You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
345 lines
12 KiB
345 lines
12 KiB
#!/bin/bash
|
|
#########################################################################
|
|
# Build your SD card image based on:
|
|
# RASPBIAN STRETCH WITH DESKTOP (2018-06-27)
|
|
# https://www.raspberrypi.org/downloads/raspbian/
|
|
# SHA256: 8636ab9fdd8f58a8ec7dde33b83747696d31711d17ef68267dbbcd6cfb968c24
|
|
##########################################################################
|
|
# setup fresh SD card with image above - login per SSH and run this script:
|
|
##########################################################################
|
|
|
|
echo ""
|
|
echo "***************************************"
|
|
echo "* RASPIBLITZ SD CARD IMAGE SETUP v0.5 *"
|
|
echo "***************************************"
|
|
echo ""
|
|
|
|
echo ""
|
|
echo "*** RASPI CONFIG ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#raspi-config
|
|
|
|
# set new default passwort for pi and root user
|
|
echo "root:raspiblitz" | sudo chpasswd
|
|
echo "pi:raspiblitz" | sudo chpasswd
|
|
|
|
# set Raspi to boot up automatically with user pi (for the LCD)
|
|
# https://www.raspberrypi.org/forums/viewtopic.php?t=21632
|
|
sudo raspi-config nonint do_boot_behaviour B2
|
|
sudo bash -c "echo '[Service]' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
|
|
sudo bash -c "echo 'ExecStart=' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
|
|
sudo bash -c "echo 'ExecStart=-/sbin/agetty --autologin pi --noclear %I 38400 linux' >> /etc/systemd/system/getty@tty1.service.d/autologin.conf"
|
|
|
|
# give Raspi a default hostname (optional)
|
|
sudo raspi-config nonint do_hostname "RaspiBlitz"
|
|
|
|
# do memory split (16MB)
|
|
sudo raspi-config nonint do_memory_split 16
|
|
|
|
# set to wait until network is available on boot (0 seems to yes)
|
|
sudo raspi-config nonint do_boot_wait 0
|
|
|
|
# autodetect and set your timezone
|
|
pip install -U tzupdate
|
|
sleep 2
|
|
sudo tzupdate
|
|
|
|
echo ""
|
|
echo "*** SOFTWARE UPDATE ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#software-update
|
|
|
|
# installs like on RaspiBolt
|
|
sudo apt-get update
|
|
sudo apt-get upgrade -f -y --force-yes
|
|
sudo apt-get install -y htop git curl bash-completion jq dphys-swapfile
|
|
|
|
# extra: remove some big packages not needed
|
|
sudo apt-get remove -y --purge libreoffice*
|
|
sudo apt-get clean
|
|
sudo apt-get -y autoremove
|
|
|
|
echo ""
|
|
echo "*** ADDING MAIN USER admin ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#adding-main-user-admin
|
|
# using the default password 'raspiblitz'
|
|
|
|
sudo adduser --disabled-password --gecos "" admin
|
|
echo "admin:raspiblitz" | sudo chpasswd
|
|
sudo adduser admin sudo
|
|
sudo chsh admin -s /bin/bash
|
|
|
|
# configure sudo for usage without password entry
|
|
echo '%sudo ALL=(ALL) NOPASSWD:ALL' | sudo EDITOR='tee -a' visudo
|
|
|
|
echo "*** ADDING SERVICE USER bitcoin"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#adding-the-service-user-bitcoin
|
|
|
|
# create user and set default password for user
|
|
sudo adduser --disabled-password --gecos "" bitcoin
|
|
echo "bitcoin:raspiblitz" | sudo chpasswd
|
|
|
|
echo ""
|
|
echo "*** SWAP FILE ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#moving-the-swap-file
|
|
# but just deactivating and deleting old (will be created alter when user adds HDD)
|
|
|
|
sudo dphys-swapfile swapoff
|
|
sudo dphys-swapfile uninstall
|
|
|
|
echo ""
|
|
echo "*** HARDENING ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#hardening-your-pi
|
|
|
|
# firewall - just install (not configure)
|
|
sudo apt-get install -y ufw
|
|
|
|
# fail2ban (no config required)
|
|
sudo apt-get install -y fail2ban
|
|
|
|
echo ""
|
|
echo "*** INCREASE OPEN FILE LIMIT ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#increase-your-open-files-limit
|
|
|
|
sudo sed --in-place -i "56s/.*/* soft nofile 128000/" /etc/security/limits.conf
|
|
sudo bash -c "echo '* hard nofile 128000' >> /etc/security/limits.conf"
|
|
sudo bash -c "echo 'root soft nofile 128000' >> /etc/security/limits.conf"
|
|
sudo bash -c "echo 'root hard nofile 128000' >> /etc/security/limits.conf"
|
|
sudo bash -c "echo '# End of file' >> /etc/security/limits.conf"
|
|
|
|
sudo sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
|
|
|
|
sudo sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
|
|
sudo bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
|
|
|
|
echo ""
|
|
echo "*** BITCOIN ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_30_bitcoin.md#installation
|
|
|
|
# set version (change if update is available)
|
|
bitcoinVersion="0.16.2"
|
|
laanwjPGP="01EA5486DE18A882D4C2684590C8019E36C2E964"
|
|
|
|
# prepare directories
|
|
sudo -u admin mkdir /home/admin/download
|
|
cd /home/admin/download
|
|
|
|
# download resources
|
|
sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/bitcoin-${bitcoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo -u admin wget https://bitcoin.org/bin/bitcoin-core-${bitcoinVersion}/SHA256SUMS.asc
|
|
sudo -u admin wget https://bitcoin.org/laanwj-releases.asc
|
|
|
|
# test checksum
|
|
checksum=$(sha256sum --check SHA256SUMS.asc --ignore-missing 2>/dev/null | grep '.tar.gz: OK' -c)
|
|
if [ ${checksum} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Bitcoin download checksum not OK"
|
|
exit 1
|
|
fi
|
|
|
|
# check gpg finger print
|
|
fingerprint=$(gpg ./laanwj-releases.asc 2>/dev/null | grep "${laanwjPGP}" -c)
|
|
if [ ${fingerprint} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Bitcoin download PGP author not OK"
|
|
exit 1
|
|
fi
|
|
gpg --import ./laanwj-releases.asc
|
|
verifyResult=$(gpg --verify SHA256SUMS.asc 2>&1)
|
|
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
|
|
echo "goodSignature(${goodSignature})"
|
|
correctKey=$(echo ${verifyResult} | grep "using RSA key ${laanwjPGP: -16}" -c)
|
|
echo "correctKey(${correctKey})"
|
|
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> LND PGP Verify not OK / signatute(${goodSignature}) verify(${correctKey})"
|
|
exit 1
|
|
fi
|
|
|
|
# install
|
|
sudo -u admin tar -xvf bitcoin-${bitcoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-${bitcoinVersion}/bin/*
|
|
sleep 3
|
|
installed=$(sudo -u admin bitcoind --version | grep "${bitcoinVersion}" -c)
|
|
if [ ${installed} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "*** LITECOIN ***"
|
|
# based on https://medium.com/@jason.hcwong/litecoin-lightning-with-raspberry-pi-3-c3b931a82347
|
|
|
|
# set version (change if update is available)
|
|
litecoinVersion="0.16.0"
|
|
cd /home/admin/download
|
|
sudo -u admin wget https://download.litecoin.org/litecoin-${litecoinVersion}/linux/litecoin-${litecoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo -u admin tar -xvf litecoin-${litecoinVersion}-arm-linux-gnueabihf.tar.gz
|
|
sudo install -m 0755 -o root -g root -t /usr/local/bin litecoin-${litecoinVersion}/bin/*
|
|
installed=$(sudo -u admin litecoind --version | grep "${litecoinVersion}" -c)
|
|
if [ ${installed} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Was not able to install litecoind version(${litecoinVersion})"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "*** LND ***"
|
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_40_lnd.md#lightning-lnd
|
|
|
|
lndVersion="0.4.2-beta"
|
|
olaoluwaPGP="65317176B6857F98834EDBE8964EA263DD637C21"
|
|
|
|
# setup public ip service
|
|
getPubliIPScript='' read -r -d '' String <<"EOF"
|
|
#!/bin/bash
|
|
# RaspiBolt LND Mainnet: script to get public ip address
|
|
# /usr/local/bin/getpublicip.sh
|
|
|
|
echo 'getpublicip.sh started, writing public IP address every 10 minutes into /run/publicip'
|
|
while [ 0 ];
|
|
do
|
|
printf "PUBLICIP=$(curl -vv ipinfo.io/ip 2> /run/publicip.log)\n" > /run/publicip;
|
|
sleep 600
|
|
done;
|
|
EOF
|
|
sudo -u admin echo "" > /usr/local/bin/getpublicip.sh
|
|
sudo chmod +x /usr/local/bin/getpublicip.sh
|
|
getPubliIPService='' read -r -d '' String <<"EOF"
|
|
# RaspiBolt LND Mainnet: systemd unit for getpublicip.sh script
|
|
# /etc/systemd/system/getpublicip.service
|
|
|
|
[Unit]
|
|
Description=getpublicip.sh: get public ip address from ipinfo.io
|
|
After=network.target
|
|
|
|
[Service]
|
|
User=root
|
|
Group=root
|
|
Type=simple
|
|
ExecStart=/usr/local/bin/getpublicip.sh
|
|
ExecStartPost=/bin/sleep 5
|
|
Restart=always
|
|
|
|
RestartSec=600
|
|
TimeoutSec=10
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
sudo -u admin echo "" > /etc/systemd/system/getpublicip.service
|
|
sudo systemctl enable getpublicip
|
|
sudo systemctl start getpublicip
|
|
|
|
# get LND resources
|
|
cd /home/admin/download
|
|
sudo -u admin wget https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/lnd-linux-arm-v${lndVersion}.tar.gz
|
|
sudo -u admin wget https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/manifest-v${lndVersion}.txt
|
|
sudo -u admin wget https://github.com/lightningnetwork/lnd/releases/download/v${lndVersion}/manifest-v${lndVersion}.txt.sig
|
|
sudo -u admin wget https://keybase.io/roasbeef/pgp_keys.asc
|
|
|
|
# test checksum
|
|
checksum=$(sha256sum --check manifest-v${lndVersion}.txt --ignore-missing 2>/dev/null | grep '.tar.gz: OK' -c)
|
|
if [ ${checksum} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> LND download checksum not OK"
|
|
exit 1
|
|
fi
|
|
|
|
# check gpg finger print
|
|
fingerprint=$(gpg ./pgp_keys.asc 2>/dev/null | grep "${olaoluwaPGP}" -c)
|
|
if [ ${fingerprint} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> LND download author PGP not OK"
|
|
exit 1
|
|
fi
|
|
gpg --import ./pgp_keys.asc
|
|
verifyResult=$(gpg --verify manifest-v${lndVersion}.txt.sig manifest-v${lndVersion}.txt 2>&1)
|
|
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
|
|
echo "goodSignature(${goodSignature})"
|
|
correctKey=$(echo ${verifyResult} | grep "using RSA key ${olaoluwaPGP: -16}" -c)
|
|
echo "correctKey(${correctKey})"
|
|
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> LND PGP Verify not OK / signatute(${goodSignature}) verify(${correctKey})"
|
|
exit 1
|
|
fi
|
|
|
|
# install
|
|
sudo -u admin tar -xzf lnd-linux-arm-v${lndVersion}.tar.gz
|
|
sudo install -m 0755 -o root -g root -t /usr/local/bin lnd-linux-arm-v${lndVersion}/*
|
|
sleep 3
|
|
installed=$(sudo -u admin lnd --version | grep "${lndVersion}" -c)
|
|
if [ ${installed} -lt 1 ]; then
|
|
echo ""
|
|
echo "!!! BUILD FAILED --> Was not able to install LND version(${lndVersion})"
|
|
exit 1
|
|
fi
|
|
|
|
echo ""
|
|
echo "*** RASPIBLITZ EXTRAS ***"
|
|
|
|
# for setup schell scripts
|
|
sudo apt-get -y install dialog bc
|
|
|
|
# enable copy of blockchain from 2nd HDD formatted with exFAT
|
|
sudo apt-get -y install exfat-fuse
|
|
|
|
# for blockchain torrent download
|
|
sudo apt-get -y install transmission-cli
|
|
|
|
# for background downloading
|
|
sudo apt-get -y install screen
|
|
|
|
# optimization for torrent download
|
|
sudo bash -c "echo 'net.core.rmem_max = 4194304' >> /etc/sysctl.conf"
|
|
sudo bash -c "echo 'net.core.wmem_max = 1048576' >> /etc/sysctl.conf"
|
|
|
|
# *** SHELL SCRIPTS AND ASSETS
|
|
|
|
# move files from gitclone
|
|
cd /home/admin/
|
|
sudo -u admin git clone https://github.com/rootzoll/raspiblitz.git
|
|
sudo -u admin cp /home/admin/raspiblitz/home.admin/*.sh /home/admin
|
|
sudo -u admin chmod +x *.sh
|
|
sudo -u admin cp -r /home/admin/raspiblitz/home.admin/assets /home/admin/
|
|
|
|
# bash aoutstart for admin und pi
|
|
sudo bash -c "echo '# automatically start main menu for admin' >> /home/admin/.bashrc"
|
|
sudo bash -c "echo './00mainMenu.sh' >> /home/admin/.bashrc"
|
|
sudo bash -c "echo '# automatic start the LCD info loop' >> /home/pi/.bashrc"
|
|
sudo bash -c "echo '/home/admin/00infoLCD.sh' >> /home/pi/.bashrc"
|
|
|
|
# create /home/pi/setup.sh - which will get executed after reboot by autologin pi user
|
|
afterSetupScript='' read -r -d '' String <<"EOF"
|
|
|
|
# make LCD screen rotation correct
|
|
sudo sed --in-place -i "57s/.*/dtoverlay=tft35a:rotate=270/" /boot/config.txt
|
|
|
|
EOF
|
|
echo '${afterSetupScript}' > /home/pi/setup.sh
|
|
sudo shmod +x /home/pi/setup.sh
|
|
|
|
|
|
# *** RASPIBLITZ IMAGE READY ***
|
|
echo ""
|
|
echo "**********************************************"
|
|
echo "ALMOST READY"
|
|
echo "**********************************************"
|
|
echo ""
|
|
echo "Your SD Card Image for RaspiBlitz is almost ready."
|
|
echo "Last step is to install LCD drivers. This will reboot your Pi when done."
|
|
echo ""
|
|
echo "Maybe take the chance and look thru the output above if you can spot any errror."
|
|
echo ""
|
|
echo "After final reboot - your SD Card Image is ready."
|
|
echo "Press ENTER to install LCD and reboot ..."
|
|
read key
|
|
|
|
# *** RASPIBLITZ / LCD (at last - because makes a reboot) ***
|
|
# based on https://www.elegoo.com/tutorial/Elegoo%203.5%20inch%20Touch%20Screen%20User%20Manual%20V1.00.2017.10.09.zip
|
|
cd /home/admin/
|
|
sudo apt-mark hold raspberrypi-bootloader
|
|
git clone https://github.com/goodtft/LCD-show.git
|
|
chmod -R 755 LCD-show
|
|
cd LCD-show/
|
|
sudo ./LCD35-show
|