feat: ISO networking stack — relay + nvpn v0.3.7 + WireGuard
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Failing after 12m6s

Add nostr-rs-relay as native system service (port 7777) for VPN
signaling. Every node runs its own private relay from first boot.
Update nvpn binary from v0.3.4 to v0.3.7 (fixes mesh event
processing). Add WireGuard helper and address service for peer VPN.
First-boot script configures relay, nvpn identity, relay URLs
(direct + Tor onion), and syncs daemon config.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
Dorian
2026-04-08 15:06:27 +02:00
parent e977600471
commit 7741dc8652
6 changed files with 180 additions and 2 deletions

View File

@@ -86,6 +86,20 @@ done
chown -R archipelago:archipelago "$TOR_HOSTNAMES" 2>/dev/null
log "Tor hostnames populated: $(ls $TOR_HOSTNAMES 2>/dev/null | tr '\n' ' ')"
# ── Private Nostr Relay: start for VPN signaling and general use ──────
if command -v nostr-rs-relay >/dev/null 2>&1; then
# Relay config is pre-installed by ISO at /var/lib/archipelago/nostr-relay/config.toml
mkdir -p /var/lib/archipelago/nostr-relay
if [ ! -f /var/lib/archipelago/nostr-relay/config.toml ] && [ -f /etc/archipelago/nostr-relay-config.toml ]; then
cp /etc/archipelago/nostr-relay-config.toml /var/lib/archipelago/nostr-relay/config.toml
fi
chown -R archipelago:archipelago /var/lib/archipelago/nostr-relay
systemctl enable --now nostr-relay 2>/dev/null || true
log "Private Nostr relay started on port 7777"
else
log "nostr-rs-relay binary not found — skipping relay setup"
fi
# ── NostrVPN: configure native system service with node identity ──────
if command -v nvpn >/dev/null 2>&1; then
NOSTR_SECRET=$(cat /var/lib/archipelago/identity/nostr_secret 2>/dev/null)
@@ -107,7 +121,26 @@ if command -v nvpn >/dev/null 2>&1; then
# Configure nvpn with node identity and endpoint
if [ -f "$NVPN_CONFIG_DIR/config.toml" ]; then
su -l archipelago -c "nvpn set --endpoint '${HOST_IP}:51820'" 2>/dev/null || true
su -l archipelago -c "nvpn set --endpoint '${HOST_IP}:51821'" 2>/dev/null || true
fi
# Add this node's own relay as a signaling relay
# Direct relay (public IP) — only if not behind NAT
if [ -n "$HOST_IP" ] && ! echo "$HOST_IP" | grep -qE '^(10\.|192\.168\.|172\.(1[6-9]|2[0-9]|3[01])\.)'; then
su -l archipelago -c "nvpn relay add 'ws://${HOST_IP}:7777'" 2>/dev/null || true
fi
# Tor relay (works behind NAT)
RELAY_ONION=$(cat /var/lib/archipelago/tor-hostnames/relay 2>/dev/null)
if [ -n "$RELAY_ONION" ]; then
su -l archipelago -c "nvpn relay add 'ws://${RELAY_ONION}:7777'" 2>/dev/null || true
fi
# Sync config to daemon HOME so the service finds it
# (service runs with HOME=/var/lib/archipelago/nostr-vpn)
DAEMON_CONFIG_DIR="/var/lib/archipelago/nostr-vpn/.config/nvpn"
mkdir -p "$DAEMON_CONFIG_DIR"
if [ -f "$NVPN_CONFIG_DIR/config.toml" ]; then
cp "$NVPN_CONFIG_DIR/config.toml" "$DAEMON_CONFIG_DIR/config.toml"
fi
# Ensure env file exists for the service