Here are the steps we took to set up a Samourai Dojo on the most minimal hardware we could find.
Is it a good idea?
Probably not! Raspberry Pi is intentionally low-end hardware and this project was designed to look at putting Samourai Dojo onto exactly that. There are a few work-arounds to make this work, but is interesting as an experiment on minimal hardware. Having said that, it does work. With this configuration, the full blockchain sync took about 2 weeks and 2 days to complete. It would probably be possible to do a sync on a more powerful computer and copy it manually to the Pi, but we were interested to see what the Pi could accomplish on its own.
Hardware we used:
- Raspberry Pi 4 Model B 4GB RAM
- SanDisk Ultra 64GB MicroSD card
- Seagate 1TB Expansion+ USB drive (SSD would be better for performance)
Software we used:
- Raspbian Buster
- balenaEtcher (or equivalent SD card writer)
- Samourai Dojo (plus pre-requisites — see below)
Notes on older Raspberry Pi models:
Samourai Dojo minimum requirement is 4GB RAM. Despite this we did try the setup with a Raspberry Pi 3B+ but due to its 1GB RAM the initial block sync kept failing at around 100k height. We messed around with mempool and db size settings but still couldn’t get around it. It may be possible that copying the initial blockchain sync data manually to the drive for an older spec Raspberry Pi would work but this is not a scenario we’ve tested.. yet.
Approach:
Our approach was to do a completely headless setup of the Raspberry Pi, so no monitor or keyboard are used. We configure the Pi Micro SD card and boot it up to automatically connect to a WiFi network, then connect with ssh from a laptop to complete the configuration of the device.
The steps we used were:
A) MicroSD card config
B) Configure Raspberry Pi
C) Set up pre-requisite software
D) Secure Raspberry Pi
E) Install Dojo
F) Sync Bitcoin blockchain
G) Pair with Samourai Wallet
H) Sit back and enjoy contributing to the bitcoin community whilst gaining increased privacy for your bitcoin transactions
A) MicroSD Card config
1. Download the Rasbian Buster with desktop or lite image from raspberrypi.org
2. Use balenaEtcher (balena.io/etcher/) to flash the MicroSD card with Raspian Buster
3. Add an ssh file to boot folder on MicroSD card
(this is just an empty file with no file extension created using a text editor on whatever computer you’re using to prepare the MicroSD card). This will enable ssh connectivity — note, if you’re using a keyboard & monitor attached to your Pi, you won’t necessarily need this.
4. Add a wpa_supplicant.conf file to the boot folder on MicroSD card
Create a new file called wpa_supplicant.conf using a text editor on whatever computer you’re using to prepare the MicroSD card). The file needs to have the following information in it:
country=US
ctrl_interface=/var/run/wpa_supplicant GROUP=netdev
update_config=1
network={
ssid=”yourWIFIname”
psk=”yourWIFIpassword”
}’’’
(note: change the values for the ISO 2 letter country code, your wifi name and password). If you have a less friendly WiFi, you might need to search for other wpa_supplicant.conf configurations or you can skip this and use an ethernet cable instead
B) Configure Raspberry Pi
5. SSH to the Raspberry Pi from your laptop
If you’re using Linux, you’ll know how to do this. From Mac, use the terminal app, from Windows use the PowerShell app. Type ssh pi@x.x.x.x (where x.x.x.x is your Pi’s IP address). Most people can probably just guess what IP address their Pi was assigned by their router, otherwise search online for ‘map my home network’ to find methods or tools suited to your scenario).
6. Then, log on with the default password for pi, which is raspberry
7. Change the password
passwd
8. Change the password for root also
sudo passwd root
9. Create a bitcoin user
sudo adduser bitcoin
Assign strong passwords and make a note of them.
10. Update the Raspberry Pi software
sudo apt update
sudo apt -y upgrade
11. IMPORTANT: SD cards don’t handle swap files well and may be damaged as a result, so turn it off. To avoid damage to the MicroSD card, disable swap file usage entirely. (If you still want to enable swap file use for your HDD, search online for how to do this, but we don’t need it for this project).
sudo swapoff --all
12. Display the disk information
sudo lsblk -o NAME,MODEL
The output will look something like:
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 931.5G 0 disk
mmcblk0 179:0 0 59.5G 0 disk
├─mmcblk0p1 179:1 0 256M 0 part /boot
└─mmcblk0p2 179:2 0 59.2G 0 part /
sda is the usb disk
mmcblk0 is the MicroSD card with its two partitions.
13. Format the disk and give it a label (**note, all data on the disk will be deleted**)
sudo mkfs.ext4 /dev/sda -L BLOCK-STORAGE
14. Open a text editor and copy/paste the following
UUID=XXXX /mnt/hdd ext4 defaults 0 0
15. Get the UUID of the disk
sudo blkid | grep /dev/sda
Then copy the UUID for the disk. Replace the XXXX portion in the text editor with the entire UUID (without any quote marks)
16. Create a mount point to the disk
sudo mkdir /mnt/hdd
17. Edit the File Systems Table
sudo nano /etc/fstab
18. Add the line, that you constructed in your text editor, to the fstab file. It will look similar to this:
proc /proc proc defaults 0 0
PARTUUID=7478ce0d-01 /boot vfat defaults 0 2
PARTUUID=7478ce0d-02 / ext4 defaults,noatime 0 1
UUID=8ba37f42–5e81–420f-8dbe-426fa231a681 /mnt/hdd ext4 defaults 0 0
# a swapfile is not a swap partition, no line here
# use dphys-swapfile swap[on|off] for that
Ctrl-X, y and Enter to save the file.
19. Mount all disks
sudo mount -a
19. Verify that the disk has been mounted
ls -hal /mnt/hdd
The output will look similar to this:
total 340K
drwxr-xr-x 3 root root 4.0K Jul 30 17:33 .
drwxr-xr-x 3 root root 4.0K Jul 30 16:23 ..
drwx — — — 2 root root 16K Jul 30 16:23 lost+found
20. Grant rights to the drive to root and bitcoin
sudo chown -R root:root /mnt/hdd
sudo chown -R bitcoin:bitcoin /mnt/hdd
C) Set up pre-requisite software
21. Install Docker
curl -fSLs https://get.docker.com | sudo sh
(Note: this Docker install method worked fine for our installs, if it does fail, see appendix for an alternative approach that may help…)
22. Grant your user account rights to run Docker
sudo usermod pi -aG docker
23. Test the Docker installation
docker run hello-world
If Docker is installed correctly, the output should be similar to:
Hello from Docker!
This message shows that your installation appears to be working correctly.(…along with some further details about Docker actions)
24. Create a file structure for the docker storage area on the external Hard Drive
sudo mkdir /mnt/hdd/docker-data
25. Edit the docker config file
sudo nano /etc/docker/daemon.json
Add the following to the file:
{
“data-root”: “/mnt/hdd/docker-data”
}
Then Ctrl-X, y & Enter to save the file.
26. Stop the Docker service
sudo systemctl stop docker
You can check that Docker has stopped using
ps aux | grep -i docker | grep -v grep
27. Copy the Docker data to the new location
sudo rsync -axPS /var/lib/docker/ /mnt/hdd/docker-data
28. Start the Docker service
sudo systemctl start docker
29. Confirm Docker is using the new location to store data
docker info | grep 'Docker Root Dir'
The output should include:
Docker Root Dir: /mnt/hdd/docker-data
You can check what Docker is running using
docker ps
30. Check pre-requisites are installed
sudo apt-get install libffi-dev
sudo apt-get install libcurl4-openssl-dev
sudo pip install --upgrade pip
31. Add Tor source to sources.list
sudo nano /etc/apt/sources.list
Add these lines to the file
deb http://deb.torproject.org/torproject.org buster main
deb-src http://deb.torproject.org/torproject.org buster main
Ctrl-X, y & Enter to save the file
32. Install dirmngr
sudo apt install dirmngr
33. Get the key for Tor
curl https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --import
(Note: this command is all one line). Output will confirm 1 key has been imported
34. Add the key
gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
‘OK’ output will confirm the key has been added.
35. Install Tor
sudo apt update
sudo apt install tor tor-arm
36. Install Docker Compose
sudo pip install docker-compose
37. Test Docker Compose is installed correctly
docker-compose --version
Your output should be similar to
Docker version 19.03.1, build 74b1e89
Note: if there are any errors installing Docker Compose, try the following method to rectify it:
sudo pip uninstall docker docker-compose
sudo apt-get update
sudo apt-get upgrade
sudo apt-get install docker docker-compose
38. Download mysql docker image
docker pull hypriot/rpi-mysql
Docker will pull the mysql image from https://hub.docker.com/r/hypriot/rpi-mysql. Note, if you prefer to compile your own mysql image or use an alternative, you can substitute it here.
39. Configure mysql
docker run --name pi-mysql -e MYSQL_ROOT_PASSWORD=<mysqlrootpassword> -d hypriot/rpi-mysql
Note: substitute <mysqlrootpassword> with a password of your choice and make a note of this password.
D) Secure Raspberry Pi
Note: this is basic security configuration and you should do your own research to determine the right security for your scenario.
40. Install Firewall
sudo apt install ufw
sudo ufw limit ssh
sudo ufw allow from 192.168.1.0/24 to any port 22
sudo ufw allow 8333 comment "Bitcoin mainnet"
sudo ufw status verbose
Note: update 192.168.1.0 with your IP address range
Install Fail2Ban
sudo apt install fail2ban
sudo fail2ban-client status
Output should look similar to
Status
|- Number of jail: 1
`- Jail list: sshd
E) Install Dojo
41. Download and unzip Samourai Dojo
cd /mnt/hdd
sudo wget https://github.com/Samourai-Wallet/samourai-dojo/archive/master.zip
sudo unzip master.zip
sudo mv samourai-dojo-master dojo_dir
42. Edit the bitcoind configuration file
cd dojo_dir/docker/my-dojo/conf
sudo nano docker-bitcoind.conf
Change the passwords of BITCOIND_RPC_USER and BITCOIND_RPC_PASSWORD, making a note of these.
Ctrl-X, y & Enter to save the file.
43. Edit the docker-mysql file passwords
sudo nano docker-mysql.conf
Change the passwords of MYSQL_ROOT_PASSWORD, MYSQL_USER and MYSQL_PASSWORD, making a note of these.
Ctrl-X, y & Enter to save the file.
44. Edit the docker-node.conf file
sudo nano docker-node.conf
Add your own values for NODE_API_KEY, NODE_ADMIN_KEY and NODE_JWT_SECRET, making a note of these.
Ctrl-X, y & Enter to save the file.
45. Configure Docker mysql settings
sudo nano /mnt/hdd/dojo_dir/docker/my-dojo/mysql/Dockerfile
Change the mysql:5.7.5 to hypriot/rpi-mysql
Ctrl-X, y & Enter to save the file.
46. Change source to suit the Arm Architecture of the Raspberry Pi
sudo nano /mnt/hdd/dojo_dir/docker/my-dojo/bitcoin/Dockerfile
First, change the ENV BITCOIN_URL source file to
https://bitcoincore.org/bin/bitcoin-core-0.18.0/bitcoin-0.18.0-arm-linux-gnueabihf.tar.gz
Then, in the ‘Build and install bitcoin’ binaries section of the file, comment out the 4 SHA check lines as shown below:
# Build and install bitcoin binaries
RUN set -ex && \
cd /tmp && \
wget -qO bitcoin.tar.gz “$BITCOIN_URL” && \
# echo “$BITCOIN_SHA256 bitcoin.tar.gz” | sha256sum -c — && \
# gpg — batch — keyserver keyserver.ubuntu.com — recv-keys “$BITCOIN_PGP_KEY” && \
# wget -qO bitcoin.asc “$BITCOIN_ASC_URL” && \
# gpg — batch — verify bitcoin.asc && \
tar -xzvf bitcoin.tar.gz -C /usr/local — strip-components=1 — exclude=*-qt && \
rm -rf /tmp/*
Ctrl-X, y & Enter to save the file.
Note: This bypasses the SHA validation, so should be considered experimental!
47. Run the Samourai Dojo installation & initial blockchain sync
cd ..
./dojo.sh install
F) Sync Bitcoin blockchain
**Now you’re going to wait patiently while your Raspberry Pi syncs the blockchain. Depending on all the usual factors, this may take weeks or months…**
Once the initial sync is complete, your Samourai Dojo will be verifying transactions for the blockchain. Refer to https://github.com/Samourai-Wallet/samourai-dojo/blob/master/doc/DOCKER_setup.md for Dojo tools and commands.
G) Pair with Samourai Wallet
48. Get your onion address
./dojo.sh onion
Run this from the /mnt/hdd/dojo_dir/docker/my-dojo directory
The output will be something similar to
API Hidden Service address (v3) = h6ttgf6sk7bknq12pe733vhfyrjvh2z4pspry1j1jhfgdjdja4efyemz.onion
API Hidden Service address (v2) = plqrrrnbgfteidga.onion
Copy the value for the v3 address, then type or paste that value into a Tor browser running on another computer.
e.g. h6ttgf6sk7bknq12pe733vhfyrjvh2z4pspry1j1jhfgdjdja4efyemz.onion
Status of the Samourai Dojo will be displayed.
Add /admin to the end of the address,
e.g. h6ttgf6sk7bknq12pe733vhfyrjvh2z4pspry1j1jhfgdjdja4efyemz.onion/admin
Then enter the value of the NODE_ADMIN_KEY that you created previously.
A unique pairing QR code will be presented
Open your Samourai Wallet, click the scan code icon and scan the QR code to pair your wallet with your Dojo.
H) Sit back and enjoy contributing to the bitcoin community whilst gaining increased privacy for your bitcoin transactions
Hopefully the above is interesting and/or helpful to some of you with your experiments. You are welcome to use any of the above freely. If you insist on sending thanks in BTC, we won’t argue with you, but we’re not interested in any other coins :) 3BQyGbBAvqkfKsC7dDgToXBJjihC3YCpUD
Please also check out and recognise the people below whose prior work has contributed to this overview…
Notes
1. Keeping the initial sync running without having to keep the console connected
There are many solutions. We used tmux to do this.
Install tmux:
sudo apt install tmux
Basic commands:
Enter tmux
tmux
Run your regular commands (e.g. ./dojo.sh install)
Detach from tmux session
Ctrl+b
:detach
Enter
List sessions
tmux list-sessions
Reattach to tmux window (from terminal, not within tmux)
tmux attach-session -t 0
2. Temperature
Keep an eye on the temperature of your Raspberry Pi. Whilst it is designed to operate without heatsink or fan, higher temperatures may mean that your Pi slows down. During the initial sync, your Pi is getting a good workout, so you may want to look at cooling options. We literally put ours in the fridge for a few weeks and it really helped to keep the temperature between 113°F/45°C and around 149°/65°C. It’s hard to say how much it helped, but we definitely saw a noticeable difference.
You can check temperature with
/opt/vc/bin/vcgencmd measure_temp
Credits:
Lots of guidance and inspiration drawn from these guys:
Damian Mee’s excellent Bitcoin Full-Node on RPI3 article https://medium.com/@meeDamian/bitcoin-full-node-on-rbp3-revised-88bb7c8ef1d1
Alex Ellis’ How to Fix Docker for Raspbian Buster article https://blog.alexellis.io/how-to-fix-docker-for-raspbian-buster
Adriel’s guide to changing the Docker storage location https://blog.adriel.co.nz/2018/01/25/change-docker-data-directory-in-debian-jessie/
Samourai Dojo install guide https://github.com/Samourai-Wallet/samourai-dojo/blob/master/doc/DOCKER_setup.md
Docker & Docker Compose install guides https://docs.docker.com/compose/install/
Plus many, many Google & Github threads..
Disclaimer:
Please note that we are sharing this information in case it is helpful or interesting. No responsibility is taken for accuracy of the above relating to your specific scenarios, but simple Google searches and reading other people’s experiences will often help you resolve any issues along the way. We are not providing support or any guarantees for this process or any of the software listed above. You are very welcome to use this method and critique it, improve upon it and/or create better alternatives.
Appendix
Only relevant if you got an error in step 21, Docker installation…
(…this Docker install method should work fine for RPI4, but will likely fail for older Raspberry Pi versions or OS. If it does fail, then try running the following:)
sudo dpkg -i containerd.io_1.2.6–3_armhf.deb
sudo dpkg -i docker-ce-cli_18.09.7~3–0~debian-stretch_armhf.deb
sudo dpkg -i docker-ce_18.09.7~3–0~debian-stretch_armhf.deb
*Note: if any issues with any of the packages installing, retry, or reboot and retry until all install successfully.) The specific links above are valid August 2019, but subsequently may be updated and/or disappear. Just break down the URL and go looking for the later versions to create your own WGET urls.
This method is based on https://blog.alexellis.io/how-to-fix-docker-for-raspbian-buster/