-
Notifications
You must be signed in to change notification settings - Fork 4
Initial setup
The setup of NodeGuard in a production environment (which is the default environment for the official docker image of the project or when the environment variable is set as follows: ASPNETCORE_ENVIRONMENT=Production
) consists of two actions, (1) the superadmin creation and (2) the internal wallet setup.
You need at least 100K sats in LND's hot wallet to make channel openings, NodeGuard will try to sweep funds from this wallet every minute but only if a certain amount is superior to the environment variable "ANCHOR_CLOSINGS_MINIMUM_SATS" while maintaining this amount always in the hot wallet.
If there are no users in the database, everytime you log in the application you will be redirected to the setup superadmin view, as depicted below:
Once you are logged in, you will need to set up the wallet depending if ENABLE_REMOTE_SIGNER
environment variable is set or not. If you want to know more about what you should set up, read https://github.com/Elenpay/NodeGuard#trusted-coordinator-signing
If ENABLE_REMOTE_SIGNER
is not set, then after you create your first superadmin, you will see this page only once (bear in mind that the seedphrase/mnemonic is in plain text on the db if you want to retrieve it).
Though the seedphrase is unencrypted and stored on the db, you should store it safely for disaster recovery, the internal wallet is a cosigner of all the multisig wallets created through NodeGuard and therefore it is key for recovery funds in the case that a multisig wallet losts one of its keys.
If ENABLE_REMOTE_SIGNER
is set, then after you create your first superadmin, you will see this page only if the internal wallet of NodeGuard XPUB is not set, in this case, no seedphrase is stored for security reasons on the db.
The XPUB you will add here is expected to be generated in secure way outside of the scope of this application. This XPUB will allow for every multisig wallet created through NodeGuard to have this internal wallet as a one of the cosigners. The master fingerprint is also required to embed this information in all the PSBTs of the application required by NodeGuard remote signer.
TODO