highperfocused/raspiblitz
1
0
Fork 0
mirror of https://github.com/raspiblitz/raspiblitz.git synced 2025-03-17 21:31:45 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix #2792 & #2556 LNbits c-lightning (#2808)

Browse Source
This commit is contained in:
/rootzoll 2021-12-16 20:10:03 +01:00 committed by GitHub
parent f1478dff8a
commit 88d77d4197
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
22 changed files with 434 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
CHANGES.md
View File

@ -4,6 +4,7 @@
- Security: Verify git commits and tags everywhere possible [issue](https://github.com/rootzoll/raspiblitz/issues/2686)
- New: Compact the LND channel.db on-demand from REPAIR and before backups [issue](https://github.com/rootzoll/raspiblitz/issues/2752)
- New: Switch LNbits between lnd & c-lightning [issue](https://github.com/rootzoll/raspiblitz/issues/2556)
- Update: LND v0.14.1-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.14.1-beta)
- Update: C-lightning v0.10.2 [details](https://github.com/ElementsProject/lightning/releases/tag/v0.10.2)
- Update: Lightning Terminal v0.6.1-alpha with Lightning Node Connect over Tor [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.6.1-alpha)

6
home.admin/00mainMenu.sh
View File

@ -99,7 +99,11 @@ if [ "${BTCRPCexplorer}" == "on" ]; then
OPTIONS+=(EXPLORE "BTC RPC Explorer")
fi
if [ "${LNBits}" == "on" ]; then
OPTIONS+=(LNBITS "LNbits Server")
if [ "${LNBitsFunding}" == "lnd" ] || [ "${LNBitsFunding}" == "tlnd" ] || [ "${LNBitsFunding}" == "slnd" ] || [ "${LNBitsFunding}" == "" ]; then
OPTIONS+=(LNBITS "LNbits on LND")
elif [ "${LNBitsFunding}" == "cl" ] || [ "${LNBitsFunding}" == "tcl" ] || [ "${LNBitsFunding}" == "scl" ]; then
OPTIONS+=(LNBITS "LNbits on c-lightning")
fi
fi
if [ "${lndmanage}" == "on" ]; then
OPTIONS+=(LNDMANAGE "LND Manage Script")

9
home.admin/00settingsMenuServices.sh
View File

@ -43,12 +43,17 @@ if [ "${network}" == "bitcoin" ]; then
OPTIONS+=(w 'BTC Download Bitcoin Whitepaper' ${whitepaper})
fi
# available for both LND & c-lightning
if [ "${lnd}" == "on" ] || [ "${cl}" == "on" ]; then
OPTIONS+=(i 'LNbits (Lightning Accounts)' ${LNBits})
fi
# just available for LND
if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
OPTIONS+=(r 'LND RTL Webinterface' ${rtlWebinterface})
OPTIONS+=(t 'LND ThunderHub' ${thunderhub})
OPTIONS+=(l 'LND LIT (loop, pool, faraday)' ${lit})
OPTIONS+=(i 'LND LNbits' ${LNBits})
OPTIONS+=(o 'LND Balance of Satoshis' ${bos})
OPTIONS+=(y 'LND PyBLOCK' ${pyblock})
OPTIONS+=(h 'LND ChannelTools (Fund Rescue)' ${chantools})
@ -362,7 +367,7 @@ if [ ${check} -eq 1 ]; then choice="on"; fi
if [ "${LNBits}" != "${choice}" ]; then
echo "LNbits Setting changed .."
anychange=1
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh ${choice}
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh ${choice} ${lightning}
if [ "${choice}" = "on" ]; then
sudo systemctl start lnbits
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh menu

9
home.admin/_provision_.sh
View File

@ -534,9 +534,12 @@ fi
# LNbits
if [ "${LNBits}" = "on" ]; then
echo "Provisioning LNbits - run config script" >> ${logFile}
/home/admin/_cache.sh set message "Setup LNbits"
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh on >> ${logFile} 2>&1
if [ "${LNBitsFunding}" == "" ]; then
LNBitsFunding="lnd"
fi
echo "Provisioning LNbits (${LNBitsFunding}) - run config script" >> ${logFile}
sudo sed -i "s/^message=.*/message='Setup LNbits (${LNBitsFunding})'/g" ${infoFile}
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh on ${LNBitsFunding} >> ${logFile} 2>&1
else
echo "Provisioning LNbits - keep default" >> ${logFile}
fi

1
home.admin/assets/nginx/sites-available/btcpay_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:23002;
listen [::1]:23002;
server_name _;
access_log /var/log/nginx/access_btcpay.log;

1
home.admin/assets/nginx/sites-available/btcpay_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:23003 ssl;
listen [::1]:23003 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/btcrpcexplorer_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3022;
listen [::1]:3022;
server_name _;
access_log /var/log/nginx/access_thub.log;

1
home.admin/assets/nginx/sites-available/btcrpcexplorer_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3023 ssl;
listen [::1]:3023 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/lnbits_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:5002;
listen [::1]:5002;
server_name _;
access_log /var/log/nginx/access_lnbits.log;

1
home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:5003 ssl;
listen [::1]:5003 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/mempool_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:4082;
listen [::1]:4082;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/mempool_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:4083 ssl;
listen [::1]:4083 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/rtl_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3002;
listen [::1]:3002;
server_name _;
access_log /var/log/nginx/access_rtl.log;

1
home.admin/assets/nginx/sites-available/rtl_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3003 ssl;
listen [::1]:3003 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/sphinxrelay_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3302;
listen [::1]:3302;
server_name _;
access_log /var/log/nginx/access_sphinxrelay.log;

1
home.admin/assets/nginx/sites-available/sphinxrelay_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3303 ssl;
listen [::1]:3303 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

1
home.admin/assets/nginx/sites-available/thub_tor.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3012;
listen [::1]:3012;
server_name _;
access_log /var/log/nginx/access_thub.log;

1
home.admin/assets/nginx/sites-available/thub_tor_ssl.conf
View File

@ -2,7 +2,6 @@
server {
listen localhost:3013 ssl;
listen [::1]:3013 ssl;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;

3
home.admin/config.scripts/blitz.subscriptions.ip2tor.py
View File

@ -613,7 +613,7 @@ def menuMakeSubscription(blitzServiceName, torAddress, torPort):
d = Dialog(dialog="dialog", autowidgetsize=True)
d.set_background_title("Select IP2TOR Bridge Shop (communication secured thru TOR)")
code, text = d.inputbox(
"Enter Address of a IP2TOR Shop (OR JUST USE DEFAULT):",
"Enter Address of the IP2TOR Shop (OR JUST PRESS OK):",
height=10, width=72, init=shopurl,
title="Shop Address")
@ -1079,6 +1079,7 @@ def subscription_by_service():
subs = toml.load(SUBSCRIPTIONS_FILE)
for idx, sub in enumerate(subs['subscriptions_ip2tor']):
if sub['active'] and sub['name'] == service_name:
print("id='{0}'".format(sub['id']))
print("type='{0}'".format(sub['type']))
print("ip='{0}'".format(sub['ip']))
print("port='{0}'".format(sub['port']))

521
home.admin/config.scripts/bonus.lnbits.sh
View File

@ -5,11 +5,13 @@
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "small config script to switch LNbits on or off"
echo "bonus.lnbits.sh on [?GITHUBUSER] [?BRANCH]"
echo "bonus.lnbits.sh [off|status|menu|write-macaroons]"
echo "# DEVELOPMENT: TO SYNC WITH YOUR FORKED GITHUB-REPO"
echo "bonus.lnbits.sh github repo [GITHUBUSER] [?BRANCH]"
echo "bonus.lnbits.sh github sync"
echo "bonus.lnbits.sh on [lnd|tlnd|slnd|cl|tcl|scl] [?GITHUBUSER] [?BRANCH]"
echo "bonus.lnbits.sh switch [lnd|tlnd|slnd|cl|tcl|scl]"
echo "bonus.lnbits.sh off"
echo "bonus.lnbits.sh status"
echo "bonus.lnbits.sh menu"
echo "bonus.lnbits.sh prestart"
echo "bonus.lnbits.sh githubsync"
exit 1
fi
@ -33,6 +35,14 @@ if [ "$1" = "menu" ]; then
fi
fi
# add info on funding source
fundinginfo=""
if [ "${LNBitsFunding}" == "lnd" ] || [ "${LNBitsFunding}" == "tlnd" ] || [ "${LNBitsFunding}" == "slnd" ]; then
fundinginfo="on LND "
elif [ "${LNBitsFunding}" == "cl" ] || [ "${LNBitsFunding}" == "tcl" ] || [ "${LNBitsFunding}" == "scl" ]; then
fundinginfo="on c-lightning "
fi
text="Local Web Browser: https://${localIP}:${httpsPort}"
if [ ${#publicDomain} -gt 0 ]; then
@ -55,22 +65,107 @@ ${toraddress}"
if [ ${#ip2torDomain} -gt 0 ]; then
text="${text}\n
IP2TOR+LetsEncrypt: https://${ip2torDomain}:${ip2torPort}
SHA1 ${sslFingerprintTOR}"
SHA1 ${sslFingerprintTOR}\n
https://${ip2torDomain}:${ip2torPort} ready for public use"
elif [ ${#ip2torIP} -gt 0 ]; then
text="${text}\n
IP2TOR: https://${ip2torIP}:${ip2torPort}
SHA1 ${sslFingerprintTOR}
go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain"
SHA1 ${sslFingerprintTOR}\n
Consider adding a LetsEncrypt HTTPS Domain under OPTIONS."
elif [ ${#publicDomain} -eq 0 ]; then
text="${text}\n
To enable easy reachability with normal browser from the outside
consider adding a IP2TOR Bridge (MAINMENU > SUBSCRIBE)."
Consider adding a IP2TOR Bridge under OPTIONS."
fi
whiptail --title " LNbits " --msgbox "${text}" 16 69
whiptail --title " LNbits ${fundinginfo}" --yes-button "OK" --no-button "OPTIONS" --yesno "${text}" 18 69
result=$?
/home/admin/config.scripts/blitz.display.sh hide
echo "please wait ..."
echo "option (${result}) - please wait ..."
# exit when user presses OK to close menu
if [ ${result} -eq 0 ]; then
exit 0
fi
# LNbits OPTIONS menu
OPTIONS=()
# IP2TOR options
if [ "${ip2torDomain}" != "" ]; then
# IP2TOR+LetsEncrypt active - offer cancel
OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
elif [ "${ip2torIP}" != "" ]; then
# just IP2TOR active - offer cancel or Lets Encrypt
OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits")
OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
else
OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription")
fi
# Change Funding Source options (only if available)
if [ "${LNBitsFunding}" == "lnd" ] && [ "${cl}" == "on" ]; then
OPTIONS+=(SWITCH-CL "Switch: Use c-lightning as funding source")
elif [ "${LNBitsFunding}" == "cl" ] && [ "${lnd}" == "on" ]; then
OPTIONS+=(SWITCH-LND "Switch: Use LND as funding source")
fi
WIDTH=66
CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
HEIGHT=$((CHOICE_HEIGHT+7))
CHOICE=$(dialog --clear \
--title " LNbits - Options" \
--ok-label "Select" \
--cancel-label "Back" \
--menu "Choose one of the following options:" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
case $CHOICE in
IP2TOR-ON)
python /home/admin/config.scripts/blitz.subscriptions.ip2tor.py create-ssh-dialog LNBITS ${toraddress} 443
exit 0
;;
IP2TOR-OFF)
clear
python /home/admin/config.scripts/blitz.subscriptions.ip2tor.py subscription-cancel ${ip2torID}
echo
echo "OK - PRESS ENTER to continue"
read key
exit 0
;;
HTTPS-ON)
python /home/admin/config.scripts/blitz.subscriptions.letsencrypt.py create-ssh-dialog
exit 0
;;
SWITCH-CL)
clear
/home/admin/config.scripts/bonus.lnbits.sh switch cl
echo "Restarting LNbits ..."
sudo systemctl restart lnbits
echo
echo "OK new funding source for LNbits active."
echo "PRESS ENTER to continue"
read key
exit 0
;;
SWITCH-LND)
clear
/home/admin/config.scripts/bonus.lnbits.sh switch lnd
echo "Restarting LNbits ..."
sudo systemctl restart lnbits
echo
echo "OK new funding source for LNbits active."
echo "PRESS ENTER to continue"
read key
exit 0
;;
*)
clear
exit 0
esac
exit 0
fi
@ -86,6 +181,12 @@ if [ "$1" = "status" ]; then
echo "httpsPort='5001'"
echo "publicIP='${publicIP}'"
# check funding source
if [ "${LNBitsFunding}" == "" ]; then
LNBitsFunding="lnd"
fi
echo "LNBitsFunding='${LNBitsFunding}'"
# check for LetsEnryptDomain for DynDns
error=""
source <(sudo /home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $publicIP)
@ -135,46 +236,96 @@ if [ "$1" = "status" ]; then
exit 0
fi
# status
if [ "$1" = "write-macaroons" ]; then
##########################
# PRESTART
# - will be called as prestart by systemd service (as user lnbits)
#########################
# make sure its run as user admin
adminUserId=$(id -u admin)
if [ "${EUID}" != "${adminUserId}" ]; then
echo "error='please run as admin user'"
if [ "$1" = "prestart" ]; then
# users need to be `lnbits` so that it can be run by systemd as prestart (no SUDO available)
if [ "$USER" != "lnbits" ]; then
echo "# FAIL: run as user lnbits"
exit 1
fi
echo "make sure symlink to central app-data directory exists"
if ! [[ -L "/home/lnbits/.lnd" ]]; then
sudo rm -rf "/home/lnbits/.lnd" # not a symlink.. delete it silently
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lnbits/.lnd" # and create symlink
# get if its for lnd or cl service
echo "## lnbits.service PRESTART CONFIG"
echo "# --> /home/lnbits/lnbits/.env"
# set values based in funding source in raspiblitz config
LNBitsNetwork="bitcoin"
LNBitsChain=""
LNBitsLightning=""
if [ "${LNBitsFunding}" == "" ] || [ "${LNBitsFunding}" == "lnd" ]; then
LNBitsFunding="lnd"
LNBitsLightning="lnd"
LNBitsChain="main"
elif [ "${LNBitsFunding}" == "tlnd" ]; then
LNBitsLightning="lnd"
LNBitsChain="test"
elif [ "${LNBitsFunding}" == "slnd" ]; then
LNBitsLightning="lnd"
LNBitsChain="sig"
elif [ "${LNBitsFunding}" == "cl" ]; then
LNBitsLightning="cl"
LNBitsChain="main"
elif [ "${LNBitsFunding}" == "tcl" ]; then
LNBitsLightning="cl"
LNBitsChain="test"
elif [ "${LNBitsFunding}" == "scl" ]; then
LNBitsLightning="cl"
LNBitsChain="sig"
else
echo "# FAIL: Unknown LNBitsFunding=${LNBitsFunding}"
exit 1
fi
# set tls.cert path (use | as separator to avoid escaping file path slashes)
sudo -u lnbits sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/home/lnbits/.lnd/tls.cert|g" /home/lnbits/lnbits/.env
echo "# LNBitsFunding(${LNBitsFunding}) --> network(${LNBitsNetwork}) chain(${LNBitsChain}) lightning(${LNBitsLightning})"
# set macaroon path info in .env - USING HEX IMPORT
sudo chmod 600 /home/lnbits/lnbits/.env
macaroonAdminHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/admin.macaroon)
macaroonInvoiceHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/invoice.macaroon)
macaroonReadHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/readonly.macaroon)
sudo sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
sudo sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
sudo sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
# set lnd config
if [ "${LNBitsLightning}" == "lnd" ]; then
#echo "make sure lnbits is member of lndreadonly, lndinvoice, lndadmin"
#sudo /usr/sbin/usermod --append --groups lndinvoice lnbits
#sudo /usr/sbin/usermod --append --groups lndreadonly lnbits
#sudo /usr/sbin/usermod --append --groups lndadmin lnbits
echo "# setting lnd config fresh ..."
# set macaroon path info in .env - USING PATH
#sudo sed -i "s|^LND_REST_ADMIN_MACAROON=.*|LND_REST_ADMIN_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/admin.macaroon|g" /home/lnbits/lnbits/.env
#sudo sed -i "s|^LND_REST_INVOICE_MACAROON=.*|LND_REST_INVOICE_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/invoice.macaroon|g" /home/lnbits/lnbits/.env
#sudo sed -i "s|^LND_REST_READ_MACAROON=.*|LND_REST_READ_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/read.macaroon|g" /home/lnbits/lnbits/.env
echo "# OK - macaroons written to /home/lnbits/lnbits/.env"
# check if lnbits user has read access on lnd data files
checkReadAccess=$(cat /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon | grep -c "lnd")
if [ "${checkReadAccess}" != "1" ]; then
echo "# FAIL: missing lnd data in '/mnt/hdd/app-data/lnd' or missing access rights for lnbits user"
exit 1
fi
exit 0
echo "# Updating LND TLS & macaroon data fresh for LNbits config ..."
# set tls.cert path (use | as separator to avoid escaping file path slashes)
sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/mnt/hdd/app-data/lnd/tls.cert|g" /home/lnbits/lnbits/.env
# set macaroon path info in .env - USING HEX IMPORT
chmod 600 /home/lnbits/lnbits/.env
macaroonAdminHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon)
macaroonInvoiceHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/invoice.macaroon)
macaroonReadHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/readonly.macaroon)
sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
elif [ "${LNBitsLightning}" == "cl" ]; then
isUsingCL=$(cat /home/lnbits/lnbits/.env | grep -c "LNBITS_BACKEND_WALLET_CLASS=CLightningWallet")
if [ "${isUsingCL}" != "1" ]; then
echo "# FAIL: /home/lnbits/lnbits/.env not set to c-lightning"
exit 1
fi
echo "# everything looks OK for lnbits config on c-lightning on ${LNBitsChain}net"
else
echo "# FAIL: missing or not supported LNBitsLightning=${LNBitsLightning}"
exit 1
fi
echo "# OK: prestart finished"
exit 0 # exit with clean code
fi
if [ "$1" = "repo" ]; then
@ -191,7 +342,9 @@ if [ "$1" = "repo" ]; then
fi
# check if repo exists
githubRepo="https://github.com/${githubUser}/lnbits"
#githubRepo="https://github.com/${githubUser}/lnbits"
githubRepo="https://github.com/${githubUser}/lnbits-legend"
httpcode=$(curl -s -o /dev/null -w "%{http_code}" ${githubRepo})
if [ "${httpcode}" != "200" ]; then
echo "# tested github repo: ${githubRepo}"
@ -225,83 +378,124 @@ if [ "$1" = "sync" ] || [ "$1" = "repo" ]; then
fi
# stop service
echo "making sure services are not running"
sudo systemctl stop lnbits 2>/dev/null
# switch on
# install
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "*** INSTALL LNbits ***"
# check if already installed
isInstalled=$(sudo ls /etc/systemd/system/lnbits.service 2>/dev/null | grep -c 'lnbits.service')
if [ ${isInstalled} -eq 0 ]; then
if [ "${isInstalled}" == "1" ]; then
echo "# FAIL: already installed"
exit 1
fi
echo "*** Add the 'lnbits' user ***"
sudo adduser --disabled-password --gecos "" lnbits
# get funding source and check that its available
fundingsource="$2"
# make sure needed debian packages are installed
echo "# installing needed packages"
# get optional github parameter
githubUser="lnbits"
if [ "$2" != "" ]; then
githubUser="$2"
fi
githubBranch="tags/raspiblitz"
#githubBranch="f6bcff01f4b62ca26177f22bd2d479b01d371406"
if [ "$3" != "" ]; then
githubBranch="$3"
if [ "${fundingsource}" == "lnd" ]; then
if [ "${lnd}" != "on" ]; then
echo "#FAIL: lnd mainnet needs to activated"
exit 1
fi
# install from GitHub
echo "# get the github code user(${githubUser}) branch(${githubBranch})"
sudo rm -r /home/lnbits/lnbits 2>/dev/null
cd /home/lnbits
sudo -u lnbits git clone https://github.com/${githubUser}/lnbits.git
cd /home/lnbits/lnbits
sudo -u lnbits git checkout ${githubBranch}
elif [ "${fundingsource}" == "tlnd" ]; then
if [ "${tlnd}" != "on" ]; then
echo "#FAIL: lnd testnet needs to activated"
exit 1
fi
# prepare .env file
echo "# preparing env file"
sudo rm /home/lnbits/lnbits/.env 2>/dev/null
sudo -u lnbits touch /home/lnbits/lnbits/.env
sudo bash -c "echo 'QUART_APP=lnbits.app:create_app()' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=LndRestWallet' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_ENDPOINT=https://127.0.0.1:8080' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_CERT=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_ADMIN_MACAROON=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_INVOICE_MACAROON=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_READ_MACAROON=' >> /home/lnbits/lnbits/.env"
/home/admin/config.scripts/bonus.lnbits.sh write-macaroons
elif [ "${fundingsource}" == "slnd" ]; then
if [ "${slnd}" != "on" ]; then
echo "#FAIL: lnd signet needs to activated"
exit 1
fi
# set database path to HDD data so that its survives updates and migrations
sudo mkdir /mnt/hdd/app-data/LNBits 2>/dev/null
sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env"
elif [ "${fundingsource}" == "cl" ]; then
if [ "${cl}" != "on" ]; then
echo "# FAIL: c-lightning mainnet needs to activated"
exit 1
fi
# to the install
echo "# installing application dependencies"
cd /home/lnbits/lnbits
# do install like this
elif [ "${fundingsource}" == "tcl" ]; then
if [ "${tcl}" != "on" ]; then
echo "# FAIL: c-lightning testnet needs to activated"
exit 1
fi
sudo -u lnbits python3 -m venv venv
#sudo -u lnbits /home/lnbits/lnbits/venv/bin/pip install hypercorn
sudo -u lnbits ./venv/bin/pip install -r requirements.txt
elif [ "${fundingsource}" == "scl" ]; then
if [ "${scl}" != "on" ]; then
echo "# FAIL: c-lightning signet needs to activated"
exit 1
fi
# process assets
echo "# processing assets"
sudo -u lnbits ./venv/bin/quart assets
else
echo "# FAIL: unvalid fundig source parameter"
exit 1
fi
# update databases (if needed)
echo "# updating databases"
sudo -u lnbits ./venv/bin/quart migrate
# add lnbits user
echo "*** Add the 'lnbits' user ***"
sudo adduser --disabled-password --gecos "" lnbits 2>/dev/null
sudo /usr/sbin/usermod --append --groups bitcoin lnbits
# open firewall
echo
echo "*** Updating Firewall ***"
sudo ufw allow 5000 comment 'lnbits HTTP'
sudo ufw allow 5001 comment 'lnbits HTTPS'
echo ""
# get optional github parameter
githubUser="lnbits"
if [ "$3" != "" ]; then
githubUser="$3"
fi
#githubBranch="tags/raspiblitz"
githubBranch="ec874baa6b4ea3d6ec039c9bd71b9c73a899a737" #commit 5. December 2021
if [ "$4" != "" ]; then
githubBranch="$4"
fi
# install from GitHub
echo "# get the github code user(${githubUser}) branch(${githubBranch})"
sudo rm -r /home/lnbits/lnbits 2>/dev/null
cd /home/lnbits
sudo -u lnbits git clone https://github.com/${githubUser}/lnbits-legend lnbits
cd /home/lnbits/lnbits
sudo -u lnbits git checkout ${githubBranch}
# prepare .env file
echo "# preparing env file"
sudo rm /home/lnbits/lnbits/.env 2>/dev/null
sudo -u lnbits touch /home/lnbits/lnbits/.env
sudo bash -c "echo 'QUART_APP=lnbits.app:create_app()' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env"
# set database path to HDD data so that its survives updates and migrations
sudo mkdir /mnt/hdd/app-data/LNBits 2>/dev/null
sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env"
# let switch command part do the detail config
/home/admin/config.scripts/bonus.lnbits.sh switch ${fundingsource}
# to the install
echo "# installing application dependencies"
cd /home/lnbits/lnbits
# do install like this
sudo -u lnbits python3 -m venv venv
sudo -u lnbits ./venv/bin/pip install -r requirements.txt
sudo -u lnbits ./venv/bin/pip install pylightning
# process assets
echo "# processing assets"
sudo -u lnbits ./venv/bin/quart assets
# update databases (if needed)
echo "# updating databases"
sudo -u lnbits ./venv/bin/quart migrate
# open firewall
echo
echo "*** Updating Firewall ***"
sudo ufw allow 5000 comment 'lnbits HTTP'
sudo ufw allow 5001 comment 'lnbits HTTPS'
echo ""
# install service
echo "*** Install systemd ***"
@ -315,12 +509,13 @@ After=bitcoind.service
[Service]
WorkingDirectory=/home/lnbits/lnbits
ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart
ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && ./venv/bin/hypercorn -k trio --bind 0.0.0.0:5000 "lnbits.app:create_app()"'
User=lnbits
Restart=always
TimeoutSec=120
RestartSec=30
StandardOutput=null
StandardOutput=journal
StandardError=journal
# Hardening measures
@ -343,10 +538,6 @@ EOF
echo "# OK - lnbits service is enabled, but needs reboot or manual starting: sudo systemctl start lnbits"
fi
else
echo "LNbits already installed."
fi
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/lnbits_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/lnbits_ssl.conf /etc/nginx/sites-available/lnbits_ssl.conf
@ -372,6 +563,118 @@ EOF
# make sure to keep in sync with tor.network.sh script
/home/admin/config.scripts/tor.onion-service.sh lnbits 80 5002 443 5003
fi
echo "# OK install done ... might need to restart or call: sudo systemctl start lnbits"
exit 0
fi
# config for a special funding source (e.g lnd or c-lightning as backend)
if [ "$1" = "switch" ]; then
echo "## bonus.lnbits.sh switch $2"
# get funding source and check that its available
fundingsource="$2"
clrpcsubdir=""
if [ "${fundingsource}" == "lnd" ]; then
if [ "${lnd}" != "on" ]; then
echo "#FAIL: lnd mainnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "tlnd" ]; then
if [ "${tlnd}" != "on" ]; then
echo "# FAIL: lnd testnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "slnd" ]; then
if [ "${slnd}" != "on" ]; then
echo "# FAIL: lnd signet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "cl" ]; then
if [ "${cl}" != "on" ]; then
echo "# FAIL: c-lightning mainnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "tcl" ]; then
clrpcsubdir="/testnet"
if [ "${tcl}" != "on" ]; then
echo "# FAIL: c-lightning testnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "scl" ]; then
clrpcsubdir="/signet"
if [ "${scl}" != "on" ]; then
echo "# FAIL: c-lightning signet not installed or running"
exit 1
fi
else
echo "# FAIL: unvalid fundig source parameter"
exit 1
fi
echo "##############"
echo "# NOTE: If you switch the funding source of a running LNbits instance all sub account will keep balance."
echo "# Make sure that the new funding source has enough sats to cover the LNbits bookeeping of sub accounts."
echo "##############"
# remove all old possible settings for former funding source (clean state)
sudo sed -i "/^LNBITS_BACKEND_WALLET_CLASS=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_ENDPOINT=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_CERT=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_ADMIN_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_INVOICE_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_READ_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo /usr/sbin/usermod -G lnbits lnbits
sudo sed -i "/^CLIGHTNING_RPC=/d" /home/lnbits/lnbits/.env 2>/dev/null
# LND CONFIG
if [ "${fundingsource}" == "lnd" ] || [ "${fundingsource}" == "tlnd" ] || [ "${fundingsource}" == "slnd" ]; then
# make sure lnbits user can access LND credentials
echo "# adding lnbits user is member of lndreadonly, lndinvoice, lndadmin"
sudo /usr/sbin/usermod --append --groups lndinvoice lnbits
sudo /usr/sbin/usermod --append --groups lndreadonly lnbits
sudo /usr/sbin/usermod --append --groups lndadmin lnbits
# prepare config entries in lnbits config for lnd
echo "# preparing lnbits config for lnd"
sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=LndRestWallet' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_ENDPOINT=https://127.0.0.1:8080' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_CERT=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_ADMIN_MACAROON=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_INVOICE_MACAROON=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_READ_MACAROON=' >> /home/lnbits/lnbits/.env"
fi
if [ "${fundingsource}" == "cl" ] || [ "${fundingsource}" == "tcl" ] || [ "${fundingsource}" == "scl" ]; then
echo "# allowing lnbits user as part of the bitcoin group to RW RPC hook"
sudo chmod 770 /home/bitcoin/.lightning/bitcoin${clrpcsubdir}
sudo chmod 660 /home/bitcoin/.lightning/bitcoin${clrpcsubdir}/lightning-rpc
echo "# preparing lnbits config for c-lightning"
sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=CLightningWallet' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'CLIGHTNING_RPC=/home/bitcoin/.lightning/bitcoin${clrpcsubdir}/lightning-rpc' >> /home/lnbits/lnbits/.env"
fi
# set raspiblitz config value for funding
if ! grep -Eq "^LNBitsFunding=" /mnt/hdd/raspiblitz.conf; then
echo "LNBitsFunding=" >> /mnt/hdd/raspiblitz.conf
fi
sudo sed -i "s/^LNBitsFunding=.*/LNBitsFunding=${fundingsource}/g" /mnt/hdd/raspiblitz.conf
echo "##############"
echo "# OK new fundig source set - does need restart or call: sudo systemctl restart lnbits"
echo "##############"
exit 0
fi

2
home.admin/config.scripts/bonus.rtl.sh
View File

@ -4,7 +4,7 @@ RTLVERSION="v0.11.2"
# check and load raspiblitz config
# to know which network is running
source /home/admin/raspiblitz.info
source /mnt/hdd/raspiblitz.conf
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then

6
home.admin/config.scripts/lnd.credentials.sh
View File

@ -162,12 +162,6 @@ elif [ "$1" = "sync" ]; then
sudo ln -s "/mnt/hdd/lnd/tls.cert" "/mnt/hdd/app-data/lnd/tls.cert" # and create symlink
fi
if [ "${LNBits}" = "on" ]; then
echo "# fix the macaroon for LNbits"
# https://github.com/rootzoll/raspiblitz/pull/1156#issuecomment-623293240
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
fi
###########################
# Check Macaroons and fix missing
###########################