Host your own radicle seed node

Published: at 03:05 PM

The other day there was a massive GitHub outage. This made me realize how much we have come to depend on a single company to host not only our code, but our collaboration itself.

I have heard about radicle before, so I took this opportunity to delve more into what it is, and how it actually works.

Radicle is an open source, peer-to-peer code collaboration stack built on Git. Unlike centralized code hosting platforms, there is no single entity controlling the network. Repositories are replicated across peers in a decentralized manner, and users are in full control of their data and workflow.

I encourage you right now to read their introduction and then come back to continue, it’s a really interesting project.

Radicle depends on its users to seed the repositories, much like torrenting does. The community is still young, so I decided it would be great to support it on its early days to help it grow faster.

To seed is to give back. By seeding repositories on the Radicle network, you offer bandwidth, storage, and data availability to Radicle users.

If you are interested in supporting radicle like me, you can follow the following guide.

setting up a radicle seed node

I decided to use a cheap Hetzner machine. But you can use any existing server you have or any provider you prefer. Once you have your server ready, just ssh into it. You will need root access.

Note: You will need a domain name so that we can configure a DNS record to point to our node.

setup

We first need to create the user that will run the node. All data will be kept in their home directory.

# as root
groupadd --system seed
useradd --system --gid seed --create-home seed

You’ll need to install the CLI and the web UI from their downloads page. Get the ones for your architecture:

curl -O -L https://files.radicle.xyz/releases/latest/radicle-1.0.0-rc.14-x86_64-unknown-linux-musl.tar.xz
curl -O -L https://files.radicle.xyz/releases/latest/radicle-1.0.0-rc.14-x86_64-unknown-linux-musl.tar.xz.sig
curl -O -L https://files.radicle.xyz/releases/radicle-httpd/latest/radicle-httpd-0.15.0-x86_64-unknown-linux-musl.tar.xz
curl -O -L https://files.radicle.xyz/releases/radicle-httpd/latest/radicle-httpd-0.15.0-x86_64-unknown-linux-musl.tar.xz.sig

Then verify the signature of the downloads:

ssh-keygen -Y check-novalidate -n file -s radicle-1.0.0-rc.14-x86_64-unknown-linux-musl.tar.xz.sig < radicle-1.0.0-rc.14-x86_64-unknown-linux-musl.tar.xz
# Good "file" signature with ED25519 key SHA256:iTDjRHSIaoL8dpHbQ0mv+y0IQqPufGl2hQwk4TbXFlw

ssh-keygen -Y check-novalidate -n file -s radicle-httpd-0.15.0-x86_64-unknown-linux-musl.tar.xz.sig < radicle-httpd-0.15.0-x86_64-unknown-linux-musl.tar.xz
# Good "file" signature with ED25519 key SHA256:mqjWN1YrPRDTcVTxB4IZPHyH+vXpjWSogi+3zezZ/rQ

Finally just install the components, making sure to include the new binaries in your PATH:

# as root
tar -xvJf radicle-1.0.0-rc.14-x86_64-unknown-linux-musl.tar.xz --strip-components=1 -C /usr/local
tar -xvJf radicle-httpd-0.15.0-x86_64-unknown-linux-musl.tar.xz --strip-components=1 -C /usr/local

Now switch to the new user to continue, we will create a radicle profile:

# as root
su - seed

# as seed user
rad auth --alias < YOUR NODE DOMAIN HERE e.g. rad.seeder.example >
# just press enter on the passphrase prompt, it's not necesary for our server deployment

configuration

Next edit your node config.json in your seed home directory. We will configure our node to have a public policy and we will tell it which address to advertize the node as.

// /home/seed/.radicle/config.json
{
  // ...
  "node": {
    "alias": "<YOUR DOMAIN HERE>",
    // ...
    "externalAddresses": ["<YOUR DOMAIN HERE>:8776"], // <- update this
    // ...
    "seedingPolicy": {
      "default": "allow", // <- update this
      "scope": "all"
    }
  }
  // ...
}

To learn more about your node’s policy, checkout the seeder guide section on policies.

Lets run the node to make sure it works:

# as seed user
rad node start --foreground
# you should see lots of output telling us about connected peers, fetched resources, etc...
# press C-c to exit

Lets create a system service unit so that we can configure our node to start with the server. Radicle provides a minimal systemd service unit file here. We can download it and install it on our system:

# as root
curl -sS https://seed.radicle.xyz/raw/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/570a7eb141b6ba001713c46345d79b6fead1ca15/systemd/radicle-node.service -o /etc/systemd/system/radicle-node.service

If you followed the guide as is, you should not have to modify the service unit configuration. Otherwise adjust as needed. Finally just enable the service:

# as root
systemctl enable --now radicle-node

# make sure service is working correctly
systemctl status radicle-node

# as seed user
rad node status

Optionally you can disable login as the seed user which is recommended:

# as root
chsh -s /usr/sbin/nologin seed

Congrats! At this point your node will seed public repositories! If you followed with me until now, thank you for contributing!

web ui

If you want to be able to see your node in web frontends such as this, you can do the following:

# as root

# enable the http api
curl -sS https://seed.radicle.xyz/raw/rad:z3gqcJUoA1n9HaHKufZs5FCSGazv5/570a7eb141b6ba001713c46345d79b6fead1ca15/systemd/radicle-httpd.service -o /etc/systemd/system/radicle-httpd.service
systemctl enable --now radicle-httpd

# you will need https support to appear in the web frontend, caddy is easy to configure
apt-get install caddy
curl https://raw.githubusercontent.com/caddyserver/dist/master/init/caddy.service -o /etc/systemd/system/caddy.service

# edit /etc/caddy/Caddyfile
<YOUR DOMAIN HERE> {
    reverse_proxy 127.0.0.1:8080
}

systemctl enable --now caddy

At this point you should be able to visit https://app.radicle.xyz/nodes/<YOUR_DOMAIN_HERE> and check your node!

Notes: