From 88312c65b5a8c077160a81a12ee3fbd8dbfcd214 Mon Sep 17 00:00:00 2001 From: jodobear Date: Sun, 5 Jul 2020 04:28:41 +0200 Subject: [PATCH 01/16] added merged standup script --- Scripts/ss.sh | 930 ++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 930 insertions(+) create mode 100644 Scripts/ss.sh diff --git a/Scripts/ss.sh b/Scripts/ss.sh new file mode 100644 index 0000000..8847e6c --- /dev/null +++ b/Scripts/ss.sh @@ -0,0 +1,930 @@ +#!/bin/bash + +# standup.sh + +set +x + +# If script not sourced, stop here +if [[ "$0" = "$BASH_SOURCE" ]]; then + echo "This script must be sourced like so: \"source standup.sh\"" + return +fi + +# define help +function help () { +cat <<-END +-------------------------------------- +Install StandUp Script on this server. +-------------------------------------- + +standup.sh + +Blockchain Commons Standup Script +Contributor: jodobear 20-07-03 + +DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, +ideally you should use this as a watch-only wallet. This script is expiramental +and has not been widely tested. The creators are not responsible for loss of +funds. If you are not familiar with running a node or how Bitcoin works then we +urge you to use this in testnet so that you can use it as a learning tool. + +TL;DR: +------ + +1. Using cli arguments: +----------------------- +$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip + +This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even the installation data requirements). It willadd the passed SSH Key to authorized hosts and add the comma separated list of IPs to the whitelist. + +2. Exporting environment variables: +----------------------------------- +$ export NOPROMPT=true +$ export USERPASSOWRD=password +$ export NETWORK=testnet +$ export LIGHTNING=lnd +$ source ./ss.sh + +This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. + + + +This script can be installed on any Debian based system. By default this script will: + +* Update the OS +* Set Automatic Updates On +* Create User: standup +* Install UFW +* Install Tor +* Install Bitcoin Core +* Install HWI +* Install c-lightning +* Setup Bitcoin Core, Lightning settings +* Make sure they start at reboot via upstart or systemd +* Start Bitcoin Core, Lightning + +Optionally you can install: +--------------------------- +* Install LND instead of c-lightning +* Install Esplora +* Install BTCPay + +You can run this script again if you desire to change your configuration. + +Upon completion of the script their will be a QR code saved to /qrcode.png which +you can open and scan. You can use "$ sudo apt-get install fim" then: +"$ fim -a qrcode.png" to display the QR in a terminal (as root). + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that +even if your QR code is compromised an attacker would not be able to access your +node. It is also recommended to delete the /qrcode.png, /standup.log, and +/standup.err files. + +-------------------------------------- +| Usage | +-------------------------------------- + +0. Prerequisites +---------------- + +In order to run this script you need to be logged in as root, and enter in the commands listed below: + +- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. +- Data fields enclosed in <> are to be filled by you with appropriate values. + +1. Give the root user a password, enter the following command and set a password: +$ sudo passwd + +2. Switch to the root user: +$ su - root + +3. Source the script: +# source standup.sh + +NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: +#export = + +You can use the following optional arguments: + + -h --help : Display this help. + -y : Install without prompting for confirming the setup + + Setup: + ------ + --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. + --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. + -v --vps : Pass when installing on a VPS. + --userpassword : Password for the standup non-privileged account. + + VPS: + ---- + -F --fqdn : Fully Qualified Hostname + -H --hostname : Hostname of your server + -R --region : Server's timezone location + + Bitcoin: + -------- + -f --fastsync : Enables fast synchronization of blockchain*. + -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". + --no-hwi : Do NOT install HWI. + -p --prune : Install a prune node; integer value > 550. + + Lightning: + ---------- + -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". + + Services: + --------- + --btcpay : Installs BTCPay Server. + --esplora : Installs Esplora. + + Tor: + ---- + -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" + + SSH: + ---- + --ssh-key : key for automated SSH logins to standup non-privileged account. + --sys-ssh-ip : Comma separated list of IPs that can use SSH. + +*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. + +2. Environment Variables: +------------------------- + + # system + -------- + NOPROMPT=true/false, set it to install the setup without prompting for confirmation. + # START=true/false, start bitcoind & lightning after installation. Default: true. + STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. + SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. + VPS=true/false, set it to true if setting up on a VPS. Default: false. + USERPASSWORD="", set password for user standup. Default: empty. + + #vps + ---- + FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com + HOSTNAME="", enter your hostname. Example: my-awesome-node. + REGION="", enter your server's timezone location. Example Asia/Singapore. + + # bitcoind + ---------- + NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". + PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). + FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. + HWI=true/false, Choose to install HWI. Default: true. + + # lightning + ----------- + LIGHTNING="c-lightning"/"lnd", choose lightning network implementation. Default: "c-lightning". + + # services + ---------- + ESPLORA=true/false, Choose to install Esplora. Default: false. + BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. + # Tor + TOR_PUBKEY="" Tor Public Key. Default: empty. + + # ssh + SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. + SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. + +---------------- + +END +} + +#### +# Environment Variables +#### + +# system +NOPROMPT=false +STARTUP_REGISTER=true +SYSTEMD_RELOAD=true +VPS=false +USERPASSWORD="" + +# vps +FQDN="" +HOSTNAME="" +REGION="" + +# bitcoind +NETWORK="mainnet" +PRUNE="" +FASTSYNC=false +HWI=true + +# lightning +LIGHTNING="c-lightning" + +# services +ESPLORA=false +BTCPAYSERVER=false + +# Tor +TOR_PUBKEY="" + +# ssh +SSH_KEY="" +SYS_SSH_IP="" + + +#### +# 0. Force check for root +#### + +# if you are not logged in as root then the script will not execute +echo " +----------------" +echo "$0 - Checking if logged in as root." +echo "----------------" +if ! [ "$(id -u)" = 0 ] +then + echo "$0 - You need to be logged in as root!" + return +fi + +echo "$0 - Logged in as root. Continuing with installation." +echo "---------------- +" +# Output stdout and stderr to ~root files +exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) + + +#### +# Parsing Arguments +#### +PARAMS="" + +while (( "$#" )) +do +key="$1" + case $key in + -h|--help) + help + return + ;; + -y) + NOPROMPT=true + shift 1 + ;; + --no-startup-register) + STARTUP_REGISTER=false + shift 1 + ;; + --no-systemd-reload) + SYSTEMD_RELOAD=false + shift 1 + ;; + --vps) + VPS=true + shift 1 + ;; + --userpassword) + USERPASSWORD="$2" + shift 1 + shift 1 + ;; + -F|--fqdn) + FQDN="$2" + shift 1 + shift 1 + ;; + -H|--hostname) + HOSTNAME=$2 + shift 1 + shift 1 + ;; + -R|--region) + REGION=$2 + shift 1 + shift 1 + ;; + -n|--network) + if [ ${2:0:1} == "-" ] + then + echo "Network flag passed without value. Installing default network: mainnet." + shift 1 + elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] + then + NETWORK="$2" + else + echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" + return + fi + shift 1 + shift 1 + ;; + -p|--prune) + if [ ${2:0:1} == "-" ] + then + echo "Prune flag passed without value. Installing default: unpruned node." + shift 1 + elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] + then + PRUNE="$2" + else + echo "ERROR: Minimum prune value is 550. Passed $2" + return + fi + shift 1 + shift 1 + ;; + --fastsync) + FASTSYNC=true + shift 1 + ;; + --no-hwi) + HWI=false + shift 1 + ;; + -l|--lightning) + if [ ${2:0:1} == "-" ] + then + echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" + shift 1 + elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] + then + LIGHTNING="$2" + else + echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" + return + fi + shift 1 + shift 1 + ;; + --esplora) + ESPLORA=true + shift 1 + ;; + --btcpay) + BTCPAYSERVER=true + shift 1 + ;; + -t|--tor-pubkey) + TOR_PUBKEY="$2" + shift 1 + shift 1 + ;; + --ssh-key) + SSH_KEY="$2" + shift 1 + shift 1 + ;; + --sys-ssh-ip) + SYS_SSH_IP="$2" + shift 1 + shift 1 + ;; + --) # end argument parsing + shift 1 + break + ;; + -*|--*=) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + help + return + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift 1 + ;; + esac +done +set -- "$PARAMS" # set positional parameters in order + +echo " +---------SETUP--------- +Parameters Passed: + +System +------ +NOPROMPT..........: $NOPROMPT +STARTUP_REGISTER..: $STARTUP_REGISTER +SYSTEMD_RELOAD....: $SYSTEMD_RELOAD +VPS...............: $VPS +USERPASSWORD......: $USERPASSWORD + +VPS +--- +FQDN......: $FQDN +HOSTNAME..: $HOSTNAME +REGION....: $REGION + +Bitcoin: +-------- +NETWORK...: $NETWORK +PRUNE.....: $PRUNE +FASTSYNC..: $FASTSYNC +HWI.......: $HWI + +Lightning: +---------- +LIGHTNING..: $LIGHTNING + +Services: +--------- +ESPLORA.......: $ESPLORA +BTCPAYSERVER..: $BTCPAYSERVER + +Tor & SSH: +---------- +TOR_PUBKEY..: $TOR_PUBKEY +SSH_KEY.....: $SSH_KEY +SYS_SSH_IP..: $SYS_SSH_IP +" + +# prompt user before continuing with installation +if ! "$NOPROMPT" +then + read -p "Continue with installation? (Y/n): " confirm +fi + +if [[ "$confirm" != [yY] ]] +then + echo "Entered $confirm. Exiting.." + return +else + NOPROMPT=true + echo "Installing Bitcoin!" +fi + + + +#### +# 1. Update Hostname and set timezone +#### + + +echo " +----------------" +echo "HOSTNAME: $HOSTNAME" > /etc/hostname +echo "----------------" +/bin/hostname $HOSTNAME + +IPADDR="" +REGION="" + +if $VPS +then + # Set the variable $IPADDR to the IP address the new Linode receives. + IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') + + echo "$0 - Set hostname as $FQDN ($IPADDR)" + echo " + ***********************" + echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." + echo "*********************** + " + echo "$0 - Set Time Zone to $REGION" + echo $REGION > /etc/timezone + cp /usr/share/zoneinfo/${REGION} /etc/localtime + + echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." +fi + +# Add localhost aliases + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts + +echo "$0 - Set localhost" + + +#### +# 2. Update Debian, Set autoupdate and Install UFW +#### + +echo " +---------------- +" +echo "$0 - Starting Debian updates; this will take a while!" +echo " +---------------- +" + +# Make sure all packages are up-to-date +apt-get update +apt-get upgrade -y +apt-get dist-upgrade -y + +# Install haveged (a random number generator) + +if [ -z $(which haveged) ] +then + echo " +---------------- + " + echo "$0 - Installing haveged (a random number generator)" + echo " +---------------- + " + apt-get install haveged -y +echo " +---------------- +" +echo "$0 - haveged installed successfully" +echo " +---------------- +" +else + echo " + ----------------haveged already installed" +fi + +# Set system to automatically update +echo " +---------------- +" +echo "$0 - setting system to automatically update" +echo " +---------------- +" +echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections +apt-get -y install unattended-upgrades +echo " +---------------- +" +echo "$0 - Updated Debian Packages" +echo " +---------------- +" +# Get uncomplicated firewall and deny all incoming connections except SSH +if [ -z $(which ufw) ] +then + echo " +---------------- + " + echo "$0 - Installing ufw" + echo " +---------------- + " + apt-get install ufw +fi + +ufw allow ssh +ufw enable + +echo " +---------------- +" +echo "$0 - ufw is installed and enabled." +echo " +---------------- +" + +# Get GPG if not installed to verify signatures + +if [ -z $(which gpg) ] +then + echo " +---------------- + " + echo "$0 - Installing gnupg2" + echo " +---------------- + " + apt-get install gnupg2 -y + echo " +---------------- + " + echo "Gnupg2 not found and installed" + echo " +---------------- + " +fi + +#### +# 3. Create user admin +#### + +if [ -z $(cat /etc/shadow | grep standup) ] && [ -z $(groups standup) ] +then + echo " +---------------- + " + echo "Creating user standup" + echo " +---------------- + " + # Create "standup" user with optional password and give them sudo capability + /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup + /usr/sbin/adduser standup sudo + + echo " +---------------- + " + echo "$0 - User standup created with sudo access." + echo " +---------------- + " +else + echo "----------------" + echo "User standup already exists." + echo "----------------" +fi + +# Setup SSH Key if the user added one as an argument +if [ -n "$SSH_KEY" ] +then + mkdir ~standup/.ssh + echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys + chown -R standup ~standup/.ssh + echo " +---------------- + " + echo "$0 - Added .ssh key to standup." + echo " +---------------- + " +fi + +# Setup SSH allowed IP's if the user added any as an argument +if [ -n "$SYS_SSH_IP" ] +then + echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow + echo "sshd: ALL" >> /etc/hosts.deny + echo " +---------------- + " + echo "$0 - Limited SSH access." + echo " +---------------- + " +else + echo " + **************** + " + echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" + echo " + **************** + " +fi + + +#### +# 4. Install latest stable tor +#### + +# Download tor +echo " +---------------- +" +echo "Installing Tor" +echo " +---------------- +" +# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: +if ! [ -z $(which apt-transport-https) ] +then + apt-get install apt-transport-https +fi + +# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: +DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') + +# You need to add the following entries to /etc/apt/sources.list: +cat >> /etc/apt/sources.list << EOF +deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +EOF + +# Then add the gpg key used to sign the packages by running: +apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 +wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +# Update system, install and run tor as a service +apt-get update +apt-get install tor deb.torproject.org-keyring + +# Setup hidden service +sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc +sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc +sed -i -e 's/## address y:z./## address y:z.\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1309 127.0.0.1:18332\ +HiddenServicePort 1309 127.0.0.1:18443\ +HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc +mkdir /var/lib/tor/standup +chown -R debian-tor:debian-tor /var/lib/tor/standup +chmod 700 /var/lib/tor/standup + +# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind +sudo usermod -a -G debian-tor standup + +# Restart tor to create the HiddenServiceDir +sudo systemctl restart tor.service + + +# add V3 authorized_clients public key if one exists +if ! [ "$TOR_PUBKEY" == "" ] +then + # create the directory manually incase tor.service did not restart quickly enough + mkdir /var/lib/tor/standup/authorized_clients + + # need to assign the owner + chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients + + # Create the file for the pubkey + sudo touch /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Write the pubkey to the file + sudo echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Restart tor for authentication to take effect + sudo systemctl restart tor.service + + echo "$0 - Successfully added Tor V3 authentication" + +else + echo "$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet" +fi + + +#### +# 5. Install Bitcoin +#### + +echo " +---------------- +" +echo "Installing Bitcoin" +echo " +---------------- +" +# Download Bitcoin +echo "$0 - Downloading Bitcoin; this will take a while!" + +# CURRENT BITCOIN RELEASE: +# Change as necessary +export BITCOIN="bitcoin-core-0.20.0" +export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` + +sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +sudo -u standup wget https://bitcoincore.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc + +# Verifying Bitcoin: Signature +echo "$0 - Verifying Bitcoin." + +sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc +export SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` +echo "SHASIG is $SHASIG" + +if [[ $SHASIG ]] +then + echo "$0 - VERIFICATION SUCCESS / SIG: $SHASIG" +else + (>&2 echo "$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify!") +fi + +# Verify Bitcoin: SHA +export TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` + +if [ "$TARSHA256" == "$EXPECTEDSHA256" ] +then + echo "$0 - VERIFICATION SUCCESS / SHA: $TARSHA256" +else + (>&2 echo "$0 - VERIFICATION ERROR: SHA for Bitcoin did not match!") +fi + +# Install Bitcoin +echo "$0 - Installing Bitcoin." + +sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup +/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* +/bin/rm -rf ~standup/$BITCOINPLAIN/ + +# Start Up Bitcoin +echo "$0 - Configuring Bitcoin." + +sudo -u standup /bin/mkdir ~standup/.bitcoin + +# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable +# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune +RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +server=1 +prune=$PRUNE +rpcuser=StandUp +rpcpassword=$RPCPASSWORD +rpcallowip=127.0.0.1 +debug=tor +EOF + +if [ -z "$PRUNE" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + txindex=1 +EOF +fi + +if [ "$NETWORK" == "testnet" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + testnet=1 +EOF + +elif [ "$NETWORK" == "regtest" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + regtest=1 +EOF +fi + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +[test] +rpcbind=127.0.0.1 +rpcport=18332 +[main] +rpcbind=127.0.0.1 +rpcport=8332 +[regtest] +rpcbind=127.0.0.1 +rpcport=18443 +EOF + +/bin/chown standup ~standup/.bitcoin/bitcoin.conf +/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf + +# Setup bitcoind as a service that requires Tor +echo "$0 - Setting up Bitcoin as a systemd service." + +sudo cat > /etc/systemd/system/bitcoind.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments +# in ExecStart= +[Unit] +Description=Bitcoin daemon +After=tor.service +Requires=tor.service +[Service] +ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf +# Process management +#################### +Type=simple +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure +# Directory creation and permissions +#################################### +# Run as bitcoin:bitcoin +User=standup +Group=sudo +# /run/bitcoind +RuntimeDirectory=bitcoind +RuntimeDirectoryMode=0710 +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true +[Install] +WantedBy=multi-user.target +EOF + +echo "$0 - Starting bitcoind service" +sudo systemctl enable bitcoind.service +sudo systemctl start bitcoind.service + +#### +# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display +#### + +# Get the Tor onion address for the QR code +HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) + +# Create the QR string +QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" + +# Display the uri text incase QR code does not work +echo "$0 - **************************************************************************************************************" +echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" +echo $QR +echo "$0 - **************************************************************************************************************" +echo "$0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor" +echo "$0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service" +echo "$0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service" + +# Finished, exit script +exit 0 From 548be9f63c3b103ab6e35ff6e236f1f4ab4a3bcf Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 6 Jul 2020 16:15:34 +0200 Subject: [PATCH 02/16] fixed tor install and installing bitcoin-core via onion site --- Scripts/ss.sh | 116 +++++++++++++++++++++++++++++--------------------- 1 file changed, 67 insertions(+), 49 deletions(-) diff --git a/Scripts/ss.sh b/Scripts/ss.sh index 8847e6c..326c5de 100644 --- a/Scripts/ss.sh +++ b/Scripts/ss.sh @@ -60,7 +60,7 @@ This script can be installed on any Debian based system. By default this script * Install HWI * Install c-lightning * Setup Bitcoin Core, Lightning settings -* Make sure they start at reboot via upstart or systemd +* Make sure they start at reboot via systemd * Start Bitcoin Core, Lightning Optionally you can install: @@ -71,7 +71,7 @@ Optionally you can install: You can run this script again if you desire to change your configuration. -Upon completion of the script their will be a QR code saved to /qrcode.png which +Upon completion of the script there will be a QR code saved to /qrcode.png which you can open and scan. You can use "$ sudo apt-get install fim" then: "$ fim -a qrcode.png" to display the QR in a terminal (as root). @@ -80,9 +80,9 @@ even if your QR code is compromised an attacker would not be able to access your node. It is also recommended to delete the /qrcode.png, /standup.log, and /standup.err files. --------------------------------------- -| Usage | --------------------------------------- + -------------------------------------- +| Usage | + -------------------------------------- 0. Prerequisites ---------------- @@ -303,7 +303,7 @@ key="$1" shift 1 ;; -n|--network) - if [ ${2:0:1} == "-" ] + if [ "${2:0:1}" == "-" ] then echo "Network flag passed without value. Installing default network: mainnet." shift 1 @@ -318,7 +318,7 @@ key="$1" shift 1 ;; -p|--prune) - if [ ${2:0:1} == "-" ] + if [ "${2:0:1}" == "-" ] then echo "Prune flag passed without value. Installing default: unpruned node." shift 1 @@ -341,7 +341,7 @@ key="$1" shift 1 ;; -l|--lightning) - if [ ${2:0:1} == "-" ] + if [ "${2:0:1}" == "-" ] then echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" shift 1 @@ -439,7 +439,7 @@ SYS_SSH_IP..: $SYS_SSH_IP # prompt user before continuing with installation if ! "$NOPROMPT" then - read -p "Continue with installation? (Y/n): " confirm + read -rp "Continue with installation? (Y/n): " confirm fi if [[ "$confirm" != [yY] ]] @@ -462,7 +462,7 @@ echo " ----------------" echo "HOSTNAME: $HOSTNAME" > /etc/hostname echo "----------------" -/bin/hostname $HOSTNAME +/bin/hostname "$HOSTNAME" IPADDR="" REGION="" @@ -512,7 +512,7 @@ apt-get dist-upgrade -y # Install haveged (a random number generator) -if [ -z $(which haveged) ] +if [ -z "$(which haveged)" ] then echo " ---------------- @@ -523,15 +523,11 @@ then " apt-get install haveged -y echo " ----------------- -" -echo "$0 - haveged installed successfully" -echo " ----------------- +----------------$0 - haveged installed successfully " else echo " - ----------------haveged already installed" + ----------------$0 - haveged already installed" fi # Set system to automatically update @@ -545,14 +541,10 @@ echo " echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections apt-get -y install unattended-upgrades echo " ----------------- -" -echo "$0 - Updated Debian Packages" -echo " ----------------- +----------------$0 - Debian Packages updated " # Get uncomplicated firewall and deny all incoming connections except SSH -if [ -z $(which ufw) ] +if [ -z "$(which ufw)" ] then echo " ---------------- @@ -565,19 +557,15 @@ then fi ufw allow ssh -ufw enable +ufw --force enable echo " ----------------- -" -echo "$0 - ufw is installed and enabled." -echo " ----------------- +----------------$0 - ufw is installed and enabled. " # Get GPG if not installed to verify signatures -if [ -z $(which gpg) ] +if [ -z "$(which gpg)" ] then echo " ---------------- @@ -588,11 +576,7 @@ then " apt-get install gnupg2 -y echo " ----------------- - " - echo "Gnupg2 not found and installed" - echo " ----------------- +----------------$0 - Gnupg2 not found and installed " fi @@ -600,7 +584,7 @@ fi # 3. Create user admin #### -if [ -z $(cat /etc/shadow | grep standup) ] && [ -z $(groups standup) ] +if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] then echo " ---------------- @@ -677,9 +661,21 @@ echo " ---------------- " # To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: -if ! [ -z $(which apt-transport-https) ] +if [ -z "$(which apt-transport-https)" ] then - apt-get install apt-transport-https + apt-get install apt-transport-https -y + echo " + --------------apt-transport-https installed + " +fi + +# To download bitcoin using onion site, we need torsocks +if [ -z "$(which torsocks)" ] +then + apt-get install torsocks -y + echo " + --------------torsocks installed + " fi # We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: @@ -691,14 +687,20 @@ deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main EOF +# # hardcoding stretch +# cat >> /etc/apt/sources.list << EOF +# deb https://deb.torproject.org/torproject.org stretch main +# deb-src https://deb.torproject.org/torproject.org stretch main +# EOF + # Then add the gpg key used to sign the packages by running: -apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 +# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import -sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - +gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - # Update system, install and run tor as a service apt-get update -apt-get install tor deb.torproject.org-keyring +apt-get install tor deb.torproject.org-keyring -y # Setup hidden service sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc @@ -715,12 +717,15 @@ chown -R debian-tor:debian-tor /var/lib/tor/standup chmod 700 /var/lib/tor/standup # Add standup to the tor group so that the tor authentication cookie can be read by bitcoind -sudo usermod -a -G debian-tor standup +usermod -a -G debian-tor standup # Restart tor to create the HiddenServiceDir -sudo systemctl restart tor.service +systemctl restart tor.service +echo " +--------------$0 - Tor installed and successfully started" + # add V3 authorized_clients public key if one exists if ! [ "$TOR_PUBKEY" == "" ] then @@ -731,13 +736,13 @@ then chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients # Create the file for the pubkey - sudo touch /var/lib/tor/standup/authorized_clients/fullynoded.auth + touch /var/lib/tor/standup/authorized_clients/fullynoded.auth # Write the pubkey to the file - sudo echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth + echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth # Restart tor for authentication to take effect - sudo systemctl restart tor.service + systemctl restart tor.service echo "$0 - Successfully added Tor V3 authentication" @@ -765,9 +770,22 @@ echo "$0 - Downloading Bitcoin; this will take a while!" export BITCOIN="bitcoin-core-0.20.0" export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` -sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -sudo -u standup wget https://bitcoincore.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +# # get bitcoin tar.gz, shasums and signing keys +# clearnet +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc + +# tor +# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz + +# get shasums: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/SHA256SUMS.asc +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc ~standup/SHA256SUMS.asc + +sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +# 404 +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc # Verifying Bitcoin: Signature echo "$0 - Verifying Bitcoin." From bbe53d40d32caa3bff6dca0c1625497ad8bd9f80 Mon Sep 17 00:00:00 2001 From: jodobear Date: Tue, 7 Jul 2020 01:08:42 +0200 Subject: [PATCH 03/16] fully functioning installation of bitcoin-core via onion site --- Scripts/ss.sh | 306 +++++++++++++++++++++++++++++++++++++------------- 1 file changed, 229 insertions(+), 77 deletions(-) diff --git a/Scripts/ss.sh b/Scripts/ss.sh index 326c5de..a6c3527 100644 --- a/Scripts/ss.sh +++ b/Scripts/ss.sh @@ -7,7 +7,7 @@ set +x # If script not sourced, stop here if [[ "$0" = "$BASH_SOURCE" ]]; then echo "This script must be sourced like so: \"source standup.sh\"" - return + return 1 fi # define help @@ -35,7 +35,7 @@ TL;DR: ----------------------- $ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip -This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even the installation data requirements). It willadd the passed SSH Key to authorized hosts and add the comma separated list of IPs to the whitelist. +This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. 2. Exporting environment variables: ----------------------------------- @@ -111,8 +111,8 @@ You can use the following optional arguments: Setup: ------ - --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. - --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. + # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. + # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. -v --vps : Pass when installing on a VPS. --userpassword : Password for the standup non-privileged account. @@ -156,8 +156,8 @@ You can use the following optional arguments: -------- NOPROMPT=true/false, set it to install the setup without prompting for confirmation. # START=true/false, start bitcoind & lightning after installation. Default: true. - STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. - SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. + # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. + # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. VPS=true/false, set it to true if setting up on a VPS. Default: false. USERPASSWORD="", set password for user standup. Default: empty. @@ -200,8 +200,8 @@ END # system NOPROMPT=false -STARTUP_REGISTER=true -SYSTEMD_RELOAD=true +# STARTUP_REGISTER=true +# SYSTEMD_RELOAD=true VPS=false USERPASSWORD="" @@ -243,7 +243,7 @@ echo "----------------" if ! [ "$(id -u)" = 0 ] then echo "$0 - You need to be logged in as root!" - return + return 2 fi echo "$0 - Logged in as root. Continuing with installation." @@ -264,20 +264,20 @@ key="$1" case $key in -h|--help) help - return + return 3 ;; -y) NOPROMPT=true shift 1 ;; - --no-startup-register) - STARTUP_REGISTER=false - shift 1 - ;; - --no-systemd-reload) - SYSTEMD_RELOAD=false - shift 1 - ;; + # --no-startup-register) + # STARTUP_REGISTER=false + # shift 1 + # ;; + # --no-systemd-reload) + # SYSTEMD_RELOAD=false + # shift 1 + # ;; --vps) VPS=true shift 1 @@ -312,7 +312,7 @@ key="$1" NETWORK="$2" else echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" - return + return 4 fi shift 1 shift 1 @@ -327,7 +327,7 @@ key="$1" PRUNE="$2" else echo "ERROR: Minimum prune value is 550. Passed $2" - return + return 5 fi shift 1 shift 1 @@ -350,7 +350,7 @@ key="$1" LIGHTNING="$2" else echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" - return + return 6 fi shift 1 shift 1 @@ -385,7 +385,7 @@ key="$1" -*|--*=) # unsupported flags echo "Error: Unsupported flag $1" >&2 help - return + return 7 ;; *) # preserve positional arguments PARAMS="$PARAMS $1" @@ -436,6 +436,36 @@ SSH_KEY.....: $SSH_KEY SYS_SSH_IP..: $SYS_SSH_IP " +# source /home/vagrant/ss.sh -p 1000 -n testnet --no-hwi + +# Check for FQDN & HOSTNAME if --vps +if "$VPS" && [[ -z "$HOSTNAME" ]] +then + echo "You provided the '--vps' flag but didn't provide --fqdn" + while [ -z "$HOSTNAME" ] + do + read -rp "You need to enter hostname of the server: " HOSTNAME + done +fi + +if "$VPS" && [[ -z "$FQDN" ]] +then + echo "You provided the '--vps' flag but didn't provide --fqdn." + while [ -z "$FQDN" ] + do + read -rp "You need to enter the fqdn of the server: " FQDN + done +fi + +if "$VPS" && [[ -z "$REGION" ]] +then + echo "You provided the '--vps' flag but didn't provide --region." + while [ -z "$REGION" ] + do + read -rp "You need to enter the region of the server to set the timezone: " REGION + done +fi + # prompt user before continuing with installation if ! "$NOPROMPT" then @@ -445,30 +475,29 @@ fi if [[ "$confirm" != [yY] ]] then echo "Entered $confirm. Exiting.." - return + return 8 else NOPROMPT=true echo "Installing Bitcoin!" fi - #### # 1. Update Hostname and set timezone #### - -echo " -----------------" -echo "HOSTNAME: $HOSTNAME" > /etc/hostname -echo "----------------" -/bin/hostname "$HOSTNAME" - IPADDR="" REGION="" -if $VPS +if "$VPS" then + + echo " +----------------" + echo "HOSTNAME: $HOSTNAME" > /etc/hostname + echo "----------------" + /bin/hostname "$HOSTNAME" + # Set the variable $IPADDR to the IP address the new Linode receives. IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') @@ -476,21 +505,21 @@ then echo " ***********************" echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." - echo "*********************** + echo " *********************** " echo "$0 - Set Time Zone to $REGION" echo $REGION > /etc/timezone cp /usr/share/zoneinfo/${REGION} /etc/localtime echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." -fi + # Add localhost aliases -# Add localhost aliases + echo "127.0.0.1 localhost" > /etc/hosts + echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts -echo "127.0.0.1 localhost" > /etc/hosts -echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts + echo "$0 - Set localhost" +fi -echo "$0 - Set localhost" #### @@ -695,12 +724,12 @@ EOF # Then add the gpg key used to sign the packages by running: # apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 -wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import -gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - +sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - # Update system, install and run tor as a service -apt-get update -apt-get install tor deb.torproject.org-keyring -y +sudo apt update +sudo apt install tor deb.torproject.org-keyring -y # Setup hidden service sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc @@ -717,14 +746,18 @@ chown -R debian-tor:debian-tor /var/lib/tor/standup chmod 700 /var/lib/tor/standup # Add standup to the tor group so that the tor authentication cookie can be read by bitcoind -usermod -a -G debian-tor standup +sudo usermod -a -G debian-tor standup # Restart tor to create the HiddenServiceDir -systemctl restart tor.service +sudo systemctl restart tor.service +if [ "$(systemctl is-active tor) | grep active" ] +then echo " ---------------$0 - Tor installed and successfully started" +--------------$0 - Tor installed and successfully started +" +fi # add V3 authorized_clients public key if one exists if ! [ "$TOR_PUBKEY" == "" ] @@ -742,28 +775,33 @@ then echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth # Restart tor for authentication to take effect - systemctl restart tor.service + sudo systemctl restart tor.service - echo "$0 - Successfully added Tor V3 authentication" + echo " + ---------$0 - Successfully added Tor V3 authentication + " else - echo "$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet" + echo " + ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet + " fi +# sleep 4 seconds +sleep 4 + + #### # 5. Install Bitcoin #### echo " ----------------- -" +----------------" echo "Installing Bitcoin" -echo " ----------------- +echo "---------------- " # Download Bitcoin -echo "$0 - Downloading Bitcoin; this will take a while!" # CURRENT BITCOIN RELEASE: # Change as necessary @@ -778,27 +816,67 @@ export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` # tor # tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz + +if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] +then + echo " + ----------- + Downloading $BITCOIN, this will take a while! +----------- +" sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +fi # get shasums: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/SHA256SUMS.asc -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc ~standup/SHA256SUMS.asc +if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] +then + echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ + " + echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN +# " +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +else + return 100 +fi + +if [[ -f ~standup/SHA256SUMS.asc ]] +then + echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" +fi + +if ! [[ -f ~standup/laanwj-releases.asc ]] +then + echo "-----$0 - downloading laanwj-release signature" sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +fi + # 404 -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc +# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc # Verifying Bitcoin: Signature -echo "$0 - Verifying Bitcoin." +echo " +----------------- +$0 - Verifying Bitcoin. +----------------- +" sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc export SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo "SHASIG is $SHASIG" +echo " +---------SHASIG is $SHASIG +" if [[ $SHASIG ]] then - echo "$0 - VERIFICATION SUCCESS / SIG: $SHASIG" + echo " + ------$0 - VERIFICATION SUCCESS / SIG: $SHASIG + " else - (>&2 echo "$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify!") + (>&2 echo " + ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! + ") + # return 101 fi # Verify Bitcoin: SHA @@ -807,20 +885,32 @@ export EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-l if [ "$TARSHA256" == "$EXPECTEDSHA256" ] then - echo "$0 - VERIFICATION SUCCESS / SHA: $TARSHA256" + echo " + ------$0 - VERIFICATION SUCCESS / SHA: $TARSHA256 + " else - (>&2 echo "$0 - VERIFICATION ERROR: SHA for Bitcoin did not match!") + (>&2 echo " + -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! + ") + # return 102 fi # Install Bitcoin -echo "$0 - Installing Bitcoin." +echo "--------------" +echo " +$0 - Installing Bitcoin. +" +echo "-------------- +" sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup /usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* /bin/rm -rf ~standup/$BITCOINPLAIN/ # Start Up Bitcoin -echo "$0 - Configuring Bitcoin." +echo " +------$0 - Configuring Bitcoin. +" sudo -u standup /bin/mkdir ~standup/.bitcoin @@ -873,7 +963,9 @@ EOF /bin/chmod 600 ~standup/.bitcoin/bitcoin.conf # Setup bitcoind as a service that requires Tor -echo "$0 - Setting up Bitcoin as a systemd service." +echo " +-------$0 - Setting up Bitcoin as a systemd service. +" sudo cat > /etc/systemd/system/bitcoind.service << EOF # It is not recommended to modify this file in-place, because it will @@ -921,28 +1013,88 @@ MemoryDenyWriteExecute=true WantedBy=multi-user.target EOF -echo "$0 - Starting bitcoind service" +echo " +-------$0 - Starting bitcoind service +" sudo systemctl enable bitcoind.service sudo systemctl start bitcoind.service #### # 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display #### +if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] +then + # Get the Tor onion address for the QR code + HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) + + # Create the QR string + QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" + + # Display the uri text incase QR code does not work + echo "$0 - **************************************************************************************************************" + echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" + echo $QR + echo "$0 - **************************************************************************************************************" + echo " + $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor + " + echo " + $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service + " + echo " + $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service + " +else + echo " + ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. + " +fi + + + + +#### +# Lightning +#### + + + +#### +# RESETTING Environment Variables +#### -# Get the Tor onion address for the QR code -HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) +# system +NOPROMPT=false +STARTUP_REGISTER=true +SYSTEMD_RELOAD=true +VPS=false +USERPASSWORD="" -# Create the QR string -QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" +# vps +FQDN="" +HOSTNAME="" +REGION="" + +# bitcoind +NETWORK="mainnet" +PRUNE="" +FASTSYNC=false +HWI=true + +# lightning +LIGHTNING="c-lightning" + +# services +ESPLORA=false +BTCPAYSERVER=false + +# Tor +TOR_PUBKEY="" + +# ssh +SSH_KEY="" +SYS_SSH_IP="" -# Display the uri text incase QR code does not work -echo "$0 - **************************************************************************************************************" -echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" -echo $QR -echo "$0 - **************************************************************************************************************" -echo "$0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor" -echo "$0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service" -echo "$0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service" # Finished, exit script exit 0 From d20f86a531860a201cd9e5b3afe9f9f7c4e15c5b Mon Sep 17 00:00:00 2001 From: jodobear Date: Tue, 7 Jul 2020 15:05:05 +0200 Subject: [PATCH 04/16] divided the script into logical parts for better management of code --- Scripts/logically_divided_scripts/ss.sh | 359 ++++++++++++++++++ .../logically_divided_scripts/ss_bitcoin.sh | 261 +++++++++++++ .../ss_dependencies.sh | 72 ++++ Scripts/logically_divided_scripts/ss_help.sh | 193 ++++++++++ Scripts/logically_divided_scripts/ss_tor.sh | 113 ++++++ .../logically_divided_scripts/ss_user_ssh.sh | 66 ++++ Scripts/logically_divided_scripts/ss_vps.sh | 77 ++++ 7 files changed, 1141 insertions(+) create mode 100644 Scripts/logically_divided_scripts/ss.sh create mode 100644 Scripts/logically_divided_scripts/ss_bitcoin.sh create mode 100644 Scripts/logically_divided_scripts/ss_dependencies.sh create mode 100644 Scripts/logically_divided_scripts/ss_help.sh create mode 100644 Scripts/logically_divided_scripts/ss_tor.sh create mode 100644 Scripts/logically_divided_scripts/ss_user_ssh.sh create mode 100644 Scripts/logically_divided_scripts/ss_vps.sh diff --git a/Scripts/logically_divided_scripts/ss.sh b/Scripts/logically_divided_scripts/ss.sh new file mode 100644 index 0000000..e2a5a90 --- /dev/null +++ b/Scripts/logically_divided_scripts/ss.sh @@ -0,0 +1,359 @@ +#!/bin/bash + +# standup.sh + +set +x + +# If script not sourced, stop here +if [[ "$0" = "$BASH_SOURCE" ]]; then + echo "This script must be sourced like so: \"source standup.sh\"" + return 1 +fi + +#### +# Environment Variables +#### + +# system +NOPROMPT=false +# STARTUP_REGISTER=true +# SYSTEMD_RELOAD=true +VPS=false +USERPASSWORD="" + +# vps +FQDN="" +HOSTNAME="" +REGION="" + +# bitcoind +NETWORK="mainnet" +PRUNE="" +FASTSYNC=false +HWI=true + +# lightning +LIGHTNING="c-lightning" + +# services +ESPLORA=false +BTCPAYSERVER=false + +# Tor +TOR_PUBKEY="" + +# ssh +SSH_KEY="" +SYS_SSH_IP="" + + + +#### +# Parsing Arguments +#### +PARAMS="" + +while (( "$#" )) +do +key="$1" + case $key in + -h|--help) + source ./ss_help.sh + return 3 + ;; + -y) + NOPROMPT=true + shift 1 + ;; + # --no-startup-register) + # STARTUP_REGISTER=false + # shift 1 + # ;; + # --no-systemd-reload) + # SYSTEMD_RELOAD=false + # shift 1 + # ;; + --vps) + VPS=true + shift 1 + ;; + --userpassword) + USERPASSWORD="$2" + shift 1 + shift 1 + ;; + -F|--fqdn) + FQDN="$2" + shift 1 + shift 1 + ;; + -H|--hostname) + HOSTNAME=$2 + shift 1 + shift 1 + ;; + -R|--region) + REGION=$2 + shift 1 + shift 1 + ;; + -n|--network) + if [ "${2:0:1}" == "-" ] + then + echo "Network flag passed without value. Installing default network: mainnet." + shift 1 + elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] + then + NETWORK="$2" + else + echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" + return 4 + fi + shift 1 + shift 1 + ;; + -p|--prune) + if [ "${2:0:1}" == "-" ] + then + echo "Prune flag passed without value. Installing default: unpruned node." + shift 1 + elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] + then + PRUNE="$2" + else + echo "ERROR: Minimum prune value is 550. Passed $2" + return 5 + fi + shift 1 + shift 1 + ;; + --fastsync) + FASTSYNC=true + shift 1 + ;; + --no-hwi) + HWI=false + shift 1 + ;; + -l|--lightning) + if [ "${2:0:1}" == "-" ] + then + echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" + shift 1 + elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] + then + LIGHTNING="$2" + else + echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" + return 6 + fi + shift 1 + shift 1 + ;; + --esplora) + ESPLORA=true + shift 1 + ;; + --btcpay) + BTCPAYSERVER=true + shift 1 + ;; + -t|--tor-pubkey) + TOR_PUBKEY="$2" + shift 1 + shift 1 + ;; + --ssh-key) + SSH_KEY="$2" + shift 1 + shift 1 + ;; + --sys-ssh-ip) + SYS_SSH_IP="$2" + shift 1 + shift 1 + ;; + --) # end argument parsing + shift 1 + break + ;; + -*|--*=) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + help + return 7 + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift 1 + ;; + esac +done +set -- "$PARAMS" # set positional parameters in order + + +#### +# 0. Force check for root +#### + +# if you are not logged in as root then the script will not execute +echo " +----------------" +echo "$0 - Checking if logged in as root." +echo "----------------" +if ! [ "$(id -u)" = 0 ] +then + echo "$0 - You need to be logged in as root!" + return 2 +fi + +echo "$0 - Logged in as root. Continuing with installation." +echo "---------------- +" +# Output stdout and stderr to ~root files +exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) + + + +echo " +---------SETUP--------- +Parameters Passed: + +System +------ +NOPROMPT..........: $NOPROMPT +STARTUP_REGISTER..: $STARTUP_REGISTER +SYSTEMD_RELOAD....: $SYSTEMD_RELOAD +VPS...............: $VPS +USERPASSWORD......: $USERPASSWORD + +VPS +--- +FQDN......: $FQDN +HOSTNAME..: $HOSTNAME +REGION....: $REGION + +Bitcoin: +-------- +NETWORK...: $NETWORK +PRUNE.....: $PRUNE +FASTSYNC..: $FASTSYNC +HWI.......: $HWI + +Lightning: +---------- +LIGHTNING..: $LIGHTNING + +Services: +--------- +ESPLORA.......: $ESPLORA +BTCPAYSERVER..: $BTCPAYSERVER + +Tor & SSH: +---------- +TOR_PUBKEY..: $TOR_PUBKEY +SSH_KEY.....: $SSH_KEY +SYS_SSH_IP..: $SYS_SSH_IP +" + + +#### +# 1. Update Hostname and set timezone +#### + +if "$VPS" +then + source ./ss_vps.sh +fi + + + +#### +# 2. Update Debian, Set autoupdate and Install Dependencies +#### + +echo " +---------------- +" +echo "$0 - Starting Debian updates; this will take a while!" +echo " +---------------- +" + +# Make sure all packages are up-to-date +apt-get update +apt-get upgrade -y +apt-get dist-upgrade -y + + +# call dependency script +source ./ss_dependencies.sh + + +#### +# 3. Create user admin +#### +# call user and ssh script +source ./ss_user_ssh.sh + + +#### +# 4. Install Tor +#### +# call tor script +source ./ss_tor.sh + +# sleep 4 seconds for tor to restart +sleep 4 + +#### +# 5. Install Bitcoin +#### +# call the bitcoin script +source ./ss_bitcoin.sh + + +#### +# Lightning +#### + + + +#### +# RESET Environment Variables +#### + +# system +NOPROMPT=false +STARTUP_REGISTER=true +SYSTEMD_RELOAD=true +VPS=false +USERPASSWORD="" + +# vps +FQDN="" +HOSTNAME="" +REGION="" + +# bitcoind +NETWORK="mainnet" +PRUNE="" +FASTSYNC=false +HWI=true + +# lightning +LIGHTNING="c-lightning" + +# services +ESPLORA=false +BTCPAYSERVER=false + +# Tor +TOR_PUBKEY="" + +# ssh +SSH_KEY="" +SYS_SSH_IP="" + + +# Finished, exit script +exit 0 diff --git a/Scripts/logically_divided_scripts/ss_bitcoin.sh b/Scripts/logically_divided_scripts/ss_bitcoin.sh new file mode 100644 index 0000000..c1a7e7c --- /dev/null +++ b/Scripts/logically_divided_scripts/ss_bitcoin.sh @@ -0,0 +1,261 @@ +#!/bin/bash + +# standup script - bitcoin installation + +#### +# 5. Install Bitcoin +#### + +echo " +----------------" +echo "Installing Bitcoin" +echo "---------------- +" +# Download Bitcoin + +# CURRENT BITCOIN RELEASE: +# Change as necessary +export BITCOIN="bitcoin-core-0.20.0" +export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` + +# # get bitcoin tar.gz, shasums and signing keys +# clearnet +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc + +# tor +# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz + +if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] +then + echo " + ----------- + Downloading $BITCOIN, this will take a while! +----------- +" +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +fi + +# get shasums: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/SHA256SUMS.asc + +if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] +then + echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ + " + echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN +# " +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +else + return 100 +fi + +if [[ -f ~standup/SHA256SUMS.asc ]] +then + echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" +fi + +if ! [[ -f ~standup/laanwj-releases.asc ]] +then + echo "-----$0 - downloading laanwj-release signature" +sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +fi + +# 404 +# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc + +# Verifying Bitcoin: Signature +echo " +----------------- +$0 - Verifying Bitcoin. +----------------- +" + +sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc +export SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` +echo " +---------SHASIG is $SHASIG +" + +if [[ $SHASIG ]] +then + echo " + ------$0 - VERIFICATION SUCCESS / SIG: $SHASIG + " +else + (>&2 echo " + ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! + ") + # return 101 +fi + +# Verify Bitcoin: SHA +export TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` + +if [ "$TARSHA256" == "$EXPECTEDSHA256" ] +then + echo " + ------$0 - VERIFICATION SUCCESS / SHA: $TARSHA256 + " +else + (>&2 echo " + -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! + ") + # return 102 +fi + +# Install Bitcoin +echo "--------------" +echo " +$0 - Installing Bitcoin. +" +echo "-------------- +" + +sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup +/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* +/bin/rm -rf ~standup/$BITCOINPLAIN/ + +# Start Up Bitcoin +echo " +------$0 - Configuring Bitcoin. +" + +sudo -u standup /bin/mkdir ~standup/.bitcoin + +# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable +# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune +RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +server=1 +prune=$PRUNE +rpcuser=StandUp +rpcpassword=$RPCPASSWORD +rpcallowip=127.0.0.1 +debug=tor +EOF + +if [ -z "$PRUNE" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + txindex=1 +EOF +fi + +if [ "$NETWORK" == "testnet" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + testnet=1 +EOF + +elif [ "$NETWORK" == "regtest" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + regtest=1 +EOF +fi + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +[test] +rpcbind=127.0.0.1 +rpcport=18332 +[main] +rpcbind=127.0.0.1 +rpcport=8332 +[regtest] +rpcbind=127.0.0.1 +rpcport=18443 +EOF + +/bin/chown standup ~standup/.bitcoin/bitcoin.conf +/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf + +# Setup bitcoind as a service that requires Tor +echo " +-------$0 - Setting up Bitcoin as a systemd service. +" + +sudo cat > /etc/systemd/system/bitcoind.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments +# in ExecStart= +[Unit] +Description=Bitcoin daemon +After=tor.service +Requires=tor.service +[Service] +ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf +# Process management +#################### +Type=simple +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure +# Directory creation and permissions +#################################### +# Run as bitcoin:bitcoin +User=standup +Group=sudo +# /run/bitcoind +RuntimeDirectory=bitcoind +RuntimeDirectoryMode=0710 +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true +[Install] +WantedBy=multi-user.target +EOF + +echo " +-------$0 - Starting bitcoind service +" +sudo systemctl enable bitcoind.service +sudo systemctl start bitcoind.service + +#### +# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display +#### +if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] +then + # Get the Tor onion address for the QR code + HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) + + # Create the QR string + QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" + + # Display the uri text incase QR code does not work + echo "$0 - **************************************************************************************************************" + echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" + echo $QR + echo "$0 - **************************************************************************************************************" + echo " + $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor + " + echo " + $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service + " + echo " + $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service + " +else + echo " + ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. + " +fi diff --git a/Scripts/logically_divided_scripts/ss_dependencies.sh b/Scripts/logically_divided_scripts/ss_dependencies.sh new file mode 100644 index 0000000..ea9fdfa --- /dev/null +++ b/Scripts/logically_divided_scripts/ss_dependencies.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# standup script - install dependencies + +# Install haveged (a random number generator) +if [ -z "$(which haveged)" ] +then + echo " +---------------- + " + echo "$0 - Installing haveged (a random number generator)" + echo " +---------------- + " + apt-get install haveged -y +echo " +----------------$0 - haveged installed successfully +" +else + echo " + ----------------$0 - haveged already installed" +fi + +# Set system to automatically update +echo " +---------------- +" +echo "$0 - setting system to automatically update" +echo " +---------------- +" +echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections +apt-get -y install unattended-upgrades +echo " +----------------$0 - Debian Packages updated +" +# Get uncomplicated firewall and deny all incoming connections except SSH +if [ -z "$(which ufw)" ] +then + echo " +---------------- + " + echo "$0 - Installing ufw" + echo " +---------------- + " + apt-get install ufw +fi + +ufw allow ssh +ufw --force enable + +echo " +----------------$0 - ufw is installed and enabled. +" + +# Get GPG if not installed to verify signatures + +if [ -z "$(which gpg)" ] +then + echo " +---------------- + " + echo "$0 - Installing gnupg2" + echo " +---------------- + " + apt-get install gnupg2 -y + echo " +----------------$0 - Gnupg2 not found and installed + " +fi diff --git a/Scripts/logically_divided_scripts/ss_help.sh b/Scripts/logically_divided_scripts/ss_help.sh new file mode 100644 index 0000000..f0788b4 --- /dev/null +++ b/Scripts/logically_divided_scripts/ss_help.sh @@ -0,0 +1,193 @@ +#!/bin/bash + +# standup script help + +# help definition +function help () { +cat <<-END + + +-------------------------------------- +Install StandUp Script on this server. +-------------------------------------- + +standup.sh + +Blockchain Commons Standup Script +Contributor: jodobear 20-07-03 + +DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, +ideally you should use this as a watch-only wallet. This script is expiramental +and has not been widely tested. The creators are not responsible for loss of +funds. If you are not familiar with running a node or how Bitcoin works then we +urge you to use this in testnet so that you can use it as a learning tool. + +TL;DR: +------ + +Enter the 'scripts' directory and source 'ss.sh' to install the node. + +1. Using cli arguments: +----------------------- +$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip + +This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. + +2. Exporting environment variables: +----------------------------------- +$ export NOPROMPT=true +$ export USERPASSOWRD=password +$ export NETWORK=testnet +$ export LIGHTNING=lnd +$ source ./ss.sh + +This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. + + + +This script can be installed on any Debian based system. By default this script will: + +* Update the OS +* Set Automatic Updates On +* Create User: standup +* Install UFW +* Install Tor +* Install Bitcoin Core +* Install HWI +* Install c-lightning +* Setup Bitcoin Core, Lightning settings +* Make sure they start at reboot via systemd +* Start Bitcoin Core, Lightning + +Optionally you can install: +--------------------------- +* Install LND instead of c-lightning +* Install Esplora +* Install BTCPay + +You can run this script again if you desire to change your configuration. + +Upon completion of the script there will be a QR code saved to /qrcode.png which +you can open and scan. You can use "$ sudo apt-get install fim" then: +"$ fim -a qrcode.png" to display the QR in a terminal (as root). + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that +even if your QR code is compromised an attacker would not be able to access your +node. It is also recommended to delete the /qrcode.png, /standup.log, and +/standup.err files. + + -------------------------------------- +| Usage | + -------------------------------------- + +0. Prerequisites +---------------- + +In order to run this script you need to be logged in as root, and enter in the commands listed below: + +- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. +- Data fields enclosed in <> are to be filled by you with appropriate values. + +1. Give the root user a password, enter the following command and set a password: +$ sudo passwd + +2. Switch to the root user: +$ su - root + +3. Source the script: +# source standup.sh + +NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: +#export = + +You can use the following optional arguments: + + -h --help : Display this help. + -y : Install without prompting for confirming the setup + + Setup: + ------ + # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. + # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. + -v --vps : Pass when installing on a VPS. + --userpassword : Password for the standup non-privileged account. + + VPS: + ---- + -F --fqdn : Fully Qualified Hostname + -H --hostname : Hostname of your server + -R --region : Server's timezone location + + Bitcoin: + -------- + -f --fastsync : Enables fast synchronization of blockchain*. + -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". + --no-hwi : Do NOT install HWI. + -p --prune : Install a prune node; integer value > 550. + + Lightning: + ---------- + -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". + + Services: + --------- + --btcpay : Installs BTCPay Server. + --esplora : Installs Esplora. + + Tor: + ---- + -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" + + SSH: + ---- + --ssh-key : key for automated SSH logins to standup non-privileged account. + --sys-ssh-ip : Comma separated list of IPs that can use SSH. + +*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. + +2. Environment Variables: +------------------------- + + # system + -------- + NOPROMPT=true/false, set it to install the setup without prompting for confirmation. + # START=true/false, start bitcoind & lightning after installation. Default: true. + # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. + # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. + VPS=true/false, set it to true if setting up on a VPS. Default: false. + USERPASSWORD="", set password for user standup. Default: empty. + + #vps + ---- + FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com + HOSTNAME="", enter your hostname. Example: my-awesome-node. + REGION="", enter your server's timezone location. Example Asia/Singapore. + + # bitcoind + ---------- + NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". + PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). + FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. + HWI=true/false, Choose to install HWI. Default: true. + + # lightning + ----------- + LIGHTNING="c-lightning"/"lnd", choose lightning network implementation. Default: "c-lightning". + + # services + ---------- + ESPLORA=true/false, Choose to install Esplora. Default: false. + BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. + # Tor + TOR_PUBKEY="" Tor Public Key. Default: empty. + + # ssh + SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. + SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. + +---------------- + +END +} + +help \ No newline at end of file diff --git a/Scripts/logically_divided_scripts/ss_tor.sh b/Scripts/logically_divided_scripts/ss_tor.sh new file mode 100644 index 0000000..657f596 --- /dev/null +++ b/Scripts/logically_divided_scripts/ss_tor.sh @@ -0,0 +1,113 @@ +#!/bin/bash + +# standup script - Tor installation + +#### +# 4. Install latest stable tor +#### + +# Download tor +echo " +---------------- +" +echo "Installing Tor" +echo " +---------------- +" +# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: +if [ -z "$(which apt-transport-https)" ] +then + apt-get install apt-transport-https -y + echo " + --------------apt-transport-https installed + " +fi + +# To download bitcoin using onion site, we need torsocks +if [ -z "$(which torsocks)" ] +then + apt-get install torsocks -y + echo " + --------------torsocks installed + " +fi + +# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: +DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') + +# You need to add the following entries to /etc/apt/sources.list: +cat >> /etc/apt/sources.list << EOF +deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +EOF + +# # hardcoding stretch +# cat >> /etc/apt/sources.list << EOF +# deb https://deb.torproject.org/torproject.org stretch main +# deb-src https://deb.torproject.org/torproject.org stretch main +# EOF + +# Then add the gpg key used to sign the packages by running: +# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 +sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +# Update system, install and run tor as a service +sudo apt update +sudo apt install tor deb.torproject.org-keyring -y + +# Setup hidden service +sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc +sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc +sed -i -e 's/## address y:z./## address y:z.\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1309 127.0.0.1:18332\ +HiddenServicePort 1309 127.0.0.1:18443\ +HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc +mkdir /var/lib/tor/standup +chown -R debian-tor:debian-tor /var/lib/tor/standup +chmod 700 /var/lib/tor/standup + +# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind +sudo usermod -a -G debian-tor standup + +# Restart tor to create the HiddenServiceDir +sudo systemctl restart tor.service + + +if [ "$(systemctl is-active tor) | grep active" ] +then +echo " +--------------$0 - Tor installed and successfully started +" +fi + +# add V3 authorized_clients public key if one exists +if ! [ "$TOR_PUBKEY" == "" ] +then + # create the directory manually incase tor.service did not restart quickly enough + mkdir /var/lib/tor/standup/authorized_clients + + # need to assign the owner + chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients + + # Create the file for the pubkey + touch /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Write the pubkey to the file + echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Restart tor for authentication to take effect + sudo systemctl restart tor.service + + echo " + ---------$0 - Successfully added Tor V3 authentication + " + +else + echo " + ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet + " +fi diff --git a/Scripts/logically_divided_scripts/ss_user_ssh.sh b/Scripts/logically_divided_scripts/ss_user_ssh.sh new file mode 100644 index 0000000..82de368 --- /dev/null +++ b/Scripts/logically_divided_scripts/ss_user_ssh.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# standup script - setup user and ssh access + +if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] +then + echo " +---------------- + " + echo "Creating user standup" + echo " +---------------- + " + # Create "standup" user with optional password and give them sudo capability + /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup + /usr/sbin/adduser standup sudo + + echo " +---------------- + " + echo "$0 - User standup created with sudo access." + echo " +---------------- + " +else + echo "----------------" + echo "User standup already exists." + echo "----------------" +fi + +# Setup SSH Key if the user added one as an argument +if [ -n "$SSH_KEY" ] +then + mkdir ~standup/.ssh + echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys + chown -R standup ~standup/.ssh + echo " +---------------- + " + echo "$0 - Added .ssh key to standup." + echo " +---------------- + " +fi + +# Setup SSH allowed IP's if the user added any as an argument +if [ -n "$SYS_SSH_IP" ] +then + echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow + echo "sshd: ALL" >> /etc/hosts.deny + echo " +---------------- + " + echo "$0 - Limited SSH access." + echo " +---------------- + " +else + echo " + **************** + " + echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" + echo " + **************** + " +fi \ No newline at end of file diff --git a/Scripts/logically_divided_scripts/ss_vps.sh b/Scripts/logically_divided_scripts/ss_vps.sh new file mode 100644 index 0000000..c7387ef --- /dev/null +++ b/Scripts/logically_divided_scripts/ss_vps.sh @@ -0,0 +1,77 @@ +#!/bin/bash + +# standup script - vps hostname settings + +# Check for FQDN & HOSTNAME if --vps +if "$VPS" && [[ -z "$HOSTNAME" ]] +then + echo "You provided the '--vps' flag but didn't provide --fqdn" + while [ -z "$HOSTNAME" ] + do + read -rp "You need to enter hostname of the server: " HOSTNAME + done +fi + +if "$VPS" && [[ -z "$FQDN" ]] +then + echo "You provided the '--vps' flag but didn't provide --fqdn." + while [ -z "$FQDN" ] + do + read -rp "You need to enter the fqdn of the server: " FQDN + done +fi + +if "$VPS" && [[ -z "$REGION" ]] +then + echo "You provided the '--vps' flag but didn't provide --region." + while [ -z "$REGION" ] + do + read -rp "You need to enter the region of the server to set the timezone: " REGION + done +fi + +# prompt user before continuing with installation +if ! "$NOPROMPT" +then + read -rp "Continue with installation? (Y/n): " confirm +fi + +if [[ "$confirm" != [yY] ]] +then + echo "Entered $confirm. Exiting.." + return 8 +else + NOPROMPT=true + echo "Installing Bitcoin!" +fi + +IPADDR="" +REGION="" + + +echo " +----------------" +echo "HOSTNAME: $HOSTNAME" > /etc/hostname +echo "----------------" +/bin/hostname "$HOSTNAME" + +# Set the variable $IPADDR to the IP address the new Linode receives. +IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') + +echo "$0 - Set hostname as $FQDN ($IPADDR)" +echo " + ***********************" +echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." +echo " *********************** +" +echo "$0 - Set Time Zone to $REGION" +echo $REGION > /etc/timezone +cp /usr/share/zoneinfo/${REGION} /etc/localtime + +echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." +# Add localhost aliases + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts + +echo "$0 - Set localhost" \ No newline at end of file From 300ecc561f9d796fdb8cbff6558c69b48e10e4be Mon Sep 17 00:00:00 2001 From: jodobear Date: Tue, 7 Jul 2020 21:52:00 +0200 Subject: [PATCH 05/16] added scripts dir and divided the script into logical parts for better management of code --- Scripts/scripts/ss.sh | 390 +++++++++++++++++++++++++++++ Scripts/scripts/ss_bitcoin.sh | 264 +++++++++++++++++++ Scripts/scripts/ss_dependencies.sh | 49 ++++ Scripts/scripts/ss_help.sh | 196 +++++++++++++++ Scripts/scripts/ss_lightning.sh | 111 ++++++++ Scripts/scripts/ss_tor.sh | 112 +++++++++ Scripts/scripts/ss_user_ssh.sh | 66 +++++ Scripts/scripts/ss_vps.sh | 61 +++++ Scripts/ss.sh | 6 - 9 files changed, 1249 insertions(+), 6 deletions(-) create mode 100644 Scripts/scripts/ss.sh create mode 100644 Scripts/scripts/ss_bitcoin.sh create mode 100644 Scripts/scripts/ss_dependencies.sh create mode 100644 Scripts/scripts/ss_help.sh create mode 100644 Scripts/scripts/ss_lightning.sh create mode 100644 Scripts/scripts/ss_tor.sh create mode 100644 Scripts/scripts/ss_user_ssh.sh create mode 100644 Scripts/scripts/ss_vps.sh diff --git a/Scripts/scripts/ss.sh b/Scripts/scripts/ss.sh new file mode 100644 index 0000000..7c75018 --- /dev/null +++ b/Scripts/scripts/ss.sh @@ -0,0 +1,390 @@ +#!/bin/bash + +# standup.sh + +set +x + +# If script not sourced, stop here +if [[ "$0" = "$BASH_SOURCE" ]]; then + echo "This script must be sourced like so: \"source standup.sh\"" + return 1 +fi + +#### +# Environment Variables +#### + +# system +NOPROMPT=false +# STARTUP_REGISTER=true +# SYSTEMD_RELOAD=true +VPS=false +USERPASSWORD="" + +# vps +FQDN="" +HOSTNAME="" +REGION="" + +# bitcoind +NETWORK="mainnet" +PRUNE="" +FASTSYNC=false +HWI=true + +# lightning +LIGHTNING="c-lightning" + +# services +ESPLORA=false +BTCPAYSERVER=false + +# Tor +TOR_PUBKEY="" + +# ssh +SSH_KEY="" +SYS_SSH_IP="" + + + +#### +# Parsing Arguments +#### +PARAMS="" + +while (( "$#" )) +do +key="$1" + case $key in + -h|--help) + source ./ss_help.sh + return 3 + ;; + -y) + NOPROMPT=true + shift 1 + ;; + # --no-startup-register) + # STARTUP_REGISTER=false + # shift 1 + # ;; + # --no-systemd-reload) + # SYSTEMD_RELOAD=false + # shift 1 + # ;; + --vps) + VPS=true + shift 1 + ;; + --userpassword) + USERPASSWORD="$2" + shift 1 + shift 1 + ;; + -F|--fqdn) + FQDN="$2" + shift 1 + shift 1 + ;; + -H|--hostname) + HOSTNAME=$2 + shift 1 + shift 1 + ;; + -R|--region) + REGION=$2 + shift 1 + shift 1 + ;; + -n|--network) + if [ "${2:0:1}" == "-" ] + then + echo "Network flag passed without value. Installing default network: mainnet." + shift 1 + elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] + then + NETWORK="$2" + else + echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" + while [[ "$NETWROK" != "mainnet" ]] || [[ "$NETWROK" != "testnet" ]] || [[ "$NETWROK" != "regtest" ]] + do + read -pr "Enter which network do you want to default to: " NETWORK + done + fi + shift 1 + shift 1 + ;; + -p|--prune) + if [ "${2:0:1}" == "-" ] + then + echo "Prune flag passed without value. Installing default: unpruned node." + shift 1 + elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] + then + PRUNE="$2" + else + echo "ERROR: Minimum prune value is 550. Passed $2" + while [[ "$PRUNE" -lt 550 ]] + do + read -pr "Enter a value above 550 or 0 if you want to install an unpruned node (you can change this later): " PRUNE + done + fi + shift 1 + shift 1 + ;; + --fastsync) + FASTSYNC=true + shift 1 + ;; + --no-hwi) + HWI=false + shift 1 + ;; + --no-ln) + LIGHTNING=false + shift 1 + ;; + -l|--lightning) + if [ "${2:0:1}" == "-" ] + then + echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" + shift 1 + elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] + then + LIGHTNING="$2" + else + echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" + while [[ "$LIGHTNING" != "c-lightning" ]] || [[ "$LIGHTNING" != "lnd" ]] || [[ "$LIGHTNING" != false ]] + do + read -pr "Enter c-lightning or lnd implementations or false if you don't want to install lightning: " LIGHTNING + done + fi + shift 1 + shift 1 + ;; + --esplora) + ESPLORA=true + shift 1 + ;; + --btcpay) + BTCPAYSERVER=true + shift 1 + ;; + -t|--tor-pubkey) + TOR_PUBKEY="$2" + shift 1 + shift 1 + ;; + --ssh-key) + SSH_KEY="$2" + shift 1 + shift 1 + ;; + --sys-ssh-ip) + SYS_SSH_IP="$2" + shift 1 + shift 1 + ;; + --) # end argument parsing + shift 1 + break + ;; + -*|--*=) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + help + return 7 + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift 1 + ;; + esac +done +set -- "$PARAMS" # set positional parameters in order + + +#### +# 0. Force check for root +#### + +# if you are not logged in as root then the script will not execute +echo " +----------------" +echo "$0 - Checking if logged in as root." +echo "----------------" +if ! [ "$(id -u)" = 0 ] +then + echo "$0 - You need to be logged in as root!" + return 2 +fi + +echo "$0 - Logged in as root. Continuing with installation." +echo "---------------- +" +# Output stdout and stderr to ~root files +exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) + + + +echo " +---------SETUP--------- +Parameters Passed: + +System +------ +NOPROMPT..........: $NOPROMPT +STARTUP_REGISTER..: $STARTUP_REGISTER +SYSTEMD_RELOAD....: $SYSTEMD_RELOAD +VPS...............: $VPS +USERPASSWORD......: $USERPASSWORD + +VPS +--- +FQDN......: $FQDN +HOSTNAME..: $HOSTNAME +REGION....: $REGION + +Bitcoin: +-------- +NETWORK...: $NETWORK +PRUNE.....: $PRUNE +FASTSYNC..: $FASTSYNC +HWI.......: $HWI + +Lightning: +---------- +LIGHTNING..: $LIGHTNING + +Services: +--------- +ESPLORA.......: $ESPLORA +BTCPAYSERVER..: $BTCPAYSERVER + +Tor & SSH: +---------- +TOR_PUBKEY..: $TOR_PUBKEY +SSH_KEY.....: $SSH_KEY +SYS_SSH_IP..: $SYS_SSH_IP +" + + +#### +# 1. Update Hostname and set timezone +#### + +if "$VPS" +then + source ./ss_vps.sh +fi + + +# prompt user before continuing with installation +if ! "$NOPROMPT" +then + read -rp "Continue with installation? (Y/n): " confirm +fi + +if [[ "$confirm" != [yY] ]] +then + echo "Entered $confirm. Exiting.." + return 8 +else + NOPROMPT=true + echo "Installing Bitcoin!" +fi + + +#### +# 2. Update Debian, Set autoupdate and Install Dependencies +#### + +echo " +---------------- +" +echo "$0 - Starting Debian updates; this will take a while!" +echo " +---------------- +" + +# Make sure all packages are up-to-date +apt-get update +apt-get upgrade -y +apt-get dist-upgrade -y + + +# call dependency script +source ./ss_dependencies.sh + + +#### +# 3. Create user admin +#### +# call user and ssh script +source ./ss_user_ssh.sh + + +#### +# 4. Install Tor +#### +# call tor script +source ./ss_tor.sh + +# sleep 4 seconds for tor to restart +sleep 4 + +#### +# 5. Install Bitcoin +#### +# call the bitcoin script +source ./ss_bitcoin.sh + + +#### +# Lightning +#### + + +source ./ss_lightning.sh + + + +#### +# RESET Environment Variables +#### + +# system +NOPROMPT=false +STARTUP_REGISTER=true +SYSTEMD_RELOAD=true +VPS=false +USERPASSWORD="" + +# vps +FQDN="" +HOSTNAME="" +REGION="" + +# bitcoind +NETWORK="mainnet" +PRUNE="" +FASTSYNC=false +HWI=true + +# lightning +LIGHTNING="c-lightning" + +# services +ESPLORA=false +BTCPAYSERVER=false + +# Tor +TOR_PUBKEY="" + +# ssh +SSH_KEY="" +SYS_SSH_IP="" + + +# Finished, exit script +exit 0 diff --git a/Scripts/scripts/ss_bitcoin.sh b/Scripts/scripts/ss_bitcoin.sh new file mode 100644 index 0000000..d941c32 --- /dev/null +++ b/Scripts/scripts/ss_bitcoin.sh @@ -0,0 +1,264 @@ +#!/bin/bash + +# standup script - bitcoin installation + +#### +# 5. Install Bitcoin +#### + +echo " +----------------" +echo "Installing Bitcoin" +echo "---------------- +" +# Download Bitcoin + +# CURRENT BITCOIN RELEASE: +# Change as necessary +export BITCOIN="bitcoin-core-0.20.0" +export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` + +# # get bitcoin tar.gz, shasums and signing keys +# clearnet +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc + +# tor +# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz + +if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] +then + echo " + ----------- + Downloading $BITCOIN, this will take a while! +----------- +" +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +fi + +if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] +then + echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ + " + echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN +# " +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +else + return 100 +fi + +if [[ -f ~standup/SHA256SUMS.asc ]] +then + echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" +fi + +if ! [[ -f ~standup/laanwj-releases.asc ]] +then + echo "-----$0 - downloading laanwj-release signature" +sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +fi + +# 404 +# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc + +# Verifying Bitcoin: Signature +echo " +----------------- +$0 - Verifying Bitcoin. +----------------- +" + +sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc +export BTC_SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` +echo " +---------SHASIG is $SHASIG +" + +if [[ $BTC_SHASIG ]] +then + echo " + ------$0 - VERIFICATION SUCCESS / SIG: $BTC_SHASIG + " +else + (>&2 echo " + ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! + ") + return 101 +fi + +# Verify Bitcoin: SHA +export BTC_TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` + +if [ "$BTC_TARSHA256" == "$BTC_EXPECTEDSHA256" ] +then + echo " + ------$0 - VERIFICATION SUCCESS / SHA: $BTC_TARSHA256 + " +else + (>&2 echo " + -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! + ") + # return 102 +fi + +# Install Bitcoin +echo "--------------" +echo " +$0 - Installing Bitcoin. +" +echo "-------------- +" + +sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup +/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* +/bin/rm -rf ~standup/$BITCOINPLAIN/ + +# Start Up Bitcoin +echo " +------$0 - Configuring Bitcoin. +" + +sudo -u standup /bin/mkdir ~standup/.bitcoin + +# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable +# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune +RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) + +if [[ "$PRUNE" -eq 0 ]] +then + $PRUNE = "" +fi + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +server=1 +prune=$PRUNE +rpcuser=StandUp +rpcpassword=$RPCPASSWORD +rpcallowip=127.0.0.1 +debug=tor +EOF + +if [ -z "$PRUNE" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + txindex=1 +EOF +fi + +if [ "$NETWORK" == "testnet" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + testnet=1 +EOF + +elif [ "$NETWORK" == "regtest" ] +then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + regtest=1 +EOF +fi + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +[test] +rpcbind=127.0.0.1 +rpcport=18332 +[main] +rpcbind=127.0.0.1 +rpcport=8332 +[regtest] +rpcbind=127.0.0.1 +rpcport=18443 +EOF + +/bin/chown standup ~standup/.bitcoin/bitcoin.conf +/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf + +# Setup bitcoind as a service that requires Tor +echo " +-------$0 - Setting up Bitcoin as a systemd service. +" + +sudo cat > /etc/systemd/system/bitcoind.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments +# in ExecStart= +[Unit] +Description=Bitcoin daemon +After=tor.service +Requires=tor.service +[Service] +ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf +# Process management +#################### +Type=simple +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure +# Directory creation and permissions +#################################### +# Run as bitcoin:bitcoin +User=standup +Group=sudo +# /run/bitcoind +RuntimeDirectory=bitcoind +RuntimeDirectoryMode=0710 +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true +[Install] +WantedBy=multi-user.target +EOF + +echo " +-------$0 - Starting bitcoind service +" +sudo systemctl enable bitcoind.service +sudo systemctl start bitcoind.service + +#### +# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display +#### +if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] +then + # Get the Tor onion address for the QR code + HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) + + # Create the QR string + QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" + + # Display the uri text incase QR code does not work + echo "$0 - **************************************************************************************************************" + echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" + echo $QR + echo "$0 - **************************************************************************************************************" + echo " + $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor + " + echo " + $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service + " + echo " + $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service + " +else + echo " + ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. + " +fi diff --git a/Scripts/scripts/ss_dependencies.sh b/Scripts/scripts/ss_dependencies.sh new file mode 100644 index 0000000..4df0e68 --- /dev/null +++ b/Scripts/scripts/ss_dependencies.sh @@ -0,0 +1,49 @@ +#!/bin/bash + +# standup script - install dependencies + +# Install haveged (a random number generator) +echo " +---------------- +" +echo "$0 - Installing haveged (a random number generator), gnupg2 & git" +echo " +---------------- +" +apt-get install haveged gnupg2 git -y +echo " +----------------$0 - haveged, gnupg2 & git installed successfully +" + +# Set system to automatically update +echo " +---------------- +" +echo "$0 - setting system to automatically update" +echo " +---------------- +" +echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections +apt-get -y install unattended-upgrades +echo " +----------------$0 - Debian Packages updated +" +# Get uncomplicated firewall and deny all incoming connections except SSH +if [ -z "$(which ufw)" ] +then + echo " +---------------- + " + echo "$0 - Installing ufw" + echo " +---------------- + " + apt-get install ufw +fi + +ufw allow ssh +ufw --force enable + +echo " +----------------$0 - ufw is installed and enabled. +" \ No newline at end of file diff --git a/Scripts/scripts/ss_help.sh b/Scripts/scripts/ss_help.sh new file mode 100644 index 0000000..ad5a5bc --- /dev/null +++ b/Scripts/scripts/ss_help.sh @@ -0,0 +1,196 @@ +#!/bin/bash + +# standup script help + +# help definition +function help () { +cat <<-END + + +-------------------------------------- +Install StandUp Script on this server. +-------------------------------------- + +standup.sh + +Blockchain Commons Standup Script +Contributor: jodobear 20-07-03 + +DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, +ideally you should use this as a watch-only wallet. This script is expiramental +and has not been widely tested. The creators are not responsible for loss of +funds. If you are not familiar with running a node or how Bitcoin works then we +urge you to use this in testnet so that you can use it as a learning tool. + +TL;DR: +------ + +Enter the 'scripts' directory and source 'ss.sh' to install the node. + +1. Using cli arguments: +----------------------- +$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip + +This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. + +2. Exporting environment variables: +----------------------------------- +$ export NOPROMPT=true +$ export USERPASSOWRD=password +$ export NETWORK=testnet +$ export LIGHTNING=lnd +$ source ./ss.sh + +This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. + + + +This script can be installed on any Debian based system. By default this script will: + +* Update the OS +* Set Automatic Updates On +* Create User: standup +* Install UFW +* Install Tor +* Install Bitcoin Core +* Install HWI** +* Install c-lightning** +* Setup Bitcoin Core, Lightning settings +* Make sure they start at reboot via systemd +* Start Bitcoin Core, Lightning + +Optionally you can install: +--------------------------- +* Install LND instead of c-lightning +* Install Esplora** +* Install BTCPay** + +** To be implemented + +You can run this script again if you desire to change your configuration. + +Upon completion of the script there will be a QR code saved to /qrcode.png which +you can open and scan. You can use "$ sudo apt-get install fim" then: +"$ fim -a qrcode.png" to display the QR in a terminal (as root). + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that +even if your QR code is compromised an attacker would not be able to access your +node. It is also recommended to delete the /qrcode.png, /standup.log, and +/standup.err files. + + -------------------------------------- +| Usage | + -------------------------------------- + +0. Prerequisites +---------------- + +In order to run this script you need to be logged in as root, and enter in the commands listed below: + +- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. +- Data fields enclosed in <> are to be filled by you with appropriate values. + +1. Give the root user a password, enter the following command and set a password: +$ sudo passwd + +2. Switch to the root user: +$ su - root + +3. Source the script: +# source standup.sh + +NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: +#export = + +You can use the following optional arguments: + + -h --help : Display this help. + -y : Install without prompting for confirming the setup + + Setup: + ------ + # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. + # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. + -v --vps : Pass when installing on a VPS. + --userpassword : Password for the standup non-privileged account. + + VPS: + ---- + -F --fqdn : Fully Qualified Hostname + -H --hostname : Hostname of your server + -R --region : Server's timezone location + + Bitcoin: + -------- + -f --fastsync : Enables fast synchronization of blockchain*. + -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". + --no-hwi : Do NOT install HWI. + -p --prune : Install a prune node; integer value > 550. + + Lightning: + ---------- + --no-ln : Do NOT install lightning. + -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". + + Services: + --------- + --btcpay : Installs BTCPay Server. + --esplora : Installs Esplora. + + Tor: + ---- + -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" + + SSH: + ---- + --ssh-key : key for automated SSH logins to standup non-privileged account. + --sys-ssh-ip : Comma separated list of IPs that can use SSH. + +*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. + +2. Environment Variables: +------------------------- + + # system + -------- + NOPROMPT=true/false, set it to install the setup without prompting for confirmation. + # START=true/false, start bitcoind & lightning after installation. Default: true. + # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. + # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. + VPS=true/false, set it to true if setting up on a VPS. Default: false. + USERPASSWORD="", set password for user standup. Default: empty. + + #vps + ---- + FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com + HOSTNAME="", enter your hostname. Example: my-awesome-node. + REGION="", enter your server's timezone location. Example Asia/Singapore. + + # bitcoind + ---------- + NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". + PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). + FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. + HWI=true/false, Choose to install HWI. Default: true. + + # lightning + ----------- + LIGHTNING="c-lightning"/"lnd"/false, choose lightning network implementation or pass --no-ln to not install lightning. Default: "c-lightning". + + # services + ---------- + ESPLORA=true/false, Choose to install Esplora. Default: false. + BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. + # Tor + TOR_PUBKEY="" Tor Public Key. Default: empty. + + # ssh + SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. + SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. + +---------------- + +END +} + +help \ No newline at end of file diff --git a/Scripts/scripts/ss_lightning.sh b/Scripts/scripts/ss_lightning.sh new file mode 100644 index 0000000..25ceef3 --- /dev/null +++ b/Scripts/scripts/ss_lightning.sh @@ -0,0 +1,111 @@ +#!/bin/bash + +# standup script - lightning installation + +# install c-lightning +if [[ "$LIGHTNING" == "c-lightning" ]] +then + export CLN_VERSION="v0.8.2.1" + export CLN_DIR="~standup/clightning" + + echo " +----------- + Downloading dependencies +----------- + " + apt-get install -y \ + autoconf automake build-essential git libtool libgmp-dev \ + libsqlite3-dev python3 python3-mako net-tools zlib1g-dev libsodium-dev \ + gettext valgrind python3-pip libpq-dev + + echo " +----------- + Downloading & Installing c-lightning +----------- + " + # get clightning binary from github + cd /tmp + sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning + cd ~standup/lightning + pip3 install -r requirements.txt + ./configure + make + sudo make install + cd / + + + # start lightningd + +# cat >> ~standup/.lightning/config << EOF +# proxy=127.0.0.1:9050 +# bind-addr=127.0.0.1:9735 +# addr=statictor:127.0.0.1:9051 +# always-use-proxy=true +# EOF + +# /bin/chown standup ~standup/.lightning/config +# /bin/chmod 600 ~standup/.lightning/config + +# echo " +# -------$0 - Setting up Bitcoin as a systemd service. +# " + +# sudo cat > /etc/systemd/system/bitcoind.service << EOF +# # It is not recommended to modify this file in-place, because it will +# # be overwritten during package upgrades. If you want to add further +# # options or overwrite existing ones then use +# # $ systemctl edit bitcoind.service +# # See "man systemd.service" for details. +# # Note that almost all daemon options could be specified in +# # /etc/lightning/config, except for those explicitly specified as arguments +# # in ExecStart= +# [Unit] +# Description=c-lightning daemon +# After=tor.service +# Requires=tor.service +# [Service] +# ExecStart=/usr/local/bin/lightningd -conf=/home/standup/.lightning/config +# # Process management +# #################### +# Type=simple +# PIDFile=/run/lightning/lightningd.pid +# Restart=on-failure +# # Directory creation and permissions +# #################################### +# # Run as lightningd:lightningd +# User=standup +# Group=sudo +# # /run/lightningd +# RuntimeDirectory=lightningd +# RuntimeDirectoryMode=0710 +# # Hardening measures +# #################### +# # Provide a private /tmp and /var/tmp. +# PrivateTmp=true +# # Mount /usr, /boot/ and /etc read-only for the process. +# ProtectSystem=full +# # Disallow the process and all of its children to gain +# # new privileges through execve(). +# NoNewPrivileges=true +# # Use a new /dev namespace only populated with API pseudo devices +# # such as /dev/null, /dev/zero and /dev/random. +# PrivateDevices=true +# # Deny the creation of writable and executable memory mappings. +# MemoryDenyWriteExecute=true +# [Install] +# WantedBy=multi-user.target +# EOF + +# echo " +# -------$0 - lightningd service active +# " +# sudo systemctl enable lightningd.service +# sudo systemctl start lightningd.service + +# if [ -n "$(systemctl is-active --quiet lightningd)" ] +# then +# echo " +# -----------$0 - c-lightning Installed and started +# " +# fi +fi \ No newline at end of file diff --git a/Scripts/scripts/ss_tor.sh b/Scripts/scripts/ss_tor.sh new file mode 100644 index 0000000..e445c0d --- /dev/null +++ b/Scripts/scripts/ss_tor.sh @@ -0,0 +1,112 @@ +#!/bin/bash + +# standup script - Tor installation + +#### +# 4. Install latest stable tor +#### + +# Download tor +echo " +---------------- +" +echo "Installing Tor" +echo " +---------------- +" +# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: +if [ -z "$(which apt-transport-https)" ] +then + apt-get install apt-transport-https -y + echo " + --------------apt-transport-https installed + " +fi + +# To download bitcoin using onion site, we need torsocks +if [ -z "$(which torsocks)" ] +then + apt-get install torsocks -y + echo " + --------------torsocks installed + " +fi + +# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: +DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') + +# You need to add the following entries to /etc/apt/sources.list: +cat >> /etc/apt/sources.list << EOF +deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +EOF + +# Then add the gpg key used to sign the packages by running: +# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 +sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +# Update system, install and run tor as a service +sudo apt update +sudo apt install tor deb.torproject.org-keyring -y + +# Setup hidden service +sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc +sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc +# for c-lightning +sed -i -e 's/#CookieAuthFileGroupReadable 1/CookieAuthFileGroupReadable 1/g' /etc/tor/torrc +sed -i -e 's/## address y:z./## address y:z.\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1309 127.0.0.1:18332\ +HiddenServicePort 1309 127.0.0.1:18443\ +HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServiceDir /var/lib/tor/lightningd-service_v2/ +HiddenServiceVersion 3\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc +mkdir /var/lib/tor/standup +chown -R debian-tor:debian-tor /var/lib/tor/standup +chmod 700 /var/lib/tor/standup + +# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind +sudo usermod -a -G debian-tor standup + +# Restart tor to create the HiddenServiceDir +sudo systemctl restart tor.service + + +if [ "$(systemctl is-active tor) | grep active" ] +then +echo " +--------------$0 - Tor installed and successfully started +" +fi + +# add V3 authorized_clients public key if one exists +if ! [ "$TOR_PUBKEY" == "" ] +then + # create the directory manually incase tor.service did not restart quickly enough + mkdir /var/lib/tor/standup/authorized_clients + + # need to assign the owner + chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients + + # Create the file for the pubkey + touch /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Write the pubkey to the file + echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Restart tor for authentication to take effect + sudo systemctl restart tor.service + + echo " + ---------$0 - Successfully added Tor V3 authentication + " + +else + echo " + ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet + " +fi diff --git a/Scripts/scripts/ss_user_ssh.sh b/Scripts/scripts/ss_user_ssh.sh new file mode 100644 index 0000000..82de368 --- /dev/null +++ b/Scripts/scripts/ss_user_ssh.sh @@ -0,0 +1,66 @@ +#!/bin/bash + +# standup script - setup user and ssh access + +if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] +then + echo " +---------------- + " + echo "Creating user standup" + echo " +---------------- + " + # Create "standup" user with optional password and give them sudo capability + /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup + /usr/sbin/adduser standup sudo + + echo " +---------------- + " + echo "$0 - User standup created with sudo access." + echo " +---------------- + " +else + echo "----------------" + echo "User standup already exists." + echo "----------------" +fi + +# Setup SSH Key if the user added one as an argument +if [ -n "$SSH_KEY" ] +then + mkdir ~standup/.ssh + echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys + chown -R standup ~standup/.ssh + echo " +---------------- + " + echo "$0 - Added .ssh key to standup." + echo " +---------------- + " +fi + +# Setup SSH allowed IP's if the user added any as an argument +if [ -n "$SYS_SSH_IP" ] +then + echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow + echo "sshd: ALL" >> /etc/hosts.deny + echo " +---------------- + " + echo "$0 - Limited SSH access." + echo " +---------------- + " +else + echo " + **************** + " + echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" + echo " + **************** + " +fi \ No newline at end of file diff --git a/Scripts/scripts/ss_vps.sh b/Scripts/scripts/ss_vps.sh new file mode 100644 index 0000000..54bd08e --- /dev/null +++ b/Scripts/scripts/ss_vps.sh @@ -0,0 +1,61 @@ +#!/bin/bash + +# standup script - vps hostname settings + +IPADDR="" +REGION="" + +# Check for FQDN & HOSTNAME if --vps +if "$VPS" && [[ -z "$HOSTNAME" ]] +then + echo "You provided the '--vps' flag but didn't provide --fqdn" + while [ -z "$HOSTNAME" ] + do + read -rp "You need to enter hostname of the server: " HOSTNAME + done +fi + +if "$VPS" && [[ -z "$FQDN" ]] +then + echo "You provided the '--vps' flag but didn't provide --fqdn." + while [ -z "$FQDN" ] + do + read -rp "You need to enter the fqdn of the server: " FQDN + done +fi + +if "$VPS" && [[ -z "$REGION" ]] +then + echo "You provided the '--vps' flag but didn't provide --region." + while [ -z "$REGION" ] + do + read -rp "You need to enter the region of the server to set the timezone: " REGION + done +fi + +echo " +----------------" +echo "HOSTNAME: $HOSTNAME" > /etc/hostname +echo "----------------" +/bin/hostname "$HOSTNAME" + +# Set the variable $IPADDR to the IP address the new Linode receives. +IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') + +echo "$0 - Set hostname as $FQDN ($IPADDR)" +echo " + ***********************" +echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." +echo " *********************** +" +echo "$0 - Set Time Zone to $REGION" +echo $REGION > /etc/timezone +cp /usr/share/zoneinfo/${REGION} /etc/localtime + +echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." +# Add localhost aliases + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts + +echo "$0 - Set localhost" \ No newline at end of file diff --git a/Scripts/ss.sh b/Scripts/ss.sh index a6c3527..6b1b82e 100644 --- a/Scripts/ss.sh +++ b/Scripts/ss.sh @@ -716,12 +716,6 @@ deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main EOF -# # hardcoding stretch -# cat >> /etc/apt/sources.list << EOF -# deb https://deb.torproject.org/torproject.org stretch main -# deb-src https://deb.torproject.org/torproject.org stretch main -# EOF - # Then add the gpg key used to sign the packages by running: # apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import From 1e0b21621236be4ee12c87977a8e86e47bd37118 Mon Sep 17 00:00:00 2001 From: jodobear Date: Tue, 14 Jul 2020 22:57:19 +0200 Subject: [PATCH 06/16] working lnd installation & code cleanup --- Scripts/logically_divided_scripts/ss.sh | 359 ------------------ .../logically_divided_scripts/ss_bitcoin.sh | 261 ------------- .../ss_dependencies.sh | 72 ---- Scripts/logically_divided_scripts/ss_help.sh | 193 ---------- Scripts/logically_divided_scripts/ss_tor.sh | 113 ------ .../logically_divided_scripts/ss_user_ssh.sh | 66 ---- Scripts/logically_divided_scripts/ss_vps.sh | 77 ---- Scripts/scripts/ss.sh | 171 +++++---- Scripts/scripts/ss_bitcoin.sh | 199 +++++----- Scripts/scripts/ss_c-lightning.sh | 108 ++++++ Scripts/scripts/ss_dependencies.sh | 4 +- Scripts/scripts/ss_help.sh | 15 +- Scripts/scripts/ss_lightning.sh | 111 ------ Scripts/scripts/ss_lnd.sh | 241 ++++++++++++ Scripts/scripts/ss_user_ssh.sh | 16 +- Scripts/scripts/ss_vps.sh | 14 +- 16 files changed, 583 insertions(+), 1437 deletions(-) delete mode 100644 Scripts/logically_divided_scripts/ss.sh delete mode 100644 Scripts/logically_divided_scripts/ss_bitcoin.sh delete mode 100644 Scripts/logically_divided_scripts/ss_dependencies.sh delete mode 100644 Scripts/logically_divided_scripts/ss_help.sh delete mode 100644 Scripts/logically_divided_scripts/ss_tor.sh delete mode 100644 Scripts/logically_divided_scripts/ss_user_ssh.sh delete mode 100644 Scripts/logically_divided_scripts/ss_vps.sh create mode 100644 Scripts/scripts/ss_c-lightning.sh delete mode 100644 Scripts/scripts/ss_lightning.sh create mode 100644 Scripts/scripts/ss_lnd.sh diff --git a/Scripts/logically_divided_scripts/ss.sh b/Scripts/logically_divided_scripts/ss.sh deleted file mode 100644 index e2a5a90..0000000 --- a/Scripts/logically_divided_scripts/ss.sh +++ /dev/null @@ -1,359 +0,0 @@ -#!/bin/bash - -# standup.sh - -set +x - -# If script not sourced, stop here -if [[ "$0" = "$BASH_SOURCE" ]]; then - echo "This script must be sourced like so: \"source standup.sh\"" - return 1 -fi - -#### -# Environment Variables -#### - -# system -NOPROMPT=false -# STARTUP_REGISTER=true -# SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor -TOR_PUBKEY="" - -# ssh -SSH_KEY="" -SYS_SSH_IP="" - - - -#### -# Parsing Arguments -#### -PARAMS="" - -while (( "$#" )) -do -key="$1" - case $key in - -h|--help) - source ./ss_help.sh - return 3 - ;; - -y) - NOPROMPT=true - shift 1 - ;; - # --no-startup-register) - # STARTUP_REGISTER=false - # shift 1 - # ;; - # --no-systemd-reload) - # SYSTEMD_RELOAD=false - # shift 1 - # ;; - --vps) - VPS=true - shift 1 - ;; - --userpassword) - USERPASSWORD="$2" - shift 1 - shift 1 - ;; - -F|--fqdn) - FQDN="$2" - shift 1 - shift 1 - ;; - -H|--hostname) - HOSTNAME=$2 - shift 1 - shift 1 - ;; - -R|--region) - REGION=$2 - shift 1 - shift 1 - ;; - -n|--network) - if [ "${2:0:1}" == "-" ] - then - echo "Network flag passed without value. Installing default network: mainnet." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] - then - NETWORK="$2" - else - echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" - return 4 - fi - shift 1 - shift 1 - ;; - -p|--prune) - if [ "${2:0:1}" == "-" ] - then - echo "Prune flag passed without value. Installing default: unpruned node." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] - then - PRUNE="$2" - else - echo "ERROR: Minimum prune value is 550. Passed $2" - return 5 - fi - shift 1 - shift 1 - ;; - --fastsync) - FASTSYNC=true - shift 1 - ;; - --no-hwi) - HWI=false - shift 1 - ;; - -l|--lightning) - if [ "${2:0:1}" == "-" ] - then - echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" - shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] - then - LIGHTNING="$2" - else - echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" - return 6 - fi - shift 1 - shift 1 - ;; - --esplora) - ESPLORA=true - shift 1 - ;; - --btcpay) - BTCPAYSERVER=true - shift 1 - ;; - -t|--tor-pubkey) - TOR_PUBKEY="$2" - shift 1 - shift 1 - ;; - --ssh-key) - SSH_KEY="$2" - shift 1 - shift 1 - ;; - --sys-ssh-ip) - SYS_SSH_IP="$2" - shift 1 - shift 1 - ;; - --) # end argument parsing - shift 1 - break - ;; - -*|--*=) # unsupported flags - echo "Error: Unsupported flag $1" >&2 - help - return 7 - ;; - *) # preserve positional arguments - PARAMS="$PARAMS $1" - shift 1 - ;; - esac -done -set -- "$PARAMS" # set positional parameters in order - - -#### -# 0. Force check for root -#### - -# if you are not logged in as root then the script will not execute -echo " -----------------" -echo "$0 - Checking if logged in as root." -echo "----------------" -if ! [ "$(id -u)" = 0 ] -then - echo "$0 - You need to be logged in as root!" - return 2 -fi - -echo "$0 - Logged in as root. Continuing with installation." -echo "---------------- -" -# Output stdout and stderr to ~root files -exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) - - - -echo " ----------SETUP--------- -Parameters Passed: - -System ------- -NOPROMPT..........: $NOPROMPT -STARTUP_REGISTER..: $STARTUP_REGISTER -SYSTEMD_RELOAD....: $SYSTEMD_RELOAD -VPS...............: $VPS -USERPASSWORD......: $USERPASSWORD - -VPS ---- -FQDN......: $FQDN -HOSTNAME..: $HOSTNAME -REGION....: $REGION - -Bitcoin: --------- -NETWORK...: $NETWORK -PRUNE.....: $PRUNE -FASTSYNC..: $FASTSYNC -HWI.......: $HWI - -Lightning: ----------- -LIGHTNING..: $LIGHTNING - -Services: ---------- -ESPLORA.......: $ESPLORA -BTCPAYSERVER..: $BTCPAYSERVER - -Tor & SSH: ----------- -TOR_PUBKEY..: $TOR_PUBKEY -SSH_KEY.....: $SSH_KEY -SYS_SSH_IP..: $SYS_SSH_IP -" - - -#### -# 1. Update Hostname and set timezone -#### - -if "$VPS" -then - source ./ss_vps.sh -fi - - - -#### -# 2. Update Debian, Set autoupdate and Install Dependencies -#### - -echo " ----------------- -" -echo "$0 - Starting Debian updates; this will take a while!" -echo " ----------------- -" - -# Make sure all packages are up-to-date -apt-get update -apt-get upgrade -y -apt-get dist-upgrade -y - - -# call dependency script -source ./ss_dependencies.sh - - -#### -# 3. Create user admin -#### -# call user and ssh script -source ./ss_user_ssh.sh - - -#### -# 4. Install Tor -#### -# call tor script -source ./ss_tor.sh - -# sleep 4 seconds for tor to restart -sleep 4 - -#### -# 5. Install Bitcoin -#### -# call the bitcoin script -source ./ss_bitcoin.sh - - -#### -# Lightning -#### - - - -#### -# RESET Environment Variables -#### - -# system -NOPROMPT=false -STARTUP_REGISTER=true -SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor -TOR_PUBKEY="" - -# ssh -SSH_KEY="" -SYS_SSH_IP="" - - -# Finished, exit script -exit 0 diff --git a/Scripts/logically_divided_scripts/ss_bitcoin.sh b/Scripts/logically_divided_scripts/ss_bitcoin.sh deleted file mode 100644 index c1a7e7c..0000000 --- a/Scripts/logically_divided_scripts/ss_bitcoin.sh +++ /dev/null @@ -1,261 +0,0 @@ -#!/bin/bash - -# standup script - bitcoin installation - -#### -# 5. Install Bitcoin -#### - -echo " -----------------" -echo "Installing Bitcoin" -echo "---------------- -" -# Download Bitcoin - -# CURRENT BITCOIN RELEASE: -# Change as necessary -export BITCOIN="bitcoin-core-0.20.0" -export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` - -# # get bitcoin tar.gz, shasums and signing keys -# clearnet -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc - -# tor -# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz - -if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] -then - echo " - ----------- - Downloading $BITCOIN, this will take a while! ------------ -" -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -fi - -# get shasums: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/SHA256SUMS.asc - -if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ - " - echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN -# " -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -else - return 100 -fi - -if [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" -fi - -if ! [[ -f ~standup/laanwj-releases.asc ]] -then - echo "-----$0 - downloading laanwj-release signature" -sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc -fi - -# 404 -# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc - -# Verifying Bitcoin: Signature -echo " ------------------ -$0 - Verifying Bitcoin. ------------------ -" - -sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc -export SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo " ----------SHASIG is $SHASIG -" - -if [[ $SHASIG ]] -then - echo " - ------$0 - VERIFICATION SUCCESS / SIG: $SHASIG - " -else - (>&2 echo " - ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! - ") - # return 101 -fi - -# Verify Bitcoin: SHA -export TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` -export EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` - -if [ "$TARSHA256" == "$EXPECTEDSHA256" ] -then - echo " - ------$0 - VERIFICATION SUCCESS / SHA: $TARSHA256 - " -else - (>&2 echo " - -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! - ") - # return 102 -fi - -# Install Bitcoin -echo "--------------" -echo " -$0 - Installing Bitcoin. -" -echo "-------------- -" - -sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup -/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* -/bin/rm -rf ~standup/$BITCOINPLAIN/ - -# Start Up Bitcoin -echo " -------$0 - Configuring Bitcoin. -" - -sudo -u standup /bin/mkdir ~standup/.bitcoin - -# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable -# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune -RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -server=1 -prune=$PRUNE -rpcuser=StandUp -rpcpassword=$RPCPASSWORD -rpcallowip=127.0.0.1 -debug=tor -EOF - -if [ -z "$PRUNE" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - txindex=1 -EOF -fi - -if [ "$NETWORK" == "testnet" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - testnet=1 -EOF - -elif [ "$NETWORK" == "regtest" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - regtest=1 -EOF -fi - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -[test] -rpcbind=127.0.0.1 -rpcport=18332 -[main] -rpcbind=127.0.0.1 -rpcport=8332 -[regtest] -rpcbind=127.0.0.1 -rpcport=18443 -EOF - -/bin/chown standup ~standup/.bitcoin/bitcoin.conf -/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf - -# Setup bitcoind as a service that requires Tor -echo " --------$0 - Setting up Bitcoin as a systemd service. -" - -sudo cat > /etc/systemd/system/bitcoind.service << EOF -# It is not recommended to modify this file in-place, because it will -# be overwritten during package upgrades. If you want to add further -# options or overwrite existing ones then use -# $ systemctl edit bitcoind.service -# See "man systemd.service" for details. -# Note that almost all daemon options could be specified in -# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments -# in ExecStart= -[Unit] -Description=Bitcoin daemon -After=tor.service -Requires=tor.service -[Service] -ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf -# Process management -#################### -Type=simple -PIDFile=/run/bitcoind/bitcoind.pid -Restart=on-failure -# Directory creation and permissions -#################################### -# Run as bitcoin:bitcoin -User=standup -Group=sudo -# /run/bitcoind -RuntimeDirectory=bitcoind -RuntimeDirectoryMode=0710 -# Hardening measures -#################### -# Provide a private /tmp and /var/tmp. -PrivateTmp=true -# Mount /usr, /boot/ and /etc read-only for the process. -ProtectSystem=full -# Disallow the process and all of its children to gain -# new privileges through execve(). -NoNewPrivileges=true -# Use a new /dev namespace only populated with API pseudo devices -# such as /dev/null, /dev/zero and /dev/random. -PrivateDevices=true -# Deny the creation of writable and executable memory mappings. -MemoryDenyWriteExecute=true -[Install] -WantedBy=multi-user.target -EOF - -echo " --------$0 - Starting bitcoind service -" -sudo systemctl enable bitcoind.service -sudo systemctl start bitcoind.service - -#### -# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display -#### -if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] -then - # Get the Tor onion address for the QR code - HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) - - # Create the QR string - QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" - - # Display the uri text incase QR code does not work - echo "$0 - **************************************************************************************************************" - echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" - echo $QR - echo "$0 - **************************************************************************************************************" - echo " - $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor - " - echo " - $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service - " - echo " - $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service - " -else - echo " - ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. - " -fi diff --git a/Scripts/logically_divided_scripts/ss_dependencies.sh b/Scripts/logically_divided_scripts/ss_dependencies.sh deleted file mode 100644 index ea9fdfa..0000000 --- a/Scripts/logically_divided_scripts/ss_dependencies.sh +++ /dev/null @@ -1,72 +0,0 @@ -#!/bin/bash - -# standup script - install dependencies - -# Install haveged (a random number generator) -if [ -z "$(which haveged)" ] -then - echo " ----------------- - " - echo "$0 - Installing haveged (a random number generator)" - echo " ----------------- - " - apt-get install haveged -y -echo " -----------------$0 - haveged installed successfully -" -else - echo " - ----------------$0 - haveged already installed" -fi - -# Set system to automatically update -echo " ----------------- -" -echo "$0 - setting system to automatically update" -echo " ----------------- -" -echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections -apt-get -y install unattended-upgrades -echo " -----------------$0 - Debian Packages updated -" -# Get uncomplicated firewall and deny all incoming connections except SSH -if [ -z "$(which ufw)" ] -then - echo " ----------------- - " - echo "$0 - Installing ufw" - echo " ----------------- - " - apt-get install ufw -fi - -ufw allow ssh -ufw --force enable - -echo " -----------------$0 - ufw is installed and enabled. -" - -# Get GPG if not installed to verify signatures - -if [ -z "$(which gpg)" ] -then - echo " ----------------- - " - echo "$0 - Installing gnupg2" - echo " ----------------- - " - apt-get install gnupg2 -y - echo " -----------------$0 - Gnupg2 not found and installed - " -fi diff --git a/Scripts/logically_divided_scripts/ss_help.sh b/Scripts/logically_divided_scripts/ss_help.sh deleted file mode 100644 index f0788b4..0000000 --- a/Scripts/logically_divided_scripts/ss_help.sh +++ /dev/null @@ -1,193 +0,0 @@ -#!/bin/bash - -# standup script help - -# help definition -function help () { -cat <<-END - - --------------------------------------- -Install StandUp Script on this server. --------------------------------------- - -standup.sh - -Blockchain Commons Standup Script -Contributor: jodobear 20-07-03 - -DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, -ideally you should use this as a watch-only wallet. This script is expiramental -and has not been widely tested. The creators are not responsible for loss of -funds. If you are not familiar with running a node or how Bitcoin works then we -urge you to use this in testnet so that you can use it as a learning tool. - -TL;DR: ------- - -Enter the 'scripts' directory and source 'ss.sh' to install the node. - -1. Using cli arguments: ------------------------ -$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip - -This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. - -2. Exporting environment variables: ------------------------------------ -$ export NOPROMPT=true -$ export USERPASSOWRD=password -$ export NETWORK=testnet -$ export LIGHTNING=lnd -$ source ./ss.sh - -This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. - - - -This script can be installed on any Debian based system. By default this script will: - -* Update the OS -* Set Automatic Updates On -* Create User: standup -* Install UFW -* Install Tor -* Install Bitcoin Core -* Install HWI -* Install c-lightning -* Setup Bitcoin Core, Lightning settings -* Make sure they start at reboot via systemd -* Start Bitcoin Core, Lightning - -Optionally you can install: ---------------------------- -* Install LND instead of c-lightning -* Install Esplora -* Install BTCPay - -You can run this script again if you desire to change your configuration. - -Upon completion of the script there will be a QR code saved to /qrcode.png which -you can open and scan. You can use "$ sudo apt-get install fim" then: -"$ fim -a qrcode.png" to display the QR in a terminal (as root). - -It is highly recommended to add a Tor V3 pubkey for cookie authentication so that -even if your QR code is compromised an attacker would not be able to access your -node. It is also recommended to delete the /qrcode.png, /standup.log, and -/standup.err files. - - -------------------------------------- -| Usage | - -------------------------------------- - -0. Prerequisites ----------------- - -In order to run this script you need to be logged in as root, and enter in the commands listed below: - -- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. -- Data fields enclosed in <> are to be filled by you with appropriate values. - -1. Give the root user a password, enter the following command and set a password: -$ sudo passwd - -2. Switch to the root user: -$ su - root - -3. Source the script: -# source standup.sh - -NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: -#export = - -You can use the following optional arguments: - - -h --help : Display this help. - -y : Install without prompting for confirming the setup - - Setup: - ------ - # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. - # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. - -v --vps : Pass when installing on a VPS. - --userpassword : Password for the standup non-privileged account. - - VPS: - ---- - -F --fqdn : Fully Qualified Hostname - -H --hostname : Hostname of your server - -R --region : Server's timezone location - - Bitcoin: - -------- - -f --fastsync : Enables fast synchronization of blockchain*. - -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". - --no-hwi : Do NOT install HWI. - -p --prune : Install a prune node; integer value > 550. - - Lightning: - ---------- - -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". - - Services: - --------- - --btcpay : Installs BTCPay Server. - --esplora : Installs Esplora. - - Tor: - ---- - -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" - - SSH: - ---- - --ssh-key : key for automated SSH logins to standup non-privileged account. - --sys-ssh-ip : Comma separated list of IPs that can use SSH. - -*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. - -2. Environment Variables: -------------------------- - - # system - -------- - NOPROMPT=true/false, set it to install the setup without prompting for confirmation. - # START=true/false, start bitcoind & lightning after installation. Default: true. - # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. - # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. - VPS=true/false, set it to true if setting up on a VPS. Default: false. - USERPASSWORD="", set password for user standup. Default: empty. - - #vps - ---- - FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com - HOSTNAME="", enter your hostname. Example: my-awesome-node. - REGION="", enter your server's timezone location. Example Asia/Singapore. - - # bitcoind - ---------- - NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". - PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). - FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. - HWI=true/false, Choose to install HWI. Default: true. - - # lightning - ----------- - LIGHTNING="c-lightning"/"lnd", choose lightning network implementation. Default: "c-lightning". - - # services - ---------- - ESPLORA=true/false, Choose to install Esplora. Default: false. - BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. - # Tor - TOR_PUBKEY="" Tor Public Key. Default: empty. - - # ssh - SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. - SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. - ----------------- - -END -} - -help \ No newline at end of file diff --git a/Scripts/logically_divided_scripts/ss_tor.sh b/Scripts/logically_divided_scripts/ss_tor.sh deleted file mode 100644 index 657f596..0000000 --- a/Scripts/logically_divided_scripts/ss_tor.sh +++ /dev/null @@ -1,113 +0,0 @@ -#!/bin/bash - -# standup script - Tor installation - -#### -# 4. Install latest stable tor -#### - -# Download tor -echo " ----------------- -" -echo "Installing Tor" -echo " ----------------- -" -# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: -if [ -z "$(which apt-transport-https)" ] -then - apt-get install apt-transport-https -y - echo " - --------------apt-transport-https installed - " -fi - -# To download bitcoin using onion site, we need torsocks -if [ -z "$(which torsocks)" ] -then - apt-get install torsocks -y - echo " - --------------torsocks installed - " -fi - -# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: -DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') - -# You need to add the following entries to /etc/apt/sources.list: -cat >> /etc/apt/sources.list << EOF -deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -EOF - -# # hardcoding stretch -# cat >> /etc/apt/sources.list << EOF -# deb https://deb.torproject.org/torproject.org stretch main -# deb-src https://deb.torproject.org/torproject.org stretch main -# EOF - -# Then add the gpg key used to sign the packages by running: -# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 -sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import -sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - - -# Update system, install and run tor as a service -sudo apt update -sudo apt install tor deb.torproject.org-keyring -y - -# Setup hidden service -sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc -sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc -sed -i -e 's/## address y:z./## address y:z.\ -\ -HiddenServiceDir \/var\/lib\/tor\/standup\/\ -HiddenServiceVersion 3\ -HiddenServicePort 1309 127.0.0.1:18332\ -HiddenServicePort 1309 127.0.0.1:18443\ -HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc -mkdir /var/lib/tor/standup -chown -R debian-tor:debian-tor /var/lib/tor/standup -chmod 700 /var/lib/tor/standup - -# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind -sudo usermod -a -G debian-tor standup - -# Restart tor to create the HiddenServiceDir -sudo systemctl restart tor.service - - -if [ "$(systemctl is-active tor) | grep active" ] -then -echo " ---------------$0 - Tor installed and successfully started -" -fi - -# add V3 authorized_clients public key if one exists -if ! [ "$TOR_PUBKEY" == "" ] -then - # create the directory manually incase tor.service did not restart quickly enough - mkdir /var/lib/tor/standup/authorized_clients - - # need to assign the owner - chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients - - # Create the file for the pubkey - touch /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Write the pubkey to the file - echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Restart tor for authentication to take effect - sudo systemctl restart tor.service - - echo " - ---------$0 - Successfully added Tor V3 authentication - " - -else - echo " - ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet - " -fi diff --git a/Scripts/logically_divided_scripts/ss_user_ssh.sh b/Scripts/logically_divided_scripts/ss_user_ssh.sh deleted file mode 100644 index 82de368..0000000 --- a/Scripts/logically_divided_scripts/ss_user_ssh.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -# standup script - setup user and ssh access - -if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] -then - echo " ----------------- - " - echo "Creating user standup" - echo " ----------------- - " - # Create "standup" user with optional password and give them sudo capability - /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup - /usr/sbin/adduser standup sudo - - echo " ----------------- - " - echo "$0 - User standup created with sudo access." - echo " ----------------- - " -else - echo "----------------" - echo "User standup already exists." - echo "----------------" -fi - -# Setup SSH Key if the user added one as an argument -if [ -n "$SSH_KEY" ] -then - mkdir ~standup/.ssh - echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys - chown -R standup ~standup/.ssh - echo " ----------------- - " - echo "$0 - Added .ssh key to standup." - echo " ----------------- - " -fi - -# Setup SSH allowed IP's if the user added any as an argument -if [ -n "$SYS_SSH_IP" ] -then - echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow - echo "sshd: ALL" >> /etc/hosts.deny - echo " ----------------- - " - echo "$0 - Limited SSH access." - echo " ----------------- - " -else - echo " - **************** - " - echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" - echo " - **************** - " -fi \ No newline at end of file diff --git a/Scripts/logically_divided_scripts/ss_vps.sh b/Scripts/logically_divided_scripts/ss_vps.sh deleted file mode 100644 index c7387ef..0000000 --- a/Scripts/logically_divided_scripts/ss_vps.sh +++ /dev/null @@ -1,77 +0,0 @@ -#!/bin/bash - -# standup script - vps hostname settings - -# Check for FQDN & HOSTNAME if --vps -if "$VPS" && [[ -z "$HOSTNAME" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn" - while [ -z "$HOSTNAME" ] - do - read -rp "You need to enter hostname of the server: " HOSTNAME - done -fi - -if "$VPS" && [[ -z "$FQDN" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn." - while [ -z "$FQDN" ] - do - read -rp "You need to enter the fqdn of the server: " FQDN - done -fi - -if "$VPS" && [[ -z "$REGION" ]] -then - echo "You provided the '--vps' flag but didn't provide --region." - while [ -z "$REGION" ] - do - read -rp "You need to enter the region of the server to set the timezone: " REGION - done -fi - -# prompt user before continuing with installation -if ! "$NOPROMPT" -then - read -rp "Continue with installation? (Y/n): " confirm -fi - -if [[ "$confirm" != [yY] ]] -then - echo "Entered $confirm. Exiting.." - return 8 -else - NOPROMPT=true - echo "Installing Bitcoin!" -fi - -IPADDR="" -REGION="" - - -echo " -----------------" -echo "HOSTNAME: $HOSTNAME" > /etc/hostname -echo "----------------" -/bin/hostname "$HOSTNAME" - -# Set the variable $IPADDR to the IP address the new Linode receives. -IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') - -echo "$0 - Set hostname as $FQDN ($IPADDR)" -echo " - ***********************" -echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." -echo " *********************** -" -echo "$0 - Set Time Zone to $REGION" -echo $REGION > /etc/timezone -cp /usr/share/zoneinfo/${REGION} /etc/localtime - -echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." -# Add localhost aliases - -echo "127.0.0.1 localhost" > /etc/hosts -echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts - -echo "$0 - Set localhost" \ No newline at end of file diff --git a/Scripts/scripts/ss.sh b/Scripts/scripts/ss.sh index 7c75018..7c60824 100644 --- a/Scripts/scripts/ss.sh +++ b/Scripts/scripts/ss.sh @@ -1,8 +1,11 @@ -#!/bin/bash +#!bin/bash # standup.sh -set +x +# TODO: Get opinion on `` vs $() as backticks are portable to legacy shells +# TODO: Sort c-lightning & lnd installation + +set +ex # If script not sourced, stop here if [[ "$0" = "$BASH_SOURCE" ]]; then @@ -16,8 +19,6 @@ fi # system NOPROMPT=false -# STARTUP_REGISTER=true -# SYSTEMD_RELOAD=true VPS=false USERPASSWORD="" @@ -34,6 +35,7 @@ HWI=true # lightning LIGHTNING="c-lightning" +LN_ALIAS="StandUp" # services ESPLORA=false @@ -65,14 +67,6 @@ key="$1" NOPROMPT=true shift 1 ;; - # --no-startup-register) - # STARTUP_REGISTER=false - # shift 1 - # ;; - # --no-systemd-reload) - # SYSTEMD_RELOAD=false - # shift 1 - # ;; --vps) VPS=true shift 1 @@ -98,11 +92,11 @@ key="$1" shift 1 ;; -n|--network) - if [ "${2:0:1}" == "-" ] + if [ "${2:0:1}" = "-" ] then echo "Network flag passed without value. Installing default network: mainnet." shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] + elif [[ -n "$2" ]] && [[ "$2" = "mainnet" ]] || [[ "$2" = "testnet" ]] || [[ "$2" = "regtest" ]] then NETWORK="$2" else @@ -116,7 +110,7 @@ key="$1" shift 1 ;; -p|--prune) - if [ "${2:0:1}" == "-" ] + if [ "${2:0:1}" = "-" ] then echo "Prune flag passed without value. Installing default: unpruned node." shift 1 @@ -125,10 +119,11 @@ key="$1" PRUNE="$2" else echo "ERROR: Minimum prune value is 550. Passed $2" - while [[ "$PRUNE" -lt 550 ]] - do - read -pr "Enter a value above 550 or 0 if you want to install an unpruned node (you can change this later): " PRUNE - done + # while [[ "$PRUNE" -lt 550 ]] + # do + # read -pr "Enter a value above 550 or 0 if you want to install an unpruned node (you can change this later): " PRUNE + # done + return 1 fi shift 1 shift 1 @@ -146,23 +141,34 @@ key="$1" shift 1 ;; -l|--lightning) - if [ "${2:0:1}" == "-" ] + if [ "${2:0:1}" = "-" ] then echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] + elif [[ -n "$2" ]] && [[ "$2" = "c-lightning" ]] || [[ "$2" = "lnd" ]] then LIGHTNING="$2" else - echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" - while [[ "$LIGHTNING" != "c-lightning" ]] || [[ "$LIGHTNING" != "lnd" ]] || [[ "$LIGHTNING" != false ]] - do - read -pr "Enter c-lightning or lnd implementations or false if you don't want to install lightning: " LIGHTNING - done + if [[ -z "$2" ]] + then + echo "ERROR: You provided the flag -l or --lightning but didn't provide the implementation. Please enter c-lightning or lnd." + else + echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2." + fi + # while [[ "$LIGHTNING" != "c-lightning" ]] || [[ "$LIGHTNING" != "lnd" ]] + # do + # read -pr "Enter c-lightning or lnd implementations or false if you don't want to install lightning: " LIGHTNING + # done + return 1 fi shift 1 shift 1 ;; + --ln-alias) + LN_ALIAS="$2" + shift 1 + shift 1 + ;; --esplora) ESPLORA=true shift 1 @@ -213,7 +219,7 @@ echo " ----------------" echo "$0 - Checking if logged in as root." echo "----------------" -if ! [ "$(id -u)" = 0 ] +if ! [ "$(id -u)" == 0 ] then echo "$0 - You need to be logged in as root!" return 2 @@ -226,6 +232,8 @@ echo "---------------- exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) +#STARTUP_REGISTER..: $STARTUP_REGISTER +#SYSTEMD_RELOAD....: $SYSTEMD_RELOAD echo " ---------SETUP--------- @@ -234,8 +242,6 @@ Parameters Passed: System ------ NOPROMPT..........: $NOPROMPT -STARTUP_REGISTER..: $STARTUP_REGISTER -SYSTEMD_RELOAD....: $SYSTEMD_RELOAD VPS...............: $VPS USERPASSWORD......: $USERPASSWORD @@ -255,6 +261,7 @@ HWI.......: $HWI Lightning: ---------- LIGHTNING..: $LIGHTNING +LN_ALIAS...: $LN_ALIAS Services: --------- @@ -272,7 +279,7 @@ SYS_SSH_IP..: $SYS_SSH_IP #### # 1. Update Hostname and set timezone #### - +# source vps setup script if "$VPS" then source ./ss_vps.sh @@ -298,7 +305,6 @@ fi #### # 2. Update Debian, Set autoupdate and Install Dependencies #### - echo " ---------------- " @@ -306,28 +312,26 @@ echo "$0 - Starting Debian updates; this will take a while!" echo " ---------------- " - # Make sure all packages are up-to-date apt-get update apt-get upgrade -y apt-get dist-upgrade -y - -# call dependency script +# source dependency script source ./ss_dependencies.sh #### # 3. Create user admin #### -# call user and ssh script +# source user and ssh script source ./ss_user_ssh.sh #### # 4. Install Tor #### -# call tor script +# source tor script source ./ss_tor.sh # sleep 4 seconds for tor to restart @@ -336,54 +340,85 @@ sleep 4 #### # 5. Install Bitcoin #### -# call the bitcoin script -source ./ss_bitcoin.sh +# source bitcoin script +BITCOIND_VERSION=$(bitcoind --version | grep "Bitcoin Core version | awk '{print $4}'") +if [[ -n "$BITCOIND_VERSION" ]] +then + echo "" + echo " ----------" + echo "-----$0 - bitcoind is already installed, version: $BITCOIND_VERSION" + echo " ----------" + echo "" + return 0 +else + source ss_bitcoin.sh +fi +sleep 4 -#### -# Lightning -#### +echo " +------------ -source ./ss_lightning.sh +bitcoind service is: $(systemctl status bitcoind | grep active | awk '{print $2}') +------------ +" #### -# RESET Environment Variables +# Lightning #### +# source lightning script +echo "" +if [[ "$LIGHTNING" = "c-lightning" ]] +then + echo "------Standup - installing c-lightning" + echo "" + source ./ss_c-lightning.sh +else + echo "------Standup - installing lnd" + echo "" + source ./ss_lnd.sh +fi -# system -NOPROMPT=false -STARTUP_REGISTER=true -SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" -# vps -FQDN="" -HOSTNAME="" -REGION="" -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true +# #### +# # RESET Environment Variables +# #### -# lightning -LIGHTNING="c-lightning" +# # system +# NOPROMPT=false +# STARTUP_REGISTER=true +# SYSTEMD_RELOAD=true +# VPS=false +# USERPASSWORD="" -# services -ESPLORA=false -BTCPAYSERVER=false +# # vps +# FQDN="" +# HOSTNAME="" +# REGION="" -# Tor -TOR_PUBKEY="" +# # bitcoind +# NETWORK="mainnet" +# PRUNE="" +# FASTSYNC=false +# HWI=true -# ssh -SSH_KEY="" -SYS_SSH_IP="" +# # lightning +# LIGHTNING="c-lightning" + +# # services +# ESPLORA=false +# BTCPAYSERVER=false + +# # Tor +# TOR_PUBKEY="" + +# # ssh +# SSH_KEY="" +# SYS_SSH_IP="" # Finished, exit script diff --git a/Scripts/scripts/ss_bitcoin.sh b/Scripts/scripts/ss_bitcoin.sh index d941c32..d460788 100644 --- a/Scripts/scripts/ss_bitcoin.sh +++ b/Scripts/scripts/ss_bitcoin.sh @@ -6,11 +6,11 @@ # 5. Install Bitcoin #### -echo " -----------------" +echo "" +echo "----------------" echo "Installing Bitcoin" -echo "---------------- -" +echo "----------------" +echo "" # Download Bitcoin # CURRENT BITCOIN RELEASE: @@ -20,146 +20,139 @@ export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` # # get bitcoin tar.gz, shasums and signing keys # clearnet -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz # sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc -# tor -# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz - -if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] +# onionnet +# If the script fails to download bitcoin-core using the onion link then the onion link might have changed. Check for the updated link here: https://bitcoincore.org/en/2020/03/27/hidden-service/ +# OR alternatively uncomment the clearnet links to download bitcoin over clearnet. +if ! [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] then - echo " - ----------- - Downloading $BITCOIN, this will take a while! ------------ -" -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz + echo "" + echo "-----------" + echo "Downloading $BITCOIN, this will take a while!" + echo "-----------" + echo "" +sudo -u standup torsocks wget --progress=bar:force http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz fi -if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] +if [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] then - echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ - " - echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN -# " -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc + echo "--------------StandUp - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/" + echo "" + echo "----StandUp - downloading SHA256SUMS.asc for $BITCOIN" + echo "" +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc else return 100 fi if [[ -f ~standup/SHA256SUMS.asc ]] then - echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" + echo "----------StandUp - SHA256SSUMS.asc exists at /home/standup/" fi if ! [[ -f ~standup/laanwj-releases.asc ]] then - echo "-----$0 - downloading laanwj-release signature" + echo "-----StandUp - downloading laanwj-release signature" sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc fi -# 404 -# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc - # Verifying Bitcoin: Signature -echo " ------------------ -$0 - Verifying Bitcoin. ------------------ -" +echo "" +echo "-----------------" +echo "StandUp - Verifying Bitcoin." +echo "-----------------" +echo "" sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc export BTC_SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo " ----------SHASIG is $SHASIG -" +echo "" +echo "---------BTC_SHASIG is $BTC_SHASIG" +echo "" if [[ $BTC_SHASIG ]] then - echo " - ------$0 - VERIFICATION SUCCESS / SIG: $BTC_SHASIG - " + echo "" + echo "------StandUp - VERIFICATION SUCCESS / SIG: $BTC_SHASIG" + echo "" else (>&2 echo " - ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! + ------------StandUp - VERIFICATION ERROR: Signature for Bitcoin did not verify! ") return 101 fi # Verify Bitcoin: SHA -export BTC_TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` -export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export BTC_TARSHA256=`/usr/bin/sha256sum ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep "$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` -if [ "$BTC_TARSHA256" == "$BTC_EXPECTEDSHA256" ] +if [[ "$BTC_TARSHA256" = "$BTC_EXPECTEDSHA256" ]] then - echo " - ------$0 - VERIFICATION SUCCESS / SHA: $BTC_TARSHA256 - " + echo "" + echo "------StandUp - VERIFICATION SUCCESS / SHA: $BTC_TARSHA256" + echo "" else (>&2 echo " - -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! + -----------StandUp - VERIFICATION ERROR: SHA for Bitcoin did not match! ") - # return 102 + return 102 fi # Install Bitcoin echo "--------------" -echo " -$0 - Installing Bitcoin. -" -echo "-------------- -" +echo "" +echo "StandUp - Installing Bitcoin." +echo "" +echo "--------------" +echo "" -sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup -/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* -/bin/rm -rf ~standup/$BITCOINPLAIN/ +sudo -u standup /bin/tar xzf ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -C ~standup +/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/"$BITCOINPLAIN"/bin/* +/bin/rm -rf ~standup/"$BITCOINPLAIN"/ # Start Up Bitcoin -echo " -------$0 - Configuring Bitcoin. -" +echo "" +echo "------StandUp - Configuring Bitcoin." +echo "" sudo -u standup /bin/mkdir ~standup/.bitcoin -# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable -# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) if [[ "$PRUNE" -eq 0 ]] then - $PRUNE = "" + PRUNE="" fi cat >> ~standup/.bitcoin/bitcoin.conf << EOF +# launches bitcoind as server to accept rpc connections server=1 + +debug=tor + +# prune prune=$PRUNE + +# rpc credentials rpcuser=StandUp rpcpassword=$RPCPASSWORD rpcallowip=127.0.0.1 -debug=tor -EOF - -if [ -z "$PRUNE" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - txindex=1 -EOF -fi -if [ "$NETWORK" == "testnet" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - testnet=1 +# zmq +zmqpubrawblock=tcp://127.0.0.1:28332 +zmqpubrawtx=tcp://127.0.0.1:28333 EOF -elif [ "$NETWORK" == "regtest" ] +if [[ -z "$PRUNE" ]] then cat >> ~standup/.bitcoin/bitcoin.conf << EOF - regtest=1 + txindex=1 EOF fi +# you are adding anything to the config file then add before this block else, the settings will only be affected in the specified network block. +# conversely, add settings specific to a particular network in their respective blocks. cat >> ~standup/.bitcoin/bitcoin.conf << EOF [test] rpcbind=127.0.0.1 @@ -176,9 +169,9 @@ EOF /bin/chmod 600 ~standup/.bitcoin/bitcoin.conf # Setup bitcoind as a service that requires Tor -echo " --------$0 - Setting up Bitcoin as a systemd service. -" +echo "" +echo "-------StandUp - Setting up Bitcoin as a systemd service." +echo "" sudo cat > /etc/systemd/system/bitcoind.service << EOF # It is not recommended to modify this file in-place, because it will @@ -189,10 +182,12 @@ sudo cat > /etc/systemd/system/bitcoind.service << EOF # Note that almost all daemon options could be specified in # /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments # in ExecStart= + [Unit] Description=Bitcoin daemon After=tor.service Requires=tor.service + [Service] ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf # Process management @@ -200,6 +195,7 @@ ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf Type=simple PIDFile=/run/bitcoind/bitcoind.pid Restart=on-failure + # Directory creation and permissions #################################### # Run as bitcoin:bitcoin @@ -208,6 +204,7 @@ Group=sudo # /run/bitcoind RuntimeDirectory=bitcoind RuntimeDirectoryMode=0710 + # Hardening measures #################### # Provide a private /tmp and /var/tmp. @@ -222,43 +219,45 @@ NoNewPrivileges=true PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true + [Install] WantedBy=multi-user.target EOF -echo " --------$0 - Starting bitcoind service -" +echo "" +echo "-------StandUp - Starting bitcoind service" +echo "" + sudo systemctl enable bitcoind.service sudo systemctl start bitcoind.service #### # 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display #### -if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] +if [[ $(systemctl status bitcoind | grep active | awk '{print $2}') = "active" ]] then # Get the Tor onion address for the QR code HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) # Create the QR string - QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" + QR="btcstandup://StandUp:"$RPCPASSWORD"@"$HS_HOSTNAME":1309/?label=StandUp.sh" # Display the uri text incase QR code does not work - echo "$0 - **************************************************************************************************************" - echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" - echo $QR - echo "$0 - **************************************************************************************************************" - echo " - $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor - " - echo " - $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service - " - echo " - $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service - " + echo "StandUp - **************************************************************************************************************" + echo "StandUp - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" + echo "$QR" + echo "StandUp - **************************************************************************************************************" + echo "" + echo "StandUp - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor" + echo "" + echo "" + echo "StandUp - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service" + echo "" + echo "" + echo "StandUp - You can manually start Bitcoin with: sudo systemctl start bitcoind.service" + echo "" else - echo " - ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. - " + echo "" + echo "ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting." + echo "" fi diff --git a/Scripts/scripts/ss_c-lightning.sh b/Scripts/scripts/ss_c-lightning.sh new file mode 100644 index 0000000..2239dee --- /dev/null +++ b/Scripts/scripts/ss_c-lightning.sh @@ -0,0 +1,108 @@ +#!/bin/bash + +# standup script - install c-lightning + +export CLN_VERSION="v0.8.2.1" +export CLN_DIR="~standup/clightning" + +echo " +----------- +Installing dependencies +----------- +" + +apt-get install -y \ +autoconf automake build-essential git libtool libgmp-dev \ +libsqlite3-dev python3 python3-mako net-tools zlib1g-dev libsodium-dev \ +gettext valgrind python3-pip libpq-dev + +echo " +----------- +Downloading & Installing c-lightning +----------- +" +# get & compile clightning from github +cd /tmp +sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning +cd ~standup/lightning +pyhton3 -m pip install -r requirements.txt +./configure +make +sudo make install + +# lightningd config +mkdir -m 760 ~standup/.lightning +cat >> ~standup/.lightning/config << EOF +network=$NETWORK +proxy=127.0.0.1:9050 +bind-addr=127.0.0.1:9735 +addr=statictor:127.0.0.1:9051 +always-use-proxy=true +EOF + +/bin/chown standup ~standup/.lightning/config +/bin/chmod 640 ~standup/.lightning/config + +echo " +-------$0 - Setting up Bitcoin as a systemd service. +" + +cat > /etc/systemd/system/lightningd.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/lightning/config, except for those explicitly specified as arguments +# in ExecStart= +[Unit] +Description=c-lightning daemon +After=tor.service +Requires=tor.service +[Service] +ExecStart=/usr/local/bin/lightningd -conf=/home/standup/.lightning/config +# Process management +#################### +Type=simple +PIDFile=/run/lightning/lightningd.pid +Restart=on-failure +# Directory creation and permissions +#################################### +# Run as lightningd:lightningd +User=standup +Group=standup +# /run/lightningd +RuntimeDirectory=lightningd +RuntimeDirectoryMode=0710 +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true +[Install] +WantedBy=multi-user.target +EOF + +sudo systemctl enable lightningd.service +sudo systemctl start lightningd.service + +if [ $(systemctl status lightningd | grep active | awk '{print $2}') = "active" ] +then + echo " + -----------$0 - c-lightning Installed and started + " +else + echo " + --------$0 - c-lightning not yet active. + " +fi \ No newline at end of file diff --git a/Scripts/scripts/ss_dependencies.sh b/Scripts/scripts/ss_dependencies.sh index 4df0e68..003f64a 100644 --- a/Scripts/scripts/ss_dependencies.sh +++ b/Scripts/scripts/ss_dependencies.sh @@ -6,11 +6,11 @@ echo " ---------------- " -echo "$0 - Installing haveged (a random number generator), gnupg2 & git" +echo "$0 - Installing haveged (a random number generator), gnupg2, git & make" echo " ---------------- " -apt-get install haveged gnupg2 git -y +apt-get install haveged gnupg2 git make -y echo " ----------------$0 - haveged, gnupg2 & git installed successfully " diff --git a/Scripts/scripts/ss_help.sh b/Scripts/scripts/ss_help.sh index ad5a5bc..4783ebd 100644 --- a/Scripts/scripts/ss_help.sh +++ b/Scripts/scripts/ss_help.sh @@ -2,16 +2,25 @@ # standup script help +# TODO: add bold to flags & vars (echo -e "\x1b[1m bold") or using vars bold=$(tput bold) normal=$(tput sgr0) + # help definition function help () { + +# echo -e '' + +bold=$(tput bold) +normal=$(tput sgr0) +underline=$(tput smul) + cat <<-END -------------------------------------- -Install StandUp Script on this server. +${bold}Install StandUp Script on this server.${normal} -------------------------------------- -standup.sh +${underline}standup.sh${normal} Blockchain Commons Standup Script Contributor: jodobear 20-07-03 @@ -131,6 +140,7 @@ You can use the following optional arguments: ---------- --no-ln : Do NOT install lightning. -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". + --ln-alias : Enter name for your lightning node. Services: --------- @@ -176,6 +186,7 @@ You can use the following optional arguments: # lightning ----------- LIGHTNING="c-lightning"/"lnd"/false, choose lightning network implementation or pass --no-ln to not install lightning. Default: "c-lightning". + LN_ALIAS="", enter a name for your lightning node. Default: "Standup. # services ---------- diff --git a/Scripts/scripts/ss_lightning.sh b/Scripts/scripts/ss_lightning.sh deleted file mode 100644 index 25ceef3..0000000 --- a/Scripts/scripts/ss_lightning.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/bash - -# standup script - lightning installation - -# install c-lightning -if [[ "$LIGHTNING" == "c-lightning" ]] -then - export CLN_VERSION="v0.8.2.1" - export CLN_DIR="~standup/clightning" - - echo " ------------ - Downloading dependencies ------------ - " - apt-get install -y \ - autoconf automake build-essential git libtool libgmp-dev \ - libsqlite3-dev python3 python3-mako net-tools zlib1g-dev libsodium-dev \ - gettext valgrind python3-pip libpq-dev - - echo " ------------ - Downloading & Installing c-lightning ------------ - " - # get clightning binary from github - cd /tmp - sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning - cd ~standup/lightning - pip3 install -r requirements.txt - ./configure - make - sudo make install - cd / - - - # start lightningd - -# cat >> ~standup/.lightning/config << EOF -# proxy=127.0.0.1:9050 -# bind-addr=127.0.0.1:9735 -# addr=statictor:127.0.0.1:9051 -# always-use-proxy=true -# EOF - -# /bin/chown standup ~standup/.lightning/config -# /bin/chmod 600 ~standup/.lightning/config - -# echo " -# -------$0 - Setting up Bitcoin as a systemd service. -# " - -# sudo cat > /etc/systemd/system/bitcoind.service << EOF -# # It is not recommended to modify this file in-place, because it will -# # be overwritten during package upgrades. If you want to add further -# # options or overwrite existing ones then use -# # $ systemctl edit bitcoind.service -# # See "man systemd.service" for details. -# # Note that almost all daemon options could be specified in -# # /etc/lightning/config, except for those explicitly specified as arguments -# # in ExecStart= -# [Unit] -# Description=c-lightning daemon -# After=tor.service -# Requires=tor.service -# [Service] -# ExecStart=/usr/local/bin/lightningd -conf=/home/standup/.lightning/config -# # Process management -# #################### -# Type=simple -# PIDFile=/run/lightning/lightningd.pid -# Restart=on-failure -# # Directory creation and permissions -# #################################### -# # Run as lightningd:lightningd -# User=standup -# Group=sudo -# # /run/lightningd -# RuntimeDirectory=lightningd -# RuntimeDirectoryMode=0710 -# # Hardening measures -# #################### -# # Provide a private /tmp and /var/tmp. -# PrivateTmp=true -# # Mount /usr, /boot/ and /etc read-only for the process. -# ProtectSystem=full -# # Disallow the process and all of its children to gain -# # new privileges through execve(). -# NoNewPrivileges=true -# # Use a new /dev namespace only populated with API pseudo devices -# # such as /dev/null, /dev/zero and /dev/random. -# PrivateDevices=true -# # Deny the creation of writable and executable memory mappings. -# MemoryDenyWriteExecute=true -# [Install] -# WantedBy=multi-user.target -# EOF - -# echo " -# -------$0 - lightningd service active -# " -# sudo systemctl enable lightningd.service -# sudo systemctl start lightningd.service - -# if [ -n "$(systemctl is-active --quiet lightningd)" ] -# then -# echo " -# -----------$0 - c-lightning Installed and started -# " -# fi -fi \ No newline at end of file diff --git a/Scripts/scripts/ss_lnd.sh b/Scripts/scripts/ss_lnd.sh new file mode 100644 index 0000000..cdec13f --- /dev/null +++ b/Scripts/scripts/ss_lnd.sh @@ -0,0 +1,241 @@ +#!/bin/bash + +# standup script - install lnd + +# check if bitcoind is running + +# install Go +GO_VERSION="go1.14.4" +OS="linux" +ARCH="amd64" +GOSHA="aed845e4185a0b2a3c3d5e1d0a35491702c55889192bb9c30e67a3de6849c067" + +## check & remove older go version +if [[ -n $(which go) ]] +then + if [[ $(go version | awk '{print $3}') != "$GO_VERSION" ]] + then + rm -rf /usr/local/go + fi +fi + +## get go +sudo -u standup wget --progress=bar:force https://dl.google.com/go/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -O ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz +GOTARSHA=$(sudo -u standup /usr/bin/sha256sum ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz | awk -F " " '{ print $1 }') + +if [[ "$GOTARSHA" != "$GOSHA" ]] +then + echo " + ---------$0 - Go checksum validation failed. Exiting. + " + return 201 +else + echo " + --------$0 - Go checksum validated. Continuing with installing LND. + " +fi + +# get go_sha from website to check +sudo -u standup /bin/tar xzf ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -C ~standup +sudo mv ~standup/go /usr/local + +export PATH="$PATH":/usr/local/go/bin:"$GOPATH"/bin +export GOPATH=~standup/gocode + +# test go +if [[ $(go version | awk '{print $3}') = "$GO_VERSION" ]] +then + echo " + ----------$0 - $GO_VERSION successfully installed + " +else + echo " + ----------$0 - Go not installed, cannot install lnd + " + return 202 +fi + +# build lnd +echo " +--------$0 - getting lnd... this will take a while! +" +go get -d github.com/lightningnetwork/lnd +cd "$GOPATH"/src/github.com/lightningnetwork/lnd +make +make install # installs to /home/standup/gocode/bin which is $GOPATH/bin + +LND_VERSION=$(lnd --version) +echo " +-----------$0 - installed $LND_VERSION +" + +sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin + +# create symbolic link to bitcoin config +ln -s /etc/bitcoin/bitcoin.conf ~/.bitcoin/bitcoin.conf + +# create necessary directories +mkdir -p /etc/lnd +mkdir -p /var/lib/lnd +mkdir -p ~standup/.lnd +chown standup:standup -R /var/lib/lnd +# chown standup:root -R /etc/lnd + + +BTC_NETWORK="" +if [[ "$NETWORK" = "mainnet" ]] +then + BTC_NETWORK="bitcoin.mainnet=1" +elif [[ "$NETWORK" = "testnet" ]] +then + BTC_NETWORK="bitcoin.testnet=1" +else + BTC_NETWORK="bitcoin.regtest=1" +fi + +BITCOINDRPC_USER=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcuser | awk -F = '{print $2}') +BITCOINRPC_PASS=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcpassword | awk -F = '{print $2}') + +# create lnd config +cat > /etc/lnd/lnd.conf << EOF +[Application Options] +datadir=/var/lib/lnd/data +tlscertpath=/var/lib/lnd/tls.cert +tlskeypath=/var/lib/lnd/tls.key +logdir=/var/lib/lnd/logs +maxlogfiles=3 +maxlogfilesize=10 +#externalip=1.1.1.1 # change to your public IP address if required. +alias=$LN_ALIAS +listen=0.0.0.0:9375 +debuglevel=debug + +[Bitcoin] +bitcoin.active=1 +bitcoin.node=bitcoind +$BTC_NETWORK + +#[Bitcoind] +#bitcoind.rpchost=localhost +#bitcoind.rpcuser=$BITCOINRPC_USER +#bitcoind.rpcpass=$BITCOINRPC_PASS +#bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 +#bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 + +[tor] +tor.active=true +tor.v3=true +EOF + +# set appropriate permissions +chmod 644 /etc/lnd/lnd.conf +# cp /etc/lnd/lnd.conf ~standup/.lnd/ +# chown standup:root ~standup/.lnd/lnd.conf + +ln -s /var/lib/lnd ~/standup/.lnd + + +# create systemd service +cat > /etc/systemd/system/lnd.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit lnd.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/lnd/lnd.conf, except for those explicitly specified as arguments +# in ExecStart= + +[Unit] +Description=LND Lightning Network Daemon +Requires=bitcoind.service +After=bitcoind.service + +[Service] +ExecStart=/usr/bin/lnd --configfile=/etc/lnd/lnd.conf +ExecStop=/usr/bin/lncli --lnddir /var/lib/lnd stop +PIDFile=/run/lnd/lnd.pid + +User=standup +Group=standup + +Type=simple +KillMode=process +TimeoutStartSec=60 +TimeoutStopSec=60 +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target +EOF + + +# [Unit] +# Description=LND Lightning Daemon +# Wants=bitcoind.service +# After=bitcoind.service + +# # for use with sendmail alert +# #OnFailure=systemd-sendmail@%n + +# [Service] +# EnvironmentFile=/run/publicip +# ExecStart=/usr/local/bin/lnd --sync-freelist --externalip=${PUBLICIP}:9736 +# PIDFile=/home/bitcoin/.lnd/lnd.pid +# User=bitcoin +# Group=bitcoin +# LimitNOFILE=128000 +# Type=simple +# KillMode=process +# TimeoutSec=180 +# Restart=always +# RestartSec=60 + +# [Install] +# WantedBy=multi-user.target +# # + +#enable lnd service +sudo systemctl enable lnd +sudo systemctl start lnd + +# check if lnd running +echo " +-------$0 - Checking if LND is running +" +waiting=6 +while [[ $(systemctl is-active lnd) != "active" ]] && [[ "$waiting" -gt 0 ]] +do +sleep 10 +echo "waiting..." +"$waiting"="$waiting" - 1 + if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]] + then + echo " + --------$0 - LND service now is active. + " + echo " + -------$0 - chekcing LND and Tor.. + " + LND_TOR_ADDRESS=$(lncli getinfo | grep onion) + if [[ -n "$LND_TOR_ADDRESS" ]] + then + echo "--------$0 - Your LND Tor address is: + + $LND_TOR_ADDRESS + " + fi + echo "LND is fully active and working with Tor. + To create a wallet do (without the $) : + $ lncli create + " + else + echo " + -------$0 - LND not yet active. Check manually using (without the $) : + + $ sudo systemctl status lnd + " + fi +break +done diff --git a/Scripts/scripts/ss_user_ssh.sh b/Scripts/scripts/ss_user_ssh.sh index 82de368..f948b75 100644 --- a/Scripts/scripts/ss_user_ssh.sh +++ b/Scripts/scripts/ss_user_ssh.sh @@ -4,16 +4,18 @@ if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] then - echo " ----------------- - " + echo "" + echo "----------------" + echo "" echo "Creating user standup" - echo " ----------------- - " - # Create "standup" user with optional password and give them sudo capability + echo "" + echo "----------------" + echo "" + # Create "standup" group & user with optional password and give them sudo capability + /usr/sbin/groupadd standup /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup /usr/sbin/adduser standup sudo + /usr/sbin/adduser standup standup echo " ---------------- diff --git a/Scripts/scripts/ss_vps.sh b/Scripts/scripts/ss_vps.sh index 54bd08e..99de11a 100644 --- a/Scripts/scripts/ss_vps.sh +++ b/Scripts/scripts/ss_vps.sh @@ -3,7 +3,6 @@ # standup script - vps hostname settings IPADDR="" -REGION="" # Check for FQDN & HOSTNAME if --vps if "$VPS" && [[ -z "$HOSTNAME" ]] @@ -35,8 +34,9 @@ fi echo " ----------------" -echo "HOSTNAME: $HOSTNAME" > /etc/hostname -echo "----------------" +HOSTNAME: $HOSTNAME" > /etc/hostname +---------------- +" /bin/hostname "$HOSTNAME" # Set the variable $IPADDR to the IP address the new Linode receives. @@ -45,14 +45,16 @@ IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') echo "$0 - Set hostname as $FQDN ($IPADDR)" echo " ***********************" -echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." -echo " *********************** + $0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." + *********************** " echo "$0 - Set Time Zone to $REGION" echo $REGION > /etc/timezone cp /usr/share/zoneinfo/${REGION} /etc/localtime -echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." +echo " + -------$0 - Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file. + " # Add localhost aliases echo "127.0.0.1 localhost" > /etc/hosts From ec03d0ea22ad53916f066042ad0c76e0b66c3993 Mon Sep 17 00:00:00 2001 From: jodobear Date: Thu, 23 Jul 2020 17:47:32 +0200 Subject: [PATCH 07/16] base working scripts to develop on --- Scripts/scripts/{ss_vps.sh => ss_00.1_vps.sh} | 0 Scripts/scripts/{ss.sh => ss_00_main.sh} | 18 ++--- Scripts/scripts/{ss_help.sh => ss_01_help.sh} | 0 ..._dependencies.sh => ss_02_dependencies.sh} | 0 .../{ss_user_ssh.sh => ss_03_user_ssh.sh} | 0 Scripts/scripts/{ss_tor.sh => ss_04_tor.sh} | 0 .../{ss_bitcoin.sh => ss_05_bitcoin.sh} | 0 ...ss_c-lightning.sh => ss_06_c-lightning.sh} | 26 +++--- Scripts/scripts/{ss_lnd.sh => ss_06_lnd.sh} | 81 +++++++++---------- 9 files changed, 61 insertions(+), 64 deletions(-) rename Scripts/scripts/{ss_vps.sh => ss_00.1_vps.sh} (100%) rename Scripts/scripts/{ss.sh => ss_00_main.sh} (96%) rename Scripts/scripts/{ss_help.sh => ss_01_help.sh} (100%) rename Scripts/scripts/{ss_dependencies.sh => ss_02_dependencies.sh} (100%) rename Scripts/scripts/{ss_user_ssh.sh => ss_03_user_ssh.sh} (100%) rename Scripts/scripts/{ss_tor.sh => ss_04_tor.sh} (100%) rename Scripts/scripts/{ss_bitcoin.sh => ss_05_bitcoin.sh} (100%) rename Scripts/scripts/{ss_c-lightning.sh => ss_06_c-lightning.sh} (82%) rename Scripts/scripts/{ss_lnd.sh => ss_06_lnd.sh} (80%) diff --git a/Scripts/scripts/ss_vps.sh b/Scripts/scripts/ss_00.1_vps.sh similarity index 100% rename from Scripts/scripts/ss_vps.sh rename to Scripts/scripts/ss_00.1_vps.sh diff --git a/Scripts/scripts/ss.sh b/Scripts/scripts/ss_00_main.sh similarity index 96% rename from Scripts/scripts/ss.sh rename to Scripts/scripts/ss_00_main.sh index 7c60824..45714a2 100644 --- a/Scripts/scripts/ss.sh +++ b/Scripts/scripts/ss_00_main.sh @@ -60,7 +60,7 @@ do key="$1" case $key in -h|--help) - source ./ss_help.sh + source ./ss_01_help.sh return 3 ;; -y) @@ -282,7 +282,7 @@ SYS_SSH_IP..: $SYS_SSH_IP # source vps setup script if "$VPS" then - source ./ss_vps.sh + source ./ss_00.1_vps.sh fi @@ -318,21 +318,21 @@ apt-get upgrade -y apt-get dist-upgrade -y # source dependency script -source ./ss_dependencies.sh +source ./ss_02_dependencies.sh #### # 3. Create user admin #### # source user and ssh script -source ./ss_user_ssh.sh +source ./ss_03_user_ssh.sh #### # 4. Install Tor #### # source tor script -source ./ss_tor.sh +source ./ss_04_tor.sh # sleep 4 seconds for tor to restart sleep 4 @@ -351,7 +351,7 @@ then echo "" return 0 else - source ss_bitcoin.sh + source ./ss_05_bitcoin.sh fi sleep 4 @@ -375,14 +375,14 @@ if [[ "$LIGHTNING" = "c-lightning" ]] then echo "------Standup - installing c-lightning" echo "" - source ./ss_c-lightning.sh + source ./ss_06_c-lightning.sh else echo "------Standup - installing lnd" echo "" - source ./ss_lnd.sh + source ./ss_06_lnd.sh fi - +su standup # #### # # RESET Environment Variables diff --git a/Scripts/scripts/ss_help.sh b/Scripts/scripts/ss_01_help.sh similarity index 100% rename from Scripts/scripts/ss_help.sh rename to Scripts/scripts/ss_01_help.sh diff --git a/Scripts/scripts/ss_dependencies.sh b/Scripts/scripts/ss_02_dependencies.sh similarity index 100% rename from Scripts/scripts/ss_dependencies.sh rename to Scripts/scripts/ss_02_dependencies.sh diff --git a/Scripts/scripts/ss_user_ssh.sh b/Scripts/scripts/ss_03_user_ssh.sh similarity index 100% rename from Scripts/scripts/ss_user_ssh.sh rename to Scripts/scripts/ss_03_user_ssh.sh diff --git a/Scripts/scripts/ss_tor.sh b/Scripts/scripts/ss_04_tor.sh similarity index 100% rename from Scripts/scripts/ss_tor.sh rename to Scripts/scripts/ss_04_tor.sh diff --git a/Scripts/scripts/ss_bitcoin.sh b/Scripts/scripts/ss_05_bitcoin.sh similarity index 100% rename from Scripts/scripts/ss_bitcoin.sh rename to Scripts/scripts/ss_05_bitcoin.sh diff --git a/Scripts/scripts/ss_c-lightning.sh b/Scripts/scripts/ss_06_c-lightning.sh similarity index 82% rename from Scripts/scripts/ss_c-lightning.sh rename to Scripts/scripts/ss_06_c-lightning.sh index 2239dee..5558d2f 100644 --- a/Scripts/scripts/ss_c-lightning.sh +++ b/Scripts/scripts/ss_06_c-lightning.sh @@ -3,7 +3,7 @@ # standup script - install c-lightning export CLN_VERSION="v0.8.2.1" -export CLN_DIR="~standup/clightning" +export LIGHTNING_DIR="~standup/.lightning" echo " ----------- @@ -13,8 +13,8 @@ Installing dependencies apt-get install -y \ autoconf automake build-essential git libtool libgmp-dev \ -libsqlite3-dev python3 python3-mako net-tools zlib1g-dev libsodium-dev \ -gettext valgrind python3-pip libpq-dev +libsqlite3-dev python3 python3-mako net-tools zlib1g-dev \ +libsodium-dev gettext valgrind python3-pip libpq-dev echo " ----------- @@ -22,29 +22,31 @@ Downloading & Installing c-lightning ----------- " # get & compile clightning from github -cd /tmp sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning cd ~standup/lightning -pyhton3 -m pip install -r requirements.txt +git checkout $CLN_VERSION +python3 -m pip install -r requirements.txt ./configure -make +make -j$(nproc --ignore=1) --quiet sudo make install # lightningd config -mkdir -m 760 ~standup/.lightning -cat >> ~standup/.lightning/config << EOF -network=$NETWORK +mkdir -m 760 "$LIGHTNING_DIR" +chown standup -R "$LIGHTNING_DIR" +cat >> "$LIGHTNING_DIR"/config << EOF +alias=StandUp +log-level=debug +log-prefix=standup proxy=127.0.0.1:9050 bind-addr=127.0.0.1:9735 addr=statictor:127.0.0.1:9051 always-use-proxy=true EOF -/bin/chown standup ~standup/.lightning/config -/bin/chmod 640 ~standup/.lightning/config +/bin/chmod 640 "$LIGHTNING_DIR"/config echo " --------$0 - Setting up Bitcoin as a systemd service. +-------$0 - Setting up c-lightning as a systemd service. " cat > /etc/systemd/system/lightningd.service << EOF diff --git a/Scripts/scripts/ss_lnd.sh b/Scripts/scripts/ss_06_lnd.sh similarity index 80% rename from Scripts/scripts/ss_lnd.sh rename to Scripts/scripts/ss_06_lnd.sh index cdec13f..09d72bc 100644 --- a/Scripts/scripts/ss_lnd.sh +++ b/Scripts/scripts/ss_06_lnd.sh @@ -72,15 +72,10 @@ echo " sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin # create symbolic link to bitcoin config -ln -s /etc/bitcoin/bitcoin.conf ~/.bitcoin/bitcoin.conf +ln -s /etc/bitcoin/bitcoin.conf ~standup/.bitcoin/bitcoin.conf -# create necessary directories +# create config necessary directories mkdir -p /etc/lnd -mkdir -p /var/lib/lnd -mkdir -p ~standup/.lnd -chown standup:standup -R /var/lib/lnd -# chown standup:root -R /etc/lnd - BTC_NETWORK="" if [[ "$NETWORK" = "mainnet" ]] @@ -127,13 +122,11 @@ tor.active=true tor.v3=true EOF -# set appropriate permissions +# set directories & appropriate permissions +mkdir -p /var/lib/lnd +chown standup:root -R /var/lib/lnd +chown standup:root -R /etc/lnd chmod 644 /etc/lnd/lnd.conf -# cp /etc/lnd/lnd.conf ~standup/.lnd/ -# chown standup:root ~standup/.lnd/lnd.conf - -ln -s /var/lib/lnd ~/standup/.lnd - # create systemd service cat > /etc/systemd/system/lnd.service << EOF @@ -170,6 +163,8 @@ RestartSec=60 WantedBy=multi-user.target EOF +ln -s /var/lib/lnd ~standup/.lnd + # [Unit] # Description=LND Lightning Daemon @@ -204,38 +199,38 @@ sudo systemctl start lnd echo " -------$0 - Checking if LND is running " -waiting=6 -while [[ $(systemctl is-active lnd) != "active" ]] && [[ "$waiting" -gt 0 ]] -do +# waiting=3 +# while [[ $(systemctl is-active lnd) != "active" ]] && [[ "$waiting" -gt 0 ]] +# do +# echo "waiting..." sleep 10 -echo "waiting..." -"$waiting"="$waiting" - 1 - if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]] +# "$waiting"="$waiting" - 1 +if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]]; then + echo " + --------$0 - LND service now is active. + " + echo " + -------$0 - chekcing LND and Tor.. + " + LND_TOR_ADDRESS=$(lncli getinfo | grep onion) + if [[ -n "$LND_TOR_ADDRESS" ]] then - echo " - --------$0 - LND service now is active. - " - echo " - -------$0 - chekcing LND and Tor.. - " - LND_TOR_ADDRESS=$(lncli getinfo | grep onion) - if [[ -n "$LND_TOR_ADDRESS" ]] - then - echo "--------$0 - Your LND Tor address is: - - $LND_TOR_ADDRESS - " - fi - echo "LND is fully active and working with Tor. - To create a wallet do (without the $) : - $ lncli create - " - else - echo " - -------$0 - LND not yet active. Check manually using (without the $) : + echo "--------$0 - Your LND Tor address is: - $ sudo systemctl status lnd + $LND_TOR_ADDRESS " fi -break -done + echo "LND is fully active and working with Tor. + To create a wallet do (without the $) : + $ lncli create + " + exit 0 +else + echo " + -------$0 - LND not yet active. Check manually using (without the $) : + + $ sudo systemctl status lnd + " +fi +# break +# done From 460357701e166657383ba5e9bf5c29c73a7ba419 Mon Sep 17 00:00:00 2001 From: jodobear Date: Thu, 23 Jul 2020 18:23:49 +0200 Subject: [PATCH 08/16] perfectly working lightning installation --- Scripts/scripts/ss_00_main.sh | 2 -- Scripts/scripts/ss_06_c-lightning.sh | 1 + 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Scripts/scripts/ss_00_main.sh b/Scripts/scripts/ss_00_main.sh index 45714a2..567d660 100644 --- a/Scripts/scripts/ss_00_main.sh +++ b/Scripts/scripts/ss_00_main.sh @@ -382,8 +382,6 @@ else source ./ss_06_lnd.sh fi -su standup - # #### # # RESET Environment Variables # #### diff --git a/Scripts/scripts/ss_06_c-lightning.sh b/Scripts/scripts/ss_06_c-lightning.sh index 5558d2f..930cdd1 100644 --- a/Scripts/scripts/ss_06_c-lightning.sh +++ b/Scripts/scripts/ss_06_c-lightning.sh @@ -102,6 +102,7 @@ if [ $(systemctl status lightningd | grep active | awk '{print $2}') = "active" then echo " -----------$0 - c-lightning Installed and started + Wait for the bitcoind to fully sync with the blockchain and then interact with lightningd. " else echo " From d7a9b32db8666c74521e5fe1da3de2b9c18bc57c Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 27 Jul 2020 15:30:12 +0200 Subject: [PATCH 09/16] working c-lightning, lnd and btcpayserver using local bitcoin data --- Scripts/scripts/ss_00.1_vps.sh | 4 +- Scripts/scripts/ss_00_main.sh | 188 +++++++++++++------------- Scripts/scripts/ss_02_dependencies.sh | 20 +-- Scripts/scripts/ss_03_user_ssh.sh | 36 ++--- Scripts/scripts/ss_04_tor.sh | 20 ++- Scripts/scripts/ss_05.1_hwi.sh | 25 ++++ Scripts/scripts/ss_05_bitcoin.sh | 99 +++++++------- Scripts/scripts/ss_06.1_rtl.sh | 45 ++++++ Scripts/scripts/ss_06_c-lightning.sh | 28 ++-- Scripts/scripts/ss_06_lnd.sh | 99 +++++--------- Scripts/scripts/ss_07_btcpayserver.sh | 92 +++++++++++++ Scripts/scripts/ss_08_esplora.sh | 24 ++++ 12 files changed, 405 insertions(+), 275 deletions(-) create mode 100644 Scripts/scripts/ss_05.1_hwi.sh create mode 100644 Scripts/scripts/ss_06.1_rtl.sh create mode 100644 Scripts/scripts/ss_07_btcpayserver.sh create mode 100644 Scripts/scripts/ss_08_esplora.sh diff --git a/Scripts/scripts/ss_00.1_vps.sh b/Scripts/scripts/ss_00.1_vps.sh index 99de11a..9a129f2 100644 --- a/Scripts/scripts/ss_00.1_vps.sh +++ b/Scripts/scripts/ss_00.1_vps.sh @@ -45,7 +45,7 @@ IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') echo "$0 - Set hostname as $FQDN ($IPADDR)" echo " ***********************" - $0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." + $MESSAGE_PREFIX TODO: Put $FQDN with IP $IPADDR in your main DNS file." *********************** " echo "$0 - Set Time Zone to $REGION" @@ -53,7 +53,7 @@ echo $REGION > /etc/timezone cp /usr/share/zoneinfo/${REGION} /etc/localtime echo " - -------$0 - Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file. + $MESSAGE_PREFIX Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file. " # Add localhost aliases diff --git a/Scripts/scripts/ss_00_main.sh b/Scripts/scripts/ss_00_main.sh index 567d660..525e33e 100644 --- a/Scripts/scripts/ss_00_main.sh +++ b/Scripts/scripts/ss_00_main.sh @@ -3,7 +3,6 @@ # standup.sh # TODO: Get opinion on `` vs $() as backticks are portable to legacy shells -# TODO: Sort c-lightning & lnd installation set +ex @@ -13,6 +12,8 @@ if [[ "$0" = "$BASH_SOURCE" ]]; then return 1 fi +MESSAGE_PREFIX="-------Standup -" + #### # Environment Variables #### @@ -41,22 +42,21 @@ LN_ALIAS="StandUp" ESPLORA=false BTCPAYSERVER=false -# Tor +# Tor & SSH TOR_PUBKEY="" - -# ssh SSH_KEY="" SYS_SSH_IP="" - +# btcpay server +BTCPAY_HOST="" +BTCPAY_LN="c-lightning" #### # Parsing Arguments #### PARAMS="" -while (( "$#" )) -do +while (( "$#" )); do key="$1" case $key in -h|--help) @@ -92,17 +92,14 @@ key="$1" shift 1 ;; -n|--network) - if [ "${2:0:1}" = "-" ] - then + if [ "${2:0:1}" = "-" ]; then echo "Network flag passed without value. Installing default network: mainnet." shift 1 - elif [[ -n "$2" ]] && [[ "$2" = "mainnet" ]] || [[ "$2" = "testnet" ]] || [[ "$2" = "regtest" ]] - then + elif [[ -n "$2" ]] && [[ "$2" = "mainnet" ]] || [[ "$2" = "testnet" ]] || [[ "$2" = "regtest" ]]; then NETWORK="$2" else echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" - while [[ "$NETWROK" != "mainnet" ]] || [[ "$NETWROK" != "testnet" ]] || [[ "$NETWROK" != "regtest" ]] - do + while [[ "$NETWROK" != "mainnet" ]] || [[ "$NETWROK" != "testnet" ]] || [[ "$NETWROK" != "regtest" ]]; do read -pr "Enter which network do you want to default to: " NETWORK done fi @@ -110,17 +107,14 @@ key="$1" shift 1 ;; -p|--prune) - if [ "${2:0:1}" = "-" ] - then + if [ "${2:0:1}" = "-" ]; then echo "Prune flag passed without value. Installing default: unpruned node." shift 1 - elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] - then + elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]]; then PRUNE="$2" else echo "ERROR: Minimum prune value is 550. Passed $2" - # while [[ "$PRUNE" -lt 550 ]] - # do + # while [[ "$PRUNE" -lt 550 ]]; do # read -pr "Enter a value above 550 or 0 if you want to install an unpruned node (you can change this later): " PRUNE # done return 1 @@ -141,24 +135,13 @@ key="$1" shift 1 ;; -l|--lightning) - if [ "${2:0:1}" = "-" ] - then + if [ "${2:0:1}" = "-" ]; then echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" shift 1 - elif [[ -n "$2" ]] && [[ "$2" = "c-lightning" ]] || [[ "$2" = "lnd" ]] - then + elif [[ -n "$2" ]] && [[ "$2" = "c-lightning" ]] || [[ "$2" = "lnd" ]]; then LIGHTNING="$2" else - if [[ -z "$2" ]] - then - echo "ERROR: You provided the flag -l or --lightning but didn't provide the implementation. Please enter c-lightning or lnd." - else - echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2." - fi - # while [[ "$LIGHTNING" != "c-lightning" ]] || [[ "$LIGHTNING" != "lnd" ]] - # do - # read -pr "Enter c-lightning or lnd implementations or false if you don't want to install lightning: " LIGHTNING - # done + echo "ERROR: Invalid lightning implementation. Pass 'c-lightning' or 'lnd'. Passed $2." return 1 fi shift 1 @@ -169,14 +152,6 @@ key="$1" shift 1 shift 1 ;; - --esplora) - ESPLORA=true - shift 1 - ;; - --btcpay) - BTCPAYSERVER=true - shift 1 - ;; -t|--tor-pubkey) TOR_PUBKEY="$2" shift 1 @@ -188,10 +163,28 @@ key="$1" shift 1 ;; --sys-ssh-ip) - SYS_SSH_IP="$2" - shift 1 - shift 1 - ;; + SYS_SSH_IP="$2" + shift 1 + shift 1 + ;; + --esplora) + ESPLORA=true + shift 1 + ;; + --btcpay) + BTCPAYSERVER=true + shift 1 + ;; + --btcpay-host) + BTCPAY_HOST="$2" + shift 1 + shift 1 + ;; + --btcpay-ln) + BTCPAY_LN="$2" + shift 1 + shift 1 + ;; --) # end argument parsing shift 1 break @@ -217,16 +210,15 @@ set -- "$PARAMS" # set positional parameters in order # if you are not logged in as root then the script will not execute echo " ----------------" -echo "$0 - Checking if logged in as root." +echo "$MESSAGE_PREFIX Checking if logged in as root." echo "----------------" -if ! [ "$(id -u)" == 0 ] -then - echo "$0 - You need to be logged in as root!" +if ! [ "$(id -u)" == 0 ]; then + echo "$MESSAGE_PREFIX You need to be logged in as root!" return 2 fi -echo "$0 - Logged in as root. Continuing with installation." -echo "---------------- +echo "$MESSAGE_PREFIX Logged in as root. Continuing with installation. +---------------- " # Output stdout and stderr to ~root files exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) @@ -241,38 +233,43 @@ Parameters Passed: System ------ -NOPROMPT..........: $NOPROMPT -VPS...............: $VPS -USERPASSWORD......: $USERPASSWORD +NOPROMPT......: $NOPROMPT +VPS...........: $VPS +USERPASSWORD..: $USERPASSWORD VPS --- -FQDN......: $FQDN -HOSTNAME..: $HOSTNAME -REGION....: $REGION +FQDN..........: $FQDN +HOSTNAME......: $HOSTNAME +REGION........: $REGION -Bitcoin: +Bitcoin -------- -NETWORK...: $NETWORK -PRUNE.....: $PRUNE -FASTSYNC..: $FASTSYNC -HWI.......: $HWI +NETWORK.......: $NETWORK +PRUNE.........: $PRUNE +FASTSYNC......: $FASTSYNC +HWI...........: $HWI -Lightning: +Lightning ---------- -LIGHTNING..: $LIGHTNING -LN_ALIAS...: $LN_ALIAS +LIGHTNING.....: $LIGHTNING +LN_ALIAS......: $LN_ALIAS -Services: +Services --------- ESPLORA.......: $ESPLORA BTCPAYSERVER..: $BTCPAYSERVER -Tor & SSH: +Tor & SSH ---------- -TOR_PUBKEY..: $TOR_PUBKEY -SSH_KEY.....: $SSH_KEY -SYS_SSH_IP..: $SYS_SSH_IP +TOR_PUBKEY....: $TOR_PUBKEY +SSH_KEY.......: $SSH_KEY +SYS_SSH_IP....: $SYS_SSH_IP + +BTCPAY Server +------------- +BTCPAY_HOST...: $BTCPAY_HOST +BTCPAY_LN.....: $BTCPAY_LN " @@ -280,20 +277,17 @@ SYS_SSH_IP..: $SYS_SSH_IP # 1. Update Hostname and set timezone #### # source vps setup script -if "$VPS" -then +if "$VPS"; then source ./ss_00.1_vps.sh fi # prompt user before continuing with installation -if ! "$NOPROMPT" -then +if ! "$NOPROMPT"; then read -rp "Continue with installation? (Y/n): " confirm fi -if [[ "$confirm" != [yY] ]] -then +if [[ "$confirm" != [yY] ]]; then echo "Entered $confirm. Exiting.." return 8 else @@ -307,11 +301,10 @@ fi #### echo " ---------------- -" -echo "$0 - Starting Debian updates; this will take a while!" -echo " +$MESSAGE_PREFIX Starting Debian updates; this will take a while! ---------------- " + # Make sure all packages are up-to-date apt-get update apt-get upgrade -y @@ -342,13 +335,12 @@ sleep 4 #### # source bitcoin script BITCOIND_VERSION=$(bitcoind --version | grep "Bitcoin Core version | awk '{print $4}'") -if [[ -n "$BITCOIND_VERSION" ]] -then - echo "" - echo " ----------" - echo "-----$0 - bitcoind is already installed, version: $BITCOIND_VERSION" - echo " ----------" - echo "" +if [[ -n "$BITCOIND_VERSION" ]]; then + echo " + ---------------- + $MESSAGE_PREFIX bitcoind is already installed, version: $BITCOIND_VERSION + ---------------- + " return 0 else source ./ss_05_bitcoin.sh @@ -358,30 +350,32 @@ sleep 4 echo " ------------- - -bitcoind service is: $(systemctl status bitcoind | grep active | awk '{print $2}') +---------------- ------------- + $MESSAGE_PREFIX bitcoind service is: $(systemctl status bitcoind | grep active | awk '{print $2}') +---------------- " #### # Lightning #### # source lightning script -echo "" -if [[ "$LIGHTNING" = "c-lightning" ]] -then - echo "------Standup - installing c-lightning" - echo "" +if [[ "$LIGHTNING" = "c-lightning" ]]; then source ./ss_06_c-lightning.sh else - echo "------Standup - installing lnd" - echo "" source ./ss_06_lnd.sh fi + +#### +# BTCPay Server +#### +# source btcpay script +if "$BTCPAYSERVER"; then + source ./ss_07_btcpayserver.sh +fi + # #### # # RESET Environment Variables # #### diff --git a/Scripts/scripts/ss_02_dependencies.sh b/Scripts/scripts/ss_02_dependencies.sh index 003f64a..afb92c6 100644 --- a/Scripts/scripts/ss_02_dependencies.sh +++ b/Scripts/scripts/ss_02_dependencies.sh @@ -5,38 +5,30 @@ # Install haveged (a random number generator) echo " ---------------- -" -echo "$0 - Installing haveged (a random number generator), gnupg2, git & make" -echo " + $MESSAGE_PREFIX Installing haveged (a random number generator), gnupg2, git & make ---------------- " apt-get install haveged gnupg2 git make -y echo " -----------------$0 - haveged, gnupg2 & git installed successfully +$MESSAGE_PREFIX haveged, gnupg2 & git installed successfully " # Set system to automatically update echo " ---------------- -" -echo "$0 - setting system to automatically update" -echo " +$MESSAGE_PREFIX setting system to automatically update ---------------- " echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections apt-get -y install unattended-upgrades echo " -----------------$0 - Debian Packages updated +$MESSAGE_PREFIX Debian Packages updated " # Get uncomplicated firewall and deny all incoming connections except SSH if [ -z "$(which ufw)" ] then echo " ----------------- - " - echo "$0 - Installing ufw" - echo " ----------------- +$MESSAGE_PREFIX Installing ufw " apt-get install ufw fi @@ -45,5 +37,5 @@ ufw allow ssh ufw --force enable echo " -----------------$0 - ufw is installed and enabled. +$MESSAGE_PREFIX ufw is installed and enabled. " \ No newline at end of file diff --git a/Scripts/scripts/ss_03_user_ssh.sh b/Scripts/scripts/ss_03_user_ssh.sh index f948b75..3f413c7 100644 --- a/Scripts/scripts/ss_03_user_ssh.sh +++ b/Scripts/scripts/ss_03_user_ssh.sh @@ -4,13 +4,11 @@ if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] then - echo "" - echo "----------------" - echo "" - echo "Creating user standup" - echo "" - echo "----------------" - echo "" + echo " +---------------- + $MESSAGE_PREFIX Creating user standup +---------------- + " # Create "standup" group & user with optional password and give them sudo capability /usr/sbin/groupadd standup /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup @@ -18,16 +16,12 @@ then /usr/sbin/adduser standup standup echo " ----------------- - " - echo "$0 - User standup created with sudo access." - echo " ----------------- + $MESSAGE_PREFIX User standup created with sudo access. " else - echo "----------------" - echo "User standup already exists." - echo "----------------" + echo "---------------- + $MESSAGE_PREFIX User standup already exists. + ----------------" fi # Setup SSH Key if the user added one as an argument @@ -38,9 +32,7 @@ then chown -R standup ~standup/.ssh echo " ---------------- - " - echo "$0 - Added .ssh key to standup." - echo " +$MESSAGE_PREFIX Added .ssh key to standup. ---------------- " fi @@ -52,17 +44,13 @@ then echo "sshd: ALL" >> /etc/hosts.deny echo " ---------------- - " - echo "$0 - Limited SSH access." - echo " +$MESSAGE_PREFIX Limited SSH access. ---------------- " else echo " **************** - " - echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" - echo " + $MESSAGE_PREFIX WARNING: Your SSH access is not limited; this is a major security hole! **************** " fi \ No newline at end of file diff --git a/Scripts/scripts/ss_04_tor.sh b/Scripts/scripts/ss_04_tor.sh index e445c0d..e808774 100644 --- a/Scripts/scripts/ss_04_tor.sh +++ b/Scripts/scripts/ss_04_tor.sh @@ -9,9 +9,7 @@ # Download tor echo " ---------------- -" -echo "Installing Tor" -echo " + $MESSAGE_PREFIX Installing Tor ---------------- " # To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: @@ -19,7 +17,7 @@ if [ -z "$(which apt-transport-https)" ] then apt-get install apt-transport-https -y echo " - --------------apt-transport-https installed + $MESSAGE_PREFIX apt-transport-https installed " fi @@ -28,7 +26,7 @@ if [ -z "$(which torsocks)" ] then apt-get install torsocks -y echo " - --------------torsocks installed + $MESSAGE_PREFIX torsocks installed " fi @@ -61,10 +59,8 @@ HiddenServiceDir \/var\/lib\/tor\/standup\/\ HiddenServiceVersion 3\ HiddenServicePort 1309 127.0.0.1:18332\ HiddenServicePort 1309 127.0.0.1:18443\ -HiddenServicePort 1309 127.0.0.1:8332\ -HiddenServiceDir /var/lib/tor/lightningd-service_v2/ -HiddenServiceVersion 3\ -HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc +HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc + mkdir /var/lib/tor/standup chown -R debian-tor:debian-tor /var/lib/tor/standup chmod 700 /var/lib/tor/standup @@ -79,7 +75,7 @@ sudo systemctl restart tor.service if [ "$(systemctl is-active tor) | grep active" ] then echo " ---------------$0 - Tor installed and successfully started +$MESSAGE_PREFIX Tor installed and successfully started " fi @@ -102,11 +98,11 @@ then sudo systemctl restart tor.service echo " - ---------$0 - Successfully added Tor V3 authentication + $MESSAGE_PREFIX Successfully added Tor V3 authentication " else echo " - ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet + $MESSAGE_PREFIX No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet " fi diff --git a/Scripts/scripts/ss_05.1_hwi.sh b/Scripts/scripts/ss_05.1_hwi.sh new file mode 100644 index 0000000..a85b6ea --- /dev/null +++ b/Scripts/scripts/ss_05.1_hwi.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# NOT YET IMPLEMENTED + +# standup - bitcoin-core hwi (Hardware Wallet Interface) +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" +# check dependencies + +apt install libusb-1.0-0-dev libudev-dev python3-dev + +# install hwi + +sudo -u standup git clone https://github.com/bitcoin-core/HWI.git -O ~standup/downloads/HWI +cd ~standup/downloads/HWI +poetry install # or 'pip3 install .' or 'python3 setup.py install' + +# create script to setup device + +# hwi: https://github.com/bitcoin-core/HWI +# specter: https://github.com/cryptoadvance/specter-desktop +# lily: https://github.com/KayBeSee/lily-wallet \ No newline at end of file diff --git a/Scripts/scripts/ss_05_bitcoin.sh b/Scripts/scripts/ss_05_bitcoin.sh index d460788..c63a1b9 100644 --- a/Scripts/scripts/ss_05_bitcoin.sh +++ b/Scripts/scripts/ss_05_bitcoin.sh @@ -6,11 +6,11 @@ # 5. Install Bitcoin #### -echo "" -echo "----------------" -echo "Installing Bitcoin" -echo "----------------" -echo "" +echo " +---------------- + $MESSAGE_PREFIX Installing Bitcoin +---------------- +" # Download Bitcoin # CURRENT BITCOIN RELEASE: @@ -28,19 +28,19 @@ export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` # OR alternatively uncomment the clearnet links to download bitcoin over clearnet. if ! [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] then - echo "" - echo "-----------" - echo "Downloading $BITCOIN, this will take a while!" - echo "-----------" - echo "" + echo " +---------------- +$MESSAGE_PREFIX Downloading $BITCOIN, this will take a while! +---------------- + " sudo -u standup torsocks wget --progress=bar:force http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz fi if [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] then - echo "--------------StandUp - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/" + echo "$MESSAGE_PREFIX $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/" echo "" - echo "----StandUp - downloading SHA256SUMS.asc for $BITCOIN" + echo "$MESSAGE_PREFIX downloading SHA256SUMS.asc for $BITCOIN" echo "" sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc else @@ -49,36 +49,36 @@ fi if [[ -f ~standup/SHA256SUMS.asc ]] then - echo "----------StandUp - SHA256SSUMS.asc exists at /home/standup/" + echo "$MESSAGE_PREFIX SHA256SSUMS.asc exists at /home/standup/" fi if ! [[ -f ~standup/laanwj-releases.asc ]] then - echo "-----StandUp - downloading laanwj-release signature" + echo "$MESSAGE_PREFIX downloading laanwj-release signature" sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc fi # Verifying Bitcoin: Signature -echo "" -echo "-----------------" -echo "StandUp - Verifying Bitcoin." -echo "-----------------" -echo "" +echo " +----------------- +$MESSAGE_PREFIX Verifying Bitcoin. +----------------- +" sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc export BTC_SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo "" -echo "---------BTC_SHASIG is $BTC_SHASIG" -echo "" +echo " +$MESSAGE_PREFIX BTC_SHASIG is $BTC_SHASIG +" if [[ $BTC_SHASIG ]] then - echo "" - echo "------StandUp - VERIFICATION SUCCESS / SIG: $BTC_SHASIG" - echo "" + echo " + $MESSAGE_PREFIX VERIFICATION SUCCESS / SIG: $BTC_SHASIG + " else (>&2 echo " - ------------StandUp - VERIFICATION ERROR: Signature for Bitcoin did not verify! + $MESSAGE_PREFIX VERIFICATION ERROR: Signature for Bitcoin did not verify! ") return 101 fi @@ -89,32 +89,31 @@ export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep "$BITCOINPLAIN"-x8 if [[ "$BTC_TARSHA256" = "$BTC_EXPECTEDSHA256" ]] then - echo "" - echo "------StandUp - VERIFICATION SUCCESS / SHA: $BTC_TARSHA256" - echo "" + echo " + $MESSAGE_PREFIX VERIFICATION SUCCESS / SHA: $BTC_TARSHA256 + " else (>&2 echo " - -----------StandUp - VERIFICATION ERROR: SHA for Bitcoin did not match! + $MESSAGE_PREFIX VERIFICATION ERROR: SHA for Bitcoin did not match! ") return 102 fi # Install Bitcoin -echo "--------------" -echo "" -echo "StandUp - Installing Bitcoin." -echo "" -echo "--------------" -echo "" +echo " +---------------- +$MESSAGE_PREFIX Installing Bitcoin. +---------------- +" sudo -u standup /bin/tar xzf ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -C ~standup /usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/"$BITCOINPLAIN"/bin/* /bin/rm -rf ~standup/"$BITCOINPLAIN"/ # Start Up Bitcoin -echo "" -echo "------StandUp - Configuring Bitcoin." -echo "" +echo " +$MESSAGE_PREFIX Configuring Bitcoin. +" sudo -u standup /bin/mkdir ~standup/.bitcoin @@ -169,9 +168,9 @@ EOF /bin/chmod 600 ~standup/.bitcoin/bitcoin.conf # Setup bitcoind as a service that requires Tor -echo "" -echo "-------StandUp - Setting up Bitcoin as a systemd service." -echo "" +echo " +$MESSAGE_PREFIX Setting up Bitcoin as a systemd service. +" sudo cat > /etc/systemd/system/bitcoind.service << EOF # It is not recommended to modify this file in-place, because it will @@ -224,9 +223,9 @@ MemoryDenyWriteExecute=true WantedBy=multi-user.target EOF -echo "" -echo "-------StandUp - Starting bitcoind service" -echo "" +echo " +$MESSAGE_PREFIX Starting bitcoind service +" sudo systemctl enable bitcoind.service sudo systemctl start bitcoind.service @@ -243,18 +242,18 @@ then QR="btcstandup://StandUp:"$RPCPASSWORD"@"$HS_HOSTNAME":1309/?label=StandUp.sh" # Display the uri text incase QR code does not work - echo "StandUp - **************************************************************************************************************" + echo "***********************************************************************************************************************" echo "StandUp - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" echo "$QR" - echo "StandUp - **************************************************************************************************************" + echo "***********************************************************************************************************************" echo "" - echo "StandUp - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor" + echo "$MESSAGE_PREFIX Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor" echo "" echo "" - echo "StandUp - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service" + echo "$MESSAGE_PREFIX You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service" echo "" echo "" - echo "StandUp - You can manually start Bitcoin with: sudo systemctl start bitcoind.service" + echo "$MESSAGE_PREFIX You can manually start Bitcoin with: sudo systemctl start bitcoind.service" echo "" else echo "" diff --git a/Scripts/scripts/ss_06.1_rtl.sh b/Scripts/scripts/ss_06.1_rtl.sh new file mode 100644 index 0000000..68d16ed --- /dev/null +++ b/Scripts/scripts/ss_06.1_rtl.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# NOT YET IMPLEMENTED + +# standup - Ride The Lightning + +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" + +# dependencies +apt install nodejs npm +echo " +----------- +$MESSAGE_PREFIX Node.js version $(node -v) installed. +----------- +" + +# get repo and install +sudo -u standup git clone https://github.com/Ride-The-Lightning/RTL.git ~standup/RTL +cd ~standup/RTL +npm install --only=prod +mv ./sample-RTL-Config.json RTL-config.json + +if [[ "$LIGHTNING" = "lnd" ]] +then + # find admin.macroon & lnd.conf + # update rtl-config +elif [[ "$LIGHTNING" = "c-lightning" ]] +then + # install cl-rest + # rename sample-cl-rest-config.json to cl-rest-config.json + # update cl-rest-config + # locate acess.macroon from cl-rest + # update rtl-config +fi + +# create executable script to start rtl + +# links: +# lnd: https://github.com/Ride-The-Lightning/RTL +# cln: https://github.com/Ride-The-Lightning/c-lightning-REST +# cl-rest: https://github.com/Ride-The-Lightning/c-lightning-REST \ No newline at end of file diff --git a/Scripts/scripts/ss_06_c-lightning.sh b/Scripts/scripts/ss_06_c-lightning.sh index 930cdd1..4f7fd82 100644 --- a/Scripts/scripts/ss_06_c-lightning.sh +++ b/Scripts/scripts/ss_06_c-lightning.sh @@ -2,13 +2,17 @@ # standup script - install c-lightning +echo " +---------------- + $MESSAGE_PREFIX installing c-lightning +---------------- +" + export CLN_VERSION="v0.8.2.1" export LIGHTNING_DIR="~standup/.lightning" echo " ------------ -Installing dependencies ------------ +$MESSAGE_PREFIX installing dependencies " apt-get install -y \ @@ -17,9 +21,7 @@ libsqlite3-dev python3 python3-mako net-tools zlib1g-dev \ libsodium-dev gettext valgrind python3-pip libpq-dev echo " ------------ -Downloading & Installing c-lightning ------------ +$MESSAGE_PREFIX downloading & Installing c-lightning " # get & compile clightning from github sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning @@ -30,6 +32,9 @@ python3 -m pip install -r requirements.txt make -j$(nproc --ignore=1) --quiet sudo make install +# get back to script directory +cd - + # lightningd config mkdir -m 760 "$LIGHTNING_DIR" chown standup -R "$LIGHTNING_DIR" @@ -45,8 +50,13 @@ EOF /bin/chmod 640 "$LIGHTNING_DIR"/config +# add tor configuration to torrc +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServiceDir \/var\/lib\/tor\/lightningd-service_v3\/\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc + echo " --------$0 - Setting up c-lightning as a systemd service. +$MESSAGE_PREFIX Setting up c-lightning as a systemd service. " cat > /etc/systemd/system/lightningd.service << EOF @@ -101,11 +111,11 @@ sudo systemctl start lightningd.service if [ $(systemctl status lightningd | grep active | awk '{print $2}') = "active" ] then echo " - -----------$0 - c-lightning Installed and started + $MESSAGE_PREFIX c-lightning Installed and started Wait for the bitcoind to fully sync with the blockchain and then interact with lightningd. " else echo " - --------$0 - c-lightning not yet active. + $MESSAGE_PREFIX c-lightning not yet active. " fi \ No newline at end of file diff --git a/Scripts/scripts/ss_06_lnd.sh b/Scripts/scripts/ss_06_lnd.sh index 09d72bc..7b9533f 100644 --- a/Scripts/scripts/ss_06_lnd.sh +++ b/Scripts/scripts/ss_06_lnd.sh @@ -2,7 +2,11 @@ # standup script - install lnd -# check if bitcoind is running +echo " +---------------- + $MESSAGE_PREFIX installing LND +---------------- +" # install Go GO_VERSION="go1.14.4" @@ -26,12 +30,12 @@ GOTARSHA=$(sudo -u standup /usr/bin/sha256sum ~standup/"$GO_VERSION"."$OS"-"$ARC if [[ "$GOTARSHA" != "$GOSHA" ]] then echo " - ---------$0 - Go checksum validation failed. Exiting. + $MESSAGE_PREFIX Go checksum validation failed. Exiting. " return 201 else echo " - --------$0 - Go checksum validated. Continuing with installing LND. + $MESSAGE_PREFIX Go checksum validated. Continuing with installing LND. " fi @@ -46,36 +50,38 @@ export GOPATH=~standup/gocode if [[ $(go version | awk '{print $3}') = "$GO_VERSION" ]] then echo " - ----------$0 - $GO_VERSION successfully installed +$MESSAGE_PREFIX $GO_VERSION successfully installed " else echo " - ----------$0 - Go not installed, cannot install lnd +$MESSAGE_PREFIX Go not installed, cannot install lnd " return 202 fi # build lnd echo " ---------$0 - getting lnd... this will take a while! +$MESSAGE_PREFIX getting lnd... depending on your network it can take more than an hour. With good network it usually takes about 5-10 mins. " go get -d github.com/lightningnetwork/lnd cd "$GOPATH"/src/github.com/lightningnetwork/lnd make make install # installs to /home/standup/gocode/bin which is $GOPATH/bin +# go back to script directory +cd - + LND_VERSION=$(lnd --version) echo " ------------$0 - installed $LND_VERSION +$MESSAGE_PREFIX installed $LND_VERSION " sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin -# create symbolic link to bitcoin config -ln -s /etc/bitcoin/bitcoin.conf ~standup/.bitcoin/bitcoin.conf - -# create config necessary directories +# create necessary directories mkdir -p /etc/lnd +mkdir -p /var/lib/lnd +chown standup:standup -R /var/lib/lnd BTC_NETWORK="" if [[ "$NETWORK" = "mainnet" ]] @@ -102,7 +108,7 @@ maxlogfiles=3 maxlogfilesize=10 #externalip=1.1.1.1 # change to your public IP address if required. alias=$LN_ALIAS -listen=0.0.0.0:9375 +listen=0.0.0.0:9735 debuglevel=debug [Bitcoin] @@ -122,12 +128,16 @@ tor.active=true tor.v3=true EOF -# set directories & appropriate permissions -mkdir -p /var/lib/lnd -chown standup:root -R /var/lib/lnd -chown standup:root -R /etc/lnd +# set appropriate permissions chmod 644 /etc/lnd/lnd.conf +# create soft link to the lnd data dir +ln -s /var/lib/lnd ~standup/.lnd + +# add tor configuration to torrc +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc + # create systemd service cat > /etc/systemd/system/lnd.service << EOF # It is not recommended to modify this file in-place, because it will @@ -163,33 +173,6 @@ RestartSec=60 WantedBy=multi-user.target EOF -ln -s /var/lib/lnd ~standup/.lnd - - -# [Unit] -# Description=LND Lightning Daemon -# Wants=bitcoind.service -# After=bitcoind.service - -# # for use with sendmail alert -# #OnFailure=systemd-sendmail@%n - -# [Service] -# EnvironmentFile=/run/publicip -# ExecStart=/usr/local/bin/lnd --sync-freelist --externalip=${PUBLICIP}:9736 -# PIDFile=/home/bitcoin/.lnd/lnd.pid -# User=bitcoin -# Group=bitcoin -# LimitNOFILE=128000 -# Type=simple -# KillMode=process -# TimeoutSec=180 -# Restart=always -# RestartSec=60 - -# [Install] -# WantedBy=multi-user.target -# # #enable lnd service sudo systemctl enable lnd @@ -197,40 +180,22 @@ sudo systemctl start lnd # check if lnd running echo " --------$0 - Checking if LND is running +$MESSAGE_PREFIX Checking if LND is running " -# waiting=3 -# while [[ $(systemctl is-active lnd) != "active" ]] && [[ "$waiting" -gt 0 ]] -# do -# echo "waiting..." -sleep 10 -# "$waiting"="$waiting" - 1 + if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]]; then echo " - --------$0 - LND service now is active. + $MESSAGE_PREFIX LND service now is active. " - echo " - -------$0 - chekcing LND and Tor.. - " - LND_TOR_ADDRESS=$(lncli getinfo | grep onion) - if [[ -n "$LND_TOR_ADDRESS" ]] - then - echo "--------$0 - Your LND Tor address is: - - $LND_TOR_ADDRESS - " - fi echo "LND is fully active and working with Tor. - To create a wallet do (without the $) : + To interact with LND first create a wallet (without the $): $ lncli create " - exit 0 else echo " - -------$0 - LND not yet active. Check manually using (without the $) : + $MESSAGE_PREFIX LND not yet active. Check manually using (without the $) : $ sudo systemctl status lnd " fi -# break -# done + diff --git a/Scripts/scripts/ss_07_btcpayserver.sh b/Scripts/scripts/ss_07_btcpayserver.sh new file mode 100644 index 0000000..7b63300 --- /dev/null +++ b/Scripts/scripts/ss_07_btcpayserver.sh @@ -0,0 +1,92 @@ +#!/bin/bash + +# standup - install btcpayserver + +echo " +---------------- + $MESSAGE_PREFIX Installing BTCPay Server +---------------- +" + +if "$BTCPAYSERVER" && [[ -z "$BTCPAY_HOST" ]]; then + echo "You provided the '--btcpay' flag but didn't provide --btcpay-host" + while [ -z "$BTCPAY_HOST" ]; do + read -rp "Enter domain name where you will host BTCPay Server: " BTCPAY_HOST + done +fi + +if "$BTCPAYSERVER" && [[ -z "$BTCPAY_LN" ]]; then + echo "You provided the '--btcpay' flag but didn't provide --btcpay-ln" + while [ -z "$BTCPAY_HOST" ]; do + read -rp "Enter lightning network implementation for BTCPay Server: " BTCPAY_LN + done +fi + +# install dependencies +# .NET Core SDK 3.1 +echo " +$MESSAGE_PREFIX installing .NET Core SDK 3.1 .. this will take a while! +" +sudo -u standup wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O ~standup/packages-microsoft-prod.deb +dpkg -i ~standup/packages-microsoft-prod.deb +apt-get update +apt-get install -y dotnet-sdk-3.1 + +# opt out of .NET telemetry +export DOTNET_CLI_TELEMETRY_OPTOUT=1 + +# get btcpay server +echo " +$MESSAGE_PREFIX getting btcpayserver-docker +" +sudo -u standup git clone https://github.com/btcpayserver/btcpayserver-docker ~standup/downloads/btcpayserver-docker +cd ~standup/downloads/btcpayserver-docker + +# set env variables +export BTCPAY_HOST=$BTCPAY_HOST +export NBITCOIN_NETWORK=$NETWORK +export BTCPAYGEN_CRYPTO1="btc" +export BTCPAYGEN_REVERSEPROXY="nginx" +export BTCPAYGEN_LIGHTNING=$BTCPAY_LN +export BTCPAY_ENABLE_SSH=true + +# install +echo " +$MESSAGE_PREFIX installing btcpayserver +" +. ./btcpay-setup.sh -i + +# shut the container +echo " +$MESSAGE_PREFIX shutting down btcpayserver to link existing bitcoin data dir +" +. ./btcpay-down.sh + +# delete _data & create symbolic link to host's bitcoin data +echo " +$MESSAGE_PREFIX removing btcpayserver bitcoin data dir +" +rm -r /var/lib/docker/volumes/generated_bitcoin_datadir/_data +echo " +$MESSAGE_PREFIX creating symlink between host bitcoind data dir and btcpayserver bitcoin data dir +" +ln -s /home/standup/.bitcoin /var/lib/docker/volumes/generated_bitcoin_datadir/_data + +# start btcpay server +echo " +$MESSAGE_PREFIX starting btcpayserver +" +. ./btcpay-up.sh + +BTCPAY_ONION_ADD=$(sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname) +echo " +************************************************************************** +Your BTCPay Server Tor address is: +$BTCPAY_ONION_ADD +************************************************************************** +" +echo " +For further information on btcpay server, go to: +Docs: https://docs.btcpayserver.org +Chat: https://chat.btcpayserver.org +" \ No newline at end of file diff --git a/Scripts/scripts/ss_08_esplora.sh b/Scripts/scripts/ss_08_esplora.sh new file mode 100644 index 0000000..2e65b6f --- /dev/null +++ b/Scripts/scripts/ss_08_esplora.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# NOT YET IMPLEMENTED + +# standup - esplora + +# install esplora +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" + +# get esplora repo & install +sudo -u standup git clone https://github.com/Blockstream/esplora ~standup/downloads/esplora +cd ~standup/downloads/esplora +$ npm install +$ export API_URL=http://localhost:3000/ # or https://blockstream.info/api/ if you don't have a local API server +# (see more config options below) +$ npm run dev-server + +# edit config + +# link: https://github.com/Blockstream/esplora \ No newline at end of file From 818589e414693a26937f8b842f5f525d3fa4ae4b Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 3 Aug 2020 20:26:56 +0200 Subject: [PATCH 10/16] complete rework & working ss using config instead of cli args --- Scripts/scripts-conf/ss conf.defaults | 90 +++++++ Scripts/scripts-conf/ss.conf | 91 +++++++ Scripts/scripts-conf/ss_00.1_vps.sh | 57 +++++ Scripts/scripts-conf/ss_00_main.sh | 269 +++++++++++++++++++++ Scripts/scripts-conf/ss_01_help.sh | 86 +++++++ Scripts/scripts-conf/ss_02_dependencies.sh | 40 +++ Scripts/scripts-conf/ss_03_user_ssh.sh | 54 +++++ Scripts/scripts-conf/ss_04_tor.sh | 104 ++++++++ Scripts/scripts-conf/ss_05.1_hwi.sh | 25 ++ Scripts/scripts-conf/ss_05_bitcoin.sh | 256 ++++++++++++++++++++ Scripts/scripts-conf/ss_06.1_rtl.sh | 45 ++++ Scripts/scripts-conf/ss_06_c-lightning.sh | 125 ++++++++++ Scripts/scripts-conf/ss_06_lnd.sh | 194 +++++++++++++++ Scripts/scripts-conf/ss_07_btcpayserver.sh | 92 +++++++ Scripts/scripts-conf/ss_08_esplora.sh | 24 ++ 15 files changed, 1552 insertions(+) create mode 100644 Scripts/scripts-conf/ss conf.defaults create mode 100644 Scripts/scripts-conf/ss.conf create mode 100644 Scripts/scripts-conf/ss_00.1_vps.sh create mode 100644 Scripts/scripts-conf/ss_00_main.sh create mode 100644 Scripts/scripts-conf/ss_01_help.sh create mode 100644 Scripts/scripts-conf/ss_02_dependencies.sh create mode 100644 Scripts/scripts-conf/ss_03_user_ssh.sh create mode 100644 Scripts/scripts-conf/ss_04_tor.sh create mode 100644 Scripts/scripts-conf/ss_05.1_hwi.sh create mode 100644 Scripts/scripts-conf/ss_05_bitcoin.sh create mode 100644 Scripts/scripts-conf/ss_06.1_rtl.sh create mode 100644 Scripts/scripts-conf/ss_06_c-lightning.sh create mode 100644 Scripts/scripts-conf/ss_06_lnd.sh create mode 100644 Scripts/scripts-conf/ss_07_btcpayserver.sh create mode 100644 Scripts/scripts-conf/ss_08_esplora.sh diff --git a/Scripts/scripts-conf/ss conf.defaults b/Scripts/scripts-conf/ss conf.defaults new file mode 100644 index 0000000..65f7e27 --- /dev/null +++ b/Scripts/scripts-conf/ss conf.defaults @@ -0,0 +1,90 @@ +################################################ +# Blockchain Commons Standup Script Config file +################################################ + +# To setup a bitcoin server using standup scripts set the following +# environment variables accordingly. + +########################### +# system +########################### +# Promp user befor continuing with the installation. Gives the user +# a chance to check the configuration before installing. Set it to +# true to remove the prompt +NOPROMPT=false +# Set password for user "standup". Good practice to use at least 8 +# character long password. Don't ignore this. +USERPASSWORD= + + +########################### +# vps +########################### +# If you are using a VPS, set it to true and set the HOSTNAME, FQDN & +# REGION variables. +VPS=false +# the name for your server +HOSTNAME= +# the domain name(website) where you will host/access the server. +FQDN= +# the region in which the server is hosted. Required for timezone settings +REGION= + + +########################### +# bitcoind +########################### +# The bitcoin network you want bitcoind to start with. Valid choices: +# mainnet, testnet or regtest +NETWORK=mainnet +# Integer value to specify level of prune node. Minimum value is 550. +PRUNE= +# If you want to speed up the Initial Block Download then set it to true. +# Currently not implemented. It will use the btcpayserver snapshot hosted at: +# +# documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync +# DISCLAIMER: It is always better to let your node validate blocks from the +# beginning. This script uses blockchain data signed by BTCPay Server. +# Trust at your own risk. +FASTSYNC=false +# Choose to install HWI: Hardware Wallet Interface +HWI=false + + +########################### +# lightning +########################### +# Choose your lightning network installation. By default the script will +# not install lightning. Valid options: c-lightning, lnd or empty +LIGHTNING= +# Set alias of your lightning node +LN_ALIAS=StandUp + + +########################### +# services +########################### +# set to true if you want to install an esplora server +ESPLORA=false +# set to true if you want to install btcpay server +BTCPAYSERVER=false + + +########################### +# Tor & SSH +########################### +# set a Tor public key if you have one. +TOR_PUBKEY= +# set an SSH key if you have one. +SSH_KEY= +# set a comma seperated set of white listed IPs that can SSH into the server. +SYS_SSH_IP= + + +########################### +# btcpay server +########################### +# the domain name where you will host your BTCPay Server. +BTCPAY_HOST= +# set the lightning network implementation for your BTCPay Server. +BTCPAY_LN= \ No newline at end of file diff --git a/Scripts/scripts-conf/ss.conf b/Scripts/scripts-conf/ss.conf new file mode 100644 index 0000000..762fea5 --- /dev/null +++ b/Scripts/scripts-conf/ss.conf @@ -0,0 +1,91 @@ +################################################ +# Blockchain Commons Standup Script Config file +################################################ + +# To setup a bitcoin server using standup scripts set the following +# environment variables accordingly by uncommenting and/or setting +# appropriate values. + +########################### +# system +########################### +# Promp user befor continuing with the installation. Gives the user +# a chance to check the configuration before installing. Set it to +# true to remove the prompt +NOPROMPT=false +# Set password for user "standup". Good practice to use at least 8 +# character long password. Don't ignore this. +USERPASSWORD= + + +########################### +# vps +########################### +# If you are using a VPS, set it to true and set the HOSTNAME, FQDN & +# REGION variables. +VPS=false +# the name for your server +#HOSTNAME= +# the domain name(website) where you will host/access the server. +#FQDN= +# the region in which the server is hosted. Required for timezone settings +#REGION= + + +########################### +# bitcoind +########################### +# The bitcoin network you want bitcoind to start with. Valid choices: +# mainnet, testnet or regtest +NETWORK=mainnet +# Integer value to specify level of prune node. Minimum value is 550. +#PRUNE= +# If you want to speed up the Initial Block Download then set it to true. +# Currently not implemented. It will use the btcpayserver snapshot hosted at: +# +# documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync +# DISCLAIMER: It is always better to let your node validate blocks from the +# beginning. This script uses blockchain data signed by BTCPay Server. +# Trust at your own risk. +FASTSYNC=false +# Choose to install HWI: Hardware Wallet Interface +HWI=false + + +########################### +# lightning +########################### +# Choose your lightning network installation. By default the script will +# not install lightning. Valid options: c-lightning, lnd or empty +#LIGHTNING= +# Set alias of your lightning node +LN_ALIAS=StandUp + + +########################### +# services +########################### +# set to true if you want to install an esplora server +ESPLORA=false +# set to true if you want to install btcpay server +BTCPAYSERVER=false + + +########################### +# Tor & SSH +########################### +# set a Tor public key if you have one. +#TOR_PUBKEY= +# set an SSH key if you have one. +#SSH_KEY= +# set a comma seperated set of white listed IPs that can SSH into the server. +#SYS_SSH_IP= + + +########################### +# btcpay server +########################### +# the domain name where you will host your BTCPay Server. +#BTCPAY_HOST= +# set the lightning network implementation for your BTCPay Server. +#BTCPAY_LN= \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_00.1_vps.sh b/Scripts/scripts-conf/ss_00.1_vps.sh new file mode 100644 index 0000000..72d2149 --- /dev/null +++ b/Scripts/scripts-conf/ss_00.1_vps.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# standup script - vps hostname settings + +IPADDR="" + +# Check for FQDN & HOSTNAME if --vps +if "$VPS" && [[ -z "$HOSTNAME" ]] || [[ "$HOSTNAME" == "__UNDEFINED__" ]]; then + echo "You provided the '--vps' flag but didn't provide --fqdn" + while [ -z "$HOSTNAME" ]; do + read -rp "You need to enter hostname of the server: " HOSTNAME + done +fi + +if "$VPS" && [[ -z "$FQDN" ]] || [[ "$FQDN" == "__UNDEFINED__" ]]; then + echo "You provided the '--vps' flag but didn't provide --fqdn." + while [ -z "$FQDN" ]; do + read -rp "You need to enter the fqdn of the server: " FQDN + done +fi + +if "$VPS" && [[ -z "$REGION" ]] || [[ "$REGION" == "__UNDEFINED__" ]]; then + echo "You provided the '--vps' flag but didn't provide --region." + while [ -z "$REGION" ]; do + read -rp "You need to enter the region of the server to set the timezone: " REGION + done +fi + +echo " +----------------" +HOSTNAME: $HOSTNAME" > /etc/hostname +---------------- +" +/bin/hostname "$HOSTNAME" + +# Set the variable $IPADDR to the IP address the new Linode receives. +IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') + +echo "$0 - Set hostname as $FQDN ($IPADDR)" +echo " + ***********************" + $MESSAGE_PREFIX TODO: Put $FQDN with IP $IPADDR in your main DNS file." + *********************** +" +echo "$0 - Set Time Zone to $REGION" +echo $REGION > /etc/timezone +cp /usr/share/zoneinfo/${REGION} /etc/localtime + +echo " + $MESSAGE_PREFIX Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file. + " +# Add localhost aliases + +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts + +echo "$0 - Set localhost" \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_00_main.sh b/Scripts/scripts-conf/ss_00_main.sh new file mode 100644 index 0000000..6721597 --- /dev/null +++ b/Scripts/scripts-conf/ss_00_main.sh @@ -0,0 +1,269 @@ +#!bin/bash + +# standup.sh + +# TODO: Get opinion on `` vs $() as backticks are portable to legacy shells + +set +ex + +# If script not sourced, stop here +if [[ "$0" = "$BASH_SOURCE" ]]; then + echo "This script must be sourced like so: \"source standup.sh\"" + return 1 +fi + +# message formatting variables +MESSAGE_PREFIX="-------Standup -" +bold=$(tput bold) +normal=$(tput sgr0) +underline=$(tput smul) + +#### +# Parsing Config file +#### + +config_read_file() { + (grep -E "^${2}=" -m 1 "${1}" 2>/dev/null || echo "VAR=__UNDEFINED__") | head -n 1 | cut -d '=' -f 2-; +} + +config_get() { + val="$(config_read_file ./ss.conf "${1}")"; + if [ "${val}" = "__UNDEFINED__" ]; then + val="$(config_read_file ./ss.conf.defaults "${1}")"; + fi + printf -- "%s" "${val}"; +} + +# system +NOPROMPT="$(config_get NOPROMPT)" +VPS="$(config_get VPS)" +USERPASSWORD="$(config_get USERPASSWORD)" + +# vps +FQDN="$(config_get FQDN)" +HOSTNAME="$(config_get HOSTNAME)" +REGION="$(config_get REGION)" + +# bitcoind +NETWORK="$(config_get NETWORK)" +PRUNE="$(config_get PRUNE)" +FASTSYNC="$(config_get FASTSYNC)" +HWI="$(config_get HWI)" + +# lightning +LIGHTNING="$(config_get LIGHTNING)" +LN_ALIAS="$(config_get LN_ALIAS)" + +# services +ESPLORA="$(config_get ESPLORA)" +BTCPAYSERVER="$(config_get BTCPAYSERVER)" + +# Tor & SSH +TOR_PUBKEY="$(config_get TOR_PUBKEY)" +SSH_KEY="$(config_get SSH_KEY)" +SYS_SSH_IP="$(config_get SYS_SSH_IP)" + +# btcpay server +BTCPAY_HOST="$(config_get BTCPAY_HOST)" +BTCPAY_LN="$(config_get BTCPAY_LN)" + +#### +# Parsing Arguments +#### +PARAMS="" + +while (( "$#" )); do +key="$1" + case $key in + -h|--help) + source ./ss_01_help.sh + return 3 + ;; + -*|--*=) # unsupported flags + echo "Error: Unsupported flag $1" >&2 + source ./ss_01_help.sh + return 7 + ;; + *) # preserve positional arguments + PARAMS="$PARAMS $1" + shift 1 + ;; + esac +done +set -- "$PARAMS" # set positional parameters in order + + +#### +# 0. Force check for root +#### + +# if you are not logged in as root then the script will not execute +echo " +----------------" +echo "$MESSAGE_PREFIX Checking if logged in as root." +echo "----------------" +if ! [ "$(id -u)" == 0 ]; then + echo "$MESSAGE_PREFIX You need to be logged in as root!" + return 2 +fi + +echo "$MESSAGE_PREFIX Logged in as root. Continuing with installation. +---------------- +" +# Output stdout and stderr to ~root files +exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) + + + +# Display script configuration +echo " +---------SETUP--------- +Parameters Passed: + +System +------ +NOPROMPT......: $NOPROMPT +VPS...........: $VPS +USERPASSWORD..: $USERPASSWORD + +VPS +--- +FQDN..........: $FQDN +HOSTNAME......: $HOSTNAME +REGION........: $REGION + +Bitcoin +-------- +NETWORK.......: $NETWORK +PRUNE.........: $PRUNE +FASTSYNC......: $FASTSYNC +HWI...........: $HWI + +Lightning +---------- +LIGHTNING.....: $LIGHTNING +LN_ALIAS......: $LN_ALIAS + +Services +--------- +ESPLORA.......: $ESPLORA +BTCPAYSERVER..: $BTCPAYSERVER + +Tor & SSH +---------- +TOR_PUBKEY....: $TOR_PUBKEY +SSH_KEY.......: $SSH_KEY +SYS_SSH_IP....: $SYS_SSH_IP + +BTCPAY Server +------------- +BTCPAY_HOST...: $BTCPAY_HOST +BTCPAY_LN.....: $BTCPAY_LN +" + + +#### +# 1. Update Hostname and set timezone +#### +# source vps setup script +if "$VPS"; then + source ./ss_00.1_vps.sh +fi + + +# prompt user before continuing with installation +if ! "$NOPROMPT"; then + read -rp "Continue with installation? (Y/n): " confirm +fi + +if [[ "$confirm" != [yY] ]]; then + echo "Entered $confirm. Exiting.." + return 8 +else + NOPROMPT=true + echo "Installing Bitcoin!" +fi + + +#### +# 2. Update Debian, Set autoupdate and Install Dependencies +#### +echo " +---------------- +$MESSAGE_PREFIX Starting Debian updates; this will take a while! +---------------- +" + +# Make sure all packages are up-to-date +apt-get update +apt-get upgrade -y +apt-get dist-upgrade -y + +# source dependency script +source ./ss_02_dependencies.sh + + +#### +# 3. Create user admin +#### +# source user and ssh script +source ./ss_03_user_ssh.sh + + +#### +# 4. Install Tor +#### +# source tor script +source ./ss_04_tor.sh + +# sleep 4 seconds for tor to restart +sleep 4 + +#### +# 5. Install Bitcoin +#### +# source bitcoin script +BITCOIND_VERSION=$(bitcoind --version | grep "Bitcoin Core version | awk '{print $4}'") +if [[ -n "$BITCOIND_VERSION" ]]; then + echo " + ---------------- + $MESSAGE_PREFIX bitcoind is already installed, version: $BITCOIND_VERSION + ---------------- + " + return 0 +else + source ./ss_05_bitcoin.sh +fi + +sleep 4 + +echo " + +---------------- + + $MESSAGE_PREFIX bitcoind service is: $(systemctl status bitcoind | grep active | awk '{print $2}') + +---------------- +" + +#### +# Lightning +#### +# source lightning script +if [[ "$LIGHTNING" = "c-lightning" ]]; then + source ./ss_06_c-lightning.sh +else + source ./ss_06_lnd.sh +fi + + +#### +# BTCPay Server +#### +# source btcpay script +if "$BTCPAYSERVER"; then + source ./ss_07_btcpayserver.sh +fi + +# Finished, exit script +return 0 diff --git a/Scripts/scripts-conf/ss_01_help.sh b/Scripts/scripts-conf/ss_01_help.sh new file mode 100644 index 0000000..7af6e4c --- /dev/null +++ b/Scripts/scripts-conf/ss_01_help.sh @@ -0,0 +1,86 @@ +#!/bin/bash + +# standup script help + +# help definition +function help () { + +bold=$(tput bold) +normal=$(tput sgr0) +underline=$(tput smul) + +cat <<-END + + +--------------------------------- +${bold}Blockchain Commons Standup Script${normal} +--------------------------------- + +Contributor: jodobear 20-07-03 + +${bold}DISCLAIMER:${normal} It is not a good idea to store large amounts of Bitcoin on a VPS, ideally you should use this as a watch-only wallet. This script is expiramental and has not been widely tested. The creators are not responsible for loss of funds. If you are not familiar with running a node or how Bitcoin works then we urge you to use this in testnet so that you can use it as a learning tool. + + +-------------------------------------- +${bold} Usage ${normal} +-------------------------------------- + +The script is inteded for a fresh bitcoin setup. Re-running the script on an already setup server is intended only for advanced user. In order to run this script ${bold}you need to be logged in as root${normal}, and enter in the commands listed below: + +(The $ or # represents a terminal commmand prompt, do not actually type in a $ or #.) + +1. Give the root user a password, enter the following command and set a password: +$ ${bold}sudo passwd${normal} + +2. Switch to the root user: +$ ${bold}su - root${normal} + +3. Edit config for your node setup using your favourite text editor: +# ${bold}nano ss.conf${normal} + +4. Source the script: +# ${bold}source ss_00_main.sh${normal} + +5. Display this help: +# ${bold}source ss_00_main.sh -h${normal} + +This script can be installed on any Debian based system. By default this script will: + +- Update the OS +- Set Automatic Updates On +- Create User: standup +- Install UFW, haveguard, gnupg2, git & make +- Install Tor +- Install Bitcoin Core on mainnet with txindex=1 if setting up unpruned node. +- Setup Bitcoin Core as systemd service and to start at reboot or after a crash. +- Start Bitcoin Core + +Optionally you can install: +--------------------------- +- Install c-lightning or LND +- Install BTCPay +- Install HWI** +- Install Esplora** + +** To be implemented + +QR Code: +-------- +Upon completion of the script there will be a QR code saved to /qrcode.png which you can open and scan: + +1. Install fim: +$ ${bold}sudo apt-get install fim${normal} +2. Then, display the QR code in terminal (as root): +# ${bold}fim -a qrcode.png${normal} + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that even if your QR code is compromised an attacker would not be able to access your node. + +${bold}It is recommended to delete the /qrcode.png. +Additionally, unless you face installation issues and need to assisstance delete /standup.log, and /standup.err${normal} + +---------------------------------------------------------------------------------------------------------------- + +END +} + +help \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_02_dependencies.sh b/Scripts/scripts-conf/ss_02_dependencies.sh new file mode 100644 index 0000000..b52c73a --- /dev/null +++ b/Scripts/scripts-conf/ss_02_dependencies.sh @@ -0,0 +1,40 @@ +#!/bin/bash + +# standup script - install dependencies + +# Install haveged (a random number generator) +echo " +---------------- + $MESSAGE_PREFIX Installing haveged (a random number generator), gnupg2, git & make +---------------- +" +apt-get install haveged gnupg2 git make -y +echo " +$MESSAGE_PREFIX haveged, gnupg2, git & make installed successfully +" + +# Set system to automatically update +echo " +---------------- +$MESSAGE_PREFIX setting system to automatically update +---------------- +" +echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections +apt-get -y install unattended-upgrades +echo " +$MESSAGE_PREFIX Debian Packages updated +" +# Get uncomplicated firewall and deny all incoming connections except SSH +if [ -z "$(which ufw)" ]; then + echo " +$MESSAGE_PREFIX Installing ufw + " + apt-get install ufw +fi + +ufw allow ssh +ufw --force enable + +echo " +$MESSAGE_PREFIX ufw is installed and enabled. +" \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_03_user_ssh.sh b/Scripts/scripts-conf/ss_03_user_ssh.sh new file mode 100644 index 0000000..cbf0749 --- /dev/null +++ b/Scripts/scripts-conf/ss_03_user_ssh.sh @@ -0,0 +1,54 @@ +#!/bin/bash + +# standup script - setup user and ssh access + +if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ]; then + echo " +---------------- + $MESSAGE_PREFIX Creating user standup +---------------- + " + # Create "standup" group & user with optional password and give them sudo capability + /usr/sbin/groupadd standup + /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup + /usr/sbin/adduser standup sudo + /usr/sbin/adduser standup standup + + echo " +$MESSAGE_PREFIX User standup created with sudo access. + " +else + echo " + ---------------- + $MESSAGE_PREFIX User standup already exists. + ----------------" +fi + +# Setup SSH Key if the user added one as an argument +if [ -n "$SSH_KEY" ] && [[ "$SSH_KEY" != "__UNDEFINED__" ]]; then + mkdir ~standup/.ssh + echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys + chown -R standup ~standup/.ssh + echo " +---------------- +$MESSAGE_PREFIX Added .ssh key to standup. +---------------- + " +fi + +# Setup SSH allowed IP's if the user added any as an argument +if [ -n "$SYS_SSH_IP" ] && [[ "$SYS_SSH_IP" != "__UNDEFINED__" ]]; then + echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow + echo "sshd: ALL" >> /etc/hosts.deny + echo " +---------------- +$MESSAGE_PREFIX Limited SSH access. +---------------- + " +else + echo " + **************** + $MESSAGE_PREFIX WARNING: Your SSH access is not limited; this is a major security hole! + **************** + " +fi \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_04_tor.sh b/Scripts/scripts-conf/ss_04_tor.sh new file mode 100644 index 0000000..d27dae6 --- /dev/null +++ b/Scripts/scripts-conf/ss_04_tor.sh @@ -0,0 +1,104 @@ +#!/bin/bash + +# standup script - Tor installation + +#### +# 4. Install latest stable tor +#### + +# Download tor +echo " +---------------- + $MESSAGE_PREFIX Installing Tor +---------------- +" +# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: +if [ -z "$(which apt-transport-https)" ]; then + apt-get install apt-transport-https -y + echo " +$MESSAGE_PREFIX apt-transport-https installed + " +fi + +# To download bitcoin using onion site, we need torsocks +if [ -z "$(which torsocks)" ]; then + apt-get install torsocks -y + echo " +$MESSAGE_PREFIX torsocks installed + " +fi + +# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: +DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') + +# You need to add the following entries to /etc/apt/sources.list: +cat >> /etc/apt/sources.list << EOF +deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main +EOF + +# Then add the gpg key used to sign the packages by running: +# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 +sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import +sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - + +# Update system, install and run tor as a service +sudo apt update +sudo apt install tor deb.torproject.org-keyring -y + +# Setup hidden service +sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc +sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc +# for c-lightning +sed -i -e 's/#CookieAuthFileGroupReadable 1/CookieAuthFileGroupReadable 1/g' /etc/tor/torrc +sed -i -e 's/## address y:z./## address y:z.\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1309 127.0.0.1:18332\ +HiddenServicePort 1309 127.0.0.1:18443\ +HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc + +mkdir /var/lib/tor/standup +chown -R debian-tor:debian-tor /var/lib/tor/standup +chmod 700 /var/lib/tor/standup + +# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind +sudo usermod -a -G debian-tor standup + +# Restart tor to create the HiddenServiceDir +sudo systemctl restart tor.service + + +if [ "$(systemctl is-active tor) | grep active" ]; then +echo " +$MESSAGE_PREFIX Tor installed and successfully started +" +fi + +# add V3 authorized_clients public key if one exists +if [[ "$TOR_PUBKEY" != "" ]] && [[ "$TOR_PUBKEY" != "__UNDEFINED__" ]]; then + # create the directory manually incase tor.service did not restart quickly enough + mkdir /var/lib/tor/standup/authorized_clients + + # need to assign the owner + chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients + + # Create the file for the pubkey + touch /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Write the pubkey to the file + echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth + + # Restart tor for authentication to take effect + sudo systemctl restart tor.service + + echo " + $MESSAGE_PREFIX Successfully added Tor V3 authentication + " + +else + echo " + $MESSAGE_PREFIX No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet + " +fi diff --git a/Scripts/scripts-conf/ss_05.1_hwi.sh b/Scripts/scripts-conf/ss_05.1_hwi.sh new file mode 100644 index 0000000..a85b6ea --- /dev/null +++ b/Scripts/scripts-conf/ss_05.1_hwi.sh @@ -0,0 +1,25 @@ +#!/bin/bash + +# NOT YET IMPLEMENTED + +# standup - bitcoin-core hwi (Hardware Wallet Interface) +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" +# check dependencies + +apt install libusb-1.0-0-dev libudev-dev python3-dev + +# install hwi + +sudo -u standup git clone https://github.com/bitcoin-core/HWI.git -O ~standup/downloads/HWI +cd ~standup/downloads/HWI +poetry install # or 'pip3 install .' or 'python3 setup.py install' + +# create script to setup device + +# hwi: https://github.com/bitcoin-core/HWI +# specter: https://github.com/cryptoadvance/specter-desktop +# lily: https://github.com/KayBeSee/lily-wallet \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_05_bitcoin.sh b/Scripts/scripts-conf/ss_05_bitcoin.sh new file mode 100644 index 0000000..eede862 --- /dev/null +++ b/Scripts/scripts-conf/ss_05_bitcoin.sh @@ -0,0 +1,256 @@ +#!/bin/bash + +# standup script - bitcoin installation + +#### +# 5. Install Bitcoin +#### + +echo " + +---------------- + $MESSAGE_PREFIX Installing Bitcoin +---------------- +" +# Download Bitcoin + +# CURRENT BITCOIN RELEASE: +# Change as necessary +export BITCOIN="bitcoin-core-0.20.0" +export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` + +# # get bitcoin tar.gz, shasums and signing keys +# clearnet +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz +# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc + +# onionnet +# If the script fails to download bitcoin-core using the onion link then the onion link might have changed. Check for the updated link here: https://bitcoincore.org/en/2020/03/27/hidden-service/ +# OR alternatively uncomment the clearnet links to download bitcoin over clearnet. +if ! [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]]; then + echo " +---------------- +$MESSAGE_PREFIX Downloading $BITCOIN, this will take a while! +---------------- + " +sudo -u standup torsocks wget --progress=bar:force http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz +fi + +if [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]]; then + echo " +$MESSAGE_PREFIX $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ + " + echo " +$MESSAGE_PREFIX downloading SHA256SUMS.asc for $BITCOIN + " +sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc +else + return 100 +fi + +if [[ -f ~standup/SHA256SUMS.asc ]]; then + echo " +$MESSAGE_PREFIX SHA256SSUMS.asc exists at /home/standup/ +" +fi + +if ! [[ -f ~standup/laanwj-releases.asc ]]; then + echo " +$MESSAGE_PREFIX downloading laanwj-release signature +" +sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc +fi + +# Verifying Bitcoin: Signature +echo " +----------------- +$MESSAGE_PREFIX Verifying Bitcoin. +----------------- +" + +sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc +export BTC_SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature" | awk '{print $2, $3}'` + +if [[ $BTC_SHASIG ]]; then + echo " +$MESSAGE_PREFIX VERIFICATION SUCCESS / SIG: $BTC_SHASIG + " +else + (>&2 echo " + $MESSAGE_PREFIX VERIFICATION ERROR: Signature for Bitcoin did not verify! + ") + return 101 +fi + +# Verify Bitcoin: SHA +export BTC_TARSHA256=`/usr/bin/sha256sum ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` +export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep "$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` + +if [[ "$BTC_TARSHA256" = "$BTC_EXPECTEDSHA256" ]]; then + echo " +$MESSAGE_PREFIX VERIFICATION SUCCESS / SHA: $BTC_TARSHA256 + " +else + (>&2 echo " + $MESSAGE_PREFIX VERIFICATION ERROR: SHA for Bitcoin did not match! + ") + return 102 +fi + +# Install Bitcoin +sudo -u standup /bin/tar xzf ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -C ~standup +/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/"$BITCOINPLAIN"/bin/* +/bin/rm -rf ~standup/"$BITCOINPLAIN"/ + +# Start Up Bitcoin +echo " +$MESSAGE_PREFIX Configuring Bitcoin. +" + +sudo -u standup /bin/mkdir ~standup/.bitcoin + +RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) + +if [[ "$PRUNE" -eq 0 ]] || [[ "$PRUNE" == "__UNDEFINED__" ]]; then + PRUNE="" +fi + +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +# launches bitcoind as server to accept rpc connections +server=1 + +debug=tor + +# prune +prune=$PRUNE + +# rpc credentials +rpcuser=StandUp +rpcpassword=$RPCPASSWORD +rpcallowip=127.0.0.1 + +# zmq +zmqpubrawblock=tcp://127.0.0.1:28332 +zmqpubrawtx=tcp://127.0.0.1:28333 +EOF + +if [[ -z "$PRUNE" ]] || [[ "$PRUNE" == "__UNDEFINED__" ]]; then + cat >> ~standup/.bitcoin/bitcoin.conf << EOF + txindex=1 +EOF +fi + +# you are adding anything to the config file then add before this block else, the settings will only be affected in the specified network block. +# conversely, add settings specific to a particular network in their respective blocks. +cat >> ~standup/.bitcoin/bitcoin.conf << EOF +[test] +rpcbind=127.0.0.1 +rpcport=18332 +[main] +rpcbind=127.0.0.1 +rpcport=8332 +[regtest] +rpcbind=127.0.0.1 +rpcport=18443 +EOF + +/bin/chown standup ~standup/.bitcoin/bitcoin.conf +/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf + +# Setup bitcoind as a service that requires Tor +echo " +$MESSAGE_PREFIX Setting up Bitcoin as a systemd service. +" + +sudo cat > /etc/systemd/system/bitcoind.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments +# in ExecStart= + +[Unit] +Description=Bitcoin daemon +After=tor.service +Requires=tor.service + +[Service] +ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf +# Process management +#################### +Type=simple +PIDFile=/run/bitcoind/bitcoind.pid +Restart=on-failure + +# Directory creation and permissions +#################################### +# Run as bitcoin:bitcoin +User=standup +Group=sudo +# /run/bitcoind +RuntimeDirectory=bitcoind +RuntimeDirectoryMode=0710 + +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target +EOF + + +# enable lightnind service +echo " +$MESSAGE_PREFIX Starting bitcoind service +" +sudo systemctl restart tor +sleep 4 +sudo systemctl enable bitcoind.service +sudo systemctl start bitcoind.service + +#### +# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display +#### +if [[ $(systemctl status bitcoind | grep active | awk '{print $2}') = "active" ]]; then + # Get the Tor onion address for the QR code + HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) + + # Create the QR string + QR="btcstandup://StandUp:"$RPCPASSWORD"@"$HS_HOSTNAME":1309/?label=StandUp.sh" + + # Display the uri text incase QR code does not work + echo " + ***********************************************************************************************************************" + echo "StandUp - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" + echo "$QR" + echo "*********************************************************************************************************************** + " + echo " +$MESSAGE_PREFIX Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor + " + echo " +$MESSAGE_PREFIX You can manually stop Bitcoin with: sudo systemctl stop bitcoind + " + echo " +$MESSAGE_PREFIX You can manually start Bitcoin with: sudo systemctl start bitcoind + " +else + echo " +ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. + " +fi diff --git a/Scripts/scripts-conf/ss_06.1_rtl.sh b/Scripts/scripts-conf/ss_06.1_rtl.sh new file mode 100644 index 0000000..68d16ed --- /dev/null +++ b/Scripts/scripts-conf/ss_06.1_rtl.sh @@ -0,0 +1,45 @@ +#!/bin/bash + +# NOT YET IMPLEMENTED + +# standup - Ride The Lightning + +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" + +# dependencies +apt install nodejs npm +echo " +----------- +$MESSAGE_PREFIX Node.js version $(node -v) installed. +----------- +" + +# get repo and install +sudo -u standup git clone https://github.com/Ride-The-Lightning/RTL.git ~standup/RTL +cd ~standup/RTL +npm install --only=prod +mv ./sample-RTL-Config.json RTL-config.json + +if [[ "$LIGHTNING" = "lnd" ]] +then + # find admin.macroon & lnd.conf + # update rtl-config +elif [[ "$LIGHTNING" = "c-lightning" ]] +then + # install cl-rest + # rename sample-cl-rest-config.json to cl-rest-config.json + # update cl-rest-config + # locate acess.macroon from cl-rest + # update rtl-config +fi + +# create executable script to start rtl + +# links: +# lnd: https://github.com/Ride-The-Lightning/RTL +# cln: https://github.com/Ride-The-Lightning/c-lightning-REST +# cl-rest: https://github.com/Ride-The-Lightning/c-lightning-REST \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_06_c-lightning.sh b/Scripts/scripts-conf/ss_06_c-lightning.sh new file mode 100644 index 0000000..da60413 --- /dev/null +++ b/Scripts/scripts-conf/ss_06_c-lightning.sh @@ -0,0 +1,125 @@ +#!/bin/bash + +# standup script - install c-lightning + +echo " +---------------- + $MESSAGE_PREFIX installing c-lightning +---------------- +" + +export CLN_VERSION="v0.8.2.1" +export LIGHTNING_DIR="~standup/.lightning" + +echo " + +$MESSAGE_PREFIX installing c-lightning dependencies + +" + +apt-get install -y \ +autoconf automake build-essential git libtool libgmp-dev \ +libsqlite3-dev python3 python3-mako net-tools zlib1g-dev \ +libsodium-dev gettext valgrind python3-pip libpq-dev + +echo " +$MESSAGE_PREFIX downloading & Installing c-lightning +" +# get & compile clightning from github +sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning +cd ~standup/lightning +git checkout $CLN_VERSION +python3 -m pip install -r requirements.txt +./configure +make -j$(nproc --ignore=1) --quiet +sudo make install + +# get back to script directory +cd - + +# lightningd config +mkdir -m 760 "$LIGHTNING_DIR" +chown standup -R "$LIGHTNING_DIR" +cat >> "$LIGHTNING_DIR"/config << EOF +alias=StandUp +log-level=debug +log-prefix=standup +proxy=127.0.0.1:9050 +bind-addr=127.0.0.1:9735 +addr=statictor:127.0.0.1:9051 +always-use-proxy=true +EOF + +/bin/chmod 640 "$LIGHTNING_DIR"/config + +# add tor configuration to torrc +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServiceDir \/var\/lib\/tor\/lightningd-service_v3\/\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc + +echo " +$MESSAGE_PREFIX Setting up c-lightning as a systemd service. +" + +cat > /etc/systemd/system/lightningd.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit bitcoind.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/lightning/config, except for those explicitly specified as arguments +# in ExecStart= +[Unit] +Description=c-lightning daemon +After=tor.service +Requires=tor.service +[Service] +ExecStart=/usr/local/bin/lightningd -conf=/home/standup/.lightning/config +# Process management +#################### +Type=simple +PIDFile=/run/lightning/lightningd.pid +Restart=on-failure +# Directory creation and permissions +#################################### +# Run as lightningd:lightningd +User=standup +Group=standup +# /run/lightningd +RuntimeDirectory=lightningd +RuntimeDirectoryMode=0710 +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true +[Install] +WantedBy=multi-user.target +EOF + +# enable lightnind service +sudo systemctl restart tor +sleep 4 +sudo systemctl enable lightningd.service +sudo systemctl start lightningd.service + +if [ $(systemctl status lightningd | grep active | awk '{print $2}') = "active" ]; then + echo " +$MESSAGE_PREFIX c-lightning Installed and started + Wait for the bitcoind to fully sync with the blockchain and then interact with lightningd. + " +else + echo " +$MESSAGE_PREFIX c-lightning not yet active. + " +fi \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_06_lnd.sh b/Scripts/scripts-conf/ss_06_lnd.sh new file mode 100644 index 0000000..4c0cd48 --- /dev/null +++ b/Scripts/scripts-conf/ss_06_lnd.sh @@ -0,0 +1,194 @@ +#!/bin/bash + +# standup script - install lnd + +echo " +---------------- + $MESSAGE_PREFIX installing LND +---------------- +" + +# install Go +GO_VERSION="go1.14.4" +OS="linux" +ARCH="amd64" +GOSHA="aed845e4185a0b2a3c3d5e1d0a35491702c55889192bb9c30e67a3de6849c067" + +## check & remove older go version +if [[ -n $(which go) ]]; then + if [[ $(go version | awk '{print $3}') != "$GO_VERSION" ]]; then + rm -rf /usr/local/go + fi +fi + +## get go +sudo -u standup wget --progress=bar:force https://dl.google.com/go/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -O ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz +GOTARSHA=$(sudo -u standup /usr/bin/sha256sum ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz | awk -F " " '{ print $1 }') + +if [[ "$GOTARSHA" != "$GOSHA" ]]; then + echo " + $MESSAGE_PREFIX Go checksum validation failed. Exiting. + " + return 201 +else + echo " + $MESSAGE_PREFIX Go checksum validated. Continuing with installing LND. + " +fi + +# get go_sha from website to check +sudo -u standup /bin/tar xzf ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -C ~standup +sudo mv ~standup/go /usr/local + +export PATH="$PATH":/usr/local/go/bin:"$GOPATH"/bin +export GOPATH=~standup/gocode + +# test go +if [[ $(go version | awk '{print $3}') = "$GO_VERSION" ]]; then + echo " +$MESSAGE_PREFIX $GO_VERSION successfully installed + " +else + echo " +$MESSAGE_PREFIX Go not installed, cannot install lnd + " + return 202 +fi + +# build lnd +LND_LATEST_TAG="v0.9.2-beta" +echo " +$MESSAGE_PREFIX getting lnd... depending on your network it can take more than an hour. With good network it usually takes about 5-10 mins. +" +go get -d github.com/lightningnetwork/lnd +git checkout $LND_LATEST_TAG +cd "$GOPATH"/src/github.com/lightningnetwork/lnd +make +make install # installs to /home/standup/gocode/bin which is $GOPATH/bin + +# go back to script directory +cd - + +sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin + +# create necessary directories +mkdir -p /etc/lnd +mkdir -p /var/lib/lnd +chown standup:standup -R /var/lib/lnd + +BTC_NETWORK="" +if [[ "$NETWORK" = "mainnet" ]]; then + BTC_NETWORK="bitcoin.mainnet=1" +elif [[ "$NETWORK" = "testnet" ]]; then + BTC_NETWORK="bitcoin.testnet=1" +else + BTC_NETWORK="bitcoin.regtest=1" +fi + +BITCOINDRPC_USER=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcuser | awk -F = '{print $2}') +BITCOINRPC_PASS=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcpassword | awk -F = '{print $2}') + +# create lnd config +cat > /etc/lnd/lnd.conf << EOF +[Application Options] +datadir=/var/lib/lnd/data +tlscertpath=/var/lib/lnd/tls.cert +tlskeypath=/var/lib/lnd/tls.key +logdir=/var/lib/lnd/logs +maxlogfiles=3 +maxlogfilesize=10 +#externalip=1.1.1.1 # change to your public IP address if required. +alias=$LN_ALIAS +listen=0.0.0.0:9735 +debuglevel=debug + +[Bitcoin] +bitcoin.active=1 +bitcoin.node=bitcoind +$BTC_NETWORK + +#[Bitcoind] +#bitcoind.rpchost=localhost +#bitcoind.rpcuser=$BITCOINRPC_USER +#bitcoind.rpcpass=$BITCOINRPC_PASS +#bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 +#bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 + +[tor] +tor.active=true +tor.v3=true +EOF + +# set appropriate permissions +chmod 644 /etc/lnd/lnd.conf + +# create soft link to the lnd data dir +ln -s /var/lib/lnd ~standup/.lnd + +# add tor configuration to torrc +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc + +# create systemd service +cat > /etc/systemd/system/lnd.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit lnd.service +# See "man systemd.service" for details. +# Note that almost all daemon options could be specified in +# /etc/lnd/lnd.conf, except for those explicitly specified as arguments +# in ExecStart= + +[Unit] +Description=LND Lightning Network Daemon +Requires=bitcoind.service +After=bitcoind.service + +[Service] +ExecStart=/usr/bin/lnd --configfile=/etc/lnd/lnd.conf +ExecStop=/usr/bin/lncli --lnddir /var/lib/lnd stop +PIDFile=/run/lnd/lnd.pid + +User=standup +Group=standup + +Type=simple +KillMode=process +TimeoutStartSec=60 +TimeoutStopSec=60 +Restart=always +RestartSec=60 + +[Install] +WantedBy=multi-user.target +EOF + + +# enable lnd service +sudo systemctl restart tor +sleep 4 +sudo systemctl enable lnd +sudo systemctl start lnd + +# check if lnd running +echo " +$MESSAGE_PREFIX Checking if LND is running +" +LND_VERSION=$(lnd --version) + +if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]]; then + echo " + $MESSAGE_PREFIX installed $LND_VERSION + $MESSAGE_PREFIX LND service now is active. + " + echo "LND is fully active and working with Tor. +To interact with LND first create a wallet (without the $): + $ lncli create + " +else + echo " + $MESSAGE_PREFIX LND not yet active. Check manually using (without the $) : + $ sudo systemctl status lnd + " +fi diff --git a/Scripts/scripts-conf/ss_07_btcpayserver.sh b/Scripts/scripts-conf/ss_07_btcpayserver.sh new file mode 100644 index 0000000..38f374e --- /dev/null +++ b/Scripts/scripts-conf/ss_07_btcpayserver.sh @@ -0,0 +1,92 @@ +#!/bin/bash + +# standup - install btcpayserver + +echo " +---------------- + $MESSAGE_PREFIX Installing BTCPay Server +---------------- +" + +if "$BTCPAYSERVER" && [[ -z "$BTCPAY_HOST" ]] || [[ "$BTCPAY_HOST" == "__UNDEFINED__" ]]; then + echo "You provided the '--btcpay' flag but didn't provide --btcpay-host" + while [ -z "$BTCPAY_HOST" ]; do + read -rp "Enter domain name where you will host BTCPay Server: " BTCPAY_HOST + done +fi + +if "$BTCPAYSERVER" && [[ -z "$BTCPAY_LN" ]] || [[ "$BTCPAY_LN" == "__UNDEFINED__" ]]; then + echo "You provided the '--btcpay' flag but didn't provide --btcpay-ln" + while [ -z "$BTCPAY_HOST" ]; do + read -rp "Enter lightning network implementation for BTCPay Server: " BTCPAY_LN + done +fi + +# install dependencies +# .NET Core SDK 3.1 +echo " +$MESSAGE_PREFIX installing .NET Core SDK 3.1 .. this will take a while! +" +sudo -u standup wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O ~standup/packages-microsoft-prod.deb +dpkg -i ~standup/packages-microsoft-prod.deb +apt-get update +apt-get install -y dotnet-sdk-3.1 + +# opt out of .NET telemetry +export DOTNET_CLI_TELEMETRY_OPTOUT=1 + +# get btcpay server +echo " +$MESSAGE_PREFIX getting btcpayserver-docker +" +sudo -u standup git clone https://github.com/btcpayserver/btcpayserver-docker ~standup/downloads/btcpayserver-docker +cd ~standup/downloads/btcpayserver-docker + +# set env variables +export BTCPAY_HOST=$BTCPAY_HOST +export NBITCOIN_NETWORK=$NETWORK +export BTCPAYGEN_CRYPTO1="btc" +export BTCPAYGEN_REVERSEPROXY="nginx" +export BTCPAYGEN_LIGHTNING=$BTCPAY_LN +export BTCPAY_ENABLE_SSH=true + +# install +echo " +$MESSAGE_PREFIX installing btcpayserver +" +. ./btcpay-setup.sh -i + +# shut the container +echo " +$MESSAGE_PREFIX shutting down btcpayserver to link existing bitcoin data dir +" +. ./btcpay-down.sh + +# delete _data & create symbolic link to host's bitcoin data +echo " +$MESSAGE_PREFIX removing btcpayserver bitcoin data dir +" +rm -r /var/lib/docker/volumes/generated_bitcoin_datadir/_data +echo " +$MESSAGE_PREFIX creating symlink between host bitcoind data dir and btcpayserver bitcoin data dir +" +ln -s /home/standup/.bitcoin /var/lib/docker/volumes/generated_bitcoin_datadir/_data + +# start btcpay server +echo " +$MESSAGE_PREFIX starting btcpayserver +" +. ./btcpay-up.sh + +BTCPAY_ONION_ADD=$(sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname) +echo " +************************************************************************** +Your BTCPay Server Tor address is: +$BTCPAY_ONION_ADD +************************************************************************** +" +echo " +For further information on btcpay server, go to: +Docs: https://docs.btcpayserver.org +Chat: https://chat.btcpayserver.org +" \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_08_esplora.sh b/Scripts/scripts-conf/ss_08_esplora.sh new file mode 100644 index 0000000..2e65b6f --- /dev/null +++ b/Scripts/scripts-conf/ss_08_esplora.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +# NOT YET IMPLEMENTED + +# standup - esplora + +# install esplora +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" + +# get esplora repo & install +sudo -u standup git clone https://github.com/Blockstream/esplora ~standup/downloads/esplora +cd ~standup/downloads/esplora +$ npm install +$ export API_URL=http://localhost:3000/ # or https://blockstream.info/api/ if you don't have a local API server +# (see more config options below) +$ npm run dev-server + +# edit config + +# link: https://github.com/Blockstream/esplora \ No newline at end of file From 751fd76f2a9aaa2ba7bdc270d2021862849c1609 Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 28 Sep 2020 14:50:31 +0200 Subject: [PATCH 11/16] removed older scripts --- Scripts/scripts-conf/ss conf.defaults | 90 ------ Scripts/scripts/ss_00.1_vps.sh | 63 ---- Scripts/scripts/ss_00_main.sh | 417 -------------------------- Scripts/scripts/ss_01_help.sh | 207 ------------- Scripts/scripts/ss_02_dependencies.sh | 41 --- Scripts/scripts/ss_03_user_ssh.sh | 56 ---- Scripts/scripts/ss_04_tor.sh | 108 ------- Scripts/scripts/ss_05.1_hwi.sh | 25 -- Scripts/scripts/ss_05_bitcoin.sh | 262 ---------------- Scripts/scripts/ss_06.1_rtl.sh | 45 --- Scripts/scripts/ss_06_c-lightning.sh | 121 -------- Scripts/scripts/ss_06_lnd.sh | 201 ------------- Scripts/scripts/ss_07_btcpayserver.sh | 92 ------ Scripts/scripts/ss_08_esplora.sh | 24 -- 14 files changed, 1752 deletions(-) delete mode 100644 Scripts/scripts-conf/ss conf.defaults delete mode 100644 Scripts/scripts/ss_00.1_vps.sh delete mode 100644 Scripts/scripts/ss_00_main.sh delete mode 100644 Scripts/scripts/ss_01_help.sh delete mode 100644 Scripts/scripts/ss_02_dependencies.sh delete mode 100644 Scripts/scripts/ss_03_user_ssh.sh delete mode 100644 Scripts/scripts/ss_04_tor.sh delete mode 100644 Scripts/scripts/ss_05.1_hwi.sh delete mode 100644 Scripts/scripts/ss_05_bitcoin.sh delete mode 100644 Scripts/scripts/ss_06.1_rtl.sh delete mode 100644 Scripts/scripts/ss_06_c-lightning.sh delete mode 100644 Scripts/scripts/ss_06_lnd.sh delete mode 100644 Scripts/scripts/ss_07_btcpayserver.sh delete mode 100644 Scripts/scripts/ss_08_esplora.sh diff --git a/Scripts/scripts-conf/ss conf.defaults b/Scripts/scripts-conf/ss conf.defaults deleted file mode 100644 index 65f7e27..0000000 --- a/Scripts/scripts-conf/ss conf.defaults +++ /dev/null @@ -1,90 +0,0 @@ -################################################ -# Blockchain Commons Standup Script Config file -################################################ - -# To setup a bitcoin server using standup scripts set the following -# environment variables accordingly. - -########################### -# system -########################### -# Promp user befor continuing with the installation. Gives the user -# a chance to check the configuration before installing. Set it to -# true to remove the prompt -NOPROMPT=false -# Set password for user "standup". Good practice to use at least 8 -# character long password. Don't ignore this. -USERPASSWORD= - - -########################### -# vps -########################### -# If you are using a VPS, set it to true and set the HOSTNAME, FQDN & -# REGION variables. -VPS=false -# the name for your server -HOSTNAME= -# the domain name(website) where you will host/access the server. -FQDN= -# the region in which the server is hosted. Required for timezone settings -REGION= - - -########################### -# bitcoind -########################### -# The bitcoin network you want bitcoind to start with. Valid choices: -# mainnet, testnet or regtest -NETWORK=mainnet -# Integer value to specify level of prune node. Minimum value is 550. -PRUNE= -# If you want to speed up the Initial Block Download then set it to true. -# Currently not implemented. It will use the btcpayserver snapshot hosted at: -# -# documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync -# DISCLAIMER: It is always better to let your node validate blocks from the -# beginning. This script uses blockchain data signed by BTCPay Server. -# Trust at your own risk. -FASTSYNC=false -# Choose to install HWI: Hardware Wallet Interface -HWI=false - - -########################### -# lightning -########################### -# Choose your lightning network installation. By default the script will -# not install lightning. Valid options: c-lightning, lnd or empty -LIGHTNING= -# Set alias of your lightning node -LN_ALIAS=StandUp - - -########################### -# services -########################### -# set to true if you want to install an esplora server -ESPLORA=false -# set to true if you want to install btcpay server -BTCPAYSERVER=false - - -########################### -# Tor & SSH -########################### -# set a Tor public key if you have one. -TOR_PUBKEY= -# set an SSH key if you have one. -SSH_KEY= -# set a comma seperated set of white listed IPs that can SSH into the server. -SYS_SSH_IP= - - -########################### -# btcpay server -########################### -# the domain name where you will host your BTCPay Server. -BTCPAY_HOST= -# set the lightning network implementation for your BTCPay Server. -BTCPAY_LN= \ No newline at end of file diff --git a/Scripts/scripts/ss_00.1_vps.sh b/Scripts/scripts/ss_00.1_vps.sh deleted file mode 100644 index 9a129f2..0000000 --- a/Scripts/scripts/ss_00.1_vps.sh +++ /dev/null @@ -1,63 +0,0 @@ -#!/bin/bash - -# standup script - vps hostname settings - -IPADDR="" - -# Check for FQDN & HOSTNAME if --vps -if "$VPS" && [[ -z "$HOSTNAME" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn" - while [ -z "$HOSTNAME" ] - do - read -rp "You need to enter hostname of the server: " HOSTNAME - done -fi - -if "$VPS" && [[ -z "$FQDN" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn." - while [ -z "$FQDN" ] - do - read -rp "You need to enter the fqdn of the server: " FQDN - done -fi - -if "$VPS" && [[ -z "$REGION" ]] -then - echo "You provided the '--vps' flag but didn't provide --region." - while [ -z "$REGION" ] - do - read -rp "You need to enter the region of the server to set the timezone: " REGION - done -fi - -echo " -----------------" -HOSTNAME: $HOSTNAME" > /etc/hostname ----------------- -" -/bin/hostname "$HOSTNAME" - -# Set the variable $IPADDR to the IP address the new Linode receives. -IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') - -echo "$0 - Set hostname as $FQDN ($IPADDR)" -echo " - ***********************" - $MESSAGE_PREFIX TODO: Put $FQDN with IP $IPADDR in your main DNS file." - *********************** -" -echo "$0 - Set Time Zone to $REGION" -echo $REGION > /etc/timezone -cp /usr/share/zoneinfo/${REGION} /etc/localtime - -echo " - $MESSAGE_PREFIX Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file. - " -# Add localhost aliases - -echo "127.0.0.1 localhost" > /etc/hosts -echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts - -echo "$0 - Set localhost" \ No newline at end of file diff --git a/Scripts/scripts/ss_00_main.sh b/Scripts/scripts/ss_00_main.sh deleted file mode 100644 index 525e33e..0000000 --- a/Scripts/scripts/ss_00_main.sh +++ /dev/null @@ -1,417 +0,0 @@ -#!bin/bash - -# standup.sh - -# TODO: Get opinion on `` vs $() as backticks are portable to legacy shells - -set +ex - -# If script not sourced, stop here -if [[ "$0" = "$BASH_SOURCE" ]]; then - echo "This script must be sourced like so: \"source standup.sh\"" - return 1 -fi - -MESSAGE_PREFIX="-------Standup -" - -#### -# Environment Variables -#### - -# system -NOPROMPT=false -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" -LN_ALIAS="StandUp" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor & SSH -TOR_PUBKEY="" -SSH_KEY="" -SYS_SSH_IP="" - -# btcpay server -BTCPAY_HOST="" -BTCPAY_LN="c-lightning" - -#### -# Parsing Arguments -#### -PARAMS="" - -while (( "$#" )); do -key="$1" - case $key in - -h|--help) - source ./ss_01_help.sh - return 3 - ;; - -y) - NOPROMPT=true - shift 1 - ;; - --vps) - VPS=true - shift 1 - ;; - --userpassword) - USERPASSWORD="$2" - shift 1 - shift 1 - ;; - -F|--fqdn) - FQDN="$2" - shift 1 - shift 1 - ;; - -H|--hostname) - HOSTNAME=$2 - shift 1 - shift 1 - ;; - -R|--region) - REGION=$2 - shift 1 - shift 1 - ;; - -n|--network) - if [ "${2:0:1}" = "-" ]; then - echo "Network flag passed without value. Installing default network: mainnet." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" = "mainnet" ]] || [[ "$2" = "testnet" ]] || [[ "$2" = "regtest" ]]; then - NETWORK="$2" - else - echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" - while [[ "$NETWROK" != "mainnet" ]] || [[ "$NETWROK" != "testnet" ]] || [[ "$NETWROK" != "regtest" ]]; do - read -pr "Enter which network do you want to default to: " NETWORK - done - fi - shift 1 - shift 1 - ;; - -p|--prune) - if [ "${2:0:1}" = "-" ]; then - echo "Prune flag passed without value. Installing default: unpruned node." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]]; then - PRUNE="$2" - else - echo "ERROR: Minimum prune value is 550. Passed $2" - # while [[ "$PRUNE" -lt 550 ]]; do - # read -pr "Enter a value above 550 or 0 if you want to install an unpruned node (you can change this later): " PRUNE - # done - return 1 - fi - shift 1 - shift 1 - ;; - --fastsync) - FASTSYNC=true - shift 1 - ;; - --no-hwi) - HWI=false - shift 1 - ;; - --no-ln) - LIGHTNING=false - shift 1 - ;; - -l|--lightning) - if [ "${2:0:1}" = "-" ]; then - echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" - shift 1 - elif [[ -n "$2" ]] && [[ "$2" = "c-lightning" ]] || [[ "$2" = "lnd" ]]; then - LIGHTNING="$2" - else - echo "ERROR: Invalid lightning implementation. Pass 'c-lightning' or 'lnd'. Passed $2." - return 1 - fi - shift 1 - shift 1 - ;; - --ln-alias) - LN_ALIAS="$2" - shift 1 - shift 1 - ;; - -t|--tor-pubkey) - TOR_PUBKEY="$2" - shift 1 - shift 1 - ;; - --ssh-key) - SSH_KEY="$2" - shift 1 - shift 1 - ;; - --sys-ssh-ip) - SYS_SSH_IP="$2" - shift 1 - shift 1 - ;; - --esplora) - ESPLORA=true - shift 1 - ;; - --btcpay) - BTCPAYSERVER=true - shift 1 - ;; - --btcpay-host) - BTCPAY_HOST="$2" - shift 1 - shift 1 - ;; - --btcpay-ln) - BTCPAY_LN="$2" - shift 1 - shift 1 - ;; - --) # end argument parsing - shift 1 - break - ;; - -*|--*=) # unsupported flags - echo "Error: Unsupported flag $1" >&2 - help - return 7 - ;; - *) # preserve positional arguments - PARAMS="$PARAMS $1" - shift 1 - ;; - esac -done -set -- "$PARAMS" # set positional parameters in order - - -#### -# 0. Force check for root -#### - -# if you are not logged in as root then the script will not execute -echo " -----------------" -echo "$MESSAGE_PREFIX Checking if logged in as root." -echo "----------------" -if ! [ "$(id -u)" == 0 ]; then - echo "$MESSAGE_PREFIX You need to be logged in as root!" - return 2 -fi - -echo "$MESSAGE_PREFIX Logged in as root. Continuing with installation. ----------------- -" -# Output stdout and stderr to ~root files -exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) - - -#STARTUP_REGISTER..: $STARTUP_REGISTER -#SYSTEMD_RELOAD....: $SYSTEMD_RELOAD - -echo " ----------SETUP--------- -Parameters Passed: - -System ------- -NOPROMPT......: $NOPROMPT -VPS...........: $VPS -USERPASSWORD..: $USERPASSWORD - -VPS ---- -FQDN..........: $FQDN -HOSTNAME......: $HOSTNAME -REGION........: $REGION - -Bitcoin --------- -NETWORK.......: $NETWORK -PRUNE.........: $PRUNE -FASTSYNC......: $FASTSYNC -HWI...........: $HWI - -Lightning ----------- -LIGHTNING.....: $LIGHTNING -LN_ALIAS......: $LN_ALIAS - -Services ---------- -ESPLORA.......: $ESPLORA -BTCPAYSERVER..: $BTCPAYSERVER - -Tor & SSH ----------- -TOR_PUBKEY....: $TOR_PUBKEY -SSH_KEY.......: $SSH_KEY -SYS_SSH_IP....: $SYS_SSH_IP - -BTCPAY Server -------------- -BTCPAY_HOST...: $BTCPAY_HOST -BTCPAY_LN.....: $BTCPAY_LN -" - - -#### -# 1. Update Hostname and set timezone -#### -# source vps setup script -if "$VPS"; then - source ./ss_00.1_vps.sh -fi - - -# prompt user before continuing with installation -if ! "$NOPROMPT"; then - read -rp "Continue with installation? (Y/n): " confirm -fi - -if [[ "$confirm" != [yY] ]]; then - echo "Entered $confirm. Exiting.." - return 8 -else - NOPROMPT=true - echo "Installing Bitcoin!" -fi - - -#### -# 2. Update Debian, Set autoupdate and Install Dependencies -#### -echo " ----------------- -$MESSAGE_PREFIX Starting Debian updates; this will take a while! ----------------- -" - -# Make sure all packages are up-to-date -apt-get update -apt-get upgrade -y -apt-get dist-upgrade -y - -# source dependency script -source ./ss_02_dependencies.sh - - -#### -# 3. Create user admin -#### -# source user and ssh script -source ./ss_03_user_ssh.sh - - -#### -# 4. Install Tor -#### -# source tor script -source ./ss_04_tor.sh - -# sleep 4 seconds for tor to restart -sleep 4 - -#### -# 5. Install Bitcoin -#### -# source bitcoin script -BITCOIND_VERSION=$(bitcoind --version | grep "Bitcoin Core version | awk '{print $4}'") -if [[ -n "$BITCOIND_VERSION" ]]; then - echo " - ---------------- - $MESSAGE_PREFIX bitcoind is already installed, version: $BITCOIND_VERSION - ---------------- - " - return 0 -else - source ./ss_05_bitcoin.sh -fi - -sleep 4 - -echo " - ----------------- - - $MESSAGE_PREFIX bitcoind service is: $(systemctl status bitcoind | grep active | awk '{print $2}') - ----------------- -" - -#### -# Lightning -#### -# source lightning script -if [[ "$LIGHTNING" = "c-lightning" ]]; then - source ./ss_06_c-lightning.sh -else - source ./ss_06_lnd.sh -fi - - -#### -# BTCPay Server -#### -# source btcpay script -if "$BTCPAYSERVER"; then - source ./ss_07_btcpayserver.sh -fi - -# #### -# # RESET Environment Variables -# #### - -# # system -# NOPROMPT=false -# STARTUP_REGISTER=true -# SYSTEMD_RELOAD=true -# VPS=false -# USERPASSWORD="" - -# # vps -# FQDN="" -# HOSTNAME="" -# REGION="" - -# # bitcoind -# NETWORK="mainnet" -# PRUNE="" -# FASTSYNC=false -# HWI=true - -# # lightning -# LIGHTNING="c-lightning" - -# # services -# ESPLORA=false -# BTCPAYSERVER=false - -# # Tor -# TOR_PUBKEY="" - -# # ssh -# SSH_KEY="" -# SYS_SSH_IP="" - - -# Finished, exit script -exit 0 diff --git a/Scripts/scripts/ss_01_help.sh b/Scripts/scripts/ss_01_help.sh deleted file mode 100644 index 4783ebd..0000000 --- a/Scripts/scripts/ss_01_help.sh +++ /dev/null @@ -1,207 +0,0 @@ -#!/bin/bash - -# standup script help - -# TODO: add bold to flags & vars (echo -e "\x1b[1m bold") or using vars bold=$(tput bold) normal=$(tput sgr0) - -# help definition -function help () { - -# echo -e '' - -bold=$(tput bold) -normal=$(tput sgr0) -underline=$(tput smul) - -cat <<-END - - --------------------------------------- -${bold}Install StandUp Script on this server.${normal} --------------------------------------- - -${underline}standup.sh${normal} - -Blockchain Commons Standup Script -Contributor: jodobear 20-07-03 - -DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, -ideally you should use this as a watch-only wallet. This script is expiramental -and has not been widely tested. The creators are not responsible for loss of -funds. If you are not familiar with running a node or how Bitcoin works then we -urge you to use this in testnet so that you can use it as a learning tool. - -TL;DR: ------- - -Enter the 'scripts' directory and source 'ss.sh' to install the node. - -1. Using cli arguments: ------------------------ -$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip - -This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. - -2. Exporting environment variables: ------------------------------------ -$ export NOPROMPT=true -$ export USERPASSOWRD=password -$ export NETWORK=testnet -$ export LIGHTNING=lnd -$ source ./ss.sh - -This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. - - - -This script can be installed on any Debian based system. By default this script will: - -* Update the OS -* Set Automatic Updates On -* Create User: standup -* Install UFW -* Install Tor -* Install Bitcoin Core -* Install HWI** -* Install c-lightning** -* Setup Bitcoin Core, Lightning settings -* Make sure they start at reboot via systemd -* Start Bitcoin Core, Lightning - -Optionally you can install: ---------------------------- -* Install LND instead of c-lightning -* Install Esplora** -* Install BTCPay** - -** To be implemented - -You can run this script again if you desire to change your configuration. - -Upon completion of the script there will be a QR code saved to /qrcode.png which -you can open and scan. You can use "$ sudo apt-get install fim" then: -"$ fim -a qrcode.png" to display the QR in a terminal (as root). - -It is highly recommended to add a Tor V3 pubkey for cookie authentication so that -even if your QR code is compromised an attacker would not be able to access your -node. It is also recommended to delete the /qrcode.png, /standup.log, and -/standup.err files. - - -------------------------------------- -| Usage | - -------------------------------------- - -0. Prerequisites ----------------- - -In order to run this script you need to be logged in as root, and enter in the commands listed below: - -- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. -- Data fields enclosed in <> are to be filled by you with appropriate values. - -1. Give the root user a password, enter the following command and set a password: -$ sudo passwd - -2. Switch to the root user: -$ su - root - -3. Source the script: -# source standup.sh - -NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: -#export = - -You can use the following optional arguments: - - -h --help : Display this help. - -y : Install without prompting for confirming the setup - - Setup: - ------ - # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. - # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. - -v --vps : Pass when installing on a VPS. - --userpassword : Password for the standup non-privileged account. - - VPS: - ---- - -F --fqdn : Fully Qualified Hostname - -H --hostname : Hostname of your server - -R --region : Server's timezone location - - Bitcoin: - -------- - -f --fastsync : Enables fast synchronization of blockchain*. - -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". - --no-hwi : Do NOT install HWI. - -p --prune : Install a prune node; integer value > 550. - - Lightning: - ---------- - --no-ln : Do NOT install lightning. - -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". - --ln-alias : Enter name for your lightning node. - - Services: - --------- - --btcpay : Installs BTCPay Server. - --esplora : Installs Esplora. - - Tor: - ---- - -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" - - SSH: - ---- - --ssh-key : key for automated SSH logins to standup non-privileged account. - --sys-ssh-ip : Comma separated list of IPs that can use SSH. - -*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. - -2. Environment Variables: -------------------------- - - # system - -------- - NOPROMPT=true/false, set it to install the setup without prompting for confirmation. - # START=true/false, start bitcoind & lightning after installation. Default: true. - # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. - # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. - VPS=true/false, set it to true if setting up on a VPS. Default: false. - USERPASSWORD="", set password for user standup. Default: empty. - - #vps - ---- - FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com - HOSTNAME="", enter your hostname. Example: my-awesome-node. - REGION="", enter your server's timezone location. Example Asia/Singapore. - - # bitcoind - ---------- - NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". - PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). - FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. - HWI=true/false, Choose to install HWI. Default: true. - - # lightning - ----------- - LIGHTNING="c-lightning"/"lnd"/false, choose lightning network implementation or pass --no-ln to not install lightning. Default: "c-lightning". - LN_ALIAS="", enter a name for your lightning node. Default: "Standup. - - # services - ---------- - ESPLORA=true/false, Choose to install Esplora. Default: false. - BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. - # Tor - TOR_PUBKEY="" Tor Public Key. Default: empty. - - # ssh - SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. - SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. - ----------------- - -END -} - -help \ No newline at end of file diff --git a/Scripts/scripts/ss_02_dependencies.sh b/Scripts/scripts/ss_02_dependencies.sh deleted file mode 100644 index afb92c6..0000000 --- a/Scripts/scripts/ss_02_dependencies.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# standup script - install dependencies - -# Install haveged (a random number generator) -echo " ----------------- - $MESSAGE_PREFIX Installing haveged (a random number generator), gnupg2, git & make ----------------- -" -apt-get install haveged gnupg2 git make -y -echo " -$MESSAGE_PREFIX haveged, gnupg2 & git installed successfully -" - -# Set system to automatically update -echo " ----------------- -$MESSAGE_PREFIX setting system to automatically update ----------------- -" -echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections -apt-get -y install unattended-upgrades -echo " -$MESSAGE_PREFIX Debian Packages updated -" -# Get uncomplicated firewall and deny all incoming connections except SSH -if [ -z "$(which ufw)" ] -then - echo " -$MESSAGE_PREFIX Installing ufw - " - apt-get install ufw -fi - -ufw allow ssh -ufw --force enable - -echo " -$MESSAGE_PREFIX ufw is installed and enabled. -" \ No newline at end of file diff --git a/Scripts/scripts/ss_03_user_ssh.sh b/Scripts/scripts/ss_03_user_ssh.sh deleted file mode 100644 index 3f413c7..0000000 --- a/Scripts/scripts/ss_03_user_ssh.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -# standup script - setup user and ssh access - -if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] -then - echo " ----------------- - $MESSAGE_PREFIX Creating user standup ----------------- - " - # Create "standup" group & user with optional password and give them sudo capability - /usr/sbin/groupadd standup - /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup - /usr/sbin/adduser standup sudo - /usr/sbin/adduser standup standup - - echo " - $MESSAGE_PREFIX User standup created with sudo access. - " -else - echo "---------------- - $MESSAGE_PREFIX User standup already exists. - ----------------" -fi - -# Setup SSH Key if the user added one as an argument -if [ -n "$SSH_KEY" ] -then - mkdir ~standup/.ssh - echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys - chown -R standup ~standup/.ssh - echo " ----------------- -$MESSAGE_PREFIX Added .ssh key to standup. ----------------- - " -fi - -# Setup SSH allowed IP's if the user added any as an argument -if [ -n "$SYS_SSH_IP" ] -then - echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow - echo "sshd: ALL" >> /etc/hosts.deny - echo " ----------------- -$MESSAGE_PREFIX Limited SSH access. ----------------- - " -else - echo " - **************** - $MESSAGE_PREFIX WARNING: Your SSH access is not limited; this is a major security hole! - **************** - " -fi \ No newline at end of file diff --git a/Scripts/scripts/ss_04_tor.sh b/Scripts/scripts/ss_04_tor.sh deleted file mode 100644 index e808774..0000000 --- a/Scripts/scripts/ss_04_tor.sh +++ /dev/null @@ -1,108 +0,0 @@ -#!/bin/bash - -# standup script - Tor installation - -#### -# 4. Install latest stable tor -#### - -# Download tor -echo " ----------------- - $MESSAGE_PREFIX Installing Tor ----------------- -" -# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: -if [ -z "$(which apt-transport-https)" ] -then - apt-get install apt-transport-https -y - echo " - $MESSAGE_PREFIX apt-transport-https installed - " -fi - -# To download bitcoin using onion site, we need torsocks -if [ -z "$(which torsocks)" ] -then - apt-get install torsocks -y - echo " - $MESSAGE_PREFIX torsocks installed - " -fi - -# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: -DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') - -# You need to add the following entries to /etc/apt/sources.list: -cat >> /etc/apt/sources.list << EOF -deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -EOF - -# Then add the gpg key used to sign the packages by running: -# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 -sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import -sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - - -# Update system, install and run tor as a service -sudo apt update -sudo apt install tor deb.torproject.org-keyring -y - -# Setup hidden service -sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc -sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc -# for c-lightning -sed -i -e 's/#CookieAuthFileGroupReadable 1/CookieAuthFileGroupReadable 1/g' /etc/tor/torrc -sed -i -e 's/## address y:z./## address y:z.\ -\ -HiddenServiceDir \/var\/lib\/tor\/standup\/\ -HiddenServiceVersion 3\ -HiddenServicePort 1309 127.0.0.1:18332\ -HiddenServicePort 1309 127.0.0.1:18443\ -HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc - -mkdir /var/lib/tor/standup -chown -R debian-tor:debian-tor /var/lib/tor/standup -chmod 700 /var/lib/tor/standup - -# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind -sudo usermod -a -G debian-tor standup - -# Restart tor to create the HiddenServiceDir -sudo systemctl restart tor.service - - -if [ "$(systemctl is-active tor) | grep active" ] -then -echo " -$MESSAGE_PREFIX Tor installed and successfully started -" -fi - -# add V3 authorized_clients public key if one exists -if ! [ "$TOR_PUBKEY" == "" ] -then - # create the directory manually incase tor.service did not restart quickly enough - mkdir /var/lib/tor/standup/authorized_clients - - # need to assign the owner - chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients - - # Create the file for the pubkey - touch /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Write the pubkey to the file - echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Restart tor for authentication to take effect - sudo systemctl restart tor.service - - echo " - $MESSAGE_PREFIX Successfully added Tor V3 authentication - " - -else - echo " - $MESSAGE_PREFIX No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet - " -fi diff --git a/Scripts/scripts/ss_05.1_hwi.sh b/Scripts/scripts/ss_05.1_hwi.sh deleted file mode 100644 index a85b6ea..0000000 --- a/Scripts/scripts/ss_05.1_hwi.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# NOT YET IMPLEMENTED - -# standup - bitcoin-core hwi (Hardware Wallet Interface) -echo " ----------------- - $MESSAGE_PREFIX Installing Esplora ----------------- -" -# check dependencies - -apt install libusb-1.0-0-dev libudev-dev python3-dev - -# install hwi - -sudo -u standup git clone https://github.com/bitcoin-core/HWI.git -O ~standup/downloads/HWI -cd ~standup/downloads/HWI -poetry install # or 'pip3 install .' or 'python3 setup.py install' - -# create script to setup device - -# hwi: https://github.com/bitcoin-core/HWI -# specter: https://github.com/cryptoadvance/specter-desktop -# lily: https://github.com/KayBeSee/lily-wallet \ No newline at end of file diff --git a/Scripts/scripts/ss_05_bitcoin.sh b/Scripts/scripts/ss_05_bitcoin.sh deleted file mode 100644 index c63a1b9..0000000 --- a/Scripts/scripts/ss_05_bitcoin.sh +++ /dev/null @@ -1,262 +0,0 @@ -#!/bin/bash - -# standup script - bitcoin installation - -#### -# 5. Install Bitcoin -#### - -echo " ----------------- - $MESSAGE_PREFIX Installing Bitcoin ----------------- -" -# Download Bitcoin - -# CURRENT BITCOIN RELEASE: -# Change as necessary -export BITCOIN="bitcoin-core-0.20.0" -export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` - -# # get bitcoin tar.gz, shasums and signing keys -# clearnet -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc - -# onionnet -# If the script fails to download bitcoin-core using the onion link then the onion link might have changed. Check for the updated link here: https://bitcoincore.org/en/2020/03/27/hidden-service/ -# OR alternatively uncomment the clearnet links to download bitcoin over clearnet. -if ! [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] -then - echo " ----------------- -$MESSAGE_PREFIX Downloading $BITCOIN, this will take a while! ----------------- - " -sudo -u standup torsocks wget --progress=bar:force http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -fi - -if [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "$MESSAGE_PREFIX $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/" - echo "" - echo "$MESSAGE_PREFIX downloading SHA256SUMS.asc for $BITCOIN" - echo "" -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -else - return 100 -fi - -if [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "$MESSAGE_PREFIX SHA256SSUMS.asc exists at /home/standup/" -fi - -if ! [[ -f ~standup/laanwj-releases.asc ]] -then - echo "$MESSAGE_PREFIX downloading laanwj-release signature" -sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc -fi - -# Verifying Bitcoin: Signature -echo " ------------------ -$MESSAGE_PREFIX Verifying Bitcoin. ------------------ -" - -sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc -export BTC_SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo " -$MESSAGE_PREFIX BTC_SHASIG is $BTC_SHASIG -" - -if [[ $BTC_SHASIG ]] -then - echo " - $MESSAGE_PREFIX VERIFICATION SUCCESS / SIG: $BTC_SHASIG - " -else - (>&2 echo " - $MESSAGE_PREFIX VERIFICATION ERROR: Signature for Bitcoin did not verify! - ") - return 101 -fi - -# Verify Bitcoin: SHA -export BTC_TARSHA256=`/usr/bin/sha256sum ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` -export BTC_EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep "$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz | awk '{print $1}'` - -if [[ "$BTC_TARSHA256" = "$BTC_EXPECTEDSHA256" ]] -then - echo " - $MESSAGE_PREFIX VERIFICATION SUCCESS / SHA: $BTC_TARSHA256 - " -else - (>&2 echo " - $MESSAGE_PREFIX VERIFICATION ERROR: SHA for Bitcoin did not match! - ") - return 102 -fi - -# Install Bitcoin -echo " ----------------- -$MESSAGE_PREFIX Installing Bitcoin. ----------------- -" - -sudo -u standup /bin/tar xzf ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -C ~standup -/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/"$BITCOINPLAIN"/bin/* -/bin/rm -rf ~standup/"$BITCOINPLAIN"/ - -# Start Up Bitcoin -echo " -$MESSAGE_PREFIX Configuring Bitcoin. -" - -sudo -u standup /bin/mkdir ~standup/.bitcoin - -RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) - -if [[ "$PRUNE" -eq 0 ]] -then - PRUNE="" -fi - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -# launches bitcoind as server to accept rpc connections -server=1 - -debug=tor - -# prune -prune=$PRUNE - -# rpc credentials -rpcuser=StandUp -rpcpassword=$RPCPASSWORD -rpcallowip=127.0.0.1 - -# zmq -zmqpubrawblock=tcp://127.0.0.1:28332 -zmqpubrawtx=tcp://127.0.0.1:28333 -EOF - -if [[ -z "$PRUNE" ]] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - txindex=1 -EOF -fi - -# you are adding anything to the config file then add before this block else, the settings will only be affected in the specified network block. -# conversely, add settings specific to a particular network in their respective blocks. -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -[test] -rpcbind=127.0.0.1 -rpcport=18332 -[main] -rpcbind=127.0.0.1 -rpcport=8332 -[regtest] -rpcbind=127.0.0.1 -rpcport=18443 -EOF - -/bin/chown standup ~standup/.bitcoin/bitcoin.conf -/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf - -# Setup bitcoind as a service that requires Tor -echo " -$MESSAGE_PREFIX Setting up Bitcoin as a systemd service. -" - -sudo cat > /etc/systemd/system/bitcoind.service << EOF -# It is not recommended to modify this file in-place, because it will -# be overwritten during package upgrades. If you want to add further -# options or overwrite existing ones then use -# $ systemctl edit bitcoind.service -# See "man systemd.service" for details. -# Note that almost all daemon options could be specified in -# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments -# in ExecStart= - -[Unit] -Description=Bitcoin daemon -After=tor.service -Requires=tor.service - -[Service] -ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf -# Process management -#################### -Type=simple -PIDFile=/run/bitcoind/bitcoind.pid -Restart=on-failure - -# Directory creation and permissions -#################################### -# Run as bitcoin:bitcoin -User=standup -Group=sudo -# /run/bitcoind -RuntimeDirectory=bitcoind -RuntimeDirectoryMode=0710 - -# Hardening measures -#################### -# Provide a private /tmp and /var/tmp. -PrivateTmp=true -# Mount /usr, /boot/ and /etc read-only for the process. -ProtectSystem=full -# Disallow the process and all of its children to gain -# new privileges through execve(). -NoNewPrivileges=true -# Use a new /dev namespace only populated with API pseudo devices -# such as /dev/null, /dev/zero and /dev/random. -PrivateDevices=true -# Deny the creation of writable and executable memory mappings. -MemoryDenyWriteExecute=true - -[Install] -WantedBy=multi-user.target -EOF - -echo " -$MESSAGE_PREFIX Starting bitcoind service -" - -sudo systemctl enable bitcoind.service -sudo systemctl start bitcoind.service - -#### -# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display -#### -if [[ $(systemctl status bitcoind | grep active | awk '{print $2}') = "active" ]] -then - # Get the Tor onion address for the QR code - HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) - - # Create the QR string - QR="btcstandup://StandUp:"$RPCPASSWORD"@"$HS_HOSTNAME":1309/?label=StandUp.sh" - - # Display the uri text incase QR code does not work - echo "***********************************************************************************************************************" - echo "StandUp - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" - echo "$QR" - echo "***********************************************************************************************************************" - echo "" - echo "$MESSAGE_PREFIX Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor" - echo "" - echo "" - echo "$MESSAGE_PREFIX You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service" - echo "" - echo "" - echo "$MESSAGE_PREFIX You can manually start Bitcoin with: sudo systemctl start bitcoind.service" - echo "" -else - echo "" - echo "ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting." - echo "" -fi diff --git a/Scripts/scripts/ss_06.1_rtl.sh b/Scripts/scripts/ss_06.1_rtl.sh deleted file mode 100644 index 68d16ed..0000000 --- a/Scripts/scripts/ss_06.1_rtl.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# NOT YET IMPLEMENTED - -# standup - Ride The Lightning - -echo " ----------------- - $MESSAGE_PREFIX Installing Esplora ----------------- -" - -# dependencies -apt install nodejs npm -echo " ------------ -$MESSAGE_PREFIX Node.js version $(node -v) installed. ------------ -" - -# get repo and install -sudo -u standup git clone https://github.com/Ride-The-Lightning/RTL.git ~standup/RTL -cd ~standup/RTL -npm install --only=prod -mv ./sample-RTL-Config.json RTL-config.json - -if [[ "$LIGHTNING" = "lnd" ]] -then - # find admin.macroon & lnd.conf - # update rtl-config -elif [[ "$LIGHTNING" = "c-lightning" ]] -then - # install cl-rest - # rename sample-cl-rest-config.json to cl-rest-config.json - # update cl-rest-config - # locate acess.macroon from cl-rest - # update rtl-config -fi - -# create executable script to start rtl - -# links: -# lnd: https://github.com/Ride-The-Lightning/RTL -# cln: https://github.com/Ride-The-Lightning/c-lightning-REST -# cl-rest: https://github.com/Ride-The-Lightning/c-lightning-REST \ No newline at end of file diff --git a/Scripts/scripts/ss_06_c-lightning.sh b/Scripts/scripts/ss_06_c-lightning.sh deleted file mode 100644 index 4f7fd82..0000000 --- a/Scripts/scripts/ss_06_c-lightning.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash - -# standup script - install c-lightning - -echo " ----------------- - $MESSAGE_PREFIX installing c-lightning ----------------- -" - -export CLN_VERSION="v0.8.2.1" -export LIGHTNING_DIR="~standup/.lightning" - -echo " -$MESSAGE_PREFIX installing dependencies -" - -apt-get install -y \ -autoconf automake build-essential git libtool libgmp-dev \ -libsqlite3-dev python3 python3-mako net-tools zlib1g-dev \ -libsodium-dev gettext valgrind python3-pip libpq-dev - -echo " -$MESSAGE_PREFIX downloading & Installing c-lightning -" -# get & compile clightning from github -sudo -u standup git clone https://github.com/ElementsProject/lightning.git ~standup/lightning -cd ~standup/lightning -git checkout $CLN_VERSION -python3 -m pip install -r requirements.txt -./configure -make -j$(nproc --ignore=1) --quiet -sudo make install - -# get back to script directory -cd - - -# lightningd config -mkdir -m 760 "$LIGHTNING_DIR" -chown standup -R "$LIGHTNING_DIR" -cat >> "$LIGHTNING_DIR"/config << EOF -alias=StandUp -log-level=debug -log-prefix=standup -proxy=127.0.0.1:9050 -bind-addr=127.0.0.1:9735 -addr=statictor:127.0.0.1:9051 -always-use-proxy=true -EOF - -/bin/chmod 640 "$LIGHTNING_DIR"/config - -# add tor configuration to torrc -sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ -HiddenServiceDir \/var\/lib\/tor\/lightningd-service_v3\/\ -HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc - -echo " -$MESSAGE_PREFIX Setting up c-lightning as a systemd service. -" - -cat > /etc/systemd/system/lightningd.service << EOF -# It is not recommended to modify this file in-place, because it will -# be overwritten during package upgrades. If you want to add further -# options or overwrite existing ones then use -# $ systemctl edit bitcoind.service -# See "man systemd.service" for details. -# Note that almost all daemon options could be specified in -# /etc/lightning/config, except for those explicitly specified as arguments -# in ExecStart= -[Unit] -Description=c-lightning daemon -After=tor.service -Requires=tor.service -[Service] -ExecStart=/usr/local/bin/lightningd -conf=/home/standup/.lightning/config -# Process management -#################### -Type=simple -PIDFile=/run/lightning/lightningd.pid -Restart=on-failure -# Directory creation and permissions -#################################### -# Run as lightningd:lightningd -User=standup -Group=standup -# /run/lightningd -RuntimeDirectory=lightningd -RuntimeDirectoryMode=0710 -# Hardening measures -#################### -# Provide a private /tmp and /var/tmp. -PrivateTmp=true -# Mount /usr, /boot/ and /etc read-only for the process. -ProtectSystem=full -# Disallow the process and all of its children to gain -# new privileges through execve(). -NoNewPrivileges=true -# Use a new /dev namespace only populated with API pseudo devices -# such as /dev/null, /dev/zero and /dev/random. -PrivateDevices=true -# Deny the creation of writable and executable memory mappings. -MemoryDenyWriteExecute=true -[Install] -WantedBy=multi-user.target -EOF - -sudo systemctl enable lightningd.service -sudo systemctl start lightningd.service - -if [ $(systemctl status lightningd | grep active | awk '{print $2}') = "active" ] -then - echo " - $MESSAGE_PREFIX c-lightning Installed and started - Wait for the bitcoind to fully sync with the blockchain and then interact with lightningd. - " -else - echo " - $MESSAGE_PREFIX c-lightning not yet active. - " -fi \ No newline at end of file diff --git a/Scripts/scripts/ss_06_lnd.sh b/Scripts/scripts/ss_06_lnd.sh deleted file mode 100644 index 7b9533f..0000000 --- a/Scripts/scripts/ss_06_lnd.sh +++ /dev/null @@ -1,201 +0,0 @@ -#!/bin/bash - -# standup script - install lnd - -echo " ----------------- - $MESSAGE_PREFIX installing LND ----------------- -" - -# install Go -GO_VERSION="go1.14.4" -OS="linux" -ARCH="amd64" -GOSHA="aed845e4185a0b2a3c3d5e1d0a35491702c55889192bb9c30e67a3de6849c067" - -## check & remove older go version -if [[ -n $(which go) ]] -then - if [[ $(go version | awk '{print $3}') != "$GO_VERSION" ]] - then - rm -rf /usr/local/go - fi -fi - -## get go -sudo -u standup wget --progress=bar:force https://dl.google.com/go/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -O ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -GOTARSHA=$(sudo -u standup /usr/bin/sha256sum ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz | awk -F " " '{ print $1 }') - -if [[ "$GOTARSHA" != "$GOSHA" ]] -then - echo " - $MESSAGE_PREFIX Go checksum validation failed. Exiting. - " - return 201 -else - echo " - $MESSAGE_PREFIX Go checksum validated. Continuing with installing LND. - " -fi - -# get go_sha from website to check -sudo -u standup /bin/tar xzf ~standup/"$GO_VERSION"."$OS"-"$ARCH".tar.gz -C ~standup -sudo mv ~standup/go /usr/local - -export PATH="$PATH":/usr/local/go/bin:"$GOPATH"/bin -export GOPATH=~standup/gocode - -# test go -if [[ $(go version | awk '{print $3}') = "$GO_VERSION" ]] -then - echo " -$MESSAGE_PREFIX $GO_VERSION successfully installed - " -else - echo " -$MESSAGE_PREFIX Go not installed, cannot install lnd - " - return 202 -fi - -# build lnd -echo " -$MESSAGE_PREFIX getting lnd... depending on your network it can take more than an hour. With good network it usually takes about 5-10 mins. -" -go get -d github.com/lightningnetwork/lnd -cd "$GOPATH"/src/github.com/lightningnetwork/lnd -make -make install # installs to /home/standup/gocode/bin which is $GOPATH/bin - -# go back to script directory -cd - - -LND_VERSION=$(lnd --version) -echo " -$MESSAGE_PREFIX installed $LND_VERSION -" - -sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin - -# create necessary directories -mkdir -p /etc/lnd -mkdir -p /var/lib/lnd -chown standup:standup -R /var/lib/lnd - -BTC_NETWORK="" -if [[ "$NETWORK" = "mainnet" ]] -then - BTC_NETWORK="bitcoin.mainnet=1" -elif [[ "$NETWORK" = "testnet" ]] -then - BTC_NETWORK="bitcoin.testnet=1" -else - BTC_NETWORK="bitcoin.regtest=1" -fi - -BITCOINDRPC_USER=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcuser | awk -F = '{print $2}') -BITCOINRPC_PASS=$(cat ~standup/.bitcoin/bitcoin.conf | grep rpcpassword | awk -F = '{print $2}') - -# create lnd config -cat > /etc/lnd/lnd.conf << EOF -[Application Options] -datadir=/var/lib/lnd/data -tlscertpath=/var/lib/lnd/tls.cert -tlskeypath=/var/lib/lnd/tls.key -logdir=/var/lib/lnd/logs -maxlogfiles=3 -maxlogfilesize=10 -#externalip=1.1.1.1 # change to your public IP address if required. -alias=$LN_ALIAS -listen=0.0.0.0:9735 -debuglevel=debug - -[Bitcoin] -bitcoin.active=1 -bitcoin.node=bitcoind -$BTC_NETWORK - -#[Bitcoind] -#bitcoind.rpchost=localhost -#bitcoind.rpcuser=$BITCOINRPC_USER -#bitcoind.rpcpass=$BITCOINRPC_PASS -#bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332 -#bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333 - -[tor] -tor.active=true -tor.v3=true -EOF - -# set appropriate permissions -chmod 644 /etc/lnd/lnd.conf - -# create soft link to the lnd data dir -ln -s /var/lib/lnd ~standup/.lnd - -# add tor configuration to torrc -sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ -HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc - -# create systemd service -cat > /etc/systemd/system/lnd.service << EOF -# It is not recommended to modify this file in-place, because it will -# be overwritten during package upgrades. If you want to add further -# options or overwrite existing ones then use -# $ systemctl edit lnd.service -# See "man systemd.service" for details. -# Note that almost all daemon options could be specified in -# /etc/lnd/lnd.conf, except for those explicitly specified as arguments -# in ExecStart= - -[Unit] -Description=LND Lightning Network Daemon -Requires=bitcoind.service -After=bitcoind.service - -[Service] -ExecStart=/usr/bin/lnd --configfile=/etc/lnd/lnd.conf -ExecStop=/usr/bin/lncli --lnddir /var/lib/lnd stop -PIDFile=/run/lnd/lnd.pid - -User=standup -Group=standup - -Type=simple -KillMode=process -TimeoutStartSec=60 -TimeoutStopSec=60 -Restart=always -RestartSec=60 - -[Install] -WantedBy=multi-user.target -EOF - - -#enable lnd service -sudo systemctl enable lnd -sudo systemctl start lnd - -# check if lnd running -echo " -$MESSAGE_PREFIX Checking if LND is running -" - -if [[ $(systemctl status lnd | grep active | awk '{print $2}') = "active" ]]; then - echo " - $MESSAGE_PREFIX LND service now is active. - " - echo "LND is fully active and working with Tor. - To interact with LND first create a wallet (without the $): - $ lncli create - " -else - echo " - $MESSAGE_PREFIX LND not yet active. Check manually using (without the $) : - - $ sudo systemctl status lnd - " -fi - diff --git a/Scripts/scripts/ss_07_btcpayserver.sh b/Scripts/scripts/ss_07_btcpayserver.sh deleted file mode 100644 index 7b63300..0000000 --- a/Scripts/scripts/ss_07_btcpayserver.sh +++ /dev/null @@ -1,92 +0,0 @@ -#!/bin/bash - -# standup - install btcpayserver - -echo " ----------------- - $MESSAGE_PREFIX Installing BTCPay Server ----------------- -" - -if "$BTCPAYSERVER" && [[ -z "$BTCPAY_HOST" ]]; then - echo "You provided the '--btcpay' flag but didn't provide --btcpay-host" - while [ -z "$BTCPAY_HOST" ]; do - read -rp "Enter domain name where you will host BTCPay Server: " BTCPAY_HOST - done -fi - -if "$BTCPAYSERVER" && [[ -z "$BTCPAY_LN" ]]; then - echo "You provided the '--btcpay' flag but didn't provide --btcpay-ln" - while [ -z "$BTCPAY_HOST" ]; do - read -rp "Enter lightning network implementation for BTCPay Server: " BTCPAY_LN - done -fi - -# install dependencies -# .NET Core SDK 3.1 -echo " -$MESSAGE_PREFIX installing .NET Core SDK 3.1 .. this will take a while! -" -sudo -u standup wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O ~standup/packages-microsoft-prod.deb -dpkg -i ~standup/packages-microsoft-prod.deb -apt-get update -apt-get install -y dotnet-sdk-3.1 - -# opt out of .NET telemetry -export DOTNET_CLI_TELEMETRY_OPTOUT=1 - -# get btcpay server -echo " -$MESSAGE_PREFIX getting btcpayserver-docker -" -sudo -u standup git clone https://github.com/btcpayserver/btcpayserver-docker ~standup/downloads/btcpayserver-docker -cd ~standup/downloads/btcpayserver-docker - -# set env variables -export BTCPAY_HOST=$BTCPAY_HOST -export NBITCOIN_NETWORK=$NETWORK -export BTCPAYGEN_CRYPTO1="btc" -export BTCPAYGEN_REVERSEPROXY="nginx" -export BTCPAYGEN_LIGHTNING=$BTCPAY_LN -export BTCPAY_ENABLE_SSH=true - -# install -echo " -$MESSAGE_PREFIX installing btcpayserver -" -. ./btcpay-setup.sh -i - -# shut the container -echo " -$MESSAGE_PREFIX shutting down btcpayserver to link existing bitcoin data dir -" -. ./btcpay-down.sh - -# delete _data & create symbolic link to host's bitcoin data -echo " -$MESSAGE_PREFIX removing btcpayserver bitcoin data dir -" -rm -r /var/lib/docker/volumes/generated_bitcoin_datadir/_data -echo " -$MESSAGE_PREFIX creating symlink between host bitcoind data dir and btcpayserver bitcoin data dir -" -ln -s /home/standup/.bitcoin /var/lib/docker/volumes/generated_bitcoin_datadir/_data - -# start btcpay server -echo " -$MESSAGE_PREFIX starting btcpayserver -" -. ./btcpay-up.sh - -BTCPAY_ONION_ADD=$(sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname) -echo " -************************************************************************** -Your BTCPay Server Tor address is: -$BTCPAY_ONION_ADD -************************************************************************** -" -echo " -For further information on btcpay server, go to: -Docs: https://docs.btcpayserver.org -Chat: https://chat.btcpayserver.org -" \ No newline at end of file diff --git a/Scripts/scripts/ss_08_esplora.sh b/Scripts/scripts/ss_08_esplora.sh deleted file mode 100644 index 2e65b6f..0000000 --- a/Scripts/scripts/ss_08_esplora.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# NOT YET IMPLEMENTED - -# standup - esplora - -# install esplora -echo " ----------------- - $MESSAGE_PREFIX Installing Esplora ----------------- -" - -# get esplora repo & install -sudo -u standup git clone https://github.com/Blockstream/esplora ~standup/downloads/esplora -cd ~standup/downloads/esplora -$ npm install -$ export API_URL=http://localhost:3000/ # or https://blockstream.info/api/ if you don't have a local API server -# (see more config options below) -$ npm run dev-server - -# edit config - -# link: https://github.com/Blockstream/esplora \ No newline at end of file From 3435a641d06673143c3afee1f9abda4fc72dca08 Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 28 Sep 2020 15:53:39 +0200 Subject: [PATCH 12/16] removed old scripts, updated working & tested scripts --- Scripts/scripts-conf/ss_02_dependencies.sh | 40 ---- Scripts/scripts-conf/ss_05.1_hwi.sh | 25 -- Scripts/scripts-conf/ss_06.1_rtl.sh | 45 ---- Scripts/scripts-conf/ss_08_esplora.sh | 24 -- Scripts/{scripts-conf => scripts}/ss.conf | 79 +++++-- Scripts/scripts/ss.conf.defaults | 124 ++++++++++ .../{scripts-conf => scripts}/ss_00.1_vps.sh | 39 ++-- .../{scripts-conf => scripts}/ss_00_main.sh | 143 ++++++++---- .../{scripts-conf => scripts}/ss_01_help.sh | 14 +- Scripts/scripts/ss_03_user_ssh copy.sh | 57 +++++ .../ss_03_user_ssh.sh | 3 + .../{scripts-conf => scripts}/ss_04_tor.sh | 4 +- .../ss_05_bitcoin.sh | 82 +++++-- .../ss_06_c-lightning.sh | 73 +++++- .../{scripts-conf => scripts}/ss_06_lnd.sh | 9 +- Scripts/scripts/ss_07_esplora.sh | 219 ++++++++++++++++++ .../ss_08_btcpayserver.sh} | 34 +-- 17 files changed, 750 insertions(+), 264 deletions(-) delete mode 100644 Scripts/scripts-conf/ss_02_dependencies.sh delete mode 100644 Scripts/scripts-conf/ss_05.1_hwi.sh delete mode 100644 Scripts/scripts-conf/ss_06.1_rtl.sh delete mode 100644 Scripts/scripts-conf/ss_08_esplora.sh rename Scripts/{scripts-conf => scripts}/ss.conf (60%) create mode 100644 Scripts/scripts/ss.conf.defaults rename Scripts/{scripts-conf => scripts}/ss_00.1_vps.sh (56%) rename Scripts/{scripts-conf => scripts}/ss_00_main.sh (69%) rename Scripts/{scripts-conf => scripts}/ss_01_help.sh (82%) create mode 100644 Scripts/scripts/ss_03_user_ssh copy.sh rename Scripts/{scripts-conf => scripts}/ss_03_user_ssh.sh (92%) rename Scripts/{scripts-conf => scripts}/ss_04_tor.sh (96%) rename Scripts/{scripts-conf => scripts}/ss_05_bitcoin.sh (74%) rename Scripts/{scripts-conf => scripts}/ss_06_c-lightning.sh (61%) rename Scripts/{scripts-conf => scripts}/ss_06_lnd.sh (96%) create mode 100644 Scripts/scripts/ss_07_esplora.sh rename Scripts/{scripts-conf/ss_07_btcpayserver.sh => scripts/ss_08_btcpayserver.sh} (79%) diff --git a/Scripts/scripts-conf/ss_02_dependencies.sh b/Scripts/scripts-conf/ss_02_dependencies.sh deleted file mode 100644 index b52c73a..0000000 --- a/Scripts/scripts-conf/ss_02_dependencies.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/bash - -# standup script - install dependencies - -# Install haveged (a random number generator) -echo " ----------------- - $MESSAGE_PREFIX Installing haveged (a random number generator), gnupg2, git & make ----------------- -" -apt-get install haveged gnupg2 git make -y -echo " -$MESSAGE_PREFIX haveged, gnupg2, git & make installed successfully -" - -# Set system to automatically update -echo " ----------------- -$MESSAGE_PREFIX setting system to automatically update ----------------- -" -echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections -apt-get -y install unattended-upgrades -echo " -$MESSAGE_PREFIX Debian Packages updated -" -# Get uncomplicated firewall and deny all incoming connections except SSH -if [ -z "$(which ufw)" ]; then - echo " -$MESSAGE_PREFIX Installing ufw - " - apt-get install ufw -fi - -ufw allow ssh -ufw --force enable - -echo " -$MESSAGE_PREFIX ufw is installed and enabled. -" \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_05.1_hwi.sh b/Scripts/scripts-conf/ss_05.1_hwi.sh deleted file mode 100644 index a85b6ea..0000000 --- a/Scripts/scripts-conf/ss_05.1_hwi.sh +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# NOT YET IMPLEMENTED - -# standup - bitcoin-core hwi (Hardware Wallet Interface) -echo " ----------------- - $MESSAGE_PREFIX Installing Esplora ----------------- -" -# check dependencies - -apt install libusb-1.0-0-dev libudev-dev python3-dev - -# install hwi - -sudo -u standup git clone https://github.com/bitcoin-core/HWI.git -O ~standup/downloads/HWI -cd ~standup/downloads/HWI -poetry install # or 'pip3 install .' or 'python3 setup.py install' - -# create script to setup device - -# hwi: https://github.com/bitcoin-core/HWI -# specter: https://github.com/cryptoadvance/specter-desktop -# lily: https://github.com/KayBeSee/lily-wallet \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_06.1_rtl.sh b/Scripts/scripts-conf/ss_06.1_rtl.sh deleted file mode 100644 index 68d16ed..0000000 --- a/Scripts/scripts-conf/ss_06.1_rtl.sh +++ /dev/null @@ -1,45 +0,0 @@ -#!/bin/bash - -# NOT YET IMPLEMENTED - -# standup - Ride The Lightning - -echo " ----------------- - $MESSAGE_PREFIX Installing Esplora ----------------- -" - -# dependencies -apt install nodejs npm -echo " ------------ -$MESSAGE_PREFIX Node.js version $(node -v) installed. ------------ -" - -# get repo and install -sudo -u standup git clone https://github.com/Ride-The-Lightning/RTL.git ~standup/RTL -cd ~standup/RTL -npm install --only=prod -mv ./sample-RTL-Config.json RTL-config.json - -if [[ "$LIGHTNING" = "lnd" ]] -then - # find admin.macroon & lnd.conf - # update rtl-config -elif [[ "$LIGHTNING" = "c-lightning" ]] -then - # install cl-rest - # rename sample-cl-rest-config.json to cl-rest-config.json - # update cl-rest-config - # locate acess.macroon from cl-rest - # update rtl-config -fi - -# create executable script to start rtl - -# links: -# lnd: https://github.com/Ride-The-Lightning/RTL -# cln: https://github.com/Ride-The-Lightning/c-lightning-REST -# cl-rest: https://github.com/Ride-The-Lightning/c-lightning-REST \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_08_esplora.sh b/Scripts/scripts-conf/ss_08_esplora.sh deleted file mode 100644 index 2e65b6f..0000000 --- a/Scripts/scripts-conf/ss_08_esplora.sh +++ /dev/null @@ -1,24 +0,0 @@ -#!/bin/bash - -# NOT YET IMPLEMENTED - -# standup - esplora - -# install esplora -echo " ----------------- - $MESSAGE_PREFIX Installing Esplora ----------------- -" - -# get esplora repo & install -sudo -u standup git clone https://github.com/Blockstream/esplora ~standup/downloads/esplora -cd ~standup/downloads/esplora -$ npm install -$ export API_URL=http://localhost:3000/ # or https://blockstream.info/api/ if you don't have a local API server -# (see more config options below) -$ npm run dev-server - -# edit config - -# link: https://github.com/Blockstream/esplora \ No newline at end of file diff --git a/Scripts/scripts-conf/ss.conf b/Scripts/scripts/ss.conf similarity index 60% rename from Scripts/scripts-conf/ss.conf rename to Scripts/scripts/ss.conf index 762fea5..7b6c660 100644 --- a/Scripts/scripts-conf/ss.conf +++ b/Scripts/scripts/ss.conf @@ -6,15 +6,18 @@ # environment variables accordingly by uncommenting and/or setting # appropriate values. +# contributor: jodobear + ########################### # system ########################### -# Promp user befor continuing with the installation. Gives the user +# Prompt user befor continuing with the installation. Gives the user # a chance to check the configuration before installing. Set it to # true to remove the prompt NOPROMPT=false # Set password for user "standup". Good practice to use at least 8 -# character long password. Don't ignore this. +# character long password. +# Don't ignore this. USERPASSWORD= @@ -25,11 +28,23 @@ USERPASSWORD= # REGION variables. VPS=false # the name for your server -#HOSTNAME= +HOSTNAME= # the domain name(website) where you will host/access the server. -#FQDN= +# if you are going to access it locally then you can just use your hostname and add .local like so: hostname.local +FQDN= # the region in which the server is hosted. Required for timezone settings -#REGION= +REGION= + + +########################### +# Tor & SSH +########################### +# set a Tor public key if you have one. +TOR_PUBKEY= +# set an SSH key if you have one. +SSH_KEY= +# set a comma seperated set of white listed IPs that can SSH into the server. +SYS_SSH_IP= ########################### @@ -38,18 +53,22 @@ VPS=false # The bitcoin network you want bitcoind to start with. Valid choices: # mainnet, testnet or regtest NETWORK=mainnet +# specify location where you want to create your bitcoin data directory. +# by defaut it will be /home/standup. +# Do NOT add `/.bitcoin/` it will be created by the script +# This is helpful to reduce costs and/or security +BTC_DATA_DIR=/home/standup # Integer value to specify level of prune node. Minimum value is 550. -#PRUNE= +PRUNE= # If you want to speed up the Initial Block Download then set it to true. -# Currently not implemented. It will use the btcpayserver snapshot hosted at: -# -# documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync +# Currently not implemented. It will use snapshot hosted by btcpayserver. +# Documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync # DISCLAIMER: It is always better to let your node validate blocks from the # beginning. This script uses blockchain data signed by BTCPay Server. # Trust at your own risk. -FASTSYNC=false +# FASTSYNC=false # Choose to install HWI: Hardware Wallet Interface -HWI=false +# HWI=false ########################### @@ -57,11 +76,20 @@ HWI=false ########################### # Choose your lightning network installation. By default the script will # not install lightning. Valid options: c-lightning, lnd or empty -#LIGHTNING= +LIGHTNING= # Set alias of your lightning node LN_ALIAS=StandUp +########################### +# c-lightning options +########################### +# http-plugin +# CLN_HTTP_PLUGIN=flase +# password for http communication +# HTTP_PASS= + + ########################### # services ########################### @@ -72,20 +100,25 @@ BTCPAYSERVER=false ########################### -# Tor & SSH +# Esplora ########################### -# set a Tor public key if you have one. -#TOR_PUBKEY= -# set an SSH key if you have one. -#SSH_KEY= -# set a comma seperated set of white listed IPs that can SSH into the server. -#SYS_SSH_IP= +# enable lightnode? Uses ~50% disk space but, costs ~50% more time for lookups. Good for personal use. +LIGHTMODE=false +# If available RAM is more than 2Gb, set this to `false` for faster sync +LIMIT_BATCH_SIZE=true +# electrs database directory +ELECTRS_DB=/home/standup/electrs_db +# If Esplora is running on a remote machine than Electrs, then set the IP of that machine or to allow requests from everywhere copy and paste this: \'*\' +CORS=localhost +# Enable NoScript prerender server? +# PRERENDER_ASSETS=flase ########################### -# btcpay server +# BTCPAY Server ########################### # the domain name where you will host your BTCPay Server. -#BTCPAY_HOST= -# set the lightning network implementation for your BTCPay Server. -#BTCPAY_LN= \ No newline at end of file +BTCPAY_HOST= +# set the lightning network implementation for your BTCPay Server, +# options: clightning or lnd +BTCPAY_LN= diff --git a/Scripts/scripts/ss.conf.defaults b/Scripts/scripts/ss.conf.defaults new file mode 100644 index 0000000..7b6c660 --- /dev/null +++ b/Scripts/scripts/ss.conf.defaults @@ -0,0 +1,124 @@ +################################################ +# Blockchain Commons Standup Script Config file +################################################ + +# To setup a bitcoin server using standup scripts set the following +# environment variables accordingly by uncommenting and/or setting +# appropriate values. + +# contributor: jodobear + +########################### +# system +########################### +# Prompt user befor continuing with the installation. Gives the user +# a chance to check the configuration before installing. Set it to +# true to remove the prompt +NOPROMPT=false +# Set password for user "standup". Good practice to use at least 8 +# character long password. +# Don't ignore this. +USERPASSWORD= + + +########################### +# vps +########################### +# If you are using a VPS, set it to true and set the HOSTNAME, FQDN & +# REGION variables. +VPS=false +# the name for your server +HOSTNAME= +# the domain name(website) where you will host/access the server. +# if you are going to access it locally then you can just use your hostname and add .local like so: hostname.local +FQDN= +# the region in which the server is hosted. Required for timezone settings +REGION= + + +########################### +# Tor & SSH +########################### +# set a Tor public key if you have one. +TOR_PUBKEY= +# set an SSH key if you have one. +SSH_KEY= +# set a comma seperated set of white listed IPs that can SSH into the server. +SYS_SSH_IP= + + +########################### +# bitcoind +########################### +# The bitcoin network you want bitcoind to start with. Valid choices: +# mainnet, testnet or regtest +NETWORK=mainnet +# specify location where you want to create your bitcoin data directory. +# by defaut it will be /home/standup. +# Do NOT add `/.bitcoin/` it will be created by the script +# This is helpful to reduce costs and/or security +BTC_DATA_DIR=/home/standup +# Integer value to specify level of prune node. Minimum value is 550. +PRUNE= +# If you want to speed up the Initial Block Download then set it to true. +# Currently not implemented. It will use snapshot hosted by btcpayserver. +# Documentation: https://github.com/btcpayserver/btcpayserver-docker/tree/master/contrib/FastSync +# DISCLAIMER: It is always better to let your node validate blocks from the +# beginning. This script uses blockchain data signed by BTCPay Server. +# Trust at your own risk. +# FASTSYNC=false +# Choose to install HWI: Hardware Wallet Interface +# HWI=false + + +########################### +# lightning +########################### +# Choose your lightning network installation. By default the script will +# not install lightning. Valid options: c-lightning, lnd or empty +LIGHTNING= +# Set alias of your lightning node +LN_ALIAS=StandUp + + +########################### +# c-lightning options +########################### +# http-plugin +# CLN_HTTP_PLUGIN=flase +# password for http communication +# HTTP_PASS= + + +########################### +# services +########################### +# set to true if you want to install an esplora server +ESPLORA=false +# set to true if you want to install btcpay server +BTCPAYSERVER=false + + +########################### +# Esplora +########################### +# enable lightnode? Uses ~50% disk space but, costs ~50% more time for lookups. Good for personal use. +LIGHTMODE=false +# If available RAM is more than 2Gb, set this to `false` for faster sync +LIMIT_BATCH_SIZE=true +# electrs database directory +ELECTRS_DB=/home/standup/electrs_db +# If Esplora is running on a remote machine than Electrs, then set the IP of that machine or to allow requests from everywhere copy and paste this: \'*\' +CORS=localhost +# Enable NoScript prerender server? +# PRERENDER_ASSETS=flase + + +########################### +# BTCPAY Server +########################### +# the domain name where you will host your BTCPay Server. +BTCPAY_HOST= +# set the lightning network implementation for your BTCPay Server, +# options: clightning or lnd +BTCPAY_LN= diff --git a/Scripts/scripts-conf/ss_00.1_vps.sh b/Scripts/scripts/ss_00.1_vps.sh similarity index 56% rename from Scripts/scripts-conf/ss_00.1_vps.sh rename to Scripts/scripts/ss_00.1_vps.sh index 72d2149..23dbff4 100644 --- a/Scripts/scripts-conf/ss_00.1_vps.sh +++ b/Scripts/scripts/ss_00.1_vps.sh @@ -6,43 +6,46 @@ IPADDR="" # Check for FQDN & HOSTNAME if --vps if "$VPS" && [[ -z "$HOSTNAME" ]] || [[ "$HOSTNAME" == "__UNDEFINED__" ]]; then - echo "You provided the '--vps' flag but didn't provide --fqdn" + echo " + $MESSAGE_PREFIX Hostname not provided. + " while [ -z "$HOSTNAME" ]; do - read -rp "You need to enter hostname of the server: " HOSTNAME + read -rp "Enter hostname of the server: " HOSTNAME done fi if "$VPS" && [[ -z "$FQDN" ]] || [[ "$FQDN" == "__UNDEFINED__" ]]; then - echo "You provided the '--vps' flag but didn't provide --fqdn." + echo " + $MESSAGE_PREFIX FQDN not provided. Please provide a domain name." while [ -z "$FQDN" ]; do - read -rp "You need to enter the fqdn of the server: " FQDN + read -rp "Enter the fqdn of the server: " FQDN done fi if "$VPS" && [[ -z "$REGION" ]] || [[ "$REGION" == "__UNDEFINED__" ]]; then - echo "You provided the '--vps' flag but didn't provide --region." + echo " + $MESSAGE_PREFIX Region of the server not provided. It is required to set the timezone. + " while [ -z "$REGION" ]; do - read -rp "You need to enter the region of the server to set the timezone: " REGION + read -rp "Enter the region of the server: " REGION done fi -echo " -----------------" -HOSTNAME: $HOSTNAME" > /etc/hostname ----------------- -" +echo $HOSTNAME > /etc/hostname + /bin/hostname "$HOSTNAME" # Set the variable $IPADDR to the IP address the new Linode receives. +apt-get -qq -y install net-tools IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') -echo "$0 - Set hostname as $FQDN ($IPADDR)" +echo "$MESSAGE_PREFIX Set hostname as $FQDN ($IPADDR)" echo " - ***********************" - $MESSAGE_PREFIX TODO: Put $FQDN with IP $IPADDR in your main DNS file." + *********************** + $MESSAGE_PREFIX TODO: Put $FQDN with IP $IPADDR in your main DNS file. *********************** " -echo "$0 - Set Time Zone to $REGION" +echo "$MESSAGE_PREFIX Set Time Zone to $REGION" echo $REGION > /etc/timezone cp /usr/share/zoneinfo/${REGION} /etc/localtime @@ -51,7 +54,7 @@ echo " " # Add localhost aliases -echo "127.0.0.1 localhost" > /etc/hosts -echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts +echo "127.0.0.1 localhost" > /etc/hosts +echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts -echo "$0 - Set localhost" \ No newline at end of file +echo "$MESSAGE_PREFIX - Set localhost" \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_00_main.sh b/Scripts/scripts/ss_00_main.sh similarity index 69% rename from Scripts/scripts-conf/ss_00_main.sh rename to Scripts/scripts/ss_00_main.sh index 6721597..a46d8ca 100644 --- a/Scripts/scripts-conf/ss_00_main.sh +++ b/Scripts/scripts/ss_00_main.sh @@ -2,8 +2,6 @@ # standup.sh -# TODO: Get opinion on `` vs $() as backticks are portable to legacy shells - set +ex # If script not sourced, stop here @@ -12,6 +10,8 @@ if [[ "$0" = "$BASH_SOURCE" ]]; then return 1 fi +SCRIPTS_DIR="$PWD" + # message formatting variables MESSAGE_PREFIX="-------Standup -" bold=$(tput bold) @@ -34,39 +34,53 @@ config_get() { printf -- "%s" "${val}"; } +# Environment Variables # system NOPROMPT="$(config_get NOPROMPT)" -VPS="$(config_get VPS)" USERPASSWORD="$(config_get USERPASSWORD)" # vps +VPS="$(config_get VPS)" FQDN="$(config_get FQDN)" HOSTNAME="$(config_get HOSTNAME)" REGION="$(config_get REGION)" +# Tor & SSH +TOR_PUBKEY="$(config_get TOR_PUBKEY)" +SSH_KEY="$(config_get SSH_KEY)" +SYS_SSH_IP="$(config_get SYS_SSH_IP)" + # bitcoind NETWORK="$(config_get NETWORK)" +BTC_DATA_DIR="$(config_get BTC_DATA_DIR)" PRUNE="$(config_get PRUNE)" -FASTSYNC="$(config_get FASTSYNC)" -HWI="$(config_get HWI)" +# FASTSYNC="$(config_get FASTSYNC)" +# HWI="$(config_get HWI)" # lightning LIGHTNING="$(config_get LIGHTNING)" LN_ALIAS="$(config_get LN_ALIAS)" +# c-lightning +# CLN_HTTP_PLUGIN="$(config_get CLN_HTTP_PLUGIN)" +# HTTP_PASS="$(config_get HTTP_PASS)" + # services ESPLORA="$(config_get ESPLORA)" BTCPAYSERVER="$(config_get BTCPAYSERVER)" -# Tor & SSH -TOR_PUBKEY="$(config_get TOR_PUBKEY)" -SSH_KEY="$(config_get SSH_KEY)" -SYS_SSH_IP="$(config_get SYS_SSH_IP)" +# esplora +LIGHTMODE="$(config_get LIGHTMODE)" +LIMIT_BATCH_SIZE="$(config_get LIMIT_BATCH_SIZE)" +ELECTRS_DB="$(config_get ELECTRS_DB)" +CORS="$(config_get CORS)" +PRERENDER_ASSETS="$(config_get PRERENDER_ASSETS)" # btcpay server BTCPAY_HOST="$(config_get BTCPAY_HOST)" BTCPAY_LN="$(config_get BTCPAY_LN)" + #### # Parsing Arguments #### @@ -77,12 +91,12 @@ key="$1" case $key in -h|--help) source ./ss_01_help.sh - return 3 + return 2 ;; -*|--*=) # unsupported flags echo "Error: Unsupported flag $1" >&2 source ./ss_01_help.sh - return 7 + return 3 ;; *) # preserve positional arguments PARAMS="$PARAMS $1" @@ -113,7 +127,15 @@ echo "$MESSAGE_PREFIX Logged in as root. Continuing with installation. # Output stdout and stderr to ~root files exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) +#### +# 1. Update Hostname and set timezone +#### +# source vps setup script +if "$VPS"; then + source ./ss_00.1_vps.sh +fi +cd "$SCRIPTS_DIR" # Display script configuration echo " @@ -123,52 +145,57 @@ Parameters Passed: System ------ NOPROMPT......: $NOPROMPT -VPS...........: $VPS USERPASSWORD..: $USERPASSWORD VPS --- +VPS...........: $VPS FQDN..........: $FQDN HOSTNAME......: $HOSTNAME REGION........: $REGION +Tor & SSH +---------- +TOR_PUBKEY....: $TOR_PUBKEY +SSH_KEY.......: $SSH_KEY +SYS_SSH_IP....: $SYS_SSH_IP + Bitcoin -------- -NETWORK.......: $NETWORK -PRUNE.........: $PRUNE -FASTSYNC......: $FASTSYNC -HWI...........: $HWI +NETWORK.............: $NETWORK +BTC_DATA_DIR........: $BTC_DATA_DIR +PRUNE...............: $PRUNE Lightning ---------- -LIGHTNING.....: $LIGHTNING -LN_ALIAS......: $LN_ALIAS +LIGHTNING...........: $LIGHTNING +LN_ALIAS............: $LN_ALIAS Services --------- -ESPLORA.......: $ESPLORA -BTCPAYSERVER..: $BTCPAYSERVER +ESPLORA.............: $ESPLORA +BTCPAYSERVER........: $BTCPAYSERVER -Tor & SSH ----------- -TOR_PUBKEY....: $TOR_PUBKEY -SSH_KEY.......: $SSH_KEY -SYS_SSH_IP....: $SYS_SSH_IP +Esplora +------- +LIGHTMODE...........: $LIGHTMODE +LIMIT_BATCH_SIZE....: $LIMIT_BATCH_SIZE +ELECTRS_DB..........: $ELECTRS_DB +CORS................: $CORS +PRERENDER_ASSETS....: $PRERENDER_ASSETS BTCPAY Server ------------- -BTCPAY_HOST...: $BTCPAY_HOST -BTCPAY_LN.....: $BTCPAY_LN +BTCPAY_HOST.........: $BTCPAY_HOST +BTCPAY_LN...........: $BTCPAY_LN " +# FASTSYNC............: $FASTSYNC +# HWI.................: $HWI - -#### -# 1. Update Hostname and set timezone -#### -# source vps setup script -if "$VPS"; then - source ./ss_00.1_vps.sh -fi +# c-lightning +# ----------- +# CLN_HTTP_PLUGIN.....: $CLN_HTTP_PLUGIN +# HTTP_PASS...........: $HTTP_PASS # prompt user before continuing with installation @@ -178,7 +205,7 @@ fi if [[ "$confirm" != [yY] ]]; then echo "Entered $confirm. Exiting.." - return 8 + return 4 else NOPROMPT=true echo "Installing Bitcoin!" @@ -202,6 +229,7 @@ apt-get dist-upgrade -y # source dependency script source ./ss_02_dependencies.sh +cd "$SCRIPTS_DIR" #### # 3. Create user admin @@ -209,6 +237,7 @@ source ./ss_02_dependencies.sh # source user and ssh script source ./ss_03_user_ssh.sh +cd "$SCRIPTS_DIR" #### # 4. Install Tor @@ -219,6 +248,8 @@ source ./ss_04_tor.sh # sleep 4 seconds for tor to restart sleep 4 +cd "$SCRIPTS_DIR" + #### # 5. Install Bitcoin #### @@ -230,40 +261,60 @@ if [[ -n "$BITCOIND_VERSION" ]]; then $MESSAGE_PREFIX bitcoind is already installed, version: $BITCOIND_VERSION ---------------- " - return 0 else source ./ss_05_bitcoin.sh fi sleep 4 +BITCOIND_IS=$(systemctl status bitcoind | grep active | awk '{print $2}') echo " ----------------- +--------------------------------------- - $MESSAGE_PREFIX bitcoind service is: $(systemctl status bitcoind | grep active | awk '{print $2}') + $MESSAGE_PREFIX bitcoind service is: $BITCOIND_IS ----------------- +--------------------------------------- " +cd "$SCRIPTS_DIR" #### # Lightning #### # source lightning script -if [[ "$LIGHTNING" = "c-lightning" ]]; then +if [[ "$LIGHTNING" == "c-lightning" ]]; then source ./ss_06_c-lightning.sh -else +elif [[ "$LIGHTNING" == "lnd" ]]; then source ./ss_06_lnd.sh fi +cd "$SCRIPTS_DIR" #### -# BTCPay Server +# Esplora #### -# source btcpay script -if "$BTCPAYSERVER"; then - source ./ss_07_btcpayserver.sh +# source esplora script +if "$ESPLORA"; then + source ./ss_07_esplora.sh fi +cd "$SCRIPTS_DIR" + +### +# BTCPay Server +### +# source btcpay script +# if "$BTCPAYSERVER"; then +# source ./ss_08_btcpayserver.sh +# fi + +cd "$SCRIPTS_DIR" + +# move the stack scripts to user standup +cp -r $SCRIPTS_DIR ~standup/ +chown standup ~standup/scripts-conf +cd ~standup/scripts-conf +rm -r $SCRIPTS_DIR + # Finished, exit script return 0 diff --git a/Scripts/scripts-conf/ss_01_help.sh b/Scripts/scripts/ss_01_help.sh similarity index 82% rename from Scripts/scripts-conf/ss_01_help.sh rename to Scripts/scripts/ss_01_help.sh index 7af6e4c..233f40f 100644 --- a/Scripts/scripts-conf/ss_01_help.sh +++ b/Scripts/scripts/ss_01_help.sh @@ -18,14 +18,14 @@ ${bold}Blockchain Commons Standup Script${normal} Contributor: jodobear 20-07-03 -${bold}DISCLAIMER:${normal} It is not a good idea to store large amounts of Bitcoin on a VPS, ideally you should use this as a watch-only wallet. This script is expiramental and has not been widely tested. The creators are not responsible for loss of funds. If you are not familiar with running a node or how Bitcoin works then we urge you to use this in testnet so that you can use it as a learning tool. +${bold}DISCLAIMER:${normal} It is not a good idea to store large amounts of Bitcoin on a VPS, ideally you should use this as a watch-only wallet. This script is a work-in-progress and has not been widely tested. The creators are not responsible for loss of funds. If you are not familiar with running a node or how Bitcoin works then we urge you to use this in testnet so that you can use it as a learning tool. -------------------------------------- ${bold} Usage ${normal} -------------------------------------- -The script is inteded for a fresh bitcoin setup. Re-running the script on an already setup server is intended only for advanced user. In order to run this script ${bold}you need to be logged in as root${normal}, and enter in the commands listed below: +The script is inteded for a fresh bitcoin setup. Re-running the script on an already setup server is intended only for advanced users. In order to run this script ${bold}you need to be logged in as root${normal}, and enter in the commands listed below: (The $ or # represents a terminal commmand prompt, do not actually type in a $ or #.) @@ -33,7 +33,7 @@ The script is inteded for a fresh bitcoin setup. Re-running the script on an alr $ ${bold}sudo passwd${normal} 2. Switch to the root user: -$ ${bold}su - root${normal} +$ ${bold}sudo su${normal} 3. Edit config for your node setup using your favourite text editor: # ${bold}nano ss.conf${normal} @@ -58,11 +58,11 @@ This script can be installed on any Debian based system. By default this script Optionally you can install: --------------------------- - Install c-lightning or LND -- Install BTCPay -- Install HWI** -- Install Esplora** +- Install Esplora +- Install BTCPay** -** To be implemented + +** Work-in-progress QR Code: -------- diff --git a/Scripts/scripts/ss_03_user_ssh copy.sh b/Scripts/scripts/ss_03_user_ssh copy.sh new file mode 100644 index 0000000..cbdbdbe --- /dev/null +++ b/Scripts/scripts/ss_03_user_ssh copy.sh @@ -0,0 +1,57 @@ +#!/bin/bash + +# standup script - setup user and ssh access + +if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ]; then + echo " +---------------- + $MESSAGE_PREFIX Creating user standup +---------------- + " + # Create "standup" group & user with optional password and give them sudo capability + /usr/sbin/groupadd standup + /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup + /usr/sbin/adduser standup sudo + /usr/sbin/adduser standup standup + + # make scripts directory for useful scripts + mkdir /home/standup/scripts + chown standup /home/standup/scripts + echo " +$MESSAGE_PREFIX User standup created with sudo access. + " +else + echo " + ---------------- + $MESSAGE_PREFIX User standup already exists. + ----------------" +fi + +# Setup SSH Key if the user added one as an argument +if [ -n "$SSH_KEY" ] && [[ "$SSH_KEY" != "__UNDEFINED__" ]]; then + mkdir ~standup/.ssh + echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys + chown -R standup ~standup/.ssh + echo " +---------------- +$MESSAGE_PREFIX Added .ssh key to standup. +---------------- + " +fi + +# Setup SSH allowed IP's if the user added any as an argument +if [ -n "$SYS_SSH_IP" ] && [[ "$SYS_SSH_IP" != "__UNDEFINED__" ]]; then + echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow + echo "sshd: ALL" >> /etc/hosts.deny + echo " +---------------- +$MESSAGE_PREFIX Limited SSH access. +---------------- + " +else + echo " + **************** + $MESSAGE_PREFIX WARNING: Your SSH access is not limited; this is a major security hole! + **************** + " +fi \ No newline at end of file diff --git a/Scripts/scripts-conf/ss_03_user_ssh.sh b/Scripts/scripts/ss_03_user_ssh.sh similarity index 92% rename from Scripts/scripts-conf/ss_03_user_ssh.sh rename to Scripts/scripts/ss_03_user_ssh.sh index cbf0749..cbdbdbe 100644 --- a/Scripts/scripts-conf/ss_03_user_ssh.sh +++ b/Scripts/scripts/ss_03_user_ssh.sh @@ -14,6 +14,9 @@ if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ]; the /usr/sbin/adduser standup sudo /usr/sbin/adduser standup standup + # make scripts directory for useful scripts + mkdir /home/standup/scripts + chown standup /home/standup/scripts echo " $MESSAGE_PREFIX User standup created with sudo access. " diff --git a/Scripts/scripts-conf/ss_04_tor.sh b/Scripts/scripts/ss_04_tor.sh similarity index 96% rename from Scripts/scripts-conf/ss_04_tor.sh rename to Scripts/scripts/ss_04_tor.sh index d27dae6..9fac91d 100644 --- a/Scripts/scripts-conf/ss_04_tor.sh +++ b/Scripts/scripts/ss_04_tor.sh @@ -53,7 +53,7 @@ sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc sed -i -e 's/#CookieAuthFileGroupReadable 1/CookieAuthFileGroupReadable 1/g' /etc/tor/torrc sed -i -e 's/## address y:z./## address y:z.\ \ -HiddenServiceDir \/var\/lib\/tor\/standup\/\ +HiddenServiceDir \/var\/lib\/tor\/standup\/bitcoin\/\ HiddenServiceVersion 3\ HiddenServicePort 1309 127.0.0.1:18332\ HiddenServicePort 1309 127.0.0.1:18443\ @@ -70,7 +70,7 @@ sudo usermod -a -G debian-tor standup sudo systemctl restart tor.service -if [ "$(systemctl is-active tor) | grep active" ]; then +if [[ -n "$(systemctl is-active tor) | grep active" ]]; then echo " $MESSAGE_PREFIX Tor installed and successfully started " diff --git a/Scripts/scripts-conf/ss_05_bitcoin.sh b/Scripts/scripts/ss_05_bitcoin.sh similarity index 74% rename from Scripts/scripts-conf/ss_05_bitcoin.sh rename to Scripts/scripts/ss_05_bitcoin.sh index eede862..9907f5b 100644 --- a/Scripts/scripts-conf/ss_05_bitcoin.sh +++ b/Scripts/scripts/ss_05_bitcoin.sh @@ -16,7 +16,7 @@ echo " # CURRENT BITCOIN RELEASE: # Change as necessary -export BITCOIN="bitcoin-core-0.20.0" +export BITCOIN="bitcoin-core-0.20.1" export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` # # get bitcoin tar.gz, shasums and signing keys @@ -33,6 +33,7 @@ if ! [[ -f ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz ]]; then $MESSAGE_PREFIX Downloading $BITCOIN, this will take a while! ---------------- " + sudo -u standup torsocks wget --progress=bar:force http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/"$BITCOIN"/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz -O ~standup/"$BITCOINPLAIN"-x86_64-linux-gnu.tar.gz fi @@ -107,25 +108,73 @@ echo " $MESSAGE_PREFIX Configuring Bitcoin. " -sudo -u standup /bin/mkdir ~standup/.bitcoin +# create bitcoin data dir +mkdir $BTC_DATA_DIR/.bitcoin +FULL_BTC_DATA_DIR=$BTC_DATA_DIR/.bitcoin +chown standup $FULL_BTC_DATA_DIR +# create a symlink user standup's home directory. +if [[ "$BTC_DATA_DIR" != /home/standup ]]; then + ln -s $FULL_BTC_DATA_DIR /home/standup/ +fi RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) +RPCUSER="StandUp" if [[ "$PRUNE" -eq 0 ]] || [[ "$PRUNE" == "__UNDEFINED__" ]]; then PRUNE="" fi -cat >> ~standup/.bitcoin/bitcoin.conf << EOF +# # FastSync implementation - WIP +# UTXO_MN_609375_SHA="52f0fc62dd28d016f49a75c22a6fa0827efc730f882bfa8cbc5ef96736d12100" +# UTXO_TN_1445586_SHA="eabaaa717bb8eeaf603e383dd8642d9d34df8e767fccbd208b0c936b79c82742" + +# if "$FASTSYNC" && [[ "$NETWORK" == mainnet ]]; then +# UTXO_DOWNLOAD_LINK="http://utxosets.blob.core.windows.net/public/utxo-snapshot-bitcoin-mainnet-609375.tar" +# TAR_NAME="$(basename UTXO_DOWNLOAD_LINK)" +# echo " +# $MESSAGE_PREFIX downloading mainnet UTXO snapshot from BTCPay server +# " +# wget "$UTXO_DOWNLOAD_LINK" -q --show-progress +# UTXO_DL_SHA="$(sha256sum $TAR_NAME)" +# if [[ "$UTXO_MN_609375_SHA" != "$UTXO_DL_SHA" ]]; then +# echo " +# $MESSAGE_PREFIX the downloaded UTXO set failed SHA verification and is untrested, exiting. +# " +# return 103 +# else +# tar -xf "$TAR_FILE" -C "$FULL_BTC_DATA_DIR" +# fi +# elif "$FASTSYNC" && [[ "$NETWORK" == testnet ]]; then +# UTXO_DOWNLOAD_LINK="http://utxosets.blob.core.windows.net/public/utxo-snapshot-bitcoin-testnet-1445586.tar" +# TAR_NAME="$(basename UTXO_DOWNLOAD_LINK)" +# echo " +# $MESSAGE_PREFIX downloading testnet UTXO snapshot from BTCPay server +# " +# wget "$UTXO_DOWNLOAD_LINK" -q --show-progress +# UTXO_DL_SHA="$(sha256sum $TAR_NAME)" +# if [[ "$UTXO_MN_609375_SHA" != "$UTXO_DL_SHA" ]]; then +# echo " +# $MESSAGE_PREFIX the downloaded UTXO set failed SHA verification and is untrested, exiting. +# " +# return 103 +# else +# tar -xf "$TAR_FILE" -C "$FULL_BTC_DATA_DIR/testnet3" +# fi +# fi + +cat >> $FULL_BTC_DATA_DIR/bitcoin.conf << EOF # launches bitcoind as server to accept rpc connections server=1 - debug=tor +# Specify a non-default location to store blockchain and other data. +datadir=$FULL_BTC_DATA_DIR + # prune prune=$PRUNE # rpc credentials -rpcuser=StandUp +rpcuser=$RPCUSER rpcpassword=$RPCPASSWORD rpcallowip=127.0.0.1 @@ -135,14 +184,14 @@ zmqpubrawtx=tcp://127.0.0.1:28333 EOF if [[ -z "$PRUNE" ]] || [[ "$PRUNE" == "__UNDEFINED__" ]]; then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF + cat >> $FULL_BTC_DATA_DIR/bitcoin.conf << EOF txindex=1 EOF fi # you are adding anything to the config file then add before this block else, the settings will only be affected in the specified network block. # conversely, add settings specific to a particular network in their respective blocks. -cat >> ~standup/.bitcoin/bitcoin.conf << EOF +cat >> $FULL_BTC_DATA_DIR/bitcoin.conf << EOF [test] rpcbind=127.0.0.1 rpcport=18332 @@ -154,8 +203,8 @@ rpcbind=127.0.0.1 rpcport=18443 EOF -/bin/chown standup ~standup/.bitcoin/bitcoin.conf -/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf +/bin/chown standup $FULL_BTC_DATA_DIR/bitcoin.conf +/bin/chmod 740 $FULL_BTC_DATA_DIR/bitcoin.conf # Setup bitcoind as a service that requires Tor echo " @@ -174,11 +223,12 @@ sudo cat > /etc/systemd/system/bitcoind.service << EOF [Unit] Description=Bitcoin daemon -After=tor.service Requires=tor.service +After=tor.service [Service] ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf + # Process management #################### Type=simple @@ -187,9 +237,9 @@ Restart=on-failure # Directory creation and permissions #################################### -# Run as bitcoin:bitcoin +# Run as standup:standup User=standup -Group=sudo +Group=standup # /run/bitcoind RuntimeDirectory=bitcoind RuntimeDirectoryMode=0710 @@ -228,7 +278,7 @@ sudo systemctl start bitcoind.service #### if [[ $(systemctl status bitcoind | grep active | awk '{print $2}') = "active" ]]; then # Get the Tor onion address for the QR code - HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) + HS_HOSTNAME="$(sudo cat /var/lib/tor/standup/bitcoin/hostname)" # Create the QR string QR="btcstandup://StandUp:"$RPCPASSWORD"@"$HS_HOSTNAME":1309/?label=StandUp.sh" @@ -249,6 +299,12 @@ $MESSAGE_PREFIX You can manually stop Bitcoin with: sudo systemctl stop bitcoind echo " $MESSAGE_PREFIX You can manually start Bitcoin with: sudo systemctl start bitcoind " + echo " + $MESSAGE_PREFIX Your bitcoin data directory is: + ----------------------------------------------- + $FULL_BTC_DATA_DIR + ----------------------------------------------- + " else echo " ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. diff --git a/Scripts/scripts-conf/ss_06_c-lightning.sh b/Scripts/scripts/ss_06_c-lightning.sh similarity index 61% rename from Scripts/scripts-conf/ss_06_c-lightning.sh rename to Scripts/scripts/ss_06_c-lightning.sh index da60413..8095bad 100644 --- a/Scripts/scripts-conf/ss_06_c-lightning.sh +++ b/Scripts/scripts/ss_06_c-lightning.sh @@ -8,8 +8,8 @@ echo " ---------------- " -export CLN_VERSION="v0.8.2.1" -export LIGHTNING_DIR="~standup/.lightning" +export CLN_VERSION="v0.9.1" +export LIGHTNING_DIR="/home/standup/.lightning" echo " @@ -35,28 +35,91 @@ make -j$(nproc --ignore=1) --quiet sudo make install # get back to script directory -cd - +cd "$SCRIPTS_DIR" # lightningd config mkdir -m 760 "$LIGHTNING_DIR" chown standup -R "$LIGHTNING_DIR" cat >> "$LIGHTNING_DIR"/config << EOF alias=StandUp -log-level=debug + +log-level=debug:plugin log-prefix=standup + +bitcoin-datadir=$FULL_BTC_DATA_DIR +# bitcoin-rpcuser=**** +# bitcoin-rpcpassword=**** +# bitcoin-rpcconnect=127.0.0.1 +# bitcoin-rpcport=8332 + +# outgoing Tor connection proxy=127.0.0.1:9050 +# listen on all interfaces +bind-addr= +# listen only clearnet bind-addr=127.0.0.1:9735 addr=statictor:127.0.0.1:9051 +# only use Tor for outgoing communication always-use-proxy=true EOF /bin/chmod 640 "$LIGHTNING_DIR"/config +# create log file +touch "$LIGHTNING_DIR"/lightning.log + # add tor configuration to torrc sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ -HiddenServiceDir \/var\/lib\/tor\/lightningd-service_v3\/\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/lightningd-service_v3\/\ +HiddenServiceVersion 3\ HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc +################# +# add http-plugin +################# +if "$CLN_HTTP_PLUGIN"; then + echo " + $MESSAGE_PREFIX installing Rust lang. + " + cd ~standup + /usr/sbin/runuser -l standup -c 'curl https://sh.rustup.rs -sSf | sh -s -- -y' + source ~standup/.cargo/env + echo " + $MESSAGE_PREFIX $(runsuer -l standup rustc - version) installed. + " + # get back to script directory & create plugins direcotry + cd "$SCRIPTS_DIR" + mkdir "$LIGHTNING_DIR"/plugins/ + + # get http-plugin & build + echo " + $MESSAGE_PREFIX getting c-lightning http-plugin. + " + sudo -u standup git clone https://github.com/Start9Labs/c-lightning-http-plugin.git "$LIGHTNING_DIR"/plugings/ + cd "$LIGHTNING_DIR"/plugings/c-lightning-http-plugin/ + cargo build --release + chmod a+x /home/you/.lightning/plugins/c-lightning-http-plugin/target/release/c-lightning-http-plugin + if [[ -z "$HTTP_PASS" ]]; then + while [[ -z "$HTTP_PASS" ]]; do + read -rp "Provide a strong password for https-plugin" HTTP_PASS + done + fi + + # add config options + echo " +plugin=/home/standup/.lightning/plugins/c-lightning-http-plugin/target/release/c-lightning-http-plugin +http-pass=$HTTP_PASS +https-port=1312 +" >> "$LIGHTNING_DIR"/config + + # create HS for plugin + sed -i -e 's/HiddenServicePort 1234 127.0.0.1:9735/HiddenServicePort 1234 127.0.0.1:9735\ +HiddenServiceDir \/var\/lib\/tor\/standup\/lightningd-http-plugin_v3\/\ +HiddenServiceVersion 3\ +HiddenServicePort 1312 127.0.0.1:1312/g' /etc/tor/torrc +fi + echo " $MESSAGE_PREFIX Setting up c-lightning as a systemd service. " diff --git a/Scripts/scripts-conf/ss_06_lnd.sh b/Scripts/scripts/ss_06_lnd.sh similarity index 96% rename from Scripts/scripts-conf/ss_06_lnd.sh rename to Scripts/scripts/ss_06_lnd.sh index 4c0cd48..cc0ae94 100644 --- a/Scripts/scripts-conf/ss_06_lnd.sh +++ b/Scripts/scripts/ss_06_lnd.sh @@ -56,18 +56,18 @@ $MESSAGE_PREFIX Go not installed, cannot install lnd fi # build lnd -LND_LATEST_TAG="v0.9.2-beta" +LND_VERSION="v0.11.0-beta.rc4" echo " $MESSAGE_PREFIX getting lnd... depending on your network it can take more than an hour. With good network it usually takes about 5-10 mins. " go get -d github.com/lightningnetwork/lnd -git checkout $LND_LATEST_TAG +git checkout $LND_VERSION cd "$GOPATH"/src/github.com/lightningnetwork/lnd make make install # installs to /home/standup/gocode/bin which is $GOPATH/bin # go back to script directory -cd - +cd "$SCRIPTS_DIR" sudo cp $GOPATH/bin/lnd $GOPATH/bin/lncli /usr/bin @@ -105,6 +105,7 @@ debuglevel=debug [Bitcoin] bitcoin.active=1 bitcoin.node=bitcoind +bitcoin.dir=$BTC_DATA_DIR $BTC_NETWORK #[Bitcoind] @@ -127,6 +128,8 @@ ln -s /var/lib/lnd ~standup/.lnd # add tor configuration to torrc sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +HiddenServiceDir \/var\/lib\/tor\/standup\/lnd\/\ +HiddenServiceVersion 3\ HiddenServicePort 1234 127.0.0.1:9735/g' /etc/tor/torrc # create systemd service diff --git a/Scripts/scripts/ss_07_esplora.sh b/Scripts/scripts/ss_07_esplora.sh new file mode 100644 index 0000000..8fe8459 --- /dev/null +++ b/Scripts/scripts/ss_07_esplora.sh @@ -0,0 +1,219 @@ +#!/bin/bash + +# standup - esplora + +echo " +---------------- + $MESSAGE_PREFIX Installing Esplora +---------------- +" +ELECTRS_REPO="/home/standup/electrs" +ESPLORA_REPO="/home/standup/esplora" + +# install rust +cd ~standup +sudo -u standup curl https://sh.rustup.rs -sSf | sudo -u standup sh -s -- -y + +# install blockstream/electrs +apt install clang cmake -y # required for building rust-rocksdb +sudo -u standup git clone https://github.com/blockstream/electrs "$ELECTRS_REPO" +cd "$ELECTRS_REPO" +git checkout new-index + +# create electrs config +cat >> electrs.toml << EOF +verbose=3 +cors="$CORS":5000 +electrum_rpc_addr=127.0.0.1:50001 + +db_dir="$ELECTRS_DB" + +cookie="$RPCUSER:$RPCPASSWORD" +EOF + +# set config options +if "$LIGHTMODE" && "$LIMIT_BATCH_SIZE"; then + echo " + lightmode=true + index_batch_size=10" >> ~standup/electrs/electrs.toml + ELECTRS_SETUP="lightmode and limiting index batch size to 10." +elif "$LIGHTMODE" && ! "$LIMIT_BATCH_SIZE"; then + echo " + lightmode=true" >> ~standup/electrs/electrs.toml + ELECTRS_SETUP="lightmode." +elif ! "$LIGHTMODE" && "$LIMIT_BATCH_SIZE"; then + echo " + index_batch_size=10" >> ~standup/electrs/electrs.toml + ELECTRS_SETUP="fullmode and limiting batch size index to 10." +else + ELECTRS_SETUP="full mode." +fi + +ELECTRS_CMD="/home/standup/.cargo/bin/cargo run --release --bin electrs --" + +# set systemd service +sudo cat > /etc/systemd/system/electrs.service << EOF +# It is not recommended to modify this file in-place, because it will +# be overwritten during package upgrades. If you want to add further +# options or overwrite existing ones then use +# $ systemctl edit electrs.service +# See "man systemd.service" for details. + +[Unit] +Description=Electrs +Requires=bitcoind.service +After=bitcoind.service + +[Service] +WorkingDirectory=/home/standup/electrs +ExecStart=$ELECTRS_CMD + +# Process management +#################### +Type=simple +PIDFile=/run/electrs/electrs.pid +TimeoutSec=60 +Restart=on-failure +RestartSec=60 +KillMode=process + +# Directory creation and permissions +#################################### +# Run as standup:standup +User=standup +Group=standup +# /run/electrs +RuntimeDirectory=electrs +RuntimeDirectoryMode=0710 + +# Hardening measures +#################### +# Provide a private /tmp and /var/tmp. +PrivateTmp=true +# Mount /usr, /boot/ and /etc read-only for the process. +ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). +NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. +PrivateDevices=true +# Deny the creation of writable and executable memory mappings. +MemoryDenyWriteExecute=true + +[Install] +WantedBy=multi-user.target +EOF + + +# enable electrs service +systemctl restart tor +sleep 4 +systemctl enable electrs.service +systemctl start electrs.service + +# install node +echo " +$MESSAGE_PREFIX installing nodejs +" +apt-get install curl software-properties-common -y +curl -sL https://deb.nodesource.com/setup_14.x | sudo bash - +apt-get install nodejs -y + +# get esplora & set electrs api url +sudo -u standup git clone https://github.com/Blockstream/esplora "$ESPLORA_REPO" +cd "$ESPLORA_REPO" +echo " +$MESSAGE_PREFIX running npm install +" +sudo -u standup npm install +# echo " +# $MESSAGE_PREFIX running install npx +# " +# sudo -u standup npm install npx +echo " +$MESSAGE_PREFIX running npm audit fix +" +sudo -u standup npm audit fix +# echo " +# $MESSAGE_PREFIX running npx browserslist --update-db +# " +# sudo -u standup npx browserslist --update-db +export API_URL=http://localhost:3000/ +export SITE_TITLE="Standup Block Explorer" +export SITE_DESC="Standup Block Explorer" + +# setup HiddenService +sed -i -e 's/HiddenServicePort 1309 127.0.0.1:8332/HiddenServicePort 1309 127.0.0.1:8332\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/esplora\/\ +HiddenServiceVersion 3\ +HiddenServicePort 80 127.0.0.1:5000/g' /etc/tor/torrc + +sed -i -e 's/HiddenServicePort 80 127.0.0.1:5000/HiddenServicePort 80 127.0.0.1:5000\ +\ +HiddenServiceDir \/var\/lib\/tor\/standup\/esplora_noscript\/\ +HiddenServiceVersion 3\ +HiddenServicePort 80 127.0.0.1:5001/g' /etc/tor/torrc + + +# restart tor +systemctl restart tor +sleep 4 + +ESPLORA_HS="$(cat /var/lib/tor/standup/esplora/hostname)" +ESPLORA_NS_HS="$(cat /var/lib/tor/standup/esplora_noscript/hostname)" + +cat >> ~standup/scripts/ss_start-esplora.sh << EOF +#!/bin/bash + +cd $ESPLORA_REPO +echo " +Esplora server is starting and will be available at: http://$CORS:5000 +Esplora onion address is: +****************************************************************** +$ESPLORA_HS +****************************************************************** +" +npm run dist +EOF + +chmod +x ~standup/scripts/ss_start-esplora.sh + +cat >> ~standup/scripts/ss_start-esplora_noscript.sh << EOF +#!/bin/bash + + +cd $ESPLORA_REPO +export STATIC_ROOT="http://localhost:5000/" # for loading CSS, images and fonts +export NOSCRIPT_REDIR="http://localhost:5001/" +export NOSCRIPT_REDIR_BASE="http://localhost:5001/" + +echo " +Prerendered server is starting & will be available at: http://localhost:5001/ +Onion address for prerendered server is: +****************************************************************** +$ESPLORA_NS_HS +****************************************************************** +" +npm run prerender-server +EOF + +chmod +x ~standup/scripts/ss_start-esplora_noscript.sh + +echo " +---------------------------------------------------------------- +$MESSAGE_PREFIX Esplora has been setup with Electrs in $ELECTRS_SETUP +---------------------------------------------------------------- + +* Electrs is: $(systemctl status electrs | grep active | awk '{print $2}') + +* To start Esplora, run 'ss_start-esplora.sh' located at '/home/standup/scripts' directory. + +* If you want to run server with pre-rendered assets for NoScript compatibility then run 'ss_start-esplora_noscript.sh'. + +For further information checkout documentation: + +Electrs: https://github.com/Blockstream/electrs +Esplora: https://github.com/Blockstream/esplora +" diff --git a/Scripts/scripts-conf/ss_07_btcpayserver.sh b/Scripts/scripts/ss_08_btcpayserver.sh similarity index 79% rename from Scripts/scripts-conf/ss_07_btcpayserver.sh rename to Scripts/scripts/ss_08_btcpayserver.sh index 38f374e..119b794 100644 --- a/Scripts/scripts-conf/ss_07_btcpayserver.sh +++ b/Scripts/scripts/ss_08_btcpayserver.sh @@ -24,9 +24,9 @@ fi # install dependencies # .NET Core SDK 3.1 -echo " -$MESSAGE_PREFIX installing .NET Core SDK 3.1 .. this will take a while! -" +# echo " +# $MESSAGE_PREFIX installing .NET Core SDK 3.1 .. this will take a while! +# " sudo -u standup wget -q https://packages.microsoft.com/config/ubuntu/18.04/packages-microsoft-prod.deb -O ~standup/packages-microsoft-prod.deb dpkg -i ~standup/packages-microsoft-prod.deb apt-get update @@ -39,15 +39,16 @@ export DOTNET_CLI_TELEMETRY_OPTOUT=1 echo " $MESSAGE_PREFIX getting btcpayserver-docker " -sudo -u standup git clone https://github.com/btcpayserver/btcpayserver-docker ~standup/downloads/btcpayserver-docker -cd ~standup/downloads/btcpayserver-docker +sudo -u standup mkdir btcpayserver +sudo -u standup git clone https://github.com/btcpayserver/btcpayserver-docker ~standup/btcpayserver/btcpayserver-docker +cd ~standup/btcpayserver/btcpayserver-docker # set env variables -export BTCPAY_HOST=$BTCPAY_HOST -export NBITCOIN_NETWORK=$NETWORK +export BTCPAY_HOST="$BTCPAY_HOST" +export NBITCOIN_NETWORK="$NETWORK" export BTCPAYGEN_CRYPTO1="btc" export BTCPAYGEN_REVERSEPROXY="nginx" -export BTCPAYGEN_LIGHTNING=$BTCPAY_LN +export BTCPAYGEN_LIGHTNING="$BTCPAY_LN" export BTCPAY_ENABLE_SSH=true # install @@ -61,6 +62,9 @@ echo " $MESSAGE_PREFIX shutting down btcpayserver to link existing bitcoin data dir " . ./btcpay-down.sh +# # stop bitcoind +# systemctl stop bitcoind +# sleep 10 # delete _data & create symbolic link to host's bitcoin data echo " @@ -70,23 +74,27 @@ rm -r /var/lib/docker/volumes/generated_bitcoin_datadir/_data echo " $MESSAGE_PREFIX creating symlink between host bitcoind data dir and btcpayserver bitcoin data dir " -ln -s /home/standup/.bitcoin /var/lib/docker/volumes/generated_bitcoin_datadir/_data +ln -s $FULL_BTC_DATA_DIR /var/lib/docker/volumes/generated_bitcoin_datadir/_data # start btcpay server echo " -$MESSAGE_PREFIX starting btcpayserver +$MESSAGE_PREFIX starting bitcoind & BTCPayserver " +# systemctl start bitcoind +# sleep 30 . ./btcpay-up.sh BTCPAY_ONION_ADD=$(sudo cat /var/lib/docker/volumes/generated_tor_servicesdir/_data/BTCPayServer/hostname) echo " -************************************************************************** Your BTCPay Server Tor address is: +****************************************************************** $BTCPAY_ONION_ADD -************************************************************************** +****************************************************************** " echo " For further information on btcpay server, go to: Docs: https://docs.btcpayserver.org Chat: https://chat.btcpayserver.org -" \ No newline at end of file +" +# back to scripts dir +cd "$SCRIPTS_DIR" From bacc8a2f75e925d3f98876a575a14ce7db986669 Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 28 Sep 2020 16:14:45 +0200 Subject: [PATCH 13/16] rm duplicate user_ssh --- Scripts/scripts/ss_03_user_ssh copy.sh | 57 -------------------------- 1 file changed, 57 deletions(-) delete mode 100644 Scripts/scripts/ss_03_user_ssh copy.sh diff --git a/Scripts/scripts/ss_03_user_ssh copy.sh b/Scripts/scripts/ss_03_user_ssh copy.sh deleted file mode 100644 index cbdbdbe..0000000 --- a/Scripts/scripts/ss_03_user_ssh copy.sh +++ /dev/null @@ -1,57 +0,0 @@ -#!/bin/bash - -# standup script - setup user and ssh access - -if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ]; then - echo " ----------------- - $MESSAGE_PREFIX Creating user standup ----------------- - " - # Create "standup" group & user with optional password and give them sudo capability - /usr/sbin/groupadd standup - /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup - /usr/sbin/adduser standup sudo - /usr/sbin/adduser standup standup - - # make scripts directory for useful scripts - mkdir /home/standup/scripts - chown standup /home/standup/scripts - echo " -$MESSAGE_PREFIX User standup created with sudo access. - " -else - echo " - ---------------- - $MESSAGE_PREFIX User standup already exists. - ----------------" -fi - -# Setup SSH Key if the user added one as an argument -if [ -n "$SSH_KEY" ] && [[ "$SSH_KEY" != "__UNDEFINED__" ]]; then - mkdir ~standup/.ssh - echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys - chown -R standup ~standup/.ssh - echo " ----------------- -$MESSAGE_PREFIX Added .ssh key to standup. ----------------- - " -fi - -# Setup SSH allowed IP's if the user added any as an argument -if [ -n "$SYS_SSH_IP" ] && [[ "$SYS_SSH_IP" != "__UNDEFINED__" ]]; then - echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow - echo "sshd: ALL" >> /etc/hosts.deny - echo " ----------------- -$MESSAGE_PREFIX Limited SSH access. ----------------- - " -else - echo " - **************** - $MESSAGE_PREFIX WARNING: Your SSH access is not limited; this is a major security hole! - **************** - " -fi \ No newline at end of file From 8eb8b68314bee14a7be25c59c00fc0d0e9078c44 Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 28 Sep 2020 16:17:29 +0200 Subject: [PATCH 14/16] rm ss.sh --- Scripts/ss.sh | 1094 ------------------------------------------------- 1 file changed, 1094 deletions(-) delete mode 100644 Scripts/ss.sh diff --git a/Scripts/ss.sh b/Scripts/ss.sh deleted file mode 100644 index 6b1b82e..0000000 --- a/Scripts/ss.sh +++ /dev/null @@ -1,1094 +0,0 @@ -#!/bin/bash - -# standup.sh - -set +x - -# If script not sourced, stop here -if [[ "$0" = "$BASH_SOURCE" ]]; then - echo "This script must be sourced like so: \"source standup.sh\"" - return 1 -fi - -# define help -function help () { -cat <<-END --------------------------------------- -Install StandUp Script on this server. --------------------------------------- - -standup.sh - -Blockchain Commons Standup Script -Contributor: jodobear 20-07-03 - -DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, -ideally you should use this as a watch-only wallet. This script is expiramental -and has not been widely tested. The creators are not responsible for loss of -funds. If you are not familiar with running a node or how Bitcoin works then we -urge you to use this in testnet so that you can use it as a learning tool. - -TL;DR: ------- - -1. Using cli arguments: ------------------------ -$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip - -This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. - -2. Exporting environment variables: ------------------------------------ -$ export NOPROMPT=true -$ export USERPASSOWRD=password -$ export NETWORK=testnet -$ export LIGHTNING=lnd -$ source ./ss.sh - -This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. - - - -This script can be installed on any Debian based system. By default this script will: - -* Update the OS -* Set Automatic Updates On -* Create User: standup -* Install UFW -* Install Tor -* Install Bitcoin Core -* Install HWI -* Install c-lightning -* Setup Bitcoin Core, Lightning settings -* Make sure they start at reboot via systemd -* Start Bitcoin Core, Lightning - -Optionally you can install: ---------------------------- -* Install LND instead of c-lightning -* Install Esplora -* Install BTCPay - -You can run this script again if you desire to change your configuration. - -Upon completion of the script there will be a QR code saved to /qrcode.png which -you can open and scan. You can use "$ sudo apt-get install fim" then: -"$ fim -a qrcode.png" to display the QR in a terminal (as root). - -It is highly recommended to add a Tor V3 pubkey for cookie authentication so that -even if your QR code is compromised an attacker would not be able to access your -node. It is also recommended to delete the /qrcode.png, /standup.log, and -/standup.err files. - - -------------------------------------- -| Usage | - -------------------------------------- - -0. Prerequisites ----------------- - -In order to run this script you need to be logged in as root, and enter in the commands listed below: - -- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. -- Data fields enclosed in <> are to be filled by you with appropriate values. - -1. Give the root user a password, enter the following command and set a password: -$ sudo passwd - -2. Switch to the root user: -$ su - root - -3. Source the script: -# source standup.sh - -NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: -#export = - -You can use the following optional arguments: - - -h --help : Display this help. - -y : Install without prompting for confirming the setup - - Setup: - ------ - # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. - # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. - -v --vps : Pass when installing on a VPS. - --userpassword : Password for the standup non-privileged account. - - VPS: - ---- - -F --fqdn : Fully Qualified Hostname - -H --hostname : Hostname of your server - -R --region : Server's timezone location - - Bitcoin: - -------- - -f --fastsync : Enables fast synchronization of blockchain*. - -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". - --no-hwi : Do NOT install HWI. - -p --prune : Install a prune node; integer value > 550. - - Lightning: - ---------- - -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". - - Services: - --------- - --btcpay : Installs BTCPay Server. - --esplora : Installs Esplora. - - Tor: - ---- - -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" - - SSH: - ---- - --ssh-key : key for automated SSH logins to standup non-privileged account. - --sys-ssh-ip : Comma separated list of IPs that can use SSH. - -*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. - -2. Environment Variables: -------------------------- - - # system - -------- - NOPROMPT=true/false, set it to install the setup without prompting for confirmation. - # START=true/false, start bitcoind & lightning after installation. Default: true. - # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. - # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. - VPS=true/false, set it to true if setting up on a VPS. Default: false. - USERPASSWORD="", set password for user standup. Default: empty. - - #vps - ---- - FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com - HOSTNAME="", enter your hostname. Example: my-awesome-node. - REGION="", enter your server's timezone location. Example Asia/Singapore. - - # bitcoind - ---------- - NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". - PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). - FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. - HWI=true/false, Choose to install HWI. Default: true. - - # lightning - ----------- - LIGHTNING="c-lightning"/"lnd", choose lightning network implementation. Default: "c-lightning". - - # services - ---------- - ESPLORA=true/false, Choose to install Esplora. Default: false. - BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. - # Tor - TOR_PUBKEY="" Tor Public Key. Default: empty. - - # ssh - SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. - SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. - ----------------- - -END -} - -#### -# Environment Variables -#### - -# system -NOPROMPT=false -# STARTUP_REGISTER=true -# SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor -TOR_PUBKEY="" - -# ssh -SSH_KEY="" -SYS_SSH_IP="" - - -#### -# 0. Force check for root -#### - -# if you are not logged in as root then the script will not execute -echo " -----------------" -echo "$0 - Checking if logged in as root." -echo "----------------" -if ! [ "$(id -u)" = 0 ] -then - echo "$0 - You need to be logged in as root!" - return 2 -fi - -echo "$0 - Logged in as root. Continuing with installation." -echo "---------------- -" -# Output stdout and stderr to ~root files -exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) - - -#### -# Parsing Arguments -#### -PARAMS="" - -while (( "$#" )) -do -key="$1" - case $key in - -h|--help) - help - return 3 - ;; - -y) - NOPROMPT=true - shift 1 - ;; - # --no-startup-register) - # STARTUP_REGISTER=false - # shift 1 - # ;; - # --no-systemd-reload) - # SYSTEMD_RELOAD=false - # shift 1 - # ;; - --vps) - VPS=true - shift 1 - ;; - --userpassword) - USERPASSWORD="$2" - shift 1 - shift 1 - ;; - -F|--fqdn) - FQDN="$2" - shift 1 - shift 1 - ;; - -H|--hostname) - HOSTNAME=$2 - shift 1 - shift 1 - ;; - -R|--region) - REGION=$2 - shift 1 - shift 1 - ;; - -n|--network) - if [ "${2:0:1}" == "-" ] - then - echo "Network flag passed without value. Installing default network: mainnet." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] - then - NETWORK="$2" - else - echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" - return 4 - fi - shift 1 - shift 1 - ;; - -p|--prune) - if [ "${2:0:1}" == "-" ] - then - echo "Prune flag passed without value. Installing default: unpruned node." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] - then - PRUNE="$2" - else - echo "ERROR: Minimum prune value is 550. Passed $2" - return 5 - fi - shift 1 - shift 1 - ;; - --fastsync) - FASTSYNC=true - shift 1 - ;; - --no-hwi) - HWI=false - shift 1 - ;; - -l|--lightning) - if [ "${2:0:1}" == "-" ] - then - echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" - shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] - then - LIGHTNING="$2" - else - echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" - return 6 - fi - shift 1 - shift 1 - ;; - --esplora) - ESPLORA=true - shift 1 - ;; - --btcpay) - BTCPAYSERVER=true - shift 1 - ;; - -t|--tor-pubkey) - TOR_PUBKEY="$2" - shift 1 - shift 1 - ;; - --ssh-key) - SSH_KEY="$2" - shift 1 - shift 1 - ;; - --sys-ssh-ip) - SYS_SSH_IP="$2" - shift 1 - shift 1 - ;; - --) # end argument parsing - shift 1 - break - ;; - -*|--*=) # unsupported flags - echo "Error: Unsupported flag $1" >&2 - help - return 7 - ;; - *) # preserve positional arguments - PARAMS="$PARAMS $1" - shift 1 - ;; - esac -done -set -- "$PARAMS" # set positional parameters in order - -echo " ----------SETUP--------- -Parameters Passed: - -System ------- -NOPROMPT..........: $NOPROMPT -STARTUP_REGISTER..: $STARTUP_REGISTER -SYSTEMD_RELOAD....: $SYSTEMD_RELOAD -VPS...............: $VPS -USERPASSWORD......: $USERPASSWORD - -VPS ---- -FQDN......: $FQDN -HOSTNAME..: $HOSTNAME -REGION....: $REGION - -Bitcoin: --------- -NETWORK...: $NETWORK -PRUNE.....: $PRUNE -FASTSYNC..: $FASTSYNC -HWI.......: $HWI - -Lightning: ----------- -LIGHTNING..: $LIGHTNING - -Services: ---------- -ESPLORA.......: $ESPLORA -BTCPAYSERVER..: $BTCPAYSERVER - -Tor & SSH: ----------- -TOR_PUBKEY..: $TOR_PUBKEY -SSH_KEY.....: $SSH_KEY -SYS_SSH_IP..: $SYS_SSH_IP -" - -# source /home/vagrant/ss.sh -p 1000 -n testnet --no-hwi - -# Check for FQDN & HOSTNAME if --vps -if "$VPS" && [[ -z "$HOSTNAME" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn" - while [ -z "$HOSTNAME" ] - do - read -rp "You need to enter hostname of the server: " HOSTNAME - done -fi - -if "$VPS" && [[ -z "$FQDN" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn." - while [ -z "$FQDN" ] - do - read -rp "You need to enter the fqdn of the server: " FQDN - done -fi - -if "$VPS" && [[ -z "$REGION" ]] -then - echo "You provided the '--vps' flag but didn't provide --region." - while [ -z "$REGION" ] - do - read -rp "You need to enter the region of the server to set the timezone: " REGION - done -fi - -# prompt user before continuing with installation -if ! "$NOPROMPT" -then - read -rp "Continue with installation? (Y/n): " confirm -fi - -if [[ "$confirm" != [yY] ]] -then - echo "Entered $confirm. Exiting.." - return 8 -else - NOPROMPT=true - echo "Installing Bitcoin!" -fi - - -#### -# 1. Update Hostname and set timezone -#### - -IPADDR="" -REGION="" - -if "$VPS" -then - - echo " -----------------" - echo "HOSTNAME: $HOSTNAME" > /etc/hostname - echo "----------------" - /bin/hostname "$HOSTNAME" - - # Set the variable $IPADDR to the IP address the new Linode receives. - IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') - - echo "$0 - Set hostname as $FQDN ($IPADDR)" - echo " - ***********************" - echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." - echo " *********************** - " - echo "$0 - Set Time Zone to $REGION" - echo $REGION > /etc/timezone - cp /usr/share/zoneinfo/${REGION} /etc/localtime - - echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." - # Add localhost aliases - - echo "127.0.0.1 localhost" > /etc/hosts - echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts - - echo "$0 - Set localhost" -fi - - - -#### -# 2. Update Debian, Set autoupdate and Install UFW -#### - -echo " ----------------- -" -echo "$0 - Starting Debian updates; this will take a while!" -echo " ----------------- -" - -# Make sure all packages are up-to-date -apt-get update -apt-get upgrade -y -apt-get dist-upgrade -y - -# Install haveged (a random number generator) - -if [ -z "$(which haveged)" ] -then - echo " ----------------- - " - echo "$0 - Installing haveged (a random number generator)" - echo " ----------------- - " - apt-get install haveged -y -echo " -----------------$0 - haveged installed successfully -" -else - echo " - ----------------$0 - haveged already installed" -fi - -# Set system to automatically update -echo " ----------------- -" -echo "$0 - setting system to automatically update" -echo " ----------------- -" -echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections -apt-get -y install unattended-upgrades -echo " -----------------$0 - Debian Packages updated -" -# Get uncomplicated firewall and deny all incoming connections except SSH -if [ -z "$(which ufw)" ] -then - echo " ----------------- - " - echo "$0 - Installing ufw" - echo " ----------------- - " - apt-get install ufw -fi - -ufw allow ssh -ufw --force enable - -echo " -----------------$0 - ufw is installed and enabled. -" - -# Get GPG if not installed to verify signatures - -if [ -z "$(which gpg)" ] -then - echo " ----------------- - " - echo "$0 - Installing gnupg2" - echo " ----------------- - " - apt-get install gnupg2 -y - echo " -----------------$0 - Gnupg2 not found and installed - " -fi - -#### -# 3. Create user admin -#### - -if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] -then - echo " ----------------- - " - echo "Creating user standup" - echo " ----------------- - " - # Create "standup" user with optional password and give them sudo capability - /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup - /usr/sbin/adduser standup sudo - - echo " ----------------- - " - echo "$0 - User standup created with sudo access." - echo " ----------------- - " -else - echo "----------------" - echo "User standup already exists." - echo "----------------" -fi - -# Setup SSH Key if the user added one as an argument -if [ -n "$SSH_KEY" ] -then - mkdir ~standup/.ssh - echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys - chown -R standup ~standup/.ssh - echo " ----------------- - " - echo "$0 - Added .ssh key to standup." - echo " ----------------- - " -fi - -# Setup SSH allowed IP's if the user added any as an argument -if [ -n "$SYS_SSH_IP" ] -then - echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow - echo "sshd: ALL" >> /etc/hosts.deny - echo " ----------------- - " - echo "$0 - Limited SSH access." - echo " ----------------- - " -else - echo " - **************** - " - echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" - echo " - **************** - " -fi - - -#### -# 4. Install latest stable tor -#### - -# Download tor -echo " ----------------- -" -echo "Installing Tor" -echo " ----------------- -" -# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: -if [ -z "$(which apt-transport-https)" ] -then - apt-get install apt-transport-https -y - echo " - --------------apt-transport-https installed - " -fi - -# To download bitcoin using onion site, we need torsocks -if [ -z "$(which torsocks)" ] -then - apt-get install torsocks -y - echo " - --------------torsocks installed - " -fi - -# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: -DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') - -# You need to add the following entries to /etc/apt/sources.list: -cat >> /etc/apt/sources.list << EOF -deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -EOF - -# Then add the gpg key used to sign the packages by running: -# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 -sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import -sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - - -# Update system, install and run tor as a service -sudo apt update -sudo apt install tor deb.torproject.org-keyring -y - -# Setup hidden service -sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc -sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc -sed -i -e 's/## address y:z./## address y:z.\ -\ -HiddenServiceDir \/var\/lib\/tor\/standup\/\ -HiddenServiceVersion 3\ -HiddenServicePort 1309 127.0.0.1:18332\ -HiddenServicePort 1309 127.0.0.1:18443\ -HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc -mkdir /var/lib/tor/standup -chown -R debian-tor:debian-tor /var/lib/tor/standup -chmod 700 /var/lib/tor/standup - -# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind -sudo usermod -a -G debian-tor standup - -# Restart tor to create the HiddenServiceDir -sudo systemctl restart tor.service - - -if [ "$(systemctl is-active tor) | grep active" ] -then -echo " ---------------$0 - Tor installed and successfully started -" -fi - -# add V3 authorized_clients public key if one exists -if ! [ "$TOR_PUBKEY" == "" ] -then - # create the directory manually incase tor.service did not restart quickly enough - mkdir /var/lib/tor/standup/authorized_clients - - # need to assign the owner - chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients - - # Create the file for the pubkey - touch /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Write the pubkey to the file - echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Restart tor for authentication to take effect - sudo systemctl restart tor.service - - echo " - ---------$0 - Successfully added Tor V3 authentication - " - -else - echo " - ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet - " -fi - - -# sleep 4 seconds -sleep 4 - - -#### -# 5. Install Bitcoin -#### - -echo " -----------------" -echo "Installing Bitcoin" -echo "---------------- -" -# Download Bitcoin - -# CURRENT BITCOIN RELEASE: -# Change as necessary -export BITCOIN="bitcoin-core-0.20.0" -export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` - -# # get bitcoin tar.gz, shasums and signing keys -# clearnet -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc - -# tor -# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz - -if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] -then - echo " - ----------- - Downloading $BITCOIN, this will take a while! ------------ -" -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -fi - -# get shasums: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/SHA256SUMS.asc - -if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ - " - echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN -# " -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -else - return 100 -fi - -if [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" -fi - -if ! [[ -f ~standup/laanwj-releases.asc ]] -then - echo "-----$0 - downloading laanwj-release signature" -sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc -fi - -# 404 -# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc - -# Verifying Bitcoin: Signature -echo " ------------------ -$0 - Verifying Bitcoin. ------------------ -" - -sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc -export SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo " ----------SHASIG is $SHASIG -" - -if [[ $SHASIG ]] -then - echo " - ------$0 - VERIFICATION SUCCESS / SIG: $SHASIG - " -else - (>&2 echo " - ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! - ") - # return 101 -fi - -# Verify Bitcoin: SHA -export TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` -export EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` - -if [ "$TARSHA256" == "$EXPECTEDSHA256" ] -then - echo " - ------$0 - VERIFICATION SUCCESS / SHA: $TARSHA256 - " -else - (>&2 echo " - -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! - ") - # return 102 -fi - -# Install Bitcoin -echo "--------------" -echo " -$0 - Installing Bitcoin. -" -echo "-------------- -" - -sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup -/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* -/bin/rm -rf ~standup/$BITCOINPLAIN/ - -# Start Up Bitcoin -echo " -------$0 - Configuring Bitcoin. -" - -sudo -u standup /bin/mkdir ~standup/.bitcoin - -# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable -# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune -RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -server=1 -prune=$PRUNE -rpcuser=StandUp -rpcpassword=$RPCPASSWORD -rpcallowip=127.0.0.1 -debug=tor -EOF - -if [ -z "$PRUNE" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - txindex=1 -EOF -fi - -if [ "$NETWORK" == "testnet" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - testnet=1 -EOF - -elif [ "$NETWORK" == "regtest" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - regtest=1 -EOF -fi - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -[test] -rpcbind=127.0.0.1 -rpcport=18332 -[main] -rpcbind=127.0.0.1 -rpcport=8332 -[regtest] -rpcbind=127.0.0.1 -rpcport=18443 -EOF - -/bin/chown standup ~standup/.bitcoin/bitcoin.conf -/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf - -# Setup bitcoind as a service that requires Tor -echo " --------$0 - Setting up Bitcoin as a systemd service. -" - -sudo cat > /etc/systemd/system/bitcoind.service << EOF -# It is not recommended to modify this file in-place, because it will -# be overwritten during package upgrades. If you want to add further -# options or overwrite existing ones then use -# $ systemctl edit bitcoind.service -# See "man systemd.service" for details. -# Note that almost all daemon options could be specified in -# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments -# in ExecStart= -[Unit] -Description=Bitcoin daemon -After=tor.service -Requires=tor.service -[Service] -ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf -# Process management -#################### -Type=simple -PIDFile=/run/bitcoind/bitcoind.pid -Restart=on-failure -# Directory creation and permissions -#################################### -# Run as bitcoin:bitcoin -User=standup -Group=sudo -# /run/bitcoind -RuntimeDirectory=bitcoind -RuntimeDirectoryMode=0710 -# Hardening measures -#################### -# Provide a private /tmp and /var/tmp. -PrivateTmp=true -# Mount /usr, /boot/ and /etc read-only for the process. -ProtectSystem=full -# Disallow the process and all of its children to gain -# new privileges through execve(). -NoNewPrivileges=true -# Use a new /dev namespace only populated with API pseudo devices -# such as /dev/null, /dev/zero and /dev/random. -PrivateDevices=true -# Deny the creation of writable and executable memory mappings. -MemoryDenyWriteExecute=true -[Install] -WantedBy=multi-user.target -EOF - -echo " --------$0 - Starting bitcoind service -" -sudo systemctl enable bitcoind.service -sudo systemctl start bitcoind.service - -#### -# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display -#### -if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] -then - # Get the Tor onion address for the QR code - HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) - - # Create the QR string - QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" - - # Display the uri text incase QR code does not work - echo "$0 - **************************************************************************************************************" - echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" - echo $QR - echo "$0 - **************************************************************************************************************" - echo " - $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor - " - echo " - $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service - " - echo " - $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service - " -else - echo " - ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. - " -fi - - - - -#### -# Lightning -#### - - - -#### -# RESETTING Environment Variables -#### - -# system -NOPROMPT=false -STARTUP_REGISTER=true -SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor -TOR_PUBKEY="" - -# ssh -SSH_KEY="" -SYS_SSH_IP="" - - -# Finished, exit script -exit 0 From d164d47d31db3a8c9f936e389a1233e50c0beabc Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 28 Sep 2020 16:18:07 +0200 Subject: [PATCH 15/16] rm ss.sh --- Scripts/ss.sh | 1094 ------------------------------------------------- 1 file changed, 1094 deletions(-) delete mode 100644 Scripts/ss.sh diff --git a/Scripts/ss.sh b/Scripts/ss.sh deleted file mode 100644 index 6b1b82e..0000000 --- a/Scripts/ss.sh +++ /dev/null @@ -1,1094 +0,0 @@ -#!/bin/bash - -# standup.sh - -set +x - -# If script not sourced, stop here -if [[ "$0" = "$BASH_SOURCE" ]]; then - echo "This script must be sourced like so: \"source standup.sh\"" - return 1 -fi - -# define help -function help () { -cat <<-END --------------------------------------- -Install StandUp Script on this server. --------------------------------------- - -standup.sh - -Blockchain Commons Standup Script -Contributor: jodobear 20-07-03 - -DISCLAIMER: It is not a good idea to store large amounts of Bitcoin on a VPS, -ideally you should use this as a watch-only wallet. This script is expiramental -and has not been widely tested. The creators are not responsible for loss of -funds. If you are not familiar with running a node or how Bitcoin works then we -urge you to use this in testnet so that you can use it as a learning tool. - -TL;DR: ------- - -1. Using cli arguments: ------------------------ -$ source ./ss.sh -y --userpassword -n testnet -p 10000 --no-hwi -l lnd --btcpay --esplora --tor-pubkey --ssh-key --sys-ssh-ip - -This will first create a new user "standup" and set the for that user. Then install Bitcoin Testnet pruned to 10000 Mb with no HWI, LND, BTCPAY Server, Esplora Server on the machine pre-authenticated with Tor so all communications are by default routed through Tor (even bitcoin core). It will add the passed SSH Key to authorized keys and add the comma separated list of IPs to the whitelist. It will set bitcoin to restart after a crash or reboot. - -2. Exporting environment variables: ------------------------------------ -$ export NOPROMPT=true -$ export USERPASSOWRD=password -$ export NETWORK=testnet -$ export LIGHTNING=lnd -$ source ./ss.sh - -This will first create a new user "standup" and set the for that user. Then install a full bitcoin node on testnet with lnd. - - - -This script can be installed on any Debian based system. By default this script will: - -* Update the OS -* Set Automatic Updates On -* Create User: standup -* Install UFW -* Install Tor -* Install Bitcoin Core -* Install HWI -* Install c-lightning -* Setup Bitcoin Core, Lightning settings -* Make sure they start at reboot via systemd -* Start Bitcoin Core, Lightning - -Optionally you can install: ---------------------------- -* Install LND instead of c-lightning -* Install Esplora -* Install BTCPay - -You can run this script again if you desire to change your configuration. - -Upon completion of the script there will be a QR code saved to /qrcode.png which -you can open and scan. You can use "$ sudo apt-get install fim" then: -"$ fim -a qrcode.png" to display the QR in a terminal (as root). - -It is highly recommended to add a Tor V3 pubkey for cookie authentication so that -even if your QR code is compromised an attacker would not be able to access your -node. It is also recommended to delete the /qrcode.png, /standup.log, and -/standup.err files. - - -------------------------------------- -| Usage | - -------------------------------------- - -0. Prerequisites ----------------- - -In order to run this script you need to be logged in as root, and enter in the commands listed below: - -- The $ or $ represents a terminal commmand prompt, do not actually type in a $ or #. -- Data fields enclosed in <> are to be filled by you with appropriate values. - -1. Give the root user a password, enter the following command and set a password: -$ sudo passwd - -2. Switch to the root user: -$ su - root - -3. Source the script: -# source standup.sh - -NOTE: Before sourcing the script you may want to set certain environment variables. Bleow you will find the list of environment variables. To set the variables do: -#export = - -You can use the following optional arguments: - - -h --help : Display this help. - -y : Install without prompting for confirming the setup - - Setup: - ------ - # --no-startup-register : Do not set Bitcoind & Lightning to start after reboot. - # --no-systemd-reload : Do not set Bitcoind & Lightning to start after crash. - -v --vps : Pass when installing on a VPS. - --userpassword : Password for the standup non-privileged account. - - VPS: - ---- - -F --fqdn : Fully Qualified Hostname - -H --hostname : Hostname of your server - -R --region : Server's timezone location - - Bitcoin: - -------- - -f --fastsync : Enables fast synchronization of blockchain*. - -n --network : Default bitcoin network; either "mainnet", "testnet" or "regtest". - --no-hwi : Do NOT install HWI. - -p --prune : Install a prune node; integer value > 550. - - Lightning: - ---------- - -l --lightning : Choose lightning implementation, either "c-lightning" or "lnd". - - Services: - --------- - --btcpay : Installs BTCPay Server. - --esplora : Installs Esplora. - - Tor: - ---- - -t --tor-pubkey : Automatically add the pubkey to the Tor authorized_clients directory, which means the user is Tor authenticated before the node is even installed. e.g. ./standup.sh --tor-pubkey "descriptor:x25519:NWJNEFU487H2BI3JFNKJENFKJWI3" - - SSH: - ---- - --ssh-key : key for automated SSH logins to standup non-privileged account. - --sys-ssh-ip : Comma separated list of IPs that can use SSH. - -*DISCLAIMER: It is always better to let your node validate blocks from the beginning. This script uses blockchain data signed by BTCPay Server. Trust at your own risk. - -2. Environment Variables: -------------------------- - - # system - -------- - NOPROMPT=true/false, set it to install the setup without prompting for confirmation. - # START=true/false, start bitcoind & lightning after installation. Default: true. - # STARTUP_REGISTER=true/false, Do not set Bitcoind & Lightning to start after reboot. Default: true. - # SYSTEMD_RELOAD=true/false, Do not set Bitcoind & Lightning to start after crash. Default: true. - VPS=true/false, set it to true if setting up on a VPS. Default: false. - USERPASSWORD="", set password for user standup. Default: empty. - - #vps - ---- - FQDN="", enter your fully qualified hostname. Example: my-awesome-node.my-awesome-domain.com - HOSTNAME="", enter your hostname. Example: my-awesome-node. - REGION="", enter your server's timezone location. Example Asia/Singapore. - - # bitcoind - ---------- - NETFORK="mainnet", "testnet" or "regtest", Bitcoin network to use. Default: "mainnet". - PRUNE="", Integer value to specify level of prune node. Minimum value is 550. Default: empty(0). - FASTSYNC=true/false, If you want to speed up the Initial Block Download then set it to true. Default: false. - HWI=true/false, Choose to install HWI. Default: true. - - # lightning - ----------- - LIGHTNING="c-lightning"/"lnd", choose lightning network implementation. Default: "c-lightning". - - # services - ---------- - ESPLORA=true/false, Choose to install Esplora. Default: false. - BTCPAYSERVER=true/false, Choose to install BTCPay Server. Default: false. - # Tor - TOR_PUBKEY="" Tor Public Key. Default: empty. - - # ssh - SSH_KEY="" key for automated SSH logins to standup non-privileged account. Default: empty. - SYS_SSH_IP="" comma separated list of IPs that can use SSH. Default: empty. - ----------------- - -END -} - -#### -# Environment Variables -#### - -# system -NOPROMPT=false -# STARTUP_REGISTER=true -# SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor -TOR_PUBKEY="" - -# ssh -SSH_KEY="" -SYS_SSH_IP="" - - -#### -# 0. Force check for root -#### - -# if you are not logged in as root then the script will not execute -echo " -----------------" -echo "$0 - Checking if logged in as root." -echo "----------------" -if ! [ "$(id -u)" = 0 ] -then - echo "$0 - You need to be logged in as root!" - return 2 -fi - -echo "$0 - Logged in as root. Continuing with installation." -echo "---------------- -" -# Output stdout and stderr to ~root files -exec > >(tee -a /root/standup.log) 2> >(tee -a /root/standup.log /root/standup.err >&2) - - -#### -# Parsing Arguments -#### -PARAMS="" - -while (( "$#" )) -do -key="$1" - case $key in - -h|--help) - help - return 3 - ;; - -y) - NOPROMPT=true - shift 1 - ;; - # --no-startup-register) - # STARTUP_REGISTER=false - # shift 1 - # ;; - # --no-systemd-reload) - # SYSTEMD_RELOAD=false - # shift 1 - # ;; - --vps) - VPS=true - shift 1 - ;; - --userpassword) - USERPASSWORD="$2" - shift 1 - shift 1 - ;; - -F|--fqdn) - FQDN="$2" - shift 1 - shift 1 - ;; - -H|--hostname) - HOSTNAME=$2 - shift 1 - shift 1 - ;; - -R|--region) - REGION=$2 - shift 1 - shift 1 - ;; - -n|--network) - if [ "${2:0:1}" == "-" ] - then - echo "Network flag passed without value. Installing default network: mainnet." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "mainnet" ]] || [[ "$2" == "testnet" ]] || [[ "$2" == "regtest" ]] - then - NETWORK="$2" - else - echo "ERROR: Network has to be either mainnet, testnet or regtest. Passed $2" - return 4 - fi - shift 1 - shift 1 - ;; - -p|--prune) - if [ "${2:0:1}" == "-" ] - then - echo "Prune flag passed without value. Installing default: unpruned node." - shift 1 - elif [[ -n "$2" ]] && [[ "$2" -ge 550 ]] - then - PRUNE="$2" - else - echo "ERROR: Minimum prune value is 550. Passed $2" - return 5 - fi - shift 1 - shift 1 - ;; - --fastsync) - FASTSYNC=true - shift 1 - ;; - --no-hwi) - HWI=false - shift 1 - ;; - -l|--lightning) - if [ "${2:0:1}" == "-" ] - then - echo "Lightning flag passed without specifying the implementation. Installing default implementation: c-lightning" - shift 1 - elif [[ -n "$2" ]] && [[ "$2" == "c-lightning" ]] || [[ "$2" == "lnd" ]] - then - LIGHTNING="$2" - else - echo "ERROR: Invalid lightning implementation. Pass c-lightning or lnd. Passed $2" - return 6 - fi - shift 1 - shift 1 - ;; - --esplora) - ESPLORA=true - shift 1 - ;; - --btcpay) - BTCPAYSERVER=true - shift 1 - ;; - -t|--tor-pubkey) - TOR_PUBKEY="$2" - shift 1 - shift 1 - ;; - --ssh-key) - SSH_KEY="$2" - shift 1 - shift 1 - ;; - --sys-ssh-ip) - SYS_SSH_IP="$2" - shift 1 - shift 1 - ;; - --) # end argument parsing - shift 1 - break - ;; - -*|--*=) # unsupported flags - echo "Error: Unsupported flag $1" >&2 - help - return 7 - ;; - *) # preserve positional arguments - PARAMS="$PARAMS $1" - shift 1 - ;; - esac -done -set -- "$PARAMS" # set positional parameters in order - -echo " ----------SETUP--------- -Parameters Passed: - -System ------- -NOPROMPT..........: $NOPROMPT -STARTUP_REGISTER..: $STARTUP_REGISTER -SYSTEMD_RELOAD....: $SYSTEMD_RELOAD -VPS...............: $VPS -USERPASSWORD......: $USERPASSWORD - -VPS ---- -FQDN......: $FQDN -HOSTNAME..: $HOSTNAME -REGION....: $REGION - -Bitcoin: --------- -NETWORK...: $NETWORK -PRUNE.....: $PRUNE -FASTSYNC..: $FASTSYNC -HWI.......: $HWI - -Lightning: ----------- -LIGHTNING..: $LIGHTNING - -Services: ---------- -ESPLORA.......: $ESPLORA -BTCPAYSERVER..: $BTCPAYSERVER - -Tor & SSH: ----------- -TOR_PUBKEY..: $TOR_PUBKEY -SSH_KEY.....: $SSH_KEY -SYS_SSH_IP..: $SYS_SSH_IP -" - -# source /home/vagrant/ss.sh -p 1000 -n testnet --no-hwi - -# Check for FQDN & HOSTNAME if --vps -if "$VPS" && [[ -z "$HOSTNAME" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn" - while [ -z "$HOSTNAME" ] - do - read -rp "You need to enter hostname of the server: " HOSTNAME - done -fi - -if "$VPS" && [[ -z "$FQDN" ]] -then - echo "You provided the '--vps' flag but didn't provide --fqdn." - while [ -z "$FQDN" ] - do - read -rp "You need to enter the fqdn of the server: " FQDN - done -fi - -if "$VPS" && [[ -z "$REGION" ]] -then - echo "You provided the '--vps' flag but didn't provide --region." - while [ -z "$REGION" ] - do - read -rp "You need to enter the region of the server to set the timezone: " REGION - done -fi - -# prompt user before continuing with installation -if ! "$NOPROMPT" -then - read -rp "Continue with installation? (Y/n): " confirm -fi - -if [[ "$confirm" != [yY] ]] -then - echo "Entered $confirm. Exiting.." - return 8 -else - NOPROMPT=true - echo "Installing Bitcoin!" -fi - - -#### -# 1. Update Hostname and set timezone -#### - -IPADDR="" -REGION="" - -if "$VPS" -then - - echo " -----------------" - echo "HOSTNAME: $HOSTNAME" > /etc/hostname - echo "----------------" - /bin/hostname "$HOSTNAME" - - # Set the variable $IPADDR to the IP address the new Linode receives. - IPADDR=$(/sbin/ifconfig eth0 | awk '/inet / { print $2 }' | sed 's/addr://') - - echo "$0 - Set hostname as $FQDN ($IPADDR)" - echo " - ***********************" - echo "$0 - TODO: Put $FQDN with IP $IPADDR in your main DNS file." - echo " *********************** - " - echo "$0 - Set Time Zone to $REGION" - echo $REGION > /etc/timezone - cp /usr/share/zoneinfo/${REGION} /etc/localtime - - echo "Hostname, IP address and timezon are set. Put $FQDN with IP $IPADDR in your main DNS file." - # Add localhost aliases - - echo "127.0.0.1 localhost" > /etc/hosts - echo "127.0.1.1 $FQDN $HOSTNAME" >> /etc/hosts - - echo "$0 - Set localhost" -fi - - - -#### -# 2. Update Debian, Set autoupdate and Install UFW -#### - -echo " ----------------- -" -echo "$0 - Starting Debian updates; this will take a while!" -echo " ----------------- -" - -# Make sure all packages are up-to-date -apt-get update -apt-get upgrade -y -apt-get dist-upgrade -y - -# Install haveged (a random number generator) - -if [ -z "$(which haveged)" ] -then - echo " ----------------- - " - echo "$0 - Installing haveged (a random number generator)" - echo " ----------------- - " - apt-get install haveged -y -echo " -----------------$0 - haveged installed successfully -" -else - echo " - ----------------$0 - haveged already installed" -fi - -# Set system to automatically update -echo " ----------------- -" -echo "$0 - setting system to automatically update" -echo " ----------------- -" -echo "unattended-upgrades unattended-upgrades/enable_auto_updates boolean true" | debconf-set-selections -apt-get -y install unattended-upgrades -echo " -----------------$0 - Debian Packages updated -" -# Get uncomplicated firewall and deny all incoming connections except SSH -if [ -z "$(which ufw)" ] -then - echo " ----------------- - " - echo "$0 - Installing ufw" - echo " ----------------- - " - apt-get install ufw -fi - -ufw allow ssh -ufw --force enable - -echo " -----------------$0 - ufw is installed and enabled. -" - -# Get GPG if not installed to verify signatures - -if [ -z "$(which gpg)" ] -then - echo " ----------------- - " - echo "$0 - Installing gnupg2" - echo " ----------------- - " - apt-get install gnupg2 -y - echo " -----------------$0 - Gnupg2 not found and installed - " -fi - -#### -# 3. Create user admin -#### - -if [ -z "$(cat /etc/shadow | grep standup)" ] && [ -z "$(groups standup)" ] -then - echo " ----------------- - " - echo "Creating user standup" - echo " ----------------- - " - # Create "standup" user with optional password and give them sudo capability - /usr/sbin/useradd -m -p `perl -e 'printf("%s\n",crypt($ARGV[0],"password"))' "$USERPASSWORD"` -g sudo -s /bin/bash standup - /usr/sbin/adduser standup sudo - - echo " ----------------- - " - echo "$0 - User standup created with sudo access." - echo " ----------------- - " -else - echo "----------------" - echo "User standup already exists." - echo "----------------" -fi - -# Setup SSH Key if the user added one as an argument -if [ -n "$SSH_KEY" ] -then - mkdir ~standup/.ssh - echo "$SSH_KEY" >> ~standup/.ssh/authorized_keys - chown -R standup ~standup/.ssh - echo " ----------------- - " - echo "$0 - Added .ssh key to standup." - echo " ----------------- - " -fi - -# Setup SSH allowed IP's if the user added any as an argument -if [ -n "$SYS_SSH_IP" ] -then - echo "sshd: $SYS_SSH_IP" >> /etc/hosts.allow - echo "sshd: ALL" >> /etc/hosts.deny - echo " ----------------- - " - echo "$0 - Limited SSH access." - echo " ----------------- - " -else - echo " - **************** - " - echo "$0 - WARNING: Your SSH access is not limited; this is a major security hole!" - echo " - **************** - " -fi - - -#### -# 4. Install latest stable tor -#### - -# Download tor -echo " ----------------- -" -echo "Installing Tor" -echo " ----------------- -" -# To use source lines with https:// in /etc/apt/sources.list the apt-transport-https package is required. Install it with: -if [ -z "$(which apt-transport-https)" ] -then - apt-get install apt-transport-https -y - echo " - --------------apt-transport-https installed - " -fi - -# To download bitcoin using onion site, we need torsocks -if [ -z "$(which torsocks)" ] -then - apt-get install torsocks -y - echo " - --------------torsocks installed - " -fi - -# We need to set up our package repository before you can fetch Tor. First, you need to figure out the name of your distribution: -DEBIAN_VERSION=$(lsb_release -c | awk '{ print $2 }') - -# You need to add the following entries to /etc/apt/sources.list: -cat >> /etc/apt/sources.list << EOF -deb https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -deb-src https://deb.torproject.org/torproject.org $DEBIAN_VERSION main -EOF - -# Then add the gpg key used to sign the packages by running: -# apt-key adv --recv-keys --keyserver keys.gnupg.net 74A941BA219EC810 -sudo wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import -sudo gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - - -# Update system, install and run tor as a service -sudo apt update -sudo apt install tor deb.torproject.org-keyring -y - -# Setup hidden service -sed -i -e 's/#ControlPort 9051/ControlPort 9051/g' /etc/tor/torrc -sed -i -e 's/#CookieAuthentication 1/CookieAuthentication 1/g' /etc/tor/torrc -sed -i -e 's/## address y:z./## address y:z.\ -\ -HiddenServiceDir \/var\/lib\/tor\/standup\/\ -HiddenServiceVersion 3\ -HiddenServicePort 1309 127.0.0.1:18332\ -HiddenServicePort 1309 127.0.0.1:18443\ -HiddenServicePort 1309 127.0.0.1:8332/g' /etc/tor/torrc -mkdir /var/lib/tor/standup -chown -R debian-tor:debian-tor /var/lib/tor/standup -chmod 700 /var/lib/tor/standup - -# Add standup to the tor group so that the tor authentication cookie can be read by bitcoind -sudo usermod -a -G debian-tor standup - -# Restart tor to create the HiddenServiceDir -sudo systemctl restart tor.service - - -if [ "$(systemctl is-active tor) | grep active" ] -then -echo " ---------------$0 - Tor installed and successfully started -" -fi - -# add V3 authorized_clients public key if one exists -if ! [ "$TOR_PUBKEY" == "" ] -then - # create the directory manually incase tor.service did not restart quickly enough - mkdir /var/lib/tor/standup/authorized_clients - - # need to assign the owner - chown -R debian-tor:debian-tor /var/lib/tor/standup/authorized_clients - - # Create the file for the pubkey - touch /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Write the pubkey to the file - echo "$TOR_PUBKEY" > /var/lib/tor/standup/authorized_clients/fullynoded.auth - - # Restart tor for authentication to take effect - sudo systemctl restart tor.service - - echo " - ---------$0 - Successfully added Tor V3 authentication - " - -else - echo " - ---------$0 - No Tor V3 authentication, anyone who gets access to your QR code can have full access to your node, ensure you do not store more then you are willing to lose and better yet use the node as a watch-only wallet - " -fi - - -# sleep 4 seconds -sleep 4 - - -#### -# 5. Install Bitcoin -#### - -echo " -----------------" -echo "Installing Bitcoin" -echo "---------------- -" -# Download Bitcoin - -# CURRENT BITCOIN RELEASE: -# Change as necessary -export BITCOIN="bitcoin-core-0.20.0" -export BITCOINPLAIN=`echo $BITCOIN | sed 's/bitcoin-core/bitcoin/'` - -# # get bitcoin tar.gz, shasums and signing keys -# clearnet -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -# sudo -u standup wget https://bitcoincore.org/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -# sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc - -# tor -# tar: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/bitcoin-0.20.0-x86_64-linux-gnu.tar.gz - -if ! [ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ] -then - echo " - ----------- - Downloading $BITCOIN, this will take a while! ------------ -" -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -O ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -fi - -# get shasums: http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/bitcoin-core-0.20.0/SHA256SUMS.asc - -if [[ -f ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz ]] && ! [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "--------------$0 - $BITCOINPLAIN-x86_64-linux-gnu.tar.gz exists at /home/standup/ - " - echo "----$0 - downloading SHA256SUMS.asc for $BITCOIN -# " -sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/bin/$BITCOIN/SHA256SUMS.asc -O ~standup/SHA256SUMS.asc -else - return 100 -fi - -if [[ -f ~standup/SHA256SUMS.asc ]] -then - echo "----------$0 - SHA256SSUMS.asc exists at /home/standup/" -fi - -if ! [[ -f ~standup/laanwj-releases.asc ]] -then - echo "-----$0 - downloading laanwj-release signature" -sudo -u standup wget https://bitcoin.org/laanwj-releases.asc -O ~standup/laanwj-releases.asc -fi - -# 404 -# sudo -u standup torsocks wget http://6hasakffvppilxgehrswmffqurlcjjjhd76jgvaqmsg6ul25s7t3rzyd.onion/laanwj-releases.asc -O ~standup/laanwj-releases.asc - -# Verifying Bitcoin: Signature -echo " ------------------ -$0 - Verifying Bitcoin. ------------------ -" - -sudo -u standup /usr/bin/gpg --no-tty --import ~standup/laanwj-releases.asc -export SHASIG=`sudo -u standup /usr/bin/gpg --no-tty --verify ~standup/SHA256SUMS.asc 2>&1 | grep "Good signature"` -echo " ----------SHASIG is $SHASIG -" - -if [[ $SHASIG ]] -then - echo " - ------$0 - VERIFICATION SUCCESS / SIG: $SHASIG - " -else - (>&2 echo " - ------------$0 - VERIFICATION ERROR: Signature for Bitcoin did not verify! - ") - # return 101 -fi - -# Verify Bitcoin: SHA -export TARSHA256=`/usr/bin/sha256sum ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` -export EXPECTEDSHA256=`cat ~standup/SHA256SUMS.asc | grep $BITCOINPLAIN-x86_64-linux-gnu.tar.gz | awk '{print $1}'` - -if [ "$TARSHA256" == "$EXPECTEDSHA256" ] -then - echo " - ------$0 - VERIFICATION SUCCESS / SHA: $TARSHA256 - " -else - (>&2 echo " - -----------$0 - VERIFICATION ERROR: SHA for Bitcoin did not match! - ") - # return 102 -fi - -# Install Bitcoin -echo "--------------" -echo " -$0 - Installing Bitcoin. -" -echo "-------------- -" - -sudo -u standup /bin/tar xzf ~standup/$BITCOINPLAIN-x86_64-linux-gnu.tar.gz -C ~standup -/usr/bin/install -m 0755 -o root -g root -t /usr/local/bin ~standup/$BITCOINPLAIN/bin/* -/bin/rm -rf ~standup/$BITCOINPLAIN/ - -# Start Up Bitcoin -echo " -------$0 - Configuring Bitcoin. -" - -sudo -u standup /bin/mkdir ~standup/.bitcoin - -# The only variation between Mainnet and Testnet is that Testnet has the "testnet=1" variable -# The only variation between Regular and Pruned is that Pruned has the "prune=550" variable, which is the smallest possible prune -RPCPASSWORD=$(xxd -l 16 -p /dev/urandom) - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -server=1 -prune=$PRUNE -rpcuser=StandUp -rpcpassword=$RPCPASSWORD -rpcallowip=127.0.0.1 -debug=tor -EOF - -if [ -z "$PRUNE" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - txindex=1 -EOF -fi - -if [ "$NETWORK" == "testnet" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - testnet=1 -EOF - -elif [ "$NETWORK" == "regtest" ] -then - cat >> ~standup/.bitcoin/bitcoin.conf << EOF - regtest=1 -EOF -fi - -cat >> ~standup/.bitcoin/bitcoin.conf << EOF -[test] -rpcbind=127.0.0.1 -rpcport=18332 -[main] -rpcbind=127.0.0.1 -rpcport=8332 -[regtest] -rpcbind=127.0.0.1 -rpcport=18443 -EOF - -/bin/chown standup ~standup/.bitcoin/bitcoin.conf -/bin/chmod 600 ~standup/.bitcoin/bitcoin.conf - -# Setup bitcoind as a service that requires Tor -echo " --------$0 - Setting up Bitcoin as a systemd service. -" - -sudo cat > /etc/systemd/system/bitcoind.service << EOF -# It is not recommended to modify this file in-place, because it will -# be overwritten during package upgrades. If you want to add further -# options or overwrite existing ones then use -# $ systemctl edit bitcoind.service -# See "man systemd.service" for details. -# Note that almost all daemon options could be specified in -# /etc/bitcoin/bitcoin.conf, except for those explicitly specified as arguments -# in ExecStart= -[Unit] -Description=Bitcoin daemon -After=tor.service -Requires=tor.service -[Service] -ExecStart=/usr/local/bin/bitcoind -conf=/home/standup/.bitcoin/bitcoin.conf -# Process management -#################### -Type=simple -PIDFile=/run/bitcoind/bitcoind.pid -Restart=on-failure -# Directory creation and permissions -#################################### -# Run as bitcoin:bitcoin -User=standup -Group=sudo -# /run/bitcoind -RuntimeDirectory=bitcoind -RuntimeDirectoryMode=0710 -# Hardening measures -#################### -# Provide a private /tmp and /var/tmp. -PrivateTmp=true -# Mount /usr, /boot/ and /etc read-only for the process. -ProtectSystem=full -# Disallow the process and all of its children to gain -# new privileges through execve(). -NoNewPrivileges=true -# Use a new /dev namespace only populated with API pseudo devices -# such as /dev/null, /dev/zero and /dev/random. -PrivateDevices=true -# Deny the creation of writable and executable memory mappings. -MemoryDenyWriteExecute=true -[Install] -WantedBy=multi-user.target -EOF - -echo " --------$0 - Starting bitcoind service -" -sudo systemctl enable bitcoind.service -sudo systemctl start bitcoind.service - -#### -# 6. Install QR encoder and displayer, and show the btcstandup:// uri in plain text incase the QR Code does not display -#### -if [ "$(systemctl is-active --quiet bitcoind) | grep active" ] -then - # Get the Tor onion address for the QR code - HS_HOSTNAME=$(sudo cat /var/lib/tor/standup/hostname) - - # Create the QR string - QR="btcstandup://StandUp:$RPCPASSWORD@$HS_HOSTNAME:1309/?label=StandUp.sh" - - # Display the uri text incase QR code does not work - echo "$0 - **************************************************************************************************************" - echo "$0 - This is your btcstandup:// uri to convert into a QR which can be scanned with FullyNoded to connect remotely:" - echo $QR - echo "$0 - **************************************************************************************************************" - echo " - $0 - Bitcoin is setup as a service and will automatically start if your VPS reboots and so is Tor - " - echo " - $0 - You can manually stop Bitcoin with: sudo systemctl stop bitcoind.service - " - echo " - $0 - You can manually start Bitcoin with: sudo systemctl start bitcoind.service - " -else - echo " - ERROR: Bitcoind service not running hence QR code or URI not generated. Exiting. - " -fi - - - - -#### -# Lightning -#### - - - -#### -# RESETTING Environment Variables -#### - -# system -NOPROMPT=false -STARTUP_REGISTER=true -SYSTEMD_RELOAD=true -VPS=false -USERPASSWORD="" - -# vps -FQDN="" -HOSTNAME="" -REGION="" - -# bitcoind -NETWORK="mainnet" -PRUNE="" -FASTSYNC=false -HWI=true - -# lightning -LIGHTNING="c-lightning" - -# services -ESPLORA=false -BTCPAYSERVER=false - -# Tor -TOR_PUBKEY="" - -# ssh -SSH_KEY="" -SYS_SSH_IP="" - - -# Finished, exit script -exit 0 From fa9025fd3c1779793de8d33e2fbdf07907cc1b6d Mon Sep 17 00:00:00 2001 From: jodobear Date: Mon, 28 Sep 2020 16:36:48 +0200 Subject: [PATCH 16/16] added README & commented out btcpay settings --- Scripts/scripts/README.md | 73 ++++++++++++++++++++++++++++++++ Scripts/scripts/ss.conf | 6 +-- Scripts/scripts/ss.conf.defaults | 6 +-- 3 files changed, 79 insertions(+), 6 deletions(-) create mode 100644 Scripts/scripts/README.md diff --git a/Scripts/scripts/README.md b/Scripts/scripts/README.md new file mode 100644 index 0000000..ba7a087 --- /dev/null +++ b/Scripts/scripts/README.md @@ -0,0 +1,73 @@ +# Bitcoin Standup Scripts - Blockchain Commons + +Contributor: jodobear 20-07-03 + +**DISCLAIMER:** It is not a good idea to store large amounts of Bitcoin on a VPS, ideally you should use this as a watch-only wallet. This script is a work-in-progress and has not been widely tested. The creators are not responsible for loss of funds. If you are not familiar with running a node or how Bitcoin works then we urge you to use this in testnet so that you can use it as a learning tool. + + +## Usage + +The script is inteded for a fresh bitcoin setup. Re-running the script on an already setup server is intended only for advanced users. + +It downloads Bitcoin Core over Tor. You can specify any path for the blockchain data and Electrs data. + +To run this script you need to be logged in as root, and enter in the commands listed below: + +(The $ or # represents a terminal commmand prompt, do not actually type in a $ or #.) + +1. Give the root user a password, enter the following command and set a password: +$ sudo passwd + +2. Switch to the root user: +$ sudo su + +3. Edit config for your node setup using your favourite text editor: +# nano ss.conf + +4. Source the script: +# source ss_00_main.sh + +5. Display help: +# source ss_00_main.sh -h + +This script can be installed on any Debian based system. By default this script will: + +- Update the OS +- Set Automatic Updates On +- Create User: standup +- Install UFW, haveguard, gnupg2, git & make +- Install Tor +- Install Bitcoin Core on mainnet with txindex=1 if setting up unpruned node. +- Setup Bitcoin Core as systemd service and to start at reboot or after a crash. +- Start Bitcoin Core + +Optionally you can install: +--------------------------- +- Install c-lightning or LND +- Install Esplora +- Install BTCPay** + +** Work-in-progress + +QR Code: +-------- +Upon completion of the script there will be a QR code saved to /qrcode.png which you can open and scan: + +1. Install fim: +$ sudo apt-get install fim +2. Then, display the QR code in terminal (as root): +# fim -a qrcode.png + +It is highly recommended to add a Tor V3 pubkey for cookie authentication so that even if your QR code is compromised an attacker would not be able to access your node. + +It is recommended to delete the /qrcode.png. +Additionally, unless you face installation issues and need to assisstance delete /standup.log, and /standup.err + + +## TODO + +1. Conclude the Esplora `dist` [issue](https://github.com/Blockstream/esplora/issues/156) +2. Find solution to BTCPay Server corrupting blockchain directory when creating a softlink. +3. Check implementation & test FastSync. +4. C-lightning HTTP plugin. +5. Explore HWI. \ No newline at end of file diff --git a/Scripts/scripts/ss.conf b/Scripts/scripts/ss.conf index 7b6c660..d67eb3f 100644 --- a/Scripts/scripts/ss.conf +++ b/Scripts/scripts/ss.conf @@ -96,7 +96,7 @@ LN_ALIAS=StandUp # set to true if you want to install an esplora server ESPLORA=false # set to true if you want to install btcpay server -BTCPAYSERVER=false +# BTCPAYSERVER=false ########################### @@ -118,7 +118,7 @@ CORS=localhost # BTCPAY Server ########################### # the domain name where you will host your BTCPay Server. -BTCPAY_HOST= +# BTCPAY_HOST= # set the lightning network implementation for your BTCPay Server, # options: clightning or lnd -BTCPAY_LN= +# BTCPAY_LN= diff --git a/Scripts/scripts/ss.conf.defaults b/Scripts/scripts/ss.conf.defaults index 7b6c660..d67eb3f 100644 --- a/Scripts/scripts/ss.conf.defaults +++ b/Scripts/scripts/ss.conf.defaults @@ -96,7 +96,7 @@ LN_ALIAS=StandUp # set to true if you want to install an esplora server ESPLORA=false # set to true if you want to install btcpay server -BTCPAYSERVER=false +# BTCPAYSERVER=false ########################### @@ -118,7 +118,7 @@ CORS=localhost # BTCPAY Server ########################### # the domain name where you will host your BTCPay Server. -BTCPAY_HOST= +# BTCPAY_HOST= # set the lightning network implementation for your BTCPay Server, # options: clightning or lnd -BTCPAY_LN= +# BTCPAY_LN=