pivotonly

#/bin/bash

# Constants and configurable variables
NODE_VERSION=20.17.0

# This ensures the entire script is downloaded
{
set -e  # exit immediately if a command exits with a non-zero status

usage() {
    cat 1>&2 <<EOF
Custom Install Script
Creates a new user 'solv', adds the user to the sudo group, logs in as 'solv',
installs pnpm, node $NODE_VERSION, and sets it as the global version.
Additionally, installs the @gabrielhicks/solv package globally.

USAGE:
    custom-install-script.sh [FLAGS]

FLAGS:
    -h, --help              Prints help information
EOF
}

create_user() {
    if getent passwd solv >/dev/null 2>&1; then
        echo "User 'solv' already exists, skipping..."
    else
        echo "Creating user 'solv'..."
        sudo adduser solv
        sudo usermod -aG sudo solv
        echo "solv ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/solv
    fi
}

install_docker() {
    echo "Installing Docker..."
    sudo apt update
    sudo apt install apt-transport-https ca-certificates curl software-properties-common -y
    curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /usr/share/keyrings/docker-archive-keyring.gpg
    echo "deb [arch=amd64 signed-by=/usr/share/keyrings/docker-archive-keyring.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
    sudo apt update
    sudo apt install docker-ce -y
    sudo systemctl enable docker
    sudo systemctl start docker
    sudo usermod -aG docker solv
}


setup_firewall() {
    echo "Configuring firewall"
    echo "yes" | sudo ufw enable
    sudo ufw allow ssh
    sudo ufw allow 53
    sudo ufw allow 8899/udp
    sudo ufw allow 8899/tcp
    sudo ufw allow 8000:8898/udp
    sudo ufw allow 8000:8898/tcp
    sudo ufw allow 8900:9999/tcp
    sudo ufw allow 8900:9999/udp
    sudo ufw allow 10000/udp
    sudo ufw allow 10000/tcp
    sudo ufw reload
}

setup_lib() {
    echo "Installing Packages..."
    sudo apt install fail2ban -y
    sudo apt-get install libsasl2-dev build-essential -y
    sudo apt-get install -y libssl-dev libudev-dev pkg-config zlib1g-dev llvm clang cmake make libprotobuf-dev protobuf-compiler
}

install_rustup() {
    sudo su - solv <<EOF_SOLV
        echo "Installing rustup..."
        curl https://sh.rustup.rs -sSf | sh -s -- -y
        echo 'export PATH="\$HOME/.cargo/env:\$PATH"' >> ~/.profile
        source ~/.cargo/env
        rustup component add rustfmt
        rustup update
EOF_SOLV
}

install_pnpm_and_packages() {
    sudo su - solv <<EOF_SOLV
        echo "Installing pnpm..."
        curl -fsSL https://get.pnpm.io/install.sh | sh -

        echo "Setting pnpm environment variables..."
        PNPM_HOME="/home/solv/.local/share/pnpm"
        export PNPM_HOME
        PATH="\$PNPM_HOME:\$PATH"
        export PATH
        echo 'export PNPM_HOME="\$HOME/.local/share/pnpm"' >> ~/.profile
        echo 'export PATH="\$PNPM_HOME:\$PATH"' >> ~/.profile
        echo 'export PATH="/home/solv/.local/share/solana/install/active_release/bin:\$PATH"' >> ~/.profile

        echo "Sourcing ~/.bashrc in case it's needed..."
        if [ -f ~/.bashrc ]; then source ~/.bashrc; fi

        echo "Installing node $NODE_VERSION..."
        pnpm env use $NODE_VERSION --global

        echo "Installing @gabrielhicks/solv..."
        pnpm add -g @gabrielhicks/solv

        echo "Sourcing ~/.profile in case it's needed..."
        if [ -f ~/.profile ]; then source ~/.profile; fi

        # Use the full path to solv if it's not found
        /home/solv/.local/share/pnpm/solv i
        /home/solv/.local/share/pnpm/solv get aa
EOF_SOLV
}

setup_pivot_secrets() {
    sudo su - <<EOF_SOLV
        echo "Creating secrets..."
        cp -R /root/.secrets/* /home/solv
        mkdir -p /home/solv/.secrets
        cp /home/solv/validator-keypair.json /home/solv/mainnet-validator-keypair.json
        cp /home/solv/vote-account-keypair.json /home/solv/mainnet-vote-account-keypair.json
        rm /home/solv/validator-keypair.json
        mv /home/solv/vote-account-keypair.json /home/solv/.secrets/
        rm /home/solana/.secrets/validator-keypair.json
        ln -s /home/solv/identity.json /home/solana/.secrets/validator-keypair.json
EOF_SOLV
}

setup_pivot_files() {
    sudo su - solv <<EOF_SOLV
        echo "Creating solv config file..."
        touch solv4.config.json
        echo '{
    "NETWORK": "mainnet-beta",
    "NODE_TYPE": "validator",
    "VALIDATOR_TYPE": "jito",
    "RPC_TYPE": "none",
    "MNT_DISK_TYPE": "triple",
    "TESTNET_SOLANA_VERSION": "2.1.6",
    "MAINNET_SOLANA_VERSION": "2.0.18",
    "NODE_VERSION": "20.17.0",
    "TESTNET_DELINQUENT_STAKE": 5,
    "MAINNET_DELINQUENT_STAKE": 5,
    "COMMISSION": 0,
    "DEFAULT_VALIDATOR_VOTE_ACCOUNT_PUBKEY": "ELLB9W7ZCwRCV3FzWcCWoyKP6NjZJKArLyGtkqefnHcG",
    "STAKE_ACCOUNTS": [],
    "HARVEST_ACCOUNT": "",
    "IS_MEV_MODE": false,
    "RPC_URL": "https://api.mainnet-beta.solana.com",
    "KEYPAIR_PATH": "",
    "DISCORD_WEBHOOK_URL": "",
    "AUTO_UPDATE": false,
    "AUTO_RESTART": false,
    "IS_DUMMY": false,
    "API_KEY": "",
    "LEDGER_PATH": "/mnt/ledger",
    "ACCOUNTS_PATH": "/mnt/accounts",
    "SNAPSHOTS_PATH": "/mnt/snapshots"
}' > solv4.config.json

    echo "Setting up jito environment variables..."
    touch jito.config.json
echo '{
"version": "2.0.21",
"tag": "v2.0.21-mod",
"commissionBps": 1000,
"relayerUrl": "http://ny.mainnet.relayer.jito.wtf:8100",
"blockEngineUrl": "https://ny.mainnet.block-engine.jito.wtf",
"shredReceiverAddr": "141.98.216.96:1002"
}' > jito.config.json

        echo "Creating startup script..."
        touch start-validator.sh
echo '#!/bin/bash
exec agave-validator \
--identity /home/solv/identity.json \
--vote-account /home/solv/mainnet-vote-account-keypair.json \
--authorized-voter  /home/solv/mainnet-validator-keypair.json \
--log /home/solv/solana-validator.log \
--accounts /mnt/accounts \
--ledger /mnt/ledger \
--snapshots /mnt/snapshots \
--entrypoint entrypoint.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint2.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint3.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint4.mainnet-beta.solana.com:8001 \
--entrypoint entrypoint5.mainnet-beta.solana.com:8001 \
--known-validator Certusm1sa411sMpV9FPqU5dXAYhmmhygvxJ23S6hJ24 \
--known-validator 7Np41oeYqPefeNQEHSv1UDhYrehxin3NStELsSKCT4K2 \
--known-validator GdnSyH3YtwcxFvQrVVJMm1JhTS4QVX7MFsX56uJLUfiZ \
--known-validator CakcnaRDHka2gXyfbEd2d3xsvkJkqsLw2akB3zsN1D2S \
--expected-genesis-hash 5eykt4UsFv8P8NJdTREpY1vzqKqZKvdpKuc147dw2N9d \
--tip-payment-program-pubkey T1pyyaTNZsKv2WcRAB8oVnk93mLJw2XzjtVYqCsaHqt \
--tip-distribution-program-pubkey 4R3gSG8BpU4t19KYj8CfnbtRpnT8gtk4dvTHxVRwc2r7 \
--merkle-root-upload-authority GZctHpWXmsZC1YHACTGGcHhYxjdRqQvTpYkb9LMvxDib \
--commission-bps 1000 \
--rpc-bind-address 127.0.0.1 \
--block-engine-url https://ny.mainnet.block-engine.jito.wtf \
--shred-receiver-address 141.98.216.96:1002 \
--dynamic-port-range 8000-8020 \
--rpc-port 8899 \
--wal-recovery-mode skip_any_corrupted_record \
--limit-ledger-size \
--block-production-method central-scheduler \
--block-verification-method unified-scheduler \
--snapshot-interval-slots 0 \
--private-rpc \' > start-validator.sh
EOF_SOLV
}

setup_pivot_permissions() {
    sudo su - solv <<EOF_SOLV
        echo "Adding users to groups..."
        usermod -aG sudo solana
        echo "solana ALL=(ALL) NOPASSWD: ALL" | sudo tee /etc/sudoers.d/solana
        sudo usermod -aG users solv
        sudo usermod -aG solv solana
        sudo chown solv:users -R /home/solv
        sudo chmod -R 775 /home/solana
        sudo chmod -R 775 /home/solv
        sudo chmod -R 775 /mnt/*
        sudo chown solana:users -R /mnt/*
EOF_SOLV
}

main() {
    for arg in "$@"; do
      case "$arg" in
        -h|--help)
          usage
          exit 0
          ;;
        *)
          ;;
      esac
    done

    setup_pivot_secrets
    setup_pivot_files
    setup_pivot_permissions
}

main "$@"

} # this ensures the entire script is downloaded