v0.2.11 - Picky shit

systemd/README.md

@@ -0,0 +1,217 @@
+# C-Relay Systemd Service
+
+This directory contains files for running C-Relay as a Linux systemd service.
+
+## Files
+
+- **`c-relay.service`** - Systemd service unit file
+- **`install-systemd.sh`** - Installation script (run as root)
+- **`uninstall-systemd.sh`** - Uninstallation script (run as root)
+- **`README.md`** - This documentation file
+
+## Quick Start
+
+### 1. Build the relay
+```bash
+# From the project root directory
+make
+```
+
+### 2. Install as systemd service
+```bash
+# Run the installation script as root
+sudo ./systemd/install-systemd.sh
+```
+
+### 3. Start the service
+```bash
+sudo systemctl start c-relay
+```
+
+### 4. Check status
+```bash
+sudo systemctl status c-relay
+```
+
+## Service Details
+
+### Installation Location
+- **Binary**: `/opt/c-relay/c_relay_x86`
+- **Database**: `/opt/c-relay/db/`
+- **Service File**: `/etc/systemd/system/c-relay.service`
+
+### User Account
+- **User**: `c-relay` (system user, no shell access)
+- **Group**: `c-relay`
+- **Home Directory**: `/opt/c-relay`
+
+### Network Configuration
+- **Default Port**: 8888
+- **Default Host**: 127.0.0.1 (localhost only)
+- **WebSocket Endpoint**: `ws://127.0.0.1:8888`
+
+## Configuration
+
+### Environment Variables
+Edit `/etc/systemd/system/c-relay.service` to configure:
+
+```ini
+Environment=C_RELAY_CONFIG_PRIVKEY=your_private_key_here
+Environment=C_RELAY_PORT=8888
+Environment=C_RELAY_HOST=0.0.0.0
+```
+
+After editing, reload and restart:
+```bash
+sudo systemctl daemon-reload
+sudo systemctl restart c-relay
+```
+
+### Security Settings
+The service runs with enhanced security:
+- Runs as unprivileged `c-relay` user
+- No new privileges allowed
+- Protected system directories
+- Private temporary directory
+- Limited file access (only `/opt/c-relay/db` writable)
+- Network restrictions to IPv4/IPv6 only
+
+## Service Management
+
+### Basic Commands
+```bash
+# Start service
+sudo systemctl start c-relay
+
+# Stop service
+sudo systemctl stop c-relay
+
+# Restart service
+sudo systemctl restart c-relay
+
+# Enable auto-start on boot
+sudo systemctl enable c-relay
+
+# Disable auto-start on boot
+sudo systemctl disable c-relay
+
+# Check service status
+sudo systemctl status c-relay
+
+# View logs (live)
+sudo journalctl -u c-relay -f
+
+# View logs (last 100 lines)
+sudo journalctl -u c-relay -n 100
+```
+
+### Log Management
+Logs are handled by systemd's journal:
+```bash
+# View all logs
+sudo journalctl -u c-relay
+
+# View logs from today
+sudo journalctl -u c-relay --since today
+
+# View logs with timestamps
+sudo journalctl -u c-relay --since "1 hour ago" --no-pager
+```
+
+## Database Management
+
+The database is automatically created on first run. Location: `/opt/c-relay/db/c_nostr_relay.db`
+
+### Backup Database
+```bash
+sudo cp /opt/c-relay/db/c_nostr_relay.db /opt/c-relay/db/backup-$(date +%Y%m%d).db
+```
+
+### Reset Database
+```bash
+sudo systemctl stop c-relay
+sudo rm /opt/c-relay/db/c_nostr_relay.db*
+sudo systemctl start c-relay
+```
+
+## Updating the Service
+
+### Update Binary
+1. Build new version: `make`
+2. Stop service: `sudo systemctl stop c-relay`
+3. Replace binary: `sudo cp build/c_relay_x86 /opt/c-relay/`
+4. Set permissions: `sudo chown c-relay:c-relay /opt/c-relay/c_relay_x86`
+5. Start service: `sudo systemctl start c-relay`
+
+### Update Service File
+1. Stop service: `sudo systemctl stop c-relay`
+2. Copy new service file: `sudo cp systemd/c-relay.service /etc/systemd/system/`
+3. Reload systemd: `sudo systemctl daemon-reload`
+4. Start service: `sudo systemctl start c-relay`
+
+## Uninstallation
+
+Run the uninstall script to completely remove the service:
+```bash
+sudo ./systemd/uninstall-systemd.sh
+```
+
+This will:
+- Stop and disable the service
+- Remove the systemd service file
+- Optionally remove the installation directory
+- Optionally remove the `c-relay` user account
+
+## Troubleshooting
+
+### Service Won't Start
+```bash
+# Check detailed status
+sudo systemctl status c-relay -l
+
+# Check logs for errors
+sudo journalctl -u c-relay --no-pager -l
+```
+
+### Permission Issues
+```bash
+# Fix ownership of installation directory
+sudo chown -R c-relay:c-relay /opt/c-relay
+
+# Ensure binary is executable
+sudo chmod +x /opt/c-relay/c_relay_x86
+```
+
+### Port Already in Use
+```bash
+# Check what's using port 8888
+sudo netstat -tulpn | grep :8888
+
+# Or with ss command
+sudo ss -tulpn | grep :8888
+```
+
+### Database Issues
+```bash
+# Check database file permissions
+ls -la /opt/c-relay/db/
+
+# Check database integrity
+sudo -u c-relay sqlite3 /opt/c-relay/db/c_nostr_relay.db "PRAGMA integrity_check;"
+```
+
+## Custom Configuration
+
+For advanced configurations, you can:
+1. Modify the service file for different ports or settings
+2. Use environment files: `/etc/systemd/system/c-relay.service.d/override.conf`
+3. Configure log rotation with journald settings
+4. Set up reverse proxy (nginx/apache) for HTTPS support
+
+## Security Considerations
+
+- The service runs as a non-root user with minimal privileges
+- Database directory is only writable by the c-relay user
+- Consider firewall rules for the relay port
+- For internet-facing relays, use reverse proxy with SSL/TLS
+- Monitor logs for suspicious activity

systemd/c-relay.service

@@ -0,0 +1,43 @@
+[Unit]
+Description=C Nostr Relay Server
+Documentation=https://github.com/your-repo/c-relay
+After=network.target
+Wants=network-online.target
+
+[Service]
+Type=simple
+User=c-relay
+Group=c-relay
+WorkingDirectory=/opt/c-relay
+ExecStart=/opt/c-relay/c_relay_x86
+Restart=always
+RestartSec=5
+StandardOutput=journal
+StandardError=journal
+SyslogIdentifier=c-relay
+
+# Security settings
+NoNewPrivileges=true
+ProtectSystem=strict
+ProtectHome=true
+ReadWritePaths=/opt/c-relay/db
+PrivateTmp=true
+ProtectKernelTunables=true
+ProtectKernelModules=true
+ProtectControlGroups=true
+
+# Network security
+PrivateNetwork=false
+RestrictAddressFamilies=AF_INET AF_INET6
+
+# Resource limits
+LimitNOFILE=65536
+LimitNPROC=4096
+
+# Environment variables (optional)
+Environment=C_RELAY_CONFIG_PRIVKEY=
+Environment=C_RELAY_PORT=8888
+Environment=C_RELAY_HOST=127.0.0.1
+
+[Install]
+WantedBy=multi-user.target

systemd/install-systemd.sh

@@ -0,0 +1,92 @@
+#!/bin/bash
+
+# C-Relay Systemd Service Installation Script
+# This script installs the C-Relay as a systemd service
+
+set -e
+
+# Configuration
+INSTALL_DIR="/opt/c-relay"
+SERVICE_NAME="c-relay"
+SERVICE_FILE="c-relay.service"
+BINARY_NAME="c_relay_x86"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo -e "${GREEN}=== C-Relay Systemd Service Installation ===${NC}"
+
+# Check if running as root
+if [[ $EUID -ne 0 ]]; then
+   echo -e "${RED}Error: This script must be run as root${NC}"
+   echo "Usage: sudo ./install-systemd.sh"
+   exit 1
+fi
+
+# Check if binary exists (script is in systemd/ subdirectory)
+if [ ! -f "../build/$BINARY_NAME" ]; then
+    echo -e "${RED}Error: Binary ../build/$BINARY_NAME not found${NC}"
+    echo "Please run 'make' from the project root directory first"
+    exit 1
+fi
+
+# Check if service file exists
+if [ ! -f "$SERVICE_FILE" ]; then
+    echo -e "${RED}Error: Service file $SERVICE_FILE not found${NC}"
+    exit 1
+fi
+
+# Create c-relay user if it doesn't exist
+if ! id "c-relay" &>/dev/null; then
+    echo -e "${YELLOW}Creating c-relay user...${NC}"
+    useradd --system --shell /bin/false --home-dir $INSTALL_DIR --create-home c-relay
+else
+    echo -e "${GREEN}User c-relay already exists${NC}"
+fi
+
+# Create installation directory
+echo -e "${YELLOW}Creating installation directory...${NC}"
+mkdir -p $INSTALL_DIR
+mkdir -p $INSTALL_DIR/db
+
+# Copy binary
+echo -e "${YELLOW}Installing binary...${NC}"
+cp ../build/$BINARY_NAME $INSTALL_DIR/
+chmod +x $INSTALL_DIR/$BINARY_NAME
+
+# Set permissions
+echo -e "${YELLOW}Setting permissions...${NC}"
+chown -R c-relay:c-relay $INSTALL_DIR
+
+# Install systemd service
+echo -e "${YELLOW}Installing systemd service...${NC}"
+cp $SERVICE_FILE /etc/systemd/system/
+systemctl daemon-reload
+
+# Enable service
+echo -e "${YELLOW}Enabling service...${NC}"
+systemctl enable $SERVICE_NAME
+
+echo -e "${GREEN}=== Installation Complete ===${NC}"
+echo
+echo -e "${GREEN}Next steps:${NC}"
+echo "1. Configure environment variables in /etc/systemd/system/$SERVICE_FILE if needed"
+echo "2. Start the service: sudo systemctl start $SERVICE_NAME"
+echo "3. Check status: sudo systemctl status $SERVICE_NAME"
+echo "4. View logs: sudo journalctl -u $SERVICE_NAME -f"
+echo
+echo -e "${GREEN}Service commands:${NC}"
+echo "  Start:   sudo systemctl start $SERVICE_NAME"
+echo "  Stop:    sudo systemctl stop $SERVICE_NAME"
+echo "  Restart: sudo systemctl restart $SERVICE_NAME"
+echo "  Status:  sudo systemctl status $SERVICE_NAME"
+echo "  Logs:    sudo journalctl -u $SERVICE_NAME"
+echo
+echo -e "${GREEN}Installation directory: $INSTALL_DIR${NC}"
+echo -e "${GREEN}Service file: /etc/systemd/system/$SERVICE_FILE${NC}"
+echo
+echo -e "${YELLOW}Note: The relay will run on port 8888 by default${NC}"
+echo -e "${YELLOW}Database will be created automatically in $INSTALL_DIR/db/${NC}"

systemd/uninstall-systemd.sh

@@ -0,0 +1,86 @@
+#!/bin/bash
+
+# C-Relay Systemd Service Uninstallation Script
+# This script removes the C-Relay systemd service
+
+set -e
+
+# Configuration
+INSTALL_DIR="/opt/c-relay"
+SERVICE_NAME="c-relay"
+SERVICE_FILE="c-relay.service"
+
+# Colors for output
+RED='\033[0;31m'
+GREEN='\033[0;32m'
+YELLOW='\033[1;33m'
+NC='\033[0m' # No Color
+
+echo -e "${GREEN}=== C-Relay Systemd Service Uninstallation ===${NC}"
+
+# Check if running as root
+if [[ $EUID -ne 0 ]]; then
+   echo -e "${RED}Error: This script must be run as root${NC}"
+   echo "Usage: sudo ./uninstall-systemd.sh"
+   exit 1
+fi
+
+# Stop service if running
+echo -e "${YELLOW}Stopping service...${NC}"
+if systemctl is-active --quiet $SERVICE_NAME; then
+    systemctl stop $SERVICE_NAME
+    echo -e "${GREEN}Service stopped${NC}"
+else
+    echo -e "${GREEN}Service was not running${NC}"
+fi
+
+# Disable service if enabled
+echo -e "${YELLOW}Disabling service...${NC}"
+if systemctl is-enabled --quiet $SERVICE_NAME; then
+    systemctl disable $SERVICE_NAME
+    echo -e "${GREEN}Service disabled${NC}"
+else
+    echo -e "${GREEN}Service was not enabled${NC}"
+fi
+
+# Remove systemd service file
+echo -e "${YELLOW}Removing service file...${NC}"
+if [ -f "/etc/systemd/system/$SERVICE_FILE" ]; then
+    rm /etc/systemd/system/$SERVICE_FILE
+    systemctl daemon-reload
+    echo -e "${GREEN}Service file removed${NC}"
+else
+    echo -e "${GREEN}Service file was not found${NC}"
+fi
+
+# Ask about removing installation directory
+echo
+echo -e "${YELLOW}Do you want to remove the installation directory $INSTALL_DIR? (y/N)${NC}"
+read -r response
+if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+    echo -e "${YELLOW}Removing installation directory...${NC}"
+    rm -rf $INSTALL_DIR
+    echo -e "${GREEN}Installation directory removed${NC}"
+else
+    echo -e "${GREEN}Installation directory preserved${NC}"
+fi
+
+# Ask about removing c-relay user
+echo
+echo -e "${YELLOW}Do you want to remove the c-relay user? (y/N)${NC}"
+read -r response
+if [[ "$response" =~ ^([yY][eE][sS]|[yY])$ ]]; then
+    echo -e "${YELLOW}Removing c-relay user...${NC}"
+    if id "c-relay" &>/dev/null; then
+        userdel c-relay
+        echo -e "${GREEN}User c-relay removed${NC}"
+    else
+        echo -e "${GREEN}User c-relay was not found${NC}"
+    fi
+else
+    echo -e "${GREEN}User c-relay preserved${NC}"
+fi
+
+echo
+echo -e "${GREEN}=== Uninstallation Complete ===${NC}"
+echo -e "${GREEN}C-Relay systemd service has been removed${NC}"