s83/privacy-guides
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Deprecated bitcoin-dataset

Browse source
This commit is contained in:
Sun Knudsen 2022-08-03 13:35:27 -04:00
parent ac829a6f0c
commit ccc62a404c
No known key found for this signature in database
GPG key ID: 02C43AD072D57783
12 changed files with 20 additions and 746 deletions
Download patch file Download diff file Expand all files Collapse all files

272
how-to-self-host-hardened-bitcoin-node/README.md
View file

@ -17,7 +17,6 @@ Listed: true
## Caveats
- Steps labelled as “bitcoin-dataset” are only required to bootstrap node using bitcoin-dataset.
- When copy/pasting commands that start with `$`, strip out `$` as this character is not part of the command
- When copy/pasting commands that start with `cat << "EOF"`, select all lines at once (from `cat << "EOF"` to `EOF` inclusively) as they are part of the same (single) command
@ -43,47 +42,7 @@ $ apt update
$ apt install -y apt-transport-https build-essential clang cmake curl git gnupg sudo
```
### Step 3 (bitcoin-dataset): install bitcoin-dataset dependencies
```console
$ apt install -y lz4 transmission-cli transmission-daemon
$ systemctl disable transmission-daemon
$ systemctl stop transmission-daemon
```
### Step 4 (bitcoin-dataset): configure transmission-daemon
#### Increase `rmem_max` and `wmem_max`
```console
$ cat << "EOF" >> /etc/sysctl.conf
net.core.rmem_max = 4194304
net.core.wmem_max = 1048576
EOF
$ sysctl -p
```
#### Overwrite default settings
```shell
cat << "EOF" > /etc/transmission-daemon/settings.json
{
"dht-enabled": false,
"encryption": 2,
"message-level": 1,
"pex-enabled": false,
"port-forwarding-enabled": true,
"rpc-authentication-required": false,
"rpc-enabled": true,
"utp-enabled": false
}
EOF
```
### Step 5: add user to sudo group
### Step 3: add user to sudo group
> Heads-up: replace `pi-admin` with user.
@ -91,7 +50,7 @@ EOF
usermod -aG sudo pi-admin
```
### Step 6: log out and log in to enable sudo privileges
### Step 4: log out and log in to enable sudo privileges
> Heads-up: replace `~/.ssh/pi` with path to private key and `pi-admin@10.0.1.94` with server or Raspberry Pi SSH destination.
@ -105,7 +64,7 @@ $ ssh -i ~/.ssh/pi pi-admin@10.0.1.94
$ sudo su -
```
### Step 7: install and configure [WireGuard](https://www.wireguard.com/)
### Step 5: install and configure [WireGuard](https://www.wireguard.com/)
#### Install WireGuard
@ -200,7 +159,7 @@ You are connected to Mullvad
👍
### Step 8: install [Cargo](https://doc.rust-lang.org/cargo/index.html)
### Step 6: install [Cargo](https://doc.rust-lang.org/cargo/index.html)
```console
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
@ -263,19 +222,7 @@ source $HOME/.cargo/env
$ source $HOME/.cargo/env
```
### Step 9 (bitcoin-dataset): install [b3sum](https://github.com/BLAKE3-team/BLAKE3)
```console
$ cargo install b3sum
Updating crates.io index
Installing b3sum v1.3.1
Installed package `b3sum v1.3.1` (executable `b3sum`)
$ mv /root/.cargo/bin/b3sum /usr/bin/
```
### Step 10: import Suns PGP public key (used to verify downloads below)
### Step 7: import Suns PGP public key (used to verify downloads below)
```console
$ curl --fail https://sunknudsen.com/sunknudsen.asc | gpg --import
@ -294,7 +241,7 @@ imported: 1
👍
### Step 11: verify integrity of Suns PGP public key (learn how [here](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint))
### Step 8: verify integrity of Suns PGP public key (learn how [here](../how-to-encrypt-sign-and-decrypt-messages-using-gnupg-on-macos#verify-suns-pgp-public-key-using-fingerprint))
```console
$ gpg --fingerprint hello@sunknudsen.com
@ -310,35 +257,7 @@ Fingerprint matches published fingerprints
👍
### Step 12: download and verify [bitcoind.service](./bitcoind.service)
```console
$ curl --fail --output /lib/systemd/system/bitcoind.service https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/bitcoind.service
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2184 100 2184 0 0 2112 0 0:00:01 0:00:01 --:--:-- 2114
$ curl --fail --output /lib/systemd/system/bitcoind.service.asc https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/bitcoind.service.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 228 100 228 0 0 258 0 --:--:-- --:--:-- --:--:-- 258
$ gpg --verify /lib/systemd/system/bitcoind.service.asc
gpg: assuming signed data in 'bitcoind.service'
gpg: Signature made Wed 16 Feb 2022 14:02:09 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
```
Good signature
👍
### Step 13: download and verify [electrs.service](./electrs.service)
### Step 9: download and verify [electrs.service](./electrs.service)
```console
$ curl --fail --output /lib/systemd/system/electrs.service https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/electrs.service
@ -366,34 +285,7 @@ Good signature
👍
### Step 14 (bitcoin-dataset): download and verify [transmission-daemon.service](./transmission-daemon.service)
```console
$ curl --fail --output /lib/systemd/system/transmission-daemon.service https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/transmission-daemon.service
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1598 100 1598 0 0 568 0 0:00:02 0:00:02 --:--:-- 568
$ curl --fail --output /lib/systemd/system/transmission-daemon.service.asc https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/transmission-daemon.service.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
$ gpg --verify /lib/systemd/system/transmission-daemon.service.asc
gpg: assuming signed data in '/lib/systemd/system/transmission-daemon.service'
gpg: Signature made Sun 27 Feb 2022 01:47:27 PM EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
```
Good signature
👍
### Step 15: download and verify [tor-client-auth.sh](./tor-client-auth.sh)
### Step 10: download and verify [tor-client-auth.sh](./tor-client-auth.sh)
```console
$ curl --fail --output /usr/bin/tor-client-auth.sh https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/tor-client-auth.sh
@ -423,7 +315,7 @@ Good signature
👍
### Step 16: install and configure [Tor](https://www.torproject.org/)
### Step 11: install and configure [Tor](https://www.torproject.org/)
> Heads-up: replace `bullseye` with Debian version codename (run `cat /etc/os-release` to find Debian version codename).
@ -460,7 +352,7 @@ EOF
$ systemctl restart tor
```
### Step 17: configure Tor hidden services client authorization (see [docs](https://community.torproject.org/onion-services/advanced/client-auth/))
### Step 12: configure Tor hidden services client authorization (see [docs](https://community.torproject.org/onion-services/advanced/client-auth/))
```console
$ cd /var/lib/tor/ssh
@ -476,7 +368,7 @@ $ systemctl restart tor
$ cd
```
### Step 18: create bitcoin user
### Step 13: create bitcoin user
```console
$ adduser --group --no-create-home --system bitcoin
@ -488,131 +380,7 @@ Not creating home directory `/home/bitcoin'.
$ usermod -aG debian-tor bitcoin
```
### Step 19 (bitcoin-dataset): download and verify bitcoin-dataset torrent
```console
$ curl --fail --remote-name https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/bitcoin-dataset.torrent
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 4271k 100 4271k 0 0 3911k 0 0:00:01 0:00:01 --:--:-- 3911k
$ curl --fail --remote-name https://raw.githubusercontent.com/sunknudsen/privacy-guides/master/how-to-self-host-hardened-bitcoin-node/bitcoin-dataset.torrent.asc
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 228 100 228 0 0 740 0 --:--:-- --:--:-- --:--:-- 740
$ gpg --verify bitcoin-dataset.torrent.asc
gpg: assuming signed data in 'bitcoin-dataset.torrent'
gpg: Signature made Tue 01 Mar 2022 15:18:45 EST
gpg: using EDDSA key 9C7887E1B5FCBCE2DFED0E1C02C43AD072D57783
gpg: Good signature from "Sun Knudsen <hello@sunknudsen.com>" [unknown]
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E786 274B C92B 47C2 3C1C F44B 8C9C A674 C47C A060
Subkey fingerprint: 9C78 87E1 B5FC BCE2 DFED 0E1C 02C4 3AD0 72D5 7783
```
Good signature
👍
### Step 20 (bitcoin-dataset): temporarily allow BitTorrent peer-to-peer over Mullvad
> Heads-up: replace `mullvad-ca10` with Mullvad endpoint.
```console
$ MULLVAD_ENDPOINT=mullvad-ca10
$ nft add rule ip firewall output oifname $MULLVAD_ENDPOINT tcp accept
```
### Step 21 (bitcoin-dataset): download bitcoin-dataset
> Heads-up: downloading bitcoin-dataset will likely take more than 24 hours on Raspberry Pi.
> Heads-up: if download doesnt start or hangs, try running `systemctl restart transmission-daemon`.
```console
$ systemctl start transmission-daemon
$ transmission-remote --add bitcoin-dataset.torrent --start
$ watch transmission-remote --list
Every 2.0s: transmission-remote --list debian: Tue Mar 1 11:56:05 2022
ID Done Have ETA Up Down Ratio Status Name
1 100% 458.4 GB Done 0.0 0.0 0.0 Idle bitcoin-dataset
Sum: 458.4 GB 0.0 0.0
```
100%
👍
### Step 22 (bitcoin-dataset): stop transmission-daemon
```shell
systemctl stop transmission-daemon
```
### Step 23 (bitcoin-dataset): verify bitcoin-dataset checksums
```console
$ cd /var/lib/transmission-daemon/downloads/bitcoin-dataset
$ gpg --verify BLAKE3CHECKSUMS.asc
```
Good signature
👍
### Step 24 (bitcoin-dataset): check integrity of bitcoin-dataset
> Heads-up: checking integrity of bitcoin-dataset will likely take more than 15 minutes on Raspberry Pi.
```console
$ b3sum --check BLAKE3CHECKSUMS
bitcoin.tar.lz4.part00: OK
electrs.tar.lz4.part03: OK
```
OK
👍
### Step 25 (bitcoin-dataset): extract bitcoin-dataset
> Heads-up: extracting bitcoin-dataset will likely take more than two hours on Raspberry Pi.
```console
$ mkdir -m 710 -p /var/lib/bitcoind /var/lib/electrs
$ for part in bitcoind.tar.lz4.part*; do
cat < "$part" || break
rm -f -- "$part"
done |
tar \
--extract \
--directory /var/lib/bitcoind \
--use-compress-program lz4 \
--verbose
$ for part in electrs.tar.lz4.part*; do
cat < "$part" || break
rm -f -- "$part"
done |
tar \
--extract \
--directory /var/lib/electrs \
--use-compress-program lz4 \
--verbose
$ cd
```
### Step 26: temporarily allow Bitcoin peer-to-peer over Mullvad
### Step 14: temporarily allow Bitcoin peer-to-peer over Mullvad
> Heads-up: replace `mullvad-ca10` with Mullvad endpoint.
@ -624,7 +392,7 @@ $ nft add rule ip firewall input oifname $MULLVAD_ENDPOINT tcp dport 8333 accept
$ nft add rule ip firewall output oifname $MULLVAD_ENDPOINT tcp dport 8333 accept
```
### Step 27: install [Bitcoin Core](https://github.com/bitcoin/bitcoin)
### Step 15: install [Bitcoin Core](https://github.com/bitcoin/bitcoin)
> Heads-up: replace `22.0` with [latest release](https://bitcoincore.org/en/releases/) semver.
@ -765,9 +533,9 @@ $ systemctl enable bitcoind
$ systemctl start bitcoind
```
### Step 28: watch initial block download
### Step 16: watch initial block download
> Heads-up: initial block download will likely take more than a week on Raspberry Pi unless node was bootstrapped using bitcoin-dataset.
> Heads-up: initial block download will likely take more than a week on Raspberry Pi.
```console
$ sudo -u bitcoin watch bitcoin-cli -datadir=/var/lib/bitcoind getblockchaininfo
@ -832,7 +600,7 @@ Every 2.0s: bitcoin-cli -datadir=/var/lib/bitcoind getblockchaininfo
👍
### Step 29: switch to Tor-only (see [docs](https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md))
### Step 17: switch to Tor-only (see [docs](https://github.com/bitcoin/bitcoin/blob/master/doc/tor.md))
> Heads-up: only run following once `"blocks": 724597` = `"headers": 724597` and `"initialblockdownload": false`.
@ -856,7 +624,7 @@ EOF
$ systemctl start bitcoind
```
### Step 30: install [electrs](https://github.com/romanz/electrs) (see [docs](https://github.com/romanz/electrs/blob/master/doc/install.md))
### Step 18: install [electrs](https://github.com/romanz/electrs) (see [docs](https://github.com/romanz/electrs/blob/master/doc/install.md))
> Heads-up: build will likely take more than half and hour on Raspberry Pi.
@ -878,9 +646,9 @@ $ systemctl start electrs
$ cd
```
### Step 31: watch initial sync
### Step 19: watch initial sync
> Heads-up: initial sync will likely take more than a day on Raspberry Pi unless node was bootstrapped using bitcoin-dataset.
> Heads-up: initial sync will likely take more than a day on Raspberry Pi.
> Heads-up: run following commands concurrently.
@ -950,7 +718,7 @@ bitcoin-cli `"blocks": 724597` = electrs `height=724597`
👍
### Step 32: reboot
### Step 20: reboot
```shell
systemctl reboot