diff --git a/docs/deployment-guide.md b/docs/deployment-guide.md index 77fd66b9..2d980c6a 100644 --- a/docs/deployment-guide.md +++ b/docs/deployment-guide.md @@ -128,7 +128,7 @@ Arbitrators can be started in a Screen session and then detached to run in the b Some good hints about how to secure a VPS are in [Monero's meta repository](https://github.com/monero-project/meta/blob/master/SERVER_SETUP_HARDENING.md). -TODO: gather and document scripts for VPS management +To run Monero and Haveno binaries as system services, scripts are available for reference in [scripts/deployment](scripts/deployment). ## Send alerts to update the application @@ -170,7 +170,7 @@ Arbitrators can manually sign payment accounts. First open the legacy UI. 1. Go to Account > `ctrl + i` > `ctrl + o`. -## Other operating tips +## Other tips * Avoid all seed nodes going offline at the same time. If all seed nodes go offline at the same time, arbitrator registration and the network filter will be fully reset, so all arbitrators will need to be re-registered, and the network filter will need to be recreated. This should be done immediately or clients will cancel their offers due to the signing arbitrators being unregistered and no replacements being available to re-sign. * If a dispute does not open properly, try manually reopening the dispute with a keyboard shortcut: `ctrl + o`. diff --git a/scripts/deployment/haveno-pricenode.env b/scripts/deployment/haveno-pricenode.env new file mode 100644 index 00000000..7c52bdd4 --- /dev/null +++ b/scripts/deployment/haveno-pricenode.env @@ -0,0 +1 @@ +JAVA_OPTS="-XX:+ExitOnOutOfMemoryError" \ No newline at end of file diff --git a/scripts/deployment/haveno-pricenode.service b/scripts/deployment/haveno-pricenode.service new file mode 100644 index 00000000..aa595924 --- /dev/null +++ b/scripts/deployment/haveno-pricenode.service @@ -0,0 +1,22 @@ +[Unit] +Description=Haveno Price Node +After=network.target + +[Service] +SyslogIdentifier=haveno-pricenode +EnvironmentFile=/etc/default/haveno-pricenode.env +ExecStart=/home/haveno-pricenode/haveno-pricenode/haveno-pricenode 2 +ExecStop=/bin/kill -TERM ${MAINPID} +Restart=on-failure + +User=haveno-pricenode +Group=haveno-pricenode + +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/haveno-seednode.service b/scripts/deployment/haveno-seednode.service new file mode 100644 index 00000000..3e7ced65 --- /dev/null +++ b/scripts/deployment/haveno-seednode.service @@ -0,0 +1,36 @@ +[Unit] +Description=Haveno seednode +After=network.target + +[Service] +User=haveno +Group=haveno +SyslogIdentifier=Haveno-Seednode + +ExecStart=/bin/sh /home/haveno/haveno/haveno-seednode --baseCurrencyNetwork=XMR_STAGENET\ + --useLocalhostForP2P=false\ + --useDevPrivilegeKeys=false\ + --nodePort=2002\ + --appName=haveno-XMR_STAGENET_Seed_2002\ +# --logLevel=trace\ + --xmrNode=http://127.0.0.1:38088\ + --xmrNodeUsername=admin\ + --xmrNodePassword=password + +ExecStop=/bin/kill ${MAINPID} +Restart=always + +# Hardening +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 2gb +LimitRSS=2000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/haveno-seednode2.service b/scripts/deployment/haveno-seednode2.service new file mode 100644 index 00000000..d5937f2a --- /dev/null +++ b/scripts/deployment/haveno-seednode2.service @@ -0,0 +1,36 @@ +[Unit] +Description=Haveno seednode 2 +After=network.target + +[Service] +User=haveno +Group=haveno +SyslogIdentifier=Haveno-Seednode2 + +ExecStart=/bin/sh /home/haveno/haveno/haveno-seednode --baseCurrencyNetwork=XMR_STAGENET\ + --useLocalhostForP2P=false\ + --useDevPrivilegeKeys=false\ + --nodePort=3003\ + --appName=haveno-XMR_STAGENET_Seed_3003\ +# --logLevel=trace\ + --xmrNode=http://127.0.0.1:38088\ + --xmrNodeUsername=admin\ + --xmrNodePassword=password + +ExecStop=/bin/kill ${MAINPID} +Restart=always + +# Hardening +PrivateTmp=true +ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 2gb +LimitRSS=2000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/monero-stagenet.service b/scripts/deployment/monero-stagenet.service new file mode 100644 index 00000000..177076c5 --- /dev/null +++ b/scripts/deployment/monero-stagenet.service @@ -0,0 +1,26 @@ +[Unit] +Description=Monero stagenet node +After=network.target + +[Service] +User=monero-stagenet +Group=monero-stagenet +Type=simple +ExecStart=/home/monero-stagenet/monerod --config-file /home/monero-stagenet/shared-stagenet.conf --non-interactive +SyslogIdentifier=stagenet-node +Restart=always + +# Hardening +PrivateTmp=true +#ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 4gb +LimitRSS=4000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/private-stagenet.conf b/scripts/deployment/private-stagenet.conf new file mode 100644 index 00000000..5f06c809 --- /dev/null +++ b/scripts/deployment/private-stagenet.conf @@ -0,0 +1,20 @@ +stagenet=1 +data-dir=/home/monero-stagenet/private-stagenet/ +log-file=/home/monero-stagenet/logs/ +p2p-bind-ip=0.0.0.0 +p2p-bind-port=38079 +hide-my-port=1 +no-zmq=1 + +# RPC +#rpc-bind-ip=136.244.105.131 +rpc-bind-ip=127.0.0.1 +rpc-bind-port=38088 +rpc-login=admin:password + +confirm-external-bind=1 +restricted-rpc=0 # must be unrestricted for arbitrator +no-igd=1 + +# second vps peer +add-priority-node=45.63.8.26:38080 \ No newline at end of file diff --git a/scripts/deployment/private-stagenet.service b/scripts/deployment/private-stagenet.service new file mode 100644 index 00000000..5b9c8714 --- /dev/null +++ b/scripts/deployment/private-stagenet.service @@ -0,0 +1,26 @@ +[Unit] +Description=Private stagenet node +After=network.target + +[Service] +User=monero-stagenet +Group=monero-stagenet +Type=simple +ExecStart=/home/monero-stagenet/monerod --config-file /home/monero-stagenet/private-stagenet.conf --non-interactive +SyslogIdentifier=private-stagenet-node +Restart=always + +# Hardening +PrivateTmp=true +#ProtectSystem=full +NoNewPrivileges=true +PrivateDevices=true +MemoryDenyWriteExecute=false +ProtectControlGroups=true +ProtectKernelTunables=true +RestrictSUIDSGID=true +# limit memory usage to 4gb +LimitRSS=4000000000 + +[Install] +WantedBy=multi-user.target \ No newline at end of file diff --git a/scripts/deployment/run-arbitrator-daemon.sh b/scripts/deployment/run-arbitrator-daemon.sh new file mode 100644 index 00000000..229a0350 --- /dev/null +++ b/scripts/deployment/run-arbitrator-daemon.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Start arbitrator daemon on Monero's stagenet (Haveno testnet) + +runArbitrator() { + ./haveno-daemon --baseCurrencyNetwork=XMR_STAGENET \ + --useLocalhostForP2P=false \ + --useDevPrivilegeKeys=false \ + --nodePort=7777 \ + --appName=haveno-XMR_STAGENET_arbitrator \ + --xmrNode=http://127.0.0.1:38088 \ + --xmrNodeUsername=admin \ + --xmrNodePassword=password +} + +cd /home/haveno/haveno && \ +runArbitrator \ No newline at end of file diff --git a/scripts/deployment/run-arbitrator-gui.sh b/scripts/deployment/run-arbitrator-gui.sh new file mode 100644 index 00000000..12d09d41 --- /dev/null +++ b/scripts/deployment/run-arbitrator-gui.sh @@ -0,0 +1,17 @@ +#!/bin/bash +# +# Start arbitrator GUI on Monero's stagenet (Haveno testnet) + +runArbitrator() { + ./haveno-desktop --baseCurrencyNetwork=XMR_STAGENET \ + --useLocalhostForP2P=false \ + --useDevPrivilegeKeys=false \ + --nodePort=7777 \ + --appName=haveno-XMR_STAGENET_arbitrator \ + --xmrNode=http://127.0.0.1:38088 \ + --xmrNodeUsername=admin \ + --xmrNodePassword=password +} + +cd /home/haveno/haveno && \ +runArbitrator \ No newline at end of file diff --git a/scripts/deployment/shared-stagenet.conf b/scripts/deployment/shared-stagenet.conf new file mode 100644 index 00000000..b149949e --- /dev/null +++ b/scripts/deployment/shared-stagenet.conf @@ -0,0 +1,19 @@ +stagenet=1 +data-dir=/home/monero-stagenet/shared-stagenet/ +log-file=/home/monero-stagenet/logs/ +p2p-bind-ip=0.0.0.0 +p2p-bind-port=38080 +#hide-my-port=1 +no-zmq=1 + +# RPC +#rpc-bind-ip=136.244.105.131 +rpc-bind-ip=0.0.0.0 +rpc-bind-port=38081 + +confirm-external-bind=1 +restricted-rpc=1 +no-igd=1 + +# second vps peer +#add-peer=70.34.196.88:38080 \ No newline at end of file