Guide to ₿itcoin & ⚡Lightning️⚡ on
I have been running a FreeNAS server for a few years now, and have come to appreciate what it offers as a personal home server. It is infamous for media streaming & aggregation, and file hosting.
Why FreeNAS? Raspberri Pis are much cheaper!
Answer: Don't be this guy
Raspberri pis are awesome, they are cheap, consume tiny amounts of electricity, and a ton of documentation exists for so many projects, including bitcoin and lightning. The problem with Raspberri Pis are the hard drives on these setups. Lightning especially needs to be online at all times, and Pis are 1 spinning platter away from catastrophic failure. In addition, lightning does not have a reliable backup and restore system, yet. Disk corruption could result in lost channels and lost funds.
FreeNAS is special because of the hard drive redundancy features. FreeNAS utilizes the ZFS file system, which not only adds redundancy, but hashes data on your drives to detect and automatically fix errors. ZFS is better than hardware RAID, which is obsolete! If you follow the FreeNAS documentation, you will be set up to automatically run SMART tests on your hard drives, scrub data to verify & fix disk errors, and receive email alerts if a drive begins failing on you, allowing you to insert a new drive and resliver without any downtime. Add a battery backup, set up UPS monitoring & emails and you are running an enterprise grade environment at home!
FreeNAS is based on FreeBSD, a UNIX style operating system similar to Linux. FreeBSD utilizes a jail system to seperate operating environments, similar to how virturalization works. Except jails are much more efficient and less resource intensive than virturalizing. For example, my server has seperate jails for plex, medusa, transmission, SoftEther, bitcoin core&electrum-personal-server&lnd, nextcloud, etc. If I 'mess up', its easy to nuke the jail and start over, without ever damaging the host system or other jails.
What is the build cost of a FreeNAS system?
You can buy older generation servers on ebay for dirt cheap! If you want something "price is not a problem" new for bitcoin, nextcloud, plex + transcoding, here is a buy list: Latest Generation:
$80 Power Supply: Any Seasonic Brand with 8 or more SATA power cables.
$110 Case: Fractal Design Node 804
Whoa, I don't want to spend that much!
Thanks to our 21st century craving for all things digital, last generation hardware is being sold for pennies on the dollar! Just search ebay for "server Xeon E3 V3" and you can find fully equipped systems for $200-300, such as the HP Proliant ML310e Gen8 V2 or Dell T20 series.
Now compare the performance between a V3 and a V6 Xeon: https://www.cpubenchmark.net/compare/Intel-Xeon-E3-1220-v3-vs-Intel-Xeon-E3-1220-v6/2022vs3131
Yeah, you can save a lot of $ running last gen used server gear!
So, at this point we can assume that you built your home server. Hopefully you were smart enough to follow the hardware recommendation guide. My basic recommendation is this: Make sure you get a server class motherboard that has Internet Protocol Management Interface (IPMI) & have Error Code Correcting (ECC) ram. I highly recommend 6 hard drives in RAIDZ2 configuration, it is the best space and redundancy for the money. Any amount of drives in RAIDZ1 loses redundancy the moment you have a hard drive failure, and 4 drives in RAIDZ2 only has half the storage capacity of 6 drives in RAIDZ2. If the value proposition is getting pricey, start with smaller hard drives. You can’t add drives to a volume once its setup, however you can replace drives with larger drives, and once all 6 drives are the larger size, you get to increase the size of the volume.
I am assuming you know your way around your router. My example router is a Linksys WRT1900ACv1 running OpenWRT. Your router configuration user interface may be different than explained here.
Lets also assume that you installed FreeNAS on your home server (Version 11.2), navigated the FreeNAS forums, read the FreeNAS documentation, and set up a ZFS volume. Make sure you set up your SMART test, scrub schedule and email alerts!
Within this guide, any time a command line is represented by a single
# hash, that represents the command line as root user inside your bitcoin jail. Any commands outside this definition are represented by their full path, which may differ from what you see see based on how you named your server. Hopefully the guide is clear enough. If not, PLEASE reach out to me!
By the end of this guide, we will have bitcoin core compiled, serving connections over IP and tor. We will install electrum-personal-server, so we can use a hardware wallet to cold store our bitcoin savings, verified with our own node. We will have lightning lab's lnd implementation to onbard the lightning network, and we will use Ride The Lightning web user interface to manage our lnd server, as well as install the joule browser extension and connect it to our lnd server. Mobile wallet guides to follow...
There is more than 1 way to skin a cat. These are the preferred methods followed in this guide that may differ from other guides:
Minimize software requirements. This guide does not use systemd, which is a monolithic layer that acts between the kernel and the user space. It has its place, but we don't need it. I don't have an opinion on the matter, but FreeBSD's own daemon has enough functionality to act as our process monitors.
Minimal configuration. This guide is a baseline to get setup. Whenever a configuration file is referenced, follow the supporting docs to explore further configuration options.
Guide Security Goals
Use cookie authentication instead of exposing RPC credentials wherever possible. Use a VPN for remote access. Port forwarding an RPC interface is a security vulnerability.
Do not use UPnP for port forwarding, manually set up port forwards in your router. UPnP port forwarding is a massive security vulnerability. Modern releases of OpenWRT do not include UPnP. If your router does not feature an access control list, disable UPnP! This guide compiles
bitcoindwithout UPnP support.
lnd.confshould not use UPnP (
nat=true), unless you have a dynamic IP address assigned by your internet service provider AND YOUR UPNP IMPLEMENTATION IS SECURE. Read how to securely use UPnP with
lndfor dynamic IP connections, while keeping automatic port forwards disabled here.
This guide sets up a public IP address AND a tor service address. This means that your tor service address is NOT considered private. However this does help the network for users who exclusively need tor only connections.
Use a password manager to keep track of all the passwords required to run FreeNAS and your software. It's good cypherpunk habit to use unique strong passwords with 3rd parties, too. KeePassDX is an encrypted open source password manager that runs on android. It can generate strong passwords for you.
This guide is written not only to benefit others, but myself as well. Sometimes I don't touch my server for months on end, and forget how I set things up or did things. This guide is my attempt to act on my belief in the Cypherpunk Manifesto. If cypherpunks can't write code, then cypherpunks deploy code.
This guide will be kept up to date.
If you have any trouble with this guide, or want to share something to improve the guide, contact me! No question is too dumb! I'd rather help people deploy code than waste time browsing social media!
Give me an unreasonably small tip!
Special thanks to the Stadicus raspberri pi guide for inspiring this freebsd guide, check it out here: https://github.com/Stadicus/guides/blob/master/raspibolt/README.md
Next: [ Jail Creation ]