set -euxo pipefail
CHAIN=$1
DOMAIN=$2
BRANCH=$3
COMMIT=$4
REVISION="bitomc-$BRANCH-$COMMIT"
export DEBIAN_FRONTEND=noninteractive
touch ~/.hushlogin
hostnamectl set-hostname $DOMAIN
apt-get install --yes \
acl \
clang \
curl \
libsqlite3-dev\
libssl-dev \
locales-all \
pkg-config \
ufw \
vim
apt-get remove --yes --auto-remove
ufw default allow outgoing
ufw default deny incoming
ufw allow 8080
ufw allow http
ufw allow https
ufw allow ssh
case $CHAIN in
main)
COOKIE_FILE_DIR=/var/lib/bitcoind
CSP_ORIGIN=ordinals.com
ufw allow 8333
;;
regtest)
COOKIE_FILE_DIR=/var/lib/bitcoind/regtest
CSP_ORIGIN=regtest.ordinals.com
ufw allow 18444
;;
signet)
COOKIE_FILE_DIR=/var/lib/bitcoind/signet
CSP_ORIGIN=signet.ordinals.com
ufw allow 38333
;;
test)
COOKIE_FILE_DIR=/var/lib/bitcoind/testnet3
CSP_ORIGIN=testnet.ordinals.com
ufw allow 18333
;;
*)
echo "Unknown chain: $CHAIN"
exit 1
;;
esac
mkdir -p \
/etc/systemd/system/bitcoind.service.d \
/etc/systemd/system/bitomc.service.d
printf "[Service]\nEnvironment=CHAIN=%s\nEnvironment=CSP_ORIGIN=%s\n" $CHAIN $CSP_ORIGIN \
| tee /etc/systemd/system/bitcoind.service.d/override.conf \
> /etc/systemd/system/bitomc.service.d/override.conf
sed -i -E 's/#?PasswordAuthentication yes/PasswordAuthentication no/' /etc/ssh/sshd_config
sshd -t
systemctl restart sshd
ufw --force enable
if ! which bitcoind; then
./bin/install-bitcoin-core-linux
fi
bitcoind --version
if [[ ! -e ~/.cargo/env ]]; then
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
fi
source ~/.cargo/env
rustup update stable
cargo build --release
install --backup target/release/bitomc /usr/local/bin/bitomc
id --user bitcoin || useradd --system bitcoin
id --user bitomc || useradd --system bitomc
cp deploy/bitcoind.service /etc/systemd/system/
mkdir -p /etc/bitcoin
cp deploy/bitcoin.conf /etc/bitcoin/bitcoin.conf
if [[ ! -e ~/.bitcoin/bitcoin.conf ]]; then
mkdir -p ~/.bitcoin
ln -s /etc/bitcoin/bitcoin.conf ~/.bitcoin/bitcoin.conf
fi
systemctl daemon-reload
systemctl enable bitcoind
systemctl restart bitcoind
while [[ ! -f $COOKIE_FILE_DIR/.cookie ]]; do
echo "Waiting for bitcoind…"
sleep 1
done
setfacl -m bitomc:x /var/lib/bitcoind
setfacl -m bitomc:x $COOKIE_FILE_DIR
setfacl -dm bitomc:r $COOKIE_FILE_DIR
setfacl -m bitomc:r $COOKIE_FILE_DIR/.cookie
journalctl --unit bitomc --vacuum-time 1s
cp deploy/bitomc.service /etc/systemd/system/
systemctl daemon-reload
systemctl enable bitomc
systemctl restart bitomc
while ! curl --fail https://$DOMAIN/status > /dev/null; do
echo "Waiting for bitomc at https://$DOMAIN/status…"
sleep 1
done