updated haven.nix

2026-03-25 11:36:55 -05:00
parent 2bc4791d97
commit d73ebcaa68
3 changed files with 112 additions and 127 deletions
--- a/custom-add-ons.md
+++ b/custom-add-ons.md
@@ -51,6 +51,7 @@ sovran_systemsOS.features.mempool = lib.mkForce true;
 ```nix
 sovran_systemsOS.features.haven = lib.mkForce true;
 sovran_systemsOS.nostr_npub = "pasteyournpubhere";
 ```
 5. The code for Element Calling is as follows:
--- a/modules/core/roles.nix
+++ b/modules/core/roles.nix
@@ -23,5 +23,11 @@
      bitcoin-core = lib.mkEnableOption "Bitcoin Core";
      rdp = lib.mkEnableOption "Gnome Remote Desktop";
    };
    nostr_npub = lib.mkOption {
      type = lib.types.str;
      default = "";
      description = "Nostr public key (npub1...) for Haven relay";
    };
  };
 }
--- a/modules/haven.nix
+++ b/modules/haven.nix
@@ -1,150 +1,128 @@
-{config, pkgs, lib, ...}:
+{ config, pkgs, lib, ... }:
 let
-
+  personalization = import ./personalization.nix;
-personalization = import ./personalization.nix;
+  npub = config.sovran_systemsOS.nostr_npub;
 in
-lib.mkIf config.sovran_systemsOS.features.haven {
+lib.mkIf (config.sovran_systemsOS.features.haven && npub != "") {
-	services.haven = {
+  services.haven = {
-		enable = true;
+    enable = true;
-		settings = {
+    settings = {
-			OWNER_NPUB="";
+      OWNER_NPUB = npub;
-			RELAY_URL="*name*";
+      RELAY_URL = personalization.haven_url;
-			RELAY_PORT=3355;
+      RELAY_PORT = 3355;
-			RELAY_BIND_ADDRESS="0.0.0.0"; # Can be set to a specific IP4 or IP6 address ("" for all interfaces)
+      RELAY_BIND_ADDRESS = "0.0.0.0";
-			DB_ENGINE="badger"; # badger, lmdb (lmdb works best with an nvme, otherwise you might have stability issues)
+      DB_ENGINE = "badger";
-			LMDB_MAPSIZE=3000000000; # 0 for default (currently ~273GB), or set to a different size in bytes, e.g. 10737418240 for 10GB
+      LMDB_MAPSIZE = 3000000000;
-			BLOSSOM_PATH="blossom/";
+      BLOSSOM_PATH = "blossom/";
-## Private Relay Settings
+      PRIVATE_RELAY_NAME = "${personalization.haven_url} private relay";
-			PRIVATE_RELAY_NAME="*name* private relay";
+      PRIVATE_RELAY_NPUB = npub;
-			PRIVATE_RELAY_NPUB="";
+      PRIVATE_RELAY_DESCRIPTION = "The Relay From Sovran Systems";
 			PRIVATE_RELAY_DESCRIPTION="The Relay From Sovran Systems";
 #PRIVATE_RELAY_ICON="https://i.nostr.build/6G6wW.gif"
-## Private Relay Rate Limiters
+      CHAT_RELAY_NAME = "${personalization.haven_url} chat relay";
-			PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=50;
+      CHAT_RELAY_NPUB = npub;
-			PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL=1;
+      CHAT_RELAY_DESCRIPTION = "a relay for private chats";
 			PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=100;
 			PRIVATE_RELAY_ALLOW_EMPTY_FILTERS=true;
 			PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS=true;
 			PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=3;
 			PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=5;
 			PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=9;
-## Chat Relay Settings
+      OUTBOX_RELAY_NAME = "${personalization.haven_url} outbox relay";
-			CHAT_RELAY_NAME="*name* chat relay";
+      OUTBOX_RELAY_NPUB = npub;
-			CHAT_RELAY_NPUB="";
+      OUTBOX_RELAY_DESCRIPTION = "a relay and Blossom server for public messages and media";
 			CHAT_RELAY_DESCRIPTION="a relay for private chats";
 #CHAT_RELAY_ICON="https://i.nostr.build/6G6wW.gif"
 			CHAT_RELAY_WOT_DEPTH=3;
 			CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS=24;
 			CHAT_RELAY_MINIMUM_FOLLOWERS=3;
-## Chat Relay Rate Limiters
+      INBOX_RELAY_NAME = "${personalization.haven_url} inbox relay";
-			CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=50;
+      INBOX_RELAY_NPUB = npub;
-			CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL=1;
+      INBOX_RELAY_DESCRIPTION = "send your interactions with my notes here";
 			CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=100;
 			CHAT_RELAY_ALLOW_EMPTY_FILTERS=false;
 			CHAT_RELAY_ALLOW_COMPLEX_FILTERS=false;
 			CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=3;
 			CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=3;
 			CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=9;
-## Outbox Relay Settings
+      INBOX_PULL_INTERVAL_SECONDS = 600;
 			OUTBOX_RELAY_NAME="*name* outbox relay";
 			OUTBOX_RELAY_NPUB="";
 			OUTBOX_RELAY_DESCRIPTION="a relay and Blossom server for public messages and media";
 #OUTBOX_RELAY_ICON="https://i.nostr.build/6G6wW.gif"
-## Outbox Relay Rate Limiters
+      # ... all your rate limiter and WOT settings unchanged ...
-			OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=100;
+      PRIVATE_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 50;
-			OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL=600;
+      PRIVATE_RELAY_EVENT_IP_LIMITER_INTERVAL = 1;
-			OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=1000;
+      PRIVATE_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 100;
-			OUTBOX_RELAY_ALLOW_EMPTY_FILTERS=true;
+      PRIVATE_RELAY_ALLOW_EMPTY_FILTERS = true;
-			OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS=true;
+      PRIVATE_RELAY_ALLOW_COMPLEX_FILTERS = true;
-			OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=30;
+      PRIVATE_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 3;
-			OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=10;
+      PRIVATE_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 5;
-			OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=90;
+      PRIVATE_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 9;
-## Inbox Relay Settings
+      CHAT_RELAY_WOT_DEPTH = 3;
-			INBOX_RELAY_NAME="*name* inbox relay";
+      CHAT_RELAY_WOT_REFRESH_INTERVAL_HOURS = 24;
-			INBOX_RELAY_NPUB="";
+      CHAT_RELAY_MINIMUM_FOLLOWERS = 3;
-			INBOX_RELAY_DESCRIPTION="send your interactions with my notes here";
+      CHAT_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 50;
-#INBOX_RELAY_ICON="https://i.nostr.build/6G6wW.gif"
+      CHAT_RELAY_EVENT_IP_LIMITER_INTERVAL = 1;
-			INBOX_PULL_INTERVAL_SECONDS=600;
+      CHAT_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 100;
      CHAT_RELAY_ALLOW_EMPTY_FILTERS = false;
      CHAT_RELAY_ALLOW_COMPLEX_FILTERS = false;
      CHAT_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 3;
      CHAT_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 3;
      CHAT_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 9;
-## Inbox Relay Rate Limiters
+      OUTBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 100;
-			INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL=10;
+      OUTBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = 600;
-			INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL=1;
+      OUTBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 1000;
-			INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS=20;
+      OUTBOX_RELAY_ALLOW_EMPTY_FILTERS = true;
-			INBOX_RELAY_ALLOW_EMPTY_FILTERS=false;
+      OUTBOX_RELAY_ALLOW_COMPLEX_FILTERS = true;
-			INBOX_RELAY_ALLOW_COMPLEX_FILTERS=false;
+      OUTBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 30;
-			INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL=3;
+      OUTBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 10;
-			INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL=1;
+      OUTBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 90;
 			INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS=9;
-## WOT Settings
+      INBOX_RELAY_EVENT_IP_LIMITER_TOKENS_PER_INTERVAL = 10;
-			WOT_FETCH_TIMEOUT_SECONDS=60;
+      INBOX_RELAY_EVENT_IP_LIMITER_INTERVAL = 1;
      INBOX_RELAY_EVENT_IP_LIMITER_MAX_TOKENS = 20;
      INBOX_RELAY_ALLOW_EMPTY_FILTERS = false;
      INBOX_RELAY_ALLOW_COMPLEX_FILTERS = false;
      INBOX_RELAY_CONNECTION_RATE_LIMITER_TOKENS_PER_INTERVAL = 3;
      INBOX_RELAY_CONNECTION_RATE_LIMITER_INTERVAL = 1;
      INBOX_RELAY_CONNECTION_RATE_LIMITER_MAX_TOKENS = 9;
-			WHITELISTED_NPUBS_FILE="/var/lib/haven/whitelisted_npubs.json";
+      WOT_FETCH_TIMEOUT_SECONDS = 60;
      WHITELISTED_NPUBS_FILE = "/var/lib/haven/whitelisted_npubs.json";
      BLACKLISTED_NPUBS_FILE = "";
      HAVEN_LOG_LEVEL = "INFO";
    };
-			BLACKLISTED_NPUBS_FILE="";
+    blastrRelays = [
-
+      "nos.lol"
-
+      "relay.nostr.band"
-## LOGGING
+      "relay.snort.social"
-			HAVEN_LOG_LEVEL="INFO"; # DEBUG, INFO, WARNING or ERROR
+      "nostr.mom"
-		};
+      "relay.primal.net"
-		
+      "no.str.cr"
-		blastrRelays  = [
+      "nostr21.com"
-			"nos.lol"
+      "nostrue.com"
-			"relay.nostr.band"
+      "wot.nostr.party"
-			"relay.snort.social"
+      "wot.sovbit.host"
-			"nostr.mom"
+      "wot.girino.org"
-			"relay.primal.net"
+      "relay.lexingtonbitcoin.org"
-			"no.str.cr"
+      "zap.watch"
-			"nostr21.com"
+      "satsage.xyz"
-			"nostrue.com"
+      "wons.calva.dev"
-			"wot.nostr.party"
+    ];
-			"wot.sovbit.host"
+  };
 			"wot.girino.org"
 			"relay.lexingtonbitcoin.org"
 			"zap.watch"
 			"satsage.xyz"
 			"wons.calva.dev"
 		];
 	};
  systemd.tmpfiles.rules = [
    "d /var/lib/haven 0750 haven haven -"
    "f /var/lib/haven/whitelisted_npubs.json 0770 haven haven -"
  ];
-	services.caddy = {
+  services.caddy.virtualHosts = {
-		virtualHosts = {
+    "${personalization.haven_url}" = {
-			"${personalization.haven_url}" = {
+      extraConfig = ''
-				extraConfig = ''					
+        reverse_proxy localhost:3355 {
-					reverse_proxy localhost:3355 {
+          header_up Host {host}
-						header_up Host {host}
+          header_up X-Real-IP {remote_host}
-						header_up X-Real-IP {remote_host}
+          header_up X-Forwarded-For {remote_host}
-						header_up X-Forwarded-For {remote_host}
+          header_up X-Forwarded-Proto {scheme}
-						header_up X-Forwarded-Proto {scheme}
+          transport http {
-						transport http {
+            versions 1.1
-							versions 1.1
+          }
-						}
+        }
-					}
+        request_body {
-					request_body {
+          max_size 100MB
-						max_size 100MB
+        }
-					}					
+      '';
-				'';
+    };
-			};
+  };
 		};
 	};
 }