counterweight/personal_infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

bitcoin node stuff

Browse source
This commit is contained in:
counterweight 2025-12-14 18:52:36 +01:00
parent 2893bb77cd
commit 8863f800bf
Signed by: counterweight
GPG key ID: 883EDBAA726BD96C
8 changed files with 573 additions and 206 deletions
Download patch file Download diff file Expand all files Collapse all files

96
ansible/services/bitcoin-knots/deploy_bitcoin_knots_playbook.yml
View file

@ -137,7 +137,6 @@
changed_when: false
when: not bitcoind_binary_exists.stat.exists
- name: Download SHA256SUMS file
get_url:
url: "https://bitcoinknots.org/files/{{ bitcoin_version_major }}.x/{{ bitcoin_knots_version_short }}/SHA256SUMS"
@ -156,7 +155,7 @@
command: gpg --verify /tmp/bitcoin-knots-{{ bitcoin_knots_version_short }}-SHA256SUMS.asc /tmp/bitcoin-knots-{{ bitcoin_knots_version_short }}-SHA256SUMS
register: sha256sums_verification
changed_when: false
failed_when: sha256sums_verification.rc != 0
failed_when: false # Don't fail here - check for 'Good signature' in next task
when: not bitcoind_binary_exists.stat.exists
@ -260,6 +259,7 @@
-DCMAKE_INSTALL_PREFIX={{ bitcoin_build_prefix }}
-DBUILD_BITCOIN_WALLET=OFF
-DCMAKE_BUILD_TYPE=Release
-DWITH_ZMQ=ON
..
args:
chdir: "{{ bitcoin_knots_source_dir }}/build"
@ -267,6 +267,15 @@
register: configure_result
changed_when: true
- name: Verify CMake enabled ZMQ
shell: |
set -e
cd "{{ bitcoin_knots_source_dir }}/build"
cmake -LAH .. | grep -iE 'ZMQ|WITH_ZMQ|ENABLE_ZMQ|USE_ZMQ'
when: not bitcoind_binary_exists.stat.exists and cmake_exists.stat.exists | default(false)
register: zmq_check
changed_when: false
- name: Fail if CMakeLists.txt not found
fail:
msg: "CMakeLists.txt not found in {{ bitcoin_knots_source_dir }}. Cannot build Bitcoin Knots."
@ -336,7 +345,7 @@
rpcpassword={{ bitcoin_rpc_password }}
rpcbind={{ bitcoin_rpc_bind }}
rpcport={{ bitcoin_rpc_port }}
rpcallowip=127.0.0.1
rpcallowip=0.0.0.0/0
# Network Configuration
listen=1
@ -351,14 +360,17 @@
txindex=1
{% endif %}
# Pruning (optional)
{% if bitcoin_enable_prune %}
prune={{ bitcoin_enable_prune }}
{% endif %}
# Logging
# Logging (to journald via systemd)
logtimestamps=1
logfile={{ bitcoin_data_dir }}/debug.log
printtoconsole=1
# ZMQ Configuration
{% if bitcoin_zmq_enabled | default(false) %}
zmqpubrawblock={{ bitcoin_zmq_bind }}:{{ bitcoin_zmq_port_rawblock }}
zmqpubrawtx={{ bitcoin_zmq_bind }}:{{ bitcoin_zmq_port_rawtx }}
zmqpubhashblock={{ bitcoin_zmq_bind }}:{{ bitcoin_zmq_port_hashblock }}
zmqpubhashtx={{ bitcoin_zmq_bind }}:{{ bitcoin_zmq_port_hashtx }}
{% endif %}
# Security
disablewallet=1
@ -427,33 +439,6 @@
debug:
msg: "Bitcoin Knots RPC is {{ 'available' if rpc_check.status == 200 else 'not yet available' }}"
- name: Allow Bitcoin P2P port on Tailscale interface only
ufw:
rule: allow
direction: in
port: "{{ bitcoin_p2p_port }}"
proto: tcp
interface: "{{ bitcoin_tailscale_interface }}"
comment: "Bitcoin Knots P2P (Tailscale only)"
- name: Allow Bitcoin P2P port (UDP) on Tailscale interface only
ufw:
rule: allow
direction: in
port: "{{ bitcoin_p2p_port }}"
proto: udp
interface: "{{ bitcoin_tailscale_interface }}"
comment: "Bitcoin Knots P2P UDP (Tailscale only)"
- name: Verify UFW rules for Bitcoin Knots
command: ufw status numbered
register: ufw_status
changed_when: false
- name: Display UFW status
debug:
msg: "{{ ufw_status.stdout_lines }}"
- name: Create Bitcoin Knots health check and push script
copy:
dest: /usr/local/bin/bitcoin-knots-healthcheck-push.sh
@ -480,11 +465,12 @@
"http://${RPC_HOST}:${RPC_PORT}" 2>&1)
if [ $? -eq 0 ]; then
# Check if response contains error
if echo "$response" | grep -q '"error"'; then
return 1
else
# Check if response contains a non-null error
# Successful responses have "error": null, failures have "error": {...}
if echo "$response" | grep -q '"error":null\|"error": null'; then
return 0
else
return 1
fi
else
return 1
@ -501,11 +487,14 @@
return 1
fi
# URL encode the message
local encoded_msg=$(echo -n "$msg" | curl -Gso /dev/null -w %{url_effective} --data-urlencode "msg=$msg" "" | cut -c 3-)
# URL encode spaces in message
local encoded_msg="${msg// /%20}"
curl -s --max-time 10 --retry 2 -o /dev/null \
"${UPTIME_KUMA_PUSH_URL}?status=${status}&msg=${encoded_msg}&ping=" || true
if ! curl -s --max-time 10 --retry 2 -o /dev/null \
"${UPTIME_KUMA_PUSH_URL}?status=${status}&msg=${encoded_msg}&ping="; then
echo "ERROR: Failed to push to Uptime Kuma"
return 1
fi
}
# Main health check
@ -630,14 +619,14 @@
if existing_monitor:
print(f"Monitor '{monitor_name}' already exists (ID: {existing_monitor['id']})")
# Get push URL from existing monitor
push_id = existing_monitor.get('push_token', existing_monitor.get('id'))
push_url = f"{url}/api/push/{push_id}"
push_token = existing_monitor.get('pushToken') or existing_monitor.get('push_token')
if not push_token:
raise ValueError("Could not find push token for monitor")
push_url = f"{url}/api/push/{push_token}"
print(f"Push URL: {push_url}")
print("Skipping - monitor already configured")
else:
print(f"Creating push monitor '{monitor_name}'...")
result = api.add_monitor(
api.add_monitor(
type=MonitorType.PUSH,
name=monitor_name,
parent=group['id'],
@ -646,12 +635,13 @@
retryInterval=60,
notificationIDList={ntfy_notification_id: True} if ntfy_notification_id else {}
)
# Get push URL from created monitor
monitors = api.get_monitors()
new_monitor = next((m for m in monitors if m.get('name') == monitor_name), None)
if new_monitor:
push_id = new_monitor.get('push_token', new_monitor.get('id'))
push_url = f"{url}/api/push/{push_id}"
push_token = new_monitor.get('pushToken') or new_monitor.get('push_token')
if not push_token:
raise ValueError("Could not find push token for new monitor")
push_url = f"{url}/api/push/{push_token}"
print(f"Push URL: {push_url}")
api.disconnect()