diff --git a/CHANGES.md b/CHANGES.md index ee0ac05ef..8360544e3 100644 --- a/CHANGES.md +++ b/CHANGES.md @@ -4,6 +4,7 @@ - Security: Verify git commits and tags everywhere possible [issue](https://github.com/rootzoll/raspiblitz/issues/2686) - New: Compact the LND channel.db on-demand from REPAIR and before backups [issue](https://github.com/rootzoll/raspiblitz/issues/2752) +- New: Switch LNbits between lnd & c-lightning [issue](https://github.com/rootzoll/raspiblitz/issues/2556) - Update: LND v0.14.1-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.14.1-beta) - Update: C-lightning v0.10.2 [details](https://github.com/ElementsProject/lightning/releases/tag/v0.10.2) - Update: Lightning Terminal v0.6.1-alpha with Lightning Node Connect over Tor [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.6.1-alpha) diff --git a/home.admin/00mainMenu.sh b/home.admin/00mainMenu.sh index 621cbb9e5..a59550dd4 100755 --- a/home.admin/00mainMenu.sh +++ b/home.admin/00mainMenu.sh @@ -99,7 +99,11 @@ if [ "${BTCRPCexplorer}" == "on" ]; then OPTIONS+=(EXPLORE "BTC RPC Explorer") fi if [ "${LNBits}" == "on" ]; then - OPTIONS+=(LNBITS "LNbits Server") + if [ "${LNBitsFunding}" == "lnd" ] || [ "${LNBitsFunding}" == "tlnd" ] || [ "${LNBitsFunding}" == "slnd" ] || [ "${LNBitsFunding}" == "" ]; then + OPTIONS+=(LNBITS "LNbits on LND") + elif [ "${LNBitsFunding}" == "cl" ] || [ "${LNBitsFunding}" == "tcl" ] || [ "${LNBitsFunding}" == "scl" ]; then + OPTIONS+=(LNBITS "LNbits on c-lightning") + fi fi if [ "${lndmanage}" == "on" ]; then OPTIONS+=(LNDMANAGE "LND Manage Script") diff --git a/home.admin/00settingsMenuServices.sh b/home.admin/00settingsMenuServices.sh index b00855705..d8357c552 100755 --- a/home.admin/00settingsMenuServices.sh +++ b/home.admin/00settingsMenuServices.sh @@ -43,12 +43,17 @@ if [ "${network}" == "bitcoin" ]; then OPTIONS+=(w 'BTC Download Bitcoin Whitepaper' ${whitepaper}) fi + +# available for both LND & c-lightning +if [ "${lnd}" == "on" ] || [ "${cl}" == "on" ]; then + OPTIONS+=(i 'LNbits (Lightning Accounts)' ${LNBits}) +fi + # just available for LND if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then OPTIONS+=(r 'LND RTL Webinterface' ${rtlWebinterface}) OPTIONS+=(t 'LND ThunderHub' ${thunderhub}) OPTIONS+=(l 'LND LIT (loop, pool, faraday)' ${lit}) - OPTIONS+=(i 'LND LNbits' ${LNBits}) OPTIONS+=(o 'LND Balance of Satoshis' ${bos}) OPTIONS+=(y 'LND PyBLOCK' ${pyblock}) OPTIONS+=(h 'LND ChannelTools (Fund Rescue)' ${chantools}) @@ -362,7 +367,7 @@ if [ ${check} -eq 1 ]; then choice="on"; fi if [ "${LNBits}" != "${choice}" ]; then echo "LNbits Setting changed .." anychange=1 - sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh ${choice} + sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh ${choice} ${lightning} if [ "${choice}" = "on" ]; then sudo systemctl start lnbits sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh menu diff --git a/home.admin/_provision_.sh b/home.admin/_provision_.sh index 3e7eef9df..78e32bed9 100755 --- a/home.admin/_provision_.sh +++ b/home.admin/_provision_.sh @@ -534,9 +534,12 @@ fi # LNbits if [ "${LNBits}" = "on" ]; then - echo "Provisioning LNbits - run config script" >> ${logFile} - /home/admin/_cache.sh set message "Setup LNbits" - sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh on >> ${logFile} 2>&1 + if [ "${LNBitsFunding}" == "" ]; then + LNBitsFunding="lnd" + fi + echo "Provisioning LNbits (${LNBitsFunding}) - run config script" >> ${logFile} + sudo sed -i "s/^message=.*/message='Setup LNbits (${LNBitsFunding})'/g" ${infoFile} + sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh on ${LNBitsFunding} >> ${logFile} 2>&1 else echo "Provisioning LNbits - keep default" >> ${logFile} fi diff --git a/home.admin/assets/nginx/sites-available/btcpay_tor.conf b/home.admin/assets/nginx/sites-available/btcpay_tor.conf index 2915eab61..97b4fd7ff 100644 --- a/home.admin/assets/nginx/sites-available/btcpay_tor.conf +++ b/home.admin/assets/nginx/sites-available/btcpay_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:23002; - listen [::1]:23002; server_name _; access_log /var/log/nginx/access_btcpay.log; diff --git a/home.admin/assets/nginx/sites-available/btcpay_tor_ssl.conf b/home.admin/assets/nginx/sites-available/btcpay_tor_ssl.conf index 9336ce399..5e2873fb2 100644 --- a/home.admin/assets/nginx/sites-available/btcpay_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/btcpay_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:23003 ssl; - listen [::1]:23003 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf index 5f30cb12e..6837a1a14 100644 --- a/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf +++ b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:3022; - listen [::1]:3022; server_name _; access_log /var/log/nginx/access_thub.log; diff --git a/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf index 8754af49a..5942425a6 100644 --- a/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:3023 ssl; - listen [::1]:3023 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/lnbits_tor.conf b/home.admin/assets/nginx/sites-available/lnbits_tor.conf index 83a187938..1146b7e28 100644 --- a/home.admin/assets/nginx/sites-available/lnbits_tor.conf +++ b/home.admin/assets/nginx/sites-available/lnbits_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:5002; - listen [::1]:5002; server_name _; access_log /var/log/nginx/access_lnbits.log; diff --git a/home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf b/home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf index 83dd781c9..9c49b90db 100644 --- a/home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:5003 ssl; - listen [::1]:5003 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/mempool_tor.conf b/home.admin/assets/nginx/sites-available/mempool_tor.conf index 83ddd3854..a47a7743b 100644 --- a/home.admin/assets/nginx/sites-available/mempool_tor.conf +++ b/home.admin/assets/nginx/sites-available/mempool_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:4082; - listen [::1]:4082; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/mempool_tor_ssl.conf b/home.admin/assets/nginx/sites-available/mempool_tor_ssl.conf index 39aae9556..c0faadb1b 100644 --- a/home.admin/assets/nginx/sites-available/mempool_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/mempool_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:4083 ssl; - listen [::1]:4083 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/rtl_tor.conf b/home.admin/assets/nginx/sites-available/rtl_tor.conf index 6354f4cc8..68f008da0 100644 --- a/home.admin/assets/nginx/sites-available/rtl_tor.conf +++ b/home.admin/assets/nginx/sites-available/rtl_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:3002; - listen [::1]:3002; server_name _; access_log /var/log/nginx/access_rtl.log; diff --git a/home.admin/assets/nginx/sites-available/rtl_tor_ssl.conf b/home.admin/assets/nginx/sites-available/rtl_tor_ssl.conf index 29fb812f8..9e1123fe1 100644 --- a/home.admin/assets/nginx/sites-available/rtl_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/rtl_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:3003 ssl; - listen [::1]:3003 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/sphinxrelay_tor.conf b/home.admin/assets/nginx/sites-available/sphinxrelay_tor.conf index f9b207add..8bd5f9fa3 100644 --- a/home.admin/assets/nginx/sites-available/sphinxrelay_tor.conf +++ b/home.admin/assets/nginx/sites-available/sphinxrelay_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:3302; - listen [::1]:3302; server_name _; access_log /var/log/nginx/access_sphinxrelay.log; diff --git a/home.admin/assets/nginx/sites-available/sphinxrelay_tor_ssl.conf b/home.admin/assets/nginx/sites-available/sphinxrelay_tor_ssl.conf index d2495421c..f012d35ef 100644 --- a/home.admin/assets/nginx/sites-available/sphinxrelay_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/sphinxrelay_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:3303 ssl; - listen [::1]:3303 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/assets/nginx/sites-available/thub_tor.conf b/home.admin/assets/nginx/sites-available/thub_tor.conf index f872ae974..3214baacc 100644 --- a/home.admin/assets/nginx/sites-available/thub_tor.conf +++ b/home.admin/assets/nginx/sites-available/thub_tor.conf @@ -2,7 +2,6 @@ server { listen localhost:3012; - listen [::1]:3012; server_name _; access_log /var/log/nginx/access_thub.log; diff --git a/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf b/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf index 0d3e448ad..4e7762022 100644 --- a/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf +++ b/home.admin/assets/nginx/sites-available/thub_tor_ssl.conf @@ -2,7 +2,6 @@ server { listen localhost:3013 ssl; - listen [::1]:3013 ssl; server_name _; include /etc/nginx/snippets/ssl-params.conf; diff --git a/home.admin/config.scripts/blitz.datadrive.sh b/home.admin/config.scripts/blitz.datadrive.sh index 7ff010279..300d428eb 100755 --- a/home.admin/config.scripts/blitz.datadrive.sh +++ b/home.admin/config.scripts/blitz.datadrive.sh @@ -240,7 +240,7 @@ if [ "$1" = "status" ]; then cp /mnt/hdd${subVolumeDir}/app-data/wpa_supplicant.conf /var/cache/raspiblitz/hdd-inspect/wpa_supplicant.conf 2>/dev/null # make copy of SSH keys to RAMDISK (if available) - cp /mnt/hdd${subVolumeDir}/ssh /var/cache/raspiblitz/hdd-inspect/ssh 2>/dev/null + cp -r /mnt/hdd${subVolumeDir}/ssh /var/cache/raspiblitz/hdd-inspect/ssh 2>/dev/null fi diff --git a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py index a73985053..312642465 100755 --- a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py +++ b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py @@ -613,7 +613,7 @@ def menuMakeSubscription(blitzServiceName, torAddress, torPort): d = Dialog(dialog="dialog", autowidgetsize=True) d.set_background_title("Select IP2TOR Bridge Shop (communication secured thru TOR)") code, text = d.inputbox( - "Enter Address of a IP2TOR Shop (OR JUST USE DEFAULT):", + "Enter Address of the IP2TOR Shop (OR JUST PRESS OK):", height=10, width=72, init=shopurl, title="Shop Address") @@ -1079,6 +1079,7 @@ def subscription_by_service(): subs = toml.load(SUBSCRIPTIONS_FILE) for idx, sub in enumerate(subs['subscriptions_ip2tor']): if sub['active'] and sub['name'] == service_name: + print("id='{0}'".format(sub['id'])) print("type='{0}'".format(sub['type'])) print("ip='{0}'".format(sub['ip'])) print("port='{0}'".format(sub['port'])) diff --git a/home.admin/config.scripts/bonus.lnbits.sh b/home.admin/config.scripts/bonus.lnbits.sh index 5f730bab6..c132ecc5d 100755 --- a/home.admin/config.scripts/bonus.lnbits.sh +++ b/home.admin/config.scripts/bonus.lnbits.sh @@ -5,11 +5,13 @@ # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "small config script to switch LNbits on or off" - echo "bonus.lnbits.sh on [?GITHUBUSER] [?BRANCH]" - echo "bonus.lnbits.sh [off|status|menu|write-macaroons]" - echo "# DEVELOPMENT: TO SYNC WITH YOUR FORKED GITHUB-REPO" - echo "bonus.lnbits.sh github repo [GITHUBUSER] [?BRANCH]" - echo "bonus.lnbits.sh github sync" + echo "bonus.lnbits.sh on [lnd|tlnd|slnd|cl|tcl|scl] [?GITHUBUSER] [?BRANCH]" + echo "bonus.lnbits.sh switch [lnd|tlnd|slnd|cl|tcl|scl]" + echo "bonus.lnbits.sh off" + echo "bonus.lnbits.sh status" + echo "bonus.lnbits.sh menu" + echo "bonus.lnbits.sh prestart" + echo "bonus.lnbits.sh githubsync" exit 1 fi @@ -33,6 +35,14 @@ if [ "$1" = "menu" ]; then fi fi + # add info on funding source + fundinginfo="" + if [ "${LNBitsFunding}" == "lnd" ] || [ "${LNBitsFunding}" == "tlnd" ] || [ "${LNBitsFunding}" == "slnd" ]; then + fundinginfo="on LND " + elif [ "${LNBitsFunding}" == "cl" ] || [ "${LNBitsFunding}" == "tcl" ] || [ "${LNBitsFunding}" == "scl" ]; then + fundinginfo="on c-lightning " + fi + text="Local Web Browser: https://${localIP}:${httpsPort}" if [ ${#publicDomain} -gt 0 ]; then @@ -55,22 +65,107 @@ ${toraddress}" if [ ${#ip2torDomain} -gt 0 ]; then text="${text}\n IP2TOR+LetsEncrypt: https://${ip2torDomain}:${ip2torPort} -SHA1 ${sslFingerprintTOR}" +SHA1 ${sslFingerprintTOR}\n +https://${ip2torDomain}:${ip2torPort} ready for public use" elif [ ${#ip2torIP} -gt 0 ]; then text="${text}\n IP2TOR: https://${ip2torIP}:${ip2torPort} -SHA1 ${sslFingerprintTOR} -go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain" +SHA1 ${sslFingerprintTOR}\n +Consider adding a LetsEncrypt HTTPS Domain under OPTIONS." elif [ ${#publicDomain} -eq 0 ]; then text="${text}\n To enable easy reachability with normal browser from the outside -consider adding a IP2TOR Bridge (MAINMENU > SUBSCRIBE)." +Consider adding a IP2TOR Bridge under OPTIONS." fi - whiptail --title " LNbits " --msgbox "${text}" 16 69 - + whiptail --title " LNbits ${fundinginfo}" --yes-button "OK" --no-button "OPTIONS" --yesno "${text}" 18 69 + result=$? /home/admin/config.scripts/blitz.display.sh hide - echo "please wait ..." + echo "option (${result}) - please wait ..." + + # exit when user presses OK to close menu + if [ ${result} -eq 0 ]; then + exit 0 + fi + + # LNbits OPTIONS menu + OPTIONS=() + + # IP2TOR options + if [ "${ip2torDomain}" != "" ]; then + # IP2TOR+LetsEncrypt active - offer cancel + OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits") + elif [ "${ip2torIP}" != "" ]; then + # just IP2TOR active - offer cancel or Lets Encrypt + OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits") + OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits") + else + OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription") + fi + + # Change Funding Source options (only if available) + if [ "${LNBitsFunding}" == "lnd" ] && [ "${cl}" == "on" ]; then + OPTIONS+=(SWITCH-CL "Switch: Use c-lightning as funding source") + elif [ "${LNBitsFunding}" == "cl" ] && [ "${lnd}" == "on" ]; then + OPTIONS+=(SWITCH-LND "Switch: Use LND as funding source") + fi + + WIDTH=66 + CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1")) + HEIGHT=$((CHOICE_HEIGHT+7)) + CHOICE=$(dialog --clear \ + --title " LNbits - Options" \ + --ok-label "Select" \ + --cancel-label "Back" \ + --menu "Choose one of the following options:" \ + $HEIGHT $WIDTH $CHOICE_HEIGHT \ + "${OPTIONS[@]}" \ + 2>&1 >/dev/tty) + + case $CHOICE in + IP2TOR-ON) + python /home/admin/config.scripts/blitz.subscriptions.ip2tor.py create-ssh-dialog LNBITS ${toraddress} 443 + exit 0 + ;; + IP2TOR-OFF) + clear + python /home/admin/config.scripts/blitz.subscriptions.ip2tor.py subscription-cancel ${ip2torID} + echo + echo "OK - PRESS ENTER to continue" + read key + exit 0 + ;; + HTTPS-ON) + python /home/admin/config.scripts/blitz.subscriptions.letsencrypt.py create-ssh-dialog + exit 0 + ;; + SWITCH-CL) + clear + /home/admin/config.scripts/bonus.lnbits.sh switch cl + echo "Restarting LNbits ..." + sudo systemctl restart lnbits + echo + echo "OK new funding source for LNbits active." + echo "PRESS ENTER to continue" + read key + exit 0 + ;; + SWITCH-LND) + clear + /home/admin/config.scripts/bonus.lnbits.sh switch lnd + echo "Restarting LNbits ..." + sudo systemctl restart lnbits + echo + echo "OK new funding source for LNbits active." + echo "PRESS ENTER to continue" + read key + exit 0 + ;; + *) + clear + exit 0 + esac + exit 0 fi @@ -86,6 +181,12 @@ if [ "$1" = "status" ]; then echo "httpsPort='5001'" echo "publicIP='${publicIP}'" + # check funding source + if [ "${LNBitsFunding}" == "" ]; then + LNBitsFunding="lnd" + fi + echo "LNBitsFunding='${LNBitsFunding}'" + # check for LetsEnryptDomain for DynDns error="" source <(sudo /home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $publicIP) @@ -135,46 +236,96 @@ if [ "$1" = "status" ]; then exit 0 fi -# status -if [ "$1" = "write-macaroons" ]; then +########################## +# PRESTART +# - will be called as prestart by systemd service (as user lnbits) +######################### - # make sure its run as user admin - adminUserId=$(id -u admin) - if [ "${EUID}" != "${adminUserId}" ]; then - echo "error='please run as admin user'" +if [ "$1" = "prestart" ]; then + + # users need to be `lnbits` so that it can be run by systemd as prestart (no SUDO available) + if [ "$USER" != "lnbits" ]; then + echo "# FAIL: run as user lnbits" exit 1 fi - echo "make sure symlink to central app-data directory exists" - if ! [[ -L "/home/lnbits/.lnd" ]]; then - sudo rm -rf "/home/lnbits/.lnd" # not a symlink.. delete it silently - sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lnbits/.lnd" # and create symlink + # get if its for lnd or cl service + echo "## lnbits.service PRESTART CONFIG" + echo "# --> /home/lnbits/lnbits/.env" + + # set values based in funding source in raspiblitz config + LNBitsNetwork="bitcoin" + LNBitsChain="" + LNBitsLightning="" + if [ "${LNBitsFunding}" == "" ] || [ "${LNBitsFunding}" == "lnd" ]; then + LNBitsFunding="lnd" + LNBitsLightning="lnd" + LNBitsChain="main" + elif [ "${LNBitsFunding}" == "tlnd" ]; then + LNBitsLightning="lnd" + LNBitsChain="test" + elif [ "${LNBitsFunding}" == "slnd" ]; then + LNBitsLightning="lnd" + LNBitsChain="sig" + elif [ "${LNBitsFunding}" == "cl" ]; then + LNBitsLightning="cl" + LNBitsChain="main" + elif [ "${LNBitsFunding}" == "tcl" ]; then + LNBitsLightning="cl" + LNBitsChain="test" + elif [ "${LNBitsFunding}" == "scl" ]; then + LNBitsLightning="cl" + LNBitsChain="sig" + else + echo "# FAIL: Unknown LNBitsFunding=${LNBitsFunding}" + exit 1 fi - # set tls.cert path (use | as separator to avoid escaping file path slashes) - sudo -u lnbits sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/home/lnbits/.lnd/tls.cert|g" /home/lnbits/lnbits/.env + echo "# LNBitsFunding(${LNBitsFunding}) --> network(${LNBitsNetwork}) chain(${LNBitsChain}) lightning(${LNBitsLightning})" - # set macaroon path info in .env - USING HEX IMPORT - sudo chmod 600 /home/lnbits/lnbits/.env - macaroonAdminHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/admin.macaroon) - macaroonInvoiceHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/invoice.macaroon) - macaroonReadHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/readonly.macaroon) - sudo sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env - sudo sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env - sudo sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env + # set lnd config + if [ "${LNBitsLightning}" == "lnd" ]; then - #echo "make sure lnbits is member of lndreadonly, lndinvoice, lndadmin" - #sudo /usr/sbin/usermod --append --groups lndinvoice lnbits - #sudo /usr/sbin/usermod --append --groups lndreadonly lnbits - #sudo /usr/sbin/usermod --append --groups lndadmin lnbits + echo "# setting lnd config fresh ..." - # set macaroon path info in .env - USING PATH - #sudo sed -i "s|^LND_REST_ADMIN_MACAROON=.*|LND_REST_ADMIN_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/admin.macaroon|g" /home/lnbits/lnbits/.env - #sudo sed -i "s|^LND_REST_INVOICE_MACAROON=.*|LND_REST_INVOICE_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/invoice.macaroon|g" /home/lnbits/lnbits/.env - #sudo sed -i "s|^LND_REST_READ_MACAROON=.*|LND_REST_READ_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/read.macaroon|g" /home/lnbits/lnbits/.env - echo "# OK - macaroons written to /home/lnbits/lnbits/.env" + # check if lnbits user has read access on lnd data files + checkReadAccess=$(cat /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon | grep -c "lnd") + if [ "${checkReadAccess}" != "1" ]; then + echo "# FAIL: missing lnd data in '/mnt/hdd/app-data/lnd' or missing access rights for lnbits user" + exit 1 + fi - exit 0 + echo "# Updating LND TLS & macaroon data fresh for LNbits config ..." + + # set tls.cert path (use | as separator to avoid escaping file path slashes) + sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/mnt/hdd/app-data/lnd/tls.cert|g" /home/lnbits/lnbits/.env + + # set macaroon path info in .env - USING HEX IMPORT + chmod 600 /home/lnbits/lnbits/.env + macaroonAdminHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon) + macaroonInvoiceHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/invoice.macaroon) + macaroonReadHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/readonly.macaroon) + sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env + sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env + sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env + + elif [ "${LNBitsLightning}" == "cl" ]; then + + isUsingCL=$(cat /home/lnbits/lnbits/.env | grep -c "LNBITS_BACKEND_WALLET_CLASS=CLightningWallet") + if [ "${isUsingCL}" != "1" ]; then + echo "# FAIL: /home/lnbits/lnbits/.env not set to c-lightning" + exit 1 + fi + + echo "# everything looks OK for lnbits config on c-lightning on ${LNBitsChain}net" + + else + echo "# FAIL: missing or not supported LNBitsLightning=${LNBitsLightning}" + exit 1 + fi + + echo "# OK: prestart finished" + exit 0 # exit with clean code fi if [ "$1" = "repo" ]; then @@ -191,7 +342,9 @@ if [ "$1" = "repo" ]; then fi # check if repo exists - githubRepo="https://github.com/${githubUser}/lnbits" + #githubRepo="https://github.com/${githubUser}/lnbits" + githubRepo="https://github.com/${githubUser}/lnbits-legend" + httpcode=$(curl -s -o /dev/null -w "%{http_code}" ${githubRepo}) if [ "${httpcode}" != "200" ]; then echo "# tested github repo: ${githubRepo}" @@ -225,83 +378,124 @@ if [ "$1" = "sync" ] || [ "$1" = "repo" ]; then fi # stop service -echo "making sure services are not running" sudo systemctl stop lnbits 2>/dev/null -# switch on +# install if [ "$1" = "1" ] || [ "$1" = "on" ]; then - echo "*** INSTALL LNbits ***" + # check if already installed isInstalled=$(sudo ls /etc/systemd/system/lnbits.service 2>/dev/null | grep -c 'lnbits.service') - if [ ${isInstalled} -eq 0 ]; then + if [ "${isInstalled}" == "1" ]; then + echo "# FAIL: already installed" + exit 1 + fi - echo "*** Add the 'lnbits' user ***" - sudo adduser --disabled-password --gecos "" lnbits + # get funding source and check that its available + fundingsource="$2" - # make sure needed debian packages are installed - echo "# installing needed packages" - - # get optional github parameter - githubUser="lnbits" - if [ "$2" != "" ]; then - githubUser="$2" - fi - githubBranch="tags/raspiblitz" - #githubBranch="f6bcff01f4b62ca26177f22bd2d479b01d371406" - if [ "$3" != "" ]; then - githubBranch="$3" + if [ "${fundingsource}" == "lnd" ]; then + if [ "${lnd}" != "on" ]; then + echo "#FAIL: lnd mainnet needs to activated" + exit 1 fi - # install from GitHub - echo "# get the github code user(${githubUser}) branch(${githubBranch})" - sudo rm -r /home/lnbits/lnbits 2>/dev/null - cd /home/lnbits - sudo -u lnbits git clone https://github.com/${githubUser}/lnbits.git - cd /home/lnbits/lnbits - sudo -u lnbits git checkout ${githubBranch} + elif [ "${fundingsource}" == "tlnd" ]; then + if [ "${tlnd}" != "on" ]; then + echo "#FAIL: lnd testnet needs to activated" + exit 1 + fi - # prepare .env file - echo "# preparing env file" - sudo rm /home/lnbits/lnbits/.env 2>/dev/null - sudo -u lnbits touch /home/lnbits/lnbits/.env - sudo bash -c "echo 'QUART_APP=lnbits.app:create_app()' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=LndRestWallet' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LND_REST_ENDPOINT=https://127.0.0.1:8080' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LND_REST_CERT=' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LND_REST_ADMIN_MACAROON=' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LND_REST_INVOICE_MACAROON=' >> /home/lnbits/lnbits/.env" - sudo bash -c "echo 'LND_REST_READ_MACAROON=' >> /home/lnbits/lnbits/.env" - /home/admin/config.scripts/bonus.lnbits.sh write-macaroons + elif [ "${fundingsource}" == "slnd" ]; then + if [ "${slnd}" != "on" ]; then + echo "#FAIL: lnd signet needs to activated" + exit 1 + fi - # set database path to HDD data so that its survives updates and migrations - sudo mkdir /mnt/hdd/app-data/LNBits 2>/dev/null - sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits - sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env" + elif [ "${fundingsource}" == "cl" ]; then + if [ "${cl}" != "on" ]; then + echo "# FAIL: c-lightning mainnet needs to activated" + exit 1 + fi - # to the install - echo "# installing application dependencies" - cd /home/lnbits/lnbits - # do install like this + elif [ "${fundingsource}" == "tcl" ]; then + if [ "${tcl}" != "on" ]; then + echo "# FAIL: c-lightning testnet needs to activated" + exit 1 + fi - sudo -u lnbits python3 -m venv venv - #sudo -u lnbits /home/lnbits/lnbits/venv/bin/pip install hypercorn - sudo -u lnbits ./venv/bin/pip install -r requirements.txt + elif [ "${fundingsource}" == "scl" ]; then + if [ "${scl}" != "on" ]; then + echo "# FAIL: c-lightning signet needs to activated" + exit 1 + fi - # process assets - echo "# processing assets" - sudo -u lnbits ./venv/bin/quart assets + else + echo "# FAIL: unvalid fundig source parameter" + exit 1 + fi - # update databases (if needed) - echo "# updating databases" - sudo -u lnbits ./venv/bin/quart migrate + # add lnbits user + echo "*** Add the 'lnbits' user ***" + sudo adduser --disabled-password --gecos "" lnbits 2>/dev/null + sudo /usr/sbin/usermod --append --groups bitcoin lnbits - # open firewall - echo - echo "*** Updating Firewall ***" - sudo ufw allow 5000 comment 'lnbits HTTP' - sudo ufw allow 5001 comment 'lnbits HTTPS' - echo "" + # get optional github parameter + githubUser="lnbits" + if [ "$3" != "" ]; then + githubUser="$3" + fi + #githubBranch="tags/raspiblitz" + githubBranch="ec874baa6b4ea3d6ec039c9bd71b9c73a899a737" #commit 5. December 2021 + if [ "$4" != "" ]; then + githubBranch="$4" + fi + + # install from GitHub + echo "# get the github code user(${githubUser}) branch(${githubBranch})" + sudo rm -r /home/lnbits/lnbits 2>/dev/null + cd /home/lnbits + sudo -u lnbits git clone https://github.com/${githubUser}/lnbits-legend lnbits + cd /home/lnbits/lnbits + sudo -u lnbits git checkout ${githubBranch} + + # prepare .env file + echo "# preparing env file" + sudo rm /home/lnbits/lnbits/.env 2>/dev/null + sudo -u lnbits touch /home/lnbits/lnbits/.env + sudo bash -c "echo 'QUART_APP=lnbits.app:create_app()' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env" + + # set database path to HDD data so that its survives updates and migrations + sudo mkdir /mnt/hdd/app-data/LNBits 2>/dev/null + sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits + sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env" + + # let switch command part do the detail config + /home/admin/config.scripts/bonus.lnbits.sh switch ${fundingsource} + + # to the install + echo "# installing application dependencies" + cd /home/lnbits/lnbits + + # do install like this + sudo -u lnbits python3 -m venv venv + sudo -u lnbits ./venv/bin/pip install -r requirements.txt + sudo -u lnbits ./venv/bin/pip install pylightning + + # process assets + echo "# processing assets" + sudo -u lnbits ./venv/bin/quart assets + + # update databases (if needed) + echo "# updating databases" + sudo -u lnbits ./venv/bin/quart migrate + + # open firewall + echo + echo "*** Updating Firewall ***" + sudo ufw allow 5000 comment 'lnbits HTTP' + sudo ufw allow 5001 comment 'lnbits HTTPS' + echo "" # install service echo "*** Install systemd ***" @@ -315,12 +509,13 @@ After=bitcoind.service [Service] WorkingDirectory=/home/lnbits/lnbits +ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && ./venv/bin/hypercorn -k trio --bind 0.0.0.0:5000 "lnbits.app:create_app()"' User=lnbits Restart=always TimeoutSec=120 RestartSec=30 -StandardOutput=null +StandardOutput=journal StandardError=journal # Hardening measures @@ -343,10 +538,6 @@ EOF echo "# OK - lnbits service is enabled, but needs reboot or manual starting: sudo systemctl start lnbits" fi - else - echo "LNbits already installed." - fi - # setup nginx symlinks if ! [ -f /etc/nginx/sites-available/lnbits_ssl.conf ]; then sudo cp /home/admin/assets/nginx/sites-available/lnbits_ssl.conf /etc/nginx/sites-available/lnbits_ssl.conf @@ -372,6 +563,118 @@ EOF # make sure to keep in sync with tor.network.sh script /home/admin/config.scripts/tor.onion-service.sh lnbits 80 5002 443 5003 fi + + echo "# OK install done ... might need to restart or call: sudo systemctl start lnbits" + exit 0 +fi + +# config for a special funding source (e.g lnd or c-lightning as backend) +if [ "$1" = "switch" ]; then + + echo "## bonus.lnbits.sh switch $2" + + # get funding source and check that its available + fundingsource="$2" + clrpcsubdir="" + if [ "${fundingsource}" == "lnd" ]; then + if [ "${lnd}" != "on" ]; then + echo "#FAIL: lnd mainnet not installed or running" + exit 1 + fi + + elif [ "${fundingsource}" == "tlnd" ]; then + if [ "${tlnd}" != "on" ]; then + echo "# FAIL: lnd testnet not installed or running" + exit 1 + fi + + elif [ "${fundingsource}" == "slnd" ]; then + if [ "${slnd}" != "on" ]; then + echo "# FAIL: lnd signet not installed or running" + exit 1 + fi + + elif [ "${fundingsource}" == "cl" ]; then + if [ "${cl}" != "on" ]; then + echo "# FAIL: c-lightning mainnet not installed or running" + exit 1 + fi + + elif [ "${fundingsource}" == "tcl" ]; then + clrpcsubdir="/testnet" + if [ "${tcl}" != "on" ]; then + echo "# FAIL: c-lightning testnet not installed or running" + exit 1 + fi + + elif [ "${fundingsource}" == "scl" ]; then + clrpcsubdir="/signet" + if [ "${scl}" != "on" ]; then + echo "# FAIL: c-lightning signet not installed or running" + exit 1 + fi + + else + echo "# FAIL: unvalid fundig source parameter" + exit 1 + fi + + echo "##############" + echo "# NOTE: If you switch the funding source of a running LNbits instance all sub account will keep balance." + echo "# Make sure that the new funding source has enough sats to cover the LNbits bookeeping of sub accounts." + echo "##############" + + # remove all old possible settings for former funding source (clean state) + sudo sed -i "/^LNBITS_BACKEND_WALLET_CLASS=/d" /home/lnbits/lnbits/.env 2>/dev/null + sudo sed -i "/^LND_REST_ENDPOINT=/d" /home/lnbits/lnbits/.env 2>/dev/null + sudo sed -i "/^LND_REST_CERT=/d" /home/lnbits/lnbits/.env 2>/dev/null + sudo sed -i "/^LND_REST_ADMIN_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null + sudo sed -i "/^LND_REST_INVOICE_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null + sudo sed -i "/^LND_REST_READ_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null + sudo /usr/sbin/usermod -G lnbits lnbits + sudo sed -i "/^CLIGHTNING_RPC=/d" /home/lnbits/lnbits/.env 2>/dev/null + + # LND CONFIG + if [ "${fundingsource}" == "lnd" ] || [ "${fundingsource}" == "tlnd" ] || [ "${fundingsource}" == "slnd" ]; then + + # make sure lnbits user can access LND credentials + echo "# adding lnbits user is member of lndreadonly, lndinvoice, lndadmin" + sudo /usr/sbin/usermod --append --groups lndinvoice lnbits + sudo /usr/sbin/usermod --append --groups lndreadonly lnbits + sudo /usr/sbin/usermod --append --groups lndadmin lnbits + + # prepare config entries in lnbits config for lnd + echo "# preparing lnbits config for lnd" + sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=LndRestWallet' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'LND_REST_ENDPOINT=https://127.0.0.1:8080' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'LND_REST_CERT=' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'LND_REST_ADMIN_MACAROON=' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'LND_REST_INVOICE_MACAROON=' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'LND_REST_READ_MACAROON=' >> /home/lnbits/lnbits/.env" + + fi + + if [ "${fundingsource}" == "cl" ] || [ "${fundingsource}" == "tcl" ] || [ "${fundingsource}" == "scl" ]; then + + echo "# allowing lnbits user as part of the bitcoin group to RW RPC hook" + sudo chmod 770 /home/bitcoin/.lightning/bitcoin${clrpcsubdir} + sudo chmod 660 /home/bitcoin/.lightning/bitcoin${clrpcsubdir}/lightning-rpc + + echo "# preparing lnbits config for c-lightning" + sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=CLightningWallet' >> /home/lnbits/lnbits/.env" + sudo bash -c "echo 'CLIGHTNING_RPC=/home/bitcoin/.lightning/bitcoin${clrpcsubdir}/lightning-rpc' >> /home/lnbits/lnbits/.env" + fi + + # set raspiblitz config value for funding + if ! grep -Eq "^LNBitsFunding=" /mnt/hdd/raspiblitz.conf; then + echo "LNBitsFunding=" >> /mnt/hdd/raspiblitz.conf + fi + sudo sed -i "s/^LNBitsFunding=.*/LNBitsFunding=${fundingsource}/g" /mnt/hdd/raspiblitz.conf + + echo "##############" + echo "# OK new fundig source set - does need restart or call: sudo systemctl restart lnbits" + echo "##############" + exit 0 fi diff --git a/home.admin/config.scripts/bonus.rtl.sh b/home.admin/config.scripts/bonus.rtl.sh index 3bcb94dcd..75d9cf002 100755 --- a/home.admin/config.scripts/bonus.rtl.sh +++ b/home.admin/config.scripts/bonus.rtl.sh @@ -4,7 +4,7 @@ RTLVERSION="v0.11.2" # check and load raspiblitz config # to know which network is running -source /home/admin/raspiblitz.info +source /mnt/hdd/raspiblitz.conf # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then diff --git a/home.admin/config.scripts/lnd.credentials.sh b/home.admin/config.scripts/lnd.credentials.sh index f99e5aa7e..061f547ab 100755 --- a/home.admin/config.scripts/lnd.credentials.sh +++ b/home.admin/config.scripts/lnd.credentials.sh @@ -162,12 +162,6 @@ elif [ "$1" = "sync" ]; then sudo ln -s "/mnt/hdd/lnd/tls.cert" "/mnt/hdd/app-data/lnd/tls.cert" # and create symlink fi - if [ "${LNBits}" = "on" ]; then - echo "# fix the macaroon for LNbits" - # https://github.com/rootzoll/raspiblitz/pull/1156#issuecomment-623293240 - sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons - fi - ########################### # Check Macaroons and fix missing ###########################