The perfect Bitcoin ⚡️Lightning️⚡ node

  • price comparable to Raspberry Pi
  • more powerful (8 core CPU, 2 GB RAM, Gigabit Ethernet)
  • internal housing of harddisk, direct connection using SATA3
  • only one power adapter for everything
Performance of Odroid HC2 is identical to XU4 (which is more of a media pc)

Purpose

Target audience

1) Hardware Requirements

  • Micro SD card: 8 GB or more, incl. adapter to your regular computer
  • Internal hard disk: 500 GB or more, SATA, 3.5" hdd, or 2.5" hdd/ssd
  • Network RJ45 cable

Considerations for Bitcoin mainnet

  • connect your internal hard disk directly to your computer,
  • transfer the blockchain over the network
  • use an additional external hard disk to transfer the data via USB.

Assemble the hardware

2) Write down your passwords

3) Installing the operating system

4) Connecting to the network

5) Working on your Thundroid

The command prompt

# this is a comment, just for information$ command            This is a command to enter (without the $) 
and confirm with the enter key
No prefix This is either an output of the command above
or something you can copy/paste into a file

Basic configuration

  • user: root
  • password: odroid
# change root password to [password A]
$ passwd
# update the operating system
$ apt update
$ apt upgrade
$ apt dist-upgrade
$ apt install linux-image-xu3
# answer [y], then [no] (do not abort)
# install some additional software
$ apt install htop git curl bash-completion jq
# set time zone & localization
$ dpkg-reconfigure tzdata
$ dpkg-reconfigure locales
# change hostname (replace "odroid" with "thundroid" :)
$ nano /etc/hostname
$ nano /etc/hosts
# disable Swap file (this would degrade the MicroSD card)
$ swapoff --all
# create user "admin" and change password to [password A]
$ useradd -m admin
$ adduser admin sudo
$ passwd admin
# create user "bitcoin" and change password to [password C]
$ useradd -m bitcoin
$ passwd bitcoin

Mounting the hard disk

# get NAME for hard disk
$ lsblk -o UUID,NAME,FSTYPE,SIZE,LABEL,MODEL
# format hard disk (use [NAME] from above, e.g /dev/sda1)
$ mkfs.ext4 /dev/[NAME]
# get UUID for hard disk, copy into notepad
$ lsblk -o UUID,NAME,FSTYPE,SIZE,LABEL,MODEL
# edit fstab and enter new line (replace UUID) at the end
$ nano /etc/fstab
UUID=123456 /mnt/hdd ext4 noexec,defaults 0 0
# create mount point, mount, check and set owner
$ mkdir /mnt/hdd
$ mount -a
$ df /mnt/hdd
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/sda1 961300808 600388836 312057600 66% /mnt/hdd
$ chown bitcoin:bitcoin /mnt/hdd/# make sure user "admin" uses bash as standard shell
$ sudo chsh admin -s /bin/bash
# restart
$ shutdown -r now

6) Hardening your Thundroid

fail2ban

$ sudo apt install fail2ban

UFW: Uncomplicated Firewall

# change session to "root"
$ sudo su
$ apt install ufw
$ ufw default deny incoming
$ ufw default allow outgoing
$ ufw allow from 192.168.0.0/24 to any port 22 comment 'allow SSH from local LAN'
$ ufw allow 9735 comment 'allow Lightning'
$ ufw deny 8333 comment 'deny Bitcoin mainnet'
$ ufw allow 18333 comment 'allow Bitcoin testnet'
$ ufw enable
$ systemctl enable ufw
$ ufw status
# exit "root" session back to "admin"
$ exit

SSH Keys

$ sudo nano /etc/ssh/sshd_config
# change ChallengeResponseAuthentication and PasswordAuthentication
# to "no" (uncomment if necessary), save and exit

# copy the SSH public key for user "root", just in case
$ sudo mkdir /root/.ssh
$ sudo cp /home/admin/.ssh/authorized_keys /root/.ssh/
$ sudo chown -R root:root /root/.ssh/
$ sudo chmod -R 700 /root/.ssh/
$ sudo systemctl restart sshd.service

Optional: add Tor connectivity

# add the following lines to the file sources.list
$ sudo nano /etc/apt/sources.list
deb http://deb.torproject.org/torproject.org xenial main
deb-src http://deb.torproject.org/torproject.org xenial main
# add the Tor signing key
$ gpg --keyserver keys.gnupg.net --recv 886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
$ sudo apt install tor# configure Tor
$ sudo nano /etc/tor/torrc
$ sudo service tor@default restart
$ sudo usermod -a -G debian-tor admin
$ sudo usermod -a -G debian-tor bitcoin

6½) Prettify your Thundroid

Bash completion

$ mkdir /home/admin/download
$ cd /home/admin/download
$ wget https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/bitcoin-cli.bash-completion
$ wget https://raw.githubusercontent.com/ACINQ/eclair/master/contrib/eclair-cli.bash-completion
$ wget https://raw.githubusercontent.com/lightningnetwork/lnd/master/contrib/lncli.bash-completion
$ wget https://raw.githubusercontent.com/ElementsProject/lightning/master/contrib/lightning-cli.bash-completion
$ sudo cp *.bash-completion /etc/bash_completion.d/

Pimp the command line prompt

I use the red prompt for user “admin”, and the yellow prompt for “bitcoin”.
# edit .bashrc with user "admin", use options from below.

$ nano /home/admin/.bashrc
$ sudo nano /home/bitcoin/.bashrc
# reload .bashrc (or just wait until next login)
$ source /home/admin/.bashrc
It’s safest to comment # the original line and add the new color prompt below

7) Bitcoin Core

$ mkdir /home/admin/download
$ cd /home/admin/download
# download the latest Bitcoin Core ARM binaries (check https://bitcoin.org/en/download)
$ wget https://bitcoin.org/bin/bitcoin-core-0.16.0/bitcoin-0.16.0-arm-linux-gnueabihf.tar.gz
$ wget https://bitcoin.org/bin/bitcoin-core-0.16.0/SHA256SUMS.asc
$ wget https://bitcoin.org/laanwj-releases.asc
# check that the reference checksum matches the real checksum
# output: "bitcoin-0.16.0-arm-linux-gnueabihf.tar.gz: OK"
$ sha256sum --check SHA256SUMS.asc --ignore-missing
# manually check the fingerprint of the public key:
# 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
$ gpg --with-fingerprint ./laanwj-releases.asc
# import the public key and verify the signed checksum file
# output: "Good signature from Wladimir ..."
# check the fingerprint again in case of malicious keys
# 01EA 5486 DE18 A882 D4C2 6845 90C8 019E 36C2 E964
$ gpg --import ./laanwj-releases.asc
$ gpg --verify SHA256SUMS.asc
# extract, install and check active version
$ tar -xvf bitcoin-0.16.0-arm-linux-gnueabihf.tar.gz
$ sudo install -m 0755 -o root -g root -t /usr/local/bin bitcoin-0.16.0/bin/*
$ bitcoind --version
Bitcoin Core Daemon version v0.16.0
# configuration
$ sudo su bitcoin
$ mkdir /mnt/hdd/bitcoin_testnet
$ ln -s /mnt/hdd/bitcoin_testnet /home/bitcoin/.bitcoin
# copy/paste the following Bitcoin configuration file
# (replace PASSWORD_[E] with your password)
$ nano /home/bitcoin/.bitcoin/bitcoin.conf
# back to user "admin"
$ exit
# copy/paste the following systemd unit file
$ sudo nano /etc/systemd/system/bitcoind.service
# Enable the unit file and start it manually
$ sudo systemctl enable bitcoind
$ sudo systemctl start bitcoind
$ systemctl status bitcoind
# check bitcoind operations (exit with Ctrl-C)
$ sudo tail -f /home/bitcoin/.bitcoin/testnet3/debug.log
# check bitcoin blockchain verification progress
$ sudo su bitcoin
$ bitcoin-cli getblockchaininfo
# check public visibility
$ curl -sL https://bitnodes.earn.com/api/v1/nodes/me-18333/ | jq
{
"success": true
}
$ sudo cat /home/bitcoin/.bitcoin/testnet3/debug.log | grep tor:
2018-02-25 13:50:23 tor: Thread interrupt
2018-02-25 13:51:19 tor: Got service ID tysrolynofiqkigu, advertising service tysrolynofiqkigu.onion:28333

8) Lightning Network

Public IP script

# create script getpublicip.sh (paste the following gist)
$ sudo nano /usr/local/bin/getpublicip.sh
# make it executable
$ sudo chmod +x /usr/local/bin/getpublicip.sh
# paste systemd unit [getpublicip.service], save and exit
$ sudo nano /etc/systemd/system/getpublicip.service
# enable systemd startup 
$ sudo systemctl enable getpublicip
$ sudo systemctl start getpublicip
$ sudo systemctl status getpublicip
# check if data file has been created
$ cat /run/publicip
PUBLICIP=91.190.22.151

Lightning: LND

# install Go
# (if you have an older version of Go installed, make sure
# to delete it first: $ sudo rm -rf /usr/local/go/ )
$ cd /home/admin/download
$ wget https://dl.google.com/go/go1.10.linux-armv6l.tar.gz
$ sudo tar -C /usr/local -xzf go1.10.linux-armv6l.tar.gz
# insert both export statements at the end of .bashrc
$ nano /home/admin/.bashrc
export GOPATH=/home/admin/go
export PATH=$PATH:/usr/local/go/bin:$GOPATH/bin
$ source /home/admin/.bashrc
$ go get -u github.com/Masterminds/glide
# the next command is one line
$ git clone https://github.com/lightningnetwork/lnd $GOPATH/src/github.com/lightningnetwork/lnd
# build and install
$ cd $GOPATH/src/github.com/lightningnetwork/lnd
$ git pull && glide install
$ go install . ./cmd/...
$ cd $GOPATH/bin
$ sudo cp lnd lncli /usr/local/bin/
# session with user "bitcoin"
$ sudo su bitcoin
$ mkdir /mnt/hdd/lnd_testnet
$ ln -s /mnt/hdd/lnd_testnet /home/bitcoin/.lnd
# create LND configuration and paste the following content
# (change the alias to your battle name)
$ nano /home/bitcoin/.lnd/lnd.conf
# exit user session back to user "admin"
$ exit
# create LND systemd unit and paste the following content
$ sudo nano /etc/systemd/system/lnd.service
# enable and start LND
$ sudo systemctl enable lnd
$ sudo systemctl start lnd
$ systemctl status lnd
● lnd.service - LND Lightning Daemon
Loaded: loaded (/etc/systemd/system/lnd.service; ........)
Active: active (running) ......
Main PID: 9064 (lnd)
CGroup: /system.slice/lnd.service
└─9064 /usr/local/bin/lnd --externalip=91.190.22.151
# follow the LND logfile (exit with Ctrl-C)
$ sudo journalctl -f -u lnd
$ sudo su bitcoin# first time starting LND
$ lncli create
# after that, every time starting LND
$ lncli unlock
# get some information & a bitcoin deposit address
$ lncli newaddress np2wkh
{
"address": "2N5TDE1KBP3k8oQ9i3yCRahUJ7y6bUHNeid"
}
$ lncli walletbalance
$ lncli listchannels
$ lncli sendpayment --pay_req=lntb32u1pdg7p...y0gtw6qtq0gcpk50kww

Web interface

Various

Add system overview

# as user "admin"
$ cd /home/admin/download/
$ wget https://gist.githubusercontent.com/Stadicus/ffbbd855d23cd068f7b739cae6440f4b/raw/ab2c97bd554c003b88f5e9a8793a047805d5e4b0/20-thundroid-welcome
# check script & exit
$ nano 20-thundroid-welcome
# delete existing welcome scripts and install
$ sudo rm /etc/update-motd.d/*
$ sudo cp 20-thundroid-welcome /etc/update-motd.d/
$ sudo chmod +x /etc/update-motd.d/20-thundroid-welcome
$ sudo ln -s /etc/update-motd.d/20-thundroid-welcome /usr/local/bin/thundroid

Add safe shutdown script

# as user "admin"
$ cd /home/admin/download
# download and check the script (it should look like listed below)
$ wget https://dn.odroid.com/5422/script/odroid.shutdown
$ cat odroid.shutdown
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/bin/bash
exec </dev/null </dev/null 2>/dev/null
export LANG=C LC_ALL=C
# In all cases, we want the media to be in quiescent, clean state.
sync
[ -x /sbin/mdadm ] && /sbin/mdadm --wait-clean --scan
# Function used to park all SATA disks.
function ParkDisks() {
if [ -x /sbin/hdparm ]; then
Wait=0
for Dev in /sys/block/sd* ; do
[ -e $Dev ] && /sbin/hdparm -y /dev/${Dev##*/} && Wait=2
sleep $Wait
echo 1 > /sys/class/block/${Dev##*/}/device/delete
done
sleep $Wait
fi
}
case "$1" in
# reboot|kexec)
# Do not park disks when rebooting or switching kernels.
# ;;
*)
ParkDisks
;;
esac
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
$ sudo install -o root -g root -m 0755 ./odroid.shutdown /lib/systemd/system-shutdown/odroid.shutdown

Closing comments

--

--

--

Co-founder of Shift Crypto, makers of BitBox hardware wallets. @Stadicus3000 on Twitter.

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

The Four Stages of a Trader

Using an In-Browser Ethereum Wallet? Here’s Some Things You Should Know

Zam.io — Telegram AMA — October 10

Welcome the Spring Bonus

Good evening my treasure people here!

Binance Shown the Door Again with Malaysia Ban

Introduce new HAKKA Mining Pool on BSC

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Stadicus

Stadicus

Co-founder of Shift Crypto, makers of BitBox hardware wallets. @Stadicus3000 on Twitter.

More from Medium

How To Send Bitcoin?

How to Send Bitcoin (https://btcath.com/)

Avoid These Common Crypto Scams

Holding a wallet with no money in it.

2spice (something spicy)

The Potential for Real Passive Income