diff --git a/Scripts/scripts/README.md b/Scripts/scripts/README.md new file mode 100644 index 0000000..ba7a087 --- /dev/null +++ b/Scripts/scripts/README.md @@ -0,0 +1,73 @@ +# Bitcoin Standup Scripts - Blockchain Commons + +Contributor: jodobear 20-07-03 + +**DISCLAIMER:** It is not a good idea to store large amounts of Bitcoin on a VPS, ideally you should use this as a watch-only wallet. This script is a work-in-progress and has not been widely tested. The creators are not responsible for loss of funds. If you are not familiar with running a node or how Bitcoin works then we urge you to use this in testnet so that you can use it as a learning tool. + + +## Usage + +The script is inteded for a fresh bitcoin setup. Re-running the script on an already setup server is intended only for advanced users. + +It downloads Bitcoin Core over Tor. You can specify any path for the blockchain data and Electrs data. + +To run this script you need to be logged in as root, and enter in the commands listed below: + +(The $ or # represents a terminal commmand prompt, do not actually type in a $ or #.) + +1. Give the root user a password, enter the following command and set a password: +$ sudo passwd + +2. Switch to the root user: +$ sudo su + +3. Edit config for your node setup using your favourite text editor: +# nano ss.conf + +4. Source the script: +# source ss_00_main.sh + +5. Display help: +# source ss_00_main.sh -h + +This script can be installed on any Debian based system. By default this script will: + +- Update the OS +- Set Automatic Updates On +- Create User: standup +- Install UFW, haveguard, gnupg2, git & make +- Install Tor +- Install Bitcoin Core on mainnet with txindex=1 if setting up unpruned node. +- Setup Bitcoin Core as systemd service and to start at reboot or after a crash. +- Start Bitcoin Core + +Optionally you can install: +--------------------------- +- Install c-lightning or LND +- Install Esplora +- Install BTCPay** + +** Work-in-progress + +QR Code: +-------- +Upon completion of the script there will be a QR code saved to /qrcode.png which you can open and scan: + +1. Install fim: +$ sudo apt-get install fim +2. Then, display the QR code in terminal (as root): +# fim -a qrcode.png + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that even if your QR code is compromised an attacker would not be able to access your node. + +It is recommended to delete the /qrcode.png. +Additionally, unless you face installation issues and need to assisstance delete /standup.log, and /standup.err + + +## TODO + +1. Conclude the Esplora `dist` [issue](https://github.com/Blockstream/esplora/issues/156) +2. Find solution to BTCPay Server corrupting blockchain directory when creating a softlink. +3. Check implementation & test FastSync. +4. C-lightning HTTP plugin. +5. Explore HWI. \ No newline at end of file diff --git a/Scripts/scripts/ss.conf b/Scripts/scripts/ss.conf new file mode 100644 index 0000000..d67eb3f --- /dev/null +++ b/Scripts/scripts/ss.conf @@ -0,0 +1,124 @@ +################################################ +# Blockchain Commons Standup Script Config file +################################################ + +# To setup a bitcoin server using standup scripts set the following +# environment variables accordingly by uncommenting and/or setting +# appropriate values. + +# contributor: jodobear + +########################### +# system +########################### +# Prompt user befor continuing with the installation. Gives the user +# a chance to check the configuration before installing. Set it to +# true to remove the prompt +NOPROMPT=false +# Set password for user "standup". Good practice to use at least 8 +# character long password. +# Don't ignore this. +USERPASSWORD= + + +########################### +# vps +########################### +# If you are using a VPS, set it to true and set the HOSTNAME, FQDN & +# REGION variables. +VPS=false +# the name for your server +HOSTNAME= +# the domain name(website) where you will host/access the server. +# if you are going to access it locally then you can just use your hostname and add .local like so: hostname.local +FQDN= +# the region in which the server is hosted. Required for timezone settings +REGION= + + +########################### +# Tor & SSH +########################### +# set a Tor public key if you have one. +TOR_PUBKEY= +# set an SSH key if you have one. +SSH_KEY= +# set a comma seperated set of white listed IPs that can SSH into the server. +SYS_SSH_IP= + + +########################### +# bitcoind +########################### +# The bitcoin network you want bitcoind to start with. Valid choices: +# mainnet, testnet or regtest +NETWORK=mainnet +# specify location where you want to create your bitcoin data directory. +# by defaut it will be /home/standup. +# Do NOT add `/.bitcoin/` it will be created by the script +# This is helpful to reduce costs and/or security +BTC_DATA_DIR=/home/standup +# Integer value to specify level of prune node. Minimum value is 550. +PRUNE= +# If you want to speed up the Initial Block Download then set it to true. +# Currently not implemented. It will use snapshot hosted by btcpayserver. +# Documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync +# DISCLAIMER: It is always better to let your node validate blocks from the +# beginning. This script uses blockchain data signed by BTCPay Server. +# Trust at your own risk. +# FASTSYNC=false +# Choose to install HWI: Hardware Wallet Interface +# HWI=false + + +########################### +# lightning +########################### +# Choose your lightning network installation. By default the script will +# not install lightning. Valid options: c-lightning, lnd or empty +LIGHTNING= +# Set alias of your lightning node +LN_ALIAS=StandUp + + +########################### +# c-lightning options +########################### +# http-plugin +# CLN_HTTP_PLUGIN=flase +# password for http communication +# HTTP_PASS= + + +########################### +# services +########################### +# set to true if you want to install an esplora server +ESPLORA=false +# set to true if you want to install btcpay server +# BTCPAYSERVER=false + + +########################### +# Esplora +########################### +# enable lightnode? Uses ~50% disk space but, costs ~50% more time for lookups. Good for personal use. +LIGHTMODE=false +# If available RAM is more than 2Gb, set this to `false` for faster sync +LIMIT_BATCH_SIZE=true +# electrs database directory +ELECTRS_DB=/home/standup/electrs_db +# If Esplora is running on a remote machine than Electrs, then set the IP of that machine or to allow requests from everywhere copy and paste this: \'*\' +CORS=localhost +# Enable NoScript prerender server? +# PRERENDER_ASSETS=flase + + +########################### +# BTCPAY Server +########################### +# the domain name where you will host your BTCPay Server. +# BTCPAY_HOST= +# set the lightning network implementation for your BTCPay Server, +# options: clightning or lnd +# BTCPAY_LN= diff --git a/Scripts/scripts/ss.conf.defaults b/Scripts/scripts/ss.conf.defaults new file mode 100644 index 0000000..d67eb3f --- /dev/null +++ b/Scripts/scripts/ss.conf.defaults @@ -0,0 +1,124 @@ +################################################ +# Blockchain Commons Standup Script Config file +################################################ + +# To setup a bitcoin server using standup scripts set the following +# environment variables accordingly by uncommenting and/or setting +# appropriate values. + +# contributor: jodobear + +########################### +# system +########################### +# Prompt user befor continuing with the installation. Gives the user +# a chance to check the configuration before installing. Set it to +# true to remove the prompt +NOPROMPT=false +# Set password for user "standup". Good practice to use at least 8 +# character long password. +# Don't ignore this. +USERPASSWORD= + + +########################### +# vps +########################### +# If you are using a VPS, set it to true and set the HOSTNAME, FQDN & +# REGION variables. +VPS=false +# the name for your server +HOSTNAME= +# the domain name(website) where you will host/access the server. +# if you are going to access it locally then you can just use your hostname and add .local like so: hostname.local +FQDN= +# the region in which the server is hosted. Required for timezone settings +REGION= + + +########################### +# Tor & SSH +########################### +# set a Tor public key if you have one. +TOR_PUBKEY= +# set an SSH key if you have one. +SSH_KEY= +# set a comma seperated set of white listed IPs that can SSH into the server. +SYS_SSH_IP= + + +########################### +# bitcoind +########################### +# The bitcoin network you want bitcoind to start with. Valid choices: +# mainnet, testnet or regtest +NETWORK=mainnet +# specify location where you want to create your bitcoin data directory. +# by defaut it will be /home/standup. +# Do NOT add `/.bitcoin/` it will be created by the script +# This is helpful to reduce costs and/or security +BTC_DATA_DIR=/home/standup +# Integer value to specify level of prune node. Minimum value is 550. +PRUNE= +# If you want to speed up the Initial Block Download then set it to true. +# Currently not implemented. It will use snapshot hosted by btcpayserver. +# Documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync +# DISCLAIMER: It is always better to let your node validate blocks from the +# beginning. This script uses blockchain data signed by BTCPay Server. +# Trust at your own risk. +# FASTSYNC=false +# Choose to install HWI: Hardware Wallet Interface +# HWI=false + + +########################### +# lightning +########################### +# Choose your lightning network installation. By default the script will +# not install lightning. Valid options: c-lightning, lnd or empty +LIGHTNING= +# Set alias of your lightning node +LN_ALIAS=StandUp + + +########################### +# c-lightning options +########################### +# http-plugin +# CLN_HTTP_PLUGIN=flase +# password for http communication +# HTTP_PASS= + + +########################### +# services +########################### +# set to true if you want to install an esplora server +ESPLORA=false +# set to true if you want to install btcpay server +# BTCPAYSERVER=false + + +########################### +# Esplora +########################### +# enable lightnode? Uses ~50% disk space but, costs ~50% more time for lookups. Good for personal use. +LIGHTMODE=false +# If available RAM is more than 2Gb, set this to `false` for faster sync +LIMIT_BATCH_SIZE=true +# electrs database directory +ELECTRS_DB=/home/standup/electrs_db +# If Esplora is running on a remote machine than Electrs, then set the IP of that machine or to allow requests from everywhere copy and paste this: \'*\' +CORS=localhost +# Enable NoScript prerender server? +# PRERENDER_ASSETS=flase + + +########################### +# BTCPAY Server +########################### +# the domain name where you will host your BTCPay Server. +# BTCPAY_HOST= +# set the lightning network implementation for your BTCPay Server, +# options: clightning or lnd +# BTCPAY_LN= diff --git a/Scripts/scripts/ss_00.1_vps.sh b/Scripts/scripts/ss_00.1_vps.sh new file mode 100644 index 0000000..23dbff4 --- /dev/null +++ b/Scripts/scripts/ss_00.1_vps.sh @@ -0,0 +1,60 @@ +#!/bin/bash + +# standup script - vps hostname settings + +IPADDR="" + +# Check for FQDN & HOSTNAME if --vps +if "$VPS" && [[ -z "$HOSTNAME" ]] || [[ "$HOSTNAME" == "__UNDEFINED__" ]]; then + echo " + $MESSAGE_PREFIX Hostname not provided. + " + while [ -z "$HOSTNAME" ]; do + read -rp "Enter hostname of the server: " HOSTNAME + done +fi + +if "$VPS" && [[ -z "$FQDN" ]] || [[ "$FQDN" == "__UNDEFINED__" ]]; then + echo " + $MESSAGE_PREFIX FQDN not provided. Please provide a domain name." + while [ -z "$FQDN" ]; do + read -rp "Enter the fqdn of the server: " FQDN + done +fi + +if "$VPS" && [[ -z "$REGION" ]] || [[ "$REGION" == "__UNDEFINED__" ]]; then + echo " + $MESSAGE_PREFIX Region of the server not provided. It is required to set the timezone. + " + while [ -z "$REGION" ]; do + read -rp "Enter the region of the server: " REGION + done +fi + +echo $HOSTNAME > /etc/hostname + +/bin/hostname "$HOSTNAME" + +# Set the variable $IPADDR to the IP address the new Linode receives. +apt-get -qq -y install net-tools +IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') + +echo "$MESSAGE_PREFIX Set hostname as $FQDN ($IPADDR)" +echo " + *********************** + $MESSAGE_PREFIX TODO: Put $FQDN with IP $IPADDR in your main DNS file. + *********************** +" +echo "$MESSAGE_PREFIX Set Time Zone to $REGION" +echo $REGION > /etc/timezone +cp /usr/share/zoneinfo/${REGION} /etc/localtime + +echo " + $MESSAGE_PREFIX Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file. + " +# Add localhost aliases + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts + +echo "$MESSAGE_PREFIX - Set localhost" \ No newline at end of file diff --git a/Scripts/scripts/ss_00_main.sh b/Scripts/scripts/ss_00_main.sh new file mode 100644 index 0000000..a46d8ca --- /dev/null +++ b/Scripts/scripts/ss_00_main.sh @@ -0,0 +1,320 @@ +#!bin/bash + +# standup.sh + +set +ex + +# If script not sourced, stop here +if [[ "$0" = "$BASH_SOURCE" ]]; then + echo "This script must be sourced like so: \"source standup.sh\"" + return 1 +fi + +SCRIPTS_DIR="$PWD" + +# message formatting variables +MESSAGE_PREFIX="-------Standup -" +bold=$(tput bold) +normal=$(tput sgr0) +underline=$(tput smul) + +#### +# Parsing Config file +#### + +config_read_file() { + (grep -E "^${2}=" -m 1 "${1}" 2>/dev/null || echo "VAR=__UNDEFINED__") | head -n 1 | cut -d '=' -f 2-; +} + +config_get() { + val="$(config_read_file ./ss.conf "${1}")"; + if [ "${val}" = "__UNDEFINED__" ]; then + val="$(config_read_file ./ss.conf.defaults "${1}")"; + fi + printf -- "%s" "${val}"; +} + +# Environment Variables +# system +NOPROMPT="$(config_get NOPROMPT)" +USERPASSWORD="$(config_get USERPASSWORD)" + +# vps +VPS="$(config_get VPS)" +FQDN="$(config_get FQDN)" +HOSTNAME="$(config_get HOSTNAME)" +REGION="$(config_get REGION)" + +# Tor & SSH +TOR_PUBKEY="$(config_get TOR_PUBKEY)" +SSH_KEY="$(config_get SSH_KEY)" +SYS_SSH_IP="$(config_get SYS_SSH_IP)" + +# bitcoind +NETWORK="$(config_get NETWORK)" +BTC_DATA_DIR="$(config_get BTC_DATA_DIR)" +PRUNE="$(config_get PRUNE)" +# FASTSYNC="$(config_get FASTSYNC)" +# HWI="$(config_get HWI)" + +# lightning +LIGHTNING="$(config_get LIGHTNING)" +LN_ALIAS="$(config_get LN_ALIAS)" + +# c-lightning +# CLN_HTTP_PLUGIN="$(config_get CLN_HTTP_PLUGIN)" +# HTTP_PASS="$(config_get HTTP_PASS)" + +# services +ESPLORA="$(config_get ESPLORA)" +BTCPAYSERVER="$(config_get BTCPAYSERVER)" + +# esplora +LIGHTMODE="$(config_get LIGHTMODE)" +LIMIT_BATCH_SIZE="$(config_get LIMIT_BATCH_SIZE)" +ELECTRS_DB="$(config_get ELECTRS_DB)" +CORS="$(config_get CORS)" +PRERENDER_ASSETS="$(config_get PRERENDER_ASSETS)" + +# btcpay server +BTCPAY_HOST="$(config_get BTCPAY_HOST)" +BTCPAY_LN="$(config_get BTCPAY_LN)" + + +#### +# Parsing Arguments +#### +PARAMS="" + +while (( "$#" )); do +key="$1" + case $key in + -h|--help) + source ./ss_01_help.sh + return 2 + ;; + -*|--*=) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + source ./ss_01_help.sh + return 3 + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift 1 + ;; + esac +done +set -- "$PARAMS" # set positional parameters in order + + +#### +# 0. Force check for root +#### + +# if you are not logged in as root then the script will not execute +echo " +----------------" +echo "$MESSAGE_PREFIX Checking if logged in as root." +echo "----------------" +if ! [ "$(id -u)" == 0 ]; then + echo "$MESSAGE_PREFIX You need to be logged in as root!" + return 2 +fi + +echo "$MESSAGE_PREFIX Logged in as root. Continuing with installation. +---------------- +" +# Output stdout and stderr to ~root files +exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) + +#### +# 1. Update Hostname and set timezone +#### +# source vps setup script +if "$VPS"; then + source ./ss_00.1_vps.sh +fi + +cd "$SCRIPTS_DIR" + +# Display script configuration +echo " +---------SETUP--------- +Parameters Passed: + +System +------ +NOPROMPT......: $NOPROMPT +USERPASSWORD..: $USERPASSWORD + +VPS +--- +VPS...........: $VPS +FQDN..........: $FQDN +HOSTNAME......: $HOSTNAME +REGION........: $REGION + +Tor & SSH +---------- +TOR_PUBKEY....: $TOR_PUBKEY +SSH_KEY.......: $SSH_KEY +SYS_SSH_IP....: $SYS_SSH_IP + +Bitcoin +-------- +NETWORK.............: $NETWORK +BTC_DATA_DIR........: $BTC_DATA_DIR +PRUNE...............: $PRUNE + +Lightning +---------- +LIGHTNING...........: $LIGHTNING +LN_ALIAS............: $LN_ALIAS + +Services +--------- +ESPLORA.............: $ESPLORA +BTCPAYSERVER........: $BTCPAYSERVER + +Esplora +------- +LIGHTMODE...........: $LIGHTMODE +LIMIT_BATCH_SIZE....: $LIMIT_BATCH_SIZE +ELECTRS_DB..........: $ELECTRS_DB +CORS................: $CORS +PRERENDER_ASSETS....: $PRERENDER_ASSETS + +BTCPAY Server +------------- +BTCPAY_HOST.........: $BTCPAY_HOST +BTCPAY_LN...........: $BTCPAY_LN +" +# FASTSYNC............: $FASTSYNC +# HWI.................: $HWI + +# c-lightning +# ----------- +# CLN_HTTP_PLUGIN.....: $CLN_HTTP_PLUGIN +# HTTP_PASS...........: $HTTP_PASS + + +# prompt user before continuing with installation +if ! "$NOPROMPT"; then + read -rp "Continue with installation? (Y/n): " confirm +fi + +if [[ "$confirm" != [yY] ]]; then + echo "Entered $confirm. Exiting.." + return 4 +else + NOPROMPT=true + echo "Installing Bitcoin!" +fi + + +#### +# 2. Update Debian, Set autoupdate and Install Dependencies +#### +echo " +---------------- +$MESSAGE_PREFIX Starting Debian updates; this will take a while! +---------------- +" + +# Make sure all packages are up-to-date +apt-get update +apt-get upgrade -y +apt-get dist-upgrade -y + +# source dependency script +source ./ss_02_dependencies.sh + +cd "$SCRIPTS_DIR" + +#### +# 3. Create user admin +#### +# source user and ssh script +source ./ss_03_user_ssh.sh + +cd "$SCRIPTS_DIR" + +#### +# 4. Install Tor +#### +# source tor script +source ./ss_04_tor.sh + +# sleep 4 seconds for tor to restart +sleep 4 + +cd "$SCRIPTS_DIR" + +#### +# 5. Install Bitcoin +#### +# source bitcoin script +BITCOIND_VERSION=$(bitcoind --version | grep "Bitcoin Core version | awk '{print $4}'") +if [[ -n "$BITCOIND_VERSION" ]]; then + echo " + ---------------- + $MESSAGE_PREFIX bitcoind is already installed, version: $BITCOIND_VERSION + ---------------- + " +else + source ./ss_05_bitcoin.sh +fi + +sleep 4 + +BITCOIND_IS=$(systemctl status bitcoind | grep active | awk '{print $2}') +echo " + +--------------------------------------- + + $MESSAGE_PREFIX bitcoind service is: $BITCOIND_IS + +--------------------------------------- +" +cd "$SCRIPTS_DIR" + +#### +# Lightning +#### +# source lightning script +if [[ "$LIGHTNING" == "c-lightning" ]]; then + source ./ss_06_c-lightning.sh +elif [[ "$LIGHTNING" == "lnd" ]]; then + source ./ss_06_lnd.sh +fi + +cd "$SCRIPTS_DIR" + +#### +# Esplora +#### +# source esplora script +if "$ESPLORA"; then + source ./ss_07_esplora.sh +fi + +cd "$SCRIPTS_DIR" + +### +# BTCPay Server +### +# source btcpay script +# if "$BTCPAYSERVER"; then +# source ./ss_08_btcpayserver.sh +# fi + +cd "$SCRIPTS_DIR" + +# move the stack scripts to user standup +cp -r $SCRIPTS_DIR ~standup/ +chown standup ~standup/scripts-conf +cd ~standup/scripts-conf +rm -r $SCRIPTS_DIR + +# Finished, exit script +return 0 diff --git a/Scripts/scripts/ss_01_help.sh b/Scripts/scripts/ss_01_help.sh new file mode 100644 index 0000000..233f40f --- /dev/null +++ b/Scripts/scripts/ss_01_help.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +# standup script help + +# help definition +function help () { + +bold=$(tput bold) +normal=$(tput sgr0) +underline=$(tput smul) + +cat <<-END + + +--------------------------------- +${bold}Blockchain Commons Standup Script${normal} +--------------------------------- + +Contributor: jodobear 20-07-03 + +${bold}DISCLAIMER:${normal} It is not a good idea to store large amounts of Bitcoin on a VPS, ideally you should use this as a watch-only wallet. This script is a work-in-progress and has not been widely tested. The creators are not responsible for loss of funds. If you are not familiar with running a node or how Bitcoin works then we urge you to use this in testnet so that you can use it as a learning tool. + + +-------------------------------------- +${bold} Usage ${normal} +-------------------------------------- + +The script is inteded for a fresh bitcoin setup. Re-running the script on an already setup server is intended only for advanced users. In order to run this script ${bold}you need to be logged in as root${normal}, and enter in the commands listed below: + +(The $ or # represents a terminal commmand prompt, do not actually type in a $ or #.) + +1. Give the root user a password, enter the following command and set a password: +$ ${bold}sudo passwd${normal} + +2. Switch to the root user: +$ ${bold}sudo su${normal} + +3. Edit config for your node setup using your favourite text editor: +# ${bold}nano ss.conf${normal} + +4. Source the script: +# ${bold}source ss_00_main.sh${normal} + +5. Display this help: +# ${bold}source ss_00_main.sh -h${normal} + +This script can be installed on any Debian based system. By default this script will: + +- Update the OS +- Set Automatic Updates On +- Create User: standup +- Install UFW, haveguard, gnupg2, git & make +- Install Tor +- Install Bitcoin Core on mainnet with txindex=1 if setting up unpruned node. +- Setup Bitcoin Core as systemd service and to start at reboot or after a crash. +- Start Bitcoin Core + +Optionally you can install: +--------------------------- +- Install c-lightning or LND +- Install Esplora +- Install BTCPay** + + +** Work-in-progress + +QR Code: +-------- +Upon completion of the script there will be a QR code saved to /qrcode.png which you can open and scan: + +1. Install fim: +$ ${bold}sudo apt-get install fim${normal} +2. Then, display the QR code in terminal (as root): +# ${bold}fim -a qrcode.png${normal} + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that even if your QR code is compromised an attacker would not be able to access your node. + +${bold}It is recommended to delete the /qrcode.png. +Additionally, unless you face installation issues and need to assisstance delete /standup.log, and /standup.err${normal} + +---------------------------------------------------------------------------------------------------------------- + +END +} + +help \ No newline at end of file diff --git a/Scripts/scripts/ss_03_user_ssh.sh b/Scripts/scripts/ss_03_user_ssh.sh new file mode 100644 index 0000000..cbdbdbe --- /dev/null +++ b/Scripts/scripts/ss_03_user_ssh.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# standup script - setup user and ssh access + +if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ]; then + echo " +---------------- + $MESSAGE_PREFIX Creating user standup +---------------- + " + # Create "standup" group & user with optional password and give them sudo capability + /usr/sbin/groupadd standup + /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup + /usr/sbin/adduser standup sudo + /usr/sbin/adduser standup standup + + # make scripts directory for useful scripts + mkdir /home/standup/scripts + chown standup /home/standup/scripts + echo " +$MESSAGE_PREFIX User standup created with sudo access. + " +else + echo " + ---------------- + $MESSAGE_PREFIX User standup already exists. + ----------------" +fi + +# Setup SSH Key if the user added one as an argument +if [ -n "$SSH_KEY" ] && [[ "$SSH_KEY" != "__UNDEFINED__" ]]; then + mkdir ~standup/.ssh + echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys + chown -R standup ~standup/.ssh + echo " +---------------- +$MESSAGE_PREFIX Added .ssh key to standup. +---------------- + " +fi + +# Setup SSH allowed IP's if the user added any as an argument +if [ -n "$SYS_SSH_IP" ] && [[ "$SYS_SSH_IP" != "__UNDEFINED__" ]]; then + echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow + echo "sshd: ALL" >> /etc/hosts.deny + echo " +---------------- +$MESSAGE_PREFIX Limited SSH access. +---------------- + " +else + echo " + **************** + $MESSAGE_PREFIX WARNING: Your SSH access is not limited; this is a major security hole! + **************** + " +fi \ No newline at end of file diff --git a/Scripts/scripts/ss_04_tor.sh b/Scripts/scripts/ss_04_tor.sh new file mode 100644 index 0000000..9fac91d --- /dev/null +++ b/Scripts/scripts/ss_04_tor.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# standup script - Tor installation + +#### +# 4. Install latest stable tor +#### + +# Download tor +echo " +---------------- + $MESSAGE_PREFIX Installing Tor +---------------- +" +# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: +if [ -z "$(which apt-transport-https)" ]; then + apt-get install apt-transport-https -y + echo " +$MESSAGE_PREFIX apt-transport-https installed + " +fi + +# To download bitcoin using onion site, we need torsocks +if [ -z "$(which torsocks)" ]; then + apt-get install torsocks -y + echo " +$MESSAGE_PREFIX torsocks installed + " +fi + +# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: +DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') + +# You need to add the following entries to /etc/apt/sources.list: +cat >> /etc/apt/sources.list << EOF +deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +EOF + +# Then add the gpg key used to sign the packages by running: +# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 +sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +# Update system, install and run tor as a service +sudo apt update +sudo apt install tor deb.torproject.org-keyring -y + +# Setup hidden service +sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc +sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc +# for c-lightning +sed -i -e 's/#CookieAuthFileGroupReadable 1/CookieAuthFileGroupReadable 1/g' /etc/tor/torrc +sed -i -e 's/## address y:z./## address y:z.\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/bitcoin\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1309 127.0.0.1:18332\ +HiddenServicePort 1309 127.0.0.1:18443\ +HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc + +mkdir /var/lib/tor/standup +chown -R debian-tor:debian-tor /var/lib/tor/standup +chmod 700 /var/lib/tor/standup + +# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind +sudo usermod -a -G debian-tor standup + +# Restart tor to create the HiddenServiceDir +sudo systemctl restart tor.service + + +if [[ -n "$(systemctl is-active tor) | grep active" ]]; then +echo " +$MESSAGE_PREFIX Tor installed and successfully started +" +fi + +# add V3 authorized_clients public key if one exists +if [[ "$TOR_PUBKEY" != "" ]] && [[ "$TOR_PUBKEY" != "__UNDEFINED__" ]]; then + # create the directory manually incase tor.service did not restart quickly enough + mkdir /var/lib/tor/standup/authorized_clients + + # need to assign the owner + chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients + + # Create the file for the pubkey + touch /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Write the pubkey to the file + echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Restart tor for authentication to take effect + sudo systemctl restart tor.service + + echo " + $MESSAGE_PREFIX Successfully added Tor V3 authentication + " + +else + echo " + $MESSAGE_PREFIX No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet + " +fi diff --git a/Scripts/scripts/ss_05_bitcoin.sh b/Scripts/scripts/ss_05_bitcoin.sh new file mode 100644 index 0000000..9907f5b --- /dev/null +++ b/Scripts/scripts/ss_05_bitcoin.sh @@ -0,0 +1,312 @@ +#!/bin/bash + +# standup script - bitcoin installation + +#### +# 5. Install Bitcoin +#### + +echo " + +---------------- + $MESSAGE_PREFIX Installing Bitcoin +---------------- +" +# Download Bitcoin + +# CURRENT BITCOIN RELEASE: +# Change as necessary +export BITCOIN="bitcoin-core-0.20.1" +export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` + +# # get bitcoin tar.gz, shasums and signing keys +# clearnet +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc + +# onionnet +# If the script fails to download bitcoin-core using the onion link then the onion link might have changed. Check for the updated link here: https://bitcoincore.org/en/2020/03/27/hidden-service/ +# OR alternatively uncomment the clearnet links to download bitcoin over clearnet. +if ! [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]]; then + echo " +---------------- +$MESSAGE_PREFIX Downloading $BITCOIN, this will take a while! +---------------- + " + +sudo -u standup torsocks wget --progress=bar:force http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz +fi + +if [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]]; then + echo " +$MESSAGE_PREFIX $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ + " + echo " +$MESSAGE_PREFIX downloading SHA256SUMS.asc for $BITCOIN + " +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +else + return 100 +fi + +if [[ -f ~standup/SHA256SUMS.asc ]]; then + echo " +$MESSAGE_PREFIX SHA256SSUMS.asc exists at /home/standup/ +" +fi + +if ! [[ -f ~standup/laanwj-releases.asc ]]; then + echo " +$MESSAGE_PREFIX downloading laanwj-release signature +" +sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +fi + +# Verifying Bitcoin: Signature +echo " +----------------- +$MESSAGE_PREFIX Verifying Bitcoin. +----------------- +" + +sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc +export BTC_SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature" | awk '{print $2, $3}'` + +if [[ $BTC_SHASIG ]]; then + echo " +$MESSAGE_PREFIX VERIFICATION SUCCESS / SIG: $BTC_SHASIG + " +else + (>&2 echo " + $MESSAGE_PREFIX VERIFICATION ERROR: Signature for Bitcoin did not verify! + ") + return 101 +fi + +# Verify Bitcoin: SHA +export BTC_TARSHA256=`/usr/bin/sha256sum ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep "$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` + +if [[ "$BTC_TARSHA256" = "$BTC_EXPECTEDSHA256" ]]; then + echo " +$MESSAGE_PREFIX VERIFICATION SUCCESS / SHA: $BTC_TARSHA256 + " +else + (>&2 echo " + $MESSAGE_PREFIX VERIFICATION ERROR: SHA for Bitcoin did not match! + ") + return 102 +fi + +# Install Bitcoin +sudo -u standup /bin/tar xzf ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -C ~standup +/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/"$BITCOINPLAIN"/bin/* +/bin/rm -rf ~standup/"$BITCOINPLAIN"/ + +# Start Up Bitcoin +echo " +$MESSAGE_PREFIX Configuring Bitcoin. +" + +# create bitcoin data dir +mkdir $BTC_DATA_DIR/.bitcoin +FULL_BTC_DATA_DIR=$BTC_DATA_DIR/.bitcoin +chown standup $FULL_BTC_DATA_DIR +# create a symlink user standup's home directory. +if [[ "$BTC_DATA_DIR" != /home/standup ]]; then + ln -s $FULL_BTC_DATA_DIR /home/standup/ +fi + +RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) +RPCUSER="StandUp" + +if [[ "$PRUNE" -eq 0 ]] || [[ "$PRUNE" == "__UNDEFINED__" ]]; then + PRUNE="" +fi + +# # FastSync implementation - WIP +# UTXO_MN_609375_SHA="52f0fc62dd28d016f49a75c22a6fa0827efc730f882bfa8cbc5ef96736d12100" +# UTXO_TN_1445586_SHA="eabaaa717bb8eeaf603e383dd8642d9d34df8e767fccbd208b0c936b79c82742" + +# if "$FASTSYNC" && [[ "$NETWORK" == mainnet ]]; then +# UTXO_DOWNLOAD_LINK="http://utxosets.blob.core.windows.net/public/utxo-snapshot-bitcoin-mainnet-609375.tar" +# TAR_NAME="$(basename UTXO_DOWNLOAD_LINK)" +# echo " +# $MESSAGE_PREFIX downloading mainnet UTXO snapshot from BTCPay server +# " +# wget "$UTXO_DOWNLOAD_LINK" -q --show-progress +# UTXO_DL_SHA="$(sha256sum $TAR_NAME)" +# if [[ "$UTXO_MN_609375_SHA" != "$UTXO_DL_SHA" ]]; then +# echo " +# $MESSAGE_PREFIX the downloaded UTXO set failed SHA verification and is untrested, exiting. +# " +# return 103 +# else +# tar -xf "$TAR_FILE" -C "$FULL_BTC_DATA_DIR" +# fi +# elif "$FASTSYNC" && [[ "$NETWORK" == testnet ]]; then +# UTXO_DOWNLOAD_LINK="http://utxosets.blob.core.windows.net/public/utxo-snapshot-bitcoin-testnet-1445586.tar" +# TAR_NAME="$(basename UTXO_DOWNLOAD_LINK)" +# echo " +# $MESSAGE_PREFIX downloading testnet UTXO snapshot from BTCPay server +# " +# wget "$UTXO_DOWNLOAD_LINK" -q --show-progress +# UTXO_DL_SHA="$(sha256sum $TAR_NAME)" +# if [[ "$UTXO_MN_609375_SHA" != "$UTXO_DL_SHA" ]]; then +# echo " +# $MESSAGE_PREFIX the downloaded UTXO set failed SHA verification and is untrested, exiting. +# " +# return 103 +# else +# tar -xf "$TAR_FILE" -C "$FULL_BTC_DATA_DIR/testnet3" +# fi +# fi + +cat >> $FULL_BTC_DATA_DIR/bitcoin.conf << EOF +# launches bitcoind as server to accept rpc connections +server=1 +debug=tor + +# Specify a non-default location to store blockchain and other data. +datadir=$FULL_BTC_DATA_DIR + +# prune +prune=$PRUNE + +# rpc credentials +rpcuser=$RPCUSER +rpcpassword=$RPCPASSWORD +rpcallowip=127.0.0.1 + +# zmq +zmqpubrawblock=tcp://127.0.0.1:28332 +zmqpubrawtx=tcp://127.0.0.1:28333 +EOF + +if [[ -z "$PRUNE" ]] || [[ "$PRUNE" == "__UNDEFINED__" ]]; then + cat >> $FULL_BTC_DATA_DIR/bitcoin.conf << EOF + txindex=1 +EOF +fi + +# you are adding anything to the config file then add before this block else, the settings will only be affected in the specified network block. +# conversely, add settings specific to a particular network in their respective blocks. +cat >> $FULL_BTC_DATA_DIR/bitcoin.conf << EOF +[test] +rpcbind=127.0.0.1 +rpcport=18332 +[main] +rpcbind=127.0.0.1 +rpcport=8332 +[regtest] +rpcbind=127.0.0.1 +rpcport=18443 +EOF + +/bin/chown standup $FULL_BTC_DATA_DIR/bitcoin.conf +/bin/chmod 740 $FULL_BTC_DATA_DIR/bitcoin.conf + +# Setup bitcoind as a service that requires Tor +echo " +$MESSAGE_PREFIX Setting up Bitcoin as a systemd service. +" + +sudo cat > /etc/systemd/system/bitcoind.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments +# in ExecStart= + +[Unit] +Description=Bitcoin daemon +Requires=tor.service +After=tor.service + +[Service] +ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf + +# Process management +#################### +Type=simple +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure + +# Directory creation and permissions +#################################### +# Run as standup:standup +User=standup +Group=standup +# /run/bitcoind +RuntimeDirectory=bitcoind +RuntimeDirectoryMode=0710 + +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target +EOF + + +# enable lightnind service +echo " +$MESSAGE_PREFIX Starting bitcoind service +" +sudo systemctl restart tor +sleep 4 +sudo systemctl enable bitcoind.service +sudo systemctl start bitcoind.service + +#### +# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display +#### +if [[ $(systemctl status bitcoind | grep active | awk '{print $2}') = "active" ]]; then + # Get the Tor onion address for the QR code + HS_HOSTNAME="$(sudo cat /var/lib/tor/standup/bitcoin/hostname)" + + # Create the QR string + QR="btcstandup://StandUp:"$RPCPASSWORD"@"$HS_HOSTNAME":1309/?label=StandUp.sh" + + # Display the uri text incase QR code does not work + echo " + ***********************************************************************************************************************" + echo "StandUp - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" + echo "$QR" + echo "*********************************************************************************************************************** + " + echo " +$MESSAGE_PREFIX Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor + " + echo " +$MESSAGE_PREFIX You can manually stop Bitcoin with: sudo systemctl stop bitcoind + " + echo " +$MESSAGE_PREFIX You can manually start Bitcoin with: sudo systemctl start bitcoind + " + echo " + $MESSAGE_PREFIX Your bitcoin data directory is: + ----------------------------------------------- + $FULL_BTC_DATA_DIR + ----------------------------------------------- + " +else + echo " +ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. + " +fi diff --git a/Scripts/scripts/ss_06_c-lightning.sh b/Scripts/scripts/ss_06_c-lightning.sh new file mode 100644 index 0000000..8095bad --- /dev/null +++ b/Scripts/scripts/ss_06_c-lightning.sh @@ -0,0 +1,188 @@ +#!/bin/bash + +# standup script - install c-lightning + +echo " +---------------- + $MESSAGE_PREFIX installing c-lightning +---------------- +" + +export CLN_VERSION="v0.9.1" +export LIGHTNING_DIR="/home/standup/.lightning" + +echo " + +$MESSAGE_PREFIX installing c-lightning dependencies + +" + +apt-get install -y \ +autoconf automake build-essential git libtool libgmp-dev \ +libsqlite3-dev python3 python3-mako net-tools zlib1g-dev \ +libsodium-dev gettext valgrind python3-pip libpq-dev + +echo " +$MESSAGE_PREFIX downloading & Installing c-lightning +" +# get & compile clightning from github +sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning +cd ~standup/lightning +git checkout $CLN_VERSION +python3 -m pip install -r requirements.txt +./configure +make -j$(nproc --ignore=1) --quiet +sudo make install + +# get back to script directory +cd "$SCRIPTS_DIR" + +# lightningd config +mkdir -m 760 "$LIGHTNING_DIR" +chown standup -R "$LIGHTNING_DIR" +cat >> "$LIGHTNING_DIR"/config << EOF +alias=StandUp + +log-level=debug:plugin +log-prefix=standup + +bitcoin-datadir=$FULL_BTC_DATA_DIR +# bitcoin-rpcuser=**** +# bitcoin-rpcpassword=**** +# bitcoin-rpcconnect=127.0.0.1 +# bitcoin-rpcport=8332 + +# outgoing Tor connection +proxy=127.0.0.1:9050 +# listen on all interfaces +bind-addr= +# listen only clearnet +bind-addr=127.0.0.1:9735 +addr=statictor:127.0.0.1:9051 +# only use Tor for outgoing communication +always-use-proxy=true +EOF + +/bin/chmod 640 "$LIGHTNING_DIR"/config + +# create log file +touch "$LIGHTNING_DIR"/lightning.log + +# add tor configuration to torrc +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/lightningd-service_v3\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc + +################# +# add http-plugin +################# +if "$CLN_HTTP_PLUGIN"; then + echo " + $MESSAGE_PREFIX installing Rust lang. + " + cd ~standup + /usr/sbin/runuser -l standup -c 'curl https://sh.rustup.rs -sSf | sh -s -- -y' + source ~standup/.cargo/env + echo " + $MESSAGE_PREFIX $(runsuer -l standup rustc - version) installed. + " + # get back to script directory & create plugins direcotry + cd "$SCRIPTS_DIR" + mkdir "$LIGHTNING_DIR"/plugins/ + + # get http-plugin & build + echo " + $MESSAGE_PREFIX getting c-lightning http-plugin. + " + sudo -u standup git clone https://github.com/Start9Labs/c-lightning-http-plugin.git "$LIGHTNING_DIR"/plugings/ + cd "$LIGHTNING_DIR"/plugings/c-lightning-http-plugin/ + cargo build --release + chmod a+x /home/you/.lightning/plugins/c-lightning-http-plugin/target/release/c-lightning-http-plugin + if [[ -z "$HTTP_PASS" ]]; then + while [[ -z "$HTTP_PASS" ]]; do + read -rp "Provide a strong password for https-plugin" HTTP_PASS + done + fi + + # add config options + echo " +plugin=/home/standup/.lightning/plugins/c-lightning-http-plugin/target/release/c-lightning-http-plugin +http-pass=$HTTP_PASS +https-port=1312 +" >> "$LIGHTNING_DIR"/config + + # create HS for plugin + sed -i -e 's/HiddenServicePort 1234 127.0.0.1:9735/HiddenServicePort 1234 127.0.0.1:9735\ +HiddenServiceDir \/var\/lib\/tor\/standup\/lightningd-http-plugin_v3\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1312 127.0.0.1:1312/g' /etc/tor/torrc +fi + +echo " +$MESSAGE_PREFIX Setting up c-lightning as a systemd service. +" + +cat > /etc/systemd/system/lightningd.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/lightning/config, except for those explicitly specified as arguments +# in ExecStart= +[Unit] +Description=c-lightning daemon +After=tor.service +Requires=tor.service +[Service] +ExecStart=/usr/local/bin/lightningd -conf=/home/standup/.lightning/config +# Process management +#################### +Type=simple +PIDFile=/run/lightning/lightningd.pid +Restart=on-failure +# Directory creation and permissions +#################################### +# Run as lightningd:lightningd +User=standup +Group=standup +# /run/lightningd +RuntimeDirectory=lightningd +RuntimeDirectoryMode=0710 +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true +[Install] +WantedBy=multi-user.target +EOF + +# enable lightnind service +sudo systemctl restart tor +sleep 4 +sudo systemctl enable lightningd.service +sudo systemctl start lightningd.service + +if [ $(systemctl status lightningd | grep active | awk '{print $2}') = "active" ]; then + echo " +$MESSAGE_PREFIX c-lightning Installed and started + Wait for the bitcoind to fully sync with the blockchain and then interact with lightningd. + " +else + echo " +$MESSAGE_PREFIX c-lightning not yet active. + " +fi \ No newline at end of file diff --git a/Scripts/scripts/ss_06_lnd.sh b/Scripts/scripts/ss_06_lnd.sh new file mode 100644 index 0000000..cc0ae94 --- /dev/null +++ b/Scripts/scripts/ss_06_lnd.sh @@ -0,0 +1,197 @@ +#!/bin/bash + +# standup script - install lnd + +echo " +---------------- + $MESSAGE_PREFIX installing LND +---------------- +" + +# install Go +GO_VERSION="go1.14.4" +OS="linux" +ARCH="amd64" +GOSHA="aed845e4185a0b2a3c3d5e1d0a35491702c55889192bb9c30e67a3de6849c067" + +## check & remove older go version +if [[ -n $(which go) ]]; then + if [[ $(go version | awk '{print $3}') != "$GO_VERSION" ]]; then + rm -rf /usr/local/go + fi +fi + +## get go +sudo -u standup wget --progress=bar:force https://dl.google.com/go/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -O ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz +GOTARSHA=$(sudo -u standup /usr/bin/sha256sum ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz | awk -F " " '{ print $1 }') + +if [[ "$GOTARSHA" != "$GOSHA" ]]; then + echo " + $MESSAGE_PREFIX Go checksum validation failed. Exiting. + " + return 201 +else + echo " + $MESSAGE_PREFIX Go checksum validated. Continuing with installing LND. + " +fi + +# get go_sha from website to check +sudo -u standup /bin/tar xzf ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -C ~standup +sudo mv ~standup/go /usr/local + +export PATH="$PATH":/usr/local/go/bin:"$GOPATH"/bin +export GOPATH=~standup/gocode + +# test go +if [[ $(go version | awk '{print $3}') = "$GO_VERSION" ]]; then + echo " +$MESSAGE_PREFIX $GO_VERSION successfully installed + " +else + echo " +$MESSAGE_PREFIX Go not installed, cannot install lnd + " + return 202 +fi + +# build lnd +LND_VERSION="v0.11.0-beta.rc4" +echo " +$MESSAGE_PREFIX getting lnd... depending on your network it can take more than an hour. With good network it usually takes about 5-10 mins. +" +go get -d github.com/lightningnetwork/lnd +git checkout $LND_VERSION +cd "$GOPATH"/src/github.com/lightningnetwork/lnd +make +make install # installs to /home/standup/gocode/bin which is $GOPATH/bin + +# go back to script directory +cd "$SCRIPTS_DIR" + +sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin + +# create necessary directories +mkdir -p /etc/lnd +mkdir -p /var/lib/lnd +chown standup:standup -R /var/lib/lnd + +BTC_NETWORK="" +if [[ "$NETWORK" = "mainnet" ]]; then + BTC_NETWORK="bitcoin.mainnet=1" +elif [[ "$NETWORK" = "testnet" ]]; then + BTC_NETWORK="bitcoin.testnet=1" +else + BTC_NETWORK="bitcoin.regtest=1" +fi + +BITCOINDRPC_USER=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcuser | awk -F = '{print $2}') +BITCOINRPC_PASS=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcpassword | awk -F = '{print $2}') + +# create lnd config +cat > /etc/lnd/lnd.conf << EOF +[Application Options] +datadir=/var/lib/lnd/data +tlscertpath=/var/lib/lnd/tls.cert +tlskeypath=/var/lib/lnd/tls.key +logdir=/var/lib/lnd/logs +maxlogfiles=3 +maxlogfilesize=10 +#externalip=1.1.1.1 # change to your public IP address if required. +alias=$LN_ALIAS +listen=0.0.0.0:9735 +debuglevel=debug + +[Bitcoin] +bitcoin.active=1 +bitcoin.node=bitcoind +bitcoin.dir=$BTC_DATA_DIR +$BTC_NETWORK + +#[Bitcoind] +#bitcoind.rpchost=localhost +#bitcoind.rpcuser=$BITCOINRPC_USER +#bitcoind.rpcpass=$BITCOINRPC_PASS +#bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 +#bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 + +[tor] +tor.active=true +tor.v3=true +EOF + +# set appropriate permissions +chmod 644 /etc/lnd/lnd.conf + +# create soft link to the lnd data dir +ln -s /var/lib/lnd ~standup/.lnd + +# add tor configuration to torrc +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServiceDir \/var\/lib\/tor\/standup\/lnd\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc + +# create systemd service +cat > /etc/systemd/system/lnd.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit lnd.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/lnd/lnd.conf, except for those explicitly specified as arguments +# in ExecStart= + +[Unit] +Description=LND Lightning Network Daemon +Requires=bitcoind.service +After=bitcoind.service + +[Service] +ExecStart=/usr/bin/lnd --configfile=/etc/lnd/lnd.conf +ExecStop=/usr/bin/lncli --lnddir /var/lib/lnd stop +PIDFile=/run/lnd/lnd.pid + +User=standup +Group=standup + +Type=simple +KillMode=process +TimeoutStartSec=60 +TimeoutStopSec=60 +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target +EOF + + +# enable lnd service +sudo systemctl restart tor +sleep 4 +sudo systemctl enable lnd +sudo systemctl start lnd + +# check if lnd running +echo " +$MESSAGE_PREFIX Checking if LND is running +" +LND_VERSION=$(lnd --version) + +if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]]; then + echo " + $MESSAGE_PREFIX installed $LND_VERSION + $MESSAGE_PREFIX LND service now is active. + " + echo "LND is fully active and working with Tor. +To interact with LND first create a wallet (without the $): + $ lncli create + " +else + echo " + $MESSAGE_PREFIX LND not yet active. Check manually using (without the $) : + $ sudo systemctl status lnd + " +fi diff --git a/Scripts/scripts/ss_07_esplora.sh b/Scripts/scripts/ss_07_esplora.sh new file mode 100644 index 0000000..8fe8459 --- /dev/null +++ b/Scripts/scripts/ss_07_esplora.sh @@ -0,0 +1,219 @@ +#!/bin/bash + +# standup - esplora + +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" +ELECTRS_REPO="/home/standup/electrs" +ESPLORA_REPO="/home/standup/esplora" + +# install rust +cd ~standup +sudo -u standup curl https://sh.rustup.rs -sSf | sudo -u standup sh -s -- -y + +# install blockstream/electrs +apt install clang cmake -y # required for building rust-rocksdb +sudo -u standup git clone https://github.com/blockstream/electrs "$ELECTRS_REPO" +cd "$ELECTRS_REPO" +git checkout new-index + +# create electrs config +cat >> electrs.toml << EOF +verbose=3 +cors="$CORS":5000 +electrum_rpc_addr=127.0.0.1:50001 + +db_dir="$ELECTRS_DB" + +cookie="$RPCUSER:$RPCPASSWORD" +EOF + +# set config options +if "$LIGHTMODE" && "$LIMIT_BATCH_SIZE"; then + echo " + lightmode=true + index_batch_size=10" >> ~standup/electrs/electrs.toml + ELECTRS_SETUP="lightmode and limiting index batch size to 10." +elif "$LIGHTMODE" && ! "$LIMIT_BATCH_SIZE"; then + echo " + lightmode=true" >> ~standup/electrs/electrs.toml + ELECTRS_SETUP="lightmode." +elif ! "$LIGHTMODE" && "$LIMIT_BATCH_SIZE"; then + echo " + index_batch_size=10" >> ~standup/electrs/electrs.toml + ELECTRS_SETUP="fullmode and limiting batch size index to 10." +else + ELECTRS_SETUP="full mode." +fi + +ELECTRS_CMD="/home/standup/.cargo/bin/cargo run --release --bin electrs --" + +# set systemd service +sudo cat > /etc/systemd/system/electrs.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit electrs.service +# See "man systemd.service" for details. + +[Unit] +Description=Electrs +Requires=bitcoind.service +After=bitcoind.service + +[Service] +WorkingDirectory=/home/standup/electrs +ExecStart=$ELECTRS_CMD + +# Process management +#################### +Type=simple +PIDFile=/run/electrs/electrs.pid +TimeoutSec=60 +Restart=on-failure +RestartSec=60 +KillMode=process + +# Directory creation and permissions +#################################### +# Run as standup:standup +User=standup +Group=standup +# /run/electrs +RuntimeDirectory=electrs +RuntimeDirectoryMode=0710 + +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target +EOF + + +# enable electrs service +systemctl restart tor +sleep 4 +systemctl enable electrs.service +systemctl start electrs.service + +# install node +echo " +$MESSAGE_PREFIX installing nodejs +" +apt-get install curl software-properties-common -y +curl -sL https://deb.nodesource.com/setup_14.x | sudo bash - +apt-get install nodejs -y + +# get esplora & set electrs api url +sudo -u standup git clone https://github.com/Blockstream/esplora "$ESPLORA_REPO" +cd "$ESPLORA_REPO" +echo " +$MESSAGE_PREFIX running npm install +" +sudo -u standup npm install +# echo " +# $MESSAGE_PREFIX running install npx +# " +# sudo -u standup npm install npx +echo " +$MESSAGE_PREFIX running npm audit fix +" +sudo -u standup npm audit fix +# echo " +# $MESSAGE_PREFIX running npx browserslist --update-db +# " +# sudo -u standup npx browserslist --update-db +export API_URL=http://localhost:3000/ +export SITE_TITLE="Standup Block Explorer" +export SITE_DESC="Standup Block Explorer" + +# setup HiddenService +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/esplora\/\ +HiddenServiceVersion 3\ +HiddenServicePort 80 127.0.0.1:5000/g' /etc/tor/torrc + +sed -i -e 's/HiddenServicePort 80 127.0.0.1:5000/HiddenServicePort 80 127.0.0.1:5000\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/esplora_noscript\/\ +HiddenServiceVersion 3\ +HiddenServicePort 80 127.0.0.1:5001/g' /etc/tor/torrc + + +# restart tor +systemctl restart tor +sleep 4 + +ESPLORA_HS="$(cat /var/lib/tor/standup/esplora/hostname)" +ESPLORA_NS_HS="$(cat /var/lib/tor/standup/esplora_noscript/hostname)" + +cat >> ~standup/scripts/ss_start-esplora.sh << EOF +#!/bin/bash + +cd $ESPLORA_REPO +echo " +Esplora server is starting and will be available at: http://$CORS:5000 +Esplora onion address is: +****************************************************************** +$ESPLORA_HS +****************************************************************** +" +npm run dist +EOF + +chmod +x ~standup/scripts/ss_start-esplora.sh + +cat >> ~standup/scripts/ss_start-esplora_noscript.sh << EOF +#!/bin/bash + + +cd $ESPLORA_REPO +export STATIC_ROOT="http://localhost:5000/" # for loading CSS, images and fonts +export NOSCRIPT_REDIR="http://localhost:5001/" +export NOSCRIPT_REDIR_BASE="http://localhost:5001/" + +echo " +Prerendered server is starting & will be available at: http://localhost:5001/ +Onion address for prerendered server is: +****************************************************************** +$ESPLORA_NS_HS +****************************************************************** +" +npm run prerender-server +EOF + +chmod +x ~standup/scripts/ss_start-esplora_noscript.sh + +echo " +---------------------------------------------------------------- +$MESSAGE_PREFIX Esplora has been setup with Electrs in $ELECTRS_SETUP +---------------------------------------------------------------- + +* Electrs is: $(systemctl status electrs | grep active | awk '{print $2}') + +* To start Esplora, run 'ss_start-esplora.sh' located at '/home/standup/scripts' directory. + +* If you want to run server with pre-rendered assets for NoScript compatibility then run 'ss_start-esplora_noscript.sh'. + +For further information checkout documentation: + +Electrs: https://github.com/Blockstream/electrs +Esplora: https://github.com/Blockstream/esplora +" diff --git a/Scripts/scripts/ss_08_btcpayserver.sh b/Scripts/scripts/ss_08_btcpayserver.sh new file mode 100644 index 0000000..119b794 --- /dev/null +++ b/Scripts/scripts/ss_08_btcpayserver.sh @@ -0,0 +1,100 @@ +#!/bin/bash + +# standup - install btcpayserver + +echo " +---------------- + $MESSAGE_PREFIX Installing BTCPay Server +---------------- +" + +if "$BTCPAYSERVER" && [[ -z "$BTCPAY_HOST" ]] || [[ "$BTCPAY_HOST" == "__UNDEFINED__" ]]; then + echo "You provided the '--btcpay' flag but didn't provide --btcpay-host" + while [ -z "$BTCPAY_HOST" ]; do + read -rp "Enter domain name where you will host BTCPay Server: " BTCPAY_HOST + done +fi + +if "$BTCPAYSERVER" && [[ -z "$BTCPAY_LN" ]] || [[ "$BTCPAY_LN" == "__UNDEFINED__" ]]; then + echo "You provided the '--btcpay' flag but didn't provide --btcpay-ln" + while [ -z "$BTCPAY_HOST" ]; do + read -rp "Enter lightning network implementation for BTCPay Server: " BTCPAY_LN + done +fi + +# install dependencies +# .NET Core SDK 3.1 +# echo " +# $MESSAGE_PREFIX installing .NET Core SDK 3.1 .. this will take a while! +# " +sudo -u standup wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O ~standup/packages-microsoft-prod.deb +dpkg -i ~standup/packages-microsoft-prod.deb +apt-get update +apt-get install -y dotnet-sdk-3.1 + +# opt out of .NET telemetry +export DOTNET_CLI_TELEMETRY_OPTOUT=1 + +# get btcpay server +echo " +$MESSAGE_PREFIX getting btcpayserver-docker +" +sudo -u standup mkdir btcpayserver +sudo -u standup git clone https://github.com/btcpayserver/btcpayserver-docker ~standup/btcpayserver/btcpayserver-docker +cd ~standup/btcpayserver/btcpayserver-docker + +# set env variables +export BTCPAY_HOST="$BTCPAY_HOST" +export NBITCOIN_NETWORK="$NETWORK" +export BTCPAYGEN_CRYPTO1="btc" +export BTCPAYGEN_REVERSEPROXY="nginx" +export BTCPAYGEN_LIGHTNING="$BTCPAY_LN" +export BTCPAY_ENABLE_SSH=true + +# install +echo " +$MESSAGE_PREFIX installing btcpayserver +" +. ./btcpay-setup.sh -i + +# shut the container +echo " +$MESSAGE_PREFIX shutting down btcpayserver to link existing bitcoin data dir +" +. ./btcpay-down.sh +# # stop bitcoind +# systemctl stop bitcoind +# sleep 10 + +# delete _data & create symbolic link to host's bitcoin data +echo " +$MESSAGE_PREFIX removing btcpayserver bitcoin data dir +" +rm -r /var/lib/docker/volumes/generated_bitcoin_datadir/_data +echo " +$MESSAGE_PREFIX creating symlink between host bitcoind data dir and btcpayserver bitcoin data dir +" +ln -s $FULL_BTC_DATA_DIR /var/lib/docker/volumes/generated_bitcoin_datadir/_data + +# start btcpay server +echo " +$MESSAGE_PREFIX starting bitcoind & BTCPayserver +" +# systemctl start bitcoind +# sleep 30 +. ./btcpay-up.sh + +BTCPAY_ONION_ADD=$(sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname) +echo " +Your BTCPay Server Tor address is: +****************************************************************** +$BTCPAY_ONION_ADD +****************************************************************** +" +echo " +For further information on btcpay server, go to: +Docs: https://docs.btcpayserver.org +Chat: https://chat.btcpayserver.org +" +# back to scripts dir +cd "$SCRIPTS_DIR"