From 4eb8152c67b7257b2e317c4ff6e0e918766bac3a Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Sat, 20 Apr 2024 15:59:59 +0200 Subject: [PATCH 1/9] add full config --- defaults/main.yml | 17 ++- templates/bitcoin.conf.j2 | 239 ++++++++++++++++++++++++++++++++++---- 2 files changed, 230 insertions(+), 26 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index 4517920..b746240 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -7,6 +7,12 @@ bitcoind_group: bitcoin bitcoind_version: 26.0 bitcoind_arch: x86_64-linux-gnu +# Serve JOSN-RPC +bitcoind_server: true + +# Wallet +bitcoind_disablewallet: false + # Bitcoin GPG public keys. Name must match the ones found in # this link https://github.com/bitcoin-core/guix.sigs. The ID of each # user can be found here https://github.com/bitcoin/bitcoin/blob/23.x/contrib/builder-keys/keys.txt @@ -38,7 +44,12 @@ bitcoind_rpc_allow_ips: # to receive raw block and transaction updates. bitcoind_zmq_host: 127.0.0.1 -bitcoind_use_onion: false -bitcoind_onion_proxy: 127.0.0.1:9050 -bitcoind_onion_nodes: [] # see: https://bitnodes.io/nodes/?q=Tor%20network +bitcoind_proxy: 127.0.0.1:9050 + +bitcoind_nodes: [] + # For clearnet, see: https://bitnodes.io/nodes/?q=Tor%20network + # - 82.101.236.91:8333 + # For Tor, see: https://bitnodes.io/nodes/?q=Tor%20network # - tsr2f2pjzvkjn32gt6dnfjzmgbbq6kjj62d3jgedwx4qr2ku3tb7pvqd.onion:8333 + +bitcoind_use_onion: false diff --git a/templates/bitcoin.conf.j2 b/templates/bitcoin.conf.j2 index 02e5ffa..9337214 100644 --- a/templates/bitcoin.conf.j2 +++ b/templates/bitcoin.conf.j2 @@ -1,35 +1,228 @@ +## +## bitcoin.conf configuration file. Lines beginning with # are comments. +## + +# Network-related settings: + +# Note that if you use testnet, signet or regtest, particularly with the options +# addnode, connect, port, bind, rpcport, rpcbind or wallet, you will also +# want to read "[Sections]" further down. + +# Run on the testnet network +#testnet=0 + +# Run on a signet network +#signet=0 + +# Run a regression test network +#regtest=0 + +# Connect via a SOCKS5 proxy +#proxy=127.0.0.1:9050 +{% if bitcoind_proxy %} +proxy={{ bitcoind_proxy }} +{% endif %} + +# Bind to given address and always listen on it. Use [host]:port notation for IPv6 +#bind= +bind={{ bitcoind_bind }} + +# Bind to given address and add permission flags to peers connecting to it. Use [host]:port notation for IPv6 +#whitebind=perm@ + +############################################################## +## Quick Primer on addnode vs connect ## +## Let's say for instance you use addnode=4.2.2.4 ## +## addnode will connect you to and tell you about the ## +## nodes connected to 4.2.2.4. In addition it will tell ## +## the other nodes connected to it that you exist so ## +## they can connect to you. ## +## connect will not do the above when you 'connect' to it. ## +## It will *only* connect you to 4.2.2.4 and no one else.## +## ## +## So if you're behind a firewall, or have other problems ## +## finding nodes, add some using 'addnode'. ## +## ## +## If you want to stay private, use 'connect' to only ## +## connect to "trusted" nodes. ## +## ## +## If you run multiple nodes on a LAN, there's no need for ## +## all of them to open lots of connections. Instead ## +## 'connect' them all to one node that is port forwarded ## +## and has lots of connections. ## +## Thanks goes to [Noodle] on Freenode. ## +############################################################## + +# Use as many addnode= settings as you like to connect to specific peers +#addnode=69.164.218.197 +#addnode=10.0.0.2:8333 +{% for item in bitcoind_nodes %} +addnode={{ item }} +{% endfor %} + +# Alternatively use as many connect= settings as you like to connect ONLY to specific peers +#connect=69.164.218.197 +#connect=10.0.0.1:8333 + +# Listening mode, enabled by default except when 'connect' is being used +#listen=1 +listen=1 + +# Port on which to listen for connections (default: 8333, testnet: 18333, signet: 38333, regtest: 18444) +#port= + +# Maximum number of inbound + outbound connections (default: 125). This option +# applies only if inbound connections are enabled; otherwise, the number of connections +# will not be more than 11: 8 full-relay connections, 2 block-relay-only ones, and +# occasionally 1 short-lived feeler or extra outbound block-relay-only connection. +# These limits do not apply to connections added manually with the -addnode +# configuration option or the addnode RPC, which have a separate limit of 8 connections. +#maxconnections= + +# Maximum upload bandwidth target in MiB per day (e.g. 'maxuploadtarget=1024' is 1 GiB per day). +# This limits the upload bandwidth for those with bandwidth limits. 0 = no limit (default: 0). +# -maxuploadtarget does not apply to peers with 'download' permission. +# For more information on reducing bandwidth utilization, see: doc/reduce-traffic.md. +#maxuploadtarget= + +# +# JSON-RPC options (for controlling a running Bitcoin/bitcoind process) +# + +# server=1 tells Bitcoin-Qt and bitcoind to accept JSON-RPC commands +#server=0 +{% if bitcoind_server %} +server=1 +{% endif %} + +# Bind to given address to listen for JSON-RPC connections. +# Refer to the manpage or bitcoind -help for further details. +#rpcbind= +rpcbind={{ bitcoind_rpc_bind }} + +# If no rpcpassword is set, rpc cookie auth is sought. The default `-rpccookiefile` name +# is .cookie and found in the `-datadir` being used for bitcoind. This option is typically used +# when the server and client are run as the same user. +# +# If not, you must set rpcuser and rpcpassword to secure the JSON-RPC API. +# +# The config option `rpcauth` can be added to server startup argument. It is set at initialization time +# using the output from the script in share/rpcauth/rpcauth.py after providing a username: +# +# ./share/rpcauth/rpcauth.py alice +# String to be appended to bitcoin.conf: +# rpcauth=alice:f7efda5c189b999524f151318c0c86$d5b51b3beffbc02b724e5d095828e0bc8b2456e9ac8757ae3211a5d9b16a22ae +# Your password: +# DONT_USE_THIS_YOU_WILL_GET_ROBBED_8ak1gI25KFTvjovL3gAM967mies3E= +# +# On client-side, you add the normal user/password pair to send commands: +#rpcuser=alice +#rpcpassword=DONT_USE_THIS_YOU_WILL_GET_ROBBED_8ak1gI25KFTvjovL3gAM967mies3E= +# +# You can even add multiple entries of these to the server conf file, and client can use any of them: +# rpcauth=bob:b2dd077cb54591a2f3139e69a897ac$4e71f08d48b4347cf8eff3815c0e25ae2e9a4340474079f55705f40574f4ec99 +rpcauth={{ bitcoind_rpc_auth }} + +# How many seconds bitcoin will wait for a complete RPC HTTP request. +# after the HTTP connection is established. +#rpcclienttimeout=30 + +# By default, only RPC connections from localhost are allowed. +# Specify as many rpcallowip= settings as you like to allow connections from other hosts, +# either as a single IPv4/IPv6 or with a subnet specification. + +# NOTE: opening up the RPC port to hosts outside your local trusted network is NOT RECOMMENDED, +# because the rpcpassword is transmitted over the network unencrypted. + +# server=1 tells Bitcoin-Qt to accept JSON-RPC commands. +# it is also read by bitcoind to determine if RPC should be enabled +#rpcallowip=10.1.1.34/255.255.255.0 +#rpcallowip=1.2.3.4/24 +#rpcallowip=2001:db8:85a3:0:0:8a2e:370:7334/96 +{% for item in bitcoind_rpc_allow_ips %} +rpcallowip={{ item }} +{% endfor %} + +# Listen for RPC connections on this TCP port: +#rpcport=8332 +rpcport={{ bitcoind_rpc_port }} + +# You can use Bitcoin or bitcoind to send commands to Bitcoin/bitcoind +# running on another host using this option: +#rpcconnect=127.0.0.1 + +# Wallet options + +# Specify where to find wallet, lockfile and logs. If not present, those files will be +# created as new. +#wallet= + +# Create transactions that have enough fees so they are likely to begin confirmation within n blocks (default: 6). +# This setting is over-ridden by the -paytxfee option. +#txconfirmtarget=n + +# Pay a transaction fee every time you send bitcoins. +#paytxfee=0.000x + +# Miscellaneous options + +# Pre-generate this many public/private key pairs, so wallet backups will be valid for +# both prior transactions and several dozen future transactions. +#keypool=100 + +# Maintain coinstats index used by the gettxoutsetinfo RPC (default: 0). +#coinstatsindex=1 + +# Enable pruning to reduce storage requirements by deleting old blocks. +# This mode is incompatible with -txindex and -coinstatsindex. +# 0 = default (no pruning). +# 1 = allows manual pruning via RPC. +# >=550 = target to stay under in MiB. +#prune=550 + +# User interface options + +# Start Bitcoin minimized +#min=1 + +# Minimize to the system tray +#minimizetotray=1 + +# [Sections] +# Most options apply to mainnet, testnet, signet and regtest. +# If you want to confine an option to just one network, you should add it in the +# relevant section below. +# EXCEPTIONS: The options addnode, connect, port, bind, rpcport, rpcbind and wallet +# only apply to mainnet unless they appear in the appropriate section below. + +# Options only for mainnet +#[main] + +# Options only for testnet +#[test] + +# Options only for signet +#[signet] + +# Options only for regtest +#[regtest] + +# Misc/Undocumented Settings chain={{ bitcoind_network }} pid=/run/bitcoind/{{ bitcoind_network }}/bitcoind.pid datadir={{ bitcoind_data_dir }} +{% if bitcoind_use_onion %} +onlynet=onion +{% endif %} + daemon=1 -server=1 txindex=1 + whitelist=127.0.0.1 -{% if bitcoind_use_onion %} -onlynet=onion -proxy={{ bitcoind_onion_proxy }} -listen=1 -{% for item in bitcoind_onion_nodes %} -addnode={{ item }} -{% endfor %} -{% endif %} +disablewallet={{ 1 if bitcoind_disablewallet else 0 }} zmqpubrawblock=tcp://{{ bitcoind_zmq_host }}:28332 zmqpubrawtx=tcp://{{ bitcoind_zmq_host }}:28333 zmqpubhashblock=tcp://{{ bitcoind_zmq_host }}:28332 - -[{{ bitcoind_network }}] -bind={{ bitcoind_bind }} -rpcbind={{ bitcoind_rpc_bind }} -rpcport={{ bitcoind_rpc_port }} -{% for item in bitcoind_rpc_allow_ips %} -rpcallowip={{ item }} -{% endfor %} -{% if bitcoind_rpc_auth %} -rpcauth={{ bitcoind_rpc_auth }} -{% else %} -rpcuser={{ bitcoind_rpc_user }} -rpcpassword={{ bitcoind_rpc_password }} -{% endif %} From eb5c991fee65405076b339d54e8f2b7af0cdd63c Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Sat, 20 Apr 2024 16:01:23 +0200 Subject: [PATCH 2/9] default to v27 --- README.md | 22 +++++++++++----------- defaults/main.yml | 2 +- molecule/default/verify.yml | 2 +- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 636526a..863e8e6 100644 --- a/README.md +++ b/README.md @@ -20,7 +20,7 @@ This role requires a user with `sudo` permissions to work properly. List of officially supported operating systems: | ID | Name | Status | -|--------------|--------------|--------------------| +| ------------ | ------------ | ------------------ | | `ubuntu2004` | Ubuntu 20.04 | :white_check_mark: | | `ubuntu2204` | Ubuntu 22.04 | :white_check_mark: | @@ -64,12 +64,12 @@ the operating system ID mentioned in the requirements table. You can change some variables to install this role to fit your needs. The default values to install the Bitcoin node are the following ones: -| Name | Value | -|---------------------|----------------------| -| `bitcoind_user` | `bitcoin` | -| `bitcoind_group` | `bitcoin` | -| `bitcoind_version` | `26.0` | -| `bitcoind_arch` | `x86_64-linux-gnu` | +| Name | Value | +| ------------------ | ------------------ | +| `bitcoind_user` | `bitcoin` | +| `bitcoind_group` | `bitcoin` | +| `bitcoind_version` | `27.0` | +| `bitcoind_arch` | `x86_64-linux-gnu` | > If you want to install Bitcoin into a Raspberry you need to change the architecture to `aarch64-linux-gnu`. @@ -99,10 +99,10 @@ By default, this installer uses `gpg` to verify the integrity and signature of t behaviour is controlled by the `bitcoind_pgp_builders_pub_key` field. The content of this structure and default values are the following: -| Name | ID | -|--------------|----------------------------------------------| -| `laanwj` | `71A3B16735405025D447E8F274810B012346C9A6` | -| `fanquake` | `E777299FC265DD04793070EB944D35F9AC3DB76A` | +| Name | ID | +| ---------- | ------------------------------------------ | +| `laanwj` | `71A3B16735405025D447E8F274810B012346C9A6` | +| `fanquake` | `E777299FC265DD04793070EB944D35F9AC3DB76A` | If you only want to verify with one user, you should use something like this: diff --git a/defaults/main.yml b/defaults/main.yml index b746240..15f5df4 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -4,7 +4,7 @@ bitcoind_user: bitcoin bitcoind_group: bitcoin # Bitcoin binary information -bitcoind_version: 26.0 +bitcoind_version: 27.0 bitcoind_arch: x86_64-linux-gnu # Serve JOSN-RPC diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index 668cee3..a1b4d04 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -4,7 +4,7 @@ become: true gather_facts: false vars: - bitcoind_version: 26.0 + bitcoind_version: 27.0 tasks: - name: "Retrieve information from /usr/local/bitcoin-core-{{ bitcoind_version }}" From 5312fdfc21f59642e893a875806844778a27c331 Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Sat, 20 Apr 2024 16:02:41 +0200 Subject: [PATCH 3/9] add bitnodes.io setup as reference --- docs/bitnodes-setup.sh | 764 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 764 insertions(+) create mode 100644 docs/bitnodes-setup.sh diff --git a/docs/bitnodes-setup.sh b/docs/bitnodes-setup.sh new file mode 100644 index 0000000..f2e2d49 --- /dev/null +++ b/docs/bitnodes-setup.sh @@ -0,0 +1,764 @@ +#!/bin/sh + +############################################################################### +# +# install-full-node.sh +# +# This is the install script for Bitcoin full node based on Bitcoin Core. +# +# *** SCRIPT AVAILABILITY ***************************************************** +# +# This script is available from: +# https://bitnodes.io/install-full-node.sh +# +# Checksum file: +# https://bitnodes.io/install-full-node.sh.sha256sum +# +# Signed checksum file: +# https://bitnodes.io/install-full-node.sh.sha256sum.asc +# +# *** SCRIPT VERIFICATION ***************************************************** +# +# To verify the integrity of install-full-node.sh: +# +# Skip step 1 to 3 if you have already imported Bitnodes GPG public key. +# +# 1) Download Bitnodes GPG public key from https://bitnodes.io/bitnodes.gpg +# +# $ wget https://bitnodes.io/bitnodes.gpg +# +# 2) Check that the key ID matches E6F70B39916272508FBDEAB7A92FB2B8A33B9C42 +# +# $ gpg --show-keys bitnodes.gpg +# +# pub rsa4096 2023-05-21 [SC] +# E6F70B39916272508FBDEAB7A92FB2B8A33B9C42 +# uid Bitnodes +# sub rsa4096 2023-05-21 [E] +# +# 3) If the key ID matches, continue to import the key. If it doesn't match, +# please contact info@bitnodes.io. +# +# $ gpg --import bitnodes.gpg +# +# gpg: key A92FB2B8A33B9C42: public key "Bitnodes " imported +# gpg: Total number processed: 1 +# gpg: imported: 1 +# +# 4) Download the checksum files for install-full-node.sh +# +# $ wget https://bitnodes.io/install-full-node.sh.sha256sum.asc https://bitnodes.io/install-full-node.sh.sha256sum +# +# 5) Verify the checksum of install-full-node.sh +# +# $ gpg --verify install-full-node.sh.sha256sum.asc && sha256sum -c install-full-node.sh.sha256sum +# +# gpg: assuming signed data in 'install-full-node.sh.sha256sum' +# gpg: Signature made Sun 21 May 2023 03:44:13 AM UTC +# gpg: using RSA key E6F70B39916272508FBDEAB7A92FB2B8A33B9C42 +# gpg: issuer "info@bitnodes.io" +# gpg: Good signature from "Bitnodes " [unknown] +# gpg: WARNING: This key is not certified with a trusted signature! +# gpg: There is no indication that the signature belongs to the owner. +# Primary key fingerprint: E6F7 0B39 9162 7250 8FBD EAB7 A92F B2B8 A33B 9C42 +# install-full-node.sh: OK +# +# *** SCRIPT USAGE ************************************************************ +# +# This script attempts to make your node automatically reachable by other nodes +# in the network. This is done by using uPnP to open port 8333 on your router +# to accept incoming connections to port 8333 and route the connections to your +# node running inside your local network. +# +# For security reason, wallet functionality is not enabled by default. +# +# Supported OS: Linux, Mac OS X, BSD, Windows (Windows Subsystem for Linux) +# Supported platforms: x86, x86_64, ARM +# +# Usage: +# +# Open your terminal and type: +# $ curl https://bitnodes.io/install-full-node.sh | sh +# +# Bitcoin Core will be installed using binaries provided by bitcoincore.org. +# +# If the binaries for your system are not available, the installer will attempt +# to build and install Bitcoin Core from source. +# +# All files will be installed into $HOME/bitcoin-core directory. Layout of this +# directory after the installation is shown below: +# +# Source files: +# $HOME/bitcoin-core/bitcoin/ +# +# Binaries: +# $HOME/bitcoin-core/bin/ +# +# Configuration file: +# $HOME/bitcoin-core/.bitcoin/bitcoin.conf +# +# Blockchain data files: +# $HOME/bitcoin-core/.bitcoin/blocks +# $HOME/bitcoin-core/.bitcoin/chainstate +# +# Need help? Contact info@bitnodes.io +# +############################################################################### + +REPO_URL="https://github.com/bitcoin/bitcoin.git" + +# See https://github.com/bitcoin/bitcoin/tags for latest version. +VERSION=26.0 + +TARGET_DIR=$HOME/bitcoin-core +PORT=8333 + +BUILD=0 +UNINSTALL=0 + +BLUE='\033[94m' +GREEN='\033[32;1m' +YELLOW='\033[33;1m' +RED='\033[91;1m' +RESET='\033[0m' + +ARCH=$(uname -m) +SYSTEM=$(uname -s) +MAKE="make" +if [ "$SYSTEM" = "FreeBSD" ]; then + MAKE="gmake" +fi +SUDO="" + +usage() { + cat <] [-t ] [-p ] [-b] [-u] + +-h + Print usage. + +-v + Version of Bitcoin Core to install. + Default: $VERSION + +-t + Target directory for source files and binaries. + Default: $HOME/bitcoin-core + +-p + Bitcoin Core listening port. + Default: $PORT + +-b + Build and install Bitcoin Core from source. + Default: $BUILD + +-u + Uninstall Bitcoin Core. + +EOF +} + +print_info() { + printf "$BLUE$1$RESET\n" +} + +print_success() { + printf "$GREEN$1$RESET\n" + sleep 1 +} + +print_warning() { + printf "$YELLOW$1$RESET\n" +} + +print_error() { + printf "$RED$1$RESET\n" + sleep 1 +} + +print_start() { + print_info "Start date: $(date)" +} + +print_end() { + print_info "\nEnd date: $(date)" +} + +print_readme() { + cat < /dev/null 2>&1 + return $? +} + +create_target_dir() { + if [ ! -d "$TARGET_DIR" ]; then + print_info "\nCreating target directory: $TARGET_DIR" + mkdir -p $TARGET_DIR + fi +} + +init_system_install() { + if [ $(id -u) -ne 0 ]; then + if program_exists "sudo"; then + SUDO="sudo" + print_info "\nInstalling required system packages.." + else + print_error "\nsudo program is required to install system packages. Please install sudo as root and rerun this script as normal user." + exit 1 + fi + fi +} + +install_miniupnpc() { + print_info "Installing miniupnpc from source.." + $SUDO rm -rf miniupnpc-2.2.4 miniupnpc-2.2.4.tar.gz && + wget -q http://miniupnp.free.fr/files/miniupnpc-2.2.4.tar.gz -O miniupnpc-2.2.4.tar.gz && \ + tar xzf miniupnpc-2.2.4.tar.gz && \ + cd miniupnpc-2.2.4 && \ + $SUDO $MAKE install > build.out 2>&1 && \ + cd .. && \ + $SUDO rm -rf miniupnpc-2.2.4 miniupnpc-2.2.4.tar.gz +} + +install_debian_build_dependencies() { + $SUDO apt-get update + $SUDO apt-get install -y \ + automake \ + autotools-dev \ + build-essential \ + curl \ + git \ + libboost-all-dev \ + libevent-dev \ + libminiupnpc-dev \ + libssl-dev \ + libtool \ + pkg-config +} + +# This applies also for Fedora distribution. +install_centos_build_dependencies() { + $SUDO yum install -y \ + automake \ + boost-devel \ + curl \ + gcc-c++ \ + git \ + libevent-devel \ + libtool \ + make \ + openssl-devel \ + wget + install_miniupnpc + echo '/usr/lib' | $SUDO tee /etc/ld.so.conf.d/miniupnpc-x86.conf > /dev/null && $SUDO ldconfig +} + +install_archlinux_build_dependencies() { + $SUDO pacman -S --noconfirm \ + automake \ + boost \ + curl \ + git \ + libevent \ + libtool \ + miniupnpc \ + openssl +} + +install_alpine_build_dependencies() { + $SUDO apk update + $SUDO apk add \ + autoconf \ + automake \ + boost-dev \ + build-base \ + curl \ + git \ + libevent-dev \ + libtool \ + openssl-dev + install_miniupnpc +} + +install_mac_build_dependencies() { + if ! program_exists "gcc"; then + print_info "When the popup appears, click 'Install' to install the XCode Command Line Tools." + xcode-select --install + fi + + if ! program_exists "brew"; then + /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)" + fi + + brew install \ + --c++11 \ + automake \ + boost \ + libevent \ + libtool \ + miniupnpc \ + openssl \ + pkg-config +} + +install_freebsd_build_dependencies() { + $SUDO pkg install -y \ + autoconf \ + automake \ + boost-libs \ + curl \ + git \ + gmake \ + libevent \ + libtool \ + miniupnpc \ + openssl \ + pkgconf \ + wget +} + +install_build_dependencies() { + init_system_install + case "$SYSTEM" in + Linux) + if program_exists "apt-get"; then + install_debian_build_dependencies + elif program_exists "yum"; then + install_centos_build_dependencies + elif program_exists "pacman"; then + install_archlinux_build_dependencies + elif program_exists "apk"; then + install_alpine_build_dependencies + else + print_error "\nSorry, your system is not supported by this installer." + exit 1 + fi + ;; + Darwin) + install_mac_build_dependencies + ;; + FreeBSD) + install_freebsd_build_dependencies + ;; + *) + print_error "\nSorry, your system is not supported by this installer." + exit 1 + ;; + esac +} + +build_bitcoin_core() { + cd $TARGET_DIR + + if [ ! -d "$TARGET_DIR/bitcoin" ]; then + print_info "\nDownloading Bitcoin Core source files.." + git clone --quiet $REPO_URL + fi + + cxxflags="" + ldflags="" + if [ "$SYSTEM" = "Linux" ]; then + ram_kb=$(grep MemTotal /proc/meminfo | awk '{print $2}') + if [ $ram_kb -lt 1500000 ]; then + # Tune gcc to use less memory on single board computers. + cxxflags="--param ggc-min-expand=1 --param ggc-min-heapsize=32768" + fi + fi + if [ "$SYSTEM" = "FreeBSD" ]; then + cxxflags="-I/usr/local/include" + ldflags="-L/usr/local/lib" + fi + + print_info "\nBuilding Bitcoin Core v$VERSION" + print_info "Build output: $TARGET_DIR/bitcoin/build.out" + print_info "This can take up to an hour or more.." + rm -f build.out + cd bitcoin && + git fetch > build.out 2>&1 && + git checkout "v$VERSION" 1>> build.out 2>&1 && + git clean -f -d -x 1>> build.out 2>&1 && + ./autogen.sh 1>> build.out 2>&1 && + ./configure \ + CXXFLAGS="$cxxflags" \ + LDFLAGS="$ldflags" \ + --disable-maintainer-mode \ + --without-gui \ + --with-miniupnpc \ + --disable-wallet \ + --disable-tests \ + --enable-upnp-default \ + 1>> build.out 2>&1 && + $MAKE 1>> build.out 2>&1 + + if [ ! -f "$TARGET_DIR/bitcoin/src/bitcoind" ]; then + print_error "Build failed. See $TARGET_DIR/bitcoin/build.out" + exit 1 + fi +} + +get_bin_url() { + url="https://bitcoincore.org/bin/bitcoin-core-$VERSION" + case "$SYSTEM" in + Linux) + if program_exists "apk"; then + echo "" + elif [ "$ARCH" = "armv7l" ]; then + url="$url/bitcoin-$VERSION-arm-linux-gnueabihf.tar.gz" + echo "$url" + else + url="$url/bitcoin-$VERSION-$ARCH-linux-gnu.tar.gz" + echo "$url" + fi + ;; + Darwin) + url="$url/bitcoin-$VERSION-$ARCH-apple-darwin.tar.gz" + echo "$url" + ;; + FreeBSD) + echo "" + ;; + *) + echo "" + ;; + esac +} + +download_bin() { + checksum_url="https://bitcoincore.org/bin/bitcoin-core-$VERSION/SHA256SUMS" + + cd $TARGET_DIR + + rm -f bitcoin-$VERSION.tar.gz checksum.asc + + print_info "\nDownloading Bitcoin Core binaries.." + if program_exists "wget"; then + wget -q "$1" -O bitcoin-$VERSION.tar.gz && + wget -q "$checksum_url" -O checksum.asc && + mkdir -p bitcoin-$VERSION && + tar xzf bitcoin-$VERSION.tar.gz -C bitcoin-$VERSION --strip-components=1 + elif program_exists "curl"; then + curl -s "$1" -o bitcoin-$VERSION.tar.gz && + curl -s "$checksum_url" -o checksum.asc && + mkdir -p bitcoin-$VERSION && + tar xzf bitcoin-$VERSION.tar.gz -C bitcoin-$VERSION --strip-components=1 + else + print_error "\nwget or curl program is required to continue. Please install wget or curl as root and rerun this script as normal user." + exit 1 + fi + + if program_exists "shasum"; then + checksum=$(shasum -a 256 bitcoin-$VERSION.tar.gz | awk '{ print $1 }') + if grep -q "$checksum" checksum.asc; then + print_success "Checksum passed: bitcoin-$VERSION.tar.gz ($checksum)" + else + print_error "Checksum failed: bitcoin-$VERSION.tar.gz ($checksum). Please rerun this script to download and validate the binaries again." + exit 1 + fi + fi + + rm -f bitcoin-$VERSION.tar.gz checksum.asc +} + +install_bitcoin_core() { + cd $TARGET_DIR + + print_info "\nInstalling Bitcoin Core v$VERSION" + + if [ ! -d "$TARGET_DIR/bin" ]; then + mkdir -p $TARGET_DIR/bin + fi + + if [ ! -d "$TARGET_DIR/.bitcoin" ]; then + mkdir -p $TARGET_DIR/.bitcoin + fi + + if [ "$SYSTEM" = "Darwin" ]; then + if [ ! -e "$HOME/Library/Application Support/Bitcoin" ]; then + ln -s $TARGET_DIR/.bitcoin "$HOME/Library/Application Support/Bitcoin" + fi + else + if [ ! -e "$HOME/.bitcoin" ]; then + ln -s $TARGET_DIR/.bitcoin $HOME/.bitcoin + fi + fi + + if [ -f "$TARGET_DIR/bitcoin/src/bitcoind" ]; then + # Install compiled binaries. + cp "$TARGET_DIR/bitcoin/src/bitcoind" "$TARGET_DIR/bin/" && + cp "$TARGET_DIR/bitcoin/src/bitcoin-cli" "$TARGET_DIR/bin/" && + print_success "Bitcoin Core v$VERSION (compiled) installed successfully!" + elif [ -f "$TARGET_DIR/bitcoin-$VERSION/bin/bitcoind" ]; then + # Install downloaded binaries. + cp "$TARGET_DIR/bitcoin-$VERSION/bin/bitcoind" "$TARGET_DIR/bin/" && + cp "$TARGET_DIR/bitcoin-$VERSION/bin/bitcoin-cli" "$TARGET_DIR/bin/" && + rm -rf "$TARGET_DIR/bitcoin-$VERSION" + print_success "Bitcoin Core v$VERSION (binaries) installed successfully!" + else + print_error "Cannot find files to install." + exit 1 + fi + + cat > $TARGET_DIR/.bitcoin/bitcoin.conf < $TARGET_DIR/bin/start.sh < $TARGET_DIR/bin/stop.sh < /dev/null | head -n 1 | cut -d ' ' -f2) + if [ $reachable -eq 200 ]; then + print_success "Bitcoin Core is accepting incoming connections at port $PORT!" + else + print_warning "Bitcoin Core is not accepting incoming connections at port $PORT. You may need to configure port forwarding (https://bitcoin.org/en/full-node#port-forwarding) on your router." + fi + fi +} + +uninstall_bitcoin_core() { + stop_bitcoin_core + + if [ -d "$TARGET_DIR" ]; then + print_info "\nUninstalling Bitcoin Core.." + rm -rf $TARGET_DIR + + # Remove stale symlink. + if [ "$SYSTEM" = "Darwin" ]; then + if [ -L "$HOME/Library/Application Support/Bitcoin" ] && [ ! -d "$HOME/Library/Application Support/Bitcoin" ]; then + rm "$HOME/Library/Application Support/Bitcoin" + fi + else + if [ -L $HOME/.bitcoin ] && [ ! -d $HOME/.bitcoin ]; then + rm $HOME/.bitcoin + fi + fi + + if [ ! -d "$TARGET_DIR" ]; then + print_success "Bitcoin Core uninstalled successfully!" + else + print_error "Uninstallation failed. Is Bitcoin Core still running?" + exit 1 + fi + else + print_error "Bitcoin Core not installed." + fi +} + +while getopts ":v:t:p:bu" opt +do + case "$opt" in + v) + VERSION=${OPTARG} + ;; + t) + TARGET_DIR=${OPTARG} + ;; + p) + PORT=${OPTARG} + ;; + b) + BUILD=1 + ;; + u) + UNINSTALL=1 + ;; + h) + usage + exit 0 + ;; + ?) + usage >& 2 + exit 1 + ;; + esac +done + +WELCOME_TEXT=$(cat < $TARGET_DIR/README.md + cat $TARGET_DIR/README.md + print_success "If this is your first install, Bitcoin Core may take several hours/days to download a full copy of the blockchain." + print_success "\nInstallation completed!" + fi +fi + +print_end From 677ccde27f22f852e94d2177a6a1eeafd170d2fb Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Sun, 21 Apr 2024 10:21:11 +0200 Subject: [PATCH 4/9] stop service before copy if exists --- molecule/default/verify.yml | 2 +- tasks/main.yml | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/molecule/default/verify.yml b/molecule/default/verify.yml index a1b4d04..5c433b1 100644 --- a/molecule/default/verify.yml +++ b/molecule/default/verify.yml @@ -7,7 +7,7 @@ bitcoind_version: 27.0 tasks: - - name: "Retrieve information from /usr/local/bitcoin-core-{{ bitcoind_version }}" + - name: "Retrieve information from /usr/local/bin/*" ansible.builtin.stat: path: "/usr/local/bin/{{ item }}" register: bitcoind_bins diff --git a/tasks/main.yml b/tasks/main.yml index 7970021..e5ecdc6 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -62,6 +62,15 @@ extra_opts: - --strip-components=1 +- name: "Bitcoind | Ensure 'bitcoind-{{ bitcoind_network }}.service' systemd unit is stopped" + ansible.builtin.systemd: + name: bitcoind-{{ bitcoind_network }}.service + state: stopped + register: _bitcoind_systemd_stop + failed_when: + - _bitcoind_systemd_stop.failed + - "'Could not find the requested service' not in _bitcoind_systemd_stop.msg" + - name: "Bitcoind | Install binaries into '/usr/local/bin/*'" ansible.builtin.copy: src: /tmp/bitcoin-core-{{ bitcoind_version }}/bin/ From 8365adeb659d700693a72eb2026ca31706db39ca Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Mon, 22 Apr 2024 17:15:23 +0200 Subject: [PATCH 5/9] fix config generation --- templates/bitcoin.conf.j2 | 84 ++++++++++++++++++++++++++++++--------- 1 file changed, 65 insertions(+), 19 deletions(-) diff --git a/templates/bitcoin.conf.j2 b/templates/bitcoin.conf.j2 index 9337214..dadf391 100644 --- a/templates/bitcoin.conf.j2 +++ b/templates/bitcoin.conf.j2 @@ -25,7 +25,9 @@ proxy={{ bitcoind_proxy }} # Bind to given address and always listen on it. Use [host]:port notation for IPv6 #bind= +{% if bitcoind_network == "main" %} bind={{ bitcoind_bind }} +{% endif %} # Bind to given address and add permission flags to peers connecting to it. Use [host]:port notation for IPv6 #whitebind=perm@ @@ -56,13 +58,17 @@ bind={{ bitcoind_bind }} # Use as many addnode= settings as you like to connect to specific peers #addnode=69.164.218.197 #addnode=10.0.0.2:8333 +{% if bitcoind_network == "main" %} {% for item in bitcoind_nodes %} addnode={{ item }} {% endfor %} +{% endif %} # Alternatively use as many connect= settings as you like to connect ONLY to specific peers #connect=69.164.218.197 #connect=10.0.0.1:8333 +{% if bitcoind_network == "main" %} +{% endif %} # Listening mode, enabled by default except when 'connect' is being used #listen=1 @@ -70,6 +76,8 @@ listen=1 # Port on which to listen for connections (default: 8333, testnet: 18333, signet: 38333, regtest: 18444) #port= +{% if bitcoind_network == "main" %} +{% endif %} # Maximum number of inbound + outbound connections (default: 125). This option # applies only if inbound connections are enabled; otherwise, the number of connections @@ -98,7 +106,9 @@ server=1 # Bind to given address to listen for JSON-RPC connections. # Refer to the manpage or bitcoind -help for further details. #rpcbind= +{% if bitcoind_network == "main" %} rpcbind={{ bitcoind_rpc_bind }} +{% endif %} # If no rpcpassword is set, rpc cookie auth is sought. The default `-rpccookiefile` name # is .cookie and found in the `-datadir` being used for bitcoind. This option is typically used @@ -145,7 +155,9 @@ rpcallowip={{ item }} # Listen for RPC connections on this TCP port: #rpcport=8332 +{% if bitcoind_network == "main" %} rpcport={{ bitcoind_rpc_port }} +{% endif %} # You can use Bitcoin or bitcoind to send commands to Bitcoin/bitcoind # running on another host using this option: @@ -188,25 +200,6 @@ rpcport={{ bitcoind_rpc_port }} # Minimize to the system tray #minimizetotray=1 -# [Sections] -# Most options apply to mainnet, testnet, signet and regtest. -# If you want to confine an option to just one network, you should add it in the -# relevant section below. -# EXCEPTIONS: The options addnode, connect, port, bind, rpcport, rpcbind and wallet -# only apply to mainnet unless they appear in the appropriate section below. - -# Options only for mainnet -#[main] - -# Options only for testnet -#[test] - -# Options only for signet -#[signet] - -# Options only for regtest -#[regtest] - # Misc/Undocumented Settings chain={{ bitcoind_network }} pid=/run/bitcoind/{{ bitcoind_network }}/bitcoind.pid @@ -226,3 +219,56 @@ disablewallet={{ 1 if bitcoind_disablewallet else 0 }} zmqpubrawblock=tcp://{{ bitcoind_zmq_host }}:28332 zmqpubrawtx=tcp://{{ bitcoind_zmq_host }}:28333 zmqpubhashblock=tcp://{{ bitcoind_zmq_host }}:28332 + + +# [Sections] +# Most options apply to mainnet, testnet, signet and regtest. +# If you want to confine an option to just one network, you should add it in the +# relevant section below. +# EXCEPTIONS: The options addnode, connect, port, bind, rpcport, rpcbind and wallet +# only apply to mainnet unless they appear in the appropriate section below. + +# Options only for mainnet +#[main] + +# Options only for testnet +#[test] +{% if bitcoind_network == "test" %} +[{{ bitcoind_network }}] +{% for item in bitcoind_nodes %} +addnode={{ item }} +{% endfor %} +#connect=10.0.0.1:8333 +#port= +bind={{ bitcoind_bind }} +rpcport={{ bitcoind_rpc_port }} +rpcbind={{ bitcoind_rpc_bind }} +{% endif %} + +# Options only for signet +#[signet] +{% if bitcoind_network == "signet" %} +[{{ bitcoind_network }}] +{% for item in bitcoind_nodes %} +addnode={{ item }} +{% endfor %} +#connect=10.0.0.1:8333 +#port= +bind={{ bitcoind_bind }} +rpcport={{ bitcoind_rpc_port }} +rpcbind={{ bitcoind_rpc_bind }} +{% endif %} + +# Options only for regtest +#[regtest] +{% if bitcoind_network == "regtest" %} +[{{ bitcoind_network }}] +{% for item in bitcoind_nodes %} +addnode={{ item }} +{% endfor %} +#connect=10.0.0.1:8333 +#port= +bind={{ bitcoind_bind }} +rpcport={{ bitcoind_rpc_port }} +rpcbind={{ bitcoind_rpc_bind }} +{% endif %} From 1c1da1d41b939da50c935691d599194c0705d0a1 Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Mon, 22 Apr 2024 17:44:11 +0200 Subject: [PATCH 6/9] reorder steps --- tasks/main.yml | 42 +++++++++++++++++++++--------------------- 1 file changed, 21 insertions(+), 21 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index e5ecdc6..3341023 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -28,6 +28,19 @@ password: "*" when: "ansible_user is not defined or bitcoind_user != ansible_user" +- name: "Bitcoind | Ensure Bitcoin data directory exists ('{{ bitcoind_data_dir }}')" + ansible.builtin.file: + path: "{{ bitcoind_data_dir }}" + state: directory + +- name: "Bitcoind | Ensure Bitcoin data directory uses the correct permissions ('{{ bitcoind_data_dir }}')" + ansible.builtin.file: + path: "{{ bitcoind_data_dir }}" + state: directory + owner: "{{ bitcoind_user }}" + group: "{{ bitcoind_group }}" + mode: "0755" + - name: "Bitcoind | Download SHA256SUMS for Bitcoin v{{ bitcoind_version }} into '/tmp/SHA256SUMS'" ansible.builtin.get_url: url: https://bitcoincore.org/bin/bitcoin-core-{{ bitcoind_version }}/SHA256SUMS @@ -95,6 +108,14 @@ group: "{{ bitcoind_group }}" mode: "0755" +- name: "Bitcoind | Ensure symbolic link from '/etc/bitcoind/{{ bitcoind_network }}' to '/home/{{ bitcoind_user }}/.bitcoin' exists" + ansible.builtin.file: + src: /etc/bitcoind/{{ bitcoind_network }} + dest: /home/{{ bitcoind_user }}/.bitcoin + state: link + owner: "{{ bitcoind_user }}" + group: "{{ bitcoind_group }}" + - name: "Bitcoind | Copy bitcoin.conf file into '/etc/bitcoind/{{ bitcoind_network }}'" ansible.builtin.template: src: bitcoin.conf.j2 @@ -104,27 +125,6 @@ notify: - Bitcoind | Ensure bitcoind systemd unit is restarted -- name: "Bitcoind | Ensure Bitcoin data directory exists ('{{ bitcoind_data_dir }}')" - ansible.builtin.file: - path: "{{ bitcoind_data_dir }}" - state: directory - -- name: "Bitcoind | Ensure Bitcoin data directory uses the correct permissions ('{{ bitcoind_data_dir }}')" - ansible.builtin.file: - path: "{{ bitcoind_data_dir }}" - state: directory - owner: "{{ bitcoind_user }}" - group: "{{ bitcoind_group }}" - mode: "0755" - -- name: "Bitcoind | Ensure symbolic link from '/etc/bitcoind/{{ bitcoind_network }}' to '/home/{{ bitcoind_user }}/.bitcoin' exists" - ansible.builtin.file: - src: /etc/bitcoind/{{ bitcoind_network }} - dest: /home/{{ bitcoind_user }}/.bitcoin - state: link - owner: "{{ bitcoind_user }}" - group: "{{ bitcoind_group }}" - - name: "Bitcoind | Ensure 'bitcoind-{{ bitcoind_network }}.service' systemd unit is enabled and started" ansible.builtin.systemd: name: bitcoind-{{ bitcoind_network }}.service From 44d0ae1d6c9271518d2b9891c17d1244f0c478fd Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Mon, 22 Apr 2024 18:53:50 +0200 Subject: [PATCH 7/9] add management markers --- templates/bitcoin.conf.j2 | 2 ++ templates/bitcoind.service.j2 | 1 + 2 files changed, 3 insertions(+) diff --git a/templates/bitcoin.conf.j2 b/templates/bitcoin.conf.j2 index dadf391..a8a29c4 100644 --- a/templates/bitcoin.conf.j2 +++ b/templates/bitcoin.conf.j2 @@ -1,3 +1,5 @@ +## This file is managed by mvrahden/bitcoind-ansible. +## Bitcoin Version: {{ bitcoind_version }} ## ## bitcoin.conf configuration file. Lines beginning with # are comments. ## diff --git a/templates/bitcoind.service.j2 b/templates/bitcoind.service.j2 index b95003a..9ea457b 100644 --- a/templates/bitcoind.service.j2 +++ b/templates/bitcoind.service.j2 @@ -1,3 +1,4 @@ +## This file is managed by mvrahden/bitcoind-ansible. # It is not recommended to modify this file in-place, because it will # be overwritten during package upgrades. If you want to add further # options or overwrite existing ones then use From 2f2858002d3157204bb086c9ff8902f9395ea0f2 Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Mon, 22 Apr 2024 18:54:10 +0200 Subject: [PATCH 8/9] test version cookie fir idempotency --- tasks/main.yml | 25 +++++++++++++++++++++++++ templates/.bitcoind.version.j2 | 2 ++ 2 files changed, 27 insertions(+) create mode 100644 templates/.bitcoind.version.j2 diff --git a/tasks/main.yml b/tasks/main.yml index 3341023..7cfd5c2 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -1,4 +1,8 @@ --- +- name: Bitcoind | Set current version fact + ansible.builtin.set_fact: + _bitcoind_change_version: false # default + - name: Bitcoind | Ensure dependencies are installed ansible.builtin.apt: update_cache: true @@ -41,6 +45,21 @@ group: "{{ bitcoind_group }}" mode: "0755" +- name: "Bitcoind | Load version cookie file" + slurp: + src: "{{ bitcoind_data_dir }}/.bitcoind.version" + register: _bitcoind_version_cookie_file + ignore_errors: true + +- name: "Bitcoind | Determine version change from version cookie vs. configured version" + set_fact: + _bitcoind_change_version: "{{ _bitcoind_version_cookie_file['content'] | b64decode | regex_findall('(\\d+\\.\\d+)') | first is version(bitcoind_version, '!=' , strict=true)}}" + when: "not _bitcoind_version_cookie_file.failed" + +- name: "Bitcoind | Debug detected version change from cookie" + debug: + msg: "{{ _bitcoind_change_version }}" + - name: "Bitcoind | Download SHA256SUMS for Bitcoin v{{ bitcoind_version }} into '/tmp/SHA256SUMS'" ansible.builtin.get_url: url: https://bitcoincore.org/bin/bitcoin-core-{{ bitcoind_version }}/SHA256SUMS @@ -80,6 +99,7 @@ name: bitcoind-{{ bitcoind_network }}.service state: stopped register: _bitcoind_systemd_stop + when: _bitcoind_change_version failed_when: - _bitcoind_systemd_stop.failed - "'Could not find the requested service' not in _bitcoind_systemd_stop.msg" @@ -131,3 +151,8 @@ daemon_reload: true enabled: true state: started + +- name: "Bitcoind | Ensure version cookie file set" + ansible.builtin.template: + src: .bitcoind.version.j2 + dest: "{{ bitcoind_data_dir }}/.bitcoind.version" diff --git a/templates/.bitcoind.version.j2 b/templates/.bitcoind.version.j2 new file mode 100644 index 0000000..325053f --- /dev/null +++ b/templates/.bitcoind.version.j2 @@ -0,0 +1,2 @@ +## This file is managed by mvrahden/bitcoind-ansible. +{{ bitcoind_version }} From f11b999448d5627f1d91fd2ba336afde14fa97eb Mon Sep 17 00:00:00 2001 From: Menno van Rahden Date: Mon, 22 Apr 2024 20:02:29 +0200 Subject: [PATCH 9/9] deploy conf in data dir --- tasks/main.yml | 14 +++----------- templates/bitcoind.service.j2 | 6 +++--- 2 files changed, 6 insertions(+), 14 deletions(-) diff --git a/tasks/main.yml b/tasks/main.yml index 7cfd5c2..6707f59 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -120,26 +120,18 @@ notify: - Bitcoind | Ensure bitcoind systemd unit is restarted -- name: "Bitcoind | Ensure Bitcoin configuration directory exists ('/etc/bitcoind/{{ bitcoind_network }}')" - ansible.builtin.file: - path: /etc/bitcoind/{{ bitcoind_network }} - state: directory - owner: "{{ bitcoind_user }}" - group: "{{ bitcoind_group }}" - mode: "0755" - - name: "Bitcoind | Ensure symbolic link from '/etc/bitcoind/{{ bitcoind_network }}' to '/home/{{ bitcoind_user }}/.bitcoin' exists" ansible.builtin.file: - src: /etc/bitcoind/{{ bitcoind_network }} + src: "{{ bitcoind_data_dir }}" dest: /home/{{ bitcoind_user }}/.bitcoin state: link owner: "{{ bitcoind_user }}" group: "{{ bitcoind_group }}" -- name: "Bitcoind | Copy bitcoin.conf file into '/etc/bitcoind/{{ bitcoind_network }}'" +- name: "Bitcoind | Copy bitcoin.conf file into '{{ bitcoind_data_dir }}/bitcoind.conf'" ansible.builtin.template: src: bitcoin.conf.j2 - dest: /etc/bitcoind/{{ bitcoind_network }}/bitcoind.conf + dest: "{{ bitcoind_data_dir }}/bitcoind.conf" owner: "{{ bitcoind_user }}" group: "{{ bitcoind_group }}" notify: diff --git a/templates/bitcoind.service.j2 b/templates/bitcoind.service.j2 index 9ea457b..a225f26 100644 --- a/templates/bitcoind.service.j2 +++ b/templates/bitcoind.service.j2 @@ -20,7 +20,7 @@ Wants=network-online.target [Service] ExecStart=/usr/local/bin/bitcoind -daemonwait \ - -conf=/etc/bitcoind/{{ bitcoind_network }}/bitcoind.conf \ + -conf={{ bitcoind_data_dir }}/bitcoind.conf \ # Make sure the config directory is readable by the service user PermissionsStartOnly=true @@ -48,8 +48,8 @@ Group={{ bitcoind_group }} RuntimeDirectory=bitcoind/{{ bitcoind_network }} RuntimeDirectoryMode=0710 -# /etc/bitcoind/{{ bitcoind_network }} -ConfigurationDirectory=bitcoind/{{ bitcoind_network }} +# {{ bitcoind_data_dir }} +ConfigurationDirectory={{ bitcoind_data_dir }} ConfigurationDirectoryMode=0755 # /var/lib/bitcoind