lnd.creds: add groups and check for all macaroons

2025-09-26 03:28:04 +02:00 · 2020-08-24 14:43:03 +01:00
parent b9c33b34cc
commit b6c24da1f2
1 changed files with 55 additions and 14 deletions
--- a/home.admin/config.scripts/lnd.credentials.sh
+++ b/home.admin/config.scripts/lnd.credentials.sh
@@ -3,7 +3,7 @@
 # command info
 if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "tool to reset or sync credentials (e.g. macaroons)"
-  echo "lnd.credentials.sh [reset|sync] [?tls|macaroons]"
+  echo "lnd.credentials.sh [reset|sync|check] [?tls|macaroons|keepold]"
  exit 1
 fi
@@ -59,6 +59,23 @@ function copy_mac_set_perms() {
  sudo /bin/chmod --silent 640 /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
 }
 function check_macaroons() {
 macaroons="admin.macaroon invoice.macaroon readonly.macaroon invoices.macaroon chainnotifier.macaroon signer.macaroon  walletkit.macaroon router.macaroon"
 missing=0
 for macaroon in $macaroons
 do
  local file_name=${macaroon}
  local n=${1:-bitcoin} # the network (e.g. bitcoin or litecoin) defaults to bitcoin
  local c=${2:-main}    # the chain (e.g. main, test, sim, reg) defaults to main (for mainnet)
  if [ ! -f /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${macaroon}" ]; then
    missing=$(($missing + 1))
    echo "# ${macaroon} is missing ($missing)"
  else
    echo "# ${macaroon} is present"
  fi
 done
 }
 ###########################
 # RESET Macaroons and TLS
 ###########################
@@ -78,18 +95,28 @@ if [ "$1" = "reset" ]; then
    resetMacaroons=0
  fi
  if [ "$2" == "macaroons" ]; then
-    echo "# just resetting Macaroons"
+    echo "# just resetting macaroons"
    resetTLS=0
    resetMacaroons=1
    keepOldMacaroons=0
  fi
-  
+  if [ "$2" == "keepold" ]; then
    echo "# add the missing default macaroons without deauthenticating the old ones"
    resetTLS=0
    resetMacaroons=1
    keepOldMacaroons=1
  fi
  if [ ${resetMacaroons} -eq 1 ]; then
    echo "## Resetting Macaroons"
    echo "# all your macaroons get deleted and recreated"
    cd || exit
    sudo find /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
    sudo find /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
-    sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
+    if [ ${keepOldMacaroons} -eq 0 ]; then
      sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
    fi
  fi
  if [ ${resetTLS} -eq 1 ]; then
@@ -126,20 +153,25 @@ elif [ "$1" = "sync" ]; then
  echo "# make sure LND app-data directories exist"
  sudo /bin/mkdir --mode 0755 --parents /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/
  echo `# make sure all user groups exit for default macaroons`
  sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
  sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
  sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
  sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
  sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
  sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
  sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
  sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
  echo "# copy macaroons to central app-data directory and ensure unix ownerships and permissions"
  copy_mac_set_perms admin.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms invoice.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms invoices.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms readonly.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms chainnotifier.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms signer.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms walletkit.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms router.macaroon lndadmin "${network}" "${chain}"
  copy_mac_set_perms invoice.macaroon lndinvoice "${network}" "${chain}"
  copy_mac_set_perms invoices.macaroon lndinvoice "${network}" "${chain}"
  copy_mac_set_perms readonly.macaroon lndreadonly "${network}" "${chain}"
  copy_mac_set_perms invoices.macaroon lndinvoices "${network}" "${chain}"
  copy_mac_set_perms chainnotifier.macaroon lndchainnotifier "${network}" "${chain}"
  copy_mac_set_perms signer.macaroon lndsigner "${network}" "${chain}"
  copy_mac_set_perms walletkit.macaroon lndwalletkit "${network}" "${chain}"
  copy_mac_set_perms router.macaroon lndrouter "${network}" "${chain}"
  echo "# make sure admin has a symlink at ~/.lnd to /mnt/hdd/app-data/lnd/"
  if ! [[ -L "/home/admin/.lnd" ]]; then
@@ -177,6 +209,15 @@ elif [ "$1" = "sync" ]; then
    sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
  fi
 ###########################
 # Check Macaroons and fix missing
 ###########################
 elif [ "$1" = "check" ]; then
  check_macaroons ${network} ${chain}
  if [ $missing -gt 0 ]; then
    /home/admin/config.scrips/lnd.creds.sh reset keepold
  fi
 ###########################
 # UNKNOWN
 ###########################