Skip to content

Commit

Permalink
Merge pull request #4 from mvrahden/improvements
Browse files Browse the repository at this point in the history
Improvements
  • Loading branch information
mvrahden authored Apr 1, 2024
2 parents 75cc455 + acdfebe commit 923e7cb
Show file tree
Hide file tree
Showing 8 changed files with 49 additions and 79 deletions.
40 changes: 20 additions & 20 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -5,14 +5,13 @@
Ansible role to install the [Bitcoin Core](https://bitcoincore.org/en/about/) client as a `systemd` service. By default,
it uses sane defaults and some hardening measures for the Systemd service.

By default, all binaries are installed inside `/usr/local/bitcoin-core-<version>/bin` directory. So for example, if you
are installing the version `23.0`, if you want to invoke the `bitcoin-cli` binary, you will need to
use `/usr/local/bitcoin-core-23.0/bin/bitcoin-cli`. Note this is the case for the rest of the binaries from Bitcoin.
## Summary: What does it do?

Usually, you don't need the absolute binary path since this role creates a symbolic link
to `/home/<user>/.bitcoin`. Using absolute routes is only useful when doing updates to the binary and a rollback is
required
or to using a specific binary version to execute an operation.
- Sets up user, if not single user system
- Downloads bitcoin core and verifies signatures
- Installs all shipped binaries to `/usr/local/bin` (i.e. `bitcoin-cli`, `bitcoind`, ...)
- Sets up a systemd service with configuration at `/etc/bitcoind/<network>/bitcoind.conf`
- Links `/home/<user>/.bitcoin` to `/etc/bitcoind/<network>`

## Requirements

Expand Down Expand Up @@ -79,19 +78,20 @@ To configure the Bitcoin node, you can use the following variables:
> Use [rpcauth.yp](https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py) to
> generate `rpcauth` credentials.

| Name | Value | Note |
| ----------------------- | ----------------- | ---------------------------------------------------- |
| `bitcoind_data_dir` | `/data/bitcoin` | |
| `bitcoind_network` | `main` | Valid values are: `regtest`, `signet` and `test` |
| `bitcoind_rpc_auth` | `bitcoin:2e00...` | Prevent your password from being stored as cleartext |
| `bitcoind_rpc_user` | `bitcoin` | If possible use `btc_rpc_auth` instead |
| `bitcoind_rpc_password` | `bitcoin` | If possible use `btc_rpc_auth` instead |
| `bitcoind_zmq_host` | `127.0.0.1` | |
| `bitcoind_bind` | `127.0.0.1` | |
| `bitcoind_rpc_bind` | `127.0.0.1` | This is where to expose the RPC server |
| `bitcoind_rpc_allow_ips` | `[127.0.0.1]` | This can be an IP or a range like `10.0.0.0/24` |
| `bitcoind_use_onion` | `False` | This enables onion support |
| `bitcoind_onion_proxy` | `127.0.0.1:9050` | |
| Name | Value | Note |
| ------------------------ | -------------------------- | ---------------------------------------------------- |
| `bitcoind_data_dir` | `/data/bitcoin` | |
| `bitcoind_network` | `main` | Valid values are: `regtest`, `signet` and `test` |
| `bitcoind_rpc_auth` | `bitcoin:2e00...` | Prevent your password from being stored as cleartext |
| `bitcoind_rpc_user` | `bitcoin` | If possible use `btc_rpc_auth` instead |
| `bitcoind_rpc_password` | `bitcoin` | If possible use `btc_rpc_auth` instead |
| `bitcoind_zmq_host` | `127.0.0.1` | |
| `bitcoind_bind` | `127.0.0.1` | |
| `bitcoind_rpc_bind` | `127.0.0.1` | This is where to expose the RPC server |
| `bitcoind_rpc_allow_ips` | `[127.0.0.1]` | This can be an IP or a range like `10.0.0.0/24` |
| `bitcoind_use_onion` | `False` | This enables onion support |
| `bitcoind_onion_proxy` | `127.0.0.1:9050` | |
| `bitcoind_onion_nodes` | `['tsr2f2....onion:8333']` | |

### GPG verification

Expand Down
4 changes: 3 additions & 1 deletion defaults/main.yml
Original file line number Diff line number Diff line change
Expand Up @@ -38,5 +38,7 @@ bitcoind_rpc_allow_ips:
# to receive raw block and transaction updates.
bitcoind_zmq_host: 127.0.0.1

bitcoind_use_onion: False
bitcoind_use_onion: false
bitcoind_onion_proxy: 127.0.0.1:9050
bitcoind_onion_nodes: [] # see: https://bitnodes.io/nodes/?q=Tor%20network
# - tsr2f2pjzvkjn32gt6dnfjzmgbbq6kjj62d3jgedwx4qr2ku3tb7pvqd.onion:8333
12 changes: 0 additions & 12 deletions molecule/vagrant/converge.yml

This file was deleted.

19 changes: 0 additions & 19 deletions molecule/vagrant/molecule.yml

This file was deleted.

5 changes: 0 additions & 5 deletions molecule/vagrant/requirements.txt

This file was deleted.

33 changes: 17 additions & 16 deletions tasks/main.yml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
---
- name: Bitcoind | Ensure dependencies are installed
ansible.builtin.apt:
update_cache: yes
update_cache: true
name: "{{ item }}"
state: present
with_items:
Expand Down Expand Up @@ -34,7 +34,8 @@
dest: /tmp/SHA256SUMS
http_agent: yourbtc-ansible

- include_tasks: gpg.yml
- name: "Bitcoind | Verify signature with given keys"
ansible.builtin.include_tasks: gpg.yml
vars:
gpg_user: "{{ item.name }}"
gpg_id: "{{ item.id }}"
Expand All @@ -57,18 +58,18 @@
ansible.builtin.unarchive:
src: /tmp/bitcoin-core-{{ bitcoind_version }}-{{ bitcoind_arch }}.tar.gz
dest: /tmp/bitcoin-core-{{ bitcoind_version }}
remote_src: yes
remote_src: true
extra_opts:
- --strip-components=1

- name: "Bitcoind | Install binaries into '/usr/local/bin/*'"
ansible.builtin.copy:
src: /tmp/bitcoin-core-{{ bitcoind_version }}/bin/
dest: /usr/local/bin/
remote_src: yes
remote_src: true
owner: root
group: root
mode: 0755
mode: "0755"

- name: "Bitcoind | Copy Bitcoin systemd file into '/lib/systemd/system/bitcoind-{{ bitcoind_network }}.service'"
ansible.builtin.template:
Expand All @@ -77,39 +78,39 @@
notify:
- Bitcoind | Ensure bitcoind systemd unit is restarted

- name: "Bitcoind | Ensure Bitcoin configuration directory '/etc/bitcoin/{{ bitcoind_network }}' exists"
- name: "Bitcoind | Ensure Bitcoin configuration directory exists ('/etc/bitcoind/{{ bitcoind_network }}')"
ansible.builtin.file:
path: /etc/bitcoin/{{ bitcoind_network }}
path: /etc/bitcoind/{{ bitcoind_network }}
state: directory
owner: "{{ bitcoind_user }}"
group: "{{ bitcoind_group }}"
mode: 0755
mode: "0755"

- name: "Bitcoind | Copy bitcoin.conf file into '/etc/bitcoin/{{ bitcoind_network }}'"
- name: "Bitcoind | Copy bitcoin.conf file into '/etc/bitcoind/{{ bitcoind_network }}'"
ansible.builtin.template:
src: bitcoin.conf.j2
dest: /etc/bitcoin/{{ bitcoind_network }}/bitcoin.conf
dest: /etc/bitcoind/{{ bitcoind_network }}/bitcoind.conf
owner: "{{ bitcoind_user }}"
group: "{{ bitcoind_group }}"
notify:
- Bitcoind | Ensure bitcoind systemd unit is restarted

- name: "Bitcoind | Ensure Bitcoin data directory '{{ bitcoind_data_dir }}' exists"
- name: "Bitcoind | Ensure Bitcoin data directory exists ('{{ bitcoind_data_dir }}')"
ansible.builtin.file:
path: "{{ bitcoind_data_dir }}"
state: directory

- name: "Bitcoind | Ensure Bitcoin data directory '{{ bitcoind_data_dir }}' uses the correct permissions"
- name: "Bitcoind | Ensure Bitcoin data directory uses the correct permissions ('{{ bitcoind_data_dir }}')"
ansible.builtin.file:
path: "{{ bitcoind_data_dir }}"
state: directory
owner: "{{ bitcoind_user }}"
group: "{{ bitcoind_group }}"
mode: 0755
mode: "0755"

- name: "Bitcoind | Ensure symbolic link from '/etc/bitcoin/{{ bitcoind_network }}' to '/home/{{ bitcoind_user }}/.bitcoin' exists"
- name: "Bitcoind | Ensure symbolic link from '/etc/bitcoind/{{ bitcoind_network }}' to '/home/{{ bitcoind_user }}/.bitcoin' exists"
ansible.builtin.file:
src: /etc/bitcoin/{{ bitcoind_network }}
src: /etc/bitcoind/{{ bitcoind_network }}
dest: /home/{{ bitcoind_user }}/.bitcoin
state: link
owner: "{{ bitcoind_user }}"
Expand All @@ -118,6 +119,6 @@
- name: "Bitcoind | Ensure 'bitcoind-{{ bitcoind_network }}.service' systemd unit is enabled and started"
ansible.builtin.systemd:
name: bitcoind-{{ bitcoind_network }}.service
daemon_reload: yes
daemon_reload: true
enabled: true
state: started
3 changes: 3 additions & 0 deletions templates/bitcoin.conf.j2
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,9 @@ whitelist=127.0.0.1
onlynet=onion
proxy={{ bitcoind_onion_proxy }}
listen=1
{% for item in bitcoind_onion_nodes %}
addnode={{ item }}
{% endfor %}
{% endif %}

zmqpubrawblock=tcp://{{ bitcoind_zmq_host }}:28332
Expand Down
12 changes: 6 additions & 6 deletions templates/bitcoind.service.j2
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
# See "man systemd.service" for details.

# Note that almost all daemon options could be specified in
# /etc/bitcoin/bitcoin.conf, but keep in mind those explicitly
# /etc/bitcoind/{{ bitcoind_network }}/bitcoin.conf, but keep in mind those explicitly
# specified as arguments in ExecStart= will override those in the
# config file.

Expand All @@ -19,11 +19,11 @@ Wants=network-online.target

[Service]
ExecStart=/usr/local/bin/bitcoind -daemonwait \
-conf=/etc/bitcoin/{{ bitcoind_network }}/bitcoin.conf \
-conf=/etc/bitcoind/{{ bitcoind_network }}/bitcoind.conf \

# Make sure the config directory is readable by the service user
PermissionsStartOnly=true
# ExecStartPre=/bin/chgrp bitcoin /etc/bitcoin
# ExecStartPre=/bin/chgrp bitcoin /etc/bitcoind

# Process management
####################
Expand All @@ -47,9 +47,9 @@ Group={{ bitcoind_group }}
RuntimeDirectory=bitcoind/{{ bitcoind_network }}
RuntimeDirectoryMode=0710

# /etc/bitcoin/{{ bitcoind_network }}
ConfigurationDirectory=bitcoin/{{ bitcoind_network }}
ConfigurationDirectoryMode=0710
# /etc/bitcoind/{{ bitcoind_network }}
ConfigurationDirectory=bitcoind/{{ bitcoind_network }}
ConfigurationDirectoryMode=0755

# /var/lib/bitcoind
StateDirectory=bitcoind
Expand Down

0 comments on commit 923e7cb

Please sign in to comment.