diff --git a/compose/README.md b/compose/README.md index 6be8089..c405eb5 100644 --- a/compose/README.md +++ b/compose/README.md @@ -153,13 +153,13 @@ Delete images ## Add Onion services -At the moment the RoboSats image does not use TorControl of the Tor container to automatically generate the Onion hidden service. It simply exposes the port (18000 in the `/compose/env-sample` testnet orchestration) and you can create a hidden service using your base machine `torrc` . - +At the moment the RoboSats image does not use TorControl of the Tor container to automatically generate the Onion hidden service. It simply exposes the port (18000 in the `/compose/env-sample` testnet orchestration) and exposes a hidden service defined `/env/{namespace}/torrc`. + +You can edit `torcc` to add or remove services (e.g., expose Thunderhub as a hidden service) ``` - sudo nano /etc/tor/torrc + sudo nano /env/{namespace}/torrc ``` -If you are running both a mainnet and a testnet coordinator you could add something like this to `torrc` ``` # Robosats Testnet Onion Service HiddenServiceDir /var/lib/tor/robotest/ @@ -167,17 +167,17 @@ HiddenServiceVersion 3 HiddenServicePort 80 127.0.0.1:18000 #... mainnet over robotest HiddenServicePort 8001 127.0.0.1:8000 - - -# Robosats Mainnet Onion Service -HiddenServiceDir /var/lib/tor/robomain/ -HiddenServiceVersion 3 -HiddenServicePort 80 127.0.0.1:8000 -#... testnet over robomain -HiddenServicePort 8001 127.0.0.1:18000 ``` -Additionally, if you want so, you can also create Onion endpoints to SSH remotely into your machine or to services to control your node (Thunderbung) ot to monitor your server (e.g Cockpit). +You can print the hidden service hostname. +``` +sudo cat /env/{namespace}/tor/robotest/hostname +``` +Note that if you try to now access your RoboSats instance by pasting this Onion address in your browser you will see a 400 Error. This is due to the hostname not being allowed by the backend. You have to edit your `/env/{namespace}/robosats.env` and add your `.....onion` as `HOST_NAME` or `HOST_NAME2`. + +And if you want so, you can replace the ed25519 keys to set your own custom hostname. You can mine a vanity onion with [mkp224o](https://github.com/cathugger/mkp224o) + +Additionally, you can also edit your machine's `/etc/tor/torrc` to create Onion endpoints to SSH remotely into your machine or to services to monitor your server (e.g Cockpit). ``` # SSH Hidden Service @@ -191,12 +191,6 @@ HiddenServiceDir /var/lib/tor/management/ HiddenServiceVersion 3 # Cockpit HiddenServicePort 1000 127.0.0.1:9090 -# Thub mainnet and testnet -HiddenServicePort 3000 127.0.0.1:3000 -HiddenServicePort 3001 127.0.0.1:3001 -# Lit mainnet and testnet -HiddenServicePort 4000 127.0.0.1:4000 -HiddenServicePort 4001 127.0.0.1:4001 ``` Restart diff --git a/compose/docker-compose.override-lnd.yml b/compose/docker-compose.override-lnd.yml index 0ba8160..4f5e2f7 100644 --- a/compose/docker-compose.override-lnd.yml +++ b/compose/docker-compose.override-lnd.yml @@ -9,8 +9,7 @@ services: - tor - bitcoind volumes: - - ${TOR_DATA:?}:${GUEST_TOR_DATA:?}:ro - - ${TOR_CONFIG:?}:${GUEST_TOR_CONFIG:?}:ro + - ${TOR_DATA:?}:/var/lib/tor:ro - ${LND_DATA:?}:/root/.lnd - ${LND_CONF:?}:/root/.lnd/lnd.conf - ${LND_AUTOUNLOCK_PWD:?}:/tmp/pwd:ro diff --git a/compose/docker-compose.yml b/compose/docker-compose.yml index 7999367..ae5d880 100644 --- a/compose/docker-compose.yml +++ b/compose/docker-compose.yml @@ -7,8 +7,8 @@ services: environment: SUFFIX: ${SUFFIX} volumes: - - ${TOR_DATA:?}:${GUEST_TOR_DATA:?} - - ${TOR_CONFIG:?}:${GUEST_TOR_CONFIG:?} + - ${TOR_DATA:?}:/var/lib/tor + - ${TOR_CONFIG:?}:/etc/tor/torrc ports: - ${WEB_LOCAL_PORT}:80 - ${THUB_LOCAL_PORT}:3000 @@ -22,8 +22,7 @@ services: - tor network_mode: service:tor volumes: - - ${TOR_DATA:?}:${GUEST_TOR_DATA:?}:ro - - ${TOR_CONFIG:?}:${GUEST_TOR_CONFIG:?}:ro + - ${TOR_DATA:?}:/var/lib/tor:ro - ${BITCOIN_DATA:?}:${GUEST_BITCOIN:?} - ${BITCOIN_CONF:?}:${GUEST_BITCOIN:?}/bitcoin.conf diff --git a/compose/env-sample/clntn/compose.env b/compose/env-sample/clntn/compose.env index fa1dc6e..e2712d4 100644 --- a/compose/env-sample/clntn/compose.env +++ b/compose/env-sample/clntn/compose.env @@ -1,7 +1,4 @@ -ROBOSATS_DOCKER_TAG=latest - -LOCAL_USER_ID=1000 -LOCAL_GROUP_ID=1000 +ROBOSATS_DOCKER_TAG='latest' STATIC='/custom_path/testnet/static' DATABASE='/custom_path/testnet/database' @@ -36,13 +33,11 @@ BITCOIN_CONF='./env/clntn/bitcoin.conf' CLN_DATA='/custom_path/testnet/cln' CLN_CONF='./env/clntn/cln_config' LIT_DATA='/custom_path/testnet/lit' -TOR_DATA='/custom_path/testnet/tor/data' -TOR_CONFIG='/custom_path/testnet/tor/config' GUEST_BITCOIN=/home/bitcoin/.bitcoin -# GUEST_LND=/home/lnd/.lnd -GUEST_TOR_DATA='/var/lib/tor' -GUEST_TOR_CONFIG='/etc/tor' + +TOR_DATA='./env/lndtn/tor' +TOR_CONFIG='./env/lndtn/torrc' GUEST_LND_RPC_PORT=10009 GUEST_LND_REST_PORT=8080 diff --git a/compose/env-sample/clntn/robosats.env b/compose/env-sample/clntn/robosats.env index 6de0d4f..b1a63a0 100644 --- a/compose/env-sample/clntn/robosats.env +++ b/compose/env-sample/clntn/robosats.env @@ -70,40 +70,54 @@ FEE = 0.002 # Shall incentivize order making MAKER_FEE_SPLIT=0.125 +# Robosats Development Fund donation as fraction. 0.2 = 20% of successful orders proceeds are donated via keysend. +# Donations to the devfund are important for the sustainabilty of the project, however, these are totally optional (you +# can run a coordinator without donating devfund!). Coordinators with higher devfund donations % will be more prominently +# displayed (and have special badges), while coordinators that do not donate might eventually lose frontend/client support. +# Leaving the default value (20%) will grant the DevFund contributor badge. +DEVFUND = 0.2 + # Bond size as percentage (%) -DEFAULT_BOND_SIZE = 1 +DEFAULT_BOND_SIZE = 3 MIN_BOND_SIZE = 1 MAX_BOND_SIZE = 15 # Time out penalty for canceling takers in SECONDS PENALTY_TIMEOUT = 60 # Time between routing attempts of buyer invoice in MINUTES -RETRY_TIME = 5 +RETRY_TIME = 1 + +# Store Order Logs in DB. Verbose logging for each order as property of the order object in DB. Useful for debugging and for learning +# the order flow for new robosats coordinators (prints a pretty timestamped table on the coordinator panel on each order). But a bit heavy +# on write operations and can potentially affect performance for every request. +DISABLE_ORDER_LOGS = False + +# Coordinator activity limits +MAX_PUBLIC_ORDERS = 100 # Trade limits in satoshis -MIN_TRADE = 10000 -MAX_TRADE = 2200000 -MAX_TRADE_BONDLESS_TAKER = 50000 +MIN_TRADE = 20000 +MAX_TRADE = 5000000 -# For CLTV_expiry calculation +# For CLTV_expiry calculation # Assume 8 min/block assumed BLOCK_TIME = 8 # Safety multiplier in case of mining speed up (CLTV expiry will be times X larger than real time needs for locked bonds/escrow) MAX_MINING_NETWORK_SPEEDUP_EXPECTED = 1.7 # Expiration time for locking collateral in SECONDS -EXP_MAKER_BOND_INVOICE = 600 -EXP_TAKER_BOND_INVOICE = 180 +EXP_MAKER_BOND_INVOICE = 300 +EXP_TAKER_BOND_INVOICE = 200 # Time a order is public in the book HOURS DEFAULT_PUBLIC_ORDER_DURATION = 24 MAX_PUBLIC_ORDER_DURATION = 24 MIN_PUBLIC_ORDER_DURATION = 0.166 -# Time to provide a valid invoice and the trade escrow MINUTES -INVOICE_AND_ESCROW_DURATION = 30 +# Default time to provide a valid invoice and the trade escrow MINUTES +INVOICE_AND_ESCROW_DURATION = 180 # Time to confim chat and confirm fiat (time to Fiat Sent confirmation) HOURS -FIAT_EXCHANGE_DURATION = 4 +FIAT_EXCHANGE_DURATION = 24 # ROUTING # Proportional routing fee limit (fraction of total payout: % / 100) @@ -112,36 +126,43 @@ PROPORTIONAL_ROUTING_FEE_LIMIT = 0.001 MIN_FLAT_ROUTING_FEE_LIMIT = 10 MIN_FLAT_ROUTING_FEE_LIMIT_REWARD = 2 # Routing timeouts -REWARDS_TIMEOUT_SECONDS = 60 +REWARDS_TIMEOUT_SECONDS = 30 PAYOUT_TIMEOUT_SECONDS = 90 +DEBUG_PERMISSIONED_PAYOUTS = False + +# Allow self keysend on keysend function (set true to debug keysend functionality) +ALLOW_SELF_KEYSEND = False # REVERSE SUBMARINE SWAP PAYOUTS # Disable on-the-fly swaps feature DISABLE_ONCHAIN = False +MAX_SWAP_ALLOWED = 500000 # Shape of fee to available liquidity curve. Either "linear" or "exponential" SWAP_FEE_SHAPE = 'exponential' # EXPONENTIAL. fee (%) = MIN_SWAP_FEE + (MAX_SWAP_FEE - MIN_SWAP_FEE) * e ^ (-LAMBDA * onchain_liquidity_fraction) SWAP_LAMBDA = 8.8 -# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity +# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity # is onchain the fee for swap is 2% (minimum), if it is 12% fee is 6%, and for 0% fee is 10%. # Minimum swap fee as fraction (1%) -MIN_SWAP_FEE = 0.01 +MIN_SWAP_FEE = 0.008 # Liquidity split point (LN/onchain) at which we use MIN_SWAP_FEE MIN_SWAP_POINT = 0.35 # Maximum swap fee as fraction (~10%) MAX_SWAP_FEE = 0.1 # Liquidity split point (LN/onchain) at which we use MAX_SWAP_FEE MAX_SWAP_POINT = 0 -# Min amount allowed for Swap -MIN_SWAP_AMOUNT = 50000 +# Min and Max amount allowed for Swap +MIN_SWAP_AMOUNT = 10000 +MAX_SWAP_AMOUNT = 1000000 +# Spend Unconfirmed UTXOS (more capital efficient, more risky) +SPEND_UNCONFIRMED = False +# Mining fee confirmation target +SUGGESTED_TARGET_CONF = 4 +MINIMUM_TARGET_CONF = 24 - -# Reward tip. Reward for every finished trade in the referral program (Satoshis) -REWARD_TIP = 100 # Fraction rewarded to user from the slashed bond of a counterpart. # It should not be close to 1, or could be exploited by an attacker trading with himself to DDOS the LN node. SLASHED_BOND_REWARD_SPLIT = 0.5 - # Username for HTLCs escrows -ESCROW_USERNAME = 'admin' +ESCROW_USERNAME = 'admin' \ No newline at end of file diff --git a/compose/env-sample/clntn/tor/.gikeep b/compose/env-sample/clntn/tor/.gikeep new file mode 100644 index 0000000..e69de29 diff --git a/compose/tor/torrc b/compose/env-sample/clntn/torrc similarity index 99% rename from compose/tor/torrc rename to compose/env-sample/clntn/torrc index 12d5d59..3043480 100644 --- a/compose/tor/torrc +++ b/compose/env-sample/clntn/torrc @@ -5,7 +5,6 @@ Log notice file /var/log/tor/notices.log DataDirectory /var/lib/tor DataDirectoryGroupReadable 1 - ## Enable ControlPort ControlPort 9051 CookieAuthentication 1 diff --git a/compose/env-sample/lndtn/compose.env b/compose/env-sample/lndtn/compose.env index 96766aa..df3542b 100644 --- a/compose/env-sample/lndtn/compose.env +++ b/compose/env-sample/lndtn/compose.env @@ -1,4 +1,4 @@ -ROBOSATS_DOCKER_TAG=latest +ROBOSATS_DOCKER_TAG='latest' STATIC='/custom_path/testnet/static' DATABASE='/custom_path/testnet/database' @@ -34,13 +34,11 @@ BITCOIN_CONF='./env/lndtn/bitcoin.conf' LND_DATA='/custom_path/testnet/lnd' LND_CONF='./env/lndtn/lnd.conf' LIT_DATA='/custom_path/testnet/lit' -TOR_DATA='/custom_path/testnet/tor/data' -TOR_CONFIG='/custom_path/testnet/tor/config' GUEST_BITCOIN=/home/bitcoin/.bitcoin -# GUEST_LND=/home/lnd/.lnd -GUEST_TOR_DATA='/var/lib/tor' -GUEST_TOR_CONFIG='/etc/tor' + +TOR_DATA='./env/lndtn/tor' +TOR_CONFIG='./env/lndtn/torrc' GUEST_LND_RPC_PORT=10009 GUEST_LND_REST_PORT=8080 diff --git a/compose/env-sample/lndtn/robosats.env b/compose/env-sample/lndtn/robosats.env index 09f622e..d9af099 100644 --- a/compose/env-sample/lndtn/robosats.env +++ b/compose/env-sample/lndtn/robosats.env @@ -65,40 +65,54 @@ FEE = 0.002 # Shall incentivize order making MAKER_FEE_SPLIT=0.125 +# Robosats Development Fund donation as fraction. 0.2 = 20% of successful orders proceeds are donated via keysend. +# Donations to the devfund are important for the sustainabilty of the project, however, these are totally optional (you +# can run a coordinator without donating devfund!). Coordinators with higher devfund donations % will be more prominently +# displayed (and have special badges), while coordinators that do not donate might eventually lose frontend/client support. +# Leaving the default value (20%) will grant the DevFund contributor badge. +DEVFUND = 0.2 + # Bond size as percentage (%) -DEFAULT_BOND_SIZE = 1 +DEFAULT_BOND_SIZE = 3 MIN_BOND_SIZE = 1 MAX_BOND_SIZE = 15 # Time out penalty for canceling takers in SECONDS PENALTY_TIMEOUT = 60 # Time between routing attempts of buyer invoice in MINUTES -RETRY_TIME = 5 +RETRY_TIME = 1 + +# Store Order Logs in DB. Verbose logging for each order as property of the order object in DB. Useful for debugging and for learning +# the order flow for new robosats coordinators (prints a pretty timestamped table on the coordinator panel on each order). But a bit heavy +# on write operations and can potentially affect performance for every request. +DISABLE_ORDER_LOGS = False + +# Coordinator activity limits +MAX_PUBLIC_ORDERS = 100 # Trade limits in satoshis -MIN_TRADE = 10000 -MAX_TRADE = 2200000 -MAX_TRADE_BONDLESS_TAKER = 50000 +MIN_TRADE = 20000 +MAX_TRADE = 5000000 -# For CLTV_expiry calculation +# For CLTV_expiry calculation # Assume 8 min/block assumed BLOCK_TIME = 8 # Safety multiplier in case of mining speed up (CLTV expiry will be times X larger than real time needs for locked bonds/escrow) MAX_MINING_NETWORK_SPEEDUP_EXPECTED = 1.7 # Expiration time for locking collateral in SECONDS -EXP_MAKER_BOND_INVOICE = 600 -EXP_TAKER_BOND_INVOICE = 180 +EXP_MAKER_BOND_INVOICE = 300 +EXP_TAKER_BOND_INVOICE = 200 # Time a order is public in the book HOURS DEFAULT_PUBLIC_ORDER_DURATION = 24 MAX_PUBLIC_ORDER_DURATION = 24 MIN_PUBLIC_ORDER_DURATION = 0.166 -# Time to provide a valid invoice and the trade escrow MINUTES -INVOICE_AND_ESCROW_DURATION = 30 +# Default time to provide a valid invoice and the trade escrow MINUTES +INVOICE_AND_ESCROW_DURATION = 180 # Time to confim chat and confirm fiat (time to Fiat Sent confirmation) HOURS -FIAT_EXCHANGE_DURATION = 4 +FIAT_EXCHANGE_DURATION = 24 # ROUTING # Proportional routing fee limit (fraction of total payout: % / 100) @@ -107,36 +121,43 @@ PROPORTIONAL_ROUTING_FEE_LIMIT = 0.001 MIN_FLAT_ROUTING_FEE_LIMIT = 10 MIN_FLAT_ROUTING_FEE_LIMIT_REWARD = 2 # Routing timeouts -REWARDS_TIMEOUT_SECONDS = 60 +REWARDS_TIMEOUT_SECONDS = 30 PAYOUT_TIMEOUT_SECONDS = 90 +DEBUG_PERMISSIONED_PAYOUTS = False + +# Allow self keysend on keysend function (set true to debug keysend functionality) +ALLOW_SELF_KEYSEND = False # REVERSE SUBMARINE SWAP PAYOUTS # Disable on-the-fly swaps feature DISABLE_ONCHAIN = False +MAX_SWAP_ALLOWED = 500000 # Shape of fee to available liquidity curve. Either "linear" or "exponential" SWAP_FEE_SHAPE = 'exponential' # EXPONENTIAL. fee (%) = MIN_SWAP_FEE + (MAX_SWAP_FEE - MIN_SWAP_FEE) * e ^ (-LAMBDA * onchain_liquidity_fraction) SWAP_LAMBDA = 8.8 -# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity +# LINEAR. 4 parameters needed: min/max fees and min/max balance points. E.g. If 25% or more of liquidity # is onchain the fee for swap is 2% (minimum), if it is 12% fee is 6%, and for 0% fee is 10%. # Minimum swap fee as fraction (1%) -MIN_SWAP_FEE = 0.01 +MIN_SWAP_FEE = 0.008 # Liquidity split point (LN/onchain) at which we use MIN_SWAP_FEE MIN_SWAP_POINT = 0.35 # Maximum swap fee as fraction (~10%) MAX_SWAP_FEE = 0.1 # Liquidity split point (LN/onchain) at which we use MAX_SWAP_FEE MAX_SWAP_POINT = 0 -# Min amount allowed for Swap -MIN_SWAP_AMOUNT = 50000 +# Min and Max amount allowed for Swap +MIN_SWAP_AMOUNT = 10000 +MAX_SWAP_AMOUNT = 1000000 +# Spend Unconfirmed UTXOS (more capital efficient, more risky) +SPEND_UNCONFIRMED = False +# Mining fee confirmation target +SUGGESTED_TARGET_CONF = 4 +MINIMUM_TARGET_CONF = 24 - -# Reward tip. Reward for every finished trade in the referral program (Satoshis) -REWARD_TIP = 100 # Fraction rewarded to user from the slashed bond of a counterpart. # It should not be close to 1, or could be exploited by an attacker trading with himself to DDOS the LN node. SLASHED_BOND_REWARD_SPLIT = 0.5 - # Username for HTLCs escrows -ESCROW_USERNAME = 'admin' +ESCROW_USERNAME = 'admin' \ No newline at end of file diff --git a/compose/env-sample/lndtn/tor/.gikeep b/compose/env-sample/lndtn/tor/.gikeep new file mode 100644 index 0000000..e69de29 diff --git a/compose/tor/config/torrc b/compose/env-sample/lndtn/torrc similarity index 56% rename from compose/tor/config/torrc rename to compose/env-sample/lndtn/torrc index 4d9ece7..63e6a29 100644 --- a/compose/tor/config/torrc +++ b/compose/env-sample/lndtn/torrc @@ -5,17 +5,13 @@ Log notice file /var/log/tor/notices.log DataDirectory /var/lib/tor DataDirectoryGroupReadable 1 -## Robosats Testnet Onion Service -HiddenServiceDir /var/lib/tor/web/ -HiddenServiceVersion 3 -HiddenServicePort 80 nginx:80 -HiddenServicePort 88 nginx:80 -HiddenServicePort 800 nginx:80 -HiddenServicePort 8000 nginx:80 -HiddenServicePort 8888 nginx:80 - ## Enable ControlPort ControlPort 9051 CookieAuthentication 1 CookieAuthFileGroupReadable 1 -CookieAuthFile /var/lib/tor/control_auth_cookie \ No newline at end of file +CookieAuthFile /var/lib/tor/control_auth_cookie + +# Robosats LND Testnet Onion Service +HiddenServiceDir /var/lib/tor/robotest/ +HiddenServiceVersion 3 +HiddenServicePort 80 127.0.0.1:80 \ No newline at end of file diff --git a/compose/tor/Dockerfile b/compose/tor/Dockerfile index 7b65d88..b24b031 100644 --- a/compose/tor/Dockerfile +++ b/compose/tor/Dockerfile @@ -1,10 +1,20 @@ FROM alpine:3 -RUN apk --no-cache --no-progress add tor +RUN apk --no-cache --no-progress add tor=~0.4 EXPOSE 9001 9050 -COPY entrypoint.sh /root/entrypoint.sh -COPY torrc /tmp/torrc +# hadolint ignore=DL3002 +USER root +ARG LOCAL_USER_ID=9999 +ENV TOR_DATA=/var/lib/tor -ENTRYPOINT [ "/root/entrypoint.sh" ] +# Add useradd and usermod +# Create user account (UID will be changed in entrypoint script) +RUN apk --no-cache --no-progress add shadow=~4 sudo=~1 && \ + useradd -u $LOCAL_USER_ID --shell /bin/sh -m alice && \ + usermod -g alice tor + +COPY entrypoint.sh /root/entrypoint.sh + +ENTRYPOINT [ "/root/entrypoint.sh" ] \ No newline at end of file diff --git a/compose/tor/entrypoint.sh b/compose/tor/entrypoint.sh index 6859b48..402d8c8 100755 --- a/compose/tor/entrypoint.sh +++ b/compose/tor/entrypoint.sh @@ -1,9 +1,13 @@ #!/bin/sh set -e -# Create torrc if it doesn't exist -if [ ! -f "/etc/tor/torrc" ]; then - cp /tmp/torrc /etc/tor/torrc -fi +# Change local user id and group +usermod -u 1000 alice +groupmod -g 1000 alice + +# Set correct owners on volumes +chown -R tor:alice /var/lib/tor +chown -R :alice /etc/tor +chown -R alice:alice /home/alice exec sudo -u tor /usr/bin/tor \ No newline at end of file