archy/scripts/deploy-bitcoin-knots.sh

#!/bin/bash
#
# Complete Bitcoin Knots Deployment for Archipelago
# This script deploys Bitcoin Knots with a working web UI
# 
# For production/beta releases, this needs to be captured in the auto-installer
# or provided as a one-click install in the App Store
#

set -e

# Read per-installation Bitcoin RPC credentials
SECRETS_DIR="/var/lib/archipelago/secrets"
sudo mkdir -p "$SECRETS_DIR" && sudo chmod 700 "$SECRETS_DIR"
if [ ! -f "$SECRETS_DIR/bitcoin-rpc-password" ]; then
    openssl rand -base64 24 | sudo tee "$SECRETS_DIR/bitcoin-rpc-password" > /dev/null
    sudo chmod 600 "$SECRETS_DIR/bitcoin-rpc-password"
fi
BITCOIN_RPC_USER="archipelago"
BITCOIN_RPC_PASS=$(sudo cat "$SECRETS_DIR/bitcoin-rpc-password")

echo "╔════════════════════════════════════════════════════════════════╗"
echo "║  Deploying Bitcoin Knots with Web UI                          ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""

# Step 1: Create data directory
echo "📁 Creating Bitcoin data directory..."
sudo mkdir -p /var/lib/archipelago/bitcoin
echo "   ✅ Directory created"

# Step 2: Deploy Bitcoin Knots node
echo ""
echo "₿ Deploying Bitcoin Knots node..."
sudo podman run -d \
  --name bitcoin-knots \
  --restart unless-stopped \
  -p 8332:8332 \
  -p 8333:8333 \
  -v /var/lib/archipelago/bitcoin:/home/bitcoin/.bitcoin \
  --label "com.archipelago.app=bitcoin-knots" \
  --label "com.archipelago.title=Bitcoin Knots" \
  --label "com.archipelago.version=28.1" \
  --label "com.archipelago.category=bitcoin" \
  --label "com.archipelago.description.short=Full Bitcoin node implementation" \
  --label "com.archipelago.description.long=Bitcoin Knots is a derivative of Bitcoin Core with additional features and bug fixes. Maintain the full blockchain and validate all transactions." \
  --label "com.archipelago.license=MIT" \
  --label "com.archipelago.icon=/assets/img/app-icons/bitcoin-knots.webp" \
  --label "com.archipelago.port=8332" \
  --label "com.archipelago.repo=https://github.com/bitcoinknots/bitcoin" \
  docker.io/bitcoinknots/bitcoin:latest \
  -server=1 \
  -txindex=1 \
  -rpcallowip=127.0.0.1/32 -rpcallowip=10.88.0.0/16 \
  -rpcbind=0.0.0.0:8332 \
  -rpcuser=archipelago \
  -rpcpassword=$BITCOIN_RPC_PASS \
  -dbcache=4096

echo "   ✅ Bitcoin Knots node starting"

# Step 3: Build and deploy web UI
echo ""
echo "🌐 Building Bitcoin Knots web UI..."

# Create temporary build directory
BUILD_DIR="/tmp/bitcoin-ui-build"
rm -rf "$BUILD_DIR"
mkdir -p "$BUILD_DIR"

# Create Dockerfile
cat > "$BUILD_DIR/Dockerfile" << 'EOF'
FROM docker.io/library/nginx:alpine

# Copy the static UI
COPY index.html /usr/share/nginx/html/

# Create assets directories
RUN mkdir -p /usr/share/nginx/html/assets/img/app-icons && \
    mkdir -p /usr/share/nginx/html/assets/img

EXPOSE 80

CMD ["nginx", "-g", "daemon off;"]
EOF

# Copy UI file from the project
# For beta: this needs to be included in the ISO or downloadable
cp /home/archipelago/archy/docker/bitcoin-ui/index.html "$BUILD_DIR/"

# Build the image
sudo podman build -t localhost/bitcoin-ui:latest "$BUILD_DIR"

# Deploy UI container
sudo podman run -d \
  --name bitcoin-ui \
  --restart unless-stopped \
  -p 8334:80 \
  --label "com.archipelago.app=bitcoin-ui" \
  --label "com.archipelago.parent=bitcoin-knots" \
  localhost/bitcoin-ui:latest

echo "   ✅ Bitcoin UI deployed on port 8334"

# Cleanup
rm -rf "$BUILD_DIR"

# Step 4: Wait for backend to detect
echo ""
echo "⏳ Waiting for backend to detect containers..."
sleep 5

echo ""
echo "╔════════════════════════════════════════════════════════════════╗"
echo "║  ✅ BITCOIN KNOTS DEPLOYED!                                   ║"
echo "╚════════════════════════════════════════════════════════════════╝"
echo ""
echo "📊 Status:"
sudo podman ps | grep bitcoin
echo ""
echo "🌐 Access:"
echo "   • Web UI:  http://YOUR-SERVER-IP:8334"
echo "   • RPC:     http://localhost:8332"
echo "   • Network: Port 8333 (Bitcoin P2P)"
echo ""
echo "📝 RPC Credentials:"
echo "   • User: archipelago"
echo "   • Pass: (stored in /var/lib/archipelago/secrets/bitcoin-rpc-password)"
echo ""
echo "⏰ Blockchain sync will take several hours to days."
echo "   Check progress: sudo podman logs -f bitcoin-knots"
echo ""
Revise BUILD-GUIDE and enhance ISO build process - Updated BUILD-GUIDE.md to streamline instructions for building the Archipelago Auto-Installer ISO, including prerequisites and post-installation steps. - Added detailed sections on capturing the live server state and building from source. - Enhanced Docker and Podman integration in build scripts for improved backend and web UI capture. - Introduced new app metadata for "IndeedHub" in the Docker package scanner and updated UI components for better installation progress tracking. - Improved styling and functionality in the Bitcoin UI for a more cohesive user experience. 2026-02-03 21:43:33 +00:00			`#!/bin/bash`
			`#`
			`# Complete Bitcoin Knots Deployment for Archipelago`
			`# This script deploys Bitcoin Knots with a working web UI`
			`#`
			`# For production/beta releases, this needs to be captured in the auto-installer`
			`# or provided as a one-click install in the App Store`
			`#`

			`set -e`

feat: Phase 1 — per-installation credential generation, eliminate hardcoded passwords Generate unique random passwords at first boot for Bitcoin RPC, all database services (mempool, btcpay, immich, penpot, mysql-root), and Fedimint gateway. Credentials stored in /var/lib/archipelago/secrets/ with 600 permissions. Scripts: first-boot-containers.sh, deploy-to-target.sh, deploy-bitcoin-knots.sh, container-doctor.sh all read from secrets files instead of hardcoded values. Rust backend: new bitcoin_rpc module reads password from secrets file, env var, or dev fallback. All .basic_auth() calls and container config strings now use the shared credential reader instead of hardcoded "archipelago123". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 00:39:52 +00:00			`# Read per-installation Bitcoin RPC credentials`
			`SECRETS_DIR="/var/lib/archipelago/secrets"`
			`sudo mkdir -p "$SECRETS_DIR" && sudo chmod 700 "$SECRETS_DIR"`
			`if [ ! -f "$SECRETS_DIR/bitcoin-rpc-password" ]; then`
			`openssl rand -base64 24 \| sudo tee "$SECRETS_DIR/bitcoin-rpc-password" > /dev/null`
			`sudo chmod 600 "$SECRETS_DIR/bitcoin-rpc-password"`
			`fi`
			`BITCOIN_RPC_USER="archipelago"`
			`BITCOIN_RPC_PASS=$(sudo cat "$SECRETS_DIR/bitcoin-rpc-password")`

Revise BUILD-GUIDE and enhance ISO build process - Updated BUILD-GUIDE.md to streamline instructions for building the Archipelago Auto-Installer ISO, including prerequisites and post-installation steps. - Added detailed sections on capturing the live server state and building from source. - Enhanced Docker and Podman integration in build scripts for improved backend and web UI capture. - Introduced new app metadata for "IndeedHub" in the Docker package scanner and updated UI components for better installation progress tracking. - Improved styling and functionality in the Bitcoin UI for a more cohesive user experience. 2026-02-03 21:43:33 +00:00			`echo "╔════════════════════════════════════════════════════════════════╗"`
			`echo "║ Deploying Bitcoin Knots with Web UI ║"`
			`echo "╚════════════════════════════════════════════════════════════════╝"`
			`echo ""`

			`# Step 1: Create data directory`
			`echo "📁 Creating Bitcoin data directory..."`
			`sudo mkdir -p /var/lib/archipelago/bitcoin`
			`echo " ✅ Directory created"`

			`# Step 2: Deploy Bitcoin Knots node`
			`echo ""`
			`echo "₿ Deploying Bitcoin Knots node..."`
			`sudo podman run -d \`
			`--name bitcoin-knots \`
			`--restart unless-stopped \`
			`-p 8332:8332 \`
			`-p 8333:8333 \`
			`-v /var/lib/archipelago/bitcoin:/home/bitcoin/.bitcoin \`
			`--label "com.archipelago.app=bitcoin-knots" \`
			`--label "com.archipelago.title=Bitcoin Knots" \`
			`--label "com.archipelago.version=28.1" \`
			`--label "com.archipelago.category=bitcoin" \`
			`--label "com.archipelago.description.short=Full Bitcoin node implementation" \`
			`--label "com.archipelago.description.long=Bitcoin Knots is a derivative of Bitcoin Core with additional features and bug fixes. Maintain the full blockchain and validate all transactions." \`
			`--label "com.archipelago.license=MIT" \`
			`--label "com.archipelago.icon=/assets/img/app-icons/bitcoin-knots.webp" \`
			`--label "com.archipelago.port=8332" \`
			`--label "com.archipelago.repo=https://github.com/bitcoinknots/bitcoin" \`
			`docker.io/bitcoinknots/bitcoin:latest \`
			`-server=1 \`
			`-txindex=1 \`
feat: Phase 2 — systemd sandboxing, Bitcoin RPC localhost binding, Tailscale deprivilege - Service runs as unprivileged `archipelago` user instead of root - Added systemd sandboxing: ProtectSystem=strict, NoNewPrivileges, PrivateTmp, MemoryDenyWriteExecute, RestrictNamespaces, SystemCallFilter - Bitcoin RPC rpcallowip restricted to localhost + Podman subnet (10.88.0.0/16) - Tailscale container: removed --privileged, uses cap-drop ALL + cap-add NET_ADMIN/NET_RAW Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 00:42:29 +00:00			`-rpcallowip=127.0.0.1/32 -rpcallowip=10.88.0.0/16 \`
Revise BUILD-GUIDE and enhance ISO build process - Updated BUILD-GUIDE.md to streamline instructions for building the Archipelago Auto-Installer ISO, including prerequisites and post-installation steps. - Added detailed sections on capturing the live server state and building from source. - Enhanced Docker and Podman integration in build scripts for improved backend and web UI capture. - Introduced new app metadata for "IndeedHub" in the Docker package scanner and updated UI components for better installation progress tracking. - Improved styling and functionality in the Bitcoin UI for a more cohesive user experience. 2026-02-03 21:43:33 +00:00			`-rpcbind=0.0.0.0:8332 \`
			`-rpcuser=archipelago \`
feat: Phase 1 — per-installation credential generation, eliminate hardcoded passwords Generate unique random passwords at first boot for Bitcoin RPC, all database services (mempool, btcpay, immich, penpot, mysql-root), and Fedimint gateway. Credentials stored in /var/lib/archipelago/secrets/ with 600 permissions. Scripts: first-boot-containers.sh, deploy-to-target.sh, deploy-bitcoin-knots.sh, container-doctor.sh all read from secrets files instead of hardcoded values. Rust backend: new bitcoin_rpc module reads password from secrets file, env var, or dev fallback. All .basic_auth() calls and container config strings now use the shared credential reader instead of hardcoded "archipelago123". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 00:39:52 +00:00			`-rpcpassword=$BITCOIN_RPC_PASS \`
Revise BUILD-GUIDE and enhance ISO build process - Updated BUILD-GUIDE.md to streamline instructions for building the Archipelago Auto-Installer ISO, including prerequisites and post-installation steps. - Added detailed sections on capturing the live server state and building from source. - Enhanced Docker and Podman integration in build scripts for improved backend and web UI capture. - Introduced new app metadata for "IndeedHub" in the Docker package scanner and updated UI components for better installation progress tracking. - Improved styling and functionality in the Bitcoin UI for a more cohesive user experience. 2026-02-03 21:43:33 +00:00			`-dbcache=4096`

			`echo " ✅ Bitcoin Knots node starting"`

			`# Step 3: Build and deploy web UI`
			`echo ""`
			`echo "🌐 Building Bitcoin Knots web UI..."`

			`# Create temporary build directory`
			`BUILD_DIR="/tmp/bitcoin-ui-build"`
			`rm -rf "$BUILD_DIR"`
			`mkdir -p "$BUILD_DIR"`

			`# Create Dockerfile`
			`cat > "$BUILD_DIR/Dockerfile" << 'EOF'`
			`FROM docker.io/library/nginx:alpine`

			`# Copy the static UI`
			`COPY index.html /usr/share/nginx/html/`

			`# Create assets directories`
			`RUN mkdir -p /usr/share/nginx/html/assets/img/app-icons && \`
			`mkdir -p /usr/share/nginx/html/assets/img`

			`EXPOSE 80`

			`CMD ["nginx", "-g", "daemon off;"]`
			`EOF`

			`# Copy UI file from the project`
			`# For beta: this needs to be included in the ISO or downloadable`
			`cp /home/archipelago/archy/docker/bitcoin-ui/index.html "$BUILD_DIR/"`

			`# Build the image`
			`sudo podman build -t localhost/bitcoin-ui:latest "$BUILD_DIR"`

			`# Deploy UI container`
			`sudo podman run -d \`
			`--name bitcoin-ui \`
			`--restart unless-stopped \`
			`-p 8334:80 \`
			`--label "com.archipelago.app=bitcoin-ui" \`
			`--label "com.archipelago.parent=bitcoin-knots" \`
			`localhost/bitcoin-ui:latest`

			`echo " ✅ Bitcoin UI deployed on port 8334"`

			`# Cleanup`
			`rm -rf "$BUILD_DIR"`

			`# Step 4: Wait for backend to detect`
			`echo ""`
			`echo "⏳ Waiting for backend to detect containers..."`
			`sleep 5`

			`echo ""`
			`echo "╔════════════════════════════════════════════════════════════════╗"`
			`echo "║ ✅ BITCOIN KNOTS DEPLOYED! ║"`
			`echo "╚════════════════════════════════════════════════════════════════╝"`
			`echo ""`
			`echo "📊 Status:"`
			`sudo podman ps \| grep bitcoin`
			`echo ""`
			`echo "🌐 Access:"`
			`echo " • Web UI: http://YOUR-SERVER-IP:8334"`
			`echo " • RPC: http://localhost:8332"`
			`echo " • Network: Port 8333 (Bitcoin P2P)"`
			`echo ""`
			`echo "📝 RPC Credentials:"`
			`echo " • User: archipelago"`
feat: Phase 1 — per-installation credential generation, eliminate hardcoded passwords Generate unique random passwords at first boot for Bitcoin RPC, all database services (mempool, btcpay, immich, penpot, mysql-root), and Fedimint gateway. Credentials stored in /var/lib/archipelago/secrets/ with 600 permissions. Scripts: first-boot-containers.sh, deploy-to-target.sh, deploy-bitcoin-knots.sh, container-doctor.sh all read from secrets files instead of hardcoded values. Rust backend: new bitcoin_rpc module reads password from secrets file, env var, or dev fallback. All .basic_auth() calls and container config strings now use the shared credential reader instead of hardcoded "archipelago123". Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com> 2026-03-18 00:39:52 +00:00			`echo " • Pass: (stored in /var/lib/archipelago/secrets/bitcoin-rpc-password)"`
Revise BUILD-GUIDE and enhance ISO build process - Updated BUILD-GUIDE.md to streamline instructions for building the Archipelago Auto-Installer ISO, including prerequisites and post-installation steps. - Added detailed sections on capturing the live server state and building from source. - Enhanced Docker and Podman integration in build scripts for improved backend and web UI capture. - Introduced new app metadata for "IndeedHub" in the Docker package scanner and updated UI components for better installation progress tracking. - Improved styling and functionality in the Bitcoin UI for a more cohesive user experience. 2026-02-03 21:43:33 +00:00			`echo ""`
			`echo "⏰ Blockchain sync will take several hours to days."`
			`echo " Check progress: sudo podman logs -f bitcoin-knots"`
			`echo ""`