diff options
| author | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-12 21:06:39 +0000 |
|---|---|---|
| committer | DanConwayDev <DanConwayDev@protonmail.com> | 2026-01-12 21:21:52 +0000 |
| commit | 82b56c37b26a2fac1a294873e539b19b9325dca6 (patch) | |
| tree | 07800949230f13f91fec2eebbd94b8fbb00dd83f /nix/module.nix | |
| parent | a12927181c571fc1641772ad44dd4c6a4ab209d9 (diff) | |
feat(config): add repository whitelist for curated GRASP-01 acceptance
Adds NGIT_REPOSITORY_WHITELIST option for curated relay operation that
accepts only whitelisted repositories while maintaining GRASP-01 compliance
(announcements must list the service). This differs from archive whitelist
which enables GRASP-05 mode and doesn't require service listing.
Key features:
- Supports three whitelist formats: npub, npub/identifier, identifier
- Enforces mutual exclusivity with archive read-only mode
- Updates NIP-11 curation field when whitelist is enabled
- Maintains GRASP-01 compliance (doesn't add GRASP-05 support)
Configuration synced across all four sources: src/config.rs, docs/reference/configuration.md,
nix/module.nix, and .env.example as required by AGENTS.md.
Diffstat (limited to 'nix/module.nix')
| -rw-r--r-- | nix/module.nix | 15 |
1 files changed, 15 insertions, 0 deletions
diff --git a/nix/module.nix b/nix/module.nix index 516fb04..d5dfd88 100644 --- a/nix/module.nix +++ b/nix/module.nix | |||
| @@ -207,6 +207,20 @@ let | |||
| 207 | - Repository announcements not listing this service are accepted per whitelist/archive-all | 207 | - Repository announcements not listing this service are accepted per whitelist/archive-all |
| 208 | Default: true if archiveAll or archiveWhitelist is set, false otherwise | 208 | Default: true if archiveAll or archiveWhitelist is set, false otherwise |
| 209 | Note: Setting to true without archive config causes startup error | 209 | Note: Setting to true without archive config causes startup error |
| 210 | Note: Cannot be used with repositoryWhitelist (mutually exclusive) | ||
| 211 | ''; | ||
| 212 | }; | ||
| 213 | |||
| 214 | repositoryWhitelist = mkOption { | ||
| 215 | type = types.listOf types.str; | ||
| 216 | default = [ ]; | ||
| 217 | example = [ "npub1alice..." "npub1bob.../linux" "bitcoin-core" ]; | ||
| 218 | description = '' | ||
| 219 | Repository whitelist for GRASP-01 acceptance. | ||
| 220 | Announcements must BOTH list our service AND match this whitelist. | ||
| 221 | Formats: <npub>, <npub>/<identifier>, <identifier> | ||
| 222 | Cannot be used with archiveReadOnly=true (mutually exclusive) | ||
| 223 | When set, NIP-11 curation field indicates curated repository acceptance | ||
| 210 | ''; | 224 | ''; |
| 211 | }; | 225 | }; |
| 212 | 226 | ||
| @@ -252,6 +266,7 @@ let | |||
| 252 | toString cfg.naughtyListExpirationHours; | 266 | toString cfg.naughtyListExpirationHours; |
| 253 | NGIT_ARCHIVE_ALL = toString cfg.archiveAll; | 267 | NGIT_ARCHIVE_ALL = toString cfg.archiveAll; |
| 254 | NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist; | 268 | NGIT_ARCHIVE_WHITELIST = concatStringsSep "," cfg.archiveWhitelist; |
| 269 | NGIT_REPOSITORY_WHITELIST = concatStringsSep "," cfg.repositoryWhitelist; | ||
| 255 | RUST_LOG = cfg.logLevel; | 270 | RUST_LOG = cfg.logLevel; |
| 256 | } // optionalAttrs (cfg.relayName != null) { | 271 | } // optionalAttrs (cfg.relayName != null) { |
| 257 | NGIT_RELAY_NAME = cfg.relayName; | 272 | NGIT_RELAY_NAME = cfg.relayName; |