Sovran_Systems/Sovran_SystemsOS
1
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

updated haven

Browse Source
This commit is contained in:
naturallaw77
2026-03-27 15:07:22 -05:00
parent dca86fa293
commit 648335ec72
1 changed files with 10 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

82
modules/haven.nix
View File

@@ -1,18 +1,11 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
let let
<<<<<<< HEAD
=======
personalization = import ./personalization.nix;
>>>>>>> 5bee5ad99bb7890df011d88e9928b6944c3565f8
npub = config.sovran_systemsOS.nostr_npub; npub = config.sovran_systemsOS.nostr_npub;
in in
lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") { lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
<<<<<<< HEAD
# ── Caddy vhost is now handled centrally in caddy.nix ─────
# ── Generate Haven runtime config from domain files ─────── # ── Generate Haven runtime config from domain files ───────
systemd.services.haven-runtime-config = { systemd.services.haven-runtime-config = {
description = "Generate Haven runtime config from domain files"; description = "Generate Haven runtime config from domain files";
@@ -30,33 +23,27 @@ lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
mkdir -p /run/haven mkdir -p /run/haven
cat > /run/haven/runtime.env <<EOF cat > /run/haven/runtime.env <<EOF
RELAY_URL=$HAVEN RELAY_URL=$HAVEN
PRIVATE_RELAY_NAME=$HAVEN private relay PRIVATE_RELAY_NAME=$HAVEN private relay
PRIVATE_RELAY_DESCRIPTION=The Relay From PRIVATE_RELAY_DESCRIPTION=The Relay From Sovran Systems
CHAT_RELAY_NAME=$HAVEN chat relay CHAT_RELAY_NAME=$HAVEN chat relay
CHAT_RELAY_DESCRIPTION=a relay for private chats CHAT_RELAY_DESCRIPTION=a relay for private chats
OUTBOX_RELAY_NAME=$HAVEN outbox relay OUTBOX_RELAY_NAME=$HAVEN outbox relay
OUTBOX_RELAY_DESCRIPTION=a relay and Blossom server for public messages and media OUTBOX_RELAY_DESCRIPTION=a relay and Blossom server for public messages and media
INBOX_RELAY_NAME=$HAVEN inbox relay INBOX_RELAY_NAME=$HAVEN inbox relay
INBOX_RELAY_DESCRIPTION=send your interactions with my notes here INBOX_RELAY_DESCRIPTION=send your interactions with my notes here
EOF EOF
chmod 640 /run/haven/runtime.env chmod 640 /run/haven/runtime.env
chown haven:haven /run/haven/runtime.env chown haven:haven /run/haven/runtime.env
''; '';
}; };
=======
>>>>>>> 5bee5ad99bb7890df011d88e9928b6944c3565f8
services.haven = { services.haven = {
enable = true; enable = true;
settings = { settings = {
OWNER_NPUB = npub; OWNER_NPUB = npub;
<<<<<<< HEAD
# RELAY_URL injected at runtime via EnvironmentFile # RELAY_URL injected at runtime via EnvironmentFile
=======
RELAY_URL = personalization.haven_url;
>>>>>>> 5bee5ad99bb7890df011d88e9928b6944c3565f8
RELAY_PORT = 3355; RELAY_PORT = 3355;
RELAY_BIND_ADDRESS = "0.0.0.0"; RELAY_BIND_ADDRESS = "0.0.0.0";
@@ -64,7 +51,6 @@ lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
LMDB_MAPSIZE = 3000000000; LMDB_MAPSIZE = 3000000000;
BLOSSOM_PATH = "blossom/"; BLOSSOM_PATH = "blossom/";
<<<<<<< HEAD
# Relay names/descriptions injected at runtime via EnvironmentFile # Relay names/descriptions injected at runtime via EnvironmentFile
PRIVATE_RELAY_NPUB = npub; PRIVATE_RELAY_NPUB = npub;
CHAT_RELAY_NPUB = npub; CHAT_RELAY_NPUB = npub;
@@ -72,27 +58,6 @@ lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
INBOX_PULL_INTERVAL_SECONDS = 600; INBOX_PULL_INTERVAL_SECONDS = 600;
=======
PRIVATE_RELAY_NAME = "${personalization.haven_url} private relay";
PRIVATE_RELAY_NPUB = npub;
PRIVATE_RELAY_DESCRIPTION = "The Relay From Sovran Systems";
CHAT_RELAY_NAME = "${personalization.haven_url} chat relay";
CHAT_RELAY_NPUB = npub;
CHAT_RELAY_DESCRIPTION = "a relay for private chats";
OUTBOX_RELAY_NAME = "${personalization.haven_url} outbox relay";
OUTBOX_RELAY_NPUB = npub;
OUTBOX_RELAY_DESCRIPTION = "a relay and Blossom server for public messages and media";
INBOX_RELAY_NAME = "${personalization.haven_url} inbox relay";
INBOX_RELAY_NPUB = npub;
INBOX_RELAY_DESCRIPTION = "send your interactions with my notes here";
INBOX_PULL_INTERVAL_SECONDS = 600;
# ... all your rate limiter and WOT settings unchanged ...
>>>>>>> 5bee5ad99bb7890df011d88e9928b6944c3565f8
PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 50; PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 50;
PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = 1; PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = 1;
PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 100; PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 100;
@@ -157,13 +122,10 @@ lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
]; ];
}; };
<<<<<<< HEAD
systemd.services.haven.serviceConfig.EnvironmentFile = [ systemd.services.haven.serviceConfig.EnvironmentFile = [
"/run/haven/runtime.env" "/run/haven/runtime.env"
]; ];
=======
>>>>>>> 5bee5ad99bb7890df011d88e9928b6944c3565f8
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"d /var/lib/haven 0750 haven haven -" "d /var/lib/haven 0750 haven haven -"
]; ];
@@ -189,30 +151,6 @@ lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
''; '';
}; };
<<<<<<< HEAD
systemd.services.haven.after = [ "haven-whitelist-setup.service" "haven-runtime-config.service" ]; systemd.services.haven.after = [ "haven-whitelist-setup.service" "haven-runtime-config.service" ];
systemd.services.haven.wants = [ "haven-whitelist-setup.service" "haven-runtime-config.service" ]; systemd.services.haven.wants = [ "haven-whitelist-setup.service" "haven-runtime-config.service" ];
=======
systemd.services.haven.after = [ "haven-whitelist-setup.service" ];
systemd.services.haven.wants = [ "haven-whitelist-setup.service" ];
services.caddy.virtualHosts = {
"${personalization.haven_url}" = {
extraConfig = ''
reverse_proxy localhost:3355 {
header_up Host {host}
header_up X-Real-IP {remote_host}
header_up X-Forwarded-For {remote_host}
header_up X-Forwarded-Proto {scheme}
transport http {
versions 1.1
}
}
request_body {
max_size 100MB
}
'';
};
};
>>>>>>> 5bee5ad99bb7890df011d88e9928b6944c3565f8
} }