Skip to content

DeepBlueDynamics/sdrrand-site

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
src
src
 
 
.dockerignore
.dockerignore
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
deploy.sh
deploy.sh
 
 

Repository files navigation

sdrrand

Cloud relay/proxy for sdr-rand entropy. RTL-SDR contributors push true-random bytes harvested from ADC quantization noise; the world drains.

  • Domain: sdrrand.nuts.services
  • Cloud Run service: sdrrand (project gnosis-459403, region us-central1)
  • Auth: nuts-authahp_ API tokens or RS256 JWTs
  • Runtime: Rust + Axum

Why a relay

The local sdr-rand daemon needs USB access to an RTL-SDR dongle, so it can't run on Cloud Run. Instead, contributors run sdr-rand push on a machine that owns the dongle and POST entropy here on a near-constant basis under their nuts.services identity. Drainers get the same /api/entropy shape as a local sdr-rand instance, so any existing client just changes its URL.

Endpoints

Method Path Auth Description
GET / HTML landing with live pool stats.
GET /api/entropy?bytes=N&format=json|hex|raw Drain up to 4096 bytes.
GET /api/entropy/stream Server-Sent Events, one event per second (128 bytes hex).
POST /api/entropy required Push raw bytes; counted toward the caller's contributor stats.
GET /api/status Pool size, totals, uptime.
GET /api/contributors Leaderboard by bytes contributed (emails redacted).
GET /healthz Liveness for Cloud Run.

POST body: raw octet stream (Content-Type: application/octet-stream), up to 16 KiB per call.

Environment variables

Variable Default Notes
PORT 8080 Bind port.
NUTS_AUTH_JWKS_URL If unset, runs open dev mode (anonymous POSTs accepted). Set to https://auth.nuts.services/.well-known/jwks.json in prod.
NUTS_AUTH_VALIDATE_URL https://auth.nuts.services/api/validate Used for ahp_ API token validation.

Local dev

cargo run
# Open dev mode (no auth):
curl -X POST http://localhost:8080/api/entropy --data-binary 'hello entropy'
curl http://localhost:8080/api/status
curl 'http://localhost:8080/api/entropy?bytes=8&format=hex'

With auth on:

NUTS_AUTH_JWKS_URL=https://auth.nuts.services/.well-known/jwks.json cargo run
curl -X POST http://localhost:8080/api/entropy \
  -H "Authorization: Bearer $NUTS_TOKEN" \
  --data-binary @entropy.bin

Deploy

bash deploy.sh

Deploys to Cloud Run with min-instances=1 so the entropy pool is warm-ish for drainers and auth verification doesn't pay a cold-start tax. Memory is tiny (256 MiB) because the pool is capped at 64 KiB.

Contributing entropy

On a machine with an RTL-SDR dongle:

sdr-rand push \
  --remote https://sdrrand.nuts.services \
  --token "$NUTS_TOKEN" \
  --frequency 433000000 \
  --interval 2

Get a token at auth.nuts.services. Either an ahp_ API token (persistent) or a session JWT (shorter-lived). Both work.

About

SDR-Rand site for NUTS Services

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages