Web3 gave you decentralized ownership. Web4 gives you decentralized infrastructure. This guide is what happens when you run them together — blockchain databases, censorship-resistant storage, and peer-to-peer payments on a mesh network that no one can shut down.
In late 2021, a group of builders launched a DAO called Node Star. The goal was simple: use blockchain architecture to decentralize ownership of communication infrastructure. Then 2022 happened. The markets collapsed. The speculative energy evaporated. Most of us who had poured ourselves into Web3 found ourselves staring at the wreckage wondering what, if anything, had been real.
What was real, it turned out, was the question underneath. Not the tokens, not the governance mechanisms, not the smart contracts. The question: what if the internet could belong to everyone?
That question didn't die. It just needed a different answer — and a different starting point. Web4 is the physical infrastructure layer: LoRa radios, mesh networks, cryptographic routing. But the vision of Web3 — decentralized ownership, trustless payments, censorship-resistant data — was never wrong. It was just disconnected from physical reality. Running a decentralized application on a server farm in Virginia is not decentralization. Running it on a mesh network your community owns is a different thing entirely.
This guide is about connecting those two ideas. It's not a beginner's guide to blockchain. It's not a beginner's guide to mesh networking. It assumes you've read the earlier Node Star guides — you understand LoRa, Meshtastic, and Reticulum. Now we're going to talk about what happens when you layer blockchain-based databases, decentralized storage, and peer-to-peer payments on top of that physical infrastructure.
The result is what we call the Sovereign Stack: a complete, community-owned system for communication, data, and value exchange that requires no corporation, no ISP, no bank, and no government permission to operate.
This guide builds on the earlier Node Star field guides. You should be comfortable with Meshtastic node setup, basic Reticulum concepts, and have at least one working LoRa node before diving into this material. If you're starting from zero, begin with Own the Internet and work through the Reticulum guides first.
This guide focuses on practical integration: what software to run, how to configure it, and how to make Web3 protocols actually function in an offline-first, mesh-native environment. It does not cover tokenomics, investment advice, or which blockchain "will win." Those questions are outside scope and, frankly, outside the point.
The protocols we'll work with were chosen for one reason: they work when the internet is down, or can be made to work with modest engineering effort. Several well-known blockchain projects — Ethereum mainnet, most NFT infrastructure, centralized exchange rails — are not covered here because they require persistent internet connectivity to function. They belong to Web3. What follows belongs to the Sovereign Stack.
The Sovereign Stack has four layers. Each one is independent — you can run any layer without the others — but they're designed to compose. Build the physical layer first. Layer the data protocols on top. Add payments. Add identity. By the time you've assembled all four, you have something that has never quite existed before: a complete community-owned infrastructure stack that handles communication, storage, money, and identity without a single trusted third party.
The internet you grew up with is location-addressed. When you request example.com/file.pdf, you're asking a specific server at a specific address for a file. If that server goes offline, the file is gone. If the server lies to you and returns a different file, you'd have no way to know.
The Sovereign Stack uses content addressing instead. A file's address is derived from its contents — specifically, a cryptographic hash of those contents. The address of a file is literally the fingerprint of the file. This means:
An IPFS hash like QmXoypizjW3WknFiJnKLwHCnL72vedxjQkDDP1mXWo6uco is not an address on a server. It's a description of the data itself. Any node that has a copy of that data can serve it to you — including a node on your local mesh network. The file is verified automatically: if someone hands you corrupt data, the hash won't match and you'll know immediately.
This is the architectural key that makes the Sovereign Stack possible. Blockchain ledgers are content-addressed. IPFS files are content-addressed. Bitcoin transactions are verified by content, not by trusting a bank. The whole stack is built on the same underlying idea: cryptographic proof instead of institutional trust.
Throughout this guide, you'll see a gateway node acting as the hub for all higher-layer services. In practice this is a Raspberry Pi 4 or 5 with a LoRa hat (or USB RNode), running Reticulum, IPFS, and optionally a Lightning node. It bridges your mesh to internet services when connectivity is available, and keeps running local services when it isn't. One gateway node can serve an entire neighborhood mesh.
The most immediately practical piece of the Sovereign Stack is decentralized storage. This doesn't require internet connectivity, doesn't require tokens, and doesn't require any special hardware beyond a gateway node. It gives your mesh community the ability to host files, documentation, maps, and application data in a way that's resilient to any single node going down.
IPFS (InterPlanetary File System) is a peer-to-peer protocol for storing and sharing data in a distributed file system. When you add a file to IPFS, it gets chunked, hashed, and distributed. Anyone who has pinned that file can serve it to anyone else who requests it by hash. The requesting party verifies the data automatically.
On a mesh network, IPFS operates as a local cluster: your gateway node and any other nodes running IPFS daemons form a private swarm. Files added to the swarm are available to all nodes on the mesh — even without internet. When internet connectivity is restored at a gateway, the local swarm can optionally sync with the global IPFS network.
# Find the current stable ARM64 release at dist.ipfs.tech, then download.
# Replace VERSION below with the latest tag shown on that page (e.g. v0.33.0).
$ VERSION=v0.33.0 # ← update this before running
$ wget https://dist.ipfs.tech/kubo/${VERSION}/kubo_${VERSION}_linux-arm64.tar.gz
$ tar -xvzf kubo_${VERSION}_linux-arm64.tar.gz
$ cd kubo && sudo bash install.sh
# Initialize your IPFS node
$ ipfs init --profile server
# Configure for local mesh use — limit DHT to client-only (no global routing)
# Note: Routing config keys have evolved across Kubo versions.
# In v0.35+ the preferred approach is to set Routing.Type via the config file.
$ ipfs config --json Routing '{"Type":"dhtclient"}'
$ ipfs config --json Swarm.DisableNatPortMap true
# Start the daemon
$ ipfs daemon --enable-gc
BASHKubo versions are updated frequently and the download URL includes the version number, so hardcoded links go stale quickly. Before installing, visit dist.ipfs.tech and note the latest stable release tag for linux-arm64. The IPFS project has made significant config changes across major versions — particularly around Routing, Swarm, and Pubsub keys. Always verify you're on a current stable release before deploying.
By default, IPFS connects to the global public network. For a community mesh deployment you want a private swarm — only nodes that know the swarm key can join. This keeps your mesh content off the public IPFS network while still enabling all the benefits of content-addressed distributed storage within your community.
# Generate a swarm key (do this once on the gateway node)
$ go install github.com/Kubuxu/go-ipfs-swarm-key-gen/ipfs-swarm-key-gen@latest
$ ipfs-swarm-key-gen > ~/.ipfs/swarm.key
# The swarm.key file looks like this:
# /key/swarm/psk/1.0.0/
# /base16/
# a93f8c3...d719a2b
# Copy this swarm.key to every node that should join your mesh swarm
# Nodes without it cannot connect to your private swarm
# Remove default bootstrap peers (public IPFS network)
$ ipfs bootstrap rm --all
# Add your gateway node as the bootstrap peer for all mesh nodes
$ ipfs bootstrap add /ip4/<GATEWAY_IP>/tcp/4001/p2p/<GATEWAY_PEER_ID>
BASHNot everything belongs on an IPFS mesh swarm. LoRa bandwidth is limited — a Meshtastic message maxes out around 240 bytes. The mesh IPFS swarm is for your gateway node and any WiFi-connected secondary nodes, not for direct LoRa transmission of IPFS content. Think of it as a community NAS (network-attached storage) that the mesh can reference, not a protocol running over LoRa radio.
IPFS stores static files. OrbitDB extends that into a distributed database — specifically, a set of CRDT (Conflict-free Replicated Data Type) databases that sync automatically across all nodes that hold the same database. It's built entirely on IPFS and libp2p, which means it runs on any IPFS node with no additional infrastructure. As of 2026, OrbitDB is actively maintained and Helia-based integrations (Helia being the newer modular IPFS library) are now the preferred setup for fresh deployments.
For a mesh community, OrbitDB enables applications that would normally require a central server: shared bulletin boards, resource inventories, message logs, event registries. When nodes come online and sync, they catch up automatically. When they're offline, they operate from their local copy.
OrbitDB is powerful but adds complexity. For a very simple community bulletin board, a shared IPFS pubsub topic or even a periodically-updated IPFS-pinned JSON file may be sufficient. IPFS Cluster is another option if your primary need is collaborative pinning across gateway nodes rather than application state. Start simple — reach for OrbitDB when you genuinely need multi-writer distributed state.
# Install OrbitDB (requires Node.js)
$ npm install @orbitdb/core helia
# Minimal example: create a shared key-value store
import { createHelia } from 'helia'
import { createOrbitDB } from '@orbitdb/core'
const helia = await createHelia()
const orbitdb = await createOrbitDB({ ipfs: helia })
# Open (or create) a shared database — all nodes using this address share data
const db = await orbitdb.open('mesh-community-board', { type: 'documents' })
# Write a document
await db.put({ _id: 'announcement-001', text: 'Node on 4th + Elm is back online' })
# Read all documents
const all = await db.all()
JSIPFS alone doesn't guarantee persistence. A file exists on the IPFS network only as long as at least one node has pinned it. For truly permanent, verifiably preserved data — community archives, legal records, historical documentation — you need a persistence layer with economic incentives for storage providers.
| Protocol | Model | Offline Capability | Cost Structure | Best For |
|---|---|---|---|---|
| IPFS (local pin) | Self-hosted | FULL | Hardware only | Active mesh data, maps, docs |
| IPFS + Pinning Service | Delegated | INTERMITTENT | ~$0.15/GB/mo | Redundancy when internet available |
| Filecoin | Market-based | ONLINE REQUIRED | FIL tokens, negotiated | Long-term archival, verified proofs |
| Arweave | Endowment | ONLINE REQUIRED | One-time AR fee (~$0.01/MB) | Permanent public archives |
For most mesh communities: run a local IPFS node on the gateway, pin everything you want locally, and use Arweave for one-time permanent archiving of important community records when you have internet access. Filecoin's complexity and deal-making process is overkill unless you're archiving large volumes of data with verifiable proof requirements.
Peer-to-peer payments are the most immediately practical piece of the blockchain stack for a mesh community. Not speculative investment — payments. The ability to pay someone $3 for bandwidth without a bank, without a payment processor, without even the internet being up.
Two protocols deserve attention here: the Lightning Network (Layer 2 Bitcoin) for fast, low-fee micropayments; and Monero for privacy-preserving transactions where anonymity matters. Each has different trade-offs for offline and mesh use.
Bitcoin's base layer is too slow and too expensive for mesh micropayments. The Lightning Network solves this by creating payment channels: two parties lock funds into an on-chain multisig, then exchange signed payment transactions off-chain at zero fee and near-instant speed. They only need to broadcast to the Bitcoin blockchain when opening or closing a channel.
The critical property for mesh use: once a Lightning channel is open, payments within that channel require no blockchain access and no internet connectivity. Two gateway nodes can exchange thousands of micropayments over LoRa links with no internet, settling on-chain when connectivity is restored.
The recommended stack for a gateway node is Bitcoin Core (full node or pruned) + LND (Lightning Network Daemon) or Core Lightning (CLN). This runs comfortably on a Raspberry Pi 4 with a 1TB SSD.
# Install LND on Raspberry Pi (ARM64)
# Check github.com/lightningnetwork/lnd/releases for the current stable ARM64 build.
# Replace VERSION below with the latest release tag before running.
$ VERSION=v0.18.5-beta # ← update to the current release
$ wget https://github.com/lightningnetwork/lnd/releases/download/${VERSION}/lnd-linux-arm64-${VERSION}.tar.gz
$ tar -xvf lnd-linux-arm64-${VERSION}.tar.gz
$ sudo install -m 0755 -o root -g root lnd-linux-arm64-${VERSION}/lnd /usr/local/bin/lnd
$ sudo install -m 0755 -o root -g root lnd-linux-arm64-${VERSION}/lncli /usr/local/bin/lncli
# Minimal lnd.conf for a gateway node
# Located at ~/.lnd/lnd.conf
[Application Options]
alias=YourNodeName
color=#a78bfa
[Bitcoin]
bitcoin.active=1
bitcoin.mainnet=1
bitcoin.node=bitcoind
[Bitcoind]
bitcoind.rpchost=localhost
bitcoind.rpcuser=yourrpcuser
bitcoind.rpcpass=yourrpcpassword
CONFRunning a full Bitcoin node requires ~650GB of storage as of 2026. For a gateway node on a budget SSD, run Bitcoin Core in pruned mode (prune=550 keeps ~550MB of recent blocks; practical deployments often use prune=1000 for more breathing room with indexing). Recent LND releases have improved pruned-node support and better default watchtower configuration. Use the --bitcoin.node=bitcoind flag and set bitcoind.estimatemode=ECONOMICAL. The Pi 5 (8GB) can run Bitcoin Core + LND + IPFS simultaneously with careful config, but expect tight memory margins — close any unnecessary processes during initial chain sync.
Bitcoin and Lightning transactions are pseudonymous, not anonymous. With enough chain analysis, payment flows can be traced. For a community that values genuine privacy — activists, journalists, communities in contested political environments — Monero provides cryptographically enforced privacy at the protocol level.
Monero uses ring signatures, stealth addresses, and RingCT (confidential transactions) to make transaction amounts, senders, and recipients unlinkable by default. No opt-in. No mixing service. No extra steps. Private by design.
The practical challenge for mesh use is that Monero's full node is heavier than Bitcoin's for a Raspberry Pi. The recommended approach for mesh deployments is to run a remote node strategy during internet access periods, and use Feather Wallet for watch-only balance monitoring and offline transaction signing.
Feather supports a cold-signing workflow well-suited to mesh deployments: the gateway Pi runs a watch-only wallet (primary address + view key, no spend key) that tracks incoming funds. When you need to spend, you construct an unsigned transaction on the Pi, move it to an air-gapped device for signing, then broadcast it the next time internet is available.
In Feather: Wallet → Create → View-only wallet. Provide your primary address and view key only — never the spend key. Connect to a trusted remote Monero node for balance sync when internet is available. The watch-only wallet can construct unsigned transactions (.utx files) but cannot spend.
Move the .utx file to an air-gapped device (via USB drive or mesh file transfer) that holds the full wallet with spend key. In Feather, open the .utx, verify the details, and sign it — producing a signed transaction file (.stx).
Return the .stx to the gateway Pi. When internet is restored, broadcast via Feather's submission tool or monero-wallet-cli submit_transfer signed_tx. The transaction confirms in approximately two minutes.
LND is the most widely deployed Lightning implementation but not the only one. Core Lightning (CLN), formerly c-lightning, is a lighter-weight, plugin-based implementation that uses noticeably less RAM on constrained hardware — a real advantage on a Pi 4 (4GB) running multiple services simultaneously. CLN's plugin architecture also makes it easier to extend with custom mesh-specific payment logic without touching core code.
For network-layer anonymity, LND's native Tor support (covered in OpSec) is the standard choice. I2P is an alternative with different traffic analysis resistance properties than Tor — some operators layer LND over I2P for additional anonymity, though ecosystem support is more limited. If Tor is unavailable or blocked in your operating environment, I2P is worth evaluating.
| Feature | Bitcoin / Lightning | Monero |
|---|---|---|
| Privacy model | Pseudonymous (traceable) | Cryptographically private by default |
| Offline payments | YES via open LN channels | PARTIAL sign offline, broadcast later |
| Micropayment speed | INSTANT over Lightning | ~2 MIN block confirmation |
| Pi 4/5 hardware req. | ~4GB RAM (CLN) / ~6GB (LND) + pruned chain | ~4GB RAM + 150GB disk (full node) |
| Best use case | Micropayments, bandwidth markets | Privacy-sensitive value transfer |
Cryptocurrency regulations vary by jurisdiction and change frequently. Nothing in this guide is legal or financial advice. Be aware of local regulations regarding cryptocurrency holdings and peer-to-peer payments before deploying a Lightning or Monero node. This guide describes technical capabilities only.
Identity is the quietest and most important layer of the Sovereign Stack. Every other layer depends on it. Payments require knowing who you're paying. Storage access control requires knowing who has permission. Mesh routing requires knowing who to trust. In the legacy internet, identity is delegated to institutions: Google, Apple, your phone carrier. In the Sovereign Stack, identity is a keypair you generate yourself.
If you've worked with Reticulum, you already have a native mesh identity. Every Reticulum destination is derived from a public key. Your Reticulum address is not a username registered with a server — it's a hash of a public key that lives in a file on your device. Nobody issued it to you. Nobody can revoke it. Nobody can impersonate you without your private key.
As of early 2026, the original Reticulum project (Python RNS) has undergone a license change and the primary maintainer has stepped back from active development. The community has responded with active forks — most notably RetiNet (AGPL licensed) and an emerging Rust port (reticulum-rs) aimed at better performance on embedded hardware. The core protocol concepts in this guide remain valid across all implementations. Before deploying in production, check reticulum.network and the active community forums for the current recommended implementation — the landscape may have shifted further by the time you're reading this.
# View your Reticulum identity
$ rnid --list
Identity [12f4a3...] Created: 2025-11-15
Destination [8e2c1b...] Type: single
Name: <yourname>.mesh
# Export your public key for distribution
$ rnid --export 12f4a3...
# This is what you share with others for encrypted messaging
# The hash of this key IS your address — unforgeable, unrevokable
BASHReticulum identity is powerful within the mesh but doesn't bridge well to Web3 contexts — dApps, smart contracts, or cross-network reputation systems that expect a standard format. This is where DIDs (Decentralized Identifiers) come in.
DIDs are a W3C standard for self-sovereign identity. A DID looks like a URI: did:key:z6Mkf... or did:web:yournode.mesh. The DID document it points to contains your public keys, service endpoints, and verification methods — all cryptographically verifiable, all under your control. No registration. No central authority.
| DID Method | Resolution | Offline? | Blockchain? | Best For |
|---|---|---|---|---|
did:key |
Self-contained in DID | FULL | None | Mesh-native identities, Reticulum bridge |
did:web |
HTTPS fetch | NO | None | Public-facing nodes with domain names |
did:ion |
Bitcoin + IPFS | PARTIAL | Bitcoin anchored | Long-term portable identity |
did:ethr |
Ethereum | NO | Ethereum | EVM dApp integration |
For mesh-native deployments, did:key is the right choice. A did:key DID encodes the public key directly in the identifier — no blockchain, no server, no lookup required. It resolves entirely offline. The identifier is the key. Combined with a Reticulum address, you get a mesh identity that works across protocols.
Reticulum identities are Ed25519 keypairs — the same curve used by the did:key method. In principle, your Reticulum public key can be expressed as a did:key identifier, making it resolvable by any DID-aware system without a central registry.
Tooling for this bridge is still maturing. The practical path today is to generate a separate Ed25519 keypair using a tool like did-cli (available via npm: npm install -g @digitalcredentials/did-cli) and register it independently, then publish both your Reticulum destination hash and your DID together so others can associate them. Cross-signing support between Reticulum and W3C DID systems is an active area of development in the Reticulum community.
# Generate a did:key using the DID CLI (npm-based, not pip)
$ npm install -g @digitalcredentials/did-cli
$ did generate --method key
did:key:z6Mkf8pFxYBuJfCMGSC3NWkJNqR4sXtK7mEfSy3PjzB9oVkH
# Publish this DID alongside your Reticulum destination hash.
# Full keypair export from rnid for cross-signing is not yet supported
# in stable Reticulum tooling — check reticulum.network for updates.
BASH
Cryptographic identifiers are unambiguous but not memorable. ENS (Ethereum Name Service) maps human-readable names like yourname.eth to cryptographic addresses — Ethereum addresses, but also IPFS content hashes, Reticulum addresses, or any other identifier you want to associate.
The catch: ENS resolution requires an Ethereum node or RPC endpoint, which means internet connectivity. For mesh use, the practical approach is to cache ENS records locally during internet-available periods, using your gateway node as a local ENS resolver that serves cached records to mesh clients when offline.
Register your .eth name at app.ens.domains when you have internet access. Set your content hash to your IPFS node's address and add your Reticulum address in the records section using a custom text record: key reticulum, value your Reticulum destination hash.
Deploy ensnode or a local Ethereum light client (Helios) on the gateway Pi. Configure it to cache ENS records for community members. When internet is available, records sync. When it's not, the cache serves local resolution.
# Helios light client — syncs Ethereum state with no full node
$ cargo install helios
$ helios ethereum --network mainnet --rpc-port 8545 \
--checkpoint 0x... # latest finalized checkpoint
BASHPoint all mesh applications at your gateway's local ENS resolver endpoint (http://<GATEWAY_IP>:8545). When clients look up yourname.eth, the query resolves locally from cache rather than reaching out to Infura or Alchemy. No internet dependency for cached records.
The question of how to incentivize node operators — especially high-value relay nodes on rooftops and hilltops — is one of the oldest problems in community mesh networking. Voluntarism works in the beginning. It doesn't scale. Germany's Freifunk network runs on social norms; your city might not have that culture yet. Economic incentives are more reliable than goodwill.
Smart contracts offer a technically elegant solution. A contract on a blockchain can trustlessly distribute rewards to node operators who prove their uptime, forward traffic, or contribute storage. No central authority manages the payments. No one can steal the pot. The rules are code.
Before getting into how to do this well, it's worth examining how it was done badly. Helium was a blockchain-based LoRa network with token incentives for node operators. At its peak, it had hundreds of thousands of nodes. It seemed like exactly the model we're describing.
What went wrong:
1. The network existed to create tokens, not to provide coverage. Most Helium hotspots were placed for mining efficiency, not coverage usefulness. Residential deployments in dense areas competed with each other and earned little. Proof-of-Coverage was gameable.
2. The token was the product. When HNT crashed, operator incentive collapsed. A network whose operators are financially motivated to quit when prices fall is a network that fails precisely when you need it most.
3. Governance was centralized in practice. Helium Inc. made unilateral decisions about the protocol despite the nominal DAO structure. The "decentralized" governance was theater.
The lesson: Token incentives are a tool, not a purpose. The purpose is coverage. Design incentives around actual coverage utility, not token accumulation.
Rather than issuing a new token, a community mesh can use a simple treasury contract: a multisig wallet or DAO contract that holds community funds (in Bitcoin, stablecoins, or whatever the community agrees on) and distributes them based on on-chain proofs of service. No speculative token. No mining. Just: provide service, get paid.
The expensive part of Helium's model was its elaborate Proof-of-Coverage system. For a community mesh, a simpler approach works: cryptographically signed uptime beacons.
Each relay node periodically broadcasts a signed beacon over LoRa. Other nodes that receive it sign and timestamp the receipt. These receipts accumulate on the local IPFS node and are periodically submitted (when internet is available) as uptime proofs to the treasury contract. A node that receives beacon confirmations from multiple neighbors is provably online and covering useful geography.
# Example: generating a signed uptime beacon (Python pseudo-implementation)
import time, hashlib
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
private_key = Ed25519PrivateKey.generate()
def sign_beacon(node_id, timestamp):
payload = f"{node_id}:{timestamp}:{hashlib.sha256(str(timestamp).encode()).hexdigest()[:8]}"
signature = private_key.sign(payload.encode())
return { "payload": payload, "sig": signature.hex(), "pubkey": ... }
# Broadcast this over Reticulum or Meshtastic periodically
# Receiving nodes sign and store the receipt in their local IPFS node
# Aggregated receipts = verifiable uptime proof
PYTHONIf your community wants formal on-chain governance — voting on protocol changes, treasury disbursements, node membership — several lean DAO frameworks can be deployed on low-cost EVM chains (Gnosis Chain, Polygon) rather than expensive Ethereum mainnet.
| Tool | Type | Chain | Offline Voting? | Notes |
|---|---|---|---|---|
| Safe (Gnosis Safe) | Multisig treasury | Any EVM | SIGN OFFLINE | Best for treasury management. M-of-N key approvals. |
| Snapshot | Off-chain voting | IPFS-based | YES | Votes stored on IPFS, signed with wallet. No gas. Works offline. |
| Aragon OSx | Full DAO framework | Polygon / Gnosis | NO | Powerful but complex. Overkill for small communities. |
| Colony | Work-based DAO | Gnosis Chain | NO | Good model for paying contributors for specific tasks. |
Start with Snapshot + Safe. Snapshot lets community members vote on proposals using wallet signatures — the votes are stored on IPFS and cost nothing. Safe holds the community treasury as a multisig. When a Snapshot vote passes, Safe signers execute the transaction. This gives you accountable, auditable governance with minimal complexity, and Snapshot proposals can be authored and signed locally even without internet, then published when connectivity returns.
Here's a concrete example: a 5-person founding team sets up a 3-of-5 Safe multisig on Gnosis Chain (low gas costs). They create a Snapshot space tied to their community's ENS name. When a node operator requests reimbursement for equipment, any member posts a proposal. After 48 hours and a passing vote, three key-holders sign the Safe transaction and funds are released.
// Snapshot proposal (authored offline, published when internet available)
// Stored on IPFS, signed with your wallet — no gas required
{
"space": "nodestar-socal.eth",
"type": "single-choice",
"title": "Fund rooftop relay node at 4th + Elm — $120 equipment reimbursement",
"body": "Operator @meshnode-7 installed a solar-powered relay node covering the Eastside gap. Requesting reimbursement for verified hardware costs.",
"choices": ["Approve", "Reject", "Request more info"],
"start": 1740000000, // Unix timestamp
"end": 1740172800, // 48 hours later
"snapshot": 12345678, // Block number for voting power snapshot
"discussion": "https://forum.nodestar.net/t/eastside-relay"
}
JSON# Deploy a Safe on Gnosis Chain (low fees, EVM compatible)
# Via safe.global UI or safe-cli tool
# 1. Connect 5 founding member wallets
# 2. Set threshold: 3 of 5 required signatures
# 3. Fund the Safe with community treasury (xDAI, USDC, or BTC via bridge)
# 4. Record Safe address — add to ENS records as "multisig" text field
# To execute a passed Snapshot vote:
$ safe-cli --safe-address 0xYourSafe... \
--private-key $SIGNER_KEY \
send-eth --to 0xRecipient... --value 120
# Requires 2 more co-signers to also submit — threshold enforced on-chain
BASHEverything so far has been architecture. This section is a concrete bill of materials and setup sequence for the smallest sovereign stack that's actually useful. Not the full vision — the minimum version that works today, with real hardware and real software, for a real community.
Start with Raspberry Pi OS Lite (64-bit). Install core dependencies:
$ sudo apt update && sudo apt upgrade -y
$ sudo apt install -y git curl wget python3 python3-pip nodejs npm \
build-essential libssl-dev pkg-config
# Install Rust (needed for Helios and some IPFS tools)
$ curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh
BASHInstall Reticulum and configure your LoRa interface first. This gives you secure mesh communications before adding higher-layer services.
$ pip install rns rnodeconf --break-system-packages
# Flash your WisBlock/RNode (interactive — plug in board when prompted)
$ rnodeconf --autoinstall
# Add to ~/.reticulum/config as a LoRa interface
BASHInstall and configure your private mesh IPFS swarm. Generate the swarm key, initialize the node, and set up a private bootstrap peer list for your mesh community.
Install Bitcoin Core and sync with the following config. Initial sync takes 1–3 days on a Pi 5.
# ~/.bitcoin/bitcoin.conf
prune=550
txindex=0
daemon=1
rpcuser=meshnode
rpcpassword=<strong-random-password>
rpcbind=127.0.0.1
rpcallowip=127.0.0.1
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333
CONFInstall LND, create a wallet, fund it (on-chain Bitcoin), and open your first Lightning channel with a well-connected node. You now have instant, fee-efficient payments. Open channels with other community mesh operators to build a local payment network.
$ lncli create # creates wallet, save seed phrase OFFLINE
$ lncli newaddress p2wkh # get deposit address
# Fund it, then open a channel
$ lncli connect <NODE_PUBKEY>@<IP>:9735
$ lncli openchannel --node_key <NODE_PUBKEY> --local_amt 100000
BASHGenerate a did:key from your Reticulum identity and publish your DID document to your IPFS node. Add it to the community's OrbitDB identity registry. You now have a portable, offline-resolvable identity that works across all layers of the stack.
At the end of this setup, your gateway node is running six services that interlock. Here's how they relate — which processes depend on which, what ports they use, and what remains functional when internet goes down:
LND depends on bitcoind's ZMQ stream — always start Bitcoin Core first and wait for it to be fully synced before starting LND. IPFS and Reticulum are independent of each other and can start in either order. Helios is optional and can be omitted on memory-constrained setups.
Print this or screenshot it. Work through it top to bottom — each layer depends on the ones above it being stable before you proceed.
pip install rnsrnodeconf --autoinstall~/.reticulum/configrnsh or rnodeconf --pingprune=1000)lncli exportchanbackup --alllncli wtclient towersAdding a Lightning node and IPFS storage to your mesh gateway materially increases your attack surface. A compromised gateway node could lose funds (Lightning channels), expose community data (IPFS), or allow impersonation (key theft). The security fundamentals here are not optional.
Your LND wallet seed is 24 words that control every satoshi in your Lightning channels. Your Reticulum identity keys control your mesh address and any signed attestations. Your DID private key controls your cross-network identity. These must never exist only on the Pi.
1. When LND initializes, it gives you a 24-word seed phrase. Write it on paper. Then laminate it or store it in a waterproof container. Do not store it digitally anywhere.
2. Your Reticulum identity file lives at ~/.reticulum/storage/identities/. Back this up to encrypted offline storage.
3. SCB (Static Channel Backup) — export after every new channel open: lncli exportchanbackup --all > ~/chan.backup and store off-device. This is required to recover funds if your node dies without a clean shutdown. Without it, funds in channels are unrecoverable.
4. Enable LND's built-in Watchtower — as of LND v0.18+ this is straightforward to activate and the defaults are reasonable:
# Add to lnd.conf — enables the watchtower and client in one node
[Watchtower]
watchtower.active=true
[WatchtowerClient]
wtclient.active=true
# Optionally add a remote watchtower for redundancy:
# wtclient.add-tower=pubkey@host:port
# Verify watchtower is running after restart
$ lncli tower info
$ lncli wtclient towersYour gateway Pi should not be reachable from the public internet unless you explicitly need it to be. Lightning peers connect on port 9735 — this should only be reachable from trusted peers, not the open internet, unless you are intentionally acting as a public Lightning routing node (which is a different operational profile).
# UFW firewall setup for a gateway node
$ sudo ufw default deny incoming
$ sudo ufw default allow outgoing
$ sudo ufw allow from 192.168.0.0/24 to any port 22 # SSH local only
$ sudo ufw allow from 192.168.0.0/24 to any port 8080 # IPFS gateway local only
$ sudo ufw allow from 192.168.0.0/24 to any port 8545 # ENS resolver local only
$ sudo ufw allow 9735 # LN peers (public)
$ sudo ufw allow 4001 # IPFS swarm
$ sudo ufw enable
BASHThe IPFS HTTP gateway (port 8080) lets any browser or app fetch content by hash — useful for mesh nodes that want to pull maps, documents, or app data from the gateway without running a full IPFS daemon. The risk is exposing this to the broader internet. The solution is to proxy it through Nginx with basic authentication, binding it only to your local mesh network interface.
# Install Nginx
$ sudo apt install nginx apache2-utils -y
# Create a password file for gateway auth
$ sudo htpasswd -c /etc/nginx/.htpasswd meshuser
# /etc/nginx/sites-available/ipfs-gateway
server {
listen 8888; # Mesh-facing port (not 8080)
server_name _;
auth_basic "Mesh IPFS Gateway";
auth_basic_user_file /etc/nginx/.htpasswd;
# Only allow requests from your local mesh subnet
allow 192.168.0.0/24;
deny all;
location /ipfs/ {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
# Optional: cache aggressively — content-addressed files never change
proxy_cache_valid 200 7d;
}
}
NGINXFor a fully mesh-native IPFS gateway with no WiFi dependency, you can expose IPFS content through a Reticulum transport service: a small Python daemon that listens on a Reticulum destination and proxies IPFS fetches by hash. This lets LoRa-connected devices request content directly over the mesh without needing any IP connectivity to the gateway. The bandwidth ceiling is low (~2–5KB/s over LoRa), making it practical for text documents and small config files but not maps or media.
watchtower.active=true + wtclient.active=true in lnd.conf. Export SCB after every new channel: lncli exportchanbackup --all. Monitor with RTL or LNBits.max_pending_channels limit. Only open channels with known community members. Avoid anonymous public routing initially.LND has native Tor support. Running your Lightning node over Tor hides your IP address from channel peers and any observer monitoring the Lightning gossip network. For communities in politically sensitive contexts, this is not optional.
# Enable Tor for LND in lnd.conf
[Tor]
tor.active=true
tor.socks=127.0.0.1:9050
tor.streamisolation=true
tor.v3=true
# Your node will get a .onion address
# Peers connect to it without knowing your IP
# IPFS can also be configured to use Tor for internet-facing connections
CONF| Component | Software | Source |
|---|---|---|
| LoRa / Mesh Transport (Python) | Reticulum RNS | reticulum.network · meshtastic.org |
| LoRa / Mesh Transport (Rust) | reticulum-rs EMERGING | github.com/n0-computer/reticulum-rs |
| Decentralized Storage | Kubo (IPFS — current stable) | dist.ipfs.tech |
| Distributed Database | OrbitDB (Helia-based) | github.com/orbitdb/orbitdb |
| Permanent Storage | Arweave / Filecoin | arweave.org · filecoin.io |
| Bitcoin Full Node | Bitcoin Core | bitcoincore.org |
| Lightning Network (full) | LND (current stable) | github.com/lightningnetwork/lnd |
| Lightning Network (light) | Core Lightning (CLN) | github.com/ElementsProject/lightning |
| LN Management UI | Ride the Lightning (RTL) | github.com/Ride-The-Lightning/RTL |
| Monero Wallet (offline) | Feather Wallet | featherwallet.org |
| Identity (DID) | @digitalcredentials/did-cli (npm) | uniresolver.io |
| ENS Light Client | Helios | github.com/a16z/helios |
| DAO Treasury | Safe (Gnosis Safe) | safe.global |
| Off-chain Voting | Snapshot | snapshot.org |
| Node Stats / LN | LNBits | lnbits.com |
| Item | Spec / Model | Approx. Cost |
|---|---|---|
| Single-board computer | Raspberry Pi 5 (8GB) | ~$80 |
| Storage | 1TB USB 3.0 SSD | ~$65 |
| LoRa interface | WisBlock RAK4631 or RNode v2.x | ~$35–55 |
| Enclosure | Argon NEO 5 or similar | ~$20 |
| Power backup | UPS HAT or PiJuice | ~$30–60 |
| LoRa antenna | 915MHz (US) or 868MHz (EU) external | ~$15–30 |
| Total | ~$245–310 |
| Resource | URL |
|---|---|
| IPFS Documentation | docs.ipfs.tech |
| LND Developer Docs | docs.lightning.engineering |
| Core Lightning Docs | docs.corelightning.org |
| Reticulum Manual | reticulum.network/manual |
| W3C DID Specification | w3.org/TR/did-core |
| Mastering Bitcoin (free) | github.com/bitcoinbook/bitcoinbook |
| Mastering Lightning (free) | github.com/lnbook/lnbook |
| Monero Research Lab | getmonero.org/resources/research-lab |
| OrbitDB Docs | orbitdb.org |
| Feather Wallet Docs | docs.featherwallet.org |
| Node Star Networks | nodestar.net |
The Sovereign Stack is not finished. It's a direction. Each layer you add makes the community more resilient, more self-sufficient, and harder to silence. You don't have to build the whole thing at once. Start with IPFS and a mesh that works. Add Lightning when you have operators who want to be compensated. Add governance when the community is large enough to need it. The playbook is modular. Own the internet one layer at a time.