crowetic/arrr-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
arrr-scripts/README.md
T
crowetic f253c46b7a added updated README
2025-12-29 11:34:04 -08:00

2.7 KiB
Raw Permalink Blame History

ARRR Scripts

This repository contains helper tooling to bootstrap the Pirate Chain daemon stack and expose an ARRRwallet friendly gRPC endpoint. The primary entry point is setup-arrr-lightwalletd.sh, which compiles the upstream projects, configures systemd services, and (optionally) wires nginx/Certbot for TLS termination and gRPC proxying.

What the script does

  • Installs development/runtime dependencies, Go, and cloning Pirate plus lightwalletd.
  • Builds Pirate Chain (pirated) and lightwalletd, links them under /usr/local/bin, and writes a PIRATE.conf for RPC access.
  • Sets up nginx when you pass --hostname:
    • First writes a minimal HTTP-only nginx site serving /.well-known/acme-challenge/ so Certbot can start without certs.
    • Requests certificates via certbot certonly --webroot, then rewrites the nginx site with the full HTTPS/gRPC proxy block (including /etc/letsencrypt includes and gRPC headers).
    • Ensures nginx is tested and reloaded after each stage.
  • Creates systemd units for pirated and lited (the lightwalletd binary), wiring logs, data directories, and capabilities.
  • If you opt out of nginx, the script runs lited with the provided TLS cert/key (or --no-tls-very-insecure when not supplied) directly on the host.

Usage

./setup-arrr-lightwalletd.sh \
  --hostname <your-domain> \
  --email admin@example.com \
  --lets-encrypt \
  --bind-addr 127.0.0.1:9067 \
  --http-bind-addr 127.0.0.1:9068 \
  --data-dir /var/lib/lightwalletd
  • --hostname enables nginx/Certbot and proxies 127.0.0.1:9067 (or your --bind-addr) over gRPC.
  • --lets-encrypt pairs with --email so certbot certonly --webroot can obtain certs. The script keeps nginx challenge locations intact while the final config relies on /etc/letsencrypt/live/<hostname>.
  • Without --hostname, nginx isnt installed and lited runs with the TLS arguments you provide (--tls-cert/--tls-key) or falls back to --no-tls-very-insecure.
  • --go-version, --data-dir, and bind addresses are all optional overrides. The defaults are documented in the script.

After the run

  • systemctl status pirated lited shows the daemon status; logs live under /var/log/lited.
  • sudo certbot certificates confirms the issued certificate for your hostname.
  • Lets Encrypt installs its own renew timer, so nothing else is required for automatic renewal.

Troubleshooting

  • If nginx reports host variable errors, ensure the generated config keeps \$host/\$request_uri escaped; the script already does this in the heredoc.
  • You can rerun the script after DNS is live—Certbots webroot challenge will reuse the shared /var/www/certbot directory and nginx rewrites happen in-place.
Reference in New Issue View Git Blame Copy Permalink