Ansible role to install the Bitcoin Core client as a systemd
service. By default,
it uses sane defaults and some hardening measures for the Systemd service.
- Sets up user, if not single user system
- Downloads bitcoin core and verifies signatures
- Installs all shipped binaries to
/usr/local/bin
(i.e.bitcoin-cli
,bitcoind
, ...) - Sets up a systemd service with configuration at
/etc/bitcoind/<network>/bitcoind.conf
- Links
/home/<user>/.bitcoin
to/etc/bitcoind/<network>
This role requires a user with sudo
permissions to work properly.
List of officially supported operating systems:
ID | Name | Status |
---|---|---|
ubuntu2004 |
Ubuntu 20.04 | ✅ |
ubuntu2204 |
Ubuntu 22.04 | ✅ |
Create a playbook like this one:
- hosts: bitcoind
roles:
- role: mvrahden.bitcoind
become: yes
Note that you can use become
at a global level instead at the role level.
If you want to install the Bitcoin node into a Raspberry Pi, just change the architecture:
- hosts: bitcoind
become: yes
vars:
bitcoind_arch: aarch64-linux-gnu
roles:
- role: mvrahden.bitcoind
You can execute tests using molecule
. Install the requirements.txt
file depending on if you want
to execute tests through Docker or with a VM managed by Vagrant.
molecule test
If you want to run a test through a specific operating system you can update the MOLECULE_DISTRO
variable using
the operating system ID mentioned in the requirements table.
You can change some variables to install this role to fit your needs. The default values to install the Bitcoin node are the following ones:
Name | Value |
---|---|
bitcoind_user |
bitcoin |
bitcoind_group |
bitcoin |
bitcoind_version |
28.0 |
bitcoind_arch |
x86_64-linux-gnu |
If you want to install Bitcoin into a Raspberry you need to change the architecture to
aarch64-linux-gnu
.
To configure the Bitcoin node, you can use the following variables:
Use rpcauth.yp to generate
rpcauth
credentials.
Name | Value | Note |
---|---|---|
bitcoind_data_dir |
/data/bitcoin |
|
bitcoind_network |
main |
Valid values are: regtest , signet and test |
bitcoind_rpc_auth |
bitcoin:2e00... |
Prevent your password from being stored as cleartext |
bitcoind_rpc_user |
bitcoin |
If possible use btc_rpc_auth instead |
bitcoind_rpc_password |
bitcoin |
If possible use btc_rpc_auth instead |
bitcoind_zmq_host |
127.0.0.1 |
|
bitcoind_bind |
127.0.0.1 |
|
bitcoind_rpc_bind |
127.0.0.1 |
This is where to expose the RPC server |
bitcoind_rpc_allow_ips |
[127.0.0.1] |
This can be an IP or a range like 10.0.0.0/24 |
bitcoind_use_onion |
False |
This enables onion support |
bitcoind_onion_proxy |
127.0.0.1:9050 |
|
bitcoind_onion_nodes |
['tsr2f2....onion:8333'] |
By default, this installer uses gpg
to verify the integrity and signature of the downloaded artifacts. This
behaviour is controlled by the bitcoind_pgp_builders_pub_key
field. The content of this structure and default values
are the following:
Name | ID |
---|---|
laanwj |
71A3B16735405025D447E8F274810B012346C9A6 |
fanquake |
E777299FC265DD04793070EB944D35F9AC3DB76A |
If you only want to verify with one user, you should use something like this:
bitcoind_pgp_builders_pub_key:
- id: 71A3B16735405025D447E8F274810B012346C9A6
name: laanwj
I use the Guix attestations to verify the release. The data can be found on the Bitcoin Github official repository. If the release can't be trusted the role will fail the installation.