crowetic/arrr-scripts
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
arrr-scripts/README.md
T
crowetic f253c46b7a added updated README
2025-12-29 11:34:04 -08:00

43 lines
2.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# ARRR Scripts
This repository contains helper tooling to bootstrap the Pirate Chain daemon stack and expose an `ARRRwallet` friendly gRPC endpoint. The primary entry point is `setup-arrr-lightwalletd.sh`, which compiles the upstream projects, configures systemd services, and (optionally) wires nginx/Certbot for TLS termination and gRPC proxying.
## What the script does
- Installs development/runtime dependencies, Go, and cloning `Pirate` plus `lightwalletd`.
- Builds Pirate Chain (`pirated`) and `lightwalletd`, links them under `/usr/local/bin`, and writes a `PIRATE.conf` for RPC access.
- Sets up nginx when you pass `--hostname`:
- First writes a minimal HTTP-only nginx site serving `/.well-known/acme-challenge/` so Certbot can start without certs.
- Requests certificates via `certbot certonly --webroot`, then rewrites the nginx site with the full HTTPS/gRPC proxy block (including `/etc/letsencrypt` includes and gRPC headers).
- Ensures nginx is tested and reloaded after each stage.
- Creates systemd units for `pirated` and `lited` (the lightwalletd binary), wiring logs, data directories, and capabilities.
- If you opt out of nginx, the script runs `lited` with the provided TLS cert/key (or `--no-tls-very-insecure` when not supplied) directly on the host.
## Usage
```sh
./setup-arrr-lightwalletd.sh \
--hostname <your-domain> \
--email admin@example.com \
--lets-encrypt \
--bind-addr 127.0.0.1:9067 \
--http-bind-addr 127.0.0.1:9068 \
--data-dir /var/lib/lightwalletd
```
- `--hostname` enables nginx/Certbot and proxies `127.0.0.1:9067` (or your `--bind-addr`) over gRPC.
- `--lets-encrypt` pairs with `--email` so `certbot certonly --webroot` can obtain certs. The script keeps nginx challenge locations intact while the final config relies on `/etc/letsencrypt/live/<hostname>`.
- Without `--hostname`, nginx isnt installed and `lited` runs with the TLS arguments you provide (`--tls-cert`/`--tls-key`) or falls back to `--no-tls-very-insecure`.
- `--go-version`, `--data-dir`, and bind addresses are all optional overrides. The defaults are documented in the script.
## After the run
- `systemctl status pirated lited` shows the daemon status; logs live under `/var/log/lited`.
- `sudo certbot certificates` confirms the issued certificate for your hostname.
- Lets Encrypt installs its own renew timer, so nothing else is required for automatic renewal.
## Troubleshooting
- If nginx reports `host` variable errors, ensure the generated config keeps `\$host`/`\$request_uri` escaped; the script already does this in the heredoc.
- You can rerun the script after DNS is live—Certbots webroot challenge will reuse the shared `/var/www/certbot` directory and nginx rewrites happen in-place.
Reference in New Issue View Git Blame Copy Permalink