This relay software specializes in providing a Nostr relay with access to keys derived from a master key. Any keys which are not derived from the master key will be rejected for write events. Optional: Allow nostr.json from a domain to allow additional keys to have read/write access to the relay. This Relay is based on the khatru library framework.
This relay implements Hierarchical Deterministic (HD) key authorization using BIP-32/BIP-44-style derivation. It validates incoming keys for event write/read and Blossom uploads against a configured HD master.
Key implementation files
keyderivation/hdkey.gomain.go(authorization logic inRejectEvent,RejectFilter, and BlossomRejectUpload)
Master key configuration
- Exactly one of the following must be set in
.env(validated inLoadConfig()):RELAY_MNEMONIC— BIP-39 mnemonicRELAY_SEED_HEX— hex-encoded 32-byte seed
- The relay initializes the HD master in
initDeriver()and keeps the deriver in a globalderiverfor access checks.
Derivation scheme
- Nostr BIP44 coin type
1237, path:m/44'/1237'/0'/0/index44'— BIP44 purpose1237'— Nostr coin type0'— account 00— external chainindex— address index (non-hardened), starting at 0
Implemented in keyderivation/hdkey.go
NewNostrKeyDeriver(...)— builds a deriver from mnemonic or seedDeriveKeyBIP32(index)— derives a key pair at the path aboveGetMasterKeyPair()— returns the root (master) key
- Key Derivation (Nostr HD Keys): see
examples/keyderivation/— README
Settings can be customized in .env.example:
- Specify Relay Master as Mnemonic or seed hex. Also can specify max derivation index.
- Optional: Restrict Read to only derived keys
- Optional: Team domain - to allow pubkeys in nostr.json
- Blossom
- added read and write timeouts
- prevent slow header attacks, max header size
- max size upload
- added /mirror endpoint to allow for syncing content with other relays
- added /list endpoint to allow for listing content for a specific user
- Relay Kinds - add support to limit kinds allowed, kinds specified in .env file
- Frontend
- added front page with relay and blossom information
- Prerequisites
- Setting Environment Variables
- Compiling the Application
- Running the Application as a Service
- A Linux-based operating system
- Go installed on your system
- A Webserver (like nginx) if blossom is enabled
-
Create a
.envfile in the root directory of your project. -
Add your environment variables to the
.envfile. For example:RELAY_NAME="Higher" RELAY_PUBKEY="72e2d6ea......." RELAY_DESCRIPTION="Nostr Relay for Hierarchical determinstic keys" DB_ENGINE="lmdb" # lmdb, badger, postgres DB_PATH="db/" # only needed for lmdb, badger
POSTGRES_USER=higher
POSTGRES_PASSWORD=password
POSTGRES_DB=relay
POSTGRES_HOST=localhost
POSTGRES_PORT=5437
TEAM_DOMAIN="higher.bitkarrot.co"
BLOSSOM_ENABLED="true"
BLOSSOM_PATH="blossom/"
BLOSSOM_URL="http://localhost:3334"
```
-
Clone the repository:
git clone https://github.com/bitkarrot/higher.git cd higher -
Build the application:
go build -o higher-relay
-
Create a systemd service file:
sudo nano /etc/systemd/system/higher-relay.service
-
Add the following content to the service file: (update paths and usernames as needed)
[Unit] Description=Higher Relay After=network.target [Service] ExecStart=/path/to/yourappname WorkingDirectory=/path/to/higher-relay EnvironmentFile=/path/to/higher-relay/.env Restart=always User=ubuntu [Install] WantedBy=multi-user.target
-
Reload the systemd daemon:
sudo systemctl daemon-reload
-
Enable and start the service:
sudo systemctl enable higher-relay sudo systemctl start higher-relay -
Check the status of the service:
sudo systemctl status higher-relay
Your relay will be running at localhost:3334. Feel free to serve it with nginx or any other reverse proxy.