forked from ordinals/ord
-
Notifications
You must be signed in to change notification settings - Fork 21
/
setup
executable file
·133 lines (105 loc) · 2.62 KB
/
setup
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
#!/usr/bin/env bash
# This script is idempotent in the sense that running it more
# than once will not change the state beyond the initial application
set -euxo pipefail
CHAIN=$1
DOMAIN=$2
BRANCH=$3
COMMIT=$4
REVISION="ord-$BRANCH-$COMMIT"
touch ~/.hushlogin
sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
mkdir -p \
/etc/systemd/system/bitcoind.service.d \
/etc/systemd/system/ord.service.d
printf "[Service]\nEnvironment=CHAIN=%s\n" $CHAIN \
| tee /etc/systemd/system/bitcoind.service.d/override.conf \
> /etc/systemd/system/ord.service.d/override.conf
printf 'BRANCH=%s\n' $BRANCH >> /etc/environment \
&& printf 'COMMIT=%s\n' $COMMIT >> /etc/environment \
&& printf 'REVISION=%s\n' $REVISION >> /etc/environment
hostnamectl set-hostname $DOMAIN
apt-get install --yes \
acl \
clang \
libsqlite3-dev\
libssl-dev \
pkg-config \
ufw \
vim
ufw default allow outgoing
ufw default deny incoming
ufw allow 8080
ufw allow http
ufw allow https
ufw allow ssh
case $CHAIN in
main)
ufw allow 8333
;;
signet)
ufw allow 38333
;;
test)
ufw allow 18333
;;
*)
echo "Unknown chain: $CHAIN"
exit 1
;;
esac
ufw --force enable
if ! which bitcoind; then
./bin/install-bitcoin-core-linux
fi
bitcoind --version
if [[ ! -e ~/.cargo/env ]]; then
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
fi
source ~/.cargo/env
rustup update stable
cargo build --release
if [[ -f /usr/local/bin/ord ]]; then
mv /usr/local/bin/ord /usr/local/bin/$REVISION.bak
fi
cp target/release/ord /usr/local/bin/ord
id --user bitcoin || useradd --system bitcoin
id --user ord || useradd --system ord
cp deploy/bitcoind.service /etc/systemd/system/
mkdir -p /etc/bitcoin
cp deploy/bitcoin.conf /etc/bitcoin/bitcoin.conf
systemctl daemon-reload
systemctl enable bitcoind
systemctl restart bitcoind
case $CHAIN in
main)
COOKIE_FILE_DIR=/var/lib/bitcoind
;;
signet)
COOKIE_FILE_DIR=/var/lib/bitcoind/signet
;;
test)
COOKIE_FILE_DIR=/var/lib/bitcoind/testnet3
;;
*)
echo "Unknown chain: $CHAIN"
exit 1
;;
esac
while [[ ! -f $COOKIE_FILE_DIR/.cookie ]]; do
echo "Waiting for bitcoind…"
sleep 1
done
setfacl -m ord:x /var/lib/bitcoind
setfacl -m ord:x $COOKIE_FILE_DIR
setfacl -dm ord:r $COOKIE_FILE_DIR
setfacl -m ord:r $COOKIE_FILE_DIR/.cookie
journalctl --unit ord --vacuum-time 1s
cp deploy/ord.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable ord
systemctl restart ord
while ! curl --fail https://$DOMAIN/status; do
echo "Waiting for ord at https://$DOMAIN/status…"
sleep 1
done