Initial release

.gitignore

@@ -0,0 +1,25 @@
+.vagrant
+*~
+*#
+.#*
+\#*#
+.*.sw[a-z]
+*.un~
+
+# Bundler
+Gemfile.lock
+gems.locked
+bin/*
+.bundle/*
+
+# test kitchen
+.kitchen/
+kitchen.local.yml
+
+# Chef Infra
+Berksfile.lock
+.zero-knife.rb
+Policyfile.lock.json
+
+.idea/
+

LICENSE

@@ -0,0 +1,7 @@
+Copyright (c) 2024 Kosmos Developers
+
+Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

Policyfile.rb

@@ -0,0 +1,16 @@
+# Policyfile.rb - Describe how you want Chef Infra Client to build your system.
+#
+# For more information on the Policyfile feature, visit
+# https://docs.chef.io/policyfile/
+
+# A name that describes what the system you're building with Chef does.
+name 'strfry'
+
+# Where to find external cookbooks:
+default_source :supermarket
+
+# run_list: chef-client will run these recipes in the order specified.
+run_list 'strfry::default'
+
+# Specify a custom source for a single cookbook:
+cookbook 'strfry', path: '.'

README.md

@@ -0,0 +1,3 @@
+# strfry cookbook
+
+A Chef cookbook for installing/configuring a Nostr relay based on strfry

attributes/default.rb

@@ -0,0 +1,10 @@
+node.default["strfry"]["repo"] = "https://github.com/hoytech/strfry.git"
+node.default["strfry"]["revision"] = "master"
+node.default["strfry"]["download_url"] = nil
+node.default["strfry"]["checksum"] = nil
+node.default["strfry"]["user"] = "strfry"
+node.default["strfry"]["group"] = "strfry"
+node.default["strfry"]["db_path"] = "/var/lib/strfry"
+node.default["strfry"]["bind_ip"] = "0.0.0.0"
+node.default["strfry"]["real_ip_header"] = ""
+node.default["strfry"]["info"] = {}

chefignore

@@ -0,0 +1,115 @@
+# Put files/directories that should be ignored in this file when uploading
+# to a Chef Infra Server or Supermarket.
+# Lines that start with '# ' are comments.
+
+# OS generated files #
+######################
+.DS_Store
+ehthumbs.db
+Icon?
+nohup.out
+Thumbs.db
+.envrc
+
+# EDITORS #
+###########
+.#*
+.project
+.settings
+*_flymake
+*_flymake.*
+*.bak
+*.sw[a-z]
+*.tmproj
+*~
+\#*
+REVISION
+TAGS*
+tmtags
+.vscode
+.editorconfig
+
+## COMPILED ##
+##############
+*.class
+*.com
+*.dll
+*.exe
+*.o
+*.pyc
+*.so
+*/rdoc/
+a.out
+mkmf.log
+
+# Testing #
+###########
+.circleci/*
+.codeclimate.yml
+.delivery/*
+.foodcritic
+.kitchen*
+.mdlrc
+.overcommit.yml
+.rspec
+.rubocop.yml
+.travis.yml
+.watchr
+.yamllint
+azure-pipelines.yml
+Dangerfile
+examples/*
+features/*
+Guardfile
+kitchen.yml*
+mlc_config.json
+Procfile
+Rakefile
+spec/*
+test/*
+
+# SCM #
+#######
+.git
+.gitattributes
+.gitconfig
+.github/*
+.gitignore
+.gitkeep
+.gitmodules
+.svn
+*/.bzr/*
+*/.git
+*/.hg/*
+*/.svn/*
+
+# Berkshelf #
+#############
+Berksfile
+Berksfile.lock
+cookbooks/*
+tmp
+
+# Bundler #
+###########
+vendor/*
+Gemfile
+Gemfile.lock
+
+# Policyfile #
+##############
+Policyfile.rb
+Policyfile.lock.json
+
+# Documentation #
+#############
+CODE_OF_CONDUCT*
+CONTRIBUTING*
+documentation/*
+TESTING*
+UPGRADING*
+
+# Vagrant #
+###########
+.vagrant
+Vagrantfile

kitchen.yml

@@ -0,0 +1,37 @@
+---
+driver:
+  name: dokken
+  chef_version: 18.2.7
+  pull_platform_image: false
+  pull_chef_image: false
+  # memory_limit: 4294967296 # 4GB
+  memory_limit: 8589934592 # 8GB
+  volumes:
+    # saves the apt archieves outside of the container
+    - /var/cache/apt/archives/:/var/cache/apt/archives/
+
+transport:
+  name: dokken
+
+provisioner:
+  name: dokken
+
+verifier:
+  name: inspec
+
+platforms:
+  - name: ubuntu-22.04
+    driver:
+      image: dokken/ubuntu-22.04
+      privileged: true
+      pid_one_command: /usr/lib/systemd/systemd
+      intermediate_instructions:
+        # prevent APT from deleting the APT folder
+        - RUN rm /etc/apt/apt.conf.d/docker-clean
+        - RUN /usr/bin/apt-get update
+
+suites:
+  - name: strfry
+    verifier:
+      inspec_tests:
+        - test/integration/default

metadata.rb

@@ -0,0 +1,11 @@
+name 'strfry'
+maintainer 'Kosmos'
+maintainer_email 'ops@kosmos.org'
+license 'MIT'
+description 'Installs/configures strfry'
+version '0.1.0'
+chef_version '>= 18.0'
+issues_url 'https://gitea.kosmos.org/kosmos/strfry-cookbook/issues'
+source_url 'https://gitea.kosmos.org/kosmos/strfry-cookbook'
+
+# depends "git"

recipes/default.rb

@@ -0,0 +1,114 @@
+#
+# Cookbook:: strfry
+# Recipe:: default
+#
+
+unless platform?("ubuntu")
+  raise "This recipe only supports Ubuntu installs at the moment"
+end
+
+if node["strfry"]["download_url"]
+  #
+  # Install by downloading an executable file
+  #
+  remote_file '/usr/local/bin/strfry' do
+    source node["strfry"]["download_url"]
+    checksum node["strfry"]["checksum"]
+    mode '0755'
+    show_progress true
+    notifies :restart, "service[strfry]", :delayed
+  end
+else
+  #
+  # Install by building from source
+  #
+  %w[
+    git build-essential libyaml-perl libtemplate-perl libregexp-grammars-perl
+    libssl-dev zlib1g-dev liblmdb-dev libflatbuffers-dev libsecp256k1-dev
+    libzstd-dev
+  ].each do |pkg|
+    package pkg
+  end
+
+  git "/usr/local/src/strfry" do
+    repository node["strfry"]["repo"]
+    revision node["strfry"]["revision"]
+    enable_submodules true
+    notifies :run, "execute[compile]", :immediately
+  end
+
+  execute "compile" do
+    cwd "/usr/local/src/strfry"
+    command "make setup-golpe && make -j$(nproc)"
+    # action :nothing
+    notifies :create, "link[/usr/local/bin/strfry]", :immediately
+    notifies :restart, "service[strfry]", :delayed
+  end
+
+  link "/usr/local/bin/strfry" do
+    to "/usr/local/src/strfry/strfry"
+    action :nothing
+  end
+end
+
+group node["strfry"]["group"]
+
+user node["strfry"]["user"] do
+  gid node["strfry"]["group"]
+  manage_home false
+  shell "/usr/sbin/nologin"
+end
+
+directory node["strfry"]["db_path"] do
+  owner node["strfry"]["user"]
+  group node["strfry"]["group"]
+  mode "0755"
+end
+
+template "/etc/strfry.conf" do
+  source "strfry.conf.erb"
+  mode "0644"
+  owner node["strfry"]["user"]
+  group node["strfry"]["group"]
+  variables config: {
+    db_path: node["strfry"]["db_path"],
+    bind: node["strfry"]["bind_ip"],
+    real_ip_header: node["strfry"]["real_ip_header"],
+    port: node["strfry"]["port"],
+    info: node["strfry"]["info"]
+  }
+  notifies :restart, "service[strfry]", :delayed
+end
+
+service 'strfry' do
+  action :nothing
+end
+
+systemd_unit "strfry.service" do
+  content({
+    Unit: {
+      Description: "strfry relay",
+      Documentation: ["https://github.com/hoytech/strfry"],
+    },
+    Service: {
+      Type: "simple",
+      User: node["strfry"]["user"],
+      ExecStart: "/usr/local/bin/strfry relay",
+      Restart: "on-failure",
+      RestartSec: "5",
+      ProtectHome: "yes",
+      NoNewPrivileges: "yes",
+      ProtectSystem: "full",
+      LimitCORE: "1000000000"
+    },
+    Install: {
+      WantedBy: "multi-user.target"
+    }
+  })
+  triggers_reload true
+  action :create
+end
+
+service "strfry" do
+  action [:enable, :start]
+end

templates/default/strfry.conf.erb

@@ -0,0 +1,134 @@
+# Directory that contains the strfry LMDB database (restart required)
+db = "<%= @config[:db_path] %>/"
+
+dbParams {
+    # Maximum number of threads/processes that can simultaneously have LMDB transactions open (restart required)
+    maxreaders = 256
+
+    # Size of mmap() to use when loading LMDB (default is 10TB, does *not* correspond to disk-space used) (restart required)
+    mapsize = 10995116277760
+
+    # Disables read-ahead when accessing the LMDB mapping. Reduces IO activity when DB size is larger than RAM. (restart required)
+    noReadAhead = false
+}
+
+events {
+    # Maximum size of normalised JSON, in bytes
+    maxEventSize = 65536
+
+    # Events newer than this will be rejected
+    rejectEventsNewerThanSeconds = 900
+
+    # Events older than this will be rejected
+    rejectEventsOlderThanSeconds = 94608000
+
+    # Ephemeral events older than this will be rejected
+    rejectEphemeralEventsOlderThanSeconds = 60
+
+    # Ephemeral events will be deleted from the DB when older than this
+    ephemeralEventsLifetimeSeconds = 300
+
+    # Maximum number of tags allowed
+    maxNumTags = 2000
+
+    # Maximum size for tag values, in bytes
+    maxTagValSize = 1024
+}
+
+relay {
+    # Interface to listen on. Use 0.0.0.0 to listen on all interfaces (restart required)
+    bind = "<%= @config[:bind] || "127.0.0.1"  %>"
+
+    # Port to open for the nostr websocket protocol (restart required)
+    port = <%= @config[:port] || "7777" %>
+
+    # Set OS-limit on maximum number of open files/sockets (if 0, don't attempt to set) (restart required)
+    nofiles = 1000000
+
+    # HTTP header that contains the client's real IP, before reverse proxying (ie x-real-ip) (MUST be all lower-case)
+    realIpHeader = "<%= @config[:real_ip_header] %>"
+
+    info {
+        # NIP-11: Name of this server. Short/descriptive (< 30 characters)
+        name = "<%= @config[:info][:name] || "strfry default" %>"
+
+        # NIP-11: Detailed information about relay, free-form
+        description = "<%= @config[:info][:description] || "This is a strfry instance." %>"
+
+        # NIP-11: Administrative nostr pubkey, for contact purposes
+        pubkey = "<%= @config[:info][:pubkey] || "" %>"
+
+        # NIP-11: Alternative administrative contact (email, website, etc)
+        contact = "<%= @config[:info][:contact] || "" %>"
+    }
+
+    # Maximum accepted incoming websocket frame size (should be larger than max event) (restart required)
+    maxWebsocketPayloadSize = 131072
+
+    # Websocket-level PING message frequency (should be less than any reverse proxy idle timeouts) (restart required)
+    autoPingSeconds = 55
+
+    # If TCP keep-alive should be enabled (detect dropped connections to upstream reverse proxy)
+    enableTcpKeepalive = false
+
+    # How much uninterrupted CPU time a REQ query should get during its DB scan
+    queryTimesliceBudgetMicroseconds = 10000
+
+    # Maximum records that can be returned per filter
+    maxFilterLimit = 500
+
+    # Maximum number of subscriptions (concurrent REQs) a connection can have open at any time
+    maxSubsPerConnection = 20
+
+    writePolicy {
+        # If non-empty, path to an executable script that implements the writePolicy plugin logic
+        plugin = ""
+    }
+
+    compression {
+        # Use permessage-deflate compression if supported by client. Reduces bandwidth, but slight increase in CPU (restart required)
+        enabled = true
+
+        # Maintain a sliding window buffer for each connection. Improves compression, but uses more memory (restart required)
+        slidingWindow = true
+    }
+
+    logging {
+        # Dump all incoming messages
+        dumpInAll = false
+
+        # Dump all incoming EVENT messages
+        dumpInEvents = false
+
+        # Dump all incoming REQ/CLOSE messages
+        dumpInReqs = false
+
+        # Log performance metrics for initial REQ database scans
+        dbScanPerf = false
+
+        # Log reason for invalid event rejection? Can be disabled to silence excessive logging
+        invalidEvents = true
+    }
+
+    numThreads {
+        # Ingester threads: route incoming requests, validate events/sigs (restart required)
+        ingester = 3
+
+        # reqWorker threads: Handle initial DB scan for events (restart required)
+        reqWorker = 3
+
+        # reqMonitor threads: Handle filtering of new events (restart required)
+        reqMonitor = 3
+
+        # negentropy threads: Handle negentropy protocol messages (restart required)
+        negentropy = 2
+    }
+
+    negentropy {
+        # Support negentropy protocol messages
+        enabled = true
+
+        # Maximum records that sync will process before returning an error
+        maxSyncEvents = 1000000
+    }
+}

test/integration/default/default_test.rb

@@ -0,0 +1,30 @@
+# Chef InSpec test for recipe strfry::default
+
+# The Chef InSpec reference, with examples and extensive documentation, can be
+# found at https://docs.chef.io/inspec/resources/
+
+describe user('strfry') do
+  it { should exist }
+end
+
+describe group('strfry') do
+  it { should exist }
+end
+
+describe file('/usr/local/bin/strfry') do
+  it { should exist }
+  its('mode') { should cmp '00755' }
+end
+
+describe file('/etc/strfry.conf') do
+  it { should exist }
+end
+
+describe file('/var/lib/strfry') do
+  it { should be_directory }
+end
+
+describe port(7777) do
+  it { should be_listening }
+  its('addresses') { should include '0.0.0.0' }
+end