# radicle notes
radicle.xyz

# Install build deps
apt install	\
	-t buster-backports	\
	apache2 \
	build-essential	\
	npm	\
	python3-certbot-apache \
	yarnpkg

# Add firewall rules:
# UDP
-A INPUT -p udp --dport 12345 -j ACCEPT
# Web Admin
-A INPUT -p tcp --dport  8080 -j ACCEPT
# Web proxy
-A INPUT -p tcp --dport    80 -j ACCEPT
-A INPUT -p tcp --dport   443 -j ACCEPT
# Dev server
-A INPUT -p tcp --dport  5000 -j ACCEPT

# Enable apache modules
a2enmod ssl rewrite proxy proxy_http
a2ensite default-ssl.conf
systemctl restart apache2

# Set up certbot:
certbot

# test it:
echo rad.forksand.com > /var/www/html/index.html

# https://rad.forksand.com

# Configure apache2 https proxy

$ cat /etc/apache2/sites-enabled/000-default-le-ssl.conf 
<IfModule mod_ssl.c>
<VirtualHost *:443>
	ServerAdmin webmaster@localhost
	DocumentRoot /var/www/html
	ErrorLog ${APACHE_LOG_DIR}/error.log
	CustomLog ${APACHE_LOG_DIR}/access.log combined
	ServerName rad.forksand.com
	SSLCertificateFile /etc/letsencrypt/live/rad.forksand.com/fullchain.pem
	SSLCertificateKeyFile /etc/letsencrypt/live/rad.forksand.com/privkey.pem
	Include /etc/letsencrypt/options-ssl-apache.conf

	RewriteEngine on
	RewriteCond %{SERVER_NAME} =rad.spacecruft.net [OR]
	RewriteCond %{SERVER_NAME} =rad.spacecruft.com
	RewriteRule ^ https://rad.forksand.com%{REQUEST_URI} [END,NE,R=permanent]

	ProxyPreserveHost On
	ProxyRequests off
	AllowEncodedSlashes NoDecode
	ProxyPass / http://localhost:8080/ nocanon
	ProxyPassReverse / http://localhost:8080/

</VirtualHost>
</IfModule>

EOF
# Install rustup
curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh

source $HOME/.cargo/env

# Install yarn
mkdir -p ~/bin/
cd ~/bin/
ln -s /usr/bin/yarnpkg yarn

which yarn

# Clone radicle
cd ~/devel/
git clone https://github.com/radicle-dev/radicle-bins.git
cd radicle-bins

# Build with yarn
cd seed/ui
yarn
yarn build

mkdir -p ~/.radicle-seed
chmod og-rwx ~/.radicle-seed

# add to ~/.bashrc
export PATH="$HOME/.radicale/bin:$PATH"

# Create key
cargo run -p radicle-keyutil -- --filename ~/.radicle-seed/secret.key


# Run the thing:
cat >>
#!/bin/bash

set -x

cd ~/devel/radicle-bins/

cargo run \
  --verbose \
  -p radicle-seed-node --release -- \
  --log debug \
  --root ~/.radicle-seed \
  --peer-listen 0.0.0.0:12345 \
  --http-listen 0.0.0.0:8080 \
  --name "Fork Sand seedling" \
  --public-addr "rad.forksand.com:12345" \
  --assets-path seed/ui/public \
  < ~/.radicle-seed/secret.key
EOF

# Dev mode
# To start a local dev server for preview, run: `yarn run dev`, then point your
# browser at: http://localhost:5000.
yarn run dev
# Dev tunnel
ssh -N -C -L 5000:localhost:5000 rad.forksand.com

# Peer to Peer
# p2p nodes example:
# hyy5s7ysg96fqa91gbe7h38yddh4mkokft7y4htt8szt9e17sxoe3h@seed.my.org:12345
# abc123@rad.forksand.com:12345