diff --git a/bal-server.env b/bal-server.env index 6ac7cf0..c61bc70 100644 --- a/bal-server.env +++ b/bal-server.env @@ -1,11 +1,13 @@ RUST_LOG=info -BAL_SERVER_DB_FILE=/path/to/bal.db +BAL_SERVER_DB_FILE=/home/bal/bal.db BAL_SERVER_BIND_ADDRESS=127.0.0.1 -BAL_SERVER_BITCOIN_ADDRESS=your mainnet address -BAL_SERVER_BITCOIN_FEE=100000 -BAL_SERVER_REGTEST_ADDRESS= -BAL_SERVER_REGTEST_FEE=100000 -BAL_SERVER_TESTNET_ADDRESS= -BAL_SERVER_TESTNET_FEE=100000 -BAL_SERVER_SIGNET_ADDRESS= -BAL_SERVER_SIGNET_FEE=100000 +BAL_SERVER_BIND_PORT=9137 +BAL_SERVER_BITCOIN_ADDRESS="your bitcoin to recive payments here" +BAL_SERVER_BITCOIN_FIXED_FEE=50000 + +#BAL_SERVER_REGTEST_ADDRESS= +#BAL_SERVER_REGTEST_FEE=100000 +#BAL_SERVER_TESTNET_ADDRESS= +#BAL_SERVER_TESTNET_FEE=100000 +#BAL_SERVER_SIGNET_ADDRESS= +#BAL_SERVER_SIGNET_FEE=100000 diff --git a/bal-server.service b/bal-server.service index baff88b..1c20c34 100644 --- a/bal-server.service +++ b/bal-server.service @@ -4,34 +4,46 @@ After=network.target [Service] -EnvironmentFile=/etc/bal/bal-server.env +# Service execution +################### +EnvironmentFile=/home/bal/bal-server.env ExecStart=/usr/local/bin/bal-server -StandardOutput=syslog -StandardError=syslog SyslogIdentifier=bal-server +# Process management +#################### Type=simple PIDFile=/run/bal-server/bal-server.pid Restart=always TimeoutSec=300 RestartSec=30 +# Directory creation and permissions +#################################### User=bal UMask=0027 +# /run/bal-server RuntimeDirectory=bal-server RuntimeDirectoryMode=0710 -PrivateTmp=true +# Hardening measures +#################### +# Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full +# Disallow the process and all of its children to gain +# new privileges through execve(). NoNewPrivileges=true +# Use a new /dev namespace only populated with API pseudo devices +# such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true +# Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true [Install] diff --git a/src/main.rs b/src/main.rs index 25cc4ae..875b660 100644 --- a/src/main.rs +++ b/src/main.rs @@ -316,7 +316,7 @@ async fn echo_push(whole_body: &Bytes, } fn create_database(db: Connection){ info!("database sanity check"); - let _ = db.execute("CREATE TABLE IF NOT EXISTS tbl_tx (txid PRIMARY KEY, wtxid, ntxid, tx, locktime integer, network, network_fees, reqid, our_fees, our_address, status integer DEFAULT 0);"); + let _ = db.execute("CREATE TABLE IF NOT EXISTS tbl_tx (txid PRIMARY KEY, date_creation TIMESTAMP DEFAULT CURRENT_TIMESTAMP, date_update TIMESTAMP DEFAULT CURRENT_TIMESTAMP, wtxid, ntxid, tx, locktime integer, network, network_fees, reqid, our_fees, our_address, status integer DEFAULT 0);"); let _ = db.execute("ALTER TABLE tbl_tx ADD COLUMN push_err TEXT"); let _ = db.execute("CREATE TABLE IF NOT EXISTS tbl_input (txid, in_txid,in_vout, spend_txidi);"); let _ = db.execute("CREATE TABLE IF NOT EXISTS tbl_output (txid, script_pubkey, address, amount);");