7a17ffd12e
Open-source 2-of-3 policy-enforced threshold HSM: auto-signs cold→hot treasury refills under on-device Coldcard policy, no human in the loop. Includes the full operator manual + quick-start, the reference coordinator/signing code, and a signer-host bootstrap. No keys, seeds, or secrets — placeholders only. Live signet demo: https://multisighsm.mineracks.com Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
33 lines
1.1 KiB
Bash
33 lines
1.1 KiB
Bash
#!/usr/bin/env bash
|
|
exec > /tmp/cfd_setup.log 2>&1
|
|
set -x
|
|
export DEBIAN_FRONTEND=noninteractive
|
|
if ! command -v cloudflared >/dev/null; then
|
|
curl -fsSL https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64.deb -o /tmp/cfd.deb
|
|
sudo dpkg -i /tmp/cfd.deb || sudo apt-get install -f -y
|
|
fi
|
|
cloudflared --version
|
|
sudo mkdir -p /etc/cloudflared
|
|
sudo cp /tmp/ms_tunnel_token.env /etc/cloudflared/token.env
|
|
sudo chmod 600 /etc/cloudflared/token.env; sudo chown root:root /etc/cloudflared/token.env
|
|
rm -f /tmp/ms_tunnel_token.env
|
|
sudo tee /etc/systemd/system/cloudflared-multisighsm.service >/dev/null <<'UNIT'
|
|
[Unit]
|
|
Description=cloudflared tunnel multisighsm
|
|
After=network-online.target
|
|
Wants=network-online.target
|
|
[Service]
|
|
EnvironmentFile=/etc/cloudflared/token.env
|
|
ExecStart=/usr/bin/cloudflared tunnel --no-autoupdate run
|
|
Restart=always
|
|
RestartSec=5
|
|
User=root
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
UNIT
|
|
sudo systemctl daemon-reload
|
|
sudo systemctl enable --now cloudflared-multisighsm
|
|
sleep 6
|
|
echo "active=$(sudo systemctl is-active cloudflared-multisighsm)"
|
|
echo CFD_SETUP_DONE
|