Micronode Setup - Debian 64-bit (x11/x12)

[mqpickens]

With the help of setup scripts, setting up a micronode has gotten a whole lot easier.
These setup scripts are located at https://github.com/satoshiware/micronode.
Remember to verify the script and the the binaries!!
Have a unique or specific micronode? Please make a post and share the details in this thread.

Below are the hardware requirements and steps to setup a micronode.

Hardware Requirements

• Dedicated Machine w\ fresh Debian Install

• 64-bit processor

• 4GB (minimum) or 8GB (recommended)

• 10GB + sufficient space for an ever growing blockchain
  • 250GB recommended; 500GB+ to play it safe

Setup Steps

• # Boot machine and log in as "root"

• sudo adduser $USER # Create new sudo user (i.e. satoshi)

• sudo usermod -aG sudo $USER

• sudo su $USER # Switch to the new user

• cd ~; sudo apt-get -y install git # Install git

• git clone https://github.com/satoshiware/micronode # Download scripts

• bash ./micronode/setup.sh $MICRONAME # Run setup script for specific microcurrency
  • Microcurrency Name Examples (look in github @ satoshiware/bitcoin/src/micros for all the names available):
    • azmoney
    • bitcoin (currently not supported w\ this setup script)
    • deseretmoney

• sudo reboot # Reboot the machine

Add Fido 2 Hardware Key (e.g. Yubikey) for Remote Access (Optional)
This is highly recommended for remote management/access of any kind.
It will help keep your network secure, airtight, and your funds safe.

• Get the Public Key from your FIDO 2 HW (e.g. YubiKey Setup - Windows)

• Log in as the sudo $USER

• Copy the Public Key onto a new line in the file ~/.ssh/authorized_keys

[mqpickens]

The Windows Subsystem for Linux (WSL) lets developers run a GNU/Linux environment, including most command-line tools, utilities,
and applications directly on Windows! However, the environment is not very secure and could pose risks building a network on
top of it. Therefore, it is highly recommended to only implement a WSL node for limited purposes and to take additional measures to
secure funds (i.e. store large amounts offline; e.g Satoshi Savings Card) and secure the connection to the network: only operate with
one outbound node connection and take the security of the Windows OS seriously.

To make your WSL node experience more successful, make sure to turn off automatic updates (prevent windows from rebooting
unknowingly). Also, disable sleep/hibernation mode. Even though there are workarounds, the most straight forward way to keep
your WSL instance alive is to always leave the WSL terminal window open.

Note: If you haven't discovered the new "Windows Terminal" software readily available for download. Check it out before you get started (optional).

Installation (Windows 10/11)

• (Run as administrator) PowerShell
  • wsl --install
  • dism /online /enable-feature /featurename:VirtualMachinePlatform /all /norestart # Makes sure Virtual Machines are enabled. Required for WSL
  • # IMPORTANT! Restart the Computer.

• Update the Kernel
  • # Download and install the wsl_update_x64 MSI file
  • # IMPORTANT! Restart the Computer... Again!

• (Run as administrator) PowerShell
  • wsl --set-default-version 2 # Sets WSL to version 2 by default for new Linux distribution installations
  • wsl --update # Make sure the latest version is being used

Create WSL micronode Instance (Debian) Run following commands in PowerShell (non-administrator)

• wsl --install -d Debian
  • # Bash Shell: Enter desired $USERNAME (e.g. satoshi)
  • # Bash Shell: Enter desired password
  • # Bash Shell: "exit" back to PowerShell

• wsl -t Debian # Shutdown the new Debian instance

• wsl --export Debian $HOME\wsl-debian-micronode.tar # Create a new instance (called micro-node) with the Debian Instance

• wsl --unregister Debian # Remove instance; no longer needed or wanted

• # Create a new micronode instance from the Debian install
  • $INSTANCE = Read-Host -Prompt 'Enter the desired name for the wsl micro node instance'
  • wsl --import $INSTANCE $HOME\$INSTANCE $HOME\wsl-debian-micronode.tar
  • rm $HOME\wsl-debian-micronode.tar

Download/Run The micronode Setup Scripts

• $USERNAME = Read-Host -Prompt 'Enter default username' # PowerShell: Get Default Username

• wsl -d $INSTANCE -u $USERNAME # PowerShell: Run Instance w\ Default User

• cd ~; sudo apt-get -y install git # Bash Shell: Install git

• git clone https://github.com/satoshiware/micronode # Bash Shell: Download Scripts

• bash ./micronode/wsl_configuration.sh # Bash Shell: Run WSL configuration Script

• exit # Bash Shell: Exit to PowerShell

• wsl -t $INSTANCE # PowerShell: Close WSL Instance (i.e. Rebooting)

• wsl -d $INSTANCE # PowerShell: Run Instance

• cd ~;bash ./micronode/setup.sh # Bash Shell: Run Setup Script

• exit # Bash Shell: Exit to PowerShell

• wsl -t $INSTANCE # PowerShell: Close WSL Instance (i.e. Rebooting)

PowerShell WSL Commands

• wsl -d $INSTANCE # Run desired instance

• wsl -t $INSTANCE # Stop (Turn Off)

• wsl -l -v # List WSL instances and their statuses

• wsl --unregister $INSTANCE # Uninstall desired instance

• wsl --shutdown # Shutdown (restart) WSL and all instances

[mqpickens]

Connecting to WSL 2 from outside the Windows machine is possible with just a few commands in the PowerShell (run as administrator).
In order for it to work, select non-default ports (2020, 29333, and 23333) that will be forwarded (inside the Windows box) to the
services of interest (SSHD, Bitcoin Core, and Stratum) respectively. It is possible for these external ports outside the Windows box
to be the known default ports, but the solutions are messy and beyond this simple post! One solution could be to change the default
ports of the services running in WSL and then forward the desired external port numbers to these new WSL port numbers.

So, why is this the recommended solution? WSL 2 runs with Windows' Hyper V where it has its own virtual network adapter and two
internal IP addresses (that are changed after each restart). One IP is for the virtual ethernet adapter and the other is for WSL directly.
On top of all this, there is a process (wslrelay.exe) actively running so all of WSL open ports can be accessible via "localhost" only.

Set Internal Port Forwarding Rules for WSL (Run as administrator: PowerShell)

• netsh interface portproxy set v4tov4 listenport=2022 listenaddress=0.0.0.0 connectport=22 connectaddress=localhost # SSH

• # netsh interface portproxy set v4tov4 listenport=29333 listenaddress=0.0.0.0 connectport=19333 connectaddress=localhost # Bitcoin Core (micro)

• netsh interface portproxy set v4tov4 listenport=23333 listenaddress=0.0.0.0 connectport=3333 connectaddress=localhost # Stratum

List All Internal Port Forwarding Rules for WSL

• netsh interface portproxy show all

Delete Internal Port Forwarding Rules for WSL (Run as administrator: PowerShell)

• netsh interface portproxy delete v4tov4 listenport=2022 listenaddress=0.0.0.0 # SSH

• netsh interface portproxy delete v4tov4 listenport=29333 listenaddress=0.0.0.0 # Bitcoin Core (micro)

• netsh interface portproxy delete v4tov4 listenport=23333 listenaddress=0.0.0.0 # Stratum

Configure Firewall Rules (Run as administrator: PowerShell)

• netsh advfirewall firewall add rule name="WSL SSH 2022" dir=in action=allow protocol=TCP localport=2022 # SSH

• # netsh advfirewall firewall add rule name="WSL Micro 29333" dir=in action=allow protocol=TCP localport=29333 remoteip=192.168.0.0/16

• netsh advfirewall firewall add rule name="WSL Stratum 23333" dir=in action=allow protocol=TCP localport=23333 remoteip=192.168.0.0/16

Show Firewall Rules

• netsh advfirewall firewall show rule name=all | select-string -pattern "WSL" # Show All

• netsh advfirewall firewall show rule name="WSL SSH 2022" # Show SSH

• netsh advfirewall firewall show rule name="WSL Micro 29333" # Show Bitcoin Core (micro)

• netsh advfirewall firewall show rule name="WSL Stratum 23333" # Show Stratum

Delete Firewall Rules (Run as administrator: PowerShell)

• netsh advfirewall firewall delete rule name="WSL SSH 2022" # Delete SSH

• netsh advfirewall firewall delete rule name="WSL Micro 29333" # Delete Bitcoin Core (micro)

• netsh advfirewall firewall delete rule name="WSL Stratum 23333" # Delete Stratum

[mqpickens]

The Raspbian Operating System is based on Debian and it's custom built to run on the Raspberry Pi.
The intended setup (below) is for a non-GUI install with an ssh interface. No need for any
connected peripherals: no Keyboard, no mouse, and no monitor.

Hardware (Amazon List)

• Raspberry Pi 4B

• Passive Cooling (Heatsink) Case

• 240GB (256GB) SATA 3 SSD

• USB 3.0 to SATA 3 Cable Adapter

• Raspberry Pi 4 Power Supply (20W 5V 4.0A)

• Micro HDMI (Male) to HDMI Adapter (Female)

• Yubico Security Key (FIDO2) (Highly Recommended)

Setup Process

• Connect the SSD (via SATA III to USB 3.0 Cable) to PC

• Download/Run Raspberry Pi Imager
  • Select "Raspberry Pi OS (other) -> Raspberry Pi OS Lite (64-bit)"
  • Select the SSD for Download
  • "Advanced Options"
    
    • Set hostname: (e.g. "micro-node")
    • Enable SSH: Allow public-key authentication only
      • Enter Yubikey Public Key (YubiKey Setup - Windows)
    • Set username and password: (e.g. Username: satoshi)
    • Set locale settings
  • Write to SSD

• Plug SSD into Pi and turn on! Now launch an SSH Windows Session!

• Download/Run The micronode Setup Script
  • cd ~; sudo apt-get -y install git
  • git clone https://github.com/satoshiware/micronode
  • bash ./micronode/setup.sh
  • sudo reboot

• Reconnect with a new SSH Windows Session

• Backup wallets & the SSH-Fail-Safe Key
  • rm -rf ./micronode # Post clean up
  • # Example: scp -rp -i $HOME/.ssh/YubiKey satoshi@micro-node.local:~/backup $HOME/Desktop

Notes

• Discover the IP of the RPi (this will be needed to make an SSH connection) via the DHCP server (usually on the router).
  While there, make it a static IP permanently assigned to your raspberry pi micro-node. Also, setup a port to be forwarded to port 22 on the pi.

• If it won't boot from the SATA drive, you may need to first boot from an SD card (programmed with the "Raspberry Pi Imager") to then update the eeprom.
  • sudo rpi-eeprom-update # See the current version and what new versions are available.
  • sudo rpi-eeprom-update -a # Update with the new firmware.