25d087697e
Some checks failed
Go / build-and-release (push) Has been cancelled
- Add pkg/tor package for Tor hidden service integration - Add Tor config options: ORLY_TOR_ENABLED, ORLY_TOR_PORT, ORLY_TOR_HS_DIR, ORLY_TOR_ONION_ADDRESS - Extend NIP-11 relay info with addresses field for .onion URLs - Add fallback relays (Damus, nos.lol, nostr.band, purplepag.es) for profile lookups - Refactor profile fetching to try local relay first, then fallback relays - Add Tor setup documentation and deployment scripts Files modified: - app/config/config.go: Add Tor configuration options - app/handle-relayinfo.go: Add ExtendedRelayInfo with addresses field - app/main.go: Initialize and manage Tor service lifecycle - app/server.go: Add torService field to Server struct - app/web/src/constants.js: Add FALLBACK_RELAYS - app/web/src/nostr.js: Add fallback relay profile fetching - pkg/tor/: New package for Tor hidden service management - docs/TOR_SETUP.md: Documentation for Tor configuration - deploy/orly-tor.service: Systemd service for Tor integration - scripts/tor-*.sh: Setup scripts for Tor development and production 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
74 lines
1.8 KiB
Desktop File
74 lines
1.8 KiB
Desktop File
# ORLY Relay with Tor Hidden Service - Systemd Unit
|
|
#
|
|
# This is an example systemd unit for running ORLY with Tor support.
|
|
# Copy and customize for your deployment.
|
|
#
|
|
# Installation:
|
|
# 1. Copy to /etc/systemd/system/orly-tor.service
|
|
# 2. Edit paths and environment variables as needed
|
|
# 3. sudo systemctl daemon-reload
|
|
# 4. sudo systemctl enable orly-tor
|
|
# 5. sudo systemctl start orly-tor
|
|
#
|
|
# Prerequisites:
|
|
# - Tor daemon running (systemctl enable tor && systemctl start tor)
|
|
# - Hidden service configured (run scripts/tor-setup.sh)
|
|
|
|
[Unit]
|
|
Description=ORLY Nostr Relay with Tor Hidden Service
|
|
Documentation=https://git.mleku.dev/mleku/orly
|
|
After=network.target tor.service
|
|
Requires=tor.service
|
|
Wants=tor.service
|
|
|
|
[Service]
|
|
Type=simple
|
|
User=orly
|
|
Group=orly
|
|
|
|
# Working directory
|
|
WorkingDirectory=/opt/orly
|
|
|
|
# Main relay binary
|
|
ExecStart=/opt/orly/orly
|
|
|
|
# Environment configuration
|
|
# Core settings
|
|
Environment=ORLY_PORT=3334
|
|
Environment=ORLY_DATA_DIR=/var/lib/orly
|
|
Environment=ORLY_LOG_LEVEL=info
|
|
|
|
# Tor hidden service settings
|
|
Environment=ORLY_TOR_ENABLED=true
|
|
Environment=ORLY_TOR_PORT=3336
|
|
Environment=ORLY_TOR_HS_DIR=/var/lib/tor/orly-relay
|
|
|
|
# ACL mode (choose one: none, follows, managed)
|
|
Environment=ORLY_ACL_MODE=none
|
|
|
|
# TLS (optional - uncomment and configure for production)
|
|
# Environment=ORLY_TLS_DOMAINS=relay.example.com
|
|
|
|
# Resource limits
|
|
LimitNOFILE=65535
|
|
LimitNPROC=4096
|
|
|
|
# Restart policy
|
|
Restart=always
|
|
RestartSec=5
|
|
|
|
# Security hardening
|
|
NoNewPrivileges=yes
|
|
ProtectSystem=strict
|
|
ProtectHome=yes
|
|
ReadWritePaths=/var/lib/orly
|
|
PrivateTmp=yes
|
|
|
|
# Allow reading Tor hidden service directory
|
|
# Note: The Tor user must grant read access to the orly user
|
|
# Option 1: Add orly user to debian-tor group
|
|
# Option 2: Use ACLs: setfacl -R -m u:orly:rx /var/lib/tor/orly-relay
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|