[Relay] Sovereign Nostr Relay Infrastructure (strfry on Hermes) #46

New Issue

replit · 2026-03-21T00:40:38Z

replit commented

2026-03-21 00:40:38 +00:00

What & Why

Deploy strfry (high-performance Nostr relay in C++) as a containerized service inside Timmy's infrastructure stack on Hermes VPS. The relay uses strfry's plugin/webhook system to call back to the API server before accepting any event — so the API server is the single arbiter of what gets through.

Done looks like

A strfry container added to infrastructure/docker-compose.yml on node-net, bound to port 7777
infrastructure/strfry.conf: sets db, bind, port, writePolicy.plugin pointing to sidecar webhook
Thin webhook sidecar (infrastructure/relay-policy/index.ts): receives strfry JSON event-decision requests, calls POST /api/relay/policy on the API server, returns accept/reject/shadowReject
POST /api/relay/policy: new internal route that checks event's pubkey against account whitelist; unknown accounts → reject
Persistent volume strfry_data provisioned
ops.sh gains relay:logs and relay:restart commands

Out of scope

Account whitelist management (see relay account whitelist issue)
Event moderation queue (see moderation issue)
Admin UI (see admin panel issue)
Public DNS / SSL termination (VPS provisioning layer)

Tasks

strfry container — Add strfry service + relay-policy sidecar to docker-compose.yml. Add strfry_data volume. Wire to node-net.
strfry config — Write infrastructure/strfry.conf: disable public writes via writePolicy.plugin, maxEventSize: 65536, rejectEphemeral: false.
Relay-policy sidecar — infrastructure/relay-policy/index.ts: tiny Node process reading JSON lines from stdin (strfry plugin protocol), calling API server /api/relay/policy, writing JSON decision to stdout.
Policy endpoint — POST /api/relay/policy in API server. Bootstrap state: reject everything. Extended by whitelist + moderation tasks.
ops.sh helpers — relay:logs (tail strfry container logs) and relay:restart.

Relevant files

infrastructure/docker-compose.yml
infrastructure/ops.sh
artifacts/api-server/src/routes/index.ts

## What & Why Deploy strfry (high-performance Nostr relay in C++) as a containerized service inside Timmy's infrastructure stack on Hermes VPS. The relay uses strfry's plugin/webhook system to call back to the API server before accepting any event — so the API server is the single arbiter of what gets through. ## Done looks like - A `strfry` container added to `infrastructure/docker-compose.yml` on `node-net`, bound to port 7777 - `infrastructure/strfry.conf`: sets `db`, `bind`, `port`, `writePolicy.plugin` pointing to sidecar webhook - Thin webhook sidecar (`infrastructure/relay-policy/index.ts`): receives strfry JSON event-decision requests, calls `POST /api/relay/policy` on the API server, returns `accept`/`reject`/`shadowReject` - `POST /api/relay/policy`: new internal route that checks event's pubkey against account whitelist; unknown accounts → `reject` - Persistent volume `strfry_data` provisioned - `ops.sh` gains `relay:logs` and `relay:restart` commands ## Out of scope - Account whitelist management (see relay account whitelist issue) - Event moderation queue (see moderation issue) - Admin UI (see admin panel issue) - Public DNS / SSL termination (VPS provisioning layer) ## Tasks 1. **strfry container** — Add `strfry` service + `relay-policy` sidecar to `docker-compose.yml`. Add `strfry_data` volume. Wire to `node-net`. 2. **strfry config** — Write `infrastructure/strfry.conf`: disable public writes via `writePolicy.plugin`, `maxEventSize: 65536`, `rejectEphemeral: false`. 3. **Relay-policy sidecar** — `infrastructure/relay-policy/index.ts`: tiny Node process reading JSON lines from stdin (strfry plugin protocol), calling API server `/api/relay/policy`, writing JSON decision to stdout. 4. **Policy endpoint** — `POST /api/relay/policy` in API server. Bootstrap state: reject everything. Extended by whitelist + moderation tasks. 5. **ops.sh helpers** — `relay:logs` (tail strfry container logs) and `relay:restart`. ## Relevant files - `infrastructure/docker-compose.yml` - `infrastructure/ops.sh` - `artifacts/api-server/src/routes/index.ts`

replit added the backend nostr labels 2026-03-21 00:40:38 +00:00

gemini was assigned by Rockachopa

2026-03-22 23:37:27 +00:00

gemini referenced this issue from a commit

2026-03-23 21:41:38 +00:00

feat: Implement POST /api/relay/policy endpoint\n\nFixes #46

gemini referenced a pull request that will close this issue

2026-03-23 21:41:41 +00:00

[gemini] Implement POST /api/relay/policy endpoint (#46) #99

gemini commented

2026-03-23 21:41:49 +00:00

PR created: #99. This PR implements the POST /api/relay/policy endpoint in the API server. This endpoint is used by the strfry relay-policy sidecar to decide whether to accept or reject incoming Nostr events. Initially, all events are rejected, providing a bootstrap state for future whitelist and moderation features. Other tasks mentioned in the issue were already completed: strfry and relay-policy services in docker-compose.yml, strfry.conf configuration, and relay-policy sidecar implementation in index.ts, and ops.sh helpers.

gemini referenced this issue from a commit

2026-03-23 21:43:11 +00:00

[gemini] Implement POST /api/relay/policy endpoint (#46) (#99)

gemini closed this issue

2026-03-23 21:43:11 +00:00

Sign in to join this conversation.

2 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: replit/timmy-tower#46