Update

Final update previous to the first release

README.md

@@ -1,4 +1,4 @@
-# MiniBolt-draft
+# MiniBolt
 
 ## A complete guide to build a Bitcoin & Lightning full node on a Personal Computer
 

_config.yml

@@ -19,7 +19,7 @@ twitter:
   card: summary_large_image
   username: twofaktor
 
-title: MiniBolt-draft
+title: MiniBolt
 tagline: "Bitcoin & Lightning full node on a personal computer"
 description: "Build your own “DIY” Bitcoin & Lightning full node on a personal computer. No need to trust anyone else."
 type: website

guide/bitcoin/electrum-server.md

@@ -304,6 +304,7 @@ Note that the remote device needs to have Tor installed as well.
   ```
 
   ```sh
+  ############### This section is just for location-hidden services ###
   # Hidden Service Electrs SSL
   HiddenServiceDir /var/lib/tor/hidden_service_electrs/
   HiddenServiceVersion 3

guide/bonus/bitcoin/electrum-personal-server.md

@@ -0,0 +1,250 @@
+---
+layout: default
+title: Electrum Personal Server
+parent: + Bitcoin
+grand_parent: Bonus Section
+nav_exclude: true
+has_children: false
+has_toc: false
+---
+<!-- markdownlint-disable MD014 MD022 MD025 MD033 MD040 -->
+
+# Bonus guide: Electrum Personal Server
+
+{: .no_toc }
+
+---
+
+The best way to safekeep your bitcoin (meaning the best combination of security and usability) is to use a hardware wallet (like [Ledger](https://www.ledgerwallet.com/){:target="_blank"} or [Trezor](https://trezor.io/)){:target="_blank"} in combination with your own Bitcoin node. This gives you security, privacy and eliminates the need to trust a third party to verify transactions.
+
+With the MiniBolt setup, the Bitcoin Core wallet on the node can only be used from the command line as no graphical user interface is installed. As Bitcoin Core does not offer support for hardware wallets, only a "hot wallet" (exposed to the internet) can be realized.
+
+One possibility to use Bitcoin Core with more functionality is to set up an additional [ElectrumX](https://github.com/kyuupichan/electrumx){:target="_blank"} server and then use the great [Electrum wallet](https://electrum.org/){:target="_blank"} (on your regular computer) that integrates with hardware wallets. But this setup is not easy, and the overhead is more than a Raspberry Pi can handle.
+
+The new [Electrum Personal Server](https://github.com/chris-belcher/electrum-personal-server){:target="_blank"} makes it possible to connect Electrum (using your hardware wallet) directly to your RaspiBolt. In contrast to ElectrumX, this is not a full server that serves multiple users, but your own dedicated backend.
+
+Before using this setup, please familiarize yourself with all components by setting up your own Electrum wallet, visiting the linked project websites and reading [The Electrum Personal Server Will Give Users the Full Node Security They Need](https://bitcoinmagazine.com/articles/electrum-personal-server-will-give-users-full-node-security-they-need/){:target="_blank"} in Bitcoin Magazine.
+
+Difficulty: Intermediate
+{: .label .label-yellow }
+
+Status: Not tested MiniBolt
+{: .label .label-red }
+
+---
+
+Table of contents
+{: .text-delta }
+
+1. TOC
+{:toc}
+
+---
+
+## Preparations
+
+* With user 'admin', make sure Python3 and PIP are installed. Also the 'setuptools' package is required.
+
+  ```sh
+  $ sudo apt install -y python3 python3-pip
+  $ sudo pip3 install setuptools
+  ```
+
+* Configure firewall to allow incoming requests (please check if you need to adjust the subnet mask as [described in original setup](../../raspberry-pi/security.md#enabling-the-uncomplicated-firewall))
+
+  ```sh
+  $ sudo ufw allow from 192.168.0.0/16 to any port 50002/tcp comment 'allow EPS from local network'
+  ```
+
+Electrum Personal Server uses the Bitcoin Core wallet with "watch-only" addresses to monitor the blockchain for you.
+
+* Make sure that in "bitcoin.conf", `disablewallet=1` is not set (it can be either missing, or set to `0`). Save and exit.
+  `$ sudo nano /home/bitcoin/.bitcoin/bitcoin.conf`
+
+* If you changed `bitcoin.conf`, restart bitcoind
+  `$ sudo systemctl restart bitcoind`
+
+### Install Electrum Personal Server
+
+* Open a "bitcoin" user session and change into the home directory
+  `$ sudo su - bitcoin`
+
+* Download, verify and extract the latest release (check the [Releases page](https://github.com/chris-belcher/electrum-personal-server/releases){:target="_blank"} on Github for the correct links)
+
+  ```sh
+  # create new directory on external hdd
+  $ mkdir /mnt/ext/electrum-personal-server
+  $ ln -s /mnt/ext/electrum-personal-server /home/bitcoin/electrum-personal-server
+  $ cd electrum-personal-server
+
+  # download release
+  $ wget https://github.com/chris-belcher/electrum-personal-server/archive/eps-v0.2.4.tar.gz
+  $ wget https://github.com/chris-belcher/electrum-personal-server/releases/download/eps-v0.2.4/eps-v0.2.4.tar.gz.asc
+  $ wget https://raw.githubusercontent.com/chris-belcher/electrum-personal-server/master/docs/pubkeys/belcher.asc
+
+  # verify that the release is signed by Chris Belcher (check the fingerprint)
+  $ gpg --import belcher.asc
+  $ gpg --verify eps-v0.2.4.tar.gz.asc
+  > gpg: Good signature from "Chris Belcher <[email protected]>" [unknown]
+  > Primary key fingerprint: 0A8B 038F 5E10 CC27 89BF  CFFF EF73 4EA6 77F3 1129
+
+  $ tar -xvf eps-v0.2.4.tar.gz
+  $ rm *.gz*
+  ```
+
+* Copy and edit configuration template (skip this step when updating)
+
+  ```sh
+  $ cp electrum-personal-server-eps-v0.2.4/config.ini_sample config.ini
+  $ nano config.ini
+  ```
+
+  * Add your wallet master public keys or watch-only addresses to the `[master-public-keys]` and `[watch-only-addresses]` sections. Master public keys for an Electrum wallet can be found in the Electrum client menu `Wallet` -> `Information`.
+
+  * In `[bitcoin-rpc]`, uncomment and complete the lines.
+
+    ```sh
+    rpc_user = raspibolt
+    rpc_password = [PASSWORD_B]
+    ```
+
+  * In `[electrum-server]`, change the listening `host` to `0.0.0.0`, so that you can reach it from a remote computer. The firewall only accepts connections from within the home network, not from the internet.
+
+    ```sh
+    host = 0.0.0.0
+    ```
+
+* Save and exit
+
+* Install Electrum Personal Server
+
+  ```sh
+  $ cd electrum-personal-server-eps-v0.2.4/
+  # Install the wheel package first, which is required
+  $ pip3 install wheel
+  $ pip3 install --user .
+  ```
+
+![Install Electrum Personal Server with Python Pip](../../../images/60_eps_pip_install.png)
+
+### Setup default wallet with `bitcoind` and set it to autoload on daemon start
+
+eps needs a "dummy" wallet configured in bitcoind to correctly scan for transactions.
+Create a basic wallet with
+
+  ```sh
+  $ bitcoin-cli createwallet "default" "true" "true" "" "true"
+  ```
+
+and then add directive to autoload it into `bitcoin.conf`:
+
+  ```sh
+  $ nano ~/.bitcoin/bitcoin.conf
+  ```
+
+following can be placed after the `# Connections` stanza
+
+  ```sh
+  # Default wallet
+  wallet=/data/bitcoin/default
+  ```
+
+The default wallet will be automatically loaded after creation, and the autoload directive will take care of loading it at each restart.
+
+### First start
+
+The Electrum Personal Server scripts are installed in the directory `/home/bitcoin/.local/bin/`. Unfortunately, in Raspberry Pi OS this directory is not in the system path, so the full path needs to be specified when calling these scripts. Alternatively, just [add this directory to your $PATH environment variable](https://unix.stackexchange.com/questions/26047/how-to-correctly-add-a-path-to-path){:target="_blank"}, but it's not necessary in this guide.
+
+* The first time the server is run it will import all configured addresses as watch-only into the Bitcoin node. This can take up to 10 minutes, after that the program will exit.
+
+  ```sh
+  $ /home/bitcoin/.local/bin/electrum-personal-server /home/bitcoin/electrum-personal-server/config.cfg
+  ```
+
+* If your wallet has previous transactions, Electrum Personal Server needs to rescan the Bitcoin blockchain to get the historical information. This can take a long time for the whole blockchain, therefore you can set the start date of the scan (it will still take more than 1 hour per year of history).
+
+  ```sh
+  $ /home/bitcoin/.local/bin/electrum-personal-server --rescan /home/bitcoin/electrum-personal-server/config.cfg
+  ```
+
+* You can monitor the rescan progress in the Bitcoin Core logfile from a second SSH session:
+
+  ```sh
+  $ sudo tail -f /home/bitcoin/.bitcoin/debug.log
+  ```
+
+* Run Electrum Personal Server again and connect your Electrum wallet from your regular computer.
+
+  ```sh
+  $ /home/bitcoin/.local/bin/electrum-personal-server /home/bitcoin/electrum-personal-server/config.cfg
+  ```
+
+![Run Electrum Personal Server manually](../../../images/60_eps_first-start.png)
+
+### Connect Electrum
+
+On your regular computer, configure Electrum to use your MiniBoltt:
+
+* In menu: `Tools > Network > Server`
+* Uncheck "Select server automatically"
+* Enter the IP of your RaspiBolt (eg. 192.168.0.20) in the address field
+
+![Connect Electrum to RaspiBolt](../../../images/60_eps_electrum-connect.png)
+
+* `Close` and check connection in tab "Console"
+
+![Check Electrum console](../../../images/60_eps_electrumwallet.png)
+
+* This can also be achived by starting the Electrum wallet with the following command line arguments:
+  `--oneserver --server 192.168.0.20:50002:s`
+
+### Automate startup
+
+If everything works as expected, we will now automate the start of Electrum Personal Server on the RaspiBolt.
+
+* On the Pi, exit Electrum Personal Server by pressing `Ctrl-C`
+
+* Exit the "bitcoin" user session back to user "admin"
+  `exit`
+
+* As "admin", set up the systemd unit for automatic start on boot, save and exit
+
+  ```sh
+  $ sudo nano /etc/systemd/system/eps.service
+  ```
+
+  ```sh
+  [Unit]
+  Description=Electrum Personal Server
+  After=bitcoind.service
+
+  [Service]
+  ExecStart=/usr/bin/python3 /home/bitcoin/.local/bin/electrum-personal-server /home/bitcoin/electrum-personal-server/config.cfg
+  User=bitcoin
+  Group=bitcoin
+  Type=simple
+  KillMode=process
+  TimeoutSec=60
+  Restart=always
+  RestartSec=60
+
+  [Install]
+  WantedBy=multi-user.target
+  ```
+
+* Enable and start the eps.service unit
+  `$ sudo systemctl enable eps.service`
+  `$ sudo systemctl start eps.service`
+
+* Check the startup process for Electrum Personal Server
+  `$ tail -f  /tmp/electrumpersonalserver.log`
+
+---
+
+### Don't trust, verify
+
+Congratulations, you have now one of the best Bitcoin desktop wallet, capable of securing your bitcoin with support of a hardware wallet, running with your own trustless Bitcoin full node!
+
+---
+
+<< Back: [+ Bitcoin](index.md)

guide/bonus/bitcoin/index.md

@@ -17,6 +17,7 @@ has_toc: false
 ## Electrum servers
 
 * **[Fulcrum](fulcrum.md)** - a fast & nimble SPV server for Bitcoin Cash, Bitcoin BTC, and Litecoin.
+* **[Electrum Personal Server](electrum-personal-server.md)** - an alternative to Electrs
 
 ---
 
@@ -61,7 +62,7 @@ has_toc: false
 
 ## Testnet
 
-* **[Running a Testnet RaspiBolt Node](testnet.md)** - configure your RaspiBolt for use on testnet
+* **[Running a Testnet MiniBolt Node](testnet.md)** - configure your MiniBolt for use on testnet
 
 ---
 

guide/bonus/bitcoin/mempool.md

@@ -121,7 +121,7 @@ For improved security, we create the new user "mempool" that will run the Mempoo
   > MariaDB [(none)]>
   ```
 
-* Enter the following commands in the shell and exit. The instructions to enter in the MariaDB shell with start with "MDB$". Change "Password[M]" to the random password generated above.
+* Enter the following commands in the shell and exit. The instructions to enter in the MariaDB shell start with "MDB$". Change "Password[M]" to the random password generated above.
 
   ```sql
   MDB$ create database mempool;
@@ -190,6 +190,7 @@ For improved security, we create the new user "mempool" that will run the Mempoo
     },
     "SOCKS5PROXY": {
       "ENABLED": true,
+      "USE_ONION": true,
       "HOST": "127.0.0.1",
       "PORT": 9050
     },

guide/bonus/bitcoin/specter-desktop.md

@@ -67,8 +67,6 @@ Status: Not tested MiniBolt
 
   ```sh
   $ sudo ufw allow from 192.168.0.0/16 to any port 25441 comment 'allow Specter Desktop from local network'
-  $ sudo ufw enable
-  $ sudo ufw status
   ```
 
 - Install the following required system dependencies

guide/bonus/bitcoin/testnet.md

@@ -9,13 +9,13 @@ has_toc: false
 ---
 <!-- markdownlint-disable MD014 MD022 MD025 MD033 MD040 -->
 
-# Bonus guide: RaspiBolt on Testnet
+# Bonus guide: MiniBolt on Testnet
 
 {: .no_toc }
 
 ---
 
-You can run your RaspiBolt node on testnet to develop and experiment with new applications, without putting real money at risk. This bonus guide highlights all configuration changes compared to the main guide.
+You can run your MiniBolt node on testnet to develop and experiment with new applications, without putting real money at risk. This bonus guide highlights all configuration changes compared to the main guide.
 
 Difficulty: Medium
 {: .label .label-yellow }
@@ -44,7 +44,7 @@ The great news is that most of the RaspiBolt guide can be used as-is. The small
 File location: `/data/bitcoin/bitcoin.conf`
 
   ```sh
-  # RaspiBolt: bitcoind configuration for testnet node
+  # MiniBolt: bitcoind configuration for testnet node
 
   # [chain]
   # main, test, signet, regtest
@@ -153,7 +153,7 @@ Your nginx might need to be reloaded using
   ```sh
   $ sudo nginx -t
   $ sudo systemctl reload nginx
-  $ sudo ufw allow 60002/tcp comment 'allow Electrum SSL Testnet'
+  $ sudo ufw allow from 192.168.0.0/16 to any port 60002/tcp comment 'allow Electrum SSL Testnet from local network'
   ```
 
 ### Tor
@@ -164,6 +164,7 @@ File location: `/etc/tor/torrc`
 
   ```sh
   ############### This section is just for location-hidden services ###
+  # Hidden Service Electrs Testnet
   HiddenServiceDir /var/lib/tor/hidden_service_electrs_testnet/
   HiddenServiceVersion 3
   HiddenServicePort 60002 127.0.0.1:60002