From 80eddfbf568beaf41bb2fdddd603ee18daa48298 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?R=C3=A2u=20Cao?= <raucao@kosmos.org>
Date: Thu, 20 Jun 2024 15:38:27 +0200
Subject: [PATCH] Configure strfry whitelist

Allow akkounts pubkey to publish to our own relay
---
 environments/production.json                     |  3 +++
 site-cookbooks/kosmos_strfry/recipes/policies.rb | 13 +++++++++++--
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/environments/production.json b/environments/production.json
index 9904aba..d7832ca 100644
--- a/environments/production.json
+++ b/environments/production.json
@@ -107,6 +107,9 @@
       "domain": "nostr.kosmos.org",
       "real_ip_header": "x-real-ip",
       "policy_path": "/opt/strfry-policy.ts",
+      "whitelist_pubkeys": [
+        "b3e1b7c1660b7db0ecb93ec55c09e67961171a5c4e9e2602f1b47477ea61c50a"
+      ],
       "info": {
         "name": "Kosmos Relay",
         "description": "Members-only nostr relay for kosmos.org users",
diff --git a/site-cookbooks/kosmos_strfry/recipes/policies.rb b/site-cookbooks/kosmos_strfry/recipes/policies.rb
index cb4d9ec..af1b0e5 100644
--- a/site-cookbooks/kosmos_strfry/recipes/policies.rb
+++ b/site-cookbooks/kosmos_strfry/recipes/policies.rb
@@ -15,7 +15,8 @@ env = {
   ldap_url: 'ldap://ldap.kosmos.local:389', # requires "ldap_client" role
   ldap_bind_dn: ldap_credentials["service_dn"],
   ldap_password: ldap_credentials["service_password"],
-  ldap_search_dn: node["strfry"]["ldap_search_dn"]
+  ldap_search_dn: node["strfry"]["ldap_search_dn"],
+  whitelist_pubkeys: node["strfry"]["whitelist_pubkeys"].join(",")
 }
 
 template "/opt/.env" do
@@ -32,7 +33,15 @@ end
 # strfry deno scripts
 #
 
-base_url = "https://gitea.kosmos.org/kosmos/akkounts/raw/branch/master/extras/strfry"
+base_url = "https://gitea.kosmos.org/kosmos/akkounts/raw/branch/live/extras/strfry"
+
+remote_file "/opt/deno.json" do
+  source "#{base_url}/deno.json"
+  owner node["strfry"]["user"]
+  group node["strfry"]["group"]
+  mode "0644"
+  notifies :restart, "service[strfry]", :delayed
+end
 
 remote_file "/opt/strfry-policy.ts" do
   source "#{base_url}/strfry-policy.ts"