Safe Network Node on 64-bit ARM servers Installation Guide [Manjaro minimal] - Second edition

Community
1

Introduction

This guide will tell you howl to install a safe network node on any server computer that runs on an ARM chip. Once running, you will earn safe network tokens. Good luck!

Note: As of now, only the first half of this guide functions as intended, that is step 1 to 5, or the proper installment of the SD card. I’m still working on step 6, the proper installment of the safe application.

Note: The safe network is still in it’s testing phase, so all earned safe network tokens will be destroyed at the end of each test run.

Note: For those of you who are absolute beginners when it comes to server computers.
A server computer is not necessarily any different from a client computer. Any computer can be a server computer. What’s often different about ‘server computers’ is that they often lacks support for monitors, speakers and other components aimed at human sensors. Server computers sit in a corner and uploads data to whomever requests it.

Note: Manjaro ARM no longer supports armv7h architecture. So if you have a armv7h device, you will have to find another guide or buy a newer ARM server.

Requirements

Client computer

  • A Desktop or laptop

2021-07-16_144425
2021-07-16_1444255984×3392 3.32 MB

Server computer

2021-07-16_144809
2021-07-16_1448095984×3392 2.02 MB

Minimal

  • 64-bit ARM computer (Raspberry Pi 4 in picture)
    • Motherboard
    • Case
    • Power Adapter
  • SD Card - (Endurable recommended)
  • SD Card reader
  • Ethernet cable

Highly recommended

  • A display-providing cable for your ARM server in case it loses connection:
    • Monitor with HDMI cable : USB-C in to HDMI out cable
    • Monitor with displayport cable : USB-C in to Disyplayport out cable (not in picture)
    • No monitor : Raspberry Pi Display (not in picture)
  • For those who use of the Raspberry Pi 4 as their server, the Raspberry Pi 4 Heatsink

Recommended (not in picture)

  • External storage

Steps

WARNING! For Manjaro OS users that know one can skip step 1 to 3 simply by running manjaro-arm-installer straight away, it is highly recommended to follow these steps carefully as a virtual machine protects you from calamity. This tutorial writer did not follow his own advice and had accidentally deleted his entire computer. Please do not be as stupid as him.

Step 1: Download and install Libvrt (or Virtualbox), Vagrant and Manjaro OS

Windows 10/11

Recommendation: Chocolately

Chocolately is a package manager, which is like an app store full of free adless software. Go to https://chocolatey.org/ and follow the instructions. Once you have downloaded and installed chocolately, downloaded, installed and started choco-gui, you can install both Vagrant and virtualbox via Chocolately-gui, as vagrant-libvirt has so far has not been able to work with Windows.

– Todo

For Mac OS users

– Todo

For Arch Linux OS users

Open your terminal and type

sudo pacman -S vagrant virt-manager qemu vde2 ebtables dnsmasq bridge-utils openbsd-netcat
sudo systemctl enable libvirtd.service
sudo systemctl start libvirtd.service

For Debian Linux OS users

sudo apt install vagrant virt-manager qemu vde2 ebtables dnsmasq bridge-utils openbsd-netcat
sudo systemctl enable libvirtd.service
sudo systemctl start libvirtd.service

For Fedora Linux OS users

sudo yum install vagrant virt-manager qemu vde2 ebtables dnsmasq bridge-utils openbsd-netcat
sudo systemctl enable libvirtd.service
sudo systemctl start libvirtd.service

Step 2: Run vagrant, download, install and run the MAI-box

Create a folder in your home directory named vagrant.
Open your terminal and navigate towards this folder.
Then type the following:

vagrant plugin install libvrt
vagrant init safenetwork-community/manjaro-arm-installer
vagrant up

Step 3: Insert SD card and run the MAI-box

Once done, start virt-machine, insert your SD card and choose
View->Add Hardware->USB host device and then choose your SD card.

image
image1728×873 128 KB

Go back to the terminal and type the following:

vagrant ssh

Step 4: Install Manjaro Minimal onto your SD card

Note: There’s no need for difficult passwords right away, because we’re going to use SSH keys and then via SSH we can change those passwords.

WARNING! If you are not careful with one of the steps during the procedure and choose vda, you will overwrite your virtual machine and have to do Step 1 over again.

WARNING! In the video I chose btrfs. It worked when I did that, but for whatever stopped working again. Please choose ext4.

asciicast

As in the video choose the following:

YOUR_ARM_COMPUTER_MODEL 
minimal
YOUR_USERNAME 
wheel,sys,audio,input,video,storage,lp,network,users,power
YOUR_FULLNAME 
A_SIMPLE_PASSWORD 
REPEAT
A_SIMPLE_PASSWORD 
REPEAT
sda <- [READ WARNING ABOVE!]
ext4 <- [READ WARNING ABOVE!]
YOUR_TIMEZONE
YOUR_LOCALE (default: en_US)
YOUR_TTY_KEYBOARD_LAYOUT (default: us) 
YOUR_HOSTNAME (default: Safenetwork-one)

Once the installment is finished, enter these commands (ROOT_MNJRO=ROOT_MNJRO):

curl https://link.tardigradeshare.io/s/julx763rsy2egbnj2nixoahpobgq/rezosur/mizaqplas/safe_network_dev_environment_setup.sh?download -o safe_network_dev_environment_setup.sh
curl https://link.tardigradeshare.io/s/julx763rsy2egbnj2nixoahpobgq/rezosur/mizaqplas/safe_network_dev_extra_setup.sh?download -o safe_network_dev_extra_setup.sh
curl https://link.tardigradeshare.io/s/julx763rsy2egbnj2nixoahpobgq/rezosur/mizaqplas/sshd_config?download -o sshd_config
mkdir /run/media/$USER/ROOT_MNJRO/home/YOUR_USERNAME/{safe,safenetwork-node,.ssh} 
mv safe_network_dev_environment_setup.sh /run/media/$USER/ROOT_MNJRO/home/YOUR_USERNAME/safe/
mv safe_network_dev_extra_setup.sh /run/media/$USER/ROOT_MNJRO/home/YOUR_USERNAME/safe/
sudo mv -b sshd_config  /run/media/$USER/ROOT_MNJRO/etc/ssh
ssh-keygen -t ed25519 -N <passphrase> -C "USER@HOSTNAME"
cat ~/.ssh/id_ed25519.pub | tee -a /run/media/$USER/ROOT_MNJRO/home/YOUR_USERNAME/.ssh/authorized_keys
chmod 600 /run/media/$USER/ROOT_MNJRO/home/YOUR_USERNAME/.ssh/authorized_keys

Step 5: Access your ARM server computer via SSH

Eject ROOT_MNJRO and pull your Mirco SD card out of your reader and push it into your ARM server.
Connect the ethernet cable to your modem and turn your ARM server on.

On your client computer terminal type the following command to connect to your server:

ssh YOUR_USERNAME@YOUR_HOSTNAME

This should give you access to your server computer.

Next use a password manager (example: KeepassXC) for generating and managing passwords.
Then type these commands:

passwd
YOUR_PASSWORD
NEWLY_GENERATED_PASSWORD
REPEAT
sudo su
passwd
NEWLY_GENERATED_PASSWORD
REPEAT
exit

Run the safe network script which should download and setup podman on your server computer.
This requires a reconnect in order for Manjaro to provide new user permissions.

sudo sh ~/safe/safe_network_dev_environment_setup.sh
(enter) 
(enter) 
y
exit
ssh YOUR_USERNAME@YOUR_HOSTNAME

Step 6: Start the node

Note: As of now, only the root nodes work and only locally. I’m working on finishing the rest as soon as possible.

Pull the safenetwork-node image from podman.
It should immediately run the node once the build has been completed.

For all types of nodes

Because the safe network uses a genesis key, it’s required if you use multiple nodes to have a shared network folder, but even if you don’t, having a shared folder with the host is useful in case your container crashes, the data won’t be lost with it.

To share your local cli folder type the following

mkdir -p ~/.local/share/safe/cli/
podman unshare chown root:root -R ~/.local/share/safe/cli

For those who want to join an existing ipv4-only safe network

First pull the image.

sudo podman pull ghcr.io/safenetwork-community/rf-joinnode-ipv4:main

Then continue by running the node.

sudo podman run \
--name safe_node_1 \
--restart unless-stopped \
--publish 192.168.x.x:12000:12000/tcp \
--publish 192.168.x.x:12000:12000/udp \
--env LOC_IP=10.88.1.3 \
--env LOC_PORT=12000 \
--env PUB_IP=192.168.x.x \
--env PUB_PORT=12000 \
--env NETWORK_NAME="lan-ipv4" \
--mount type=bind,source=/home/youruser/.local/share/safe/cli/,destination=/root/.safe/cli/ \
--ip 10.88.1.3 \
-d ghcr.io/safenetwork-community/rf-joinnode-ipv4:main

For those who want to join an existing ipv6-only safe network

First pull the image.

sudo podman pull ghcr.io/safenetwork-community/rf-joinnode-ipv6:main

Then continue by running the node.

sudo podman run \
--name safe_node_1 \
--restart unless-stopped \
--publish [::1]:12000:12000/tcp \
--publish [::1]:12000:12000/udp \
--env NETWORK_NAME="lan-ipv6" \
--mount type=bind,source=/home/youruser/.local/share/safe/cli/,destination=/root/.safe/cli/ \
-d ghcr.io/safenetwork-community/rf-joinnode-ipv6:main

For those who want to start an ipv4-only safe network

First pull the image.

sudo podman pull ghcr.io/safenetwork-community/rf-rootnode-ipv4:main

Then continue by running the node.

sudo podman run \
--name root_node \
--restart unless-stopped \
--publish 192.168.x.x:12000:12000/tcp \
--publish 192.168.x.x:12000:12000/udp \
--env LOC_IP=10.88.1.3 \
--env LOC_PORT=12000 \
--env PUB_IP=192.168.x.x \
--env PUB_PORT=12000 \
--mount type=bind,source=/home/user/.local/share/safe/cli/,destination=/root/.safe/cli/ \
--ip 10.88.1.3 \
-d ghcr.io/safenetwork-community/rf-rootnode-ipv4:main

Check if your node is running

sudo podman ps -a

If the status says: Up x minutes ago well done!
You have a root node running.

Now add any name you like to your newly created network.

sudo podman exec root_node safe networks add your_network_name

This creates a config file that others can use to connect to your network.
In onder to view the key and address enter this command:

cat ~/.local/share/safe/cli/networks/your_network_name_node_connection_info.config

For those who want to start an ipv6-only safe network

First pull the image.

sudo podman pull ghcr.io/safenetwork-community/rf-rootnode-ipv6:main

Then continue by running the node.

sudo podman run \
--name root_node \
--restart unless-stopped \
--publish [::1]:12000:12000/tcp \
--publish [::1]:12000:12000/udp \
--mount type=bind,source=/home/youruser/.local/share/safe/cli/,destination=/root/.safe/cli/ \
-d ghcr.io/safenetwork-community/rf-rootnode-ipv6:main

Check if your node is running

sudo podman ps -a

If the status says: Up x minutes ago well done!
You have a root node running.

The last step is to add name to your network.

sudo podman exec root_node safe networks add your_network_name

For those who want to run multiple nodes on the same machine

Just increase the last port number.
So while your first node runs -p 12000:12000,
your second node should be running with -p 12001:12000.

Conclusion

Congratulations and welcome to the club!
You can also run the safe command line interface from the server side and take a look inside at your hard earned money from running your server farm.

sudo podman exec -it safe_node_1 safe

Happy safe networking!

Extra

What the ‘extra setup’ contains:

  • A text editor and terminal-based integrated development environment.
    • Lunarvim (+ vi + vim + neovim)
      • Fira ligatures
  • Programming language support that go with the IDE.
    • npm (node.js/javascript)
    • rustup (Rust)
  • A terminal based pastebin
    • Termbin

Install

sudo sh ~/safe/safe_network_dev_extra_setup.sh
n
y
n

Lunarvim

Lunarvim is a versatile text-based keyboard-only-oriented editor with a steep learning curve.

To start the program enter lvim or vim or vi in your terminal.

And the first thing you need to learn is that since it’s all keyboard oriented:
:q quits
:q! quits regardless of edits made.
:w saves
i is one of the editor modes.

Use case example

I have a bug in one of my python scripts debug_run.py at line 128,
so I type vim debug_run.py +128 and voila, I’m at that line.

Termbin

Note: This has been added in the podman safe images as well.

Useful for any error you encounter in the Manjaro Minimal OS.

Example:

sudo podman images && sudo podman ps -a | tb

Troubleshooting

In case your node unexpectedly quits first check the logs:

sudo podman logs safe_node_1

If needed, you can also enter the container like this:

sudo podman commit safe_node debug/safe_node_1
sudo podman run -it --rm --entrypoint=/bin/bash --name debug_node_1 debug/safe_node_1

And then run a pastebin debug command like this:

nodebin

Project plan

Safe network in a container project v1.0

Tailored manjaro OS installment to safe network project v1.0

Choices made

Linux over Windows/Apple

  1. Open source.
  2. The freedom that comes with it.

Manjaro OS over any other Linux OS

  1. It’s package manager.
    1.1 Being able to easily search which file belongs to which package can sometimes be extremely helpful.
    1.2 I already use Manjaro OS as my client computer and that’s due to pamac, the GUI package manager Arch Linux does not ship by default.
  2. Semi-rolling release for young applications.
    2.1 Lunarvim for example is very new and constantly needs the latest packages.

Manjaro OS over Parabola GNU/Linux-libre

  1. There is no parabola-arm-installer.
  2. Parabola GNU/Linux-libre shuts down everything that’s not open source. I’ve had bad experiences with that, so I’m hesitant to try again.

Vagrant & manjaro-arm-installer over BalenaEtcher.

  1. Why waste a perfectly good installer tailored for Manjaro OS and ARM64 machines?
  2. The one downside with a naked manjaro-arm-installer is with the devices option. I had already killed my harddisk once with this app, thus I already had the motive to create a safe wrapper around it.

Podman over Docker.

  1. Podman has built-in IPv6 support.

Rootfull over Rootless

  1. Rootless so far has been a pain.
    As soon as I figure out how safe nodes in rootless containers can be achieved, I will ditch the rootfull ones.
12 Likes
2

I couldn’t this post on the other thread anymore, so here it is again.

3 Likes