Context
tests/oprf-unlock.nix (added in #10) stands up the Nostr coordination relay with services.nostr-rs-relay over plain ws:// (hence the KEEP_ALLOW_WS=1 in the test). That was an expedience choice: nostr-rs-relay ships a nixpkgs module, so it was the fastest path to a green test. The relay there is just a swappable coordination stand-in.
Wisp is privkey's own Nostr relay, and crucially it supports NIP-42 auth and rate limiting ([auth] / [rate_limits]).
Why this matters (beyond dogfooding)
nixos/frost-gate.nix documents the M1 security requirement explicitly: the "no single box can decrypt" property holds only once the external relay authenticates + throttles unlock requests and the box is bound by a real measured-boot PCR policy. nostr-rs-relay cannot exercise that authenticated/throttled path; Wisp can. So switching the test relay to Wisp is both:
- dogfooding the relay the appliance should actually ship/recommend, and
- the path to testing the security-meaningful relay behavior (authenticated, rate-limited unlock requests) rather than a plain unauthenticated
ws:// stand-in.
Scope
- Add Wisp as a flake input; replace the relay node's
services.nostr-rs-relay with services.wisp.
- Enable NIP-42 auth + rate limiting on the relay node and extend
tests/oprf-unlock.nix to exercise the authenticated path (move off plain ws:///KEEP_ALLOW_WS=1 where feasible).
Blocked by
Context
tests/oprf-unlock.nix(added in #10) stands up the Nostr coordination relay withservices.nostr-rs-relayover plainws://(hence theKEEP_ALLOW_WS=1in the test). That was an expedience choice:nostr-rs-relayships a nixpkgs module, so it was the fastest path to a green test. The relay there is just a swappable coordination stand-in.Wisp is privkey's own Nostr relay, and crucially it supports NIP-42 auth and rate limiting (
[auth]/[rate_limits]).Why this matters (beyond dogfooding)
nixos/frost-gate.nixdocuments the M1 security requirement explicitly: the "no single box can decrypt" property holds only once the external relay authenticates + throttles unlock requests and the box is bound by a real measured-boot PCR policy.nostr-rs-relaycannot exercise that authenticated/throttled path; Wisp can. So switching the test relay to Wisp is both:ws://stand-in.Scope
services.nostr-rs-relaywithservices.wisp.tests/oprf-unlock.nixto exercise the authenticated path (move off plainws:///KEEP_ALLOW_WS=1where feasible).Blocked by
services.wispNixOS module before it can be consumed here).