{"id":24773196,"url":"https://github.com/nilscodes/cardano-spo-scripts","last_synced_at":"2025-04-09T19:22:50.873Z","repository":{"id":53517365,"uuid":"427226733","full_name":"nilscodes/cardano-spo-scripts","owner":"nilscodes","description":"A collection of shell scripts to make creating, maintaining and updating a Cardano Stakepool simpler","archived":false,"fork":false,"pushed_at":"2024-03-25T03:35:10.000Z","size":47,"stargazers_count":4,"open_issues_count":0,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-03-23T21:15:03.057Z","etag":null,"topics":["cardano","crypto","stakepool"],"latest_commit_sha":null,"homepage":"https://www.hazelpool.com","language":"Shell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/nilscodes.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null}},"created_at":"2021-11-12T04:01:30.000Z","updated_at":"2024-10-17T02:20:41.000Z","dependencies_parsed_at":"2024-01-15T20:02:06.596Z","dependency_job_id":"2ad9f058-ed9c-48f5-b6b0-759283e52b6d","html_url":"https://github.com/nilscodes/cardano-spo-scripts","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilscodes%2Fcardano-spo-scripts","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilscodes%2Fcardano-spo-scripts/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilscodes%2Fcardano-spo-scripts/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/nilscodes%2Fcardano-spo-scripts/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/nilscodes","download_url":"https://codeload.github.com/nilscodes/cardano-spo-scripts/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248095683,"owners_count":21046893,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cardano","crypto","stakepool"],"created_at":"2025-01-29T04:39:48.432Z","updated_at":"2025-04-09T19:22:50.846Z","avatar_url":"https://github.com/nilscodes.png","language":"Shell","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Cardano Scripts to Generate Keys, Signatures etc. to create a stake pool\n\nAssuming you have an existing address to pay your desposit cost and pledge fee with\nTTL is the time in slots to wait until considering this transaction failed if not processed\n\nIn this example we will use\n\nRelay Node IP: 1.1.1.1\nRelay Node Port: 3000\nCore Node IP: 2.2.2.2\nCore Node Port: 3001\n\nSteps:\n\n## User Steps\n./make-cardano-sudo-user.sh\n\n## Basic Harden Steps\n./harden-node.sh\n\n## Step 1: Harden your core server\n[See also: Harden Ubuntu](https://web.archive.org/web/20220407101050/https://www.lifewire.com/harden-ubuntu-server-security-4178243)\n[See also: Secure Ubuntu](https://gist.github.com/lokhman/cc716d2e2d373dd696b2d9264c0287a3)\n- SSL only via keys, not password\n- Change SSL default port from 22\n- Allow SSL only from your relay node(s)\n- Close all unneeded ports except SSL and the core node port 3001\n- Ensure chrony/NTPdate is active\n\n## Step 2: Harden your relay server\n[See also: Harden Ubuntu](https://web.archive.org/web/20220407101050/https://www.lifewire.com/harden-ubuntu-server-security-4178243)\n[See also: Secure Ubuntu](https://gist.github.com/lokhman/cc716d2e2d373dd696b2d9264c0287a3)\n- SSL only via keys, not password\n- Change SSL default port from 22\n- Allow SSL only from where absolutely needed\n- Close all unneeded ports except SSL and the relay node port 3000\n- Ensure chrony/NTPdate is active\n\n## Step 3: Build the cardano-cli and cardano\n`./build-node-code.sh CABAL_VERSION GHC_VERSION CARDANO_NODE_VERSION`\n\nLatest current versions are 3.6.2.0 for CABAL_VERSION, 8.10.7 for GHC_VERSION and 1.35.3 for CARDANO_NODE_VERSION\n\n## Step 4 \n`./set-net.sh mainnet|testnet [TESTNET_MAGIC_ID]`\n\nSet the net you want to run on (testnet or mainnet)\nWill also automatically download the respective configuration files, i.e. it will automatically run `./get-config.sh conf testnet|mainnet`\n\n## Step 4.5\n`./create-node-runner-binary.sh full|relay|core NETWORK_INTERFACE_NODE_IP NETWORK_INTERFACE_NODE_PORT`\n\nCreate the executable that will run your cardano node. Determine which node type (you will start with a full node first, so you can get the blockchain and perform the transactions required to register your stakepool, before you can create a relay or core node)\nMake sure to use the IP and port that your network interface has, which could be different (for example in AWS) from your public IP4 address.\n\n## Step 4.6\n`./create-node-runner-service.sh full|relay|core`\n\nCreate a systemd script for your node and install it. This will ensure your node will auto-restart if it crashes or if the server restarts. You can now run your node with\n\n`sudo systemctl start cardano-node`\n\nand get its status with\n\n`sudo systemctl status cardano-node`\n\ncurrent log files with\n\n`journalctl --unit=cardano-node --follow`\n\n## Step 5: Make a stake address and stake payment address (only on Airgapped Offline Machine!)\n`./offline-make-stake-and-payment-addresses.sh stake stake-payment`\n\n## Step 5.5: Set up payment address and keys\n- Create a payfrom.addr file containing the address you will pay from (WARNING: All funds in that address will be transferred and it can only have one transaction in it!)\n\n`./make-keys-and-address.sh payfrom`\n\nCopy addr/payfrom.addr to your online node\n\n## Step 5.7: Create stake registration certificate (only on Airgapped Offline Machine!)\n`./offline-create-stake-registration-cert.sh stake`\n\n## Step 6: Register the stake address with the cardano net (online machine)\n`./register-stake-address.sh TTL payfrom stake-payment stake`\n\nSign the transaction on the offline machine\n\n`./offline-register-stake-address-sign.sh `\n\nCopy the transaction back to your core node and submit it\n\n`./submit-transaction.sh`\n\n## Step 7: Verify stake funding is present\n`./query.sh stake-payment`\n\n## Generate Topology files for your nodes\n`./create-pool-topology-files.sh`\n\n## Replace topology files on both core and relay nodes\n\n## Restart Relay Node(s)\n`sudo systemctl restart cardano-node`\n\n## Restart Core Node\n`sudo systemctl restart cardano-node`\n\n## Create Metadata file (online machine)\n`./create-pool-metadata-file.sh POOLNAME POOLDESCRIPTION POOLTICKER POOLHOMEPAGE`\n\n## Upload Metadata file to a URL with less than 65 characters\n\n## Copy pool relay info\nCopy the topology and metadata folders to your airgapped offline machine\n\n## Create Stake Pool Keys (only on Airgapped Offline Machine!)\n`./offline-create-pool-keys.sh`\n\n## Generate Stake Pool Registration Certificate (only on Airgapped Offline Machine!)\n`./offline-generate-stake-pool-registration-certificate.sh METADATAURL`\n\n## Generate the stake pool registration transaction (on your online machine)\n`./build-stake-pool-registration-transaction.sh TTL`\n\n## Sign the stake pool registration transaction (only on Airgapped Offline Machine!)\n`./offline-build-stake-pool-registration-transaction.sh`\n\n## Transfer your Pledge and Deposit\nTransfer it using your wallet of choice to the address in addr/payfrom.addr\n\n## Submit Transaction for Stake Pool Registration and Deposit Payment\n`./submit-transaction.sh`\n\n---------------------------------------------------------------\n\n# Register pledge wallet to vote in Catalyst\n\nEnsure `bech32`, `catalyst-toolbox` and `cardano-signer` are in a subfolder called `catalyst` and executable on both your relay and offline machine (see also: https://forum.cardano.org/t/registering-several-wallets-accounts-to-the-same-catalyst-voting-key/120829)\n\nFrom the main scripts folder on your offline machine, run this and replace the pin with your desired voting pin, stake address name and stake payment address name\n\n`catalyst-offline-register-pledge-for-vote.sh PIN STAKEADDRESS STAKEPAYMENTADDRESS`\n\nAfter running this, retrieve the png file from the catalyst subfolder and store it in a safe place (this QR code image combined with your PIN lets you vote in Catalyst).\nCopy the catalyst/*.cbor file to your relay (also into the catalyst subfolder). Now run\n\n`query.sh STAKEPAYMENTADDRESS`\n\nFind a usable UTXO and index, then run the below and replace UTXO_IN with the UTXO from above in the format txHash#txIndex\n\n`catalyst-build-register-transaction.sh STAKEPAYMENTADDRESS UTXO_IN`\n\nNow you have a raw transaction to witness and sign on your offline machine. Copy `txtmp/tx.raw` to your offline machine and run to sign the transaction with the key that pays for the fees\n\n`catalyst-offline-sign-register-transaction STAKEPAYMENTADDRESS`\n\nCopy the resulting `txtmp/tx.signed` to your relay and run\n\n`submit-transaction.sh`\n\n---------------------------------------------------------------\n\n## Create rewards transfer transaction by running this command\n`./transfer-rewards-create-transaction.sh TTL TARGETADDRESS`\n\n## Copy txtmp/tx.raw to your offline machine\n\n## Sign the rewards transfer transaction by running this command\n`./transfer-rewards-sign-transaction.sh TARGETADDRESS`\n\n## Copy txtmp/tx.signed back into the txtmp folder of your online machine\n\n## Submit the transaction\n`./submit-transaction.sh`\n\n---------------------------------------------------------------\n\n## Rotate KES keys\nFirst, on the live block producer node run\n\n`./prepare-new-kes-key-files.sh`\n\nThen copy the KES files over to your offline machine and as instructed, run\n\n`./offline-regenerate-nodecert-for-kes-key KES_PERIOD`\n\nVerify counter # is correct as described here:\nhttps://ecp.gitbook.io/how-to-guides-for-coincashew-method-cardano-spos/maintenance-and-daily-operations/maintenance-and-daily-operations/adjust-node.counter-for-kes\n\nCopy the new node-op.cert file from the certs subfolder back onto your core node and run\n\n`sudo systemctl restart cardano-node` or (if security updates are required) `sudo reboot`\n\nUse the opportunity to reboot the relay(s) as well\n\n---------------------------------------------------------------\n\n## Update Pledge or metadata etc for your pool without paying the deposit again\nOn offline machine, make certs/pool-*.cert writable again\nRun\n\n`./offline-generate-stake-pool-registration-certificate METDATAURL`\n\nCopy the two certs/pool-*.cert files to your core node\nRun\n\n`./build-update-stake-pool-registration-transaction.sh TTL`\n\nCopy txtmp/tx.raw to your offline machine\nRun\n\n`./offline-build-stake-pool-registration-transaction.sh`\n\nCopy txtmp/tx.signed back to your core nore\nRun\n\n`./submit-transaction.sh`\n\n---------------------------------------------------------------\n\n## Update node version/binary\n\nBuild the cardano-cli and cardano with the new version\n\n`./update-node-code.sh GHC_VERSION CARDANO_NODE_VERSION`\n\nStop the service\n\n`sudo systemctl stop cardano-node`\n\nUpdate the binaries and back up the old ones\n\n`./update-node-binary.sh GHC_VERSION CARDANO_NODE_VERSION`\n\nStart the service again\n\n`sudo systemctl start cardano-node`\n\n\n## How to create a cardano-db-sync out of nowhere\nInstall Ubuntu 22.04\nDeploy these scripts into a script folder and make them executable\nCreate a cardano user and make him sudo via\n\n`./make-cardano-sudo-user.sh`\n\nLog in as the cardano user\n\nInstall docker-compose\n\n`sudo apt install apt-transport-https ca-certificates curl software-properties-common`\n\n`curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo apt-key add -`\n\n`sudo add-apt-repository \"deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable\"`\n\n`sudo apt-get install docker-ce docker-compose`\n\n`sudo systemctl enable docker`\n\n`sudo systemctl start docker`\n\n`sudo usermod -aG docker cardano`\n\n`sudo reboot`\n\nLog in as the cardano user again\nExecute\n\n`git clone https://github.com/IntersectMBO/cardano-db-sync.git`\n\n`cd cardano-db-sync`\n\n`git checkout tags/13.1.1.3`\n\nEdit the docker-compose.yml file and comment out the db-sync and postgres services and corresponding volumes and run `docker-compose up -d`\nRun `docker-compose stop` after 30 seconds\nCopy the backed up db directory of a fully synched node into the cardano-node-db volume location and set file permissions to match the existing file permissions. Make sure to delete the existing ledger files.\nRun `docker-compose start` and wait until the the cardano-node is fully synched\nUncomment the previously commented out services in the docker-compose.yml file\n\nRun this with the correct snapshot from https://update-cardano-mainnet.iohk.io/cardano-db-sync/index.html matching your cardano-db-sync version\n\n`RESTORE_SNAPSHOT=https://update-cardano-mainnet.iohk.io/cardano-db-sync/13/db-sync-snapshot-schema-13-block-7770734-x86_64.tgz NETWORK=mainnet docker-compose up -d`\n\nThen to see the progress, run \n\n`docker-compose logs -f`\n\n## Mithril Bootstrap\n\n### Preprod\n\nAdd to .bashrc\n\nexport MITHRIL_IMAGE_ID_PREPROD=main-25bb9a6\nexport AGGREGATOR_ENDPOINT_PREPROD=https://aggregator.release-preprod.api.mithril.network/aggregator\nexport GENESIS_VERIFICATION_KEY_PREPROD=5b3132372c37332c3132342c3136312c362c3133372c3133312c3231332c3230372c3131372c3139382c38352c3137362c3139392c3136322c3234312c36382c3132332c3131392c3134352c31332c3233322c3234332c34392c3232392c322c3234392c3230352c3230352c33392c3233352c34345d\n\nmithril_client_preprod () {\n  docker run --rm -e NETWORK=preprod -e GENESIS_VERIFICATION_KEY=$GENESIS_VERIFICATION_KEY_PREPROD -e AGGREGATOR_ENDPOINT=$AGGREGATOR_ENDPOINT_PREPROD --name='mithril-client' -v $(pwd):/app/data -u $(id -u) ghcr.io/input-output-hk/mithril-client:$MITHRIL_IMAGE_ID_PREPROD $@\n}\n\nRun source .bashrc\n\nRun `mithril_client_preprod snapshot list``\nFind latest snapshot\nRun `mithril_client_preprod snapshot download $DIGEST_ID`\nCopy db folder into docker-compose db mounted folder for node you are planning to run\nstart node","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnilscodes%2Fcardano-spo-scripts","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fnilscodes%2Fcardano-spo-scripts","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fnilscodes%2Fcardano-spo-scripts/lists"}