chore: use consts in relay env and service files and fix nginx file f…

…ormatting (#60)
nodetec · Oct 5, 2024 · 0938446 · 0938446
1 parent 45a9e6a
commit 0938446
Show file tree

Hide file tree

Showing 20 changed files with 66 additions and 53 deletions.
diff --git a/pkg/relays/khatru29/constants.go b/pkg/relays/khatru29/constants.go
@@ -13,7 +13,7 @@ RELAY_NAME="Khatru29"
 RELAY_PRIVKEY="{{.PrivKey}}"
 RELAY_DESCRIPTION="Khatru29 Nostr Relay"
 RELAY_CONTACT="{{.RelayContact}}"
-DATABASE_PATH=/var/lib/khatru29/db
+DATABASE_PATH="/var/lib/khatru29/db"
 `
 const ServiceFilePath = "/etc/systemd/system/khatru29.service"
 const ServiceFileTemplate = `[Unit]
@@ -25,8 +25,8 @@ Type=simple
 User=nostr
 Group=nostr
 WorkingDirectory=/home/nostr
-EnvironmentFile=/etc/systemd/system/khatru29.env
-ExecStart=/usr/local/bin/khatru29
+EnvironmentFile={{.EnvFilePath}}
+ExecStart={{.BinaryFilePath}}
 Restart=on-failure
 
 [Install]

diff --git a/pkg/relays/khatru29/nginx_http.go b/pkg/relays/khatru29/nginx_http.go
@@ -55,19 +55,19 @@ server {
     # Test configuration:
     # https://securityheaders.com/
     # https://observatory.mozilla.org/
-		add_header X-Frame-Options DENY;
+    add_header X-Frame-Options DENY;
 
     # Avoid MIME type sniffing
-		add_header X-Content-Type-Options nosniff always;
+    add_header X-Content-Type-Options nosniff always;
 
-		add_header Referrer-Policy "no-referrer" always;
+    add_header Referrer-Policy "no-referrer" always;
 
-		add_header X-XSS-Protection 0 always;
+    add_header X-XSS-Protection 0 always;
 
-		add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
 
     #### Content-Security-Policy (CSP) ####
-		add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
+    add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
 }
 
 server {

diff --git a/pkg/relays/khatru29/service.go b/pkg/relays/khatru29/service.go
@@ -40,7 +40,8 @@ func SetupRelayService(domain, privKey, relayContact string) {
 
 	// Create the systemd service file
 	spinner.UpdateText("Creating service file...")
-	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate)
+	serviceFileParams := systemd.ServiceFileParams{EnvFilePath: EnvFilePath, BinaryFilePath: BinaryFilePath}
+	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate, &serviceFileParams)
 
 	// Reload systemd to apply the new service
 	spinner.UpdateText("Reloading systemd daemon...")

diff --git a/pkg/relays/khatru_pyramid/constants.go b/pkg/relays/khatru_pyramid/constants.go
@@ -27,8 +27,8 @@ Type=simple
 User=nostr
 Group=nostr
 WorkingDirectory=/home/nostr
-EnvironmentFile=/etc/systemd/system/khatru-pyramid.env
-ExecStart=/usr/local/bin/khatru-pyramid
+EnvironmentFile={{.EnvFilePath}}
+ExecStart={{.BinaryFilePath}}
 Restart=on-failure
 
 [Install]

diff --git a/pkg/relays/khatru_pyramid/nginx_http.go b/pkg/relays/khatru_pyramid/nginx_http.go
@@ -55,19 +55,19 @@ server {
     # Test configuration:
     # https://securityheaders.com/
     # https://observatory.mozilla.org/
-		add_header X-Frame-Options DENY;
+    add_header X-Frame-Options DENY;
 
     # Avoid MIME type sniffing
-		add_header X-Content-Type-Options nosniff always;
+    add_header X-Content-Type-Options nosniff always;
 
-		add_header Referrer-Policy "no-referrer" always;
+    add_header Referrer-Policy "no-referrer" always;
 
-		add_header X-XSS-Protection 0 always;
+    add_header X-XSS-Protection 0 always;
 
-		add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
 
     #### Content-Security-Policy (CSP) ####
-		add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
+    add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
 }
 
 server {

diff --git a/pkg/relays/khatru_pyramid/nginx_https.go b/pkg/relays/khatru_pyramid/nginx_https.go
@@ -101,7 +101,7 @@ server {
 
     add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
 
-		#### Content-Security-Policy (CSP) ####
+    #### Content-Security-Policy (CSP) ####
     add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests;" always;
 }
 

diff --git a/pkg/relays/khatru_pyramid/service.go b/pkg/relays/khatru_pyramid/service.go
@@ -40,7 +40,8 @@ func SetupRelayService(domain, pubKey, relayContact string) {
 
 	// Create the systemd service file
 	spinner.UpdateText("Creating service file...")
-	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate)
+	serviceFileParams := systemd.ServiceFileParams{EnvFilePath: EnvFilePath, BinaryFilePath: BinaryFilePath}
+	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate, &serviceFileParams)
 
 	// Reload systemd to apply the new service
 	spinner.UpdateText("Reloading systemd daemon...")

diff --git a/pkg/relays/strfry/constants.go b/pkg/relays/strfry/constants.go
@@ -25,7 +25,7 @@ After=network.target
 Type=simple
 User=nostr
 Group=nostr
-ExecStart=/usr/local/bin/strfry --config=/etc/strfry/strfry.conf relay
+ExecStart={{.BinaryFilePath}} --config={{.ConfigFilePath}} relay
 Restart=on-failure
 RestartSec=5
 ProtectHome=yes

diff --git a/pkg/relays/strfry/nginx_http.go b/pkg/relays/strfry/nginx_http.go
@@ -49,16 +49,16 @@ func ConfigureNginxHttp(domainName string) {
 		add_header X-Frame-Options DENY;
 
     # Avoid MIME type sniffing
-		add_header X-Content-Type-Options nosniff always;
+    add_header X-Content-Type-Options nosniff always;
 
-		add_header Referrer-Policy "no-referrer" always;
+    add_header Referrer-Policy "no-referrer" always;
 
-		add_header X-XSS-Protection 0 always;
+    add_header X-XSS-Protection 0 always;
 
-		add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
 
     #### Content-Security-Policy (CSP) ####
-		add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
+    add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
 }
 
 server {

diff --git a/pkg/relays/strfry/nginx_https.go b/pkg/relays/strfry/nginx_https.go
@@ -75,7 +75,7 @@ func ConfigureNginxHttps(domainName string) {
     ssl_stapling on;
     ssl_stapling_verify on;
 
-		#### Security Headers ####
+    #### Security Headers ####
     # Test configuration:
     # https://securityheaders.com/
     # https://observatory.mozilla.org/

diff --git a/pkg/relays/strfry/service.go b/pkg/relays/strfry/service.go
@@ -58,7 +58,8 @@ func SetupRelayService(domain string) {
 
 	// Create the systemd service file
 	spinner.UpdateText("Creating service file...")
-	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate)
+	serviceFileParams := systemd.ServiceFileParams{BinaryFilePath: BinaryFilePath, ConfigFilePath: ConfigFilePath}
+	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate, &serviceFileParams)
 
 	// Reload systemd to apply the new service
 	spinner.UpdateText("Reloading systemd daemon...")

diff --git a/pkg/relays/strfry29/constants.go b/pkg/relays/strfry29/constants.go
@@ -23,8 +23,8 @@ const PluginFilePath = "/usr/local/bin/strfry29.json"
 const PluginFileTemplate = `{
   "domain": "{{.Domain}}",
   "relay_secret_key": "{{.RelaySecretKey}}",
-  "strfry_config_path": "/etc/strfry29/strfry.conf",
-  "strfry_executable_path": "/usr/local/bin/strfry"
+  "strfry_config_path": "{{.ConfigFilePath}}",
+  "strfry_executable_path": "{{.BinaryFilePath}}"
 }
 `
 const ServiceName = "strfry29"
@@ -41,7 +41,7 @@ After=network.target
 Type=simple
 User=nostr
 Group=nostr
-ExecStart=/usr/local/bin/strfry --config=/etc/strfry29/strfry.conf relay
+ExecStart={{.BinaryFilePath}} --config={{.ConfigFilePath}} relay
 Restart=on-failure
 RestartSec=5
 ProtectHome=yes

diff --git a/pkg/relays/strfry29/nginx_http.go b/pkg/relays/strfry29/nginx_http.go
@@ -46,19 +46,19 @@ func ConfigureNginxHttp(domainName string) {
     # Test configuration:
     # https://securityheaders.com/
     # https://observatory.mozilla.org/
-		add_header X-Frame-Options DENY;
+    add_header X-Frame-Options DENY;
 
     # Avoid MIME type sniffing
-		add_header X-Content-Type-Options nosniff always;
+    add_header X-Content-Type-Options nosniff always;
 
-		add_header Referrer-Policy "no-referrer" always;
+    add_header Referrer-Policy "no-referrer" always;
 
-		add_header X-XSS-Protection 0 always;
+    add_header X-XSS-Protection 0 always;
 
-		add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
 
     #### Content-Security-Policy (CSP) ####
-		add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
+    add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
 }
 
 server {

diff --git a/pkg/relays/strfry29/nginx_https.go b/pkg/relays/strfry29/nginx_https.go
@@ -75,7 +75,7 @@ func ConfigureNginxHttps(domainName string) {
     ssl_stapling on;
     ssl_stapling_verify on;
 
-		#### Security Headers ####
+    #### Security Headers ####
     # Test configuration:
     # https://securityheaders.com/
     # https://observatory.mozilla.org/

diff --git a/pkg/relays/strfry29/service.go b/pkg/relays/strfry29/service.go
@@ -67,15 +67,16 @@ func SetupRelayService(domain, relaySecretKey string) {
 
 	// Create the strfry29.json file
 	spinner.UpdateText("Creating plugin file...")
-	pluginFileParams := plugins.PluginFileParams{Domain: domain, RelaySecretKey: relaySecretKey}
+	pluginFileParams := plugins.PluginFileParams{Domain: domain, RelaySecretKey: relaySecretKey, ConfigFilePath: ConfigFilePath, BinaryFilePath: BinaryFilePath}
 	plugins.CreatePluginFile(PluginFilePath, PluginFileTemplate, &pluginFileParams)
 
 	// Use chown command to set ownership of the strfry29.json file to the nostr user
 	files.SetOwnerAndGroup("nostr", "nostr", PluginFilePath)
 
 	// Create the systemd service file
 	spinner.UpdateText("Creating service file...")
-	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate)
+	serviceFileParams := systemd.ServiceFileParams{BinaryFilePath: BinaryFilePath, ConfigFilePath: ConfigFilePath}
+	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate, &serviceFileParams)
 
 	// Reload systemd to apply the new service
 	spinner.UpdateText("Reloading systemd daemon...")

diff --git a/pkg/relays/wot_relay/constants.go b/pkg/relays/wot_relay/constants.go
@@ -60,8 +60,8 @@ Type=simple
 User=nostr
 Group=nostr
 WorkingDirectory=/home/nostr
-EnvironmentFile=/etc/systemd/system/wot-relay.env
-ExecStart=/usr/local/bin/wot-relay
+EnvironmentFile={{.EnvFilePath}}
+ExecStart={{.BinaryFilePath}}
 Restart=on-failure
 MemoryHigh=512M
 MemoryMax=1G

diff --git a/pkg/relays/wot_relay/nginx_http.go b/pkg/relays/wot_relay/nginx_http.go
@@ -57,19 +57,19 @@ server {
     # Test configuration:
     # https://securityheaders.com/
     # https://observatory.mozilla.org/
-		add_header X-Frame-Options DENY;
+    add_header X-Frame-Options DENY;
 
     # Avoid MIME type sniffing
-		add_header X-Content-Type-Options nosniff always;
+    add_header X-Content-Type-Options nosniff always;
 
-		add_header Referrer-Policy "no-referrer" always;
+    add_header Referrer-Policy "no-referrer" always;
 
-		add_header X-XSS-Protection 0 always;
+    add_header X-XSS-Protection 0 always;
 
-		add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
+    add_header Permissions-Policy "geolocation=(), midi=(), sync-xhr=(), microphone=(), camera=(), magnetometer=(), gyroscope=(), fullscreen=(self), payment=()" always;
 
     #### Content-Security-Policy (CSP) ####
-		add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
+    add_header Content-Security-Policy "base-uri 'self'; object-src 'none'; frame-ancestors 'none';" always;
 }
 
 server {

diff --git a/pkg/relays/wot_relay/service.go b/pkg/relays/wot_relay/service.go
@@ -63,7 +63,8 @@ func SetupRelayService(domain, pubKey, relayContact string, httpsEnabled bool) {
 
 	// Create the systemd service file
 	spinner.UpdateText("Creating service file...")
-	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate)
+	serviceFileParams := systemd.ServiceFileParams{EnvFilePath: EnvFilePath, BinaryFilePath: BinaryFilePath}
+	systemd.CreateServiceFile(ServiceFilePath, ServiceFileTemplate, &serviceFileParams)
 
 	// Reload systemd to apply the new service
 	spinner.UpdateText("Reloading systemd daemon...")

diff --git a/pkg/utils/plugins/utils.go b/pkg/utils/plugins/utils.go
@@ -10,6 +10,8 @@ import (
 type PluginFileParams struct {
 	Domain         string
 	RelaySecretKey string
+	ConfigFilePath string
+	BinaryFilePath string
 }
 
 func CreatePluginFile(pluginFilePath, pluginTemplate string, pluginFileParams *PluginFileParams) {
@@ -28,7 +30,7 @@ func CreatePluginFile(pluginFilePath, pluginTemplate string, pluginFileParams *P
 		os.Exit(1)
 	}
 
-	err = pluginTmpl.Execute(pluginFile, struct{ Domain, RelaySecretKey string }{Domain: pluginFileParams.Domain, RelaySecretKey: pluginFileParams.RelaySecretKey})
+	err = pluginTmpl.Execute(pluginFile, struct{ Domain, RelaySecretKey, ConfigFilePath, BinaryFilePath string }{Domain: pluginFileParams.Domain, RelaySecretKey: pluginFileParams.RelaySecretKey, ConfigFilePath: pluginFileParams.ConfigFilePath, BinaryFilePath: pluginFileParams.BinaryFilePath})
 	if err != nil {
 		pterm.Println()
 		pterm.Error.Println(fmt.Sprintf("Failed to execute plugin template: %v", err))

diff --git a/pkg/utils/systemd/utils.go b/pkg/utils/systemd/utils.go
@@ -16,6 +16,12 @@ type EnvFileParams struct {
 	RelayContact string
 }
 
+type ServiceFileParams struct {
+	EnvFilePath    string
+	BinaryFilePath string
+	ConfigFilePath string
+}
+
 func CreateEnvFile(envFilePath, envTemplate string, envFileParams *EnvFileParams) {
 	envFile, err := os.Create(envFilePath)
 	if err != nil {
@@ -47,7 +53,7 @@ func CreateEnvFile(envFilePath, envTemplate string, envFileParams *EnvFileParams
 	}
 }
 
-func CreateServiceFile(serviceFilePath, serviceTemplate string) {
+func CreateServiceFile(serviceFilePath, serviceTemplate string, serviceFileParams *ServiceFileParams) {
 	serviceFile, err := os.Create(serviceFilePath)
 	if err != nil {
 		pterm.Println()
@@ -56,14 +62,14 @@ func CreateServiceFile(serviceFilePath, serviceTemplate string) {
 	}
 	defer serviceFile.Close()
 
-	tmpl, err := template.New("service").Parse(serviceTemplate)
+	serviceTmpl, err := template.New("service").Parse(serviceTemplate)
 	if err != nil {
 		pterm.Println()
 		pterm.Error.Println(fmt.Sprintf("Failed to parse service template: %v", err))
 		os.Exit(1)
 	}
 
-	err = tmpl.Execute(serviceFile, struct{}{})
+	err = serviceTmpl.Execute(serviceFile, struct{ EnvFilePath, BinaryFilePath, ConfigFilePath string }{EnvFilePath: serviceFileParams.EnvFilePath, BinaryFilePath: serviceFileParams.BinaryFilePath, ConfigFilePath: serviceFileParams.ConfigFilePath})
 	if err != nil {
 		pterm.Println()
 		pterm.Error.Println(fmt.Sprintf("Failed to execute service template: %v", err))