feat: ISO networking stack — relay + nvpn v0.3.7 + WireGuard
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Failing after 12m6s
Some checks failed
Build Archipelago ISO (dev) / build-iso (push) Failing after 12m6s
Add nostr-rs-relay as native system service (port 7777) for VPN signaling. Every node runs its own private relay from first boot. Update nvpn binary from v0.3.4 to v0.3.7 (fixes mesh event processing). Add WireGuard helper and address service for peer VPN. First-boot script configures relay, nvpn identity, relay URLs (direct + Tor onion), and syncs daemon config. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
@@ -86,6 +86,20 @@ done
|
||||
chown -R archipelago:archipelago "$TOR_HOSTNAMES" 2>/dev/null
|
||||
log "Tor hostnames populated: $(ls $TOR_HOSTNAMES 2>/dev/null | tr '\n' ' ')"
|
||||
|
||||
# ── Private Nostr Relay: start for VPN signaling and general use ──────
|
||||
if command -v nostr-rs-relay >/dev/null 2>&1; then
|
||||
# Relay config is pre-installed by ISO at /var/lib/archipelago/nostr-relay/config.toml
|
||||
mkdir -p /var/lib/archipelago/nostr-relay
|
||||
if [ ! -f /var/lib/archipelago/nostr-relay/config.toml ] && [ -f /etc/archipelago/nostr-relay-config.toml ]; then
|
||||
cp /etc/archipelago/nostr-relay-config.toml /var/lib/archipelago/nostr-relay/config.toml
|
||||
fi
|
||||
chown -R archipelago:archipelago /var/lib/archipelago/nostr-relay
|
||||
systemctl enable --now nostr-relay 2>/dev/null || true
|
||||
log "Private Nostr relay started on port 7777"
|
||||
else
|
||||
log "nostr-rs-relay binary not found — skipping relay setup"
|
||||
fi
|
||||
|
||||
# ── NostrVPN: configure native system service with node identity ──────
|
||||
if command -v nvpn >/dev/null 2>&1; then
|
||||
NOSTR_SECRET=$(cat /var/lib/archipelago/identity/nostr_secret 2>/dev/null)
|
||||
@@ -107,7 +121,26 @@ if command -v nvpn >/dev/null 2>&1; then
|
||||
|
||||
# Configure nvpn with node identity and endpoint
|
||||
if [ -f "$NVPN_CONFIG_DIR/config.toml" ]; then
|
||||
su -l archipelago -c "nvpn set --endpoint '${HOST_IP}:51820'" 2>/dev/null || true
|
||||
su -l archipelago -c "nvpn set --endpoint '${HOST_IP}:51821'" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Add this node's own relay as a signaling relay
|
||||
# Direct relay (public IP) — only if not behind NAT
|
||||
if [ -n "$HOST_IP" ] && ! echo "$HOST_IP" | grep -qE '^(10\.|192\.168\.|172\.(1[6-9]|2[0-9]|3[01])\.)'; then
|
||||
su -l archipelago -c "nvpn relay add 'ws://${HOST_IP}:7777'" 2>/dev/null || true
|
||||
fi
|
||||
# Tor relay (works behind NAT)
|
||||
RELAY_ONION=$(cat /var/lib/archipelago/tor-hostnames/relay 2>/dev/null)
|
||||
if [ -n "$RELAY_ONION" ]; then
|
||||
su -l archipelago -c "nvpn relay add 'ws://${RELAY_ONION}:7777'" 2>/dev/null || true
|
||||
fi
|
||||
|
||||
# Sync config to daemon HOME so the service finds it
|
||||
# (service runs with HOME=/var/lib/archipelago/nostr-vpn)
|
||||
DAEMON_CONFIG_DIR="/var/lib/archipelago/nostr-vpn/.config/nvpn"
|
||||
mkdir -p "$DAEMON_CONFIG_DIR"
|
||||
if [ -f "$NVPN_CONFIG_DIR/config.toml" ]; then
|
||||
cp "$NVPN_CONFIG_DIR/config.toml" "$DAEMON_CONFIG_DIR/config.toml"
|
||||
fi
|
||||
|
||||
# Ensure env file exists for the service
|
||||
|
||||
Reference in New Issue
Block a user