diff options
Diffstat (limited to 'docs/reference')
| -rw-r--r-- | docs/reference/configuration.md | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/docs/reference/configuration.md b/docs/reference/configuration.md index 4692600..1c62911 100644 --- a/docs/reference/configuration.md +++ b/docs/reference/configuration.md | |||
| @@ -617,6 +617,13 @@ NGIT_ARCHIVE_ALL=false | |||
| 617 | NGIT_ARCHIVE_WHITELIST= | 617 | NGIT_ARCHIVE_WHITELIST= |
| 618 | # → Server fails to start: "NGIT_ARCHIVE_READ_ONLY=true requires either | 618 | # → Server fails to start: "NGIT_ARCHIVE_READ_ONLY=true requires either |
| 619 | # NGIT_ARCHIVE_ALL=true or NGIT_ARCHIVE_WHITELIST to be set" | 619 | # NGIT_ARCHIVE_ALL=true or NGIT_ARCHIVE_WHITELIST to be set" |
| 620 | |||
| 621 | # ERROR: Cannot use repository whitelist with archive read-only | ||
| 622 | NGIT_ARCHIVE_READ_ONLY=true | ||
| 623 | NGIT_ARCHIVE_WHITELIST=npub1alice... | ||
| 624 | NGIT_REPOSITORY_WHITELIST=npub1bob... | ||
| 625 | # → Server fails to start: "NGIT_REPOSITORY_WHITELIST cannot be used with | ||
| 626 | # NGIT_ARCHIVE_READ_ONLY=true" | ||
| 620 | ``` | 627 | ``` |
| 621 | 628 | ||
| 622 | **NIP-11 Impact:** | 629 | **NIP-11 Impact:** |
| @@ -645,6 +652,98 @@ NGIT_ARCHIVE_READ_ONLY=false | |||
| 645 | 652 | ||
| 646 | --- | 653 | --- |
| 647 | 654 | ||
| 655 | ### Repository Whitelist | ||
| 656 | |||
| 657 | #### `NGIT_REPOSITORY_WHITELIST` | ||
| 658 | |||
| 659 | **Description:** Whitelist specific repositories/pubkeys/identifiers for GRASP-01 acceptance | ||
| 660 | **Type:** Comma-separated list | ||
| 661 | **Default:** Empty (all repos listing our service are accepted) | ||
| 662 | **Required:** No | ||
| 663 | |||
| 664 | **Format:** Same as `NGIT_ARCHIVE_WHITELIST`: | ||
| 665 | - `npub1...` - Accept all repos from this pubkey (if they list our service) | ||
| 666 | - `npub1.../identifier` - Accept specific repo (if it lists our service) | ||
| 667 | - `identifier` - Accept repos with this identifier (if they list our service) | ||
| 668 | |||
| 669 | **Difference from Archive Whitelist:** | ||
| 670 | - **Repository whitelist**: Announcements **MUST** list our service **AND** match whitelist | ||
| 671 | - **Archive whitelist**: Announcements don't need to list our service, just match whitelist | ||
| 672 | |||
| 673 | **Examples:** | ||
| 674 | |||
| 675 | ```bash | ||
| 676 | # Accept only repos from specific pubkey (that list our service) | ||
| 677 | NGIT_REPOSITORY_WHITELIST=npub1alice23 | ||
| 678 | |||
| 679 | # Accept specific repos only | ||
| 680 | NGIT_REPOSITORY_WHITELIST=npub1alice23/linux,npub1bob23/bitcoin-core | ||
| 681 | |||
| 682 | # Accept repos with specific identifiers | ||
| 683 | NGIT_REPOSITORY_WHITELIST=bitcoin-core,linux,rust | ||
| 684 | |||
| 685 | # Combined whitelist | ||
| 686 | NGIT_REPOSITORY_WHITELIST=npub1alice23...,npub1bob23.../linux,bitcoin-core | ||
| 687 | ``` | ||
| 688 | |||
| 689 | **Behavior:** | ||
| 690 | |||
| 691 | - When set: | ||
| 692 | - Announcements **must** list our service in both `clone` and `relays` tags (GRASP-01 requirement) | ||
| 693 | - Announcements **must** match the whitelist (pubkey, repo, or identifier) | ||
| 694 | - NIP-11 `curation` field set to: `"Accepts only whitelisted repositories and maintainers that list this service"` | ||
| 695 | - When empty (default): | ||
| 696 | - All announcements listing our service are accepted (standard GRASP-01 behavior) | ||
| 697 | |||
| 698 | **Error Conditions:** | ||
| 699 | |||
| 700 | ```bash | ||
| 701 | # ERROR: Cannot use with archive read-only mode | ||
| 702 | NGIT_ARCHIVE_READ_ONLY=true | ||
| 703 | NGIT_ARCHIVE_WHITELIST=npub1archive... | ||
| 704 | NGIT_REPOSITORY_WHITELIST=npub1bob... | ||
| 705 | # → Server fails to start: "NGIT_REPOSITORY_WHITELIST cannot be used with | ||
| 706 | # NGIT_ARCHIVE_READ_ONLY=true. Either set NGIT_ARCHIVE_READ_ONLY=false | ||
| 707 | # or use NGIT_ARCHIVE_WHITELIST instead" | ||
| 708 | ``` | ||
| 709 | |||
| 710 | **NIP-11 Impact:** | ||
| 711 | |||
| 712 | When `NGIT_REPOSITORY_WHITELIST` is set: | ||
| 713 | - `curation`: `"Accepts only whitelisted repositories and maintainers that list this service"` | ||
| 714 | - `supported_grasps`: Does **not** include `GRASP-05` (still GRASP-01 compliant) | ||
| 715 | |||
| 716 | **Use Cases:** | ||
| 717 | |||
| 718 | ```bash | ||
| 719 | # Curated relay for specific projects (GRASP-01 mode) | ||
| 720 | NGIT_REPOSITORY_WHITELIST=bitcoin-core,linux,rust | ||
| 721 | |||
| 722 | # Personal relay for self and trusted collaborators | ||
| 723 | NGIT_REPOSITORY_WHITELIST=npub1me...,npub1alice...,npub1bob... | ||
| 724 | |||
| 725 | # Project-specific relay (e.g., Rust ecosystem) | ||
| 726 | NGIT_REPOSITORY_WHITELIST=rust,cargo,rustc,tokio,serde | ||
| 727 | |||
| 728 | # Hybrid: specific projects AND specific maintainer's repos | ||
| 729 | NGIT_REPOSITORY_WHITELIST=bitcoin-core,npub1alice... | ||
| 730 | ``` | ||
| 731 | |||
| 732 | **Comparison Table:** | ||
| 733 | |||
| 734 | | Configuration | Lists Service? | Matches Whitelist? | Result | | ||
| 735 | |---------------|----------------|-------------------|---------| | ||
| 736 | | No whitelist | Yes | N/A | ✅ Accept (GRASP-01) | | ||
| 737 | | No whitelist | No | N/A | ❌ Reject | | ||
| 738 | | Repository whitelist | Yes | Yes | ✅ Accept (GRASP-01) | | ||
| 739 | | Repository whitelist | Yes | No | ❌ Reject (not whitelisted) | | ||
| 740 | | Repository whitelist | No | Yes | ❌ Reject (doesn't list service) | | ||
| 741 | | Archive whitelist (read-only=true) | No | Yes | ✅ Accept (GRASP-05) | | ||
| 742 | | Archive whitelist (read-only=false) | Yes | N/A | ✅ Accept (GRASP-01) | | ||
| 743 | | Archive whitelist (read-only=false) | No | Yes | ✅ Accept (GRASP-05) | | ||
| 744 | |||
| 745 | --- | ||
| 746 | |||
| 648 | ### Logging Configuration | 747 | ### Logging Configuration |
| 649 | 748 | ||
| 650 | #### `RUST_LOG` | 749 | #### `RUST_LOG` |