From 280ed484e70a3152038c305be9d2f258d71a5e0c Mon Sep 17 00:00:00 2001 From: woodser Date: Sun, 12 Nov 2023 07:14:59 -0500 Subject: [PATCH] add vps scripts for reference --- docs/deployment-guide.md | 4 +-- scripts/deployment/haveno-pricenode.env | 1 + scripts/deployment/haveno-pricenode.service | 22 +++++++++++++ scripts/deployment/haveno-seednode.service | 36 +++++++++++++++++++++ scripts/deployment/haveno-seednode2.service | 36 +++++++++++++++++++++ scripts/deployment/monero-stagenet.service | 26 +++++++++++++++ scripts/deployment/private-stagenet.conf | 20 ++++++++++++ scripts/deployment/private-stagenet.service | 26 +++++++++++++++ scripts/deployment/run-arbitrator-daemon.sh | 17 ++++++++++ scripts/deployment/run-arbitrator-gui.sh | 17 ++++++++++ scripts/deployment/shared-stagenet.conf | 19 +++++++++++ 11 files changed, 222 insertions(+), 2 deletions(-) create mode 100644 scripts/deployment/haveno-pricenode.env create mode 100644 scripts/deployment/haveno-pricenode.service create mode 100644 scripts/deployment/haveno-seednode.service create mode 100644 scripts/deployment/haveno-seednode2.service create mode 100644 scripts/deployment/monero-stagenet.service create mode 100644 scripts/deployment/private-stagenet.conf create mode 100644 scripts/deployment/private-stagenet.service create mode 100644 scripts/deployment/run-arbitrator-daemon.sh create mode 100644 scripts/deployment/run-arbitrator-gui.sh create mode 100644 scripts/deployment/shared-stagenet.conf diff --git a/docs/deployment-guide.md b/docs/deployment-guide.md index 77fd66b9c8..2d980c6a63 100644 --- a/docs/deployment-guide.md +++ b/docs/deployment-guide.md @@ -128,7 +128,7 @@ Arbitrators can be started in a Screen session and then detached to run in the b Some good hints about how to secure a VPS are in [Monero's meta repository](https://github.com/monero-project/meta/blob/master/SERVER_SETUP_HARDENING.md). -TODO: gather and document scripts for VPS management +To run Monero and Haveno binaries as system services, scripts are available for reference in [scripts/deployment](scripts/deployment). ## Send alerts to update the application @@ -170,7 +170,7 @@ Arbitrators can manually sign payment accounts. First open the legacy UI. 1. Go to Account > `ctrl + i` > `ctrl + o`. -## Other operating tips +## Other tips * Avoid all seed nodes going offline at the same time. If all seed nodes go offline at the same time, arbitrator registration and the network filter will be fully reset, so all arbitrators will need to be re-registered, and the network filter will need to be recreated. This should be done immediately or clients will cancel their offers due to the signing arbitrators being unregistered and no replacements being available to re-sign. * If a dispute does not open properly, try manually reopening the dispute with a keyboard shortcut: `ctrl + o`. diff --git a/scripts/deployment/haveno-pricenode.env b/scripts/deployment/haveno-pricenode.env new file mode 100644 index 0000000000..7c52bdd4f5 --- /dev/null +++ b/scripts/deployment/haveno-pricenode.env @@ -0,0 +1 @@ +JAVA_OPTS="-XX:+ExitOnOutOfMemoryError" \ No newline at end of file diff --git a/scripts/deployment/haveno-pricenode.service b/scripts/deployment/haveno-pricenode.service new file mode 100644 index 0000000000..aa595924e8 --- /dev/null +++ b/scripts/deployment/haveno-pricenode.service @@ -0,0 +1,22 @@ +[Unit] +Description=Haveno Price Node +After=network.target + +[Service] +SyslogIdentifier=haveno-pricenode +EnvironmentFile=/etc/default/haveno-pricenode.env +ExecStart=/home/haveno-pricenode/haveno-pricenode/haveno-pricenode 2 +ExecStop=/bin/kill -TERM ${MAINPID} +Restart=on-failure + +User=haveno-pricenode +Group=haveno-pricenode + +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/haveno-seednode.service b/scripts/deployment/haveno-seednode.service new file mode 100644 index 0000000000..3e7ced652c --- /dev/null +++ b/scripts/deployment/haveno-seednode.service @@ -0,0 +1,36 @@ +[Unit] +Description=Haveno seednode +After=network.target + +[Service] +User=haveno +Group=haveno +SyslogIdentifier=Haveno-Seednode + +ExecStart=/bin/sh /home/haveno/haveno/haveno-seednode --baseCurrencyNetwork=XMR_STAGENET\ + --useLocalhostForP2P=false\ + --useDevPrivilegeKeys=false\ + --nodePort=2002\ + --appName=haveno-XMR_STAGENET_Seed_2002\ +# --logLevel=trace\ + --xmrNode=http://127.0.0.1:38088\ + --xmrNodeUsername=admin\ + --xmrNodePassword=password + +ExecStop=/bin/kill ${MAINPID} +Restart=always + +# Hardening +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 2gb +LimitRSS=2000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/haveno-seednode2.service b/scripts/deployment/haveno-seednode2.service new file mode 100644 index 0000000000..d5937f2a69 --- /dev/null +++ b/scripts/deployment/haveno-seednode2.service @@ -0,0 +1,36 @@ +[Unit] +Description=Haveno seednode 2 +After=network.target + +[Service] +User=haveno +Group=haveno +SyslogIdentifier=Haveno-Seednode2 + +ExecStart=/bin/sh /home/haveno/haveno/haveno-seednode --baseCurrencyNetwork=XMR_STAGENET\ + --useLocalhostForP2P=false\ + --useDevPrivilegeKeys=false\ + --nodePort=3003\ + --appName=haveno-XMR_STAGENET_Seed_3003\ +# --logLevel=trace\ + --xmrNode=http://127.0.0.1:38088\ + --xmrNodeUsername=admin\ + --xmrNodePassword=password + +ExecStop=/bin/kill ${MAINPID} +Restart=always + +# Hardening +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 2gb +LimitRSS=2000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/monero-stagenet.service b/scripts/deployment/monero-stagenet.service new file mode 100644 index 0000000000..177076c5ce --- /dev/null +++ b/scripts/deployment/monero-stagenet.service @@ -0,0 +1,26 @@ +[Unit] +Description=Monero stagenet node +After=network.target + +[Service] +User=monero-stagenet +Group=monero-stagenet +Type=simple +ExecStart=/home/monero-stagenet/monerod --config-file /home/monero-stagenet/shared-stagenet.conf --non-interactive +SyslogIdentifier=stagenet-node +Restart=always + +# Hardening +PrivateTmp=true +#ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 4gb +LimitRSS=4000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/private-stagenet.conf b/scripts/deployment/private-stagenet.conf new file mode 100644 index 0000000000..5f06c80925 --- /dev/null +++ b/scripts/deployment/private-stagenet.conf @@ -0,0 +1,20 @@ +stagenet=1 +data-dir=/home/monero-stagenet/private-stagenet/ +log-file=/home/monero-stagenet/logs/ +p2p-bind-ip=0.0.0.0 +p2p-bind-port=38079 +hide-my-port=1 +no-zmq=1 + +# RPC +#rpc-bind-ip=136.244.105.131 +rpc-bind-ip=127.0.0.1 +rpc-bind-port=38088 +rpc-login=admin:password + +confirm-external-bind=1 +restricted-rpc=0 # must be unrestricted for arbitrator +no-igd=1 + +# second vps peer +add-priority-node=45.63.8.26:38080 \ No newline at end of file diff --git a/scripts/deployment/private-stagenet.service b/scripts/deployment/private-stagenet.service new file mode 100644 index 0000000000..5b9c871483 --- /dev/null +++ b/scripts/deployment/private-stagenet.service @@ -0,0 +1,26 @@ +[Unit] +Description=Private stagenet node +After=network.target + +[Service] +User=monero-stagenet +Group=monero-stagenet +Type=simple +ExecStart=/home/monero-stagenet/monerod --config-file /home/monero-stagenet/private-stagenet.conf --non-interactive +SyslogIdentifier=private-stagenet-node +Restart=always + +# Hardening +PrivateTmp=true +#ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 4gb +LimitRSS=4000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/run-arbitrator-daemon.sh b/scripts/deployment/run-arbitrator-daemon.sh new file mode 100644 index 0000000000..229a03508a --- /dev/null +++ b/scripts/deployment/run-arbitrator-daemon.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Start arbitrator daemon on Monero's stagenet (Haveno testnet) + +runArbitrator() { + ./haveno-daemon --baseCurrencyNetwork=XMR_STAGENET \ + --useLocalhostForP2P=false \ + --useDevPrivilegeKeys=false \ + --nodePort=7777 \ + --appName=haveno-XMR_STAGENET_arbitrator \ + --xmrNode=http://127.0.0.1:38088 \ + --xmrNodeUsername=admin \ + --xmrNodePassword=password +} + +cd /home/haveno/haveno && \ +runArbitrator \ No newline at end of file diff --git a/scripts/deployment/run-arbitrator-gui.sh b/scripts/deployment/run-arbitrator-gui.sh new file mode 100644 index 0000000000..12d09d41f7 --- /dev/null +++ b/scripts/deployment/run-arbitrator-gui.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Start arbitrator GUI on Monero's stagenet (Haveno testnet) + +runArbitrator() { + ./haveno-desktop --baseCurrencyNetwork=XMR_STAGENET \ + --useLocalhostForP2P=false \ + --useDevPrivilegeKeys=false \ + --nodePort=7777 \ + --appName=haveno-XMR_STAGENET_arbitrator \ + --xmrNode=http://127.0.0.1:38088 \ + --xmrNodeUsername=admin \ + --xmrNodePassword=password +} + +cd /home/haveno/haveno && \ +runArbitrator \ No newline at end of file diff --git a/scripts/deployment/shared-stagenet.conf b/scripts/deployment/shared-stagenet.conf new file mode 100644 index 0000000000..b149949e53 --- /dev/null +++ b/scripts/deployment/shared-stagenet.conf @@ -0,0 +1,19 @@ +stagenet=1 +data-dir=/home/monero-stagenet/shared-stagenet/ +log-file=/home/monero-stagenet/logs/ +p2p-bind-ip=0.0.0.0 +p2p-bind-port=38080 +#hide-my-port=1 +no-zmq=1 + +# RPC +#rpc-bind-ip=136.244.105.131 +rpc-bind-ip=0.0.0.0 +rpc-bind-port=38081 + +confirm-external-bind=1 +restricted-rpc=1 +no-igd=1 + +# second vps peer +#add-peer=70.34.196.88:38080 \ No newline at end of file