Integrate Tallycoin Connect (#2617)

2025-04-12 13:49:38 +02:00 · 2021-12-21 15:45:01 +01:00 · 2021-12-21 15:45:01 +01:00 · cf4dae5a7d
commit cf4dae5a7d
parent ccab24e8b6
6 changed files with 296 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -38,6 +38,7 @@ There are further Services that can be switched on:
 * **CL Spark Wallet** (WalletUI with BOLT12 offers) [details](https://github.com/shesek/spark-wallet#progressive-web-app)
 * **CL plugin: Sparko** (WalletUI & HTTP-RPC bridge) [details](https://github.com/fiatjaf/sparko#the-sparko-plugin)
 * **CL plugin: CLBOSS** (Automated Node Manager) [details](https://github.com/ZmnSCPxj/clboss#clboss-the-c-lightning-node-manager)
+* **Tallycoin Connect** (Use Tallycoin with your own node) [details](https://github.com/djbooth007/tallycoin_connect)

 You can connect the following Wallet-Apps to your RaspiBlitz:

@ -62,7 +63,6 @@ If you start at home ordering the parts from Amazon (see shopping list below) th

 If you already run a Umbrel or myNode you have basically all the hardware needed and you can make the [Migration to RaspiBlitz from Umbrel/myNode](#make-a-raspiblitz-out-of-your-umbrel-or-mynode) under one hour.

-
 ## Hardware Needed

 All parts together cost around 180-250 USD - based on shops and location.
@ -94,7 +94,7 @@ The idea of the shopping lists is to provide you the best tested hardware compon
  - Quimat 3,5'' Zoll Inch Touch
  - ELEGOO Display 3.5" Zoll TFT LCD
  - kuman 3.5 Inch Touch Screen TFT Monitor
-  - Waveshare 3.5inch Display for Raspberry Pi 
+  - Waveshare 3.5inch Display for Raspberry Pi

 *You can even pay for your RaspiBlitz Amazon Shopping with Bitcoin & Lightning through [Bitrefill](https://blog.bitrefill.com/its-here-buy-amazon-vouchers-with-bitcoin-on-bitrefill-bb2a4449724a).*

@ -116,7 +116,7 @@ In the end your RaspiBlitz should look like this:
 ## Downloading the Software

 |Method|Install the image|Build the sd card|
-|------|-----------------|-----------------|   
+|------|-----------------|-----------------|
 |Philosophy|Trust|Sovereignty|
 |Difficulty level|Easy|Medium|
 |Pros|Make Blitz accessible to everyone|You don't need to trust us, build from your own forked repository|
@ -577,7 +577,7 @@ To get some bitcoin testnet coins, you can use "faucets" from different places o

 You can read more about TESTNET and Bitcoin faucets here: https://kuttler.eu/code/bitcoin-testnet-blockchain-size-in-2020/

-##### ZeroTier 
+##### ZeroTier

 With ZeroTier you can add your RaspiBlitz to a software defined network - see for details: https://en.wikipedia.org/wiki/ZeroTier

@ -831,7 +831,7 @@ Dashboard Bitcoin information program (needs LND).

 ![PYBLOCK](pictures/pyblock.png)

-https://github.com/curly60e/pyblock/blob/master/README.md 
+https://github.com/curly60e/pyblock/blob/master/README.md

 ##### Channel Tools (chantools)

@ -985,7 +985,7 @@ If you want a web service, like BTCPay Server or LNbits, to be available to the
 You could use the self-signed HTTPS certificate that RaspiBlitz is offering you, but this will give users Security Warnings in their browser and is not very user friendly.
 That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is excepted without warning from almost all common browsers 

-Because you also need a domain name for that you will need to open a free account, the following are presently supported, would be good to add more with the help of the community: 
+Because you also need a domain name for that you will need to open a free account, the following are presently supported, would be good to add more with the help of the community:
 [DuckDNS.org](https://www.duckdns.org)
 [DYNU.com](https://www.dynu.com) (AT THE MOMENT NOT AVAILABLE)

@ -1259,7 +1259,7 @@ Go to your web browser, do the following:

    ![Dropbox API 3](https://github.com/rootzoll/raspiblitz/raw/v1.6/pictures/dropbox-3.png)

-    Now go back to the 'Settings' tab and under 'OAuth2', choose 'no expiration' under 'Access token expiration' then click the 'Generate' button. You will now see a long string of letters and numbers appear. This is your **Dropbox-Authtoken**. Make sure to copy the complete token string .. there might be more if you scroll to the right in the token field. 
+    Now go back to the 'Settings' tab and under 'OAuth2', choose 'no expiration' under 'Access token expiration' then click the 'Generate' button. You will now see a long string of letters and numbers appear. This is your **Dropbox-Authtoken**. Make sure to copy the complete token string .. there might be more if you scroll to the right in the token field.

 To test it, try opening or closing a channel and then check if you can find a copy of `channel.backup` in your Dropbox.
 You can check the background-script logs to see details on errors: `sudo journalctl -f -u background`
--- a/home.admin/_provision_.sh
+++ b/home.admin/_provision_.sh
@ -670,6 +670,15 @@ else
  echo "Provisioning CircuitBreaker - keep default" >> ${logFile}
 fi

+# tallycoin_connect
+if [ "${tallycoinConnect}" = "on" ]; then
+  echo "Provisioning Tallycoin Connect - run config script" >> ${logFile}
+  sudo sed -i "s/^message=.*/message='Setup Tallycoin Connect'/g" ${infoFile}
+  sudo -u admin /home/admin/config.scripts/bonus.tallycoin-connect.sh on >> ${logFile} 2>&1
+else
+  echo "Provisioning Tallycoin Connect - keep default" >> ${logFile}
+fi
+
 # custom install script from user
 customInstallAvailable=$(sudo ls /mnt/hdd/app-data/custom-installs.sh 2>/dev/null | grep -c "custom-installs.sh")
 if [ ${customInstallAvailable} -gt 0 ]; then
--- a/home.admin/assets/nginx/sites-available/tallycoin_connect_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/tallycoin_connect_ssl.conf
@ -0,0 +1,19 @@
+## tallycoin_connect_ssl.conf
+
+server {
+    listen 8124 ssl;
+    listen [::]:8124 ssl;
+    server_name _;
+
+    include /etc/nginx/snippets/ssl-params.conf;
+    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
+
+    access_log /var/log/nginx/access_tallycoin_connect.log;
+    error_log /var/log/nginx/error_tallycoin_connect.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:8123;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+}
--- a/home.admin/assets/nginx/sites-available/tallycoin_connect_tor.conf
+++ b/home.admin/assets/nginx/sites-available/tallycoin_connect_tor.conf
@ -0,0 +1,16 @@
+## tallycoin_connect_tor.conf
+
+server {
+    listen localhost:8125;
+    listen [::1]:8125;
+    server_name _;
+
+    access_log /var/log/nginx/access_tallycoin_connect.log;
+    error_log /var/log/nginx/error_tallycoin_connect.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:8123;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+}
--- a/home.admin/assets/nginx/sites-available/tallycoin_connect_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/tallycoin_connect_tor_ssl.conf
@ -0,0 +1,19 @@
+## tallycoin_connect_tor_ssl.conf
+
+server {
+    listen localhost:8126 ssl;
+    listen [::1]:8126 ssl;
+    server_name _;
+
+    include /etc/nginx/snippets/ssl-params.conf;
+    include /etc/nginx/snippets/ssl-certificate-app-data-tor.conf;
+
+    access_log /var/log/nginx/access_tallycoin_connect.log;
+    error_log /var/log/nginx/error_tallycoin_connect.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:8123;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+}
--- a/home.admin/config.scripts/bonus.tallycoin-connect.sh
+++ b/home.admin/config.scripts/bonus.tallycoin-connect.sh
@ -0,0 +1,226 @@
+#!/bin/bash
+
+# https://github.com/djbooth007/tallycoin_connect
+
+USERNAME=tallycoin
+APP_DATA_DIR=/mnt/hdd/app-data/tallycoin-connect
+HOME_DIR=/home/$USERNAME
+CONFIG_FILE=$APP_DATA_DIR/tallycoin_api.key
+RASPIBLITZ_INFO=/home/admin/raspiblitz.info
+RASPIBLITZ_CONF=/mnt/hdd/raspiblitz.conf
+SERVICE_FILE=/etc/systemd/system/tallycoin-connect.service
+TC_VERSION=1.7.0
+
+# command info
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
+ echo "config script to switch tallycoin_connect on or off"
+ echo "bonus.tallycoin-connect.sh [on|off|menu]"
+ exit 1
+fi
+
+# check and load raspiblitz config to know which network is running
+source $RASPIBLITZ_INFO
+source $RASPIBLITZ_CONF
+
+# show info menu
+if [ "$1" = "menu" ]; then
+  # get network info
+  localip=$(hostname -I | awk '{print $1}')
+  toraddress=$(sudo cat /mnt/hdd/tor/tallycoin-connect/hostname 2>/dev/null)
+  fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
+
+  if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
+    # Info with TOR
+    /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
+    whiptail --title " Tallycoin Connect " --msgbox "Open in your local web browser:
+http://${localip}:8123\n
+https://${localip}:8124 with Fingerprint:
+${fingerprint}\n
+Use your Password B to login.\n
+Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress}
+" 16 67
+    /home/admin/config.scripts/blitz.display.sh hide
+  else
+    # Info without TOR
+    whiptail --title " Tallycoin Connect " --msgbox "Open in your local web browser & accept self-signed cert:
+http://${localip}:8123\n
+https://${localip}:8124 with Fingerprint:
+${fingerprint}\n
+Use your Password B to login.\n
+Activate TOR to access the web interface from outside your local network.
+" 15 57
+  fi
+  echo "please wait ..."
+  exit 0
+fi
+
+# switch on
+if [ "$1" = "1" ] || [ "$1" = "on" ]; then
+  isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c 'tallycoin_connect')
+  if [ ${isInstalled} -eq 0 ]; then
+    echo "*** INSTALL TALLYCOIN CONNECT ***"
+
+    # install nodeJS
+    /home/admin/config.scripts/bonus.nodejs.sh on
+
+    # add user
+    sudo adduser --disabled-password --gecos "" $USERNAME
+
+    # install tallycoin_connect
+    cd $HOME_DIR
+    sudo -u $USERNAME wget https://github.com/djbooth007/tallycoin_connect/archive/refs/tags/v$TC_VERSION.tar.gz
+    sudo -u $USERNAME tar -xzf v$TC_VERSION.tar.gz
+    sudo -u $USERNAME mv tallycoin_connect{-$TC_VERSION,}
+    sudo -u $USERNAME rm v$TC_VERSION.tar.gz
+    cd tallycoin_connect
+    sudo -u $USERNAME cat .dockerignore | xargs rm -rf
+    sudo -u $USERNAME rm .dockerignore
+    sudo -u $USERNAME npm install
+    if ! [ $? -eq 0 ]; then
+        echo "FAIL - npm install did not run correctly, aborting"
+        exit 1
+    fi
+
+    # setup config
+    sudo mkdir -p $APP_DATA_DIR
+    sudo chown $USERNAME:$USERNAME $APP_DATA_DIR
+
+    if [[ ! -f "$CONFIG_FILE" ]]; then
+      configFile=/home/admin/tallycoin_api.key
+      touch $configFile
+      sudo chmod 600 $configFile || exit 1
+      passwordB=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
+      passwd=$(printf $passwordB | sha256sum | tr -d ' -')
+      tlsCert=$(base64 /mnt/hdd/app-data/lnd/tls.cert | tr -d '=' | tr '/+' '_-' | tr -d '\n')
+      macaroon=$(base64 /mnt/hdd/app-data/lnd/data/chain/${network}/${chain}net/admin.macaroon | tr -d '=' | tr '/+' '_-' | tr -d '\n')
+      echo "{\"tls_cert\":\"$tlsCert\",\"macaroon\":\"$macaroon\",\"tallycoin_passwd\":\"$passwd\"}" > $configFile
+
+      sudo mv $configFile $CONFIG_FILE
+      sudo chown $USERNAME:$USERNAME $CONFIG_FILE
+    fi
+
+    ##################
+    # NGINX
+    ##################
+    # setup nginx symlinks
+    if ! [ -f /etc/nginx/sites-available/tallycoin_connect_ssl.conf ]; then
+       sudo cp -f /home/admin/assets/nginx/sites-available/tallycoin_connect_ssl.conf /etc/nginx/sites-available/tallycoin_connect_ssl.conf
+    fi
+    if ! [ -f /etc/nginx/sites-available/tallycoin_connect_tor.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/tallycoin_connect_tor.conf /etc/nginx/sites-available/tallycoin_connect_tor.conf
+    fi
+    if ! [ -f /etc/nginx/sites-available/tallycoin_connect_tor_ssl.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/tallycoin_connect_tor_ssl.conf /etc/nginx/sites-available/tallycoin_connect_tor_ssl.conf
+    fi
+    sudo ln -sf /etc/nginx/sites-available/tallycoin_connect_ssl.conf /etc/nginx/sites-enabled/
+    sudo ln -sf /etc/nginx/sites-available/tallycoin_connect_tor.conf /etc/nginx/sites-enabled/
+    sudo ln -sf /etc/nginx/sites-available/tallycoin_connect_tor_ssl.conf /etc/nginx/sites-enabled/
+    sudo nginx -t
+    sudo systemctl reload nginx
+
+    # open the firewall
+    echo "*** Updating Firewall ***"
+    sudo ufw allow from any to any port 8123 comment 'allow Tallycoin Connect HTTP'
+    sudo ufw allow from any to any port 8124 comment 'allow Tallycoin Connect HTTPS'
+    echo ""
+
+    ##################
+    # SYSTEMD SERVICE
+    ##################
+
+    echo "# Install Tallycoin Connect systemd for ${network} on ${chain}"
+    echo "
+# Systemd unit for Tallycoin Connect
+
+[Unit]
+Description=Tallycoin Connect daemon
+Wants=lnd.service
+After=lnd.service
+
+[Service]
+WorkingDirectory=$HOME_DIR/tallycoin_connect
+Environment=\"CONFIG_FILE=$CONFIG_FILE\"
+ExecStart=/usr/bin/npm start
+User=tallycoin
+Restart=always
+TimeoutSec=120
+RestartSec=30
+StandardOutput=null
+StandardError=journal
+
+# Hardening measures
+PrivateTmp=true
+ProtectSystem=full
+NoNewPrivileges=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
+" | sudo tee $SERVICE_FILE
+    sudo systemctl enable tallycoin-connect
+
+    # setting value in raspiblitz config
+    sudo sed -i "s/^tallycoinConnect=.*/tallycoinConnect=on/g" $RASPIBLITZ_CONF
+
+    # Hidden Service for tallycoin-connect if Tor is active
+    if [ "${runBehindTor}" = "on" ]; then
+      # make sure to keep in sync with internet.tor.sh script
+      /home/admin/config.scripts/internet.hiddenservice.sh tallycoin-connect 80 8125 443 8126
+    fi
+    source $RASPIBLITZ_INFO
+    if [ "${state}" == "ready" ]; then
+      echo "# OK - the tallycoin-connect.service is enabled, system is ready so starting service"
+      sudo systemctl start tallycoin-connect
+    else
+      echo "# OK - the tallycoin-connect.service is enabled, to start manually use: 'sudo systemctl start tallycoin-connect'"
+    fi
+  else
+    echo "*** TALLYCOIN CONNECT ALREADY INSTALLED ***"
+  fi
+  exit 0
+fi
+
+# switch off
+if [ "$1" = "0" ] || [ "$1" = "off" ]; then
+  isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c 'tallycoin_connect')
+  if [ ${isInstalled} -eq 1 ]; then
+    echo "*** UNINSTALL TALLYCOIN CONNECT ***"
+
+    # remove systemd service
+    sudo systemctl stop tallycoin-connect
+    sudo systemctl disable tallycoin-connect
+    sudo rm -f $SERVICE_FILE
+
+    # close ports on firewall
+    sudo ufw delete allow from any to any port 8123 comment 'allow Tallycoin Connect HTTP'
+    sudo ufw delete allow from any to any port 8124 comment 'allow Tallycoin Connect HTTPS'
+
+    # remove nginx symlinks
+    sudo rm -f /etc/nginx/sites-enabled/tallycoin_connect_*
+    sudo nginx -t
+    sudo systemctl reload nginx
+
+    # Hidden Service if Tor is active
+    if [ "${runBehindTor}" = "on" ]; then
+      /home/admin/config.scripts/internet.hiddenservice.sh off tallycoin-connect
+    fi
+
+    # remove config
+    sudo rm -rf $APP_DATA_DIR
+
+    # delete user and home directory
+    sudo userdel -rf $USERNAME
+
+    # setting value in raspi blitz config
+    sudo sed -i "s/^tallycoinConnect=.*/tallycoinConnect=off/g" $RASPIBLITZ_CONF
+
+    echo "OK TALLYCOIN CONNECT removed."
+  else
+    echo "*** TALLYCOIN CONNECT NOT INSTALLED ***"
+  fi
+
+  exit 0
+fi
+
+echo "FAIL - Unknown Parameter $1"
+exit 1