From ef2a86d2aa9b82a9e7d5adbd25cdaafc59863ff4 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Thu, 21 Nov 2024 16:39:49 +0100 Subject: [PATCH 01/11] #4727 Add AlbyHub to RaspiBlitz SSH menus (#4848) * #4727 first draft for install script * #4727 add x86 * #4727 recover & SSH menu --- home.admin/00mainMenu.sh | 6 + home.admin/00settingsMenuServices.sh | 28 ++ home.admin/_provision_.sh | 9 + home.admin/config.scripts/bonus.albyhub.sh | 376 +++++++++++++++++++++ 4 files changed, 419 insertions(+) create mode 100644 home.admin/config.scripts/bonus.albyhub.sh diff --git a/home.admin/00mainMenu.sh b/home.admin/00mainMenu.sh index 5c22a86b6..65abb8c86 100755 --- a/home.admin/00mainMenu.sh +++ b/home.admin/00mainMenu.sh @@ -180,6 +180,9 @@ fi if [ "${telegraf}" == "on" ]; then OPTIONS+=(TELEGRAF "Telegraf InfluxDB/Grafana Metrics") fi +if [ "${albyhub}" == "on" ]; then + OPTIONS+=(ALBYHUB "AlbyHub") +fi # dont offer to switch to "testnet view for now" - so no wswitch back to mainnet needed #if [ ${chain} != "main" ]; then @@ -355,6 +358,9 @@ case $CHOICE in FINTS) sudo /home/admin/config.scripts/bonus.fints.sh menu ;; + ALBYHUB) + /home/admin/config.scripts/bonus.albyhub.sh menu + ;; TESTNETS) /home/admin/00parallelChainsMenu.sh ;; diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index 898ec2c43..2e9414887 100755 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -32,6 +32,8 @@ if [ ${#fints} -eq 0 ]; then fints="off"; fi if [ ${#lndk} -eq 0 ]; then lndk="off"; fi if [ ${#labelbase} -eq 0 ]; then labelbase="off"; fi if [ ${#publicpool} -eq 0 ]; then publicpool="off"; fi +if [ ${#albyhub} -eq 0 ]; then albyhub="off"; fi +if [ "${albyhub}" == "on" ] && [ $(sudo ls /etc/systemd/system/albyhub.service 2>/dev/null | grep -c 'albyhub.service') -lt 1 ]; then albyhub="off"; fi # show select dialog echo "run dialog ..." @@ -63,6 +65,7 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then OPTIONS+=(ra 'LND RTL Webinterface' ${rtlWebinterface}) OPTIONS+=(ta 'LND ThunderHub' ${thunderhub}) OPTIONS+=(la 'LND LIT (loop, pool, faraday)' ${lit}) + OPTIONS+=(ah 'LND AlbyHub (early access)' ${albyhub}) OPTIONS+=(gb 'LND LNDg (auto-rebalance, auto-fees)' ${lndg}) OPTIONS+=(oa 'LND Balance of Satoshis' ${bos}) OPTIONS+=(ya 'LND PyBLOCK' ${pyblock}) @@ -624,6 +627,31 @@ else echo "Publicpool setting unchanged." fi +# publicpool process choice +choice="off"; check=$(echo "${CHOICES}" | grep -c "ah") +if [ ${check} -eq 1 ]; then choice="on"; fi +if [ "${albyhub}" != "${choice}" ]; then + echo "AlbyHub setting changed .." + anychange=1 + if [ "${choice}" = "on" ]; then + sudo -u admin /home/admin/config.scripts/bonus.albyhub.sh on + sudo -u admin /home/admin/config.scripts/bonus.albyhub.sh menu + else + whiptail --title "Delete Database?" \ + --yes-button "Keep Database" \ + --no-button "Delete Database" \ + --yesno "AlbyHub is getting uninstalled. If you keep the database, you will be able to reuse the data should you choose to re-install. Do you wish to keep the database?" 10 80 + if [ $? -eq 1 ]; then + echo "# Uninstalling AlbyHub AND DELETING DATA ..." + sudo -u admin /home/admin/config.scripts/bonus.albyhub.sh off delete-data + else + echo "# Uninstalling AlbyHub but keeping data ..." + sudo -u admin /home/admin/config.scripts/bonus.albyhub.sh off + fi + fi +else + echo "AlbyHub setting unchanged." +fi # fints process choice choice="off"; check=$(echo "${CHOICES}" | grep -c "fn") diff --git a/home.admin/_provision_.sh b/home.admin/_provision_.sh index 8f28eabd7..d474f051f 100755 --- a/home.admin/_provision_.sh +++ b/home.admin/_provision_.sh @@ -752,6 +752,15 @@ else echo "Provisioning Publicpool - keep default" >> ${logFile} fi +# AlbyHub +if [ "${albyhub}" = "on" ]; then + echo "Provisioning AlbyHub - run config script" >> ${logFile} + /home/admin/_cache.sh set message "Setup AlbyHub" + sudo -u admin /home/admin/config.scripts/bonus.albyhub.sh on >> ${logFile} 2>&1 +else + echo "Provisioning AlbyHub - keep default" >> ${logFile} +fi + # custom install script from user customInstallAvailable=$(ls /mnt/hdd/app-data/custom-installs.sh 2>/dev/null | grep -c "custom-installs.sh") if [ ${customInstallAvailable} -gt 0 ]; then diff --git a/home.admin/config.scripts/bonus.albyhub.sh b/home.admin/config.scripts/bonus.albyhub.sh new file mode 100644 index 000000000..d77e5a755 --- /dev/null +++ b/home.admin/config.scripts/bonus.albyhub.sh @@ -0,0 +1,376 @@ +#!/bin/bash + +# This script installs Alby Hub on RaspiBlitz. +# Rename it as `bonus.albyhub.sh` and place it in `/home/admin/config.scripts`. + +# id string of your app (short single string unique in raspiblitz) +APPID="albyhub" # one-word lower-case no-specials + +# https://github.com/getAlby/hub/releases +VERSION="1.10.4" + +# port numbers the app should run on +# delete if not an web app +PORT_CLEAR="8029" +PORT_SSL="8030" +PORT_TOR_CLEAR="8031" +PORT_TOR_SSL="8032" + +# BASIC COMMANDLINE OPTIONS +if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then + echo "# bonus.${APPID}.sh status -> status information (key=value)" + echo "# bonus.${APPID}.sh on -> install the app" + echo "# bonus.${APPID}.sh off [delete-data] -> uninstall the app" + echo "# bonus.${APPID}.sh menu -> SSH menu dialog" + echo "# bonus.${APPID}.sh prestart -> prestart used by systemd" + exit 1 +fi + +ENVFILE="/home/${APPID}/config.env" + +########################## +# PRESTART +########################## + +# background is that this script will be called with `prestart` on every start & restart +if [ "$1" = "prestart" ]; then + + # needs to be run as the app user - stop if not run as the app user + # keep in mind that in the prestart section you cannot use `sudo` command + if [ "$USER" != "${APPID}" ]; then + echo "# FAIL: run as user ${APPID}" + exit 1 + fi + + # see: https://github.com/getAlby/hub/blob/master/.env.example + + echo "## PRESTART CONFIG START for ${APPID} (called by systemd prestart)" + echo "# creating dynamic env file --> ${ENVFILE}" + touch ${ENVFILE} + chmod 770 ${ENVFILE} + echo "PORT=${PORT_CLEAR}" > ${ENVFILE} + echo "WORK_DIR=/mnt/hdd/app-data/${APPID}" >> ${ENVFILE} + echo "LN_BACKEND_TYPE=LND" >> ${ENVFILE} + echo "LND_ADDRESS=127.0.0.1:10009" >> ${ENVFILE} + echo "LND_CERT_FILE=/mnt/hdd/app-data/lnd/tls.cert" >> ${ENVFILE} + echo "LND_MACAROON_FILE=/mnt/hdd/app-data/lnd/data/chain/bitcoin/mainnet/admin.macaroon" >> ${ENVFILE} + echo >> ${ENVFILE} + + echo "## PRESTART CONFIG DONE for ${APPID}" + exit 0 +fi + +# echoing comments is useful for logs - but start output with # when not a key=value +echo "# Running: 'bonus.${APPID}.sh $*'" + +source /home/admin/raspiblitz.info +source /mnt/hdd/raspiblitz.conf + +######################### +# INFO +######################### + +# this section is always executed to gather status information that +# all the following commands can use & execute on + +# check if app is already installed +isInstalled=$(sudo ls /etc/systemd/system/${APPID}.service 2>/dev/null | grep -c "${APPID}.service") + +# check if service is running +isRunning=$(systemctl status ${APPID} 2>/dev/null | grep -c 'active (running)') + +if [ "${isInstalled}" == "1" ]; then + # gather address info (whats needed to call the app) + localIP=$(hostname -I | awk '{print $1}') + toraddress=$(sudo cat /mnt/hdd/tor/${APPID}/hostname 2>/dev/null) + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) +fi + +# if the action parameter `status` was called - just stop here and output all +# status information as a key=value list +if [ "$1" = "status" ]; then + echo "appID='${APPID}'" + echo "version='${VERSION}'" + echo "isInstalled=${isInstalled}" + echo "isRunning=${isRunning}" + if [ "${isInstalled}" == "1" ]; then + echo "localIP='${localIP}'" + echo "portCLEAR=${PORT_CLEAR}" + echo "portSSL=${PORT_SSL}" + echo "localIP='${localIP}'" + echo "toraddress='${toraddress}'" + echo "fingerprint='${fingerprint}'" + fi + exit +fi + +########################## +# MENU +######################### + +# show info menu +if [ "$1" = "menu" ]; then + + if [ ${isInstalled} -eq 0 ] && [ "${albyhub}" == "on" ]; then + clear + echo "# AlbyHub needs re-install ..." + /home/admin/config.scripts/bonus.albyhub.sh on + elif [ ${isInstalled} -lt 1 ]; then + echo "error='App not installed'" + exit 1 + fi + + # set the title for the dialog + dialogTitle=" ${APPID} " + localIP=$(hostname -I | awk '{print $1}') + fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2) + + # basic info text - for a web app how to call with http + dialogText="Open in your local web browser: +http://${localIP}:${PORT_CLEAR}\n +https://${localIP}:${PORT_SSL} with Fingerprint: +${fingerprint}\n +The Alby Hub password is managed seperate from RaspiBlitz - make sure to manage it safely.\n +" + + # use whiptail to show SSH dialog & exit + whiptail --title "${dialogTitle}" --msgbox "${dialogText}" 15 67 + echo "please wait ..." + exit 0 +fi + +########################## +# ON / INSTALL +########################## + +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + + # dont run install if already installed + if [ ${isInstalled} -eq 1 ]; then + echo "# ${APPID}.service is already installed." + exit 1 + fi + + # check if lnd service is installed + if [ $(sudo ls /etc/systemd/system/lnd.service 2>/dev/null | grep -c 'lnd.service') -eq 0 ]; then + echo "error='LND needs to be installed'" + exit 1 + fi + + echo "# Installing ${APPID} ..." + + echo "# create user" + sudo adduser --system --group --shell /bin/bash --home /home/${APPID} ${APPID} || exit 1 + sudo -u ${APPID} cp -r /etc/skel/. /home/${APPID}/ + + echo "# add use to special groups" + sudo /usr/sbin/usermod --append --groups lndadmin ${APPID} + + # use new app user home as install directory + cd /home/${APPID} + + # download Alby Hub + if [ ${cpu} == "aarch64" ]; then + echo "# Downloading Alby Hub for aarch64" + sudo wget -O albyhub-server.tar.bz2 https://github.com/getAlby/hub/releases/download/v$VERSION/albyhub-Server-Linux-aarch64.tar.bz2 + else + echo "# Downloading Alby Hub for x86" + sudo wget -O albyhub-server.tar.bz2 https://github.com/getAlby/hub/releases/download/v$VERSION/albyhub-Server-Linux-x86_64.tar.bz2 + fi + + # extract archives + sudo tar -xvf albyhub-server.tar.bz2 + if [[ $? -ne 0 ]]; then + echo "# Failed to download & unpack Alby Hub" + echo "error='download & unpack failed'" + exit 1 + fi + + # cleanup + rm -f albyhub-server.tar.bz2 + + # Setze die Berechtigungen für das Verzeichnis und die Dateien + sudo chmod -R 755 /home/${APPID}/lib + sudo chown -R root:root /home/${APPID}/lib + + # make libs available + echo "/home/${APPID}/lib" | sudo tee /etc/ld.so.conf.d/${APPID}.conf + sudo ldconfig + + # prepare data directory + sudo mkdir -p /mnt/hdd/app-data/${APPID} + sudo chown -R ${APPID}:${APPID} /mnt/hdd/app-data/${APPID} + + # open the ports in the firewall + echo "# updating Firewall" + sudo ufw allow ${PORT_CLEAR} comment "${APPID} HTTP" + sudo ufw allow ${PORT_SSL} comment "${APPID} HTTPS" + + # prepare env file + echo "# prepare env file --> ${ENVFILE}" + sudo touch ${ENVFILE} + sudo chown ${APPID}:${APPID} ${ENVFILE} + sudo chmod 770 ${ENVFILE} + + # create systemd service + echo "# create systemd service: ${APPID}.service" + echo " +[Unit] +Description=AlbyHub +Wants=lnd.service +After=lnd.service + +[Service] +Type=simple +Restart=always +RestartSec=1 +User=${APPID} +ExecStartPre=-/home/admin/config.scripts/bonus.${APPID}.sh prestart +EnvironmentFile=${ENVFILE} +ExecStart=/home/${APPID}/bin/${APPID} +# Hack to ensure Alby Hub never uses more than 90% CPU +CPUQuota=90%sudo + +[Install] +WantedBy=multi-user.target +" | sudo tee /etc/systemd/system/${APPID}.service + sudo chown root:root /etc/systemd/system/${APPID}.service + + # when tor is set on also install the hidden service + if [ "${runBehindTor}" = "on" ]; then + # activating tor hidden service + /home/admin/config.scripts/tor.onion-service.sh ${APPID} 80 ${PORT_TOR_CLEAR} 443 ${PORT_TOR_SSL} + fi + + # nginx configuration + # BACKGROUND is that the plain HTTP is served by your web app, but thru the nginx proxy it will be available + # with (self-signed) HTTPS and with separate configs for Tor & Tor+HTTPS. + + echo "# setup nginx confing" + + # write the HTTPS config + echo " +server { + listen ${PORT_SSL} ssl; + listen [::]:${PORT_SSL} ssl; + server_name _; + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data.conf; + access_log /var/log/nginx/access_${APPID}.log; + error_log /var/log/nginx/error_${APPID}.log; + location / { + proxy_pass http://127.0.0.1:${PORT_CLEAR}; + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} +" | sudo tee /etc/nginx/sites-available/${APPID}_ssl.conf + sudo ln -sf /etc/nginx/sites-available/${APPID}_ssl.conf /etc/nginx/sites-enabled/ + + # write the Tor config + echo " +server { + listen ${PORT_TOR_CLEAR}; + server_name _; + access_log /var/log/nginx/access_${APPID}.log; + error_log /var/log/nginx/error_${APPID}.log; + location / { + proxy_pass http://127.0.0.1:${PORT_CLEAR}; + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} +" | sudo tee /etc/nginx/sites-available/${APPID}_tor.conf + sudo ln -sf /etc/nginx/sites-available/${APPID}_tor.conf /etc/nginx/sites-enabled/ + + # write the Tor+HTTPS config + echo " +server { + listen ${PORT_TOR_SSL} ssl; + server_name _; + include /etc/nginx/snippets/ssl-params.conf; + include /etc/nginx/snippets/ssl-certificate-app-data-tor.conf; + access_log /var/log/nginx/access_${APPID}.log; + error_log /var/log/nginx/error_${APPID}.log; + location / { + proxy_pass http://127.0.0.1:${PORT_CLEAR}; + include /etc/nginx/snippets/ssl-proxy-params.conf; + } +} +" | sudo tee /etc/nginx/sites-available/${APPID}_tor_ssl.conf + sudo ln -sf /etc/nginx/sites-available/${APPID}_tor_ssl.conf /etc/nginx/sites-enabled/ + + # test nginx config & activate thru reload + sudo nginx -t + sudo systemctl reload nginx + + # enable app up thru systemd + sudo systemctl enable ${APPID} + echo "# OK - the ${APPID}.service is now enabled" + + # start app (only when blitz is ready) + source <(/home/admin/_cache.sh get state) + if [ "${state}" == "ready" ]; then + sudo systemctl start ${APPID} + echo "# OK - the ${APPID}.service is now started" + fi + + echo "# mark app as installed in raspiblitz config" + /home/admin/config.scripts/blitz.conf.sh set ${APPID} "on" + + echo "# Monitor with: sudo journalctl -f -u ${APPID}" + echo "# OK install done" + exit 0 +fi + +########################################### +# OFF / UNINSTALL +# call with parameter `delete-data` to also +# delete the persistent data directory +########################################### + +if [ "$1" = "0" ] || [ "$1" = "off" ]; then + + echo "# stop & remove systemd service" + sudo systemctl stop ${APPID} 2>/dev/null + sudo systemctl disable ${APPID}.service + sudo rm /etc/systemd/system/${APPID}.service + + echo "# remove nginx symlinks" + sudo rm -f /etc/nginx/sites-enabled/${APPID}_ssl.conf 2>/dev/null + sudo rm -f /etc/nginx/sites-enabled/${APPID}_tor.conf 2>/dev/null + sudo rm -f /etc/nginx/sites-enabled/${APPID}_tor_ssl.conf 2>/dev/null + sudo rm -f /etc/nginx/sites-available/${APPID}_ssl.conf 2>/dev/null + sudo rm -f /etc/nginx/sites-available/${APPID}_tor.conf 2>/dev/null + sudo rm -f /etc/nginx/sites-available/${APPID}_tor_ssl.conf 2>/dev/null + sudo nginx -t + sudo systemctl reload nginx + + echo "# close ports on firewall" + sudo ufw deny "${PORT_CLEAR}" + sudo ufw deny "${PORT_SSL}" + + # remove libraries again + sudo rm /etc/ld.so.conf.d/albyhub.conf + sudo ldconfig + + echo "# delete user and directories" + sudo userdel -rf ${APPID} + + echo "# removing Tor hidden service (if active)" + /home/admin/config.scripts/tor.onion-service.sh off ${APPID} + + echo "# mark app as uninstalled in raspiblitz config" + /home/admin/config.scripts/blitz.conf.sh set ${APPID} "off" + + # only if 'delete-data' is an additional parameter then also the data directory gets deleted + if [ "$(echo "$@" | grep -c delete-data)" -gt 0 ]; then + echo "# found 'delete-data' parameter --> also deleting the app-data" + sudo rm -r /mnt/hdd/app-data/${APPID} + fi + + echo "# OK - app should be uninstalled now" + exit 0 +fi + +# just a basic error message when unknown action parameter was given +echo "# FAIL - Unknown Parameter $1" +exit 1 From d0f97a4ccb3b49a1b5dfe33adddc7c2cbde23f06 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 11:30:47 +0100 Subject: [PATCH 02/11] #4727 Prepare bonus.albyhub.sh for WebUI (#4866) adding needed funtions to albyhub installs script needed for API/WebUI integration --- home.admin/00settingsMenuServices.sh | 2 +- home.admin/config.scripts/blitz.fatpack.sh | 2 + home.admin/config.scripts/bonus.albyhub.sh | 111 ++++++++++++------ .../config.scripts/bonus.btcpayserver.sh | 3 - 4 files changed, 81 insertions(+), 37 deletions(-) diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index 2e9414887..435cb1c3f 100755 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -627,7 +627,7 @@ else echo "Publicpool setting unchanged." fi -# publicpool process choice +# albyhub process choice choice="off"; check=$(echo "${CHOICES}" | grep -c "ah") if [ ${check} -eq 1 ]; then choice="on"; fi if [ "${albyhub}" != "${choice}" ]; then diff --git a/home.admin/config.scripts/blitz.fatpack.sh b/home.admin/config.scripts/blitz.fatpack.sh index bd4532e35..3497605cd 100755 --- a/home.admin/config.scripts/blitz.fatpack.sh +++ b/home.admin/config.scripts/blitz.fatpack.sh @@ -131,6 +131,8 @@ sudo cp -a /home/blitzapi/blitz_web/build/* /home/admin/assets/nginx/www_public sudo chown admin:admin /home/admin/assets/nginx/www_public sudo rm -r /home/blitzapi/blitz_web/build/* +echo "* Adding Code&Compile for WEBUI-APP: ALBYHUB" +/home/admin/config.scripts/bonus.albyhub.sh install || exit 1 echo "* Adding Code&Compile for WEBUI-APP: LNBITS" /home/admin/config.scripts/bonus.lnbits.sh install || exit 1 echo "* Adding Code&Compile for WEBUI-APP: JAM" diff --git a/home.admin/config.scripts/bonus.albyhub.sh b/home.admin/config.scripts/bonus.albyhub.sh index d77e5a755..22c5262b3 100644 --- a/home.admin/config.scripts/bonus.albyhub.sh +++ b/home.admin/config.scripts/bonus.albyhub.sh @@ -7,7 +7,7 @@ APPID="albyhub" # one-word lower-case no-specials # https://github.com/getAlby/hub/releases -VERSION="1.10.4" +VERSION="1.11.3" # port numbers the app should run on # delete if not an web app @@ -19,8 +19,10 @@ PORT_TOR_SSL="8032" # BASIC COMMANDLINE OPTIONS if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "# bonus.${APPID}.sh status -> status information (key=value)" - echo "# bonus.${APPID}.sh on -> install the app" - echo "# bonus.${APPID}.sh off [delete-data] -> uninstall the app" + echo "# bonus.${APPID}.sh install -> install the app" + echo "# bonus.${APPID}.sh uninstall -> uninstall the app" + echo "# bonus.${APPID}.sh on -> activate the app" + echo "# bonus.${APPID}.sh off [delete-data] -> dseactivate the app" echo "# bonus.${APPID}.sh menu -> SSH menu dialog" echo "# bonus.${APPID}.sh prestart -> prestart used by systemd" exit 1 @@ -91,15 +93,16 @@ fi if [ "$1" = "status" ]; then echo "appID='${APPID}'" echo "version='${VERSION}'" - echo "isInstalled=${isInstalled}" - echo "isRunning=${isRunning}" + echo "installed=${isRunning}" # installed means towards webui on or off if [ "${isInstalled}" == "1" ]; then - echo "localIP='${localIP}'" - echo "portCLEAR=${PORT_CLEAR}" - echo "portSSL=${PORT_SSL}" echo "localIP='${localIP}'" echo "toraddress='${toraddress}'" echo "fingerprint='${fingerprint}'" + echo "httpPort='${PORT_CLEAR}'" + echo "httpsPort='${PORT_SSL}'" + echo "httpsForced='1'" + echo "httpsSelfsigned='1'" + echo "authMethod='userdefined'" fi exit fi @@ -140,22 +143,10 @@ The Alby Hub password is managed seperate from RaspiBlitz - make sure to manage fi ########################## -# ON / INSTALL +# INSTALL ########################## -if [ "$1" = "1" ] || [ "$1" = "on" ]; then - - # dont run install if already installed - if [ ${isInstalled} -eq 1 ]; then - echo "# ${APPID}.service is already installed." - exit 1 - fi - - # check if lnd service is installed - if [ $(sudo ls /etc/systemd/system/lnd.service 2>/dev/null | grep -c 'lnd.service') -eq 0 ]; then - echo "error='LND needs to be installed'" - exit 1 - fi +if [ "$1" = "install" ]; then echo "# Installing ${APPID} ..." @@ -187,7 +178,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then fi # cleanup - rm -f albyhub-server.tar.bz2 + sudo rm -f albyhub-server.tar.bz2 # Setze die Berechtigungen für das Verzeichnis und die Dateien sudo chmod -R 755 /home/${APPID}/lib @@ -196,9 +187,41 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then # make libs available echo "/home/${APPID}/lib" | sudo tee /etc/ld.so.conf.d/${APPID}.conf sudo ldconfig + + echo "# Install ${APPID} done" + exit 0 + +fi + +########################## +# ON +########################## + +if [ "$1" = "1" ] || [ "$1" = "on" ]; then + + # dont run install if already installed + if [ ${isInstalled} -eq 1 ]; then + echo "# ${APPID}.service is already installed." + exit 1 + fi + + # check if lnd service is available (LND is needed as a base) + if [ $(sudo ls /etc/systemd/system/lnd.service 2>/dev/null | grep -c 'lnd.service') -eq 0 ]; then + echo "error='LND needs to be installed'" + exit 1 + fi + + # check if code is already installed + isInstalled=$(compgen -u | grep -c ${APPID}) + if [ "${isInstalled}" == "0" ]; then + echo "# Installing code base & dependencies first .." + /home/admin/config.scripts/bonus.albyhub.sh install || { echo "error='install failed'"; exit 1; } + fi + + echo "# ACTIVATE Alby-Hub" # prepare data directory - sudo mkdir -p /mnt/hdd/app-data/${APPID} + sudo mkdir -p /mnt/hdd/app-data/${APPID} 2>/dev/null sudo chown -R ${APPID}:${APPID} /mnt/hdd/app-data/${APPID} # open the ports in the firewall @@ -207,7 +230,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo ufw allow ${PORT_SSL} comment "${APPID} HTTPS" # prepare env file - echo "# prepare env file --> ${ENVFILE}" + echo "# prepare env file --> ${ENVFILE}" sudo touch ${ENVFILE} sudo chown ${APPID}:${APPID} ${ENVFILE} sudo chmod 770 ${ENVFILE} @@ -317,7 +340,10 @@ server { /home/admin/config.scripts/blitz.conf.sh set ${APPID} "on" echo "# Monitor with: sudo journalctl -f -u ${APPID}" - echo "# OK install done" + echo "# OK actvation done" + + # needed for API/WebUI as signal that install ran thru + echo "result='OK'" exit 0 fi @@ -348,13 +374,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then sudo ufw deny "${PORT_CLEAR}" sudo ufw deny "${PORT_SSL}" - # remove libraries again - sudo rm /etc/ld.so.conf.d/albyhub.conf - sudo ldconfig - - echo "# delete user and directories" - sudo userdel -rf ${APPID} - echo "# removing Tor hidden service (if active)" /home/admin/config.scripts/tor.onion-service.sh off ${APPID} @@ -368,6 +387,32 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then fi echo "# OK - app should be uninstalled now" + # needed for API/WebUI as signal that install ran thru + echo "result='OK'" + exit 0 +fi + +######################################## +# UNINSTALL (remove from system) +######################################## + +if [ "$1" = "uninstall" ]; then + + isActive=$(sudo ls /etc/systemd/system/${APPID}.service 2>/dev/null | grep -c '${APPID}.service') + if [ "${isActive}" != "0" ]; then + echo "# cannot uninstall if still 'on'" + exit 1 + fi + + # remove libraries again + sudo rm /etc/ld.so.conf.d/albyhub.conf + sudo ldconfig + + # nuke user + sudo userdel -rf ${APPID} 2>/dev/null + + echo "# uninstall ${APPID} done" + exit 0 fi diff --git a/home.admin/config.scripts/bonus.btcpayserver.sh b/home.admin/config.scripts/bonus.btcpayserver.sh index 0b9adc44e..2ba7861f2 100644 --- a/home.admin/config.scripts/bonus.btcpayserver.sh +++ b/home.admin/config.scripts/bonus.btcpayserver.sh @@ -812,9 +812,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then fi echo "# OK BTCPayServer deactivated." - echo "# delete the btcpay user home directory" - sudo userdel -rf btcpay 2>/dev/null - # needed for API/WebUI as signal that install ran thru echo "result='OK'" From 7989b4c54d7a149bc8c39bfe93d0e18fb7a823eb Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 11:34:32 +0100 Subject: [PATCH 03/11] #4559 Improve blitz.release.sh (#4867) * 4559 fsck on release * fsck on release * fsck after expand * remove toc.sh * #4861 force locale on release --- home.admin/config.scripts/blitz.bootdrive.sh | 12 +-- home.admin/config.scripts/blitz.release.sh | 19 ++++ home.admin/config.scripts/blitz.rerelease.sh | 105 ------------------- toc.sh | 70 ------------- 4 files changed, 20 insertions(+), 186 deletions(-) delete mode 100755 home.admin/config.scripts/blitz.rerelease.sh delete mode 100755 toc.sh diff --git a/home.admin/config.scripts/blitz.bootdrive.sh b/home.admin/config.scripts/blitz.bootdrive.sh index 79ff3c69f..28858e425 100644 --- a/home.admin/config.scripts/blitz.bootdrive.sh +++ b/home.admin/config.scripts/blitz.bootdrive.sh @@ -67,23 +67,13 @@ if [ "${action}" == "fsexpand" ]; then if [ -x ${resizeRaspbian} ]; then echo "# RUNNING EXPAND RASPBERRYPI: ${resizeRaspbian}" sudo $resizeRaspbian --expand-rootfs 1>&2 + sudo touch /forcefsck echo "# DONE - please reboot" else echo "# FAIL to execute on ${baseimage}: ${resizeRaspbian}" echo "err='expand failed'" exit 1 fi - elif [ "${baseimage}" = "armbian" ]; then - resizeArmbian="/usr/lib/armbian/armbian-resize-filesystem" - if [ -x ${resizeArmbian} ]; then - echo "# RUNNING EXPAND ARMBIAN: ${resizeArmbian}" - sudo $resizeArmbian start 1>&2 - echo "# DONE - please reboot" - else - echo "# FAIL to execute on ${baseimage}: ${resizeArmbian}" - echo "err='expand failed'" - exit 1 - fi else echo "#FAIL no implementation for: ${baseimage}" echo "err='missing implementation'" diff --git a/home.admin/config.scripts/blitz.release.sh b/home.admin/config.scripts/blitz.release.sh index 3deb4f27b..8db1b78b3 100755 --- a/home.admin/config.scripts/blitz.release.sh +++ b/home.admin/config.scripts/blitz.release.sh @@ -98,6 +98,25 @@ sudo systemctl disable ssh sudo rm /etc/ssh/ssh_host_* echo "OK" +# force locale - see #4861 +# next major release should make sure to be set during sd build card +echo +echo "Forcing locales ..." +sudo sed -i '/^en_US.UTF-8/s/^#//' /etc/locale.gen +sudo sed -i '/^en_GB.UTF-8/s/^/#/' /etc/locale.gen +sudo locale-gen +echo -e "LANG=en_US.UTF-8\nLANGUAGE=en_US.UTF-8\nLC_ALL=en_US.UTF-8" | sudo tee /etc/default/locale > /dev/null + +# make sure file system is clean and ready for release +echo +echo "fsck on first boot ..." +sudo touch /forcefsck +if [ -e /dev/mmcblk0 ]; then + echo "fsck on /dev/mmcblk0 ..." + sudo umount /dev/mmcblk0p1 + sudo fsck -fy /dev/mmcblk0p1 +fi + echo echo "Will shutdown now." echo "Wait until Raspberry LEDs show no activity anymore." diff --git a/home.admin/config.scripts/blitz.rerelease.sh b/home.admin/config.scripts/blitz.rerelease.sh deleted file mode 100755 index d2c2e4cef..000000000 --- a/home.admin/config.scripts/blitz.rerelease.sh +++ /dev/null @@ -1,105 +0,0 @@ -#!/bin/bash - -# Just run this script once after a fresh sd card build -# to prepare the image for release as a downloadable sd card image -# call with parameter `-quick` to skip skip os update - -# determine correct raspberrypi boot drive path (that easy to access when sd card is insert into laptop) -raspi_bootdir="" -if [ -d /boot/firmware ]; then - raspi_bootdir="/boot/firmware" -elif [ -d /boot ]; then - raspi_bootdir="/boot" -fi -echo "# raspi_bootdir(${raspi_bootdir})" - -# write release info to to version file -echo "writing codeRelease commit ro version file:" -releaseCommit=$(git -C /home/admin/raspiblitz rev-parse --short HEAD) -sed -i 's/^codeRelease=".*"/codeRelease="${releaseCommit}"/' /home/admin/_version.info -cat /home/admin/_version.info -echo - -# stop background services -sudo systemctl stop background.service -sudo systemctl stop background.scan.service - -# remove stop flag (if exists) -echo "deleting stop flag .." -sudo rm ${raspi_bootdir}/stop 2>/dev/null - -# cleaning logs -echo "deleting raspiblitz & system logs .." -sudo rm -rf /var/log/journal/* 2>/dev/null -sudo rm /var/log/redis/* 2>/dev/null -sudo rm /var/log/private/* 2>/dev/null -sudo rm /var/log/nginx/* 2>/dev/null -sudo rm /home/admin/*.log 2>/dev/null -logger -p info "****** RASPIBLITZ RELEASE ******" -echo "OK" - -# clean raspiblitz.info toward the values set by sd card build script -echo "cleaning raspiblitz.info" -source /home/admin/raspiblitz.info -echo "baseimage=${baseimage}" > /home/admin/raspiblitz.info -echo "cpu=${cpu}" >> /home/admin/raspiblitz.info -echo "blitzapi=${blitzapi}" >> /home/admin/raspiblitz.info -echo "displayClass=${displayClass}" >> /home/admin/raspiblitz.info - -# https://github.com/rootzoll/raspiblitz/issues/1371 -echo -echo "deactivate local WIFI ..." -sudo nmcli radio wifi off -echo "OK" - -# make sure that every install runs API with own secret -# https://github.com/raspiblitz/raspiblitz/issues/4469 -echo -echo "deleting old API conf ..." -sudo rm /home/blitzapi/blitz_api/.env 2>/dev/null -REDIS_ENABLED=$(sudo systemctl is-enabled redis 2>/dev/null | grep -c enabled) -if [ ${REDIS_ENABLED} -gt 0 ]; then - echo "disable redis for initial start ..." - sudo systemctl stop redis 2>/dev/null - sudo systemctl disable redis 2>/dev/null -fi -echo "deleting redis data (if still there) ..." -sudo rm /var/lib/redis/dump.rdb 2>/dev/null -echo "OK" - -# https://github.com/rootzoll/raspiblitz/issues/1068#issuecomment-599267503 -echo -echo "reset DNS confs ..." -echo -e "nameserver 1.1.1.1\nnameserver 84.200.69.80" | sudo tee /etc/resolv.conf > /dev/null -echo "OK" - -# make sure Tor respo signing keys are uptodate #4648 -wget -qO- https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/torproject.gpg >/dev/null - -# update system (only security updates with minimal risk of breaking changes) -if [ "$1" != "-quick" ]; then - echo - echo "update OS ..." - sudo apt-get update -y - sudo apt-get upgrade -o Dir::Etc::SourceList=/etc/apt/sources.list.d/security.list -y - sudo apt-get upgrade openssh-server -y - sudo dpkg --configure -a -else - echo - echo "skipping OS update ..." -fi - -# SSH Pubkeys (make unique for every sd card image install) -echo -echo "deleting SSH Pub keys ..." -echo "keys will get recreated and sshd reactivated on fresh bootup, by _bootstrap.sh service" -sudo systemctl stop ssh -sudo systemctl disable ssh -sudo rm /etc/ssh/ssh_host_* -echo "OK" - -echo -echo "Will shutdown now." -echo "Wait until Raspberry LEDs show no activity anymore." -echo "Then remove SD card and make an release image from it." -sudo shutdown now diff --git a/toc.sh b/toc.sh deleted file mode 100755 index c92a1e276..000000000 --- a/toc.sh +++ /dev/null @@ -1,70 +0,0 @@ -#!/usr/bin/env sh - -## Updated version maintained on https://github.com/nyxnor/scripts/blob/master/toc.sh - -## Produces Table of Contents (ToC) for simple markdown files -## Requirement: header is set by hashtag '#' -## $1 = FILE.md - -red="\033[31m" -nocolor="\033[0m" - -error_msg(){ printf %s"${red}ERROR: ${1}\n${nocolor}" >&2; exit 1; } - -test -f "${1}" || error_msg "file '${1}' doesn't exist" - -trap 'rm -f toc.tmp' EXIT INT - -line_count=0 -while IFS="$(printf '\n')" read -r line; do - line_count=$((line_count+1)) - ## extract code blocks - code="${code:-0}" - [ "${code}" -eq 0 ] && printf '%s\n' "${line_count}:${line}" | grep "^${line_count}:.*# " - case "${line}" in - *\`\`\`*) - case "${code}" in - 1) code=0;; - 0|*) code=1;; - esac - ;; - esac -done < "${1}" > toc.tmp - - -while IFS="$(printf '\n')" read -r line; do - ## get line number - line_number="$(printf '%s\n' "${line}" | cut -d ":" -f1)" - ## remove hashtag from line to be compared later if it is repeated - line_clean="$(printf '%s\n' "${line}" | sed "s/.*\# //")" - ## save header to cache to check later if it was already printed - # shellcheck disable=SC2030 - line_cache="$(printf '%s\n%s\n' "${line_cache}" "${line}")" - ## check if header was already printed before and if positive, save all repeated headers - ## if positive, insert link index - line_repeated="$(printf '%s\n' "${line_cache}" | grep -c -- ".*# ${line_clean}$")" - line_repeated_index="" - ## first line does not have '-n', just the first repeated line (second occurence), starting with '-1'. So we consider the occurrence-1. - [ "${line_repeated}" -ge 2 ] && line_repeated_index="-$((line_repeated-1))" - ## if it is the second time line has repeated, save first and second occurrence - if [ "${line_repeated}" -eq 2 ]; then - line_first_occurrence="$(printf '%s\n' "${line_cache}" | grep -- ".*# ${line_clean}$" | head -n 1)" - line_repeated_cache="$(printf '%s\n%s\n' "${line_first_occurrence}" "${line}")" - ## if it is the third or greater time line has repeated, save lines from before (1st and 2nd occurrence) plus add current lines - elif [ "${line_repeated}" -gt 2 ]; then - line_repeated_cache="$(printf '%s\n%s\n' "${line_repeated_cache}" "${line}")" - fi - ## clean header that have link reference - line_md="$(printf '%s\n' "${line}" | sed "s/${line_number}://;s|](.*||;s|\[||;s/\]//g")" - ## set header indentation - line_md="$(printf '%s\n' "${line_md}" | sed "s|######| -|;s|#####| -|;s|####| -|;s|###| -|;s|##| -|;s|#|-|")" - ## set link content - line_content="$(printf '%s\n' "${line_md}" | sed "s/.*- /#/;s| |-|g;s|'||g;s|]||g;s/|/-/g" | tr "[:upper:]" "[:lower:]" | tr -cd "[:alnum:]-_" | tr -d ".")" - ## set link reference - line_md="$(printf '%s\n' "${line_md}" | sed "s|- |- [|;s|$|](#${line_content}${line_repeated_index})|")" - ## print header - printf '%s\n' "${line_md}" -done < toc.tmp - -[ -n "${line_repeated_cache}" ] && - printf %s"\n\nWARN: Some headers are repeated, the hiperlinks are correctly indexed. If you think this is an error, review these lines:headers:\n${line_repeated_cache}\n" From 96ac514a9a1494576d4b9a4ea47d5d7deebbf7b2 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 11:37:54 +0100 Subject: [PATCH 04/11] 4876 lnbits (#4877) * #4878 respect old LNBITS_ADMIN_UI setting * #4876 lnbits option to switch ADMINUI * #4876 add no new accounts option * #4876 remove accounts option again --- home.admin/config.scripts/bonus.lnbits.sh | 37 ++++++++++++++++++++--- 1 file changed, 32 insertions(+), 5 deletions(-) diff --git a/home.admin/config.scripts/bonus.lnbits.sh b/home.admin/config.scripts/bonus.lnbits.sh index 4785c9773..7bef113ed 100644 --- a/home.admin/config.scripts/bonus.lnbits.sh +++ b/home.admin/config.scripts/bonus.lnbits.sh @@ -226,6 +226,14 @@ Consider adding a IP2TOR Bridge under OPTIONS." OPTIONS+=(MIGRATE-DB "Migrate SQLite to PostgreSQL database") fi + # Admin UI + activatedAdminUI=$(sudo grep -c "LNBITS_ADMIN_UI=true" $lnbitsConfig) + if [ ${activatedAdminUI} -eq 0 ]; then + OPTIONS+=(ADMINUI "Activate 'Admin UI'") + else + OPTIONS+=(ADMINUI "Deactivate 'Admin UI'") + fi + WIDTH=66 CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1")) HEIGHT=$((CHOICE_HEIGHT + 7)) @@ -286,6 +294,24 @@ Consider adding a IP2TOR Bridge under OPTIONS." read key exit 0 ;; + ADMINUI) + clear + echo + if [ ${activatedAdminUI} -eq 0 ]; then + echo "Activate Admin UI" + sudo sed -i "/^LNBITS_ADMIN_UI=/d" $lnbitsConfig + sudo bash -c "echo 'LNBITS_ADMIN_UI=true' >> ${lnbitsConfig}" + else + echo "Deactivate Admin UI" + sudo sed -i "/^LNBITS_ADMIN_UI=/d" $lnbitsConfig + sudo bash -c "echo 'LNBITS_ADMIN_UI=false' >> ${lnbitsConfig}" + fi + echo "Restarting LNbits ..." + sudo systemctl restart lnbits + echo "PRESS ENTER to continue" + read key + exit 0 + ;; RESTORE) clear # check if backup exist @@ -780,16 +806,17 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then echo "# preparing env file" # delete old .env file or old symbolic link sudo rm /home/lnbits/lnbits/.env 2>/dev/null + # make sure .env file exists at data drive - sudo -u lnbits touch $lnbitsConfig + if [ ! -f $lnbitsConfig ]; then + sudo -u lnbits touch $lnbitsConfig + sudo bash -c "echo 'LNBITS_ADMIN_UI=true' >> ${lnbitsConfig}" + fi sudo chown lnbits:lnbits $lnbitsConfig + # crete symbolic link sudo -u lnbits ln -s $lnbitsConfig /home/lnbits/lnbits/.env - # activate admin user - sudo sed -i "/^LNBITS_ADMIN_UI=/d" $lnbitsConfig - sudo bash -c "echo 'LNBITS_ADMIN_UI=true' >> ${lnbitsConfig}" - if [ ! -e /mnt/hdd/app-data/LNBits/database.sqlite3 ]; then echo "# install database: PostgreSQL" From 8900d2069a39bd2a51b84d084b6a4b5cd85bb77b Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 11:50:59 +0100 Subject: [PATCH 05/11] #4842 update cln to 24.11 (#4882) --- home.admin/config.scripts/cl.install.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/home.admin/config.scripts/cl.install.sh b/home.admin/config.scripts/cl.install.sh index 7f51171b6..3a03eb6e2 100644 --- a/home.admin/config.scripts/cl.install.sh +++ b/home.admin/config.scripts/cl.install.sh @@ -2,7 +2,7 @@ # https://lightning.readthedocs.io/ # https://github.com/ElementsProject/lightning/releases -CLVERSION="v24.08.1" +CLVERSION="v24.11" # https://github.com/ElementsProject/lightning/tree/master/contrib/keys # rustyrussell D9200E6CD1ADB8F1 @@ -11,9 +11,9 @@ CLVERSION="v24.08.1" # pneuroth (nepet) C3F21EE387FF4CD2 # sfarooqui (ShahanaFarooqui) B56B4453DA8C6DF7FC9BCFCBDCA40B7128DA62A8 # amyers (endothermicdev) F3BF63F2747436AB -PGPsigner="sfarooqui" +PGPsigner="rustyrussell" PGPpubkeyLink="https://raw.githubusercontent.com/ElementsProject/lightning/master/contrib/keys/${PGPsigner}.txt" -PGPpubkeyFingerprint="B56B4453DA8C6DF7FC9BCFCBDCA40B7128DA62A8" +PGPpubkeyFingerprint="D9200E6CD1ADB8F1" # help if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then From f5b229ef2b78654de84dbf0185582995139dd29e Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 12:07:09 +0100 Subject: [PATCH 06/11] 4873 lnd update (#4879) * #4873-update-lnd * Added to CHANGES.md * correct typos --- CHANGES.md | 10 ++++++---- home.admin/config.scripts/lnd.install.sh | 14 +++++++------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index 9119b08f1..a114e30c5 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,11 +1,13 @@ +## What's new in Version 1.11.4 of RaspiBlitz? + +Small AlbyHub feature release with security/bug-fixing relevant updates. + +- Update: LND v0.18.3-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.18.3-beta) + ## What's new in Version 1.11.3 of RaspiBlitz? Optimized now to run also on plain debian12 linux for Proxmox/VM & x86 systems. -Download Release Candidate - RaspberryPi minimal image: -https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.11.3rc2-2024-10-08.img.gz -SHA-256-Checksum: a20e92b1d99c0dcc6fa6aa83f8212df6a0db8ae47616cc3b565c0f88f35c2457 - - New: Publicpool - Open Source Solo Bitcoin Mining (SSH Menu) [details](https://www.youtube.com/watch?v=QbOsH04Z9xM) - New: Tailscale (SSH menu > SETTINGS) [details](https://en.wikipedia.org/wiki/Tailscale) - New: Telegraf Metrics for InfluxDB/Grafana (SSH menu > SETTINGS) [details](https://github.com/raspiblitz/raspiblitz/tree/dev/home.admin/assets/telegraf/README.md) diff --git a/home.admin/config.scripts/lnd.install.sh b/home.admin/config.scripts/lnd.install.sh index cbf408a38..0641a6852 100644 --- a/home.admin/config.scripts/lnd.install.sh +++ b/home.admin/config.scripts/lnd.install.sh @@ -4,17 +4,17 @@ ## based on https://raspibolt.github.io/raspibolt/raspibolt_40_lnd.html#lightning-lnd ## see LND releases: https://github.com/lightningnetwork/lnd/releases ### If you change here - make sure to also change interims version in lnd.update.sh #! -lndVersion="0.17.5-beta" +lndVersion="0.18.3-beta" # olaoluwa -# PGPauthor="roasbeef" -# PGPpkeys="https://raw.githubusercontent.com/lightningnetwork/lnd/master/scripts/keys/roasbeef.asc" -# PGPcheck="A5B61896952D9FDA83BC054CDC42612E89237182" +PGPauthor="roasbeef" +PGPpkeys="https://raw.githubusercontent.com/lightningnetwork/lnd/master/scripts/keys/roasbeef.asc" +PGPcheck="A5B61896952D9FDA83BC054CDC42612E89237182" # guggero -PGPauthor="guggero" -PGPpkeys="https://keybase.io/guggero/pgp_keys.asc" -PGPcheck="F4FC70F07310028424EFC20A8E4256593F177720" +# PGPauthor="guggero" +# PGPpkeys="https://keybase.io/guggero/pgp_keys.asc" +# PGPcheck="F4FC70F07310028424EFC20A8E4256593F177720" # bitconner #PGPauthor="bitconner" From 4d3d45d31a32d8b88bc5ead6991903ff35d4f22d Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 13:57:12 +0100 Subject: [PATCH 07/11] v1.11.4rc1 (#4883) --- CHANGES.md | 3 +++ home.admin/_version.info | 2 +- home.admin/config.scripts/bonus.albyhub.sh | 2 +- 3 files changed, 5 insertions(+), 2 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index a114e30c5..d08fa9416 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -2,7 +2,10 @@ Small AlbyHub feature release with security/bug-fixing relevant updates. +- New: AlbyHub v1.11.3 (SSH & WebUI) [details](https://github.com/getAlby) +- New: SSH-Option to tirn on/off LNbits AdminUI [details](https://github.com/raspiblitz/raspiblitz/issues/4876) - Update: LND v0.18.3-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.18.3-beta) +- Update: Core Lightning v24.11 [details](https://github.com/ElementsProject/lightning/releases/tag/v24.11) ## What's new in Version 1.11.3 of RaspiBlitz? diff --git a/home.admin/_version.info b/home.admin/_version.info index 9ba3e304e..59e1baf79 100644 --- a/home.admin/_version.info +++ b/home.admin/_version.info @@ -1,4 +1,4 @@ # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1') -codeVersion="1.11.3" +codeVersion="1.11.4" codeRelease="dev" # keep last line with comment ---> IF YOU HAVE A NEW VERSION BRANCH > EDIT ALSO build_sdcard.sh \ No newline at end of file diff --git a/home.admin/config.scripts/bonus.albyhub.sh b/home.admin/config.scripts/bonus.albyhub.sh index 22c5262b3..cb9407359 100644 --- a/home.admin/config.scripts/bonus.albyhub.sh +++ b/home.admin/config.scripts/bonus.albyhub.sh @@ -22,7 +22,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "# bonus.${APPID}.sh install -> install the app" echo "# bonus.${APPID}.sh uninstall -> uninstall the app" echo "# bonus.${APPID}.sh on -> activate the app" - echo "# bonus.${APPID}.sh off [delete-data] -> dseactivate the app" + echo "# bonus.${APPID}.sh off [delete-data] -> deactivate the app" echo "# bonus.${APPID}.sh menu -> SSH menu dialog" echo "# bonus.${APPID}.sh prestart -> prestart used by systemd" exit 1 From 4039bf8f9273e92d37ceb967aa7335fed204caf3 Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Wed, 18 Dec 2024 23:00:29 +0100 Subject: [PATCH 08/11] albyhub: fix typos, formatting, translate comment (#4885) --- home.admin/config.scripts/bonus.albyhub.sh | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/home.admin/config.scripts/bonus.albyhub.sh b/home.admin/config.scripts/bonus.albyhub.sh index cb9407359..3daf21e88 100644 --- a/home.admin/config.scripts/bonus.albyhub.sh +++ b/home.admin/config.scripts/bonus.albyhub.sh @@ -133,7 +133,7 @@ if [ "$1" = "menu" ]; then http://${localIP}:${PORT_CLEAR}\n https://${localIP}:${PORT_SSL} with Fingerprint: ${fingerprint}\n -The Alby Hub password is managed seperate from RaspiBlitz - make sure to manage it safely.\n +The Alby Hub password is managed separate from RaspiBlitz - make sure to manage it safely.\n " # use whiptail to show SSH dialog & exit @@ -166,7 +166,7 @@ if [ "$1" = "install" ]; then sudo wget -O albyhub-server.tar.bz2 https://github.com/getAlby/hub/releases/download/v$VERSION/albyhub-Server-Linux-aarch64.tar.bz2 else echo "# Downloading Alby Hub for x86" - sudo wget -O albyhub-server.tar.bz2 https://github.com/getAlby/hub/releases/download/v$VERSION/albyhub-Server-Linux-x86_64.tar.bz2 + sudo wget -O albyhub-server.tar.bz2 https://github.com/getAlby/hub/releases/download/v$VERSION/albyhub-Server-Linux-x86_64.tar.bz2 fi # extract archives @@ -180,14 +180,14 @@ if [ "$1" = "install" ]; then # cleanup sudo rm -f albyhub-server.tar.bz2 - # Setze die Berechtigungen für das Verzeichnis und die Dateien + # set permissions sudo chmod -R 755 /home/${APPID}/lib sudo chown -R root:root /home/${APPID}/lib # make libs available echo "/home/${APPID}/lib" | sudo tee /etc/ld.so.conf.d/${APPID}.conf sudo ldconfig - + echo "# Install ${APPID} done" exit 0 @@ -252,7 +252,7 @@ ExecStartPre=-/home/admin/config.scripts/bonus.${APPID}.sh prestart EnvironmentFile=${ENVFILE} ExecStart=/home/${APPID}/bin/${APPID} # Hack to ensure Alby Hub never uses more than 90% CPU -CPUQuota=90%sudo +CPUQuota=90%sudo [Install] WantedBy=multi-user.target @@ -268,8 +268,8 @@ WantedBy=multi-user.target # nginx configuration # BACKGROUND is that the plain HTTP is served by your web app, but thru the nginx proxy it will be available # with (self-signed) HTTPS and with separate configs for Tor & Tor+HTTPS. - - echo "# setup nginx confing" + + echo "# setup nginx config" # write the HTTPS config echo " From 0edc9a778ac14915644b727a3ab19f5fca1c3aad Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Wed, 18 Dec 2024 23:19:24 +0100 Subject: [PATCH 09/11] Small Updates for v1.11.4 (#4889) * AlbyHub 1.12.0 --- CHANGES.md | 4 +++- home.admin/00settingsMenuServices.sh | 2 +- home.admin/config.scripts/bonus.albyhub.sh | 2 +- 3 files changed, 5 insertions(+), 3 deletions(-) diff --git a/CHANGES.md b/CHANGES.md index d08fa9416..cf0b705ef 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -1,8 +1,10 @@ ## What's new in Version 1.11.4 of RaspiBlitz? +ReleaseCandidate: https://raspiblitz.fulmo.org/images/raspiblitz-min-v1.11.4rc1-2024-12-18.img.gz + Small AlbyHub feature release with security/bug-fixing relevant updates. -- New: AlbyHub v1.11.3 (SSH & WebUI) [details](https://github.com/getAlby) +- New: AlbyHub v1.12.0 (SSH & WebUI) [details](https://github.com/getAlby) - New: SSH-Option to tirn on/off LNbits AdminUI [details](https://github.com/raspiblitz/raspiblitz/issues/4876) - Update: LND v0.18.3-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.18.3-beta) - Update: Core Lightning v24.11 [details](https://github.com/ElementsProject/lightning/releases/tag/v24.11) diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index 435cb1c3f..890ee2903 100755 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -65,7 +65,7 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then OPTIONS+=(ra 'LND RTL Webinterface' ${rtlWebinterface}) OPTIONS+=(ta 'LND ThunderHub' ${thunderhub}) OPTIONS+=(la 'LND LIT (loop, pool, faraday)' ${lit}) - OPTIONS+=(ah 'LND AlbyHub (early access)' ${albyhub}) + OPTIONS+=(ah 'LND AlbyHub (App Connector)' ${albyhub}) OPTIONS+=(gb 'LND LNDg (auto-rebalance, auto-fees)' ${lndg}) OPTIONS+=(oa 'LND Balance of Satoshis' ${bos}) OPTIONS+=(ya 'LND PyBLOCK' ${pyblock}) diff --git a/home.admin/config.scripts/bonus.albyhub.sh b/home.admin/config.scripts/bonus.albyhub.sh index 3daf21e88..2df7d55ca 100644 --- a/home.admin/config.scripts/bonus.albyhub.sh +++ b/home.admin/config.scripts/bonus.albyhub.sh @@ -7,7 +7,7 @@ APPID="albyhub" # one-word lower-case no-specials # https://github.com/getAlby/hub/releases -VERSION="1.11.3" +VERSION="1.12.0" # port numbers the app should run on # delete if not an web app From 37851bf2785738fb507d493f7fdf1be96b15a876 Mon Sep 17 00:00:00 2001 From: HODLmeTight <35168804+TrezorHannes@users.noreply.github.com> Date: Wed, 18 Dec 2024 23:54:31 +0100 Subject: [PATCH 10/11] Enhance BBcloseAllChannels.sh to allow LND user selection for channel closing method (#4886) Enhance BBcloseAllChannels.sh to allow user selection for channel closing method. Users can now choose between COOP for cooperative close and FORCE for forced close --- home.admin/BBcloseAllChannels.sh | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/home.admin/BBcloseAllChannels.sh b/home.admin/BBcloseAllChannels.sh index 01b86654b..57a8a7f84 100755 --- a/home.admin/BBcloseAllChannels.sh +++ b/home.admin/BBcloseAllChannels.sh @@ -36,7 +36,25 @@ elif [ $LNTYPE = lnd ];then dialog --title 'Info' --msgbox 'You need to turn OFF the LND AutoPilot first,\nso that closed channels are not opening up again.\nYou find the AutoPilot -----> SERVICES section' 7 55 exit 0 fi - command="$lncli_alias closeallchannels --force" + + # User choice for close type + close_type=$(dialog --clear \ + --title "LND Channel Close Type" \ + --menu "Choose how to close channels:" \ + 14 54 3 \ + "COOP" "Attempt Cooperative Close" \ + "FORCE" "Force Close Channels" \ + 2>&1 >/dev/tty) + + # Set command based on user choice + if [ "$close_type" = "COOP" ]; then + command="$lncli_alias closeallchannels" + elif [ "$close_type" = "FORCE" ]; then + command="$lncli_alias closeallchannels --force" + else + echo "Invalid choice. Exiting." + exit 1 + fi fi clear @@ -85,7 +103,7 @@ echo "# RESULT:" if [ ${#command} -gt 0 ]; then if [ $LNTYPE = cl ];then cl_closeall - elif [ $LNTYPE = lnd ];then + elif [ $LNTYPE = lnd ];then ${command} fi fi From 3d46020afc80fbe03ecc5d824f7fbfcf5b9e7d09 Mon Sep 17 00:00:00 2001 From: /rootzoll Date: Thu, 19 Dec 2024 19:13:29 +0100 Subject: [PATCH 11/11] Small Fixes for v1.11.4 (#4890) * v1.11.4rc1 & AlbyHub 1.12.0 * #4864 Core Lightning 24.11.1 * #4884 revert back to former version * #4891 account for pending closing balance (#4892) * #4876 adding Allow New User Switch * #4882 revert back to CLN v24.11 * #4893 temp re-introduce en_GB for v1.11.4 --- home.admin/BBcloseAllChannels.sh | 119 ++++-------------- home.admin/config.scripts/bonus.lnbits.sh | 32 ++++- home.admin/config.scripts/bonus.postgresql.sh | 6 + home.admin/config.scripts/cl.install.sh | 2 +- home.admin/config.scripts/lnd.monitor.sh | 13 ++ 5 files changed, 76 insertions(+), 96 deletions(-) diff --git a/home.admin/BBcloseAllChannels.sh b/home.admin/BBcloseAllChannels.sh index 57a8a7f84..9632d7f06 100755 --- a/home.admin/BBcloseAllChannels.sh +++ b/home.admin/BBcloseAllChannels.sh @@ -3,111 +3,42 @@ # load raspiblitz config data (with backup from old config) source /home/admin/raspiblitz.info source /mnt/hdd/raspiblitz.conf -if [ ${#network} -eq 0 ]; then network=$(cat .network); fi +if [ ${#network} -eq 0 ]; then network=`cat .network`; fi if [ ${#network} -eq 0 ]; then network="bitcoin"; fi if [ ${#chain} -eq 0 ]; then chain=$(${network}-cli getblockchaininfo | jq -r '.chain') fi -source <(/home/admin/config.scripts/network.aliases.sh getvars $1 $2) - -if [ $LNTYPE = cl ];then - # https://lightning.readthedocs.io/lightning-close.7.html - peerlist=$($lightningcli_alias listpeers|grep '"id":'|awk '{print $2}'|cut -d, -f1) - # to display - function cl_closeall_command { - for i in $peerlist; do - # close id [unilateraltimeout] [destination] [fee_negotiation_step] [*wrong_funding*] - echo "$lightningcli_alias close $i 30;" - done - } - command=$(cl_closeall_command) - # to run - function cl_closeall { - for i in $peerlist; do - # close id [unilateraltimeout] [destination] [fee_negotiation_step] [*wrong_funding*] - echo "# Attempting a mutual close one-by-one with a 30 seconds timeout" - $lightningcli_alias close $i 30 - done - } -elif [ $LNTYPE = lnd ];then - # precheck: AutoPilot - if [ "${autoPilot}" = "on" ]; then - dialog --title 'Info' --msgbox 'You need to turn OFF the LND AutoPilot first,\nso that closed channels are not opening up again.\nYou find the AutoPilot -----> SERVICES section' 7 55 - exit 0 - fi - - # User choice for close type - close_type=$(dialog --clear \ - --title "LND Channel Close Type" \ - --menu "Choose how to close channels:" \ - 14 54 3 \ - "COOP" "Attempt Cooperative Close" \ - "FORCE" "Force Close Channels" \ - 2>&1 >/dev/tty) - - # Set command based on user choice - if [ "$close_type" = "COOP" ]; then - command="$lncli_alias closeallchannels" - elif [ "$close_type" = "FORCE" ]; then - command="$lncli_alias closeallchannels --force" - else - echo "Invalid choice. Exiting." - exit 1 - fi +# precheck: AutoPilot +if [ "${autoPilot}" = "on" ]; then + dialog --title 'Info' --msgbox 'You need to turn OFF the LND AutoPilot first,\nso that closed channels are not opening up again.\nYou find the AutoPilot -----> SERVICES section' 7 55 + exit 1 fi +command="lncli --chain=${network} --network=${chain}net closeallchannels --force" + clear -echo -echo "# Precheck" # PRECHECK) check if chain is in sync -if [ $LNTYPE = cl ];then - BLOCKHEIGHT=$($bitcoincli_alias getblockchaininfo|grep blocks|awk '{print $2}'|cut -d, -f1) - CLHEIGHT=$($lightningcli_alias getinfo | jq .blockheight) - if [ $BLOCKHEIGHT -eq $CLHEIGHT ];then - chainOutSync=0 - else - chainOutSync=1 - fi -elif [ $LNTYPE = lnd ];then - chainOutSync=$($lncli_alias getinfo | grep '"synced_to_chain": false' -c) -fi -if [ ${chainOutSync} -eq 1 ]; then - if [ $LNTYPE = cl ];then - echo "# FAIL PRECHECK - '${netprefix}lightning-cli getinfo' blockheight is different from '${netprefix}bitcoind getblockchaininfo' - wait until chain is sync " - elif [ $LNTYPE = lnd ];then - echo "# FAIL PRECHECK - ${netprefix}lncli getinfo shows 'synced_to_chain': false - wait until chain is sync " - fi - echo - echo "# PRESS ENTER to return to menu" - read key - exit 0 -else - echo "# OK - the chain is synced" -fi - -# raise high focus on lightning channels next 1 hour -/home/admin/_cache.sh focus ln_${LNTYPE}_${CHAIN}_channels_active 0 3600 -/home/admin/_cache.sh focus ln_${LNTYPE}_${CHAIN}_channels_inactive 0 3600 -/home/admin/_cache.sh focus ln_${LNTYPE}_${CHAIN}_channels_total 0 3600 - -echo "#####################################" -echo "# Closing All Channels (EXPERIMENTAL)" -echo "#####################################" -echo -echo "# COMMAND LINE: " +echo "***********************************" +echo "Closing All Channels (EXPERIMENTAL)" +echo "***********************************" +echo "" +echo "COMMAND LINE: " echo $command -echo -echo "# RESULT:" +echo "" +echo "RESULT:" + +# PRECHECK) check if chain is in sync +chainInSync=$(lncli --chain=${network} --network=${chain}net getinfo | grep '"synced_to_chain": true' -c) +if [ ${chainInSync} -eq 0 ]; then + command="" + result="FAIL PRECHECK - lncli getinfo shows 'synced_to_chain': false - wait until chain is sync " +fi # execute command if [ ${#command} -gt 0 ]; then - if [ $LNTYPE = cl ];then - cl_closeall - elif [ $LNTYPE = lnd ];then - ${command} - fi + ${command} fi - -echo -echo "# OK - please recheck if channels really closed" + +echo "" +echo "OK - please recheck if channels really closed" sleep 5 \ No newline at end of file diff --git a/home.admin/config.scripts/bonus.lnbits.sh b/home.admin/config.scripts/bonus.lnbits.sh index 7bef113ed..334423906 100644 --- a/home.admin/config.scripts/bonus.lnbits.sh +++ b/home.admin/config.scripts/bonus.lnbits.sh @@ -234,6 +234,16 @@ Consider adding a IP2TOR Bridge under OPTIONS." OPTIONS+=(ADMINUI "Deactivate 'Admin UI'") fi + # Allow New Accounts (only if AdminUI is OFF) + allowNewAccountsFalse=$(sudo grep -c "LNBITS_ALLOW_NEW_ACCOUNTS=false" $lnbitsConfig) + if [ ${activatedAdminUI} -eq 0 ]; then + if [ ${allowNewAccountsFalse} -eq 0 ]; then + OPTIONS+=(NEWACCOUNTS "Disable New Accounts") + else + OPTIONS+=(NEWACCOUNTS "Enable New Accounts") + fi + fi + WIDTH=66 CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1")) HEIGHT=$((CHOICE_HEIGHT + 7)) @@ -306,7 +316,27 @@ Consider adding a IP2TOR Bridge under OPTIONS." sudo sed -i "/^LNBITS_ADMIN_UI=/d" $lnbitsConfig sudo bash -c "echo 'LNBITS_ADMIN_UI=false' >> ${lnbitsConfig}" fi - echo "Restarting LNbits ..." + echo "Restarting LNbits to activate new setting ..." + sudo systemctl restart lnbits + echo "PRESS ENTER to continue" + read key + exit 0 + ;; + NEWACCOUNTS) + clear + echo + if [ ${allowNewAccountsFalse} -eq 0 ]; then + echo "Disable New Accounts" + sudo sed -i "/^LNBITS_ALLOW_NEW_ACCOUNTS=/d" $lnbitsConfig + sudo sed -i "/^# LNBITS_ALLOW_NEW_ACCOUNTS=/d" $lnbitsConfig + sudo bash -c "echo 'LNBITS_ALLOW_NEW_ACCOUNTS=false' >> ${lnbitsConfig}" + else + echo "Enable New Accounts" + sudo sed -i "/^LNBITS_ALLOW_NEW_ACCOUNTS=/d" $lnbitsConfig + sudo sed -i "/^# LNBITS_ALLOW_NEW_ACCOUNTS=/d" $lnbitsConfig + sudo bash -c "echo 'LNBITS_ALLOW_NEW_ACCOUNTS=true' >> ${lnbitsConfig}" + fi + echo "Restarting LNbits to activate new setting ..." sudo systemctl restart lnbits echo "PRESS ENTER to continue" read key diff --git a/home.admin/config.scripts/bonus.postgresql.sh b/home.admin/config.scripts/bonus.postgresql.sh index 866d9cbbb..1df7764b6 100755 --- a/home.admin/config.scripts/bonus.postgresql.sh +++ b/home.admin/config.scripts/bonus.postgresql.sh @@ -35,6 +35,12 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then sudo apt install -y postgresql-$PG_VERSION fi + # make sure en_GB locale is available for now - see #4893 + echo "# temp fixing locale" + sudo sed -i '/^#en_GB.UTF-8 UTF-8/s/^#//' /etc/locale.gen + sudo sed -i '/^# en_GB.UTF-8 UTF-8/s/^# //' /etc/locale.gen + sudo locale-gen + postgres_datadir="/var/lib/postgresql" # default data dir postgres_confdir="/etc/postgresql" # default conf dir diff --git a/home.admin/config.scripts/cl.install.sh b/home.admin/config.scripts/cl.install.sh index 3a03eb6e2..9e1c179f6 100644 --- a/home.admin/config.scripts/cl.install.sh +++ b/home.admin/config.scripts/cl.install.sh @@ -162,7 +162,7 @@ if [ "$1" = "install" ]; then exit 1 fi echo - echo "- OK the installation of Core Lightning v${installed} is successful" + echo "- OK the installation of Core Lightning ${installed} is successful" exit 0 fi diff --git a/home.admin/config.scripts/lnd.monitor.sh b/home.admin/config.scripts/lnd.monitor.sh index 4da140e51..26629ffd5 100755 --- a/home.admin/config.scripts/lnd.monitor.sh +++ b/home.admin/config.scripts/lnd.monitor.sh @@ -259,6 +259,19 @@ if [ "$2" = "wallet" ]; then exit 1 fi + ln_pendingbalance=$($lndcli_alias pendingchannels 2>/dev/null) + if [ "${ln_pendingbalance}" == "" ]; then + echo "error='no data'" + exit 1 + fi + + ln_pendingonchainbalance_sum=$(echo "${ln_pendingbalance}" | jq -r ' + ([ .pending_force_closing_channels[].channel.local_balance, + .pending_closing_channels[].channel.local_balance + ] | map(tonumber) | add // 0)') + + lnd_wallet_onchain_pending=$(( ${lnd_wallet_onchain_pending:-0} + ${ln_pendingonchainbalance_sum:-0} )) + # parse data lnd_wallet_channels_balance=$(echo "$ln_channelbalance" | jq -r '.balance') lnd_wallet_channels_pending=$(echo "$ln_channelbalance" | jq -r '.pending_open_balance')