add vps scripts for reference

This commit is contained in:
woodser 2023-11-12 07:14:59 -05:00
parent a47290bac7
commit 280ed484e7
11 changed files with 222 additions and 2 deletions

View file

@ -128,7 +128,7 @@ Arbitrators can be started in a Screen session and then detached to run in the b
Some good hints about how to secure a VPS are in [Monero's meta repository](https://github.com/monero-project/meta/blob/master/SERVER_SETUP_HARDENING.md).
TODO: gather and document scripts for VPS management
To run Monero and Haveno binaries as system services, scripts are available for reference in [scripts/deployment](scripts/deployment).
## Send alerts to update the application
@ -170,7 +170,7 @@ Arbitrators can manually sign payment accounts. First open the legacy UI.
1. Go to Account > `ctrl + i` > `ctrl + o`.
## Other operating tips
## Other tips
* Avoid all seed nodes going offline at the same time. If all seed nodes go offline at the same time, arbitrator registration and the network filter will be fully reset, so all arbitrators will need to be re-registered, and the network filter will need to be recreated. This should be done immediately or clients will cancel their offers due to the signing arbitrators being unregistered and no replacements being available to re-sign.
* If a dispute does not open properly, try manually reopening the dispute with a keyboard shortcut: `ctrl + o`.

View file

@ -0,0 +1 @@
JAVA_OPTS="-XX:+ExitOnOutOfMemoryError"

View file

@ -0,0 +1,22 @@
[Unit]
Description=Haveno Price Node
After=network.target
[Service]
SyslogIdentifier=haveno-pricenode
EnvironmentFile=/etc/default/haveno-pricenode.env
ExecStart=/home/haveno-pricenode/haveno-pricenode/haveno-pricenode 2
ExecStop=/bin/kill -TERM ${MAINPID}
Restart=on-failure
User=haveno-pricenode
Group=haveno-pricenode
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=false
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,36 @@
[Unit]
Description=Haveno seednode
After=network.target
[Service]
User=haveno
Group=haveno
SyslogIdentifier=Haveno-Seednode
ExecStart=/bin/sh /home/haveno/haveno/haveno-seednode --baseCurrencyNetwork=XMR_STAGENET\
--useLocalhostForP2P=false\
--useDevPrivilegeKeys=false\
--nodePort=2002\
--appName=haveno-XMR_STAGENET_Seed_2002\
# --logLevel=trace\
--xmrNode=http://127.0.0.1:38088\
--xmrNodeUsername=admin\
--xmrNodePassword=password
ExecStop=/bin/kill ${MAINPID}
Restart=always
# Hardening
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=false
ProtectControlGroups=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
# limit memory usage to 2gb
LimitRSS=2000000000
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,36 @@
[Unit]
Description=Haveno seednode 2
After=network.target
[Service]
User=haveno
Group=haveno
SyslogIdentifier=Haveno-Seednode2
ExecStart=/bin/sh /home/haveno/haveno/haveno-seednode --baseCurrencyNetwork=XMR_STAGENET\
--useLocalhostForP2P=false\
--useDevPrivilegeKeys=false\
--nodePort=3003\
--appName=haveno-XMR_STAGENET_Seed_3003\
# --logLevel=trace\
--xmrNode=http://127.0.0.1:38088\
--xmrNodeUsername=admin\
--xmrNodePassword=password
ExecStop=/bin/kill ${MAINPID}
Restart=always
# Hardening
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=false
ProtectControlGroups=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
# limit memory usage to 2gb
LimitRSS=2000000000
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,26 @@
[Unit]
Description=Monero stagenet node
After=network.target
[Service]
User=monero-stagenet
Group=monero-stagenet
Type=simple
ExecStart=/home/monero-stagenet/monerod --config-file /home/monero-stagenet/shared-stagenet.conf --non-interactive
SyslogIdentifier=stagenet-node
Restart=always
# Hardening
PrivateTmp=true
#ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=false
ProtectControlGroups=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
# limit memory usage to 4gb
LimitRSS=4000000000
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,20 @@
stagenet=1
data-dir=/home/monero-stagenet/private-stagenet/
log-file=/home/monero-stagenet/logs/
p2p-bind-ip=0.0.0.0
p2p-bind-port=38079
hide-my-port=1
no-zmq=1
# RPC
#rpc-bind-ip=136.244.105.131
rpc-bind-ip=127.0.0.1
rpc-bind-port=38088
rpc-login=admin:password
confirm-external-bind=1
restricted-rpc=0 # must be unrestricted for arbitrator
no-igd=1
# second vps peer
add-priority-node=45.63.8.26:38080

View file

@ -0,0 +1,26 @@
[Unit]
Description=Private stagenet node
After=network.target
[Service]
User=monero-stagenet
Group=monero-stagenet
Type=simple
ExecStart=/home/monero-stagenet/monerod --config-file /home/monero-stagenet/private-stagenet.conf --non-interactive
SyslogIdentifier=private-stagenet-node
Restart=always
# Hardening
PrivateTmp=true
#ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=false
ProtectControlGroups=true
ProtectKernelTunables=true
RestrictSUIDSGID=true
# limit memory usage to 4gb
LimitRSS=4000000000
[Install]
WantedBy=multi-user.target

View file

@ -0,0 +1,17 @@
#!/bin/bash
#
# Start arbitrator daemon on Monero's stagenet (Haveno testnet)
runArbitrator() {
./haveno-daemon --baseCurrencyNetwork=XMR_STAGENET \
--useLocalhostForP2P=false \
--useDevPrivilegeKeys=false \
--nodePort=7777 \
--appName=haveno-XMR_STAGENET_arbitrator \
--xmrNode=http://127.0.0.1:38088 \
--xmrNodeUsername=admin \
--xmrNodePassword=password
}
cd /home/haveno/haveno && \
runArbitrator

View file

@ -0,0 +1,17 @@
#!/bin/bash
#
# Start arbitrator GUI on Monero's stagenet (Haveno testnet)
runArbitrator() {
./haveno-desktop --baseCurrencyNetwork=XMR_STAGENET \
--useLocalhostForP2P=false \
--useDevPrivilegeKeys=false \
--nodePort=7777 \
--appName=haveno-XMR_STAGENET_arbitrator \
--xmrNode=http://127.0.0.1:38088 \
--xmrNodeUsername=admin \
--xmrNodePassword=password
}
cd /home/haveno/haveno && \
runArbitrator

View file

@ -0,0 +1,19 @@
stagenet=1
data-dir=/home/monero-stagenet/shared-stagenet/
log-file=/home/monero-stagenet/logs/
p2p-bind-ip=0.0.0.0
p2p-bind-port=38080
#hide-my-port=1
no-zmq=1
# RPC
#rpc-bind-ip=136.244.105.131
rpc-bind-ip=0.0.0.0
rpc-bind-port=38081
confirm-external-bind=1
restricted-rpc=1
no-igd=1
# second vps peer
#add-peer=70.34.196.88:38080