From d73ebcaa688b344c495dabc5aa50c82d9323a22f Mon Sep 17 00:00:00 2001 From: naturallaw77 Date: Wed, 25 Mar 2026 11:36:55 -0500 Subject: [PATCH] updated haven.nix --- custom-add-ons.md | 1 + modules/core/roles.nix | 6 ++ modules/haven.nix | 232 +++++++++++++++++++---------------------- 3 files changed, 112 insertions(+), 127 deletions(-) diff --git a/custom-add-ons.md b/custom-add-ons.md index 8cd9984..2c280b6 100644 --- a/custom-add-ons.md +++ b/custom-add-ons.md @@ -51,6 +51,7 @@ sovran_systemsOS.features.mempool = lib.mkForce true; ```nix sovran_systemsOS.features.haven = lib.mkForce true; +sovran_systemsOS.nostr_npub = "pasteyournpubhere"; ``` 5. The code for Element Calling is as follows: diff --git a/modules/core/roles.nix b/modules/core/roles.nix index 6b4e732..01ae202 100755 --- a/modules/core/roles.nix +++ b/modules/core/roles.nix @@ -23,5 +23,11 @@ bitcoin-core = lib.mkEnableOption "Bitcoin Core"; rdp = lib.mkEnableOption "Gnome Remote Desktop"; }; + + nostr_npub = lib.mkOption { + type = lib.types.str; + default = ""; + description = "Nostr public key (npub1...) for Haven relay"; + }; }; } diff --git a/modules/haven.nix b/modules/haven.nix index 8092537..cc9891f 100755 --- a/modules/haven.nix +++ b/modules/haven.nix @@ -1,150 +1,128 @@ -{config, pkgs, lib, ...}: +{ config, pkgs, lib, ... }: let - -personalization = import ./personalization.nix; - + personalization = import ./personalization.nix; + npub = config.sovran_systemsOS.nostr_npub; in -lib.mkIf config.sovran_systemsOS.features.haven { +lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") { - services.haven = { - enable = true; - settings = { - OWNER_NPUB=""; - RELAY_URL="*name*"; + services.haven = { + enable = true; + settings = { + OWNER_NPUB = npub; + RELAY_URL = personalization.haven_url; - RELAY_PORT=3355; - RELAY_BIND_ADDRESS="0.0.0.0"; # Can be set to a specific IP4 or IP6 address ("" for all interfaces) - DB_ENGINE="badger"; # badger, lmdb (lmdb works best with an nvme, otherwise you might have stability issues) - LMDB_MAPSIZE=3000000000; # 0 for default (currently ~273GB), or set to a different size in bytes, e.g. 10737418240 for 10GB - BLOSSOM_PATH="blossom/"; + RELAY_PORT = 3355; + RELAY_BIND_ADDRESS = "0.0.0.0"; + DB_ENGINE = "badger"; + LMDB_MAPSIZE = 3000000000; + BLOSSOM_PATH = "blossom/"; -## Private Relay Settings - PRIVATE_RELAY_NAME="*name* private relay"; - PRIVATE_RELAY_NPUB=""; - PRIVATE_RELAY_DESCRIPTION="The Relay From Sovran Systems"; -#PRIVATE_RELAY_ICON="https://i.nostr.build/6G6wW.gif" + PRIVATE_RELAY_NAME = "${personalization.haven_url} private relay"; + PRIVATE_RELAY_NPUB = npub; + PRIVATE_RELAY_DESCRIPTION = "The Relay From Sovran Systems"; -## Private Relay Rate Limiters - PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=50; - PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL=1; - PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=100; - PRIVATE_RELAY_ALLOW_EMPTY_FILTERS=true; - PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS=true; - PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=3; - PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=5; - PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=9; + CHAT_RELAY_NAME = "${personalization.haven_url} chat relay"; + CHAT_RELAY_NPUB = npub; + CHAT_RELAY_DESCRIPTION = "a relay for private chats"; -## Chat Relay Settings - CHAT_RELAY_NAME="*name* chat relay"; - CHAT_RELAY_NPUB=""; - CHAT_RELAY_DESCRIPTION="a relay for private chats"; -#CHAT_RELAY_ICON="https://i.nostr.build/6G6wW.gif" - CHAT_RELAY_WOT_DEPTH=3; - CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS=24; - CHAT_RELAY_MINIMUM_FOLLOWERS=3; + OUTBOX_RELAY_NAME = "${personalization.haven_url} outbox relay"; + OUTBOX_RELAY_NPUB = npub; + OUTBOX_RELAY_DESCRIPTION = "a relay and Blossom server for public messages and media"; -## Chat Relay Rate Limiters - CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=50; - CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL=1; - CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=100; - CHAT_RELAY_ALLOW_EMPTY_FILTERS=false; - CHAT_RELAY_ALLOW_COMPLEX_FILTERS=false; - CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=3; - CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=3; - CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=9; + INBOX_RELAY_NAME = "${personalization.haven_url} inbox relay"; + INBOX_RELAY_NPUB = npub; + INBOX_RELAY_DESCRIPTION = "send your interactions with my notes here"; -## Outbox Relay Settings - OUTBOX_RELAY_NAME="*name* outbox relay"; - OUTBOX_RELAY_NPUB=""; - OUTBOX_RELAY_DESCRIPTION="a relay and Blossom server for public messages and media"; -#OUTBOX_RELAY_ICON="https://i.nostr.build/6G6wW.gif" + INBOX_PULL_INTERVAL_SECONDS = 600; -## Outbox Relay Rate Limiters - OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=100; - OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL=600; - OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=1000; - OUTBOX_RELAY_ALLOW_EMPTY_FILTERS=true; - OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS=true; - OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=30; - OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=10; - OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=90; + # ... all your rate limiter and WOT settings unchanged ... + PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 50; + PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = 1; + PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 100; + PRIVATE_RELAY_ALLOW_EMPTY_FILTERS = true; + PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS = true; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 3; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 5; + PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 9; -## Inbox Relay Settings - INBOX_RELAY_NAME="*name* inbox relay"; - INBOX_RELAY_NPUB=""; - INBOX_RELAY_DESCRIPTION="send your interactions with my notes here"; -#INBOX_RELAY_ICON="https://i.nostr.build/6G6wW.gif" - INBOX_PULL_INTERVAL_SECONDS=600; + CHAT_RELAY_WOT_DEPTH = 3; + CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS = 24; + CHAT_RELAY_MINIMUM_FOLLOWERS = 3; + CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 50; + CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL = 1; + CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 100; + CHAT_RELAY_ALLOW_EMPTY_FILTERS = false; + CHAT_RELAY_ALLOW_COMPLEX_FILTERS = false; + CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 3; + CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 3; + CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 9; -## Inbox Relay Rate Limiters - INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=10; - INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL=1; - INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=20; - INBOX_RELAY_ALLOW_EMPTY_FILTERS=false; - INBOX_RELAY_ALLOW_COMPLEX_FILTERS=false; - INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=3; - INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=1; - INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=9; + OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 100; + OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = 600; + OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 1000; + OUTBOX_RELAY_ALLOW_EMPTY_FILTERS = true; + OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS = true; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 30; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 10; + OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 90; -## WOT Settings - WOT_FETCH_TIMEOUT_SECONDS=60; - - WHITELISTED_NPUBS_FILE="/var/lib/haven/whitelisted_npubs.json"; - - BLACKLISTED_NPUBS_FILE=""; + INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 10; + INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = 1; + INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 20; + INBOX_RELAY_ALLOW_EMPTY_FILTERS = false; + INBOX_RELAY_ALLOW_COMPLEX_FILTERS = false; + INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 3; + INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 1; + INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 9; + WOT_FETCH_TIMEOUT_SECONDS = 60; + WHITELISTED_NPUBS_FILE = "/var/lib/haven/whitelisted_npubs.json"; + BLACKLISTED_NPUBS_FILE = ""; + HAVEN_LOG_LEVEL = "INFO"; + }; -## LOGGING - HAVEN_LOG_LEVEL="INFO"; # DEBUG, INFO, WARNING or ERROR - }; - - blastrRelays = [ - "nos.lol" - "relay.nostr.band" - "relay.snort.social" - "nostr.mom" - "relay.primal.net" - "no.str.cr" - "nostr21.com" - "nostrue.com" - "wot.nostr.party" - "wot.sovbit.host" - "wot.girino.org" - "relay.lexingtonbitcoin.org" - "zap.watch" - "satsage.xyz" - "wons.calva.dev" - ]; - - }; + blastrRelays = [ + "nos.lol" + "relay.nostr.band" + "relay.snort.social" + "nostr.mom" + "relay.primal.net" + "no.str.cr" + "nostr21.com" + "nostrue.com" + "wot.nostr.party" + "wot.sovbit.host" + "wot.girino.org" + "relay.lexingtonbitcoin.org" + "zap.watch" + "satsage.xyz" + "wons.calva.dev" + ]; + }; systemd.tmpfiles.rules = [ "d /var/lib/haven 0750 haven haven -" "f /var/lib/haven/whitelisted_npubs.json 0770 haven haven -" ]; - services.caddy = { - virtualHosts = { - "${personalization.haven_url}" = { - extraConfig = '' - reverse_proxy localhost:3355 { - header_up Host {host} - header_up X-Real-IP {remote_host} - header_up X-Forwarded-For {remote_host} - header_up X-Forwarded-Proto {scheme} - transport http { - versions 1.1 - } - } - request_body { - max_size 100MB - } - ''; - }; - }; - }; -} - - + services.caddy.virtualHosts = { + "${personalization.haven_url}" = { + extraConfig = '' + reverse_proxy localhost:3355 { + header_up Host {host} + header_up X-Real-IP {remote_host} + header_up X-Forwarded-For {remote_host} + header_up X-Forwarded-Proto {scheme} + transport http { + versions 1.1 + } + } + request_body { + max_size 100MB + } + ''; + }; + }; +}