nymstr-groupd is a group chat server built on the Nym mixnet, providing privacy-preserving group messaging. It handles group creation and management, encrypted messaging, and real-time delivery over mixnet and Redis.
- Anonymous Messaging: Clients connect to the Nym mixnet for privacy-preserving message transport.
- Group Management: Create public/private groups, join public groups, invite and approve members for private groups.
- Encrypted & Signed Messages: End-to-end encrypted and signed messages ensure confidentiality and integrity.
- Persistent Metadata: SQLite database for users, groups, memberships, and invites.
- Real-time Delivery: Redis Pub/Sub to broadcast messages to group members.
- Configurable Storage & Logging: Easy environment-based configuration for logs, database, keys, and Nym SDK storage.
- Rust toolchain (Rust 1.70+)
- SQLite
- Redis server
- OpenSSL (for cryptographic operations)
git clone https://github.com/your_org/nymstr-groupd.git
cd nymstr-groupd
cargo build --releaseConfigure the server via environment variables. The following variables are supported:
| Variable | Default | Description |
|---|---|---|
LOG_FILE_PATH |
logs/groupd.log |
Path to the log file (directories will be created) |
DATABASE_PATH |
storage/groupd.db |
Path to the SQLite database |
KEYS_DIR |
storage/keys |
Directory for storing encrypted key pairs |
SECRET_PATH |
secrets/encryption_password |
File containing the encryption password |
NYM_CLIENT_ID |
groupd |
Nym mixnet client identifier |
NYM_SDK_STORAGE |
storage/<NYM_CLIENT_ID> |
Directory for Nym SDK storage |
REDIS_URL |
redis://127.0.0.1/ |
Redis connection URL |
Copy the example environment file and export all variables:
cp .env.example .env
export $(grep -v '^\s*#' .env | xargs)Before starting, initialize the encryption password file:
mkdir -p "$(dirname "${SECRET_PATH:-secrets/encryption_password}")"
echo "YOUR_ENCRYPTION_PASSWORD" > "${SECRET_PATH:-secrets/encryption_password}"
# On first run the server will auto-generate its ECDSA keypair for signing replies
#+ using $KEYS_DIR/${NYM_CLIENT_ID}_*.pemcargo run --releaseThe server will:
- Load environment variables from the environment
- Initialize logging to console and file
- Set up SQLite database and tables
- Prepare cryptographic key storage
- Connect to the Nym mixnet using
nym-sdk - Subscribe to Redis channels for group pub/sub
An example CLI client is provided in examples/client.rs. It uses the Nym mixnet to send JSON actions to the server and print incoming messages.
# after exporting environment variables (see Quick start)
cargo run --example client -- <server_nym_address>Clients communicate with the server by sending JSON messages over the Nym mixnet. Each message must include an "action" field. Below are the supported actions:
Subscribe to group channels for message delivery.
{ "action": "connect" }Create a new group.
{
"action": "createGroup",
"groupName": "My Group",
"isPublic": true,
"isDiscoverable": false
}Response: createGroupResponse with groupId.
Join a public group.
{
"action": "joinGroup",
"groupId": "<UUID>"
}Response: joinGroupResponse with status.
Invite a user to a private group (admin only).
{
"action": "inviteGroup",
"groupId": "<UUID>",
"username": "alice"
}Response: inviteGroupResponse with status.
Approve an invited user to join (admin only).
{
"action": "approveGroup",
"groupId": "<UUID>",
"username": "alice"
}Response: approveGroupResponse with status.
Send an encrypted message to group members.
{
"action": "sendGroup",
"groupId": "<UUID>",
"ciphertext": "<encrypted_payload>"
}Response: sendGroupResponse with status.
Logging is provided by [fern] with colored output in the console and timestamped entries in the log file (see LOG_FILE_PATH).
Database schema is defined in src/db_utils.rs, with tables for users, groups, group_members, and group_invites.