Robosats/robosats-deploy
1
0
Fork 0
mirror of https://github.com/RoboSats/robosats-deploy.git synced 2026-02-11 09:10:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor tor service

Browse Source
This commit is contained in:
Reckless_Satoshi
2023-09-30 08:19:58 -07:00
parent 90811de909
commit c43d2a00b3
13 changed files with 137 additions and 101 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
compose/README.md
View File

@ -153,13 +153,13 @@ Delete <None> images
## Add Onion services
At the moment the RoboSats image does not use TorControl of the Tor container to automatically generate the Onion hidden service. It simply exposes the port (18000 in the `/compose/env-sample` testnet orchestration) and you can create a hidden service using your base machine `torrc` .
At the moment the RoboSats image does not use TorControl of the Tor container to automatically generate the Onion hidden service. It simply exposes the port (18000 in the `/compose/env-sample` testnet orchestration) and exposes a hidden service defined `/env/{namespace}/torrc`.
You can edit `torcc` to add or remove services (e.g., expose Thunderhub as a hidden service)
```
sudo nano /etc/tor/torrc
sudo nano /env/{namespace}/torrc
```
If you are running both a mainnet and a testnet coordinator you could add something like this to `torrc`
```
# Robosats Testnet Onion Service
HiddenServiceDir /var/lib/tor/robotest/
@ -167,17 +167,17 @@ HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:18000
#... mainnet over robotest
HiddenServicePort 8001 127.0.0.1:8000
# Robosats Mainnet Onion Service
HiddenServiceDir /var/lib/tor/robomain/
HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:8000
#... testnet over robomain
HiddenServicePort 8001 127.0.0.1:18000
```
Additionally, if you want so, you can also create Onion endpoints to SSH remotely into your machine or to services to control your node (Thunderbung) ot to monitor your server (e.g Cockpit).
You can print the hidden service hostname.
```
sudo cat /env/{namespace}/tor/robotest/hostname
```
Note that if you try to now access your RoboSats instance by pasting this Onion address in your browser you will see a 400 Error. This is due to the hostname not being allowed by the backend. You have to edit your `/env/{namespace}/robosats.env` and add your `.....onion` as `HOST_NAME` or `HOST_NAME2`.
And if you want so, you can replace the ed25519 keys to set your own custom hostname. You can mine a vanity onion with [mkp224o](https://github.com/cathugger/mkp224o)
Additionally, you can also edit your machine's `/etc/tor/torrc` to create Onion endpoints to SSH remotely into your machine or to services to monitor your server (e.g Cockpit).
```
# SSH Hidden Service
@ -191,12 +191,6 @@ HiddenServiceDir /var/lib/tor/management/
HiddenServiceVersion 3
# Cockpit
HiddenServicePort 1000 127.0.0.1:9090
# Thub mainnet and testnet
HiddenServicePort 3000 127.0.0.1:3000
HiddenServicePort 3001 127.0.0.1:3001
# Lit mainnet and testnet
HiddenServicePort 4000 127.0.0.1:4000
HiddenServicePort 4001 127.0.0.1:4001
```
Restart

3
compose/docker-compose.override-lnd.yml
View File

@ -9,8 +9,7 @@ services:
- tor
- bitcoind
volumes:
- ${TOR_DATA:?}:${GUEST_TOR_DATA:?}:ro
- ${TOR_CONFIG:?}:${GUEST_TOR_CONFIG:?}:ro
- ${TOR_DATA:?}:/var/lib/tor:ro
- ${LND_DATA:?}:/root/.lnd
- ${LND_CONF:?}:/root/.lnd/lnd.conf
- ${LND_AUTOUNLOCK_PWD:?}:/tmp/pwd:ro

7
compose/docker-compose.yml
View File

@ -7,8 +7,8 @@ services:
environment:
SUFFIX: ${SUFFIX}
volumes:
- ${TOR_DATA:?}:${GUEST_TOR_DATA:?}
- ${TOR_CONFIG:?}:${GUEST_TOR_CONFIG:?}
- ${TOR_DATA:?}:/var/lib/tor
- ${TOR_CONFIG:?}:/etc/tor/torrc
ports:
- ${WEB_LOCAL_PORT}:80
- ${THUB_LOCAL_PORT}:3000
@ -22,8 +22,7 @@ services:
- tor
network_mode: service:tor
volumes:
- ${TOR_DATA:?}:${GUEST_TOR_DATA:?}:ro
- ${TOR_CONFIG:?}:${GUEST_TOR_CONFIG:?}:ro
- ${TOR_DATA:?}:/var/lib/tor:ro
- ${BITCOIN_DATA:?}:${GUEST_BITCOIN:?}
- ${BITCOIN_CONF:?}:${GUEST_BITCOIN:?}/bitcoin.conf

13
compose/env-sample/clntn/compose.env
View File

@ -1,7 +1,4 @@
ROBOSATS_DOCKER_TAG=latest
LOCAL_USER_ID=1000
LOCAL_GROUP_ID=1000
ROBOSATS_DOCKER_TAG='latest'
STATIC='/custom_path/testnet/static'
DATABASE='/custom_path/testnet/database'
@ -36,13 +33,11 @@ BITCOIN_CONF='./env/clntn/bitcoin.conf'
CLN_DATA='/custom_path/testnet/cln'
CLN_CONF='./env/clntn/cln_config'
LIT_DATA='/custom_path/testnet/lit'
TOR_DATA='/custom_path/testnet/tor/data'
TOR_CONFIG='/custom_path/testnet/tor/config'
GUEST_BITCOIN=/home/bitcoin/.bitcoin
# GUEST_LND=/home/lnd/.lnd
GUEST_TOR_DATA='/var/lib/tor'
GUEST_TOR_CONFIG='/etc/tor'
TOR_DATA='./env/lndtn/tor'
TOR_CONFIG='./env/lndtn/torrc'
GUEST_LND_RPC_PORT=10009
GUEST_LND_REST_PORT=8080

63
compose/env-sample/clntn/robosats.env
View File

@ -70,40 +70,54 @@ FEE = 0.002
# Shall incentivize order making
MAKER_FEE_SPLIT=0.125
# Robosats Development Fund donation as fraction. 0.2 = 20% of successful orders proceeds are donated via keysend.
# Donations to the devfund are important for the sustainabilty of the project, however, these are totally optional (you
# can run a coordinator without donating devfund!). Coordinators with higher devfund donations % will be more prominently
# displayed (and have special badges), while coordinators that do not donate might eventually lose frontend/client support.
# Leaving the default value (20%) will grant the DevFund contributor badge.
DEVFUND = 0.2
# Bond size as percentage (%)
DEFAULT_BOND_SIZE = 1
DEFAULT_BOND_SIZE = 3
MIN_BOND_SIZE = 1
MAX_BOND_SIZE = 15
# Time out penalty for canceling takers in SECONDS
PENALTY_TIMEOUT = 60
# Time between routing attempts of buyer invoice in MINUTES
RETRY_TIME = 5
RETRY_TIME = 1
# Store Order Logs in DB. Verbose logging for each order as property of the order object in DB. Useful for debugging and for learning
# the order flow for new robosats coordinators (prints a pretty timestamped table on the coordinator panel on each order). But a bit heavy
# on write operations and can potentially affect performance for every request.
DISABLE_ORDER_LOGS = False
# Coordinator activity limits
MAX_PUBLIC_ORDERS = 100
# Trade limits in satoshis
MIN_TRADE = 10000
MAX_TRADE = 2200000
MAX_TRADE_BONDLESS_TAKER = 50000
MIN_TRADE = 20000
MAX_TRADE = 5000000
# For CLTV_expiry calculation
# For CLTV_expiry calculation
# Assume 8 min/block assumed
BLOCK_TIME = 8
# Safety multiplier in case of mining speed up (CLTV expiry will be times X larger than real time needs for locked bonds/escrow)
MAX_MINING_NETWORK_SPEEDUP_EXPECTED = 1.7
# Expiration time for locking collateral in SECONDS
EXP_MAKER_BOND_INVOICE = 600
EXP_TAKER_BOND_INVOICE = 180
EXP_MAKER_BOND_INVOICE = 300
EXP_TAKER_BOND_INVOICE = 200
# Time a order is public in the book HOURS
DEFAULT_PUBLIC_ORDER_DURATION = 24
MAX_PUBLIC_ORDER_DURATION = 24
MIN_PUBLIC_ORDER_DURATION = 0.166
# Time to provide a valid invoice and the trade escrow MINUTES
INVOICE_AND_ESCROW_DURATION = 30
# Default time to provide a valid invoice and the trade escrow MINUTES
INVOICE_AND_ESCROW_DURATION = 180
# Time to confim chat and confirm fiat (time to Fiat Sent confirmation) HOURS
FIAT_EXCHANGE_DURATION = 4
FIAT_EXCHANGE_DURATION = 24
# ROUTING
# Proportional routing fee limit (fraction of total payout: % / 100)
@ -112,36 +126,43 @@ PROPORTIONAL_ROUTING_FEE_LIMIT = 0.001
MIN_FLAT_ROUTING_FEE_LIMIT = 10
MIN_FLAT_ROUTING_FEE_LIMIT_REWARD = 2
# Routing timeouts
REWARDS_TIMEOUT_SECONDS = 60
REWARDS_TIMEOUT_SECONDS = 30
PAYOUT_TIMEOUT_SECONDS = 90
DEBUG_PERMISSIONED_PAYOUTS = False
# Allow self keysend on keysend function (set true to debug keysend functionality)
ALLOW_SELF_KEYSEND = False
# REVERSE SUBMARINE SWAP PAYOUTS
# Disable on-the-fly swaps feature
DISABLE_ONCHAIN = False
MAX_SWAP_ALLOWED = 500000
# Shape of fee to available liquidity curve. Either "linear" or "exponential"
SWAP_FEE_SHAPE = 'exponential'
# EXPONENTIAL. fee (%) = MIN_SWAP_FEE + (MAX_SWAP_FEE - MIN_SWAP_FEE) * e ^ (-LAMBDA * onchain_liquidity_fraction)
SWAP_LAMBDA = 8.8
# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity
# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity
# is onchain the fee for swap is 2% (minimum), if it is 12% fee is 6%, and for 0% fee is 10%.
# Minimum swap fee as fraction (1%)
MIN_SWAP_FEE = 0.01
MIN_SWAP_FEE = 0.008
# Liquidity split point (LN/onchain) at which we use MIN_SWAP_FEE
MIN_SWAP_POINT = 0.35
# Maximum swap fee as fraction (~10%)
MAX_SWAP_FEE = 0.1
# Liquidity split point (LN/onchain) at which we use MAX_SWAP_FEE
MAX_SWAP_POINT = 0
# Min amount allowed for Swap
MIN_SWAP_AMOUNT = 50000
# Min and Max amount allowed for Swap
MIN_SWAP_AMOUNT = 10000
MAX_SWAP_AMOUNT = 1000000
# Spend Unconfirmed UTXOS (more capital efficient, more risky)
SPEND_UNCONFIRMED = False
# Mining fee confirmation target
SUGGESTED_TARGET_CONF = 4
MINIMUM_TARGET_CONF = 24
# Reward tip. Reward for every finished trade in the referral program (Satoshis)
REWARD_TIP = 100
# Fraction rewarded to user from the slashed bond of a counterpart.
# It should not be close to 1, or could be exploited by an attacker trading with himself to DDOS the LN node.
SLASHED_BOND_REWARD_SPLIT = 0.5
# Username for HTLCs escrows
ESCROW_USERNAME = 'admin'
ESCROW_USERNAME = 'admin'

0
compose/env-sample/clntn/tor/.gikeep Normal file
View File

1
compose/tor/torrc → compose/env-sample/clntn/torrc
View File

@ -5,7 +5,6 @@ Log notice file /var/log/tor/notices.log
DataDirectory /var/lib/tor
DataDirectoryGroupReadable 1
## Enable ControlPort
ControlPort 9051
CookieAuthentication 1

10
compose/env-sample/lndtn/compose.env
View File

@ -1,4 +1,4 @@
ROBOSATS_DOCKER_TAG=latest
ROBOSATS_DOCKER_TAG='latest'
STATIC='/custom_path/testnet/static'
DATABASE='/custom_path/testnet/database'
@ -34,13 +34,11 @@ BITCOIN_CONF='./env/lndtn/bitcoin.conf'
LND_DATA='/custom_path/testnet/lnd'
LND_CONF='./env/lndtn/lnd.conf'
LIT_DATA='/custom_path/testnet/lit'
TOR_DATA='/custom_path/testnet/tor/data'
TOR_CONFIG='/custom_path/testnet/tor/config'
GUEST_BITCOIN=/home/bitcoin/.bitcoin
# GUEST_LND=/home/lnd/.lnd
GUEST_TOR_DATA='/var/lib/tor'
GUEST_TOR_CONFIG='/etc/tor'
TOR_DATA='./env/lndtn/tor'
TOR_CONFIG='./env/lndtn/torrc'
GUEST_LND_RPC_PORT=10009
GUEST_LND_REST_PORT=8080

63
compose/env-sample/lndtn/robosats.env
View File

@ -65,40 +65,54 @@ FEE = 0.002
# Shall incentivize order making
MAKER_FEE_SPLIT=0.125
# Robosats Development Fund donation as fraction. 0.2 = 20% of successful orders proceeds are donated via keysend.
# Donations to the devfund are important for the sustainabilty of the project, however, these are totally optional (you
# can run a coordinator without donating devfund!). Coordinators with higher devfund donations % will be more prominently
# displayed (and have special badges), while coordinators that do not donate might eventually lose frontend/client support.
# Leaving the default value (20%) will grant the DevFund contributor badge.
DEVFUND = 0.2
# Bond size as percentage (%)
DEFAULT_BOND_SIZE = 1
DEFAULT_BOND_SIZE = 3
MIN_BOND_SIZE = 1
MAX_BOND_SIZE = 15
# Time out penalty for canceling takers in SECONDS
PENALTY_TIMEOUT = 60
# Time between routing attempts of buyer invoice in MINUTES
RETRY_TIME = 5
RETRY_TIME = 1
# Store Order Logs in DB. Verbose logging for each order as property of the order object in DB. Useful for debugging and for learning
# the order flow for new robosats coordinators (prints a pretty timestamped table on the coordinator panel on each order). But a bit heavy
# on write operations and can potentially affect performance for every request.
DISABLE_ORDER_LOGS = False
# Coordinator activity limits
MAX_PUBLIC_ORDERS = 100
# Trade limits in satoshis
MIN_TRADE = 10000
MAX_TRADE = 2200000
MAX_TRADE_BONDLESS_TAKER = 50000
MIN_TRADE = 20000
MAX_TRADE = 5000000
# For CLTV_expiry calculation
# For CLTV_expiry calculation
# Assume 8 min/block assumed
BLOCK_TIME = 8
# Safety multiplier in case of mining speed up (CLTV expiry will be times X larger than real time needs for locked bonds/escrow)
MAX_MINING_NETWORK_SPEEDUP_EXPECTED = 1.7
# Expiration time for locking collateral in SECONDS
EXP_MAKER_BOND_INVOICE = 600
EXP_TAKER_BOND_INVOICE = 180
EXP_MAKER_BOND_INVOICE = 300
EXP_TAKER_BOND_INVOICE = 200
# Time a order is public in the book HOURS
DEFAULT_PUBLIC_ORDER_DURATION = 24
MAX_PUBLIC_ORDER_DURATION = 24
MIN_PUBLIC_ORDER_DURATION = 0.166
# Time to provide a valid invoice and the trade escrow MINUTES
INVOICE_AND_ESCROW_DURATION = 30
# Default time to provide a valid invoice and the trade escrow MINUTES
INVOICE_AND_ESCROW_DURATION = 180
# Time to confim chat and confirm fiat (time to Fiat Sent confirmation) HOURS
FIAT_EXCHANGE_DURATION = 4
FIAT_EXCHANGE_DURATION = 24
# ROUTING
# Proportional routing fee limit (fraction of total payout: % / 100)
@ -107,36 +121,43 @@ PROPORTIONAL_ROUTING_FEE_LIMIT = 0.001
MIN_FLAT_ROUTING_FEE_LIMIT = 10
MIN_FLAT_ROUTING_FEE_LIMIT_REWARD = 2
# Routing timeouts
REWARDS_TIMEOUT_SECONDS = 60
REWARDS_TIMEOUT_SECONDS = 30
PAYOUT_TIMEOUT_SECONDS = 90
DEBUG_PERMISSIONED_PAYOUTS = False
# Allow self keysend on keysend function (set true to debug keysend functionality)
ALLOW_SELF_KEYSEND = False
# REVERSE SUBMARINE SWAP PAYOUTS
# Disable on-the-fly swaps feature
DISABLE_ONCHAIN = False
MAX_SWAP_ALLOWED = 500000
# Shape of fee to available liquidity curve. Either "linear" or "exponential"
SWAP_FEE_SHAPE = 'exponential'
# EXPONENTIAL. fee (%) = MIN_SWAP_FEE + (MAX_SWAP_FEE - MIN_SWAP_FEE) * e ^ (-LAMBDA * onchain_liquidity_fraction)
SWAP_LAMBDA = 8.8
# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity
# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity
# is onchain the fee for swap is 2% (minimum), if it is 12% fee is 6%, and for 0% fee is 10%.
# Minimum swap fee as fraction (1%)
MIN_SWAP_FEE = 0.01
MIN_SWAP_FEE = 0.008
# Liquidity split point (LN/onchain) at which we use MIN_SWAP_FEE
MIN_SWAP_POINT = 0.35
# Maximum swap fee as fraction (~10%)
MAX_SWAP_FEE = 0.1
# Liquidity split point (LN/onchain) at which we use MAX_SWAP_FEE
MAX_SWAP_POINT = 0
# Min amount allowed for Swap
MIN_SWAP_AMOUNT = 50000
# Min and Max amount allowed for Swap
MIN_SWAP_AMOUNT = 10000
MAX_SWAP_AMOUNT = 1000000
# Spend Unconfirmed UTXOS (more capital efficient, more risky)
SPEND_UNCONFIRMED = False
# Mining fee confirmation target
SUGGESTED_TARGET_CONF = 4
MINIMUM_TARGET_CONF = 24
# Reward tip. Reward for every finished trade in the referral program (Satoshis)
REWARD_TIP = 100
# Fraction rewarded to user from the slashed bond of a counterpart.
# It should not be close to 1, or could be exploited by an attacker trading with himself to DDOS the LN node.
SLASHED_BOND_REWARD_SPLIT = 0.5
# Username for HTLCs escrows
ESCROW_USERNAME = 'admin'
ESCROW_USERNAME = 'admin'

0
compose/env-sample/lndtn/tor/.gikeep Normal file
View File

16
compose/tor/config/torrc → compose/env-sample/lndtn/torrc
View File

@ -5,17 +5,13 @@ Log notice file /var/log/tor/notices.log
DataDirectory /var/lib/tor
DataDirectoryGroupReadable 1
## Robosats Testnet Onion Service
HiddenServiceDir /var/lib/tor/web/
HiddenServiceVersion 3
HiddenServicePort 80 nginx:80
HiddenServicePort 88 nginx:80
HiddenServicePort 800 nginx:80
HiddenServicePort 8000 nginx:80
HiddenServicePort 8888 nginx:80
## Enable ControlPort
ControlPort 9051
CookieAuthentication 1
CookieAuthFileGroupReadable 1
CookieAuthFile /var/lib/tor/control_auth_cookie
CookieAuthFile /var/lib/tor/control_auth_cookie
# Robosats LND Testnet Onion Service
HiddenServiceDir /var/lib/tor/robotest/
HiddenServiceVersion 3
HiddenServicePort 80 127.0.0.1:80

18
compose/tor/Dockerfile
View File

@ -1,10 +1,20 @@
FROM alpine:3
RUN apk --no-cache --no-progress add tor
RUN apk --no-cache --no-progress add tor=~0.4
EXPOSE 9001 9050
COPY entrypoint.sh /root/entrypoint.sh
COPY torrc /tmp/torrc
# hadolint ignore=DL3002
USER root
ARG LOCAL_USER_ID=9999
ENV TOR_DATA=/var/lib/tor
ENTRYPOINT [ "/root/entrypoint.sh" ]
# Add useradd and usermod
# Create user account (UID will be changed in entrypoint script)
RUN apk --no-cache --no-progress add shadow=~4 sudo=~1 && \
useradd -u $LOCAL_USER_ID --shell /bin/sh -m alice && \
usermod -g alice tor
COPY entrypoint.sh /root/entrypoint.sh
ENTRYPOINT [ "/root/entrypoint.sh" ]

12
compose/tor/entrypoint.sh
View File

@ -1,9 +1,13 @@
#!/bin/sh
set -e
# Create torrc if it doesn't exist
if [ ! -f "/etc/tor/torrc" ]; then
cp /tmp/torrc /etc/tor/torrc
fi
# Change local user id and group
usermod -u 1000 alice
groupmod -g 1000 alice
# Set correct owners on volumes
chown -R tor:alice /var/lib/tor
chown -R :alice /etc/tor
chown -R alice:alice /home/alice
exec sudo -u tor /usr/bin/tor