAY_DESCRIPTION = "send your interactions with my notes here"; + INBOX_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + INBOX_PULL_INTERVAL_SECONDS = toString 600; + + ## Inbox Relay Rate Limiters + INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 10; + INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; + INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 20; + INBOX_RELAY_ALLOW_EMPTY_FILTERS = "false"; + INBOX_RELAY_ALLOW_COMPLEX_FILTERS = "false"; + INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 1; + INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Import Settings + IMPORT_START_DATE = "2025-01-01"; + IMPORT_QUERY_INTERVAL_SECONDS = toString 600; + IMPORT_SEED_RELAYS_FILE = "${pkgs.writeText "relays_import.json" ( + builtins.toJSON cfg.importRelays + )}"; + + ## Backup Settings + BACKUP_PROVIDER = "none"; # s3, none (or leave blank to disable) + BACKUP_INTERVAL_HOURS = toString 1; + + ## Generic S3 Bucket Backup Settings - REQUIRED IF BACKUP_PROVIDER="s3" + S3_ACCESS_KEY_ID = "access"; + S3_SECRET_KEY = "secret"; + S3_ENDPOINT = "nyc3.digitaloceanspaces.com"; + S3_REGION = "nyc3"; + S3_BUCKET_NAME = "backups"; + + ## Blastr Settings + BLASTR_RELAYS_FILE = "${pkgs.writeText "relays_blastr.json" (builtins.toJSON cfg.blastrRelays)}"; + } // cfg.settings; + + serviceConfig = { + ExecStart = "${cfg.package}/bin/haven"; + EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; + User = "haven"; + Group = "haven"; + Restart = "on-failure"; + Type = "simple"; + + RuntimeDirectory = "haven"; + StateDirectory = "haven"; + WorkingDirectory = "/var/lib/haven"; + + # Create symlink to templates in the working directory + ExecStartPre = "+${pkgs.coreutils}/bin/ln -sfT ${cfg.package}/share/haven/templates /var/lib/haven/templates"; + + PrivateTmp = true; + PrivateUsers = true; + PrivateDevices = true; + ProtectSystem = "strict"; + ProtectHome = true; + NoNewPrivileges = true; + MemoryDenyWriteExecute = true; + ProtectKernelTunables = true; + ProtectKernelModules = true; + ProtectKernelLogs = true; + ProtectClock = true; + ProtectProc = "invisible"; + ProcSubset = "pid"; + ProtectControlGroups = true; + LockPersonality = true; + RestrictSUIDSGID = true; + RemoveIPC = true; + RestrictRealtime = true; + ProtectHostname = true; + CapabilityBoundingSet = ""; + SystemCallFilter = [ + "@system-service" + ]; + SystemCallArchitectures = "native"; + }; + }; + }; + + meta.maintainers = with lib.maintainers; [ + felixzieger + ]; +} From 835a7120ae1da43c098f91d5f5c163ed91634dd9 Mon Sep 17 00:00:00 2001 From: Felix Date: Fri, 21 Feb 2025 16:29:35 +0100 Subject: [PATCH 3/3] haven: Apply suggestions from code review Co-authored-by: isabel --- nixos/modules/services/web-apps/haven.nix | 203 +++++++++++----------- pkgs/by-name/ha/haven/package.nix | 10 +- 2 files changed, 108 insertions(+), 105 deletions(-) diff --git a/nixos/modules/services/web-apps/haven.nix b/nixos/modules/services/web-apps/haven.nix index 9fa801802648b..f7806d90b0ba4 100644 --- a/nixos/modules/services/web-apps/haven.nix +++ b/nixos/modules/services/web-apps/haven.nix @@ -5,6 +5,105 @@ ... }: let + defaultConfig = { + OWNER_NPUB = cfg.ownerNpub; + RELAY_URL = cfg.relayUrl; + RELAY_PORT = toString cfg.port; + RELAY_BIND_ADDRESS = "0.0.0.0"; # Can be set to a specific IP4 or IP6 address ("" for all interfaces) + DB_ENGINE = "badger"; # badger, lmdb (lmdb works best with an nvme, otherwise you might have stability issues) + LMDB_MAPSIZE = toString 0; # 0 for default (currently ~273GB), or set to a different size in bytes, e.g. 10737418240 for 10GB + BLOSSOM_PATH = "blossom/"; + + ## Private Relay Settings + PRIVATE_RELAY_NAME = " ${cfg.ownerName}'s private relay"; + PRIVATE_RELAY_NPUB = cfg.ownerNpub; + PRIVATE_RELAY_DESCRIPTION = "A safe place to store my drafts and ecash"; + PRIVATE_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + + ## Private Relay Rate Limiters + PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 50; + PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; + PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; + PRIVATE_RELAY_ALLOW_EMPTY_FILTERS = "true"; + PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS = "true"; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 5; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Chat Relay Settings + CHAT_RELAY_NAME = " ${cfg.ownerName}'s chat relay"; + CHAT_RELAY_NPUB = cfg.ownerNpub; + CHAT_RELAY_DESCRIPTION = "a relay for private chats"; + CHAT_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + CHAT_RELAY_WOT_DEPTH = toString 3; + CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS = toString 24; + CHAT_RELAY_MINIMUM_FOLLOWERS = toString 3; + + ## Chat Relay Rate Limiters + CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 50; + CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; + CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; + CHAT_RELAY_ALLOW_EMPTY_FILTERS = "false"; + CHAT_RELAY_ALLOW_COMPLEX_FILTERS = "false"; + CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 3; + CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Outbox Relay Settings + OUTBOX_RELAY_NAME = " ${cfg.ownerName}'s outbox relay"; + OUTBOX_RELAY_NPUB = cfg.ownerNpub; + OUTBOX_RELAY_DESCRIPTION = "a relay and Blossom server for public messages and media"; + OUTBOX_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + + ## Outbox Relay Rate Limiters + OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 10; + OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 60; + OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; + OUTBOX_RELAY_ALLOW_EMPTY_FILTERS = "false"; + OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS = "false"; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 1; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Inbox Relay Settings + INBOX_RELAY_NAME = " ${cfg.ownerName}'s inbox relay"; + INBOX_RELAY_NPUB = cfg.ownerNpub; + INBOX_RELAY_DESCRIPTION = "send your interactions with my notes here"; + INBOX_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; + INBOX_PULL_INTERVAL_SECONDS = toString 600; + + ## Inbox Relay Rate Limiters + INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 10; + INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; + INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 20; + INBOX_RELAY_ALLOW_EMPTY_FILTERS = "false"; + INBOX_RELAY_ALLOW_COMPLEX_FILTERS = "false"; + INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; + INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 1; + INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; + + ## Import Settings + IMPORT_START_DATE = "2025-01-01"; + IMPORT_QUERY_INTERVAL_SECONDS = toString 600; + IMPORT_SEED_RELAYS_FILE = "${pkgs.writeText "relays_import.json" ( + builtins.toJSON cfg.importRelays + )}"; + + ## Backup Settings + BACKUP_PROVIDER = "none"; # s3, none (or leave blank to disable) + BACKUP_INTERVAL_HOURS = toString 1; + + ## Generic S3 Bucket Backup Settings - REQUIRED IF BACKUP_PROVIDER="s3" + S3_ACCESS_KEY_ID = "access"; + S3_SECRET_KEY = "secret"; + S3_ENDPOINT = "nyc3.digitaloceanspaces.com"; + S3_REGION = "nyc3"; + S3_BUCKET_NAME = "backups"; + + ## Blastr Settings + BLASTR_RELAYS_FILE = "${pkgs.writeText "relays_blastr.json" (builtins.toJSON cfg.blastrRelays)}"; + }; + cfg = config.services.haven; in { @@ -60,6 +159,7 @@ in settings = lib.mkOption { type = lib.types.attrsOf lib.types.str; default = { }; + apply = lib.mergeAttrs defaultConfig; description = "Additional environment variables to set for the Haven service. See https://github.com/bitvora/haven for documentation."; example = lib.literalExpression '' { @@ -95,108 +195,11 @@ in description = "haven"; wants = [ "network.target" ]; wantedBy = [ "multi-user.target" ]; - environment = { - OWNER_NPUB = cfg.ownerNpub; - RELAY_URL = cfg.relayUrl; - RELAY_PORT = toString cfg.port; - RELAY_BIND_ADDRESS = "0.0.0.0"; # Can be set to a specific IP4 or IP6 address ("" for all interfaces) - DB_ENGINE = "badger"; # badger, lmdb (lmdb works best with an nvme, otherwise you might have stability issues) - LMDB_MAPSIZE = toString 0; # 0 for default (currently ~273GB), or set to a different size in bytes, e.g. 10737418240 for 10GB - BLOSSOM_PATH = "blossom/"; - - ## Private Relay Settings - PRIVATE_RELAY_NAME = " ${cfg.ownerName}'s private relay"; - PRIVATE_RELAY_NPUB = cfg.ownerNpub; - PRIVATE_RELAY_DESCRIPTION = "A safe place to store my drafts and ecash"; - PRIVATE_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; - - ## Private Relay Rate Limiters - PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 50; - PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; - PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; - PRIVATE_RELAY_ALLOW_EMPTY_FILTERS = "true"; - PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS = "true"; - PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; - PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 5; - PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; - - ## Chat Relay Settings - CHAT_RELAY_NAME = " ${cfg.ownerName}'s chat relay"; - CHAT_RELAY_NPUB = cfg.ownerNpub; - CHAT_RELAY_DESCRIPTION = "a relay for private chats"; - CHAT_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; - CHAT_RELAY_WOT_DEPTH = toString 3; - CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS = toString 24; - CHAT_RELAY_MINIMUM_FOLLOWERS = toString 3; - - ## Chat Relay Rate Limiters - CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 50; - CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; - CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; - CHAT_RELAY_ALLOW_EMPTY_FILTERS = "false"; - CHAT_RELAY_ALLOW_COMPLEX_FILTERS = "false"; - CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; - CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 3; - CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; - - ## Outbox Relay Settings - OUTBOX_RELAY_NAME = " ${cfg.ownerName}'s outbox relay"; - OUTBOX_RELAY_NPUB = cfg.ownerNpub; - OUTBOX_RELAY_DESCRIPTION = "a relay and Blossom server for public messages and media"; - OUTBOX_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; - - ## Outbox Relay Rate Limiters - OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 10; - OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 60; - OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 100; - OUTBOX_RELAY_ALLOW_EMPTY_FILTERS = "false"; - OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS = "false"; - OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; - OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 1; - OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; - - ## Inbox Relay Settings - INBOX_RELAY_NAME = " ${cfg.ownerName}'s inbox relay"; - INBOX_RELAY_NPUB = cfg.ownerNpub; - INBOX_RELAY_DESCRIPTION = "send your interactions with my notes here"; - INBOX_RELAY_ICON = "https://i.nostr.build/6G6wW.gif"; - INBOX_PULL_INTERVAL_SECONDS = toString 600; - - ## Inbox Relay Rate Limiters - INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = toString 10; - INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = toString 1; - INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = toString 20; - INBOX_RELAY_ALLOW_EMPTY_FILTERS = "false"; - INBOX_RELAY_ALLOW_COMPLEX_FILTERS = "false"; - INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = toString 3; - INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = toString 1; - INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = toString 9; - - ## Import Settings - IMPORT_START_DATE = "2025-01-01"; - IMPORT_QUERY_INTERVAL_SECONDS = toString 600; - IMPORT_SEED_RELAYS_FILE = "${pkgs.writeText "relays_import.json" ( - builtins.toJSON cfg.importRelays - )}"; - - ## Backup Settings - BACKUP_PROVIDER = "none"; # s3, none (or leave blank to disable) - BACKUP_INTERVAL_HOURS = toString 1; - - ## Generic S3 Bucket Backup Settings - REQUIRED IF BACKUP_PROVIDER="s3" - S3_ACCESS_KEY_ID = "access"; - S3_SECRET_KEY = "secret"; - S3_ENDPOINT = "nyc3.digitaloceanspaces.com"; - S3_REGION = "nyc3"; - S3_BUCKET_NAME = "backups"; - - ## Blastr Settings - BLASTR_RELAYS_FILE = "${pkgs.writeText "relays_blastr.json" (builtins.toJSON cfg.blastrRelays)}"; - } // cfg.settings; + environment = cfg.settings; serviceConfig = { - ExecStart = "${cfg.package}/bin/haven"; - EnvironmentFile = lib.mkIf (cfg.environmentFile != null) cfg.environmentFile; + ExecStart = lib.getExe cfg.package; + EnvironmentFile = cfg.environmentFile; User = "haven"; Group = "haven"; Restart = "on-failure"; diff --git a/pkgs/by-name/ha/haven/package.nix b/pkgs/by-name/ha/haven/package.nix index 390770a86e63a..2025d575a7253 100644 --- a/pkgs/by-name/ha/haven/package.nix +++ b/pkgs/by-name/ha/haven/package.nix @@ -11,8 +11,8 @@ buildGoModule rec { src = fetchFromGitHub { owner = "bitvora"; repo = "haven"; - rev = "v${version}"; - sha256 = "sha256-rSycrHW53TgqbsfgaRn3492EWtpu440GtbegozqnzMQ="; + tag = "v${version}"; + hash = "sha256-rSycrHW53TgqbsfgaRn3492EWtpu440GtbegozqnzMQ="; }; vendorHash = "sha256-5d6C2sNG8aCaC+z+hyLgOiEPWP/NmAcRRbRVC4KuCEw="; @@ -22,12 +22,12 @@ buildGoModule rec { cp -r $src/templates $out/share/haven/ ''; - meta = with lib; { + meta = { description = "High Availability Vault for Events on Nostr"; homepage = "https://github.com/bitvora/haven"; changelog = "https://github.com/bitvora/haven/releases/tag/v${version}"; - license = licenses.mit; - maintainers = with maintainers; [ felixzieger ]; + license = lib.licenses.mit; + maintainers = with lib.maintainers; [ felixzieger ]; mainProgram = "haven"; }; }