You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
357 lines
14 KiB
357 lines
14 KiB
#!/bin/bash
|
|
#########################################################################
|
|
# Build your SD card image based on:
|
|
# RASPBIAN STRETCH WITH DESKTOP (2018-06-27)
|
|
# https://www.raspberrypi.org/downloads/raspbian/
|
|
# SHA256: 8636ab9fdd8f58a8ec7dde33b83747696d31711d17ef68267dbbcd6cfb968c24
|
|
##########################################################################
|
|
# setup fresh SD card with image above - login per SSH and run this script:
|
|
##########################################################################
|
|
|
|
echo ""
|
|
echo "***************************************"
|
|
echo "* RASPIBLITZ SD CARD IMAGE SETUP v0.75*"
|
|
echo "***************************************"
|
|
echo ""
|
|
|
|
echo ""
|
|
echo "*** RASPI CONFIG ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#raspi-config
|
|
|
|
# set new default passwort for pi and root user
|
|
echo "root:raspiblitz" | sudo chpasswd
|
|
echo "pi:raspiblitz" | sudo chpasswd
|
|
|
|
# set Raspi to boot up automatically with user pi (for the LCD)
|
|
# https://www.raspberrypi.org/forums/viewtopic.php?t=21632
|
|
sudo raspi-config nonint do_boot_behaviour B2
|
|
sudo bash -c "echo '[Service]' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
|
|
sudo bash -c "echo 'ExecStart=' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
|
|
sudo bash -c "echo 'ExecStart=-/sbin/agetty --autologin pi --noclear %I 38400 linux' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
|
|
|
|
# give Raspi a default hostname (optional)
|
|
sudo raspi-config nonint do_hostname "RaspiBlitz"
|
|
|
|
# do memory split (16MB)
|
|
sudo raspi-config nonint do_memory_split 16
|
|
|
|
# set to wait until network is available on boot (0 seems to yes)
|
|
sudo raspi-config nonint do_boot_wait 0
|
|
|
|
# autodetect and set your timezone
|
|
pip install -U tzupdate
|
|
sleep 2
|
|
sudo tzupdate
|
|
|
|
echo ""
|
|
echo "*** SOFTWARE UPDATE ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#software-update
|
|
|
|
# installs like on RaspiBolt
|
|
sudo apt-get update
|
|
sudo apt-get upgrade -f -y --force-yes
|
|
sudo apt-get install -y htop git curl bash-completion jq dphys-swapfile
|
|
|
|
# extra: remove some big packages not needed
|
|
sudo apt-get remove -y --purge libreoffice*
|
|
sudo apt-get clean
|
|
sudo apt-get -y autoremove
|
|
|
|
echo ""
|
|
echo "*** ADDING MAIN USER admin ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#adding-main-user-admin
|
|
# using the default password 'raspiblitz'
|
|
|
|
sudo adduser --disabled-password --gecos "" admin
|
|
echo "admin:raspiblitz" | sudo chpasswd
|
|
sudo adduser admin sudo
|
|
sudo chsh admin -s /bin/bash
|
|
|
|
# configure sudo for usage without password entry
|
|
echo '%sudo ALL=(ALL) NOPASSWD:ALL' | sudo EDITOR='tee -a' visudo
|
|
|
|
echo "*** ADDING SERVICE USER bitcoin"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#adding-the-service-user-bitcoin
|
|
|
|
# create user and set default password for user
|
|
sudo adduser --disabled-password --gecos "" bitcoin
|
|
echo "bitcoin:raspiblitz" | sudo chpasswd
|
|
|
|
echo ""
|
|
echo "*** SWAP FILE ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#moving-the-swap-file
|
|
# but just deactivating and deleting old (will be created alter when user adds HDD)
|
|
|
|
sudo dphys-swapfile swapoff
|
|
sudo dphys-swapfile uninstall
|
|
|
|
echo ""
|
|
echo "*** HARDENING ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#hardening-your-pi
|
|
|
|
# firewall - just install (not configure)
|
|
sudo apt-get install -y ufw
|
|
echo "deny incoming connection on other ports"
|
|
sudo ufw default deny incoming
|
|
echo "allow outgoing connections"
|
|
sudo ufw default allow outgoing
|
|
echo "allow: ssh"
|
|
sudo ufw allow ssh
|
|
echo "allow: bitcoin testnet"
|
|
sudo ufw allow 18333 comment 'bitcoin testnet'
|
|
echo "allow: bitcoin mainnet"
|
|
sudo ufw allow 8333 comment 'bitcoin mainnet'
|
|
echo "allow: litecoin mainnet"
|
|
sudo ufw allow 9333 comment 'litecoin mainnet'
|
|
echo 'allow: lightning testnet'
|
|
sudo ufw allow 19735 comment 'lightning testnet'
|
|
echo "allow: lightning mainnet"
|
|
sudo ufw allow 9735 comment 'lightning mainnet'
|
|
echo "allow: lightning gRPC"
|
|
sudo ufw allow 10009 comment 'lightning gRPC'
|
|
echo "allow: trasmission"
|
|
sudo ufw allow 51413 comment 'transmission'
|
|
echo "allow: local web admin"
|
|
sudo ufw allow from 192.168.0.0/24 to any port 80 comment 'allow local LAN web'
|
|
echo "enable lazy firewall"
|
|
sudo ufw enable
|
|
|
|
# fail2ban (no config required)
|
|
sudo apt-get install -y fail2ban
|
|
|
|
echo ""
|
|
echo "*** INCREASE OPEN FILE LIMIT ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#increase-your-open-files-limit
|
|
|
|
sudo sed --in-place -i "56s/.*/* soft nofile 128000/" /etc/security/limits.conf
|
|
sudo bash -c "echo '* hard nofile 128000' >> /etc/security/limits.conf"
|
|
sudo bash -c "echo 'root soft nofile 128000' >> /etc/security/limits.conf"
|
|
sudo bash -c "echo 'root hard nofile 128000' >> /etc/security/limits.conf"
|
|
sudo bash -c "echo '# End of file' >> /etc/security/limits.conf"
|
|
|
|
sudo sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
|
|
|
|
sudo sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
|
|
sudo bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
|
|
|
|
echo ""
|
|
echo "*** BITCOIN ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_30_bitcoin.md#installation
|
|
|
|
# set version (change if update is available)
|
|
bitcoinVersion="0.16.2"
|
|
laanwjPGP="01EA5486DE18A882D4C2684590C8019E36C2E964"
|
|
|
|
# prepare directories
|
|
sudo -u admin mkdir /home/admin/download
|
|
cd /home/admin/download
|
|
|
|
# download resources
|
|
sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/bitcoin-${bitcoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/SHA256SUMS.asc
|
|
sudo -u admin wget https://bitcoin.org/laanwj-releases.asc
|
|
|
|
# test checksum
|
|
checksum=$(sha256sum --check SHA256SUMS.asc --ignore-missing 2>/dev/null | grep '.tar.gz: OK' -c)
|
|
if [ ${checksum} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Bitcoin download checksum not OK"
|
|
exit 1
|
|
fi
|
|
|
|
# check gpg finger print
|
|
fingerprint=$(gpg ./laanwj-releases.asc 2>/dev/null | grep "${laanwjPGP}" -c)
|
|
if [ ${fingerprint} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Bitcoin download PGP author not OK"
|
|
exit 1
|
|
fi
|
|
gpg --import ./laanwj-releases.asc
|
|
verifyResult=$(gpg --verify SHA256SUMS.asc 2>&1)
|
|
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
|
|
echo "goodSignature(${goodSignature})"
|
|
correctKey=$(echo ${verifyResult} | grep "using RSA key ${laanwjPGP: -16}" -c)
|
|
echo "correctKey(${correctKey})"
|
|
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> LND PGP Verify not OK / signatute(${goodSignature}) verify(${correctKey})"
|
|
exit 1
|
|
fi
|
|
|
|
# install
|
|
sudo -u admin tar -xvf bitcoin-${bitcoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-${bitcoinVersion}/bin/*
|
|
sleep 3
|
|
installed=$(sudo -u admin bitcoind --version | grep "${bitcoinVersion}" -c)
|
|
if [ ${installed} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "*** LITECOIN ***"
|
|
# based on https://medium.com/@jason.hcwong/litecoin-lightning-with-raspberry-pi-3-c3b931a82347
|
|
|
|
# set version (change if update is available)
|
|
litecoinVersion="0.16.0"
|
|
cd /home/admin/download
|
|
sudo -u admin wget https://download.litecoin.org/litecoin-${litecoinVersion}/linux/litecoin-${litecoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo -u admin tar -xvf litecoin-${litecoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo install -m 0755 -o root -g root -t /usr/local/bin litecoin-${litecoinVersion}/bin/*
|
|
installed=$(sudo -u admin litecoind --version | grep "${litecoinVersion}" -c)
|
|
if [ ${installed} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Was not able to install litecoind version(${litecoinVersion})"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "*** LND ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_40_lnd.md#lightning-lnd
|
|
|
|
lndVersion="0.4.2-beta"
|
|
olaoluwaPGP="65317176B6857F98834EDBE8964EA263DD637C21"
|
|
|
|
# WORKAROUND: UNTIL LND 0.4.3 arm binary version is here ... we need to build from source to
|
|
# have TOR integration ... so the following is commented out for now:
|
|
#
|
|
## get LND resources
|
|
#cd /home/admin/download
|
|
#sudo -u admin wget https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/lnd-linux-arm-v${lndVersion}.tar.gz
|
|
#sudo -u admin wget https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/manifest-v${lndVersion}.txt
|
|
#sudo -u admin wget https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/manifest-v${lndVersion}.txt.sig
|
|
#sudo -u admin wget https://keybase.io/roasbeef/pgp_keys.asc
|
|
## test checksum
|
|
#checksum=$(sha256sum --check manifest-v${lndVersion}.txt --ignore-missing 2>/dev/null | grep '.tar.gz: OK' -c)
|
|
#if [ ${checksum} -lt 1 ]; then
|
|
# echo ""
|
|
# echo "!!! BUILD FAILED --> LND download checksum not OK"
|
|
# exit 1
|
|
#fi
|
|
## check gpg finger print
|
|
#fingerprint=$(gpg ./pgp_keys.asc 2>/dev/null | grep "${olaoluwaPGP}" -c)
|
|
#if [ ${fingerprint} -lt 1 ]; then
|
|
# echo ""
|
|
# echo "!!! BUILD FAILED --> LND download author PGP not OK"
|
|
# exit 1
|
|
#fi
|
|
#gpg --import ./pgp_keys.asc
|
|
#verifyResult=$(gpg --verify manifest-v${lndVersion}.txt.sig manifest-v${lndVersion}.txt 2>&1)
|
|
#goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
|
|
#echo "goodSignature(${goodSignature})"
|
|
#correctKey=$(echo ${verifyResult} | grep "using RSA key ${olaoluwaPGP: -16}" -c)
|
|
#echo "correctKey(${correctKey})"
|
|
#if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
|
|
# echo ""
|
|
# echo "!!! BUILD FAILED --> LND PGP Verify not OK / signatute(${goodSignature}) verify(${correctKey})"
|
|
# exit 1
|
|
#fi
|
|
## install
|
|
#sudo -u admin tar -xzf lnd-linux-arm-v${lndVersion}.tar.gz
|
|
#sudo install -m 0755 -o root -g root -t /usr/local/bin lnd-linux-arm-v${lndVersion}/*
|
|
#sleep 3
|
|
#installed=$(sudo -u admin lnd --version | grep "${lndVersion}" -c)
|
|
#if [ ${installed} -lt 1 ]; then
|
|
# echo ""
|
|
# echo "!!! BUILD FAILED --> Was not able to install LND version(${lndVersion})"
|
|
# exit 1
|
|
#fi
|
|
## BUILDING LND FROM SOURCE
|
|
echo "*** Installing Go ***"
|
|
wget https://storage.googleapis.com/golang/go1.10.linux-armv6l.tar.gz
|
|
sudo tar -C /usr/local -xzf go1.10.linux-armv6l.tar.gz
|
|
sudo rm *.gz
|
|
sudo mkdir /usr/local/gocode
|
|
sudo chmod 777 /usr/local/gocode
|
|
export GOROOT=/usr/local/go
|
|
export PATH=$PATH:$GOROOT/bin
|
|
export GOPATH=/usr/local/gocode
|
|
export PATH=$PATH:$GOPATH/bin
|
|
echo "*** Build LND from Source ***"
|
|
go get -d github.com/lightningnetwork/lnd
|
|
cd $GOPATH/src/github.com/lightningnetwork/lnd
|
|
make && make install
|
|
sudo chmod 555 /usr/local/gocode/bin/lncli
|
|
sudo chmod 555 /usr/local/gocode/bin/lnd
|
|
sudo bash -c "echo 'export PATH=$PATH:/usr/local/gocode/bin/' >> /home/admin/.bashrc"
|
|
sudo bash -c "echo 'export PATH=$PATH:/usr/local/gocode/bin/' >> /home/pi/.bashrc"
|
|
sudo bash -c "echo 'export PATH=$PATH:/usr/local/gocode/bin/' >> /home/bitcoin/.bashrc"
|
|
lndVersionCheck=$(lncli --version)
|
|
echo "LND VERSION: ${lndVersionCheck}"
|
|
if [ ${#lndVersionCheck} -eq 0 ]; then
|
|
echo "FAIL - Something went wrong with building LND from source."
|
|
echo "Sometimes it may just be a connection issue. Reset to fresh Rasbian and try again?"
|
|
exit 1
|
|
fi
|
|
echo ""
|
|
echo "** Link to /usr/local/bin ***"
|
|
sudo ln -s /usr/local/gocode/bin/lncli /usr/local/bin/lncli
|
|
sudo ln -s /usr/local/gocode/bin/lnd /usr/local/bin/lnd
|
|
|
|
echo ""
|
|
echo "*** RASPIBLITZ EXTRAS ***"
|
|
|
|
# for setup schell scripts
|
|
sudo apt-get -y install dialog bc
|
|
|
|
# enable copy of blockchain from 2nd HDD formatted with exFAT
|
|
sudo apt-get -y install exfat-fuse
|
|
|
|
# for blockchain torrent download
|
|
sudo apt-get -y install transmission-cli
|
|
|
|
# for background downloading
|
|
sudo apt-get -y install screen
|
|
|
|
# optimization for torrent download
|
|
sudo bash -c "echo 'net.core.rmem_max = 4194304' >> /etc/sysctl.conf"
|
|
sudo bash -c "echo 'net.core.wmem_max = 1048576' >> /etc/sysctl.conf"
|
|
|
|
# *** SHELL SCRIPTS AND ASSETS
|
|
|
|
# move files from gitclone
|
|
cd /home/admin/
|
|
sudo -u admin git clone https://github.com/rootzoll/raspiblitz.git
|
|
sudo -u admin cp /home/admin/raspiblitz/home.admin/*.sh /home/admin
|
|
sudo -u admin chmod +x *.sh
|
|
sudo -u admin cp -r /home/admin/raspiblitz/home.admin/assets /home/admin/
|
|
|
|
# bash aoutstart for admin und pi
|
|
sudo bash -c "echo '# automatically start main menu for admin' >> /home/admin/.bashrc"
|
|
sudo bash -c "echo './00mainMenu.sh' >> /home/admin/.bashrc"
|
|
sudo bash -c "echo '# automatic start the LCD info loop' >> /home/pi/.bashrc"
|
|
sudo bash -c "echo '/home/admin/00infoLCD.sh' >> /home/pi/.bashrc"
|
|
|
|
# create /home/pi/setup.sh - which will get executed after reboot by autologin pi user
|
|
cat > /home/pi/setup.sh <<EOF
|
|
|
|
# make LCD screen rotation correct
|
|
sudo sed --in-place -i "57s/.*/dtoverlay=tft35a:rotate=270/" /boot/config.txt
|
|
|
|
EOF
|
|
sudo chmod +x /home/pi/setup.sh
|
|
|
|
# *** RASPIBLITZ IMAGE READY ***
|
|
echo ""
|
|
echo "**********************************************"
|
|
echo "ALMOST READY"
|
|
echo "**********************************************"
|
|
echo ""
|
|
echo "Your SD Card Image for RaspiBlitz is almost ready."
|
|
echo "Last step is to install LCD drivers. This will reboot your Pi when done."
|
|
echo ""
|
|
echo "Maybe take the chance and look thru the output above if you can spot any errror."
|
|
echo ""
|
|
echo "After final reboot - your SD Card Image is ready."
|
|
echo "Press ENTER to install LCD and reboot ..."
|
|
read key
|
|
|
|
# *** RASPIBLITZ / LCD (at last - because makes a reboot) ***
|
|
# based on https://www.elegoo.com/tutorial/Elegoo%203.5%20inch%20Touch%20Screen%20User%20Manual%20V1.00.2017.10.09.zip
|
|
cd /home/admin/
|
|
sudo apt-mark hold raspberrypi-bootloader
|
|
git clone https://github.com/goodtft/LCD-show.git
|
|
chmod -R 755 LCD-show
|
|
cd LCD-show/
|
|
sudo ./LCD35-show
|