Move lamassu-install files to this repo's lamassu-remote-install folder. (#214)

* copy lamassu-install files

* Mention lamassu-install files in README.md

* Mention lamassu-install files in README.md
* Little change in lamassu-install files README.md

* Fix raw file link error

* install script accept branch name as argument

* install script accept branch name as argument
* Remove test.js file

README.md

@@ -10,6 +10,9 @@ We do not generally accept outside pull requests for new features. Please consul
 
 See [INSTALL.md](INSTALL.md).
 
+## Installation on remote server (only for production)
+See [lamassu-remote-install/README.md](lamassu-remote-install/README.md).
+
 ## Running
 ```bash
 node bin/lamassu-server --mockSms

lamassu-remote-install/README.md

@@ -0,0 +1,23 @@
+lamassu-remote-install
+===============
+
+This will install your Lamassu Bitcoin Machine remote server.
+
+Instructions
+------------
+
+1. Start a new Digital Ocean droplet
+
+2. ssh into the droplet
+
+    ```
+    ssh root@<your-new-ip-address>
+    ```
+
+3. Run the following command once you're logged in (default branch name is master):
+
+    ```
+    curl -sS https://raw.githubusercontent.com/lamassu/lamassu-server/master/lamassu-remote-install/install | bash -s -- <branch-name>
+    ```
+
+4. You should be set. Just follow the instructions on the screen to open your dashboard.

lamassu-remote-install/Vagrantfile

@@ -0,0 +1,72 @@
+# -*- mode: ruby -*-
+# vi: set ft=ruby :
+
+# All Vagrant configuration is done below. The "2" in Vagrant.configure
+# configures the configuration version (we support older styles for
+# backwards compatibility). Please don't change it unless you know what
+# you're doing.
+Vagrant.configure(2) do |config|
+  # The most common configuration options are documented and commented below.
+  # For a complete reference, please see the online documentation at
+  # https://docs.vagrantup.com.
+
+  # Every Vagrant development environment requires a box. You can search for
+  # boxes at https://atlas.hashicorp.com/search.
+  config.vm.box = "ubuntu/xenial64"
+
+  # Disable automatic box update checking. If you disable this, then
+  # boxes will only be checked for updates when the user runs
+  # `vagrant box outdated`. This is not recommended.
+  # config.vm.box_check_update = false
+
+  # Create a forwarded port mapping which allows access to a specific port
+  # within the machine from a port on the host machine. In the example below,
+  # accessing "localhost:8080" will access port 80 on the guest machine.
+  config.vm.network "forwarded_port", guest: 8081, host: 8091
+
+  # Create a private network, which allows host-only access to the machine
+  # using a specific IP.
+  # config.vm.network "private_network", ip: "192.168.33.10"
+
+  # Create a public network, which generally matched to bridged network.
+  # Bridged networks make the machine appear as another physical device on
+  # your network.
+  # config.vm.network "public_network"
+
+  # Share an additional folder to the guest VM. The first argument is
+  # the path on the host to the actual folder. The second argument is
+  # the path on the guest to mount the folder. And the optional third
+  # argument is a set of non-required options.
+  config.vm.synced_folder ".", "/vagrant"
+  config.vm.synced_folder "../lamassu-scripts", "/lamassu-scripts"
+
+  # Provider-specific configuration so you can fine-tune various
+  # backing providers for Vagrant. These expose provider-specific options.
+  # Example for VirtualBox:
+  #
+  config.vm.provider "virtualbox" do |vb|
+  #   # Display the VirtualBox GUI when booting the machine
+  #   vb.gui = true
+  #
+  #   # Customize the amount of memory on the VM:
+    vb.memory = "2048"
+  end
+  #
+  # View the documentation for the provider you are using for more
+  # information on available options.
+
+  # Define a Vagrant Push strategy for pushing to Atlas. Other push strategies
+  # such as FTP and Heroku are also available. See the documentation at
+  # https://docs.vagrantup.com/v2/push/atlas.html for more information.
+  # config.push.define "atlas" do |push|
+  #   push.app = "YOUR_ATLAS_USERNAME/YOUR_APPLICATION_NAME"
+  # end
+
+  # Enable provisioning with a shell script. Additional provisioners such as
+  # Puppet, Chef, Ansible, Salt, and Docker are also available. Please see the
+  # documentation for more information about their specific syntax and use.
+  # config.vm.provision "shell", inline: <<-SHELL
+  #   sudo apt-get update
+  #   sudo apt-get install -y apache2
+  # SHELL
+end

lamassu-remote-install/default.sql

@@ -0,0 +1,40 @@
+COPY user_config (id, type, data) FROM stdin;
+1	exchanges	{"exchanges" : {\
+    "settings": {\
+      "commission": 1.0,\
+      "compliance": {\
+        "maximum": {\
+          "limit": null\
+        }\
+      }\
+    },\
+    "plugins" : {\
+      "current": {\
+        "ticker": "bitpay",\
+        "transfer": "bitgo"\
+      },\
+      "settings": {\
+        "bitpay": {},\
+        "bitgo" : {}\
+      }\
+    }\
+  }\
+}
+\.
+
+COPY user_config (id, type, data) FROM stdin;
+2	unit	{ "brain": {\
+    "unit": {\
+      "ssn": "xx-1234-45",\
+      "owner": "Unlisted"\
+    },\
+    "locale": {\
+      "currency": "USD",\
+      "localeInfo": {\
+        "primaryLocale": "en-US",\
+        "primaryLocales": ["en-US"]\
+      }\
+    }\
+  }\
+}
+\.

lamassu-remote-install/install

@@ -0,0 +1,257 @@
+#!/usr/bin/env bash
+set -e
+
+export LOG_FILE=/tmp/install.log
+
+CERT_DIR=/etc/ssl/certs
+KEY_DIR=/etc/ssl/private
+CONFIG_DIR=/etc/lamassu
+MIGRATE_STATE_PATH=$CONFIG_DIR/.migrate
+LAMASSU_CA_PATH=$CERT_DIR/Lamassu_CA.pem
+CA_KEY_PATH=$KEY_DIR/Lamassu_OP_Root_CA.key
+CA_PATH=$CERT_DIR/Lamassu_OP_Root_CA.pem
+SERVER_KEY_PATH=$KEY_DIR/Lamassu_OP.key
+SERVER_CERT_PATH=$CERT_DIR/Lamassu_OP.pem
+SEEDS_DIR=$HOME/seeds
+SEED_FILE=$SEEDS_DIR/seed.txt
+BACKUP_DIR=/var/backups/postgresql
+BLOCKCHAIN_DIR=/mnt/blockchains
+OFAC_DATA_DIR=/var/lamassu/ofac
+
+# Look into http://unix.stackexchange.com/questions/140734/configure-localtime-dpkg-reconfigure-tzdata
+
+decho () {
+  echo `date +"%H:%M:%S"` $1
+  echo `date +"%H:%M:%S"` $1 >> $LOG_FILE
+}
+
+retry() {
+  local -r -i max_attempts="$1"; shift
+  local -r cmd="$@"
+  local -i attempt_num=1
+
+  until $cmd
+  do
+    if (( attempt_num == max_attempts ))
+    then
+        echo
+        echo "****************************************************************"
+        echo "Attempt $attempt_num failed and there are no more attempts left! ($cmd)"
+        return 1
+    else
+        echo
+        echo "****************************************************************"
+        echo "Attempt $attempt_num failed! Trying again in $attempt_num seconds..."
+        sleep $(( attempt_num++ ))
+    fi
+  done
+}
+
+rm -f $LOG_FILE
+
+cat <<'FIG'
+ _
+| | __ _ _ __ ___   __ _ ___ ___ _   _       ___  ___ _ ____   _____ _ __
+| |/ _` | '_ ` _ \ / _` / __/ __| | | |_____/ __|/ _ \ '__\ \ / / _ \ '__|
+| | (_| | | | | | | (_| \__ \__ \ |_| |_____\__ \  __/ |   \ V /  __/ |
+|_|\__,_|_| |_| |_|\__,_|___/___/\__,_|     |___/\___|_|    \_/ \___|_|
+FIG
+
+echo -e "\nStarting \033[1mlamassu-server\033[0m install. This will take a few minutes...\n"
+
+if [ "$(whoami)" != "root" ]; then
+  echo -e "This script has to be run as \033[1mroot\033[0m user"
+  exit 3
+fi
+
+release=$(lsb_release -rs)
+processor=$(uname -i)
+if [ "$release" != "16.04" ] || [ "$processor" != "x86_64" ]; then
+    echo "You're attempting to install on an unsupported Linux distribution or release."
+    uname -a
+    echo "Please return to DigitalOcean and create a droplet running Ubuntu 16.04 x64 instead."
+    exit 1
+fi
+
+# So we don't run out of memory
+decho "Enabling swap file for install only..."
+fallocate -l 1G /swapfile >> $LOG_FILE 2>&1
+chmod 600 /swapfile >> $LOG_FILE 2>&1
+mkswap /swapfile >> $LOG_FILE 2>&1
+swapon /swapfile >> $LOG_FILE 2>&1
+
+IP=$(ifconfig eth0 | grep "inet" | grep -v "inet6" | awk -F: '{print $2}' | awk '{print $1}')
+
+decho "Updating system..."
+sleep 10
+curl -sL https://deb.nodesource.com/setup_8.x | sudo -E bash - >> $LOG_FILE 2>&1
+apt update >> $LOG_FILE 2>&1
+
+decho "Installing necessary packages..."
+apt install nodejs python-minimal build-essential supervisor postgresql libpq-dev -y -q >> $LOG_FILE 2>&1
+
+decho "Generating seed..."
+mkdir -p $SEEDS_DIR >> $LOG_FILE 2>&1
+SEED=$(openssl rand -hex 32)
+echo $SEED > $SEED_FILE
+
+decho "Installing latest npm package manager for node..."
+retry 3 npm -g --unsafe-perm install npm@5  >> $LOG_FILE 2>&1
+NODE_MODULES=$(npm -g root)
+NPM_BIN=$(npm -g bin)
+
+decho "Installing lamassu-server..."
+retry 3 npm -g --unsafe-perm install lamassu/lamassu-server#${1-master} >> $LOG_FILE 2>&1
+
+decho "Creating postgres user..."
+POSTGRES_PW=$(hkdf postgres-pw $SEED)
+su -l postgres >> $LOG_FILE 2>&1 <<EOF
+  psql -c "CREATE ROLE lamassu_pg WITH LOGIN SUPERUSER PASSWORD '$POSTGRES_PW';"
+  createdb lamassu
+EOF
+
+mkdir -p $CERT_DIR >> $LOG_FILE 2>&1
+mkdir -p $CONFIG_DIR >> $LOG_FILE 2>&1
+
+decho "Generating SSL certificates..."
+
+openssl genrsa \
+  -out $CA_KEY_PATH \
+  4096 >> $LOG_FILE 2>&1
+
+openssl req \
+  -x509 \
+  -sha256 \
+  -new \
+  -nodes \
+  -key $CA_KEY_PATH \
+  -days 3560 \
+  -out $CA_PATH \
+  -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator CA/CN=lamassu-operator.is" \
+  >> $LOG_FILE 2>&1
+
+openssl genrsa \
+  -out $SERVER_KEY_PATH \
+  4096 >> $LOG_FILE 2>&1
+
+openssl req -new \
+  -key $SERVER_KEY_PATH \
+  -out /tmp/Lamassu_OP.csr.pem \
+  -subj "/C=IS/ST=/L=Reykjavik/O=Lamassu Operator/CN=$IP" \
+  -reqexts SAN \
+  -sha256 \
+  -config <(cat /etc/ssl/openssl.cnf \
+      <(printf "[SAN]\nsubjectAltName=IP.1:$IP")) \
+  >> $LOG_FILE 2>&1
+
+openssl x509 \
+  -req -in /tmp/Lamassu_OP.csr.pem \
+  -CA $CA_PATH \
+  -CAkey $CA_KEY_PATH \
+  -CAcreateserial \
+  -out $SERVER_CERT_PATH \
+  -extfile <(cat /etc/ssl/openssl.cnf \
+      <(printf "[SAN]\nsubjectAltName=IP.1:$IP")) \
+  -extensions SAN \
+  -days 3650 >> $LOG_FILE 2>&1
+
+rm /tmp/Lamassu_OP.csr.pem
+
+decho "Copying Lamassu certificate authority..."
+LAMASSU_CA_FILE=$NODE_MODULES/lamassu-server/Lamassu_CA.pem
+cp $LAMASSU_CA_FILE $LAMASSU_CA_PATH
+
+mkdir -p $OFAC_DATA_DIR
+
+cat <<EOF > $CONFIG_DIR/lamassu.json
+{
+  "postgresql": "postgres://lamassu_pg:$POSTGRES_PW@localhost/lamassu",
+  "seedPath": "$SEED_FILE",
+  "lamassuCaPath": "$LAMASSU_CA_PATH",
+  "caPath": "$CA_PATH",
+  "certPath": "$SERVER_CERT_PATH",
+  "keyPath": "$SERVER_KEY_PATH",
+  "hostname": "$IP",
+  "logLevel": "info",
+  "migrateStatePath": "$MIGRATE_STATE_PATH",
+  "blockchainDir": "$BLOCKCHAIN_DIR",
+  "ofacDataDir": "$OFAC_DATA_DIR",
+  "strike": {
+    "baseUrl": "https://api.strike.acinq.co/api/"
+  },
+  "coinAtmRadar": {
+    "url": "https://coinatmradar.info/api/lamassu/"
+  }
+}
+EOF
+
+decho "Setting up database tables..."
+lamassu-migrate >> $LOG_FILE 2>&1
+
+decho "Setting up lamassu-admin..."
+ADMIN_REGISTRATION_URL=`lamassu-register admin 2>> $LOG_FILE`
+lamassu-apply-defaults >> $LOG_FILE 2>&1
+
+decho "Setting up backups..."
+BIN=$(npm -g bin)
+BACKUP_CMD=$BIN/lamassu-backup-pg
+mkdir -p $BACKUP_DIR
+BACKUP_CRON="@daily $BACKUP_CMD > /dev/null"
+(crontab -l 2>/dev/null || echo -n ""; echo "$BACKUP_CRON") | crontab - >> $LOG_FILE 2>&1
+$BACKUP_CMD >> $LOG_FILE 2>&1
+
+decho "Setting up firewall..."
+ufw allow ssh >> $LOG_FILE 2>&1
+ufw allow 443/tcp >> $LOG_FILE 2>&1   # Admin
+ufw allow 3000/tcp >> $LOG_FILE 2>&1  # Server
+ufw allow 8071/tcp >> $LOG_FILE 2>&1  # Lamassu support
+ufw -f enable >> $LOG_FILE 2>&1
+
+decho "Setting up supervisor..."
+cat <<EOF > /etc/supervisor/conf.d/lamassu-server.conf
+[program:lamassu-server]
+command=${NPM_BIN}/lamassu-server
+autostart=true
+autorestart=true
+stderr_logfile=/var/log/supervisor/lamassu-server.err.log
+stdout_logfile=/var/log/supervisor/lamassu-server.out.log
+environment=HOME="/root"
+EOF
+
+cat <<EOF > /etc/supervisor/conf.d/lamassu-admin-server.conf
+[program:lamassu-admin-server]
+command=${NPM_BIN}/lamassu-admin-server
+autostart=true
+autorestart=true
+stderr_logfile=/var/log/supervisor/lamassu-admin-server.err.log
+stdout_logfile=/var/log/supervisor/lamassu-admin-server.out.log
+environment=HOME="/root"
+EOF
+
+service supervisor restart >> $LOG_FILE 2>&1
+
+decho "Disabling swap file..."
+swapoff /swapfile >> $LOG_FILE 2>&1
+
+# disable exitting on error in case DO changes motd scripts
+set +e
+chmod -x /etc/update-motd.d/*-release-upgrade
+chmod -x /etc/update-motd.d/*-updates-available
+chmod -x /etc/update-motd.d/*-reboot-required
+chmod -x /etc/update-motd.d/*-help-text
+chmod -x /etc/update-motd.d/*-cloudguest
+set -e
+
+echo
+decho "Done! Now it's time to configure Lamassu stack."
+echo
+echo -e "\n*** IMPORTANT ***"
+echo "In a private space, run lamassu-mnemonic, write down the words"
+echo "and keep them in a safe place."
+echo
+echo "This secret will allow you to retrieve system passwords, including "
+echo "the keys to some of your crypto accounts."
+echo
+echo
+echo "Activation URL for lamassu-admin:"
+echo $ADMIN_REGISTRATION_URL