Money with Privacy: Run your own Monero node

Coming from Argentina, a country with a history of debasing the national currency I have long been interested in cryptocurrencies as potential way of hedging that.

Recently, cryptos have started to become somewhat mainstream.
And, even though I think most of the hype is pure speculation for price gains in fiat currency, this movement has the potential to make at least some people reflect on currencies in general.

There are multiple blockchain technologies out there, each with a use-case in mind. The currency use-case is a very specific one within the ecosystem. The most well-known crypto that tackles this particular use-case is Bitcoin; it also happens to be the one that started it all.

Bitcoin has the advantage of being the first mover in the space. And in a space with extremistan behavior this gave it a massive head-start.
Personally, I think Bitcoin has several limitations that hamper its capacity to be the blockchain to be used as currency. But the one I'm gonna focus here is privacy.

Bitcoin lacks fungibility. That is, no 2 bitcoins are the same. Each balance has a history that can be traced all the way back to the block that created that BTC. This makes it easy to taint and track BTCs. This to me is a critical flaw that can prove to be a fatal for its adoption or can become a huge liability to coin holders in the future.

If States and governments find their interests threatened by Bitcoin they can certainly apply enough pressure to prevent a wide adoption, even if they are not able to block the bitcoin network from operating.
Doing intelligence on top of bitcoin is extremely simple. This is a key point that many of the Bitcoin enthusiasts discount when discussing bitcoin. Imagine the police showing up at your place because you received BTC that had been tainted as being part of an illegal act.

One cryptocurrency that decided to tackle this issue is Monero. Its blockchain is designed to be opaque; transactions and balances are confidential and untraceable, making Monero fungible.
The details on how they are able to achieve this are quite complex and impressive. If you are interested in the nitty gritty details, head to the Monero library.

As with any permission-less cryptocurrency, it is better if you run your own node. This helps the network become more resilient, it also improves your own safety, privacy and accessibility to the network.
Once you have a node up and running, all your wallets (GUI, mobile, etc) should be configured to use that node.

Leveraging Docker for easy setup

I have written a simple docker container that makes it really straight forward to launch a full Monero node.

The container takes the official Ubuntu base and just downloads the corresponding Monero daemon binary. It also verifies that the hash matches with what's published by Monero.

I was not able to use alpine as the base image, because Monero is linked against glibc alpine's musl libc is not compatible.

In order to not run as root, a new user was created monero with UID and GID 1337. This is relevant because if bound directories are used to keep the persistent files, their ownership needs to be setup for this user.

The container's behavior is fairly simple, it will start a daemon with common basic arguments "--non-interactive" "--restricted-rpc" "--rpc-bind-ip=0.0.0.0" "--confirm-external-bind" "--enable-dns-blocklist" and uses the default location for the data /home/monero/.bitmonero/.

Of course, it is recommended to create a personalized configuration. There are several ways to pass that to the container. The easiest one is to mount an external file onto /home/monero/.bitmonero/bitmonero.conf and this will work independently of what is used as the backend for persisting the data (volume or mounted directory).

Streamlining Maintenance with Ansible

As discussed in my previous blogposts I use ansible to manage the services I run.

Following the same guidelines I created an ansible role that will create the appropriate directories with permissions and setup the docker container using the aforementioned image. Along with it comes a default configuration file with sane defaults.

This makes bootstrapping a node a really simple task - just adding the role to the host description:

- hosts: monero.example.com
  become: yes
  roles:
  ...
  - salessandri.monero
  

By default, the data directory to use is /var/monero but this can be changed through the monero__data_dir variable. Likewise a configuration file can be given through the monero__config_file.

Conclusion

I think Monero has the potential to get more attention if we see States start to push back on crypto-currencies, particularly by exploiting the privacy weakness of today's most popular cryptos.

Running a node is a way of guaranteeing the network continuity and increase your own safety and privacy when using it. My objective for writing the image and the role was to reduce the burden of setting up and maintaining a node up to date.

From now on I'll be keeping both, the docker image and the ansible role up to date whenever a new version of Monero is released. I also want to add ARM support to the docker image, allowing raspberry PIs to be used for the nodes.