Skip to content

Initial setup

José A.P edited this page Jan 13, 2023 · 4 revisions

Initial Setup

The setup of NodeGuard in a production environment (which is the default environment for the official docker image of the project or when the environment variable is set as follows: ASPNETCORE_ENVIRONMENT=Production) consists of two actions, (1) the superadmin creation and (2) the internal wallet setup.

LND Requirements

You need at least 100K sats in LND's hot wallet to make channel openings, NodeGuard will try to sweep funds from this wallet every minute but only if a certain amount is superior to the environment variable "ANCHOR_CLOSINGS_MINIMUM_SATS" while maintaining this amount always in the hot wallet.

Superadmin account creation

If there are no users in the database, everytime you log in the application you will be redirected to the setup superadmin view, as depicted below:

image

Internal wallet setup

Once you are logged in, you will need to set up the wallet depending if ENABLE_REMOTE_SIGNER environment variable is set or not. If you want to know more about what you should set up, read https://github.com/Elenpay/NodeGuard#trusted-coordinator-signing

Embedded signer

If ENABLE_REMOTE_SIGNER is not set, then after you create your first superadmin, you will see this page only once (bear in mind that the seedphrase/mnemonic is in plain text on the db if you want to retrieve it).

image

Though the seedphrase is unencrypted and stored on the db, you should store it safely for disaster recovery, the internal wallet is a cosigner of all the multisig wallets created through NodeGuard and therefore it is key for recovery funds in the case that a multisig wallet losts one of its keys.

Remote signer

If ENABLE_REMOTE_SIGNER is set, then after you create your first superadmin, you will see this page only if the internal wallet of NodeGuard XPUB is not set, in this case, no seedphrase is stored for security reasons on the db.

image

The XPUB you will add here is expected to be generated in secure way outside of the scope of this application. This XPUB will allow for every multisig wallet created through NodeGuard to have this internal wallet as a one of the cosigners. The master fingerprint is also required to embed this information in all the PSBTs of the application required by NodeGuard remote signer.

Renewing internal wallet in case of a security breach

TODO

Clone this wiki locally