mirror of
https://github.com/raspiblitz/raspiblitz.git
synced 2025-09-28 20:42:41 +02:00
Christian Rotzoll
committed by
rootzoll
rootzoll
parent
6748140698
commit
0dff3bb60d
@@ -30,12 +30,6 @@ if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help":
|
||||
print("# blitz.subscriptions.letsencrypt.py domain-by-ip <ip>")
|
||||
sys.exit(1)
|
||||
|
||||
# constants for standard services
|
||||
SERVICE_LND_REST_API = "LND-REST-API"
|
||||
SERVICE_LND_GRPC_API = "LND-GRPC-API"
|
||||
SERVICE_LNBITS = "LNBITS"
|
||||
SERVICE_BTCPAY = "BTCPAY"
|
||||
|
||||
#####################
|
||||
# BASIC SETTINGS
|
||||
#####################
|
||||
@@ -318,7 +312,6 @@ def get_subscription(subscription_id):
|
||||
try:
|
||||
|
||||
if Path(SUBSCRIPTIONS_FILE).is_file():
|
||||
os.system("sudo chown admin:admin {0}".format(SUBSCRIPTIONS_FILE))
|
||||
subs = toml.load(SUBSCRIPTIONS_FILE)
|
||||
else:
|
||||
return []
|
||||
@@ -336,7 +329,6 @@ def get_subscription(subscription_id):
|
||||
def get_domain_by_ip(ip):
|
||||
# does subscriptin file exists
|
||||
if Path(SUBSCRIPTIONS_FILE).is_file():
|
||||
os.system("sudo chown admin:admin {0}".format(SUBSCRIPTIONS_FILE))
|
||||
subs = toml.load(SUBSCRIPTIONS_FILE)
|
||||
else:
|
||||
raise BlitzError("no match")
|
||||
@@ -520,6 +512,7 @@ This looks not like valid.
|
||||
# default target are the nginx ip ports
|
||||
target = "ip"
|
||||
ip = ""
|
||||
serviceName = ""
|
||||
|
||||
if tag == "IP2TOR":
|
||||
|
||||
@@ -558,6 +551,7 @@ Create one first and try again.
|
||||
# get the slected IP2TOR bridge
|
||||
ip2tor_select = ip2tor_subs[int(tag)]
|
||||
ip = ip2tor_select["ip"]
|
||||
serviceName = ip2tor_select["name"]
|
||||
target = "tor"
|
||||
|
||||
elif tag == "DYNDNS":
|
||||
@@ -591,6 +585,11 @@ This looks not like a valid IP.
|
||||
os.system("clear")
|
||||
subscription = subscriptions_new(ip, dnsservice, domain, token, target)
|
||||
|
||||
# restart certain services to update urls
|
||||
if serviceName == "IP2TOR SPHINX":
|
||||
print("# restarting Sphinx Relay to pickup new public url (please wait) ...")
|
||||
os.system("sudo systemctl restart sphinxrelay")
|
||||
|
||||
# success dialog
|
||||
Dialog(dialog="dialog", autowidgetsize=True).msgbox('''
|
||||
OK your LetsEncrypt subscription is now ready.
|
||||
@@ -758,6 +757,7 @@ def subscription_cancel():
|
||||
subscription_id = sys.argv[2]
|
||||
try:
|
||||
subscriptions_cancel(subscription_id)
|
||||
|
||||
except Exception as e:
|
||||
handleException(e)
|
||||
|
||||
|
||||
@@ -208,6 +208,10 @@ The following additional information is available:
|
||||
print("# FAIL: unknown subscription type")
|
||||
time.sleep(3)
|
||||
|
||||
# trigger restart of relevant services so they can pickup new environment
|
||||
print("# restarting Sphinx Relay to pickup new public url (please wait) ...")
|
||||
os.system("sudo systemctl restart sphinxrelay")
|
||||
|
||||
# loop until no more subscriptions or user chooses CANCEL on subscription list
|
||||
my_subscriptions()
|
||||
|
||||
@@ -407,8 +411,13 @@ def main():
|
||||
service_name, tor_address, tor_port)
|
||||
print("# running: {0}".format(cmd))
|
||||
os.system(cmd)
|
||||
sys.exit(0)
|
||||
|
||||
# action after possibly new created bride
|
||||
if service_name == SERVICE_SPHINX:
|
||||
print("# restarting Sphinx Relay to pickup new public url (please wait) ...")
|
||||
os.system("sudo systemctl restart sphinxrelay")
|
||||
|
||||
sys.exit(0)
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
||||
|
||||
@@ -100,7 +100,7 @@ if [ "$1" = "menu" ]; then
|
||||
fi
|
||||
|
||||
if [ ${#ip2torWarn} -gt 0 ]; then
|
||||
whiptail --title " Warning " --msgbox "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}" 8 55
|
||||
whiptail --title " Warning " --msgbox "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}\n\nCheck if locally responding: http://${localIP}:${httpPort}\n\nCheck if service is reachable over Tor:\n${toraddress}" 13 72
|
||||
fi
|
||||
|
||||
text="Local Webrowser: https://${localIP}:${httpsPort}"
|
||||
|
||||
@@ -23,7 +23,7 @@ if [ "$1" = "menu" ]; then
|
||||
source <(sudo /home/admin/config.scripts/bonus.lnbits.sh status)
|
||||
|
||||
if [ ${#ip2torWarn} -gt 0 ]; then
|
||||
whiptail --title " Warning " --msgbox "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}" 8 55
|
||||
whiptail --title " Warning " --msgbox "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}\n\nCheck if locally responding: http://${localIP}:${httpPort}\n\nCheck if service is reachable over Tor:\n${toraddress}" 13 72
|
||||
fi
|
||||
|
||||
text="Local Webrowser: https://${localIP}:${httpsPort}"
|
||||
|
||||
@@ -22,7 +22,7 @@ if [ "$1" = "menu" ]; then
|
||||
source <(sudo /home/admin/config.scripts/bonus.sphinxrelay.sh status)
|
||||
|
||||
if [ ${#ip2torWarn} -gt 0 ]; then
|
||||
whiptail --title " Warning " --msgbox "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}" 8 55
|
||||
whiptail --title " Warning " --msgbox "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}\n\nCheck if locally responding: http://${localIP}:${httpPort}\n\nCheck if service is reachable over Tor:\n${toraddress}" 13 72
|
||||
fi
|
||||
|
||||
extraPairInfo=""
|
||||
@@ -34,7 +34,7 @@ if [ "$1" = "menu" ]; then
|
||||
IP2TOR+LetsEncrypt: ${publicURL}
|
||||
SHA1 ${sslFingerprintTOR}\n
|
||||
If you connect your app with this setup you should be able to
|
||||
use it securly from everywhere.
|
||||
use it securely from everywhere.
|
||||
"
|
||||
|
||||
# When DynDNS & LETSENCRYPT
|
||||
@@ -80,24 +80,28 @@ adding a IP2TOR Bridge (MAINMENU > SUBSCRIBE) and reconnect."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
if [ ${#extraPairInfo} -eq 0 ]; then
|
||||
extraPairInfo="The base64 decoded connection string (for debug):\n${connectionCodeClear}"
|
||||
fi
|
||||
|
||||
# show qr code on LCD & console
|
||||
/home/admin/config.scripts/blitz.lcd.sh qr "${connectionCode}"
|
||||
whiptail --title " Connect App with Sphinx Relay " \
|
||||
--yes-button "Done" \
|
||||
--no-button "Show QR Code" \
|
||||
--yesno "Open the Sphinx Chat app & scan the QR code displayed on the LCD. If you dont have a RaspiBlitz with LCD choose 'Show QR Code'.\n
|
||||
The connection string in clear text is: ${connectionCode}\n
|
||||
${extraPairInfo}" 13 70
|
||||
The connection string can also be copied if needed: ${connectionCode}\n
|
||||
${extraPairInfo}" 16 70
|
||||
if [ $? -eq 1 ]; then
|
||||
clear
|
||||
qrencode -t ANSI256 "${connectionCode}"
|
||||
/home/admin/config.scripts/blitz.lcd.sh hide
|
||||
echo "--> Scan this code with your Sphinx Chat App"
|
||||
echo "To shrink QR code: macOS press CMD- / LINUX press CTRL-"
|
||||
echo "Press ENTER when finished."
|
||||
read key
|
||||
fi
|
||||
|
||||
/home/admin/config.scripts/blitz.lcd.sh hide
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -149,7 +153,11 @@ if [ "$1" = "status" ]; then
|
||||
connectionCode=$(sudo cat /home/sphinxrelay/sphinx-relay/connection_string.txt)
|
||||
fi
|
||||
echo "connectionCode='${connectionCode}'"
|
||||
|
||||
|
||||
# decode with base64 for debug
|
||||
connectionCodeClear=$(echo -n "${connectionCode}" | base64 --decode)
|
||||
echo "connectionCodeClear='${connectionCodeClear}'"
|
||||
|
||||
# check for LetsEnryptDomain for DynDns
|
||||
error=""
|
||||
source <(/home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $publicIP)
|
||||
@@ -163,7 +171,7 @@ if [ "$1" = "status" ]; then
|
||||
sslFingerprintIP=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout 2>/dev/null | cut -d"=" -f2)
|
||||
echo "sslFingerprintIP='${sslFingerprintIP}'"
|
||||
|
||||
toraddress=$(cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null)
|
||||
toraddress=$(cat /home/sphinxrelay/sphinx-relay/dist/toraddress.txt 2>/dev/null)
|
||||
echo "toraddress='${toraddress}'"
|
||||
|
||||
sslFingerprintTOR=$(openssl x509 -in /mnt/hdd/app-data/nginx/tor_tls.cert -fingerprint -noout 2>/dev/null | cut -d"=" -f2)
|
||||
@@ -299,11 +307,13 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||
sudo chown sphinxrelay:sphinxrelay -R /mnt/hdd/app-data/sphinxrelay
|
||||
|
||||
# database config
|
||||
sudo -u sphinxrelay cp /home/sphinxrelay/sphinx-relay/config/config.json /home/sphinxrelay/sphinx-relay/config/config.json.bak
|
||||
sudo cat /home/sphinxrelay/sphinx-relay/config/config.json | \
|
||||
jq ".production.storage = \"/mnt/hdd/app-data/sphinxrelay/sphinx.db\"" | \
|
||||
sudo -u sphinxrelay tee /home/sphinxrelay/sphinx-relay/config/config.json
|
||||
|
||||
# general config
|
||||
# general app config
|
||||
sudo -u sphinxrelay cp /home/sphinxrelay/sphinx-relay/config/app.json /home/sphinxrelay/sphinx-relay/config/app.json.bak
|
||||
sudo cat /home/sphinxrelay/sphinx-relay/config/app.json | \
|
||||
jq ".production.tls_location = \"/mnt/hdd/app-data/lnd/tls.cert\"" | \
|
||||
jq ".production.macaroon_location = \"/mnt/hdd/app-data/lnd/data/chain/${network}/${chain}net/admin.macaroon\"" | \
|
||||
@@ -316,7 +326,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||
# sudo chmod 640 /home/sphinxrelay/sphinx-relay/connection_string.txt
|
||||
|
||||
# write environment
|
||||
/home/admin/config.scripts/bonus.sphinxrelay.sh write-environment
|
||||
sudo -u sphinxrelay /home/admin/config.scripts/bonus.sphinxrelay.sh write-environment
|
||||
|
||||
# open firewall
|
||||
echo
|
||||
@@ -388,10 +398,9 @@ EOF
|
||||
if [ "${runBehindTor}" = "on" ]; then
|
||||
# make sure to keep in sync with internet.tor.sh script
|
||||
/home/admin/config.scripts/internet.hiddenservice.sh sphinxrelay 80 3302 443 3303
|
||||
# allow everybody to read the hostname (no need for sudo for read)
|
||||
sudo chmod +r /mnt/hdd/tor/sphinxrelay/hostname
|
||||
sudo chmod +x /mnt/hdd/tor/sphinxrelay
|
||||
sudo chmod +x /mnt/hdd/tor
|
||||
# get TOR address and store it readable for sphixrelay user
|
||||
toraddress=$(sudo cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null)
|
||||
sudo -u sphinxrelay bash -c "echo '${toraddress}' > /home/sphinxrelay/sphinx-relay/dist/toraddress.txt"
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
||||
@@ -400,6 +400,15 @@ EOF
|
||||
# specter makes only sense to be served over https
|
||||
/home/admin/config.scripts/internet.hiddenservice.sh cryptoadvance-specter 443 25441
|
||||
fi
|
||||
if [ "${sphinxrelay}" = "on" ]; then
|
||||
/home/admin/config.scripts/internet.hiddenservice.sh sphinxrelay 80 3302 443 3303
|
||||
toraddress=$(sudo cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null)
|
||||
sudo -u sphinxrelay bash -c "echo '${toraddress}' > /home/sphinxrelay/sphinx-relay/dist/toraddress.txt"
|
||||
fi
|
||||
|
||||
# get TOR address and store it readable for sphixrelay user
|
||||
toraddress=$(sudo cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null)
|
||||
sudo -u sphinxrelay bash -c "echo '${toraddress}' > /home/sphinxrelay/sphinx-relay/dist/toraddress.txt"
|
||||
|
||||
echo "Setup logrotate"
|
||||
# add logrotate config for modified Tor dir on ext. disk
|
||||
|
||||
Reference in New Issue
Block a user