[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"project-79728":3},{"id":4,"name":5,"fullName":6,"owner":7,"repo":5,"description":8,"homepage":8,"htmlUrl":9,"language":10,"languages":8,"totalLinesOfCode":8,"stars":11,"forks":12,"watchers":13,"openIssues":14,"contributorsCount":8,"subscribersCount":15,"size":15,"stars1d":16,"stars7d":17,"stars30d":18,"stars90d":15,"forks30d":15,"starsTrendScore":19,"compositeScore":20,"rankGlobal":8,"rankLanguage":8,"license":8,"archived":21,"fork":21,"defaultBranch":22,"hasWiki":21,"hasPages":21,"topics":8,"createdAt":8,"pushedAt":8,"updatedAt":23,"readmeContent":24,"aiSummary":25,"trendingCount":15,"starSnapshotCount":15,"syncStatus":26,"lastSyncTime":27,"discoverSource":28},79728,"nostr-vpn","mmalmi\u002Fnostr-vpn","mmalmi",null,"https:\u002F\u002Fgithub.com\u002Fmmalmi\u002Fnostr-vpn","Rust",958,89,16,17,0,13,88,175,39,93.86,false,"main","2026-06-12 04:01:25","# nostr-vpn\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"icon.svg\" alt=\"nostr-vpn logo\" width=\"112\">\n\u003C\u002Fp>\n\n> Canonical repository: [git.iris.to](https:\u002F\u002Fgit.iris.to\u002F#\u002Fnpub1xdhnr9mrv47kkrn95k6cwecearydeh8e895990n3acntwvmgk2dsdeeycm\u002Fnostr-vpn) (`htree:\u002F\u002Fnpub1xdhnr9mrv47kkrn95k6cwecearydeh8e895990n3acntwvmgk2dsdeeycm\u002Fnostr-vpn`). GitHub is a [mirror](https:\u002F\u002Fgithub.com\u002Fmmalmi\u002Fnostr-vpn).\n\n`nostr-vpn` is a Tailscale-style private mesh VPN built around a [FIPS]-backed data plane. It includes the `nvpn` CLI\u002Fdaemon, a shared native app core, and native shells for desktop and mobile platforms.\n\n## Downloads\n\n- [Latest releases on git.iris.to](https:\u002F\u002Fgit.iris.to\u002F#\u002Fnpub1xdhnr9mrv47kkrn95k6cwecearydeh8e895990n3acntwvmgk2dsdeeycm\u002Fnostr-vpn?tab=releases)\n- [GitHub mirror releases](https:\u002F\u002Fgithub.com\u002Fmmalmi\u002Fnostr-vpn\u002Freleases\u002Flatest)\n- CLI from crates.io: `cargo install nvpn`\n- [iOS TestFlight beta](https:\u002F\u002Ftestflight.apple.com\u002Fjoin\u002FjPRVxbSv) exists, but public access is not live yet\n\nRelease artifacts currently cover native Apple Silicon macOS, Linux x64, Windows x64, Android arm64, and headless CLI archives for Apple Silicon macOS, Windows x64, Linux x86_64, and Linux arm64. Intel macOS is source-only for now.\n\n## Quick Start\n\n```bash\ncargo install nvpn\nnvpn init\nnvpn create-invite\nnvpn import-invite 'nvpn:\u002F\u002Finvite\u002F...'\nnvpn start --connect\n```\n\nFor the background daemon flow used by desktop apps:\n\n```bash\nnvpn start --daemon --connect\nnvpn status\nnvpn stop\n```\n\nFor persistent startup:\n\n```bash\nsudo nvpn service install\nnvpn service status\n```\n\nOn Windows, run `nvpn service install` from an elevated shell instead of using `sudo`.\n\n## Native Apps\n\nThe native apps share the Rust app-core state\u002Faction contract and use platform shells for macOS, Linux, Windows, Android, and iOS.\n\n```bash\njust build\njust run\n```\n\nUse `just run-macos` or `just run-linux` when you want a specific desktop target.\n\n\u003Cp align=\"center\">\n  \u003Cimg src=\"docs\u002Fimages\u002Fdesktop-gui-overview.png\" alt=\"Nostr VPN desktop app showing a connected Home Mesh network, device status badges, and join request controls.\" width=\"900\">\n\u003C\u002Fp>\n\n## What Works Today\n\n- Generates Nostr identity keys automatically\n- Shares networks through invites and roster\u002Fadmin sync\n- Stores multiple named networks with one active network at a time\n- Brings up [FIPS] private mesh tunnels for private network traffic\n- Routes private traffic directly when possible and through [FIPS] neighbors when direct UDP is blocked\n- Supports MagicDNS, route advertisement, exit-node selection, and WireGuard upstream egress\n- Exposes native desktop apps, JSON status, network diagnostics, doctor bundles, desktop updates, and Linux-focused Docker e2e coverage\n\n## Platform Status\n\n| Platform | Status |\n| --- | --- |\n| Apple Silicon macOS | Native SwiftUI\u002FAppKit app, CLI tarball, signed\u002Fnotarized release artifacts when credentials are configured |\n| Linux x64 | Native GTK\u002Flibadwaita app, `.deb`, CLI tarballs, Docker e2e coverage |\n| Windows x64 | Native WPF app, installer, CLI zip, WinTun tunnel path |\n| Android arm64 | Native app-core UI, signed APK\u002FAAB artifacts when signing is configured, VPN runtime still being hardened |\n| iOS | Native SwiftUI app and NetworkExtension target build from source and simulator; public TestFlight access is pending |\n| Umbrel \u002F StartOS | Web control panels and service packages |\n| Intel macOS | Source-only |\n\n## Further Reading\n\n- [Protocol](docs\u002Fprotocol.md): invites, admin roster sync, and the [FIPS] mesh data plane\n- [Experiments](docs\u002FEXPERIMENTS.md): current benchmark notes\n- [Native UI parity matrix](docs\u002Fnative-ui-parity-matrix.md): native app rewrite status\n- [Contributing](CONTRIBUTING.md): maintainer commands and package notes\n- [Changelog](CHANGELOG.md): release history\n\n## Maintainer Notes\n\nThis section is intentionally compact and command-oriented. Keep user-facing product detail above; keep agent\u002Foperator reference material here.\n\n### Config Model\n\n`nvpn init` creates the config and keys automatically. By default, config lives in the OS app config directory:\n\n- Linux: `~\u002F.config\u002Fnvpn\u002Fconfig.toml`\n- macOS: `~\u002FLibrary\u002FApplication Support\u002Fnvpn\u002Fconfig.toml`\n- Fallback when no config dir is available: `.\u002Fnvpn.toml`\n\nThe config contains global app settings, Nostr relay\u002Fidentity settings, NAT settings, node settings, and a `[[networks]]` list. Each network has its own stable `network_id`; only the active network participates in the live runtime.\n\n### Validation\n\nNormal Rust gate:\n\n```bash\ncargo fmt --check\ncargo clippy --workspace --all-targets -- -D warnings\ncargo test --workspace\n```\n\nRelease gate before version bumps and tags:\n\n```bash\njust release-gate\n```\n\nUseful focused checks:\n\n```bash\npnpm --dir web\u002Fcontrol-panel check\n( cd linux && cargo check )\ndotnet build windows\\NostrVpn.Windows\\NostrVpn.Windows.csproj -p:EnableWindowsTargeting=true\n```\n\nRun the Windows build on the configured Windows dev VM when local `dotnet` is unavailable.\n\n### Packages and E2E\n\n- StartOS package: [`startos`](startos)\n- Umbrel package: [`umbrel`](umbrel)\n- Umbrel local web check:\n\n```bash\ndocker compose -f umbrel\u002Fdocker-compose.local.yml up --build\njust e2e-umbrel-web\n```\n\nFocused security regression kit:\n\n```bash\njust security-regressions\n```\n\nDocker e2e and desktop updater scripts live under [`scripts`](scripts). The most common entrypoints are `scripts\u002Fe2e-docker.sh`, `scripts\u002Fe2e-fips-routed-udp-docker.sh`, `scripts\u002Fe2e-fips-nat-safe-mtu-docker.sh`, `scripts\u002Fe2e-wireguard-exit-docker.sh`, and `scripts\u002Fe2e-update-desktop.sh`.\n\n### Release\n\n1. Move `CHANGELOG.md` from `## Unreleased` to `## X.Y.Z - YYYY-MM-DD`.\n2. Bump the root `[workspace.package].version` in `Cargo.toml`.\n3. Run `node scripts\u002Fsync-versions.mjs` and verify with `node scripts\u002Fsync-versions.mjs --check`.\n4. Run `just release-gate`.\n5. Commit, create `git tag vX.Y.Z`, push the tag to `github`, and push `master` to both `github` and htree `origin`.\n6. Watch `.github\u002Fworkflows\u002Frelease.yml`.\n\nFor local artifact staging, use:\n\n```bash\ncp .env.release.example .env.release.local\n$EDITOR .env.release.local\njust release-publish\n```\n\n### Workspace Layout\n\n- [`crates\u002Fnostr-vpn-cli`](crates\u002Fnostr-vpn-cli): `nvpn` CLI and daemon implementation\n- [`crates\u002Fnostr-vpn-core`](crates\u002Fnostr-vpn-core): config, [FIPS] control state, diagnostics, MagicDNS, and NAT helpers\n- [`crates\u002Fnostr-vpn-app-core`](crates\u002Fnostr-vpn-app-core): native app state\u002Faction contract and UniFFI bridge\n- [`macos`](macos), [`linux`](linux), [`windows`](windows), [`android`](android), [`ios`](ios): native platform shells\n- [`umbrel`](umbrel), [`startos`](startos): packaged service\u002Fweb-control-panel targets\n- [`scripts`](scripts): build, release, Docker e2e, and desktop updater entrypoints\n\n[FIPS]: https:\u002F\u002Fgithub.com\u002Fjmcorgan\u002Ffips\n","nostr-vpn 是一个基于 FIPS 支持的数据平面构建的私有网格 VPN 项目，风格类似于 Tailscale。它提供了 `nvpn` 命令行工具\u002F守护进程、共享的原生应用核心以及针对桌面和移动平台的原生外壳。该项目支持生成 Nostr 身份密钥、通过邀请和同步来分享网络、存储多个命名网络（一次仅激活一个）、建立 FIPS 私有网格隧道以传输私人网络流量，并且在直接 UDP 连接被阻止时可以通过 FIPS 邻居路由流量。此外，还支持 MagicDNS、路由通告、出口节点选择等功能。适用于需要安全、灵活的点对点连接解决方案的场景，如企业内部网络或个人隐私保护等。",2,"2026-06-11 03:58:15","trending"]