adding helipad as a service (#2944)

README.md

@@ -158,6 +158,7 @@ There are further Services that can be switched on:
 * **Telegraf metrics** [details](https://github.com/rootzoll/raspiblitz/issues/1369)
 * **Chantools** (Fund Rescue) [details](https://github.com/guggero/chantools/blob/master/README.md)
 * **Suez** (Channel Visualization for LND & CL) [details](https://github.com/prusnak/suez#suez)
+* **Helipad** (Podcasting 2.0 Boostagram reader) [details](https://github.com/Podcastindex-org/helipad)
 * **CL Spark Wallet** (WalletUI with BOLT12 offers) [details](https://github.com/shesek/spark-wallet#progressive-web-app)
 * **CL plugin: Sparko** (WalletUI & HTTP-RPC bridge) [details](https://github.com/fiatjaf/sparko#the-sparko-plugin)
 * **CL plugin: CLBOSS** (Automated Node Manager) [details](https://github.com/ZmnSCPxj/clboss#clboss-the-c-lightning-node-manager)

home.admin/00mainMenu.sh

@@ -141,6 +141,9 @@ fi
 if [ "${sphinxrelay}" == "on" ]; then
   OPTIONS+=(SPHINX "Sphinx Chat Relay")
 fi
+if [ "${helipad}" == "on" ]; then
+  OPTIONS+=(HELIPAD "Helipad Boostagram reader")
+fi
 if [ "${chantools}" == "on" ]; then
   OPTIONS+=(CHANTOOLS "ChannelTools (Fund Rescue)")
 fi
@@ -297,6 +300,9 @@ case $CHOICE in
         SPHINX)
             sudo /home/admin/config.scripts/bonus.sphinxrelay.sh menu
             ;;
+        HELIPAD)
+            sudo /home/admin/config.scripts/bonus.helipad.sh menu
+            ;;
         CHANTOOLS)
             sudo /home/admin/config.scripts/bonus.chantools.sh menu
             ;;

home.admin/00settingsMenuServices.sh

@@ -27,6 +27,7 @@ if [ ${#chantools} -eq 0 ]; then chantools="off"; fi
 if [ ${#sparko} -eq 0 ]; then sparko="off"; fi
 if [ ${#spark} -eq 0 ]; then spark="off"; fi
 if [ ${#tallycoinConnect} -eq 0 ]; then tallycoinConnect="off"; fi
+if [ ${#helipad} -eq 0 ]; then helipad="off"; fi
 if [ ${#bitcoinminds} -eq 0 ]; then bitcoinminds="off"; fi
 
 # show select dialog
@@ -61,6 +62,7 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
   OPTIONS+=(y 'LND PyBLOCK' ${pyblock})
   OPTIONS+=(h 'LND ChannelTools (Fund Rescue)' ${chantools})
   OPTIONS+=(x 'LND Sphinx-Relay' ${sphinxrelay})
+  OPTIONS+=(f 'LND Helipad Boostagram reader' ${helipad})
   OPTIONS+=(d 'LND Tallycoin Connect' ${tallycoinConnect})
 fi
 
@@ -414,6 +416,21 @@ else
   echo "Sphinx Relay unchanged."
 fi
 
+# Helipad
+choice="off"; check=$(echo "${CHOICES}" | grep -c "d")
+if [ ${check} -eq 1 ]; then choice="on"; fi
+if [ "${helipad}" != "${choice}" ]; then
+  echo "Helipad setting changed .."
+  anychange=1
+  sudo -u admin /home/admin/config.scripts/bonus.helipad.sh ${choice}
+  if [ "${choice}" =  "on" ]; then
+    sudo systemctl start helipad
+    sudo -u admin /home/admin/config.scripts/bonus.helipad.sh menu
+  fi
+else
+  echo "Helipad setting unchanged."
+fi
+
 # Tallycoin
 choice="off"; check=$(echo "${CHOICES}" | grep -c "d")
 if [ ${check} -eq 1 ]; then choice="on"; fi

home.admin/_provision_.sh

@@ -688,6 +688,15 @@ else
   echo "Sphinx-Relay - keep default" >> ${logFile}
 fi
 
+# helipad
+if [ "${helipad}" = "on" ]; then
+  echo "Helipad - run config script" >> ${logFile}
+  sudo sed -i "s/^message=.*/message='Setup Helipad'/g" ${infoFile}
+  sudo -u admin /home/admin/config.scripts/bonus/helipad.sh on >> ${logFile} 2>&1
+else
+  echo "Helipad - keep default" >> ${logFile}
+fi
+
 # circuitbreaker
 if [ "${circuitbreaker}" = "on" ]; then
   echo "Provisioning CircuitBreaker - run config script" >> ${logFile}

home.admin/assets/nginx/sites-available/helipad_ssl.conf

@@ -0,0 +1,20 @@
+## helipad_ssl.conf
+
+server {
+    listen 2113 ssl;
+    listen [::]:2113 ssl;
+    server_name _;
+
+    include /etc/nginx/snippets/ssl-params.conf;
+    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
+
+    access_log /var/log/nginx/access_helipad.log;
+    error_log /var/log/nginx/error_helipad.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:2112;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+
+}

home.admin/assets/nginx/sites-available/helipad_tor.conf

@@ -0,0 +1,16 @@
+## helipad_tor.conf
+
+server {
+    listen localhost:2114;
+    server_name _;
+
+    access_log /var/log/nginx/access_helipad.log;
+    error_log /var/log/nginx/error_helipad.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:2112;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+
+}

home.admin/assets/nginx/sites-available/helipad_tor_ssl.conf

@@ -0,0 +1,19 @@
+## helipad_tor_ssl.conf
+
+server {
+    listen localhost:2115 ssl;
+    server_name _;
+
+    include /etc/nginx/snippets/ssl-params.conf;
+    include /etc/nginx/snippets/ssl-certificate-app-data-tor.conf;
+
+    access_log /var/log/nginx/access_helipad.log;
+    error_log /var/log/nginx/error_helipad.log;
+
+    location / {
+        proxy_pass http://127.0.0.1:3010;
+
+        include /etc/nginx/snippets/ssl-proxy-params.conf;
+    }
+
+}

home.admin/config.scripts/bonus.helipad.sh

@@ -0,0 +1,270 @@
+#!/bin/bash
+
+#https://github.com/Podcastindex-org/helipad
+HELIPAD_VERSION="v0.1.8"
+HELIPAD_USER=helipad
+HELIPAD_HOME_DIR=/home/$HELIPAD_USER
+HELIPAD_DATA_DIR=/mnt/hdd/app-data/helipad
+HELIPAD_BUILD_DIR=$HELIPAD_HOME_DIR/helipad
+HELIPAD_RELEASE_URL="https://github.com/Podcastindex-org/helipad/archive/refs/tags/$HELIPAD_VERSION.tar.gz"
+HELIPAD_DB=$HELIPAD_DATA_DIR/database.db
+HELIPAD_HTTP_PORT=2112
+HELIPAD_HTTPS_PORT=2113
+HELIPAD_MACAROON=/mnt/hdd/app-data/lnd/data/chain/bitcoin/mainnet/admin.macaroon
+HELIPAD_CERT=/mnt/hdd/app-data/lnd/tls.cert
+HELIPAD_CARGO_BIN=/home/$HELIPAD_USER/.cargo/bin/cargo
+HELIPAD_BIN=$HELIPAD_HOME_DIR/.cargo/bin/helipad
+
+# check and load raspiblitz config
+# to know which network is running
+source /home/admin/raspiblitz.info
+source /mnt/hdd/raspiblitz.conf
+
+# command info
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
+ echo "config script to install, update or uninstall helipad"
+ echo "$0 [on|off|menu|update]"
+ echo "install $HELIPAD_VERSION by default"
+ exit 1
+fi
+
+###############
+#    MENU
+###############
+
+# show info menu
+if [ "$1" = "menu" ]; then
+
+  # get network info
+  localip=$(hostname -I | awk '{print $1}')
+  toraddress=$(sudo cat /mnt/hdd/tor/helipad/hostname 2>/dev/null)
+  fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
+
+  if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
+    # Info with TOR
+    /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
+    whiptail --title " Helipad " --msgbox "Open in your local web browser:
+http://${localip}:${HELIPAD_HTTP_PORT}\n
+https://${localip}:${HELIPAD_HTTPS_PORT} with Fingerprint:
+${fingerprint}\n\n
+Hidden Service address for TOR Browser (see LCD for QR):\n${toraddress}
+" 16 67
+    /home/admin/config.scripts/blitz.display.sh hide
+  else
+    # Info without TOR
+    whiptail --title " Helipad " --msgbox "Open in your local web browser & accept self-signed cert:
+http://${localip}:${HELIPAD_HTTP_PORT}\n
+https://${localip}:${HELIPAD_HTTPS_PORT} with Fingerprint:
+${fingerprint}\n
+Use your Password B to login.\n
+Activate TOR to access the web interface from outside your local network.
+" 15 57
+  fi
+  echo "please wait ..."
+  exit 0
+fi
+
+# add default value to raspi config if needed
+if ! grep -Eq "^helipad=" /mnt/hdd/raspiblitz.conf; then
+  echo "helipad=off" >> /mnt/hdd/raspiblitz.conf
+fi
+
+# stop services
+echo "making sure services are not running"
+sudo systemctl stop helipad 2>/dev/null
+
+###############
+#  SWITCH ON
+###############
+
+#check if install exists:
+
+if [ "$1" = "1" ] || [ "$1" = "on" ]; then
+  echo "*** INSTALL HELIPAD ***"
+
+  isInstalled=$(sudo ls /etc/systemd/system/helipad.service 2>/dev/null | grep -c 'helipad.service')
+  if ! [ ${isInstalled} -eq 0 ]; then
+    echo "Helipad already installed."
+  else 
+    ###############
+    # INSTALL
+    ###############
+    
+    # create helipad user:
+    sudo adduser --disabled-password --gecos "" $HELIPAD_USER
+
+    # install system dependencies:
+    sudo apt --assume-yes update
+    sudo apt --assume-yes --show-upgraded install libssl-dev libsqlite3-dev
+
+    # install Rust dependencies:
+    echo "*** Installing rustup for the Helipad user ***"
+    curl --proto '=https' --tlsv1.2 -sSs https://sh.rustup.rs | sudo -u $HELIPAD_USER sh -s -- -y
+
+    # download source
+    sudo -u $HELIPAD_USER mkdir -p $HELIPAD_BUILD_DIR
+    sudo rm -fR $HELIPAD_BUILD_DIR/*
+    wget -qO- $HELIPAD_RELEASE_URL | sudo -u $HELIPAD_USER tar -zxvf- --strip-components=1 -C $HELIPAD_BUILD_DIR
+
+    # install helipad
+    sudo -u $HELIPAD_USER $HELIPAD_CARGO_BIN install --path $HELIPAD_BUILD_DIR
+
+    ###############
+    # CONFIG
+    ###############
+
+    # make sure helipad is member of lndadmin
+    sudo /usr/sbin/usermod --append --groups lndadmin $HELIPAD_USER
+
+    # persist settings in app-data
+    sudo mkdir -p $HELIPAD_DATA_DIR
+    sudo chown $HELIPAD_USER: $HELIPAD_DATA_DIR
+    sudo -u $HELIPAD_USER touch $HELIPAD_DB
+
+    ##################
+    # NGINX
+    ##################
+    
+    # setup nginx symlinks
+    if ! [ -f /etc/nginx/sites-available/helipad_ssl.conf ]; then
+       sudo cp -f /home/admin/assets/nginx/sites-available/helipad_ssl.conf /etc/nginx/sites-available/helipad_ssl.conf
+    fi
+    if ! [ -f /etc/nginx/sites-available/helipad_tor.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/helipad_tor.conf /etc/nginx/sites-available/helipad_tor.conf
+    fi
+    if ! [ -f /etc/nginx/sites-available/helipad_tor_ssl.conf ]; then
+       sudo cp /home/admin/assets/nginx/sites-available/helipad_tor_ssl.conf /etc/nginx/sites-available/helipad_tor_ssl.conf
+    fi
+    sudo ln -sf /etc/nginx/sites-available/helipad_ssl.conf /etc/nginx/sites-enabled/
+    sudo ln -sf /etc/nginx/sites-available/helipad_tor.conf /etc/nginx/sites-enabled/
+    sudo ln -sf /etc/nginx/sites-available/helipad_tor_ssl.conf /etc/nginx/sites-enabled/
+    sudo nginx -t
+    sudo systemctl reload nginx
+
+    #################
+    # FIREWALL
+    #################
+    # open the firewall
+    echo "*** Updating Firewall ***"
+    sudo ufw allow from any to any port $HELIPAD_HTTP_PORT comment 'allow Helipad HTTP'
+    sudo ufw allow from any to any port $HELIPAD_HTTPS_PORT comment 'allow Helipad HTTPS'
+    echo ""
+
+    ##################
+    # SYSTEMD SERVICE
+    ##################
+    
+    echo "# Install Helipad systemd for ${network} on ${chain}"
+    echo "
+# Systemd unit for Helipad
+# /etc/systemd/system/helipad.service
+[Unit]
+Description=Helipad daemon
+Wants=lnd.service
+After=lnd.service
+[Service]
+WorkingDirectory=$HELIPAD_BUILD_DIR/
+ExecStart=$HELIPAD_BIN $HELIPAD_HTTP_PORT
+User=$HELIPAD_USER
+Restart=always
+TimeoutSec=120
+RestartSec=30
+Environment="LND_TLSCERT=$HELIPAD_CERT"
+Environment="LND_ADMINMACAROON=$HELIPAD_MACAROON"
+Environment="HELIPAD_DATABASE_DIR=$HELIPAD_DB"
+[Install]
+WantedBy=multi-user.target
+" | sudo tee /etc/systemd/system/helipad.service
+
+    sudo systemctl enable helipad
+
+    # setting value in raspiblitz config
+    sudo sed -i "s/^helipad=.*/helipad=on/g" /mnt/hdd/raspiblitz.conf
+
+    # Hidden Service for Helipad if Tor is active
+    if [ "${runBehindTor}" = "on" ]; then
+        # make sure to keep in sync with internet.tor.sh script
+        /home/admin/config.scripts/internet.hiddenservice.sh helipad 80 $HELIPAD_HTTP_PORT 443 $HELIPAD_HTTPS_PORT
+    fi
+
+    source /home/admin/raspiblitz.info
+    if [ "${state}" == "ready" ]; then
+        echo "# OK - the helipad.service is enabled, system is ready so starting service"
+        sudo systemctl start helipad
+    else
+        echo "# OK - the helipad.service is enabled, to start manually use: 'sudo systemctl start helipad'"
+    fi
+
+  fi
+  exit 0
+fi
+
+# update
+if [ "$1" = "update" ]; then
+  echo "# Updating Helipad"
+
+  # Remove Helipad, keeping database
+  /home/admin/config.scripts/bonus.helipad.sh off --keep-data
+
+  # Reinstall Helilpad w/ existing database
+  /home/admin/config.scripts/bonus.helipad.sh on
+
+  exit 0
+fi
+
+# switch off
+if [ "$1" = "0" ] || [ "$1" = "off" ]; then
+
+ # Keep or delete Helipad database?
+  deleteData=0
+  if [ "$2" = "--delete-data" ]; then
+    deleteData=1
+  elif [ "$2" = "--keep-data" ]; then
+    deleteData=0
+  else
+    if (whiptail --title " DELETE HELIPAD DATABASE? " --yesno "Do you want to delete\nthe Helipad database?" 8 30); then
+      deleteData=1
+   else
+      deleteData=0
+    fi
+  fi
+  echo "# deleteData(${deleteData})"
+  echo "*** REMOVING HELIPAD ***"
+  # remove systemd service
+  sudo systemctl disable helipad
+  sudo rm -f /etc/systemd/system/helipad.service
+  sudo rm -fR $HELIPAD_BUILD_DIR
+  if [ ${deleteData} -eq 1 ]; then
+    echo "# deleting Helipad database"
+    sudo rm -fR $HELIPAD_DATA_DIR
+  else
+    echo "# keeping Helipad database"
+  fi
+  # delete user and home directory
+  sudo userdel -rf $HELIPAD_USER
+  # close ports on firewall
+  sudo ufw deny $HELIPAD_HTTP_PORT
+  sudo ufw deny $HELIPAD_HTTPS_PORT
+
+  # remove nginx symlinks
+  sudo rm -f /etc/nginx/sites-enabled/helipad_ssl.conf
+  sudo rm -f /etc/nginx/sites-enabled/helipad_tor.conf
+  sudo rm -f /etc/nginx/sites-enabled/helipad_tor_ssl.conf
+  sudo rm -f /etc/nginx/sites-available/helipad_ssl.conf
+  sudo rm -f /etc/nginx/sites-available/helipad_tor.conf
+  sudo rm -f /etc/nginx/sites-available/helipad_tor_ssl.conf
+  sudo nginx -t
+  sudo systemctl reload nginx
+
+  # Hidden Service if Tor is active
+  if [ "${runBehindTor}" = "on" ]; then
+    /home/admin/config.scripts/internet.hiddenservice.sh off helipad
+  fi
+
+  echo "OK Helipad removed."
+
+  # setting value in raspi blitz config
+  sudo sed -i "s/^helipad=.*/helipad=off/g" /mnt/hdd/raspiblitz.conf
+
+  exit 0
+fi

home.admin/config.scripts/tor.network.sh

@@ -126,6 +126,9 @@ case "$1" in
       toraddress=$(sudo cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null)
       sudo -u sphinxrelay bash -c "echo '${toraddress}' > /home/sphinxrelay/sphinx-relay/dist/toraddress.txt"
     fi
+    if [ "${helipad}" = "on" ]; then
+    /home/admin/config.scripts/internet.hiddenservice.sh helipad 2112 2113
+    fi
 
     echo "Setup logrotate"
     # add logrotate config for modified Tor dir on ext. disk