c-relay/systemd/README.md

# C Nostr Relay - SystemD Deployment

This directory contains files for deploying the C Nostr Relay as a systemd service with the new **Event-Based Configuration System**.

## Overview

The C Nostr Relay now uses a revolutionary **zero-configuration** approach where all configuration is stored as Nostr events (kind 33334) in the database. No configuration files or command line arguments are needed.

## Files

- **`c-relay.service`** - SystemD service unit file
- **`install-service.sh`** - Automated installation script  
- **`uninstall-service.sh`** - Automated uninstall script
- **`README.md`** - This documentation

## Quick Installation

1. **Build the project:**
   ```bash
   make clean && make
   ```

2. **Install as systemd service:**
   ```bash
   sudo systemd/install-service.sh
   ```

3. **Start the service:**
   ```bash
   sudo systemctl start c-relay
   ```

4. **Check admin keys (IMPORTANT!):**
   ```bash
   sudo journalctl -u c-relay --since="1 hour ago" | grep "Admin Private Key"
   ```

## Event-Based Configuration System

### How It Works

- **Zero Configuration:** No config files or command line arguments needed
- **First-Time Startup:** Automatically generates admin and relay keypairs
- **Database Naming:** Creates database as `<relay_pubkey>.nrdb`
- **Configuration Storage:** All settings stored as kind 33334 Nostr events
- **Real-Time Updates:** Configuration changes applied instantly via WebSocket

### First Startup

On first startup, the relay will:

1. Generate cryptographically secure admin and relay keypairs
2. Create database file named with relay pubkey: `<relay_pubkey>.nrdb`
3. Create initial configuration event (kind 33334) with default values
4. Display admin private key **once** in the logs
5. Start WebSocket server listening on port 8888

### Admin Keys

⚠️ **CRITICAL:** Save the admin private key displayed during first startup!

```bash
# View first startup logs to get admin private key
sudo journalctl -u c-relay --since="1 hour ago" | grep -A 5 "IMPORTANT: SAVE THIS ADMIN PRIVATE KEY"
```

The admin private key is needed to update relay configuration by sending signed kind 33334 events.

## Configuration Management

### Viewing Current Configuration

```bash
# Find the database file
ls /opt/c-relay/*.nrdb

# View configuration event
sqlite3 /opt/c-relay/<relay_pubkey>.nrdb "SELECT content, tags FROM events WHERE kind = 33334;"
```

### Updating Configuration

Send a new kind 33334 event to the relay via WebSocket:

1. Create new configuration event with updated values
2. Sign with admin private key
3. Send via WebSocket to relay
4. Relay automatically applies changes to running system

## Service Management

### Basic Commands

```bash
# Start service
sudo systemctl start c-relay

# Stop service  
sudo systemctl stop c-relay

# Restart service
sudo systemctl restart c-relay

# Enable auto-start on boot
sudo systemctl enable c-relay

# Check status
sudo systemctl status c-relay

# View logs (live)
sudo journalctl -u c-relay -f

# View recent logs
sudo journalctl -u c-relay --since="1 hour ago"
```

### Log Analysis

```bash
# Check for successful startup
sudo journalctl -u c-relay | grep "First-time startup sequence completed"

# Find admin keys
sudo journalctl -u c-relay | grep "Admin Private Key"

# Check configuration updates  
sudo journalctl -u c-relay | grep "Configuration updated via kind 33334"

# Monitor real-time activity
sudo journalctl -u c-relay -f | grep -E "(INFO|SUCCESS|ERROR)"
```

## File Locations

After installation:

- **Binary:** `/opt/c-relay/c_relay_x86`
- **Database:** `/opt/c-relay/<relay_pubkey>.nrdb` (created automatically)
- **Service File:** `/etc/systemd/system/c-relay.service`
- **User:** `c-relay` (system user created automatically)

## Security Features

The systemd service includes security hardening:

- Runs as dedicated system user `c-relay`
- `NoNewPrivileges=true`
- `ProtectSystem=strict`  
- `ProtectHome=true`
- `PrivateTmp=true`
- Limited address families (IPv4/IPv6 only)
- Resource limits (file descriptors, processes)

## Network Configuration

- **Default Port:** 8888 (WebSocket)
- **Protocol:** WebSocket with Nostr message format
- **Configuration:** Port configurable via kind 33334 events (no restart needed)

## Backup and Migration

### Backup

The database file contains everything:

```bash
# Backup database file
sudo cp /opt/c-relay/*.nrdb /backup/location/

# The .nrdb file contains:
# - All Nostr events
# - Configuration events (kind 33334)  
# - Relay keys and settings
```

### Migration

To migrate to new server:

1. Copy `.nrdb` file to new server's `/opt/c-relay/` directory
2. Install service with `install-service.sh`
3. Start service - it will automatically detect existing configuration

## Troubleshooting

### Service Won't Start

```bash
# Check service status
sudo systemctl status c-relay

# Check logs for errors
sudo journalctl -u c-relay --no-pager

# Check if binary exists and is executable
ls -la /opt/c-relay/c_relay_x86

# Check permissions
sudo -u c-relay ls -la /opt/c-relay/
```

### Database Issues

```bash
# Check if database file exists
ls -la /opt/c-relay/*.nrdb*

# Check database integrity
sqlite3 /opt/c-relay/*.nrdb "PRAGMA integrity_check;"

# View database schema
sqlite3 /opt/c-relay/*.nrdb ".schema"
```

### Configuration Issues

```bash
# Check if configuration event exists
sqlite3 /opt/c-relay/*.nrdb "SELECT COUNT(*) FROM events WHERE kind = 33334;"

# View configuration event
sqlite3 /opt/c-relay/*.nrdb "SELECT id, created_at, LENGTH(tags) FROM events WHERE kind = 33334;"
```

## Uninstallation

```bash
sudo systemd/uninstall-service.sh
```

The uninstall script will:
- Stop and disable the service
- Remove service file
- Optionally remove installation directory and data
- Optionally remove service user

## Support

For issues with the event-based configuration system:

1. Check service logs: `sudo journalctl -u c-relay -f`
2. Verify database integrity
3. Ensure admin private key is saved securely
4. Check WebSocket connectivity on port 8888

The relay is designed to be zero-maintenance once deployed. All configuration is managed through Nostr events, enabling dynamic updates without server access.