diff --git a/hosts b/hosts index ebb0138..3228b6f 100644 --- a/hosts +++ b/hosts @@ -33,7 +33,9 @@ bitcoin_version=26.0 clightning_version=23.11.2 clightning_platform=Fedora-28-amd64 bitcoin_rpcuser=n0xb0x -bitcoin_rpcpassword=rVhfmriXjB8uFekmn7sLvnUiY610JaOx +bitcoin_rpcpassword=VTyzGzBQZn2PdAHgl_mSQPDNJnhNGqQE13N7acOnLIE +#bitcoin_rpcpassword=rVhfmriXjB8uFekmn7sLvnUiY610JaOx +bitcoin_rpcauth=rpcauth=n0xb0x:abc92d2e5020c3071600c7db53075dfc$1a0aff9b8ebcf3889edfa003c64ef81b9b117987da0d97aa967c08ac0c5ad7d2 electrs_version=0.10.2 zerotier_network= #Update wariness - 1 = very reluctant to update, 0 = eager to update diff --git a/roles/apps/files/bitcoin/rpcauth.py b/roles/apps/files/bitcoin/rpcauth.py new file mode 100644 index 0000000..d691504 --- /dev/null +++ b/roles/apps/files/bitcoin/rpcauth.py @@ -0,0 +1,54 @@ +#! /usr/bin/env python3 +# vim:fenc=utf-8 +# +# Copyright © 2024 barry +# +# Distributed under terms of the MIT license. + +""" +bitcoin tool to generate rpcauth +""" + +#!/usr/bin/env python3 +# Copyright (c) 2015-2021 The Bitcoin Core developers +# Distributed under the MIT software license, see the accompanying +# file COPYING or http://www.opensource.org/licenses/mit-license.php. + +from argparse import ArgumentParser +from getpass import getpass +from secrets import token_hex, token_urlsafe +import hmac + +def generate_salt(size): + """Create size byte hex salt""" + return token_hex(size) + +def generate_password(): + """Create 32 byte b64 password""" + return token_urlsafe(32) + +def password_to_hmac(salt, password): + m = hmac.new(salt.encode('utf-8'), password.encode('utf-8'), 'SHA256') + return m.hexdigest() + +def main(): + parser = ArgumentParser(description='Create login credentials for a JSON-RPC user') + parser.add_argument('username', help='the username for authentication') + parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?') + args = parser.parse_args() + + if not args.password: + args.password = generate_password() + elif args.password == '-': + args.password = getpass() + + # Create 16 byte hex salt + salt = generate_salt(16) + password_hmac = password_to_hmac(salt, args.password) + + print('String to be appended to bitcoin.conf:') + print(f'rpcauth={args.username}:{salt}${password_hmac}') + print(f'Your password:\n{args.password}') + +if __name__ == '__main__': + main() diff --git a/roles/apps/tasks/bitcoin.yml b/roles/apps/tasks/bitcoin.yml index ac53ee7..b1e1c5e 100644 --- a/roles/apps/tasks/bitcoin.yml +++ b/roles/apps/tasks/bitcoin.yml @@ -69,4 +69,8 @@ mode: '0700' notify: rebuild_bitcoin - +- name: bitcoin - copy rpcauth.py utility + ansible.builtin.copy: + src: bitcoin/rpcauth.py + dest: ~/Container/bitcoin/rpcauth.py + mode: '0700' diff --git a/roles/apps/templates/bitcoin/bin/btc_oneshot.j2 b/roles/apps/templates/bitcoin/bin/btc_oneshot.j2 index bc19ff2..6bf522f 100644 --- a/roles/apps/templates/bitcoin/bin/btc_oneshot.j2 +++ b/roles/apps/templates/bitcoin/bin/btc_oneshot.j2 @@ -10,7 +10,7 @@ btc_init if [ $# -eq 0 ]; then # If IPv6 is in the container do both: #set -- '-rpcbind=[::]:8332' '-rpcallowip=::/0' '-rpcallowip=0.0.0.0/0' - set -- '-rpcbind=:8332' '-rpcallowip=0.0.0.0/0' '-rpcuser={{bitcoin_rpcuser}}' '-rpcpassword={{bitcoin_rpcpassword}}' + set -- '-rpcbind=:8332' '-rpcallowip=0.0.0.0/0' '-rpcauth={{bitcoin_rpcauth}}' fi exec bitcoind "$@"