46 lines
1.3 KiB
Markdown
46 lines
1.3 KiB
Markdown
|
# Operator Setup Guide
|
||
|
|
|
||
|
|
## Timmy's Nostr Identity
|
||
|
|
|
||
|
|
Timmy uses a secp256k1 Nostr keypair for his on-chain identity. Without a
|
||
|
|
persisted key, Timmy generates a new ephemeral identity on every restart —
|
||
|
|
losing continuity with anyone who knew his previous `npub`.
|
||
|
|
|
||
|
|
### One-time setup
|
||
|
|
|
||
|
|
1. **Generate a keypair:**
|
||
|
|
|
||
|
|
```bash
|
||
|
|
bash scripts/generate-timmy-nsec.sh
|
||
|
|
```
|
||
|
|
|
||
|
|
This prints the `nsec1...` (private key), `npub1...` (public key), and an
|
||
|
|
`export` line you can copy-paste.
|
||
|
|
|
||
|
|
2. **Set the environment variable** in your deployment environment:
|
||
|
|
|
||
|
|
- **Replit:** Add `TIMMY_NOSTR_NSEC` in the Secrets tab (padlock icon).
|
||
|
|
- **VPS (systemd):** Add to `/opt/timmy-tower/.env`:
|
||
|
|
```
|
||
|
|
TIMMY_NOSTR_NSEC=nsec1...
|
||
|
|
```
|
||
|
|
- **Local dev:** Export in your shell or add to a `.env` file:
|
||
|
|
```bash
|
||
|
|
export TIMMY_NOSTR_NSEC="nsec1..."
|
||
|
|
```
|
||
|
|
|
||
|
|
3. **Restart the API server.** On startup you should see an `INFO` log:
|
||
|
|
|
||
|
|
```
|
||
|
|
timmy-identity INFO timmy identity loaded from env { npub: "npub1..." }
|
||
|
|
```
|
||
|
|
|
||
|
|
If you see a `WARN` instead, the env var is missing or malformed.
|
||
|
|
|
||
|
|
### Security
|
||
|
|
|
||
|
|
- The `nsec` is a private key — treat it like a password.
|
||
|
|
- Never commit it to version control.
|
||
|
|
- Never log it or expose it in API responses.
|
||
|
|
- If compromised, generate a new keypair and update all references to the old `npub`.
|