Merge branch 'v1.4patch23' of https://github.com/openoms/raspiblitz into v1.4patch23

2025-09-20 13:02:21 +02:00 · 2020-02-02 11:25:47 +00:00
parent fa1349c7e4 9f48aeaedc
commit 9d2fede475
12 changed files with 3475 additions and 39 deletions
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@@ -661,6 +661,22 @@ echo "*** HARDENING ***"
 # fail2ban (no config required)
 sudo apt-get install -y --no-install-recommends python3-systemd fail2ban

+if [ "${baseImage}" = "raspbian" ]; then
+  echo ""
+  echo "*** DISABLE BLUETOOTH ***"
+
+  # disable bluetooth module
+  sudo sh -c "echo 'dtoverlay=pi3-disable-bt' >> /boot/config.txt"
+  sudo sh -c "echo 'dtoverlay=disable-bt' >> /boot/config.txt"
+
+  # remove bluetooth services
+  sudo systemctl disable bluetooth.service
+  sudo systemctl disable hciuart.service
+
+  # remove bluetooth packages
+  sudo apt remove -y --purge pi-bluetooth bluez bluez-firmware
+fi
+
 # *** BOOTSTRAP ***
 # see background README for details
 echo ""
--- a/home.admin/00settingsMenuServices.sh
+++ b/home.admin/00settingsMenuServices.sh
@@ -457,7 +457,7 @@ if [ ${check} -eq 1 ]; then choice="on"; fi
 if [ "${BTCPayServer}" != "${choice}" ]; then
  echo "BTCPayServer setting changed .."
  anychange=1
-  /home/admin/config.scripts/bonus.btcpayserver.sh ${choice}
+  /home/admin/config.scripts/bonus.btcpayserver.sh ${choice} tor
  errorOnInstall=$?
  if [ "${choice}" =  "on" ]; then
    if [ ${errorOnInstall} -eq 0 ]; then
--- a/home.admin/10setupBlitz.sh
+++ b/home.admin/10setupBlitz.sh
@@ -216,8 +216,7 @@ if [ ${isMounted} -eq 1 ]; then
    echo "Litecoin Options"
    menuitem=$(dialog --clear --beep --backtitle "RaspiBlitz" --title "Getting the Blockchain" \
    --menu "You need a copy of the Litecoin Blockchain - you have 2 options:" 13 75 4 \
-    T "TORRENT  --> MAINNET thru Torrent (DEFAULT)" \
-    S "SYNC     --> MAINNET thru Litecoin Network (FALLBACK+SLOW)" 2>&1 >/dev/tty)
+    S "SYNC     --> MAINNET thru Litecoin Network" 2>&1 >/dev/tty)

  # error
  else
--- a/home.admin/50torrentHDD.sh
+++ b/home.admin/50torrentHDD.sh
@@ -10,7 +10,7 @@ source /home/admin/raspiblitz.info
 # using https://getbitcoinblockchain.com/ as abase
 # and make my own upt-to-date update file becuase they dont do that anymore
 bitcoinBase="raspiblitz-bitcoin2-2019-05-01-base"
-bitcoinUpdate="raspiblitz-bitcoin2-2019-06-29-update"
+bitcoinUpdate="raspiblitz-bitcoin2-2020-01-28-update"

 litecoinBase="raspiblitz-litecoin2-2019-06-29-base"
 litecoinUpdate="raspiblitz-litecoin2-2019-06-29-update"
--- a/home.admin/XXdebugLogs.sh
+++ b/home.admin/XXdebugLogs.sh
@@ -114,6 +114,16 @@ else
  echo ""
 fi

+if [ "${BTCPayServer}" = "on" ]; then
+  echo "*** LAST 20 BTCPayServer LOGS ***"
+  echo "sudo journalctl -u btcpayserver -b --no-pager -n20"
+  sudo journalctl -u btcpayserver -b --no-pager -n20
+  echo ""
+else
+  echo "- BTCPayServer is OFF by config"
+  echo ""
+fi
+
 echo "*** HARDWARE TEST RESULTS ***"
 showImproveInfo=0
 if [ ${#undervoltageReports} -gt 0 ]; then
--- a/home.admin/_bootstrap.provision.sh
+++ b/home.admin/_bootstrap.provision.sh
@@ -255,8 +255,17 @@ fi

 # BTCPAYSERVER - not restored due to need for domain name and port forwarding
 if [ "${BTCPayServer}" = "on" ]; then
-  echo "Setting BTCPayServer to be off - will need to be reinstalled from the menu again" >> ${logFile}
-  sudo sed -i "s/^BTCPayServer=.*/BTCPayServer=off/g" /mnt/hdd/raspiblitz.conf
+  # --> TODO: BTCPay Server install does not run clean during provision
+  # --> needs install when everything is already 'running'
+  #if [ "${runBehindTor}" = "on" ] && [ "${BTCPayDomain}" = "localhost" ]; then
+  #  echo "Provisioning BTCPAYSERVER on TOR - run config script" >> ${logFile}
+  #  sudo sed -i "s/^message=.*/message='Setup BTCPay (takes time)'/g" ${infoFile}
+  #  sudo -u admin /home/admin/config.scripts/bonus.btcpayserver.sh on tor >> ${logFile} 2>&1
+  #else
+    # provisioning non-TOR BTCPayServer is not supported yet - needs manual reinstall
+    echo "Setting BTCPayServer to be off - will need to be reinstalled from the menu again" >> ${logFile}
+    sudo sed -i "s/^BTCPayServer=.*/BTCPayServer=off/g" /mnt/hdd/raspiblitz.conf
+  #fi
 else
  echo "Provisioning BTCPayServer - keep default" >> ${logFile}
 fi
@@ -341,8 +350,6 @@ else
    echo "Provisioning UPS - not active" >> ${logFile}
 fi

-
-
 # replay backup LND conf & tlscerts
 # https://github.com/rootzoll/raspiblitz/issues/324
 echo "" >> ${logFile}
--- a/home.admin/assets/raspiblitz-bitcoin2-2020-01-28-update.torrent
+++ b/home.admin/assets/raspiblitz-bitcoin2-2020-01-28-update.torrent
--- a/home.admin/assets/raspiblitz-torrents-rss.xml
+++ b/home.admin/assets/raspiblitz-torrents-rss.xml
@@ -57,6 +57,15 @@
      />
    </item>

+    <item>
+      <guid>http://github.com/rootzoll/raspiblitz/raw/v1.4/home.admin/assets/raspiblitz-bitcoin2-2020-01-28-update.torrent</guid>
+      <title>raspiblitz-bitcoin2-2020-01-28-update.torrent</title>
+      <enclosure 
+        url="http://github.com/rootzoll/raspiblitz/raw/v1.4/home.admin/assets/raspiblitz-bitcoin2-2020-01-28-update.torrent" 
+        type="application/x-bittorrent" 
+      />
+    </item>
+
  </channel>

 </rss>
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@@ -5,7 +5,7 @@
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "config script to switch BTCPay Server on or off"
-  echo "bonus.btcpayserver.sh [on|off]"
+  echo "bonus.btcpayserver.sh [on|off|menu] [ip|tor]"
  exit 1
 fi

@@ -22,12 +22,10 @@ if [ "$1" = "menu" ]; then

    # TOR
    /home/admin/config.scripts/blitz.lcd.sh qr "${toraddress}"
-    whiptail --title " BTCPay Server (TOR) " --msgbox "Open the following URL in your local web browser:
-https://${localip}
-You will need to accept the selfsigned certificate in the browser.\n
-Hidden Service address for Tor Browser (see the LCD for a QRcode):
-${toraddress}
-" 12 70
+    whiptail --title " BTCPay Server (TOR) " --msgbox "Have TOR Browser installed on your laptop and open:\n
+${toraddress}\n
+See LCD of RaspiBlitz for QR code of this address if you want to open on mobile devices with TOR browser.
+" 12 67
    /home/admin/config.scripts/blitz.lcd.sh hide
  else

@@ -43,10 +41,13 @@ in README of https://github.com/rootzoll/raspiblitz
  exit 0
 fi

-# add default value to raspi config if needed
+# add default values to raspi config if needed
 if ! grep -Eq "^BTCPayServer=" /mnt/hdd/raspiblitz.conf; then
  echo "BTCPayServer=off" >> /mnt/hdd/raspiblitz.conf
 fi
+if ! grep -Eq "^BTCPayDomain=" /mnt/hdd/raspiblitz.conf; then
+  echo "BTCPayDomain=off" >> /mnt/hdd/raspiblitz.conf
+fi

 # stop services
 echo "making sure services are not running"
@@ -57,13 +58,23 @@ sudo systemctl stop btcpayserver 2>/dev/null
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "*** INSTALL BTCPAYSERVER ***"

+  # --> just serving directly thru TOR for now
  # setting up nginx and the SSL certificate    
-  /home/admin/config.scripts/bonus.btcpaysetdomain.sh
-  errorOnInstall=$?
-  if [ ${errorOnInstall} -eq 1 ]; then
-   echo "exiting as user cancelled BTCPayServer installation"  
-   exit 1
-  fi 
+  #/home/admin/config.scripts/bonus.btcpaysetdomain.sh
+  #errorOnInstall=$?
+  #if [ ${errorOnInstall} -eq 1 ]; then
+  # echo "exiting as user cancelled BTCPayServer installation"  
+  # exit 1
+  #fi
+
+  if [ "$2" == "tor" ]; then
+    sudo sed -i "s/^BTCPayDomain=.*/BTCPayDomain='localhost'/g" /mnt/hdd/raspiblitz.conf
+    /home/admin/config.scripts/internet.hiddenservice.sh btcpay 80 23000
+  else
+    echo "# FAIL - at the moment only BTCPay Server over TOR is supported"
+    exit 1
+  fi
+
  # check for $BTCPayDomain
  source /mnt/hdd/raspiblitz.conf

@@ -269,6 +280,9 @@ WantedBy=multi-user.target
    sudo cp /mnt/hdd/lnd/data/chain/bitcoin/mainnet/admin.macaroon /home/btcpay/admin.macaroon
    sudo chown btcpay:btcpay /home/btcpay/admin.macaroon
    sudo chmod 600 /home/btcpay/admin.macaroon
+    
+    doesNetworkEntryAlreadyExists=$(sudo cat /home/btcpay/.btcpayserver/Main/settings.config | grep -c '^network=')
+    if [ ${doesNetworkEntryAlreadyExists} -eq 0 ]; then
    echo "
 ### Global settings ###
 network=mainnet
@@ -282,6 +296,7 @@ externalurl=https://$BTCPayDomain
 BTC.explorer.url=http://127.0.0.1:24444/
 BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/home/btcpay/admin.macaroon;certthumbprint=$FINGERPRINT
 " | sudo -u btcpay tee -a /home/btcpay/.btcpayserver/Main/settings.config
+    fi

    sudo systemctl restart btcpayserver
  else 
--- a/home.admin/config.scripts/bonus.btcpaysetdomain.sh
+++ b/home.admin/config.scripts/bonus.btcpaysetdomain.sh
@@ -71,7 +71,6 @@ if ! grep -Eq "^BTCPayDomain=" /mnt/hdd/raspiblitz.conf; then
  echo "BTCPayDomain=off" >> /mnt/hdd/raspiblitz.conf
 fi

-
 echo ""
 echo "***"
 echo "Setting up Nginx and Certbot"
@@ -82,15 +81,14 @@ if [ $ownDomain -eq 1 ]; then
  localip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/')
  echo ""
  echo "***"
-  echo "Confirm that the ports 443 and 9735 are open on your router" 
-  echo "AND the port 80 points to the port 23001 of your RaspiBlitz."
+  echo "Confirm that the ports 80, 443 and 9735 are forwarded to your RaspiBlitz" 
  echo ""
  echo "Press [ENTER] to continue or use [CTRL + C] to exit"
  echo ""
  echo "Example settings for your router:"
  echo "forward the port 443 to port 443 on ${localip}"
  echo "forward the port 9735 to port 9735 on ${localip}"
-  echo "forward the port 80 to port 23001 on ${localip}"
+  echo "forward the port 80 to port 80 on ${localip}"
  read key
  
  echo ""
@@ -118,7 +116,7 @@ if [ $ownDomain -eq 1 ]; then
  # install nginx and certbot
  sudo apt-get install nginx-full certbot -y
  
-  sudo ufw allow 23001 comment 'btcpayserver TCP'
+  sudo ufw allow 80 comment 'HTTP web server'
  sudo ufw allow 443 comment 'btcpayserver SSL'
  
  # get SSL cert
@@ -181,7 +179,7 @@ proxy_set_header Proxy \"\";


 server {
-    listen 23001 default_server;
+    listen 80 default_server;
    server_name _;
    return 301 https://\$host\$request_uri;
 }
--- a/home.admin/config.scripts/bonus.electrs.sh
+++ b/home.admin/config.scripts/bonus.electrs.sh
@@ -39,7 +39,8 @@ if [ "$1" = "status" ]; then
    # Experimental try to get sync Info
    syncedToBlock=$(sudo journalctl -u electrs --no-pager -n100 | grep "new headers from height" | tail -n 1 | cut -d " " -f 16 | sed 's/[^0-9]*//g')
    blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.headers' | sed 's/[^0-9]*//g')
-    if [ "${syncedToBlock}" = "${blockchainHeight}" ]; then
+    lastBlockchainHeight=$(($blockchainHeight -1))
+    if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then
      echo "isSynced=1"
    else
      echo "isSynced=0"
@@ -51,7 +52,7 @@ if [ "$1" = "status" ]; then
    echo "localIP='${localIP}'"
    echo "publicIP='${publicIP}'"
    echo "portTCP='50001'"
-    localPortRunning=$(sudo -u electrs lsof -i | grep 'IPv4' | grep -c '50001 (LISTEN)')
+    localPortRunning=$(sudo netstat -a | grep -c '0.0.0.0:50001')
    echo "localTCPPortActive=${localPortRunning}"
    publicPortRunning=$(nc -z -w6 ${publicIP} 50001 2>/dev/null; echo $?)
    if [ "${publicPortRunning}" == "0" ]; then
@@ -61,16 +62,16 @@ if [ "$1" = "status" ]; then
      # no answere on that port
      echo "publicTCPPortAnswering=0"
    fi
-    echo "portHTTPS='50002'"
-    localPortRunning=$(sudo -u electrs lsof -i | grep 'IPv4' | grep -c '50002 (LISTEN)')
-    echo "localHTTPSPortActive=${localPortRunning}"
+    echo "portHTTP='50002'"
+    localPortRunning=$(sudo netstat -a | grep -c '0.0.0.0:50002')
+    echo "localHTTPPortActive=${localPortRunning}"
    publicPortRunning=$(nc -z -w6 ${publicIP} 50002 2>/dev/null; echo $?)
    if [ "${publicPortRunning}" == "0" ]; then
      # OK looks good - but just means that somethingis answering on that port
-      echo "publicHTTPSPortAnswering=1"
+      echo "publicHTTPPortAnswering=1"
    else
      # no answere on that port
-      echo "publicHTTPSPortAnswering=0"
+      echo "publicHTTPPortAnswering=0"
    fi
    # add TOR info
    if [ "${runBehindTor}" == "on" ]; then
@@ -138,11 +139,11 @@ This can take multiple hours.
    echo
    echo "On Network Settings > Server menu:"
    echo "- deavtivate automatic server selection"
-    echo "- as manual server set '${localIP}' & '${portHTTPS}'"
+    echo "- as manual server set '${localIP}' & '${portHTTP}'"
    echo "- laptop and RaspiBlitz need to be within same local network"
    echo 
    echo "To start directly from laptop terminal use:"
-    echo "electrum --oneserver --server ${localIP}:${portHTTPS}:s"
+    echo "electrum --oneserver --server ${localIP}:${portHTTP}:s"
    if [ ${TORrunning} -eq 1 ]; then
      echo ""
      echo "The TOR Hidden Service address for electrs is (see LCD for QR code):"
--- a/home.admin/config.scripts/internet.dyndomain.sh
+++ b/home.admin/config.scripts/internet.dyndomain.sh
@@ -27,7 +27,7 @@ fi
 if [ "${turn}" = "on" ] && [ ${#dynDomain} -eq 0 ]; then

  # make sure dialog file is writeable
-  sudp touch ./.tmp
+  sudo touch ./.tmp
  sudo chmod 777 ./.tmp

  dialog --backtitle "DynamicDNS" --inputbox "ENTER the Dynamic Domain Name:
@@ -132,4 +132,4 @@ fi
 sudo /home/admin/config.scripts/lnd.newtlscert.sh

 echo "may needs reboot to run normal again"
-exit 0
+exit 0