_bc_user=bitcoin _bc_group=bitcoin post_install() { _mkuser _mkssl # disable Copy-On-Write (btrfs directories only) for _dir in /srv/bitcoin; do _is_btrfs "$_dir" && _disable_cow "$_dir" done chown -R $_bc_user:$_bc_group /etc/bitcoin /srv/bitcoin printf "%b\n" "$bitcoin" } post_upgrade() { _mkuser chown -R $_bc_user:$_bc_group /etc/bitcoin /srv/bitcoin printf "%b\n" "$bitcoin" } post_remove() { _rmuser rm -rf /srv/bitcoin } # ------------------------------------------------------------------------------ # helper functions for creating bitcoin-core user / group # ------------------------------------------------------------------------------ _mkuser() { getent passwd $_bc_user &>/dev/null || { echo -n "Creating bitcoin user... " grep -E "^$_bc_group:" /etc/group >/dev/null || groupadd $_bc_group useradd -m -d /etc/bitcoin -g $_bc_group -s /usr/bin/nologin $_bc_user 2>/dev/null echo "done" } } _rmuser() { echo -n "Removing bitcoin user... " userdel -rf $_bc_user 2>/dev/null echo "done" } # ------------------------------------------------------------------------------ # helper function for enabling SSL in bitcoin-core # ------------------------------------------------------------------------------ _mkssl() { echo -n "Enabling SSL..." # https://en.bitcoin.it/wiki/Enabling_SSL_on_original_client_daemon mkdir -p /{etc,srv}/bitcoin openssl genrsa -out /etc/bitcoin/server.pem 2048 expect < /etc/bitcoin/server.cert spawn openssl req -new -x509 -nodes -sha1 -days 3650 -key /etc/bitcoin/server.pem expect "Country*" { send "\r" } expect "State*" { send "\r" } expect "Locality*" { send "\r" } expect "Organization*" { send "\r" } expect "Organizational*" { send "\r" } expect "Common*" { send "\r" } expect "Email*" { send "\r" } expect eof EOF echo "done" } # ------------------------------------------------------------------------------ # helper functions for disabling btrfs Copy-On-Write (CoW) # https://wiki.archlinux.org/index.php/Btrfs#Copy-On-Write_.28CoW.29 # ------------------------------------------------------------------------------ # check if dir is btrfs _is_btrfs() { if [[ $(findmnt --target $1 --output FSTYPE --noheadings) == 'btrfs' ]]; then return 0 else return 1 fi } # disable btrfs CoW _chattrify() { # original dir, with trailing slash stripped if it exists _orig_dir=$( echo "$1" | sed 's@/$@@' ) # if original dir exists, back it up [[ -d "$1" ]] && mv "$1" "${_orig_dir}"_old # re-make original dir mkdir -p "$1" # set permissions on re-made dir chmod "$2" "$1" # disable btrfs CoW on re-made dir chattr +C "$1" # recursive copy to restore backed up dir while maintaining disabled CoW [[ -d "${_orig_dir}"_old ]] \ && find "${_orig_dir}"_old -mindepth 1 -maxdepth 1 -exec cp -R '{}' "$1" \; # set ownership on re-made dir chown -R $3:$4 "$1" # purge backed up dir [[ -d "${_orig_dir}"_old ]] && rm -rf "${_orig_dir}"_old } _disable_cow() { _chattrify "$1" "700" "$_bc_user" "$_bc_group" } read -d '' bitcoin <<'EOF' ######################################################################## ######################################################################## ## ## ## Bitcoin Core ## ## ____________ ## ## ## ## To start bitcoin-core: ## ## ## ## # systemctl start bitcoind ## ## ## ## To communicate with bitcoin-core as a normal user: ## ## ## ## $ mkdir -p ~/.bitcoin ## ## $ cat > ~/.bitcoin/bitcoin.conf <<'EOF' ## ## rpcconnect=127.0.0.1 ## ## rpcport=8332 ## ## rpcuser=bitcoin ## ## rpcpassword=secret ## ## rpcssl=1 ## ## EOF ## ## ## ## $ bitcoin-cli getmininginfo ## ## ## ## Config: /etc/bitcoin/bitcoin.conf ## ## Blockchain: /var/lib/bitcoind ## ## Documentation: /usr/share/doc/bitcoin ## ## ## ######################################################################## ######################################################################## EOF