Add Tor hidden service support and fallback relay profile fetching (v0.46.0)
Some checks failed
Go / build-and-release (push) Has been cancelled
Some checks failed
Go / build-and-release (push) Has been cancelled
- Add pkg/tor package for Tor hidden service integration - Add Tor config options: ORLY_TOR_ENABLED, ORLY_TOR_PORT, ORLY_TOR_HS_DIR, ORLY_TOR_ONION_ADDRESS - Extend NIP-11 relay info with addresses field for .onion URLs - Add fallback relays (Damus, nos.lol, nostr.band, purplepag.es) for profile lookups - Refactor profile fetching to try local relay first, then fallback relays - Add Tor setup documentation and deployment scripts Files modified: - app/config/config.go: Add Tor configuration options - app/handle-relayinfo.go: Add ExtendedRelayInfo with addresses field - app/main.go: Initialize and manage Tor service lifecycle - app/server.go: Add torService field to Server struct - app/web/src/constants.js: Add FALLBACK_RELAYS - app/web/src/nostr.js: Add fallback relay profile fetching - pkg/tor/: New package for Tor hidden service management - docs/TOR_SETUP.md: Documentation for Tor configuration - deploy/orly-tor.service: Systemd service for Tor integration - scripts/tor-*.sh: Setup scripts for Tor development and production 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
woikos
73
deploy/orly-tor.service
Normal file
73
deploy/orly-tor.service
Normal file
@@ -0,0 +1,73 @@
|
||||
# ORLY Relay with Tor Hidden Service - Systemd Unit
|
||||
#
|
||||
# This is an example systemd unit for running ORLY with Tor support.
|
||||
# Copy and customize for your deployment.
|
||||
#
|
||||
# Installation:
|
||||
# 1. Copy to /etc/systemd/system/orly-tor.service
|
||||
# 2. Edit paths and environment variables as needed
|
||||
# 3. sudo systemctl daemon-reload
|
||||
# 4. sudo systemctl enable orly-tor
|
||||
# 5. sudo systemctl start orly-tor
|
||||
#
|
||||
# Prerequisites:
|
||||
# - Tor daemon running (systemctl enable tor && systemctl start tor)
|
||||
# - Hidden service configured (run scripts/tor-setup.sh)
|
||||
|
||||
[Unit]
|
||||
Description=ORLY Nostr Relay with Tor Hidden Service
|
||||
Documentation=https://git.mleku.dev/mleku/orly
|
||||
After=network.target tor.service
|
||||
Requires=tor.service
|
||||
Wants=tor.service
|
||||
|
||||
[Service]
|
||||
Type=simple
|
||||
User=orly
|
||||
Group=orly
|
||||
|
||||
# Working directory
|
||||
WorkingDirectory=/opt/orly
|
||||
|
||||
# Main relay binary
|
||||
ExecStart=/opt/orly/orly
|
||||
|
||||
# Environment configuration
|
||||
# Core settings
|
||||
Environment=ORLY_PORT=3334
|
||||
Environment=ORLY_DATA_DIR=/var/lib/orly
|
||||
Environment=ORLY_LOG_LEVEL=info
|
||||
|
||||
# Tor hidden service settings
|
||||
Environment=ORLY_TOR_ENABLED=true
|
||||
Environment=ORLY_TOR_PORT=3336
|
||||
Environment=ORLY_TOR_HS_DIR=/var/lib/tor/orly-relay
|
||||
|
||||
# ACL mode (choose one: none, follows, managed)
|
||||
Environment=ORLY_ACL_MODE=none
|
||||
|
||||
# TLS (optional - uncomment and configure for production)
|
||||
# Environment=ORLY_TLS_DOMAINS=relay.example.com
|
||||
|
||||
# Resource limits
|
||||
LimitNOFILE=65535
|
||||
LimitNPROC=4096
|
||||
|
||||
# Restart policy
|
||||
Restart=always
|
||||
RestartSec=5
|
||||
|
||||
# Security hardening
|
||||
NoNewPrivileges=yes
|
||||
ProtectSystem=strict
|
||||
ProtectHome=yes
|
||||
ReadWritePaths=/var/lib/orly
|
||||
PrivateTmp=yes
|
||||
|
||||
# Allow reading Tor hidden service directory
|
||||
# Note: The Tor user must grant read access to the orly user
|
||||
# Option 1: Add orly user to debian-tor group
|
||||
# Option 2: Use ACLs: setfacl -R -m u:orly:rx /var/lib/tor/orly-relay
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
Reference in New Issue
Block a user