provisioning/taskservs/polkadot/node/default/install-polkadot-node.sh

#!/bin/bash
# Info: Script to install Polkadot Node (Full, Light, Archive)
# Author: Provisioning System
# Release: 1.0
# Date: 2025-07-24

USAGE="install-polkadot-node.sh"
[ "$1" == "-h" ] && echo "$USAGE" && exit 1

[ -r "env-polkadot-node" ] && . ./env-polkadot-node

POLKADOT_VERSION=${POLKADOT_VERSION:-latest}
POLKADOT_NODE_TYPE=${POLKADOT_NODE_TYPE:-full}
POLKADOT_CHAIN=${POLKADOT_CHAIN:-polkadot}

# Determine architecture
ARCH="$(uname -m)"
case $ARCH in
    x86_64) ARCH="x86_64" ;;
    aarch64) ARCH="aarch64" ;;
    *) echo "Unsupported architecture: $ARCH" && exit 1 ;;
esac

# Set download URL based on version
if [ "$POLKADOT_VERSION" = "latest" ]; then
    POLKADOT_URL="https://github.com/paritytech/polkadot/releases/latest/download"
    POLKADOT_BINARY="polkadot"
else
    POLKADOT_URL="https://github.com/paritytech/polkadot/releases/download/${POLKADOT_VERSION}"
    POLKADOT_BINARY="polkadot"
fi

POLKADOT_BIN_PATH=${POLKADOT_BIN_PATH:-/usr/local/bin/polkadot}
POLKADOT_SYSTEMCTL_MODE=${POLKADOT_SYSTEMCTL_MODE:-enabled}

POLKADOT_CONFIG_PATH=${POLKADOT_CONFIG_PATH:-/etc/polkadot}
POLKADOT_WORK_PATH=${POLKADOT_WORK_PATH:-/var/lib/polkadot}
POLKADOT_BASE_PATH=${POLKADOT_BASE_PATH:-/var/lib/polkadot/data}

POLKADOT_RUN_USER=${POLKADOT_RUN_USER:-polkadot}
POLKADOT_RUN_GROUP=${POLKADOT_RUN_GROUP:-polkadot}
POLKADOT_RUN_USER_HOME=${POLKADOT_RUN_USER_HOME:-/home/polkadot}

POLKADOT_NODE_NAME=${POLKADOT_NODE_NAME:-polkadot-node}
POLKADOT_ARCHIVE_MODE=${POLKADOT_ARCHIVE_MODE:-false}

echo "Installing Polkadot Node ${POLKADOT_VERSION} (${POLKADOT_NODE_TYPE})..."

# Install dependencies
echo "Installing dependencies..."
if command -v apt-get >/dev/null 2>&1; then
    apt-get update
    apt-get install -y curl ca-certificates jq nginx certbot python3-certbot-nginx
elif command -v yum >/dev/null 2>&1; then
    yum update -y
    yum install -y curl ca-certificates jq nginx certbot python3-certbot-nginx
elif command -v dnf >/dev/null 2>&1; then
    dnf update -y
    dnf install -y curl ca-certificates jq nginx certbot python3-certbot-nginx
else
    echo "Package manager not found. Please install dependencies manually."
    exit 1
fi

# Create user and group
if ! id "$POLKADOT_RUN_USER" &>/dev/null; then
    groupadd -r "$POLKADOT_RUN_GROUP"
    useradd -r -g "$POLKADOT_RUN_GROUP" -d "$POLKADOT_RUN_USER_HOME" -s /bin/bash -c "Polkadot service user" "$POLKADOT_RUN_USER"
fi

# Create directories
mkdir -p "$POLKADOT_CONFIG_PATH"
mkdir -p "$POLKADOT_WORK_PATH"
mkdir -p "$POLKADOT_BASE_PATH"
mkdir -p "$POLKADOT_RUN_USER_HOME"

# Download and install Polkadot binary
cd /tmp
echo "Downloading Polkadot binary from ${POLKADOT_URL}/${POLKADOT_BINARY}..."
curl -L -o polkadot "${POLKADOT_URL}/${POLKADOT_BINARY}"

if [ ! -f "polkadot" ]; then
    echo "Failed to download Polkadot binary"
    exit 1
fi

# Install binary
chmod +x polkadot
mv polkadot "$(dirname "$POLKADOT_BIN_PATH")/"

# Generate node key if not exists
if [ ! -f "$POLKADOT_CONFIG_PATH/node-key" ]; then
    echo "Generating node key..."
    "$POLKADOT_BIN_PATH" key generate-node-key --file "$POLKADOT_CONFIG_PATH/node-key"
fi

# Set ownership
chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_WORK_PATH"
chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_BASE_PATH"
chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_RUN_USER_HOME"
chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_CONFIG_PATH"

# Build node arguments based on configuration
NODE_ARGS="--chain $POLKADOT_CHAIN"
NODE_ARGS="$NODE_ARGS --name $POLKADOT_NODE_NAME"
NODE_ARGS="$NODE_ARGS --base-path $POLKADOT_BASE_PATH"

# Configure node type and pruning
case "$POLKADOT_NODE_TYPE" in
    "light")
        NODE_ARGS="$NODE_ARGS --light"
        ;;
    "full")
        if [ "$POLKADOT_ARCHIVE_MODE" = "true" ]; then
            NODE_ARGS="$NODE_ARGS --pruning archive"
        else
            # Use pruning settings
            if [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then
                NODE_ARGS="$NODE_ARGS --pruning ${POLKADOT_STATE_PRUNING:-256}"
                if [ -n "$POLKADOT_BLOCK_PRUNING" ]; then
                    NODE_ARGS="$NODE_ARGS --blocks-pruning $POLKADOT_BLOCK_PRUNING"
                fi
            fi
        fi
        ;;
    "validator")
        NODE_ARGS="$NODE_ARGS --validator"
        if [ "$POLKADOT_ARCHIVE_MODE" != "true" ] && [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then
            NODE_ARGS="$NODE_ARGS --pruning ${POLKADOT_STATE_PRUNING:-256}"
        fi
        ;;
esac

# Network configuration
NODE_ARGS="$NODE_ARGS --listen-addr ${POLKADOT_LISTEN_ADDR:-/ip4/0.0.0.0/tcp/30333}"

if [ -n "$POLKADOT_PUBLIC_ADDR" ]; then
    NODE_ARGS="$NODE_ARGS --public-addr $POLKADOT_PUBLIC_ADDR"
fi

if [ -n "$POLKADOT_BOOTNODES" ]; then
    IFS=',' read -ra BOOTNODES <<< "$POLKADOT_BOOTNODES"
    for bootnode in "${BOOTNODES[@]}"; do
        NODE_ARGS="$NODE_ARGS --bootnode $bootnode"
    done
fi

if [ -n "$POLKADOT_RESERVED_NODES" ]; then
    IFS=',' read -ra RESERVED <<< "$POLKADOT_RESERVED_NODES"
    for reserved in "${RESERVED[@]}"; do
        NODE_ARGS="$NODE_ARGS --reserved-node $reserved"
    done
fi

if [ "${POLKADOT_RESERVED_ONLY:-false}" = "true" ]; then
    NODE_ARGS="$NODE_ARGS --reserved-only"
fi

# RPC configuration
if [ "${POLKADOT_RPC_ENABLED:-true}" = "true" ]; then
    NODE_ARGS="$NODE_ARGS --rpc-bind-addr ${POLKADOT_RPC_BIND_ADDR:-127.0.0.1}"
    NODE_ARGS="$NODE_ARGS --rpc-port ${POLKADOT_RPC_PORT:-9944}"
    NODE_ARGS="$NODE_ARGS --rpc-cors ${POLKADOT_RPC_CORS:-all}"
    NODE_ARGS="$NODE_ARGS --rpc-methods ${POLKADOT_RPC_METHODS:-safe}"
    NODE_ARGS="$NODE_ARGS --rpc-max-connections ${POLKADOT_RPC_MAX_CONNECTIONS:-100}"
fi

# Performance settings
NODE_ARGS="$NODE_ARGS --execution ${POLKADOT_EXECUTION:-wasm}"
NODE_ARGS="$NODE_ARGS --wasm-execution ${POLKADOT_WASM_EXECUTION:-compiled}"
NODE_ARGS="$NODE_ARGS --state-cache-size ${POLKADOT_STATE_CACHE_SIZE:-67108864}"
NODE_ARGS="$NODE_ARGS --db-cache ${POLKADOT_DB_CACHE:-1024}"

# Telemetry
if [ "${POLKADOT_TELEMETRY_ENABLED:-true}" = "true" ]; then
    NODE_ARGS="$NODE_ARGS --telemetry-url '${POLKADOT_TELEMETRY_URL:-wss://telemetry.polkadot.io/submit/} ${POLKADOT_TELEMETRY_VERBOSITY:-0}'"
fi

# Sync mode
case "${POLKADOT_SYNC_MODE:-warp}" in
    "full")
        NODE_ARGS="$NODE_ARGS --sync full"
        ;;
    "fast")
        NODE_ARGS="$NODE_ARGS --sync fast"
        ;;
    "warp")
        NODE_ARGS="$NODE_ARGS --sync warp"
        ;;
esac

# Logging
NODE_ARGS="$NODE_ARGS --log ${POLKADOT_LOG_LEVEL:-info}"

# Create systemd service file
cat > /etc/systemd/system/polkadot-node.service << EOF
[Unit]
Description=Polkadot Node (${POLKADOT_NODE_TYPE})
Documentation=https://docs.polkadot.network/
After=network-online.target
Wants=network-online.target

[Service]
Type=simple
User=$POLKADOT_RUN_USER
Group=$POLKADOT_RUN_GROUP
Environment=RUST_LOG=${POLKADOT_LOG_LEVEL:-info}
WorkingDirectory=$POLKADOT_WORK_PATH
ExecStart=$POLKADOT_BIN_PATH $NODE_ARGS
Restart=always
RestartSec=10

# Security settings
NoNewPrivileges=true
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
ReadWritePaths=$POLKADOT_WORK_PATH $POLKADOT_BASE_PATH $POLKADOT_CONFIG_PATH
CapabilityBoundingSet=CAP_NET_BIND_SERVICE

# Resource limits
LimitNOFILE=65536

[Install]
WantedBy=multi-user.target
EOF

# Setup WSS proxy if enabled
if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then
    echo "Setting up secure WebSocket proxy..."
    
    # Create nginx configuration for WSS
    cat > /etc/nginx/sites-available/polkadot-wss << EOF
server {
    listen ${POLKADOT_WSS_PORT:-443} ssl http2;
    server_name ${POLKADOT_WSS_DOMAIN};

    # SSL configuration
    ssl_certificate ${POLKADOT_SSL_CERT_FILE};
    ssl_certificate_key ${POLKADOT_SSL_KEY_FILE};
    
    # SSL settings
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers off;

    # Rate limiting
    limit_req_zone \$binary_remote_addr zone=wss_limit:10m rate=${POLKADOT_WSS_RATE_LIMIT:-100}r/m;
    limit_req zone=wss_limit burst=20 nodelay;

    location / {
        proxy_pass http://127.0.0.1:${POLKADOT_RPC_PORT:-9944};
        proxy_http_version 1.1;
        proxy_set_header Upgrade \$http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host \$host;
        proxy_set_header X-Real-IP \$remote_addr;
        proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto \$scheme;
        
        # WebSocket specific
        proxy_read_timeout 86400;
        proxy_send_timeout 86400;
    }
}
EOF

    # Enable site
    ln -sf /etc/nginx/sites-available/polkadot-wss /etc/nginx/sites-enabled/
    
    # Test nginx configuration
    nginx -t && systemctl restart nginx
fi

# Enable and start service
systemctl daemon-reload
systemctl "$POLKADOT_SYSTEMCTL_MODE" polkadot-node.service

if [ "$POLKADOT_SYSTEMCTL_MODE" = "enabled" ]; then
    systemctl start polkadot-node.service
    
    # Wait a moment for service to start
    sleep 5
fi

echo "Polkadot Node installation completed!"
echo "Service: polkadot-node.service"
echo "Node type: $POLKADOT_NODE_TYPE"
echo "Chain: $POLKADOT_CHAIN"
echo "Archive mode: $POLKADOT_ARCHIVE_MODE"
echo "RPC endpoint: ws://${POLKADOT_RPC_BIND_ADDR:-127.0.0.1}:${POLKADOT_RPC_PORT:-9944}"

if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then
    echo "WSS endpoint: wss://${POLKADOT_WSS_DOMAIN}:${POLKADOT_WSS_PORT:-443}"
fi

echo "Configuration: $POLKADOT_CONFIG_PATH/"
echo "Data directory: $POLKADOT_BASE_PATH"
echo "Node key: $POLKADOT_CONFIG_PATH/node-key"

# Display service status
if systemctl is-active --quiet polkadot-node.service; then
    echo "✅ Polkadot node service is running"
else
    echo "⚠️  Polkadot node service status:"
    systemctl status polkadot-node.service --no-pager -l
fi

# Cleanup
cd /
rm -rf /tmp/polkadot
chore: add current provisioning state before migration 2025-09-22 22:11:41 +00:00			`#!/bin/bash`
			`# Info: Script to install Polkadot Node (Full, Light, Archive)`
			`# Author: Provisioning System`
			`# Release: 1.0`
			`# Date: 2025-07-24`

			`USAGE="install-polkadot-node.sh"`
			`[ "$1" == "-h" ] && echo "$USAGE" && exit 1`

			`[ -r "env-polkadot-node" ] && . ./env-polkadot-node`

			`POLKADOT_VERSION=${POLKADOT_VERSION:-latest}`
			`POLKADOT_NODE_TYPE=${POLKADOT_NODE_TYPE:-full}`
			`POLKADOT_CHAIN=${POLKADOT_CHAIN:-polkadot}`

			`# Determine architecture`
			`ARCH="$(uname -m)"`
			`case $ARCH in`
			`x86_64) ARCH="x86_64" ;;`
			`aarch64) ARCH="aarch64" ;;`
			`*) echo "Unsupported architecture: $ARCH" && exit 1 ;;`
			`esac`

			`# Set download URL based on version`
			`if [ "$POLKADOT_VERSION" = "latest" ]; then`
			`POLKADOT_URL="https://github.com/paritytech/polkadot/releases/latest/download"`
			`POLKADOT_BINARY="polkadot"`
			`else`
			`POLKADOT_URL="https://github.com/paritytech/polkadot/releases/download/${POLKADOT_VERSION}"`
			`POLKADOT_BINARY="polkadot"`
			`fi`

			`POLKADOT_BIN_PATH=${POLKADOT_BIN_PATH:-/usr/local/bin/polkadot}`
			`POLKADOT_SYSTEMCTL_MODE=${POLKADOT_SYSTEMCTL_MODE:-enabled}`

			`POLKADOT_CONFIG_PATH=${POLKADOT_CONFIG_PATH:-/etc/polkadot}`
			`POLKADOT_WORK_PATH=${POLKADOT_WORK_PATH:-/var/lib/polkadot}`
			`POLKADOT_BASE_PATH=${POLKADOT_BASE_PATH:-/var/lib/polkadot/data}`

			`POLKADOT_RUN_USER=${POLKADOT_RUN_USER:-polkadot}`
			`POLKADOT_RUN_GROUP=${POLKADOT_RUN_GROUP:-polkadot}`
			`POLKADOT_RUN_USER_HOME=${POLKADOT_RUN_USER_HOME:-/home/polkadot}`

			`POLKADOT_NODE_NAME=${POLKADOT_NODE_NAME:-polkadot-node}`
			`POLKADOT_ARCHIVE_MODE=${POLKADOT_ARCHIVE_MODE:-false}`

			`echo "Installing Polkadot Node ${POLKADOT_VERSION} (${POLKADOT_NODE_TYPE})..."`

			`# Install dependencies`
			`echo "Installing dependencies..."`
			`if command -v apt-get >/dev/null 2>&1; then`
			`apt-get update`
			`apt-get install -y curl ca-certificates jq nginx certbot python3-certbot-nginx`
			`elif command -v yum >/dev/null 2>&1; then`
			`yum update -y`
			`yum install -y curl ca-certificates jq nginx certbot python3-certbot-nginx`
			`elif command -v dnf >/dev/null 2>&1; then`
			`dnf update -y`
			`dnf install -y curl ca-certificates jq nginx certbot python3-certbot-nginx`
			`else`
			`echo "Package manager not found. Please install dependencies manually."`
			`exit 1`
			`fi`

			`# Create user and group`
			`if ! id "$POLKADOT_RUN_USER" &>/dev/null; then`
			`groupadd -r "$POLKADOT_RUN_GROUP"`
			`useradd -r -g "$POLKADOT_RUN_GROUP" -d "$POLKADOT_RUN_USER_HOME" -s /bin/bash -c "Polkadot service user" "$POLKADOT_RUN_USER"`
			`fi`

			`# Create directories`
			`mkdir -p "$POLKADOT_CONFIG_PATH"`
			`mkdir -p "$POLKADOT_WORK_PATH"`
			`mkdir -p "$POLKADOT_BASE_PATH"`
			`mkdir -p "$POLKADOT_RUN_USER_HOME"`

			`# Download and install Polkadot binary`
			`cd /tmp`
			`echo "Downloading Polkadot binary from ${POLKADOT_URL}/${POLKADOT_BINARY}..."`
			`curl -L -o polkadot "${POLKADOT_URL}/${POLKADOT_BINARY}"`

			`if [ ! -f "polkadot" ]; then`
			`echo "Failed to download Polkadot binary"`
			`exit 1`
			`fi`

			`# Install binary`
			`chmod +x polkadot`
			`mv polkadot "$(dirname "$POLKADOT_BIN_PATH")/"`

			`# Generate node key if not exists`
			`if [ ! -f "$POLKADOT_CONFIG_PATH/node-key" ]; then`
			`echo "Generating node key..."`
			`"$POLKADOT_BIN_PATH" key generate-node-key --file "$POLKADOT_CONFIG_PATH/node-key"`
			`fi`

			`# Set ownership`
			`chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_WORK_PATH"`
			`chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_BASE_PATH"`
			`chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_RUN_USER_HOME"`
			`chown -R "$POLKADOT_RUN_USER:$POLKADOT_RUN_GROUP" "$POLKADOT_CONFIG_PATH"`

			`# Build node arguments based on configuration`
			`NODE_ARGS="--chain $POLKADOT_CHAIN"`
			`NODE_ARGS="$NODE_ARGS --name $POLKADOT_NODE_NAME"`
			`NODE_ARGS="$NODE_ARGS --base-path $POLKADOT_BASE_PATH"`

			`# Configure node type and pruning`
			`case "$POLKADOT_NODE_TYPE" in`
			`"light")`
			`NODE_ARGS="$NODE_ARGS --light"`
			`;;`
			`"full")`
			`if [ "$POLKADOT_ARCHIVE_MODE" = "true" ]; then`
			`NODE_ARGS="$NODE_ARGS --pruning archive"`
			`else`
			`# Use pruning settings`
			`if [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then`
			`NODE_ARGS="$NODE_ARGS --pruning ${POLKADOT_STATE_PRUNING:-256}"`
			`if [ -n "$POLKADOT_BLOCK_PRUNING" ]; then`
			`NODE_ARGS="$NODE_ARGS --blocks-pruning $POLKADOT_BLOCK_PRUNING"`
			`fi`
			`fi`
			`fi`
			`;;`
			`"validator")`
			`NODE_ARGS="$NODE_ARGS --validator"`
			`if [ "$POLKADOT_ARCHIVE_MODE" != "true" ] && [ "${POLKADOT_PRUNING_ENABLED:-true}" = "true" ]; then`
			`NODE_ARGS="$NODE_ARGS --pruning ${POLKADOT_STATE_PRUNING:-256}"`
			`fi`
			`;;`
			`esac`

			`# Network configuration`
			`NODE_ARGS="$NODE_ARGS --listen-addr ${POLKADOT_LISTEN_ADDR:-/ip4/0.0.0.0/tcp/30333}"`

			`if [ -n "$POLKADOT_PUBLIC_ADDR" ]; then`
			`NODE_ARGS="$NODE_ARGS --public-addr $POLKADOT_PUBLIC_ADDR"`
			`fi`

			`if [ -n "$POLKADOT_BOOTNODES" ]; then`
			`IFS=',' read -ra BOOTNODES <<< "$POLKADOT_BOOTNODES"`
			`for bootnode in "${BOOTNODES[@]}"; do`
			`NODE_ARGS="$NODE_ARGS --bootnode $bootnode"`
			`done`
			`fi`

			`if [ -n "$POLKADOT_RESERVED_NODES" ]; then`
			`IFS=',' read -ra RESERVED <<< "$POLKADOT_RESERVED_NODES"`
			`for reserved in "${RESERVED[@]}"; do`
			`NODE_ARGS="$NODE_ARGS --reserved-node $reserved"`
			`done`
			`fi`

			`if [ "${POLKADOT_RESERVED_ONLY:-false}" = "true" ]; then`
			`NODE_ARGS="$NODE_ARGS --reserved-only"`
			`fi`

			`# RPC configuration`
			`if [ "${POLKADOT_RPC_ENABLED:-true}" = "true" ]; then`
			`NODE_ARGS="$NODE_ARGS --rpc-bind-addr ${POLKADOT_RPC_BIND_ADDR:-127.0.0.1}"`
			`NODE_ARGS="$NODE_ARGS --rpc-port ${POLKADOT_RPC_PORT:-9944}"`
			`NODE_ARGS="$NODE_ARGS --rpc-cors ${POLKADOT_RPC_CORS:-all}"`
			`NODE_ARGS="$NODE_ARGS --rpc-methods ${POLKADOT_RPC_METHODS:-safe}"`
			`NODE_ARGS="$NODE_ARGS --rpc-max-connections ${POLKADOT_RPC_MAX_CONNECTIONS:-100}"`
			`fi`

			`# Performance settings`
			`NODE_ARGS="$NODE_ARGS --execution ${POLKADOT_EXECUTION:-wasm}"`
			`NODE_ARGS="$NODE_ARGS --wasm-execution ${POLKADOT_WASM_EXECUTION:-compiled}"`
			`NODE_ARGS="$NODE_ARGS --state-cache-size ${POLKADOT_STATE_CACHE_SIZE:-67108864}"`
			`NODE_ARGS="$NODE_ARGS --db-cache ${POLKADOT_DB_CACHE:-1024}"`

			`# Telemetry`
			`if [ "${POLKADOT_TELEMETRY_ENABLED:-true}" = "true" ]; then`
			`NODE_ARGS="$NODE_ARGS --telemetry-url '${POLKADOT_TELEMETRY_URL:-wss://telemetry.polkadot.io/submit/} ${POLKADOT_TELEMETRY_VERBOSITY:-0}'"`
			`fi`

			`# Sync mode`
			`case "${POLKADOT_SYNC_MODE:-warp}" in`
			`"full")`
			`NODE_ARGS="$NODE_ARGS --sync full"`
			`;;`
			`"fast")`
			`NODE_ARGS="$NODE_ARGS --sync fast"`
			`;;`
			`"warp")`
			`NODE_ARGS="$NODE_ARGS --sync warp"`
			`;;`
			`esac`

			`# Logging`
			`NODE_ARGS="$NODE_ARGS --log ${POLKADOT_LOG_LEVEL:-info}"`

			`# Create systemd service file`
			`cat > /etc/systemd/system/polkadot-node.service << EOF`
			`[Unit]`
			`Description=Polkadot Node (${POLKADOT_NODE_TYPE})`
			`Documentation=https://docs.polkadot.network/`
			`After=network-online.target`
			`Wants=network-online.target`

			`[Service]`
			`Type=simple`
			`User=$POLKADOT_RUN_USER`
			`Group=$POLKADOT_RUN_GROUP`
			`Environment=RUST_LOG=${POLKADOT_LOG_LEVEL:-info}`
			`WorkingDirectory=$POLKADOT_WORK_PATH`
			`ExecStart=$POLKADOT_BIN_PATH $NODE_ARGS`
			`Restart=always`
			`RestartSec=10`

			`# Security settings`
			`NoNewPrivileges=true`
			`PrivateTmp=true`
			`ProtectSystem=strict`
			`ProtectHome=true`
			`ReadWritePaths=$POLKADOT_WORK_PATH $POLKADOT_BASE_PATH $POLKADOT_CONFIG_PATH`
			`CapabilityBoundingSet=CAP_NET_BIND_SERVICE`

			`# Resource limits`
			`LimitNOFILE=65536`

			`[Install]`
			`WantedBy=multi-user.target`
			`EOF`

			`# Setup WSS proxy if enabled`
			`if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then`
			`echo "Setting up secure WebSocket proxy..."`

			`# Create nginx configuration for WSS`
			`cat > /etc/nginx/sites-available/polkadot-wss << EOF`
			`server {`
			`listen ${POLKADOT_WSS_PORT:-443} ssl http2;`
			`server_name ${POLKADOT_WSS_DOMAIN};`

			`# SSL configuration`
			`ssl_certificate ${POLKADOT_SSL_CERT_FILE};`
			`ssl_certificate_key ${POLKADOT_SSL_KEY_FILE};`

			`# SSL settings`
			`ssl_protocols TLSv1.2 TLSv1.3;`
			`ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384;`
			`ssl_prefer_server_ciphers off;`

			`# Rate limiting`
			`limit_req_zone \$binary_remote_addr zone=wss_limit:10m rate=${POLKADOT_WSS_RATE_LIMIT:-100}r/m;`
			`limit_req zone=wss_limit burst=20 nodelay;`

			`location / {`
			`proxy_pass http://127.0.0.1:${POLKADOT_RPC_PORT:-9944};`
			`proxy_http_version 1.1;`
			`proxy_set_header Upgrade \$http_upgrade;`
			`proxy_set_header Connection "upgrade";`
			`proxy_set_header Host \$host;`
			`proxy_set_header X-Real-IP \$remote_addr;`
			`proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;`
			`proxy_set_header X-Forwarded-Proto \$scheme;`

			`# WebSocket specific`
			`proxy_read_timeout 86400;`
			`proxy_send_timeout 86400;`
			`}`
			`}`
			`EOF`

			`# Enable site`
			`ln -sf /etc/nginx/sites-available/polkadot-wss /etc/nginx/sites-enabled/`

			`# Test nginx configuration`
			`nginx -t && systemctl restart nginx`
			`fi`

			`# Enable and start service`
			`systemctl daemon-reload`
			`systemctl "$POLKADOT_SYSTEMCTL_MODE" polkadot-node.service`

			`if [ "$POLKADOT_SYSTEMCTL_MODE" = "enabled" ]; then`
			`systemctl start polkadot-node.service`

			`# Wait a moment for service to start`
			`sleep 5`
			`fi`

			`echo "Polkadot Node installation completed!"`
			`echo "Service: polkadot-node.service"`
			`echo "Node type: $POLKADOT_NODE_TYPE"`
			`echo "Chain: $POLKADOT_CHAIN"`
			`echo "Archive mode: $POLKADOT_ARCHIVE_MODE"`
			`echo "RPC endpoint: ws://${POLKADOT_RPC_BIND_ADDR:-127.0.0.1}:${POLKADOT_RPC_PORT:-9944}"`

			`if [ "${POLKADOT_WSS_ENABLED:-false}" = "true" ]; then`
			`echo "WSS endpoint: wss://${POLKADOT_WSS_DOMAIN}:${POLKADOT_WSS_PORT:-443}"`
			`fi`

			`echo "Configuration: $POLKADOT_CONFIG_PATH/"`
			`echo "Data directory: $POLKADOT_BASE_PATH"`
			`echo "Node key: $POLKADOT_CONFIG_PATH/node-key"`

			`# Display service status`
			`if systemctl is-active --quiet polkadot-node.service; then`
			`echo "✅ Polkadot node service is running"`
			`else`
			`echo "⚠️ Polkadot node service status:"`
			`systemctl status polkadot-node.service --no-pager -l`
			`fi`

			`# Cleanup`
			`cd /`
			`rm -rf /tmp/polkadot`