taler-docs

bitcoin-manual.rst (15428B)

---

 ..
   This file is part of GNU TALER.
   Copyright (C) 2025 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU Affero General Public License as published by the Free Software
   Foundation; either version 2.1, or (at your option) any later version.
 
   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
 
   You should have received a copy of the GNU Affero General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 
   @author Antoine d'Aligny
 
 
 Bitcoin Depolymerizer Setup Manual
 ##################################
 
 depolymerizer-bitcoin is a bitcoin blockhain Taler adapter.
 
 This manual targets system administrators who want to install and
 operate a Bictoin GNU Taler Depolymerizer
 
 In this manual, we explain how to setup a depolymerizer.
 
 .. contents:: Table of Contents
   :local:
 
 Installation of the Bitcoin Depolymerizer
 =========================================
 
 Installing on Debian
 --------------------
 
 .. include:: frags/installing-debian.rst
 
 To install the depolymerizer, you can now simply run:
 
 .. code-block:: shell-session
 
   # apt install bitcoin-depolymerizer
 
 Installing on Ubuntu
 --------------------
 
 .. include:: frags/installing-ubuntu.rst
 
 To install the depolymerizer, you can now simply run:
 
 .. code-block:: shell-session
 
   # apt install bitcoin-depolymerizer
 
 Building from source
 --------------------
 
 Bitcoin Depolymerizer belongs to the Depolymerization project, and can be downloaded via Git:
 
 .. code-block:: console
 
   $ git clone git://git.taler.net/depolymerization
   $ cd depolymerization
 
 You will need the latest version of the rust stable toolchain and a C toolchain:
 
 .. code-block:: console
 
   $ sudo apt install rustup build-essential
   $ rustup toolchain install stable
 
 Then from top-level run:
 
 .. code-block:: console
 
   $ ./bootstrap
 
 Install deb package
 ~~~~~~~~~~~~~~~~~~~
 
 To install the depolymerizer as a Debian/Ubuntu package with an automated secure setup and systemd services:
 
 .. code-block:: console
 
   $ sudo apt install debhelper 
   $ make deb
   $ sudo dpkg -i ../depolymerizer-bitcoin*.deb
 
 If the previous steps succeeded, the ``depolymerizer-bitcoin`` command should be found in the $PATH.
 
 Install binaries
 ~~~~~~~~~~~~~~~~
 
 To install the depolymerizer binaries and default configuration localy run:
 
 .. code-block:: console
 
   $ ./configure --prefix=$PREFIX
   $ make install
 
 If the previous steps succeeded, the ``depolymerizer-bitcoin`` command should be found in the $PATH.
 
 Services, users, groups and file system hierarchy
 -------------------------------------------------
 
 The *depolymerizer-bitcoin* package will create several system users
 to compartmentalize different parts of the system:
 
 * ``depolymerizer-bitcoin-httpd``: runs the HTTP daemon with the API logic.
 * ``depolymerizer-bitcoin-worker``: runs the worker daemon with the bitcoind node.
 * ``depolymerizer-bitcoin-node``: runs the bitcoind node daemon interacting.
 * ``postgres``: runs the PostgreSQL database (from *postgresql* package).
 
 The depolymerizer setup uses the following system groups:
 
 * ``depolymerizer-bitcoin-db``: group for all users with direct database access, specifically depolymerizer-bitcoin-httpd and depolymerizer-bitcoin-worker.
 * ``depolymerizer-bitcoin-cookie``: group for all users with access to the bicoind cookie file, specifically depolymerizer-bitcoin-worke and depolymerizer-bitcoin-node.
 
 The package will deploy systemd service files in
 ``/usr/lib/systemd/system/`` for the various components:
 
 * ``depolymerizer-bitcoin-httpd.service``: adapter REST API.
 * ``depolymerizer-bitcoin-httpd.socket``: systemd socket activation for the HTTP daemon.
 * ``depolymerizer-bitcoin-worker.service``: worker daemon with the bitcoind node.
 * ``depolymerizer-bitcoin-node.service``: bitcoin node.
 * ``depolymerizer-bitcoin.target``: main target for the depolymerizer to be operational.
 
 The deployment creates the following key locations in the system:
 
 * ``/etc/depolymerizer-bitcoin/``: configuration files.
 * ``/run/depolymerizer-bitcoin/``: contains the UNIX domain sockets for inter-process communication (IPC).
 * ``/var/lib/bitcoind``: serves as the $HOME for depolymerizer-bitcoin-node and contains the bitcoind node data and cookie files.
 
 Installation of the Bitcoin node
 ================================
 
 You need to install bitcoind & bitcoin-cli yourself, you can install them from the `Bitcoin Core website <https://bitcoincore.org/en/download/>`_.
 
 .. code-block:: console
 
   $ curl -L https://bitcoincore.org/bin/bitcoin-core-29.0/bitcoin-29.0-x86_64-linux-gnu.tar.gz | tar xz
   $ sudo cp bitcoin-29.0/bin/bitcoin* /usr/bin
   $ rm -r bitcoin-29.0
 
 Starting a local Bitcoin node
 =============================
 
 Using package script
 --------------------
 
 Start the node service:
 
 .. code-block:: console
 
   $ sudo systemctl start depolymerizer-bitcoin-node
 
 Then check if the node is running:
 
 .. code-block:: console
 
   $ sudo -u depolymerizer-bitcoin-node bitcoin-cli -conf=/etc/bitcoind/bitcoin.conf getblockchaininfo
 
 Simple setup
 ------------
 
 You need to edit bitcoind default configuration:
 
 .. code-block:: ini
   :caption: $HOME/.bitcoin/bitcoin.conf
 
   txindex=1 # Enable full transaction indexes
   rpcservertimeout=0 # Disable RPC timeout
 
 Start the node daemon:
 
 .. code-block:: console
 
   $ bitcoind
 
 In another terminal check if the node is running:
 
 .. code-block:: console
 
   $ bitcoin-cli getblockchaininfo
 
 Configuration Fundamentals
 ==========================
 
 This chapter provides fundamental details about the adapter configuration.
 
 The configuration for all adapter components uses a single configuration file
 as entry point: ``/etc/depolymerizer-bitcoin/depolymerizer-bitcoin.conf``.
 
 System defaults are automatically loaded from files in
 ``/usr/share/depolymerizer-bitcoin/config.d``.
 These default files should never be modified.
 
 The default configuration ``depolymerizer-bitcoin.conf`` configuration file
 also includes all configuration files in ``/etc/depolymerizer-bitcoin/conf.d``.
 The settings from files in
 ``conf.d`` are only relevant to particular components of an adapter, while
 ``depolymerizer-bitcoin.conf`` contains settings that affect all adapter components.
 
 
 The directory ``/etc/depolymerizer-bitcoin/secrets`` contains configuration file snippets with
 values that should only be readable to certain users.  They are included with the ``@inline-secret@``
 directive and should end with ``.secret.conf``.
 
 To view the entire configuration annotated with the source of each configuration option, you
 can use the ``depolymerizer-bitcoin config`` helper:
 
 
 .. code-block:: shell-session
 
   # depolymerizer-bitcoin config dump --diagnostics
 
 .. include:: frags/configuration-format.rst
 
 Bitcoin Depolymerizer Setup
 ===========================
 
 Using package script
 --------------------
 
 Database setup
 ~~~~~~~~~~~~~~
 
 The configuration file must include a connection string that tells the depolymerizer how it should connect to the database. The default
 is:
 
 .. code-block:: ini
   :caption: /etc/depolymerizer-bitcoin/secrets/depolymerizer-bitcoin-db.secret.conf
 
   [depolymerizer-bitcoindb-postgres]
   config = postgres:///depolymerizer-bitcoin
 
 If the database is run on a different host, please follow the instructions
 from the PostgreSQL manual for configuring remote access.
 
 Assuming the configuration is correct, the following
 command initializes (or upgrades) the database schema using: 
 You can then use a script to automate a secure database setup:
 
 .. code-block:: console
 
   $ sudo depolymerizer-bitcoin-dbconfig
 
 Worker setup
 ~~~~~~~~~~~~
 
 You will need a bitcoin wallet to sync, you can either create:
 
 .. code-block:: console
 
   $ sudo -u depolymerizer-bitcoin-node bitcoin-cli -conf=/etc/bitcoind/bitcoin.conf createwallet $WALLET false false $PASSWORD
 
 Or use an existing one: 
 
 .. code-block:: console
 
   $ sudo -u depolymerizer-bitcoin-node bitcoin-cli -conf=/etc/bitcoind/bitcoin.conf loadwallet $WALLET
 
 You also need to choose an address from you wallet to use as it's unique Taler identifier. You can generate a new address using:
 
 .. code-block:: console
 
   $ sudo -u depolymerizer-bitcoin-node bitcoin-cli -conf=/etc/bitcoind/bitcoin.conf -rpcwallet=$WALLET getnewaddress
 
 Update the configuration files:
 
 .. code-block:: ini
   :caption: /etc/depolymerizer-bitcoin/depolymerizer-bitcoin.conf
 
   [depolymerizer-bitcoin]
   CURRENCY = BTC
   WALLET = $ADDRESS
   NAME = John Smith S.A.
 
 .. code-block:: ini
   :caption: /etc/depolymerizer-bitcoin/conf.d/depolymerizer-bitcoin-worker.conf
 
   [depolymerizer-bitcoin-worker]
   WALLET_NAME = $WALLET
 
 .. code-block:: ini
   :caption: /etc/depolymerizer-bitcoin/secrets/depolymerizer-bitcoin-worker.secret.conf
 
   [depolymerizer-bitcoin-worker]
   PASSWORD = $PASSWORD
 
 And finaly run the setup process: 
 
 .. code-block:: console
 
   $ sudo -u depolymerizer-bitcoin-worker depolymerizer-bitcoin setup
 
 Server setup
 ~~~~~~~~~~~~
 
 Update the configuration files:
 
 .. code-block:: ini
   :caption: /etc/depolymerizer-bitcoin/conf.d/depolymerizer-bitcoin-httpd.conf
 
   [depolymerizer-bitcoin-httpd-wire-gateway-api]
   ENABLED = YES
 
 .. code-block:: ini
   :caption: /etc/depolymerizer-bitcoin/secrets/depolymerizer-bitcoin-httpd.secret.conf
 
   [depolymerizer-bitcoin-httpd-wire-gateway-api]
   AUTH_METHOD = bearer
   TOKEN = $SECRET_TOKEN
 
 Check the server is correctly configured:
 
 .. code-block:: console
 
   $ sudo -u depolymerizer-bitcoin-httpd depolymerizer-bitcoin serve --check
   
 Simple setup
 ------------
 
 Database setup
 ~~~~~~~~~~~~~~
 
 The configuration file must include a connection string that tells the depolymerizer how it should connect to the database. The default
 is:
 
 .. code-block:: ini
   :caption: $CONFIG_FILE
 
   [depolymerizer-bitcoindb-postgres]
   config = postgres:///depolymerizer-bitcoin
 
 You must make sure that this database exists and is accessible to the user
 running the depolymerizer before continuing. If the database is run on a different host, please follow the instructions from the PostgreSQL manual for configuring remote access.
 
 Assuming that the configuration file exists at ``$CONFIG_FILE``, the following
 command initializes (or upgrades) the database schema:
 
 .. code-block:: console
 
   $ depolymerizer-bitcoin -c "$CONFIG_FILE" dbinit
 
 You will need a bitcoin wallet to sync, you can either create:
 
 .. code-block:: console
 
   $ bitcoin-cli createwallet $WALLET false false $PASSWORD
 
 Or use an existing one: 
 
 .. code-block:: console
 
   $ bitcoin-cli loadwallet $WALLET
 
 You also need to choose an address from you wallet to use as it's unique Taler identifier. You can generate a new address using:
 
 .. code-block:: console
 
   $ bitcoin-cli -rpcwallet=$WALLET getnewaddress
 
 Update the configuration files:
 
 .. code-block:: ini
   :caption: $CONFIG_FILE
 
   [depolymerizer-bitcoin]
   CURRENCY = BTC
   WALLET = $ADDRESS
   NAME = John Smith S.A.
 
   [depolymerizer-bitcoin-worker]
   WALLET_NAME = $WALLET
   PASSWORD = $PASSWORD
 
 And finaly run the setup process:
 
 .. code-block:: console
 
   $ depolymerizer-bitcoin -c "$CONFIG_FILE" setup
 
 Server setup
 ~~~~~~~~~~~~
 
 Update the configuration files:
 
 .. code-block:: ini
   :caption: $CONF_FILE
 
   [depolymerizer-bitcoin-httpd-wire-gateway-api]
   ENABLED = YES
   AUTH_METHOD = bearer
   TOKEN = $SECRET_TOKEN
 
 Check the server is correctly configured:
 
 .. code-block:: console
 
   $ depolymerizer-bitcoin -c "$CONF_FILE" serve --check
 
 Configuring bitcoind
 ====================
 
 Here are some bitcoind configuration you might want to change:
 
 .. code-block:: ini
   :caption: bitcoin.conf
   
   # bitcoin transactions fees can exceed taler wire fees, putting
   your wire in bankruptcy. You must specify an acceptable transaction fee cap.
   maxtxfee=?
 
 Configuring Bitcoin Depolymerizer
 =================================
 
 Here are some bitcoind configuration you might want to change:
 
 .. code-block:: ini
 
   [depolymerizer-bitcoin]
   # Number of blocks to consider a transactions durable
   # The default is the recommended value
   # Lowering it make the confirmation process faster (more user friendly)
   # But it make the depolymerizer more sensible to adversarial reorg
   CONFIRMATION = 6
 
   # Amount to keep when bouncing malformed credit
   # Default is 0 as the mining fee is always paid by the creditor
   BOUNCE_FEE   = 0.00001
 
 Process lifetime
 ----------------
 
 You may want to restart depolymerization processes regularly to improve
 stability (ex. fix memory fragmentation). It is possible to configure a lifetime
 that triggers a graceful shutdown every time a specific amount of work has been
 done.
 
 .. code-block:: ini
 
   [depolymerizer-bitcoin-worker]
   # Number of worker's loops before worker shutdown (0 means never)
   LIFETIME = 0
 
   [depolymerizer-bitcoin-httpd]
   # Number of requests to serve before server shutdown (0 means never)
   LIFETIME = 0
 
 Stuck transaction
 -----------------
 
 When we send a transaction with a fee too small, it may not be confirmed in a
 timely fashion. To unstuck those transactions, it is possible to replace them
 with other transactions with more fees. Depolymerizer can be configured to do
 this automatically:
 
 .. code-block:: ini
 
   [depolymerizer-bitcoin-worker]
   # Delay in seconds before bumping an unconfirmed transaction fee (0 means never)
   BUMP_DELAY = 0
 
 Deployment
 ==========
 
 This chapter describes how to deploy the depolymerizer once the basic installation
 and configuration are completed.
 
 Serving
 -------
 
 The depolymerizer can serve HTTP over both TCP and UNIX domain socket.
 
 The following options are to be configured in the section ``[depolymerizer-bitcoin-httpd]``:
 
 -  ``SERVE``: Must be set to ``tcp`` to serve HTTP over TCP, or ``unix`` to serve
    HTTP over a UNIX domain socket.
 
 -  ``PORT``: Set to the TCP port to listen on if ``SERVE`` is ``tcp``.
 
 -  ``UNIXPATH``: Set to the UNIX domain socket path to listen on if ``SERVE`` is
    ``unix``.
 
 - ``UNIXPATH_MODE``: Number giving the mode with the access permission mask
    for the ``UNIXPATH`` (i.e. 660 = ``rw-rw---``). Make sure to set it in such
    a way that your depolymerizer has permissions to access the UNIX domain
    socket.  The default (660) assumes that the reverse proxy is a member of
    the group under which the depolymerizer HTTP server is running.
 
 Reverse Proxy Setup
 -------------------
 
 By default, the ``depolymerizer-bitcoin-httpd`` service listens for HTTP connections
 on a UNIX domain socket.  To make the service publicly available, a reverse
 proxy such as nginx should be used.  We strongly recommend to configure nginx
 to use TLS.
 
 The ``depolymerizer-bitcoin-bank`` package ships with a sample configuration that can be
 enabled in nginx:
 
 .. code-block:: shell-session
 
   # vim /etc/nginx/sites-available/depolymerizer-bitcoin
   < ... customize configuration ... >
   # ln -s /etc/nginx/sites-available/depolymerizer-bitcoin /etc/nginx/sites-enabled/depolymerizer-bitcoin
   # systemctl reload nginx
 
 With this last step, we are finally ready to launch the
 main depolymerizer process.
 
 Launching the depolymerizer
 ---------------------------
 
 .. code-block:: console
 
   $ sudo systemctl start depolymerizer-bitcoin.target