Tor: remove tor@lnd instance

The separate tor instance for LND became redundant: * now Tor is only reloaded, not restarted on config changes so the port remains open * using LND streamisolation means every LND connection is on a new Tor circuit
2025-04-12 13:49:38 +02:00 · 2021-09-13 07:20:30 +01:00 · 2021-09-13 07:20:30 +01:00 · 19c0298e91
commit 19c0298e91
parent 0d8b69c361
4 changed files with 6 additions and 112 deletions
--- a/home.admin/99systemMenu.sh
+++ b/home.admin/99systemMenu.sh
@ -162,7 +162,7 @@ case $CHOICE in
 btc-rpc-explorer, btcpayserver, circuitbreaker,
 specter, getty@tty1, electrs, litd,
 lnbits, mempool, nbxlorer, nginx, RTL, telegraf,
-thunderhub, tor@default, tor@lnd, tor
+thunderhub, tor@default, tor
 "
    echo "Type the name of the service you would like to monitor:"  
    read SERVICE
@ -180,7 +180,7 @@ thunderhub, tor@default, tor@lnd, tor
 btc-rpc-explorer, btcpayserver, circuitbreaker,
 specter, getty@tty1, electrs, litd,
 lnbits, mempool, nbxlorer, nginx, RTL, telegraf,
-thunderhub, tor@default, tor@lnd, tor
+thunderhub, tor@default, tor
 "
    echo "Type the name of the service you would like to restart:" 
    read SERVICE
--- a/home.admin/_provision.setup.sh
+++ b/home.admin/_provision.setup.sh
@ -215,9 +215,6 @@ if [ "${lightning}" == "lnd" ]; then
  sed -i "6s/.*/After=${network}d.service/" /home/admin/assets/lnd.service >> ${logFile}
  sudo cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile}

-  # make sure LND starts with Tor by default
-  sudo /home/admin/config.scripts/internet.tor.sh lndconf-on >> ${logFile}
-
  # start lnd up
  echo "Starting LND Service ..." >> ${logFile}
  sudo systemctl enable lnd >> ${logFile}
--- a/home.admin/config.scripts/internet.tor.sh
+++ b/home.admin/config.scripts/internet.tor.sh
@ -13,7 +13,7 @@
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
 echo "script to switch Tor on or off"
- echo "internet.tor.sh [status|on|off|btcconf-on|btcconf-off|lndconf-on|update]"
+ echo "internet.tor.sh [status|on|off|btcconf-on|btcconf-off|update]"
 exit 1
 fi

@ -69,96 +69,6 @@ deactivateBitcoinOverTOR()
  sudo chown admin:admin /home/admin/.${network}/${network}.conf
 }

-activateLndOverTOR()
-{
-  echo "*** Putting LND behind Tor ***"
-
-  lndExists=$(sudo ls /etc/systemd/system/lnd.service | grep -c "lnd.service")
-  if [ ${lndExists} -gt 0 ]; then
-
-    # lnd-tor instance
-    # https://www.torservers.net/wiki/setup/server#multiple_tor_processes
-    NODENAME="lnd"
-    SOCKSPORT=9070
-    CONTROLPORT=$((SOCKSPORT+1))
-    echo "# Creating a dedicated Tor instance for $NODENAME"
-    sudo tor-instance-create $NODENAME
-
-    echo "# Make sure the user bitcoin is in the _tor-$NODENAME group"
-    sudo usermod -a -G _tor-$NODENAME bitcoin
-
-    # create tor data directory if it not exist
-    if [ ! -d "/mnt/hdd/tor-$NODENAME" ]; then
-      echo "# - creating tor data directory"
-      sudo mkdir -p /mnt/hdd/tor-$NODENAME
-      sudo mkdir -p /mnt/hdd/tor-$NODENAME/sys
-    else
-      echo "# - /mnt/hdd/tor-$NODENAME data directory exists"
-    fi
-    # make sure its the correct owner
-    sudo chmod -R 700 /mnt/hdd/tor-$NODENAME
-    sudo chown -R _tor-$NODENAME:_tor-$NODENAME /mnt/hdd/tor-$NODENAME
-
-    echo "
-### torrc for tor@$NODENAME
-### https://github.com/lightningnetwork/lnd/blob/master/docs/configuring_tor.md
-
-DataDirectory /mnt/hdd/tor-$NODENAME/sys
-PidFile /mnt/hdd/tor-$NODENAME/sys/tor.pid
-
-SocksPort $SOCKSPORT
-ControlPort $CONTROLPORT
-CookieAuthentication 1
-CookieAuthFileGroupReadable 1
-
-SafeLogging 1
-Log notice stdout
-Log notice file /mnt/hdd/tor-$NODENAME/notice.log
-Log info file /mnt/hdd/tor-$NODENAME/info.log
-" | sudo tee /etc/tor/instances/$NODENAME/torrc
-    sudo chmod 644 /etc/tor/instances/$NODENAME/torrc
-
-    sudo mkdir -p /etc/systemd/system/tor@$NODENAME.service.d
-    sudo tee /etc/systemd/system/tor@$NODENAME.service.d/raspiblitz.conf >/dev/null <<EOF
-    # DO NOT EDIT! This file is generated by raspiblitz and will be overwritten
-[Service]
-ReadWriteDirectories=-/mnt/hdd/tor-$NODENAME
-[Unit]
-After=network.target nss-lookup.target mnt-hdd.mount
-EOF
-
-    echo "Setup logrotate"
-    # add logrotate config for modified Tor dir on ext. disk
-    sudo tee /etc/logrotate.d/raspiblitz-tor-$NODENAME >/dev/null <<EOF
-/mnt/hdd/tor-$NODENAME/*log {
-        daily
-        rotate 5
-        compress
-        delaycompress
-        missingok
-        notifempty
-        create 0640 _tor-$NODENAME _tor-$NODENAME
-        sharedscripts
-        postrotate
-                if invoke-rc.d tor status > /dev/null; then
-                        invoke-rc.d tor reload > /dev/null
-                fi
-        endscript
-}
-EOF
-    sudo systemctl daemon-reload
-    sudo systemctl enable tor@$NODENAME
-    sudo systemctl start tor@$NODENAME
-    
-
-    echo "# OK"
-    echo 
-
-  else
-    echo "# LND service not found (yet) - try with 'internet.tor.sh lndconf-on' again later" 
-  fi
-}
-
 # check and load raspiblitz config
 # to know which network is running
 if [ -f "/home/admin/raspiblitz.info" ]; then
@ -200,12 +110,6 @@ if [ "$1" = "btcconf-off" ]; then
  exit 0
 fi

-# if started with lndconf-on
-if [ "$1" = "lndconf-on" ]; then
-  activateLndOverTOR
-  exit 0
-fi
-
 # add default value to raspi config if needed
 checkTorEntry=$(sudo cat /mnt/hdd/raspiblitz.conf | grep -c "runBehindTor")
 if [ ${checkTorEntry} -eq 0 ]; then
@ -299,9 +203,7 @@ HiddenServicePort 80 127.0.0.1:80
 # NOTE: since Bitcoin Core v0.21.0 sets up a v3 Tor service automatically 
 # see /mnt/hdd/bitcoin for the onion private key - delete and restart bitcoind to reset

-# NOTE: LND is using a separate Tor instance: tor@lnd
-# find the torrc at /etc/tor/instances/lnd/torrc
-# onion private key at /mnt/hdd/lnd/v3_onion_private_key
+# NOTE: LND onion private key at /mnt/hdd/lnd/v3_onion_private_key

 # Hidden Service for LND RPC
 HiddenServiceDir /mnt/hdd/tor/lndrpc10009/
@ -341,9 +243,6 @@ EOF
  # ACTIVATE BITCOIN OVER TOR (function call)
  activateBitcoinOverTOR

-  # ACTIVATE LND OVER TOR (function call)
-  activateLndOverTOR
-
  # ACTIVATE APPS OVER TOR
  source /mnt/hdd/raspiblitz.conf 2>/dev/null
  if [ "${BTCRPCexplorer}" = "on" ]; then
@ -424,7 +323,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  # disable TOR service
  echo "# *** Disable Tor service ***"
  sudo systemctl disable tor@default
-  sudo systemctl disable tor@lnd
  echo ""

  # DEACTIVATE BITCOIN OVER TOR (function call)
@ -459,7 +357,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then

  echo "# *** Stop Tor service ***"
  sudo systemctl stop tor@default
-  sudo systemctl stop tor@lnd
  echo ""

  if [ "$2" == "clear" ]; then
--- a/home.admin/config.scripts/lnd.check.sh
+++ b/home.admin/config.scripts/lnd.check.sh
@ -188,8 +188,8 @@ if [ "$1" == "prestart" ]; then
 " | tee -a ${lndConfFile}
    fi

-    setting ${lndConfFile} ${insertLine} "tor.control" "9071"
-    setting ${lndConfFile} ${insertLine} "tor.socks" "9070"
+    setting ${lndConfFile} ${insertLine} "tor.control" "9051"
+    setting ${lndConfFile} ${insertLine} "tor.socks" "9050"
    setting ${lndConfFile} ${insertLine} "tor.privatekeypath" "\/mnt\/hdd\/lnd\/${netprefix}v3_onion_private_key"
    setting ${lndConfFile} ${insertLine} "tor.streamisolation" "true"
    setting ${lndConfFile} ${insertLine} "tor.v3" "true"