integration of auto-unlock

2025-09-26 11:37:19 +02:00 · 2018-12-22 16:44:15 +01:00
parent 908bd036d1
commit e2b3126d01
6 changed files with 84 additions and 11 deletions
--- a/home.admin/00settingsMenuServices.sh
+++ b/home.admin/00settingsMenuServices.sh
@@ -4,6 +4,7 @@
 source /mnt/hdd/raspiblitz.conf
 if [ ${#autoPilot} -eq 0 ]; then autoPilot="off"; fi
 if [ ${#autoNatDiscovery} -eq 0 ]; then autoNatDiscovery="off"; fi
+if [ ${#autoUnlock} -eq 0 ]; then autoUnlock="off"; fi
 if [ ${#runBehindTor} -eq 0 ]; then runBehindTor="off"; fi
 if [ ${#rtlWebinterface} -eq 0 ]; then rtlWebinterface="off"; fi
 if [ ${#chain} -eq 0 ]; then chain="main"; fi
@@ -28,6 +29,7 @@ CHOICES=$(dialog --checklist 'Activate/Deactivate Services:' 15 45 7 \
 4 ${dynDomainMenu} ${domainValue} \
 5 'Run behind TOR' ${runBehindTor} \
 6 'RTL Webinterface' ${rtlWebinterface} \
+7 'LND Auto-Unlock' ${autoUnlock} \
 2>&1 >/dev/tty)
 dialogcancel=$?
 clear
@@ -174,6 +176,17 @@ else
  echo "RTL Webinterface Setting unchanged."
 fi

+# LND Auto-Unlock
+choice="off"; check=$(echo "${CHOICES}" | grep -c "7")
+if [ ${check} -eq 1 ]; then choice="on"; fi
+if [ "${autoUnlock}" != "${choice}" ]; then
+  echo "LND Autounlock Setting changed .."
+  sudo /home/admin/config.scripts/lnd.autounlock.sh ${choice}
+  needsReboot=1
+else
+  echo "LND Autounlock Setting unchanged."
+fi
+
 if [ ${needsReboot} -eq 1 ]; then
   sleep 2
   dialog --title 'OK' --msgbox 'System will reboot to activate changes.' 6 26
--- a/home.admin/20recoverDialog.sh
+++ b/home.admin/20recoverDialog.sh
@@ -60,8 +60,22 @@ Write them down & store them in a safe place.

      # sucess info dialog
      dialog --backtitle "RaspiBlitz" --msgbox "New SSH password A is '$result'\nFINAL REBOOT IS NEEDED." 6 52
-      sudo shutdown -r now

+      # when auto-unlock is activated then Password C is needed to be restored on SD card
+      if [ "${autoUnlock}" = "on" ]; then
+        # ask user for new password C
+        dialog --backtitle "RaspiBlitz - Setup"\
+        --inputbox "Please enter your ACTUAL Password C:\n!!! This is needed for the Auto-Unlock feature" 10 52 2>$_temp
+        result=$( cat $_temp )
+        shred $_temp
+        if [ ${#result} -gt 0 ]; then
+          sudo /home/admin/config.scripts/lnd.autounlock.sh on ${result}
+        else
+          sudo /home/admin/config.scripts/lnd.autounlock.sh off      
+        fi
+      fi
+
+      sudo shutdown -r now
    fi

  done
--- a/home.admin/_background.sh
+++ b/home.admin/_background.sh
@@ -28,6 +28,9 @@ do
  # count up
  counter=$(($counter+1))

+  # gather the uptime seconds
+  upSeconds=$(cat /proc/uptime | grep -o '^[0-9]\+')
+
  ####################################################
  # RECHECK DHCP-SERVER 
  # https://github.com/rootzoll/raspiblitz/issues/160
@@ -80,11 +83,15 @@ do
        sed -i "s/^publicIP=.*/publicIP=${freshPublicIP}/g" ${configFile}
        publicIP=${freshPublicIP}

-        # 2) restart the LND
-        echo "restart LND with new environment config"
-        sudo systemctl restart lnd.service
+        # 2) only restart LND if dynDNS is activated
+        # because this signals that user wants "public node"
+        if [ ${#dynDomain} -gt 0 ]; then
+          echo "restart LND with new environment config"
+          # restart and let to auto-unlock (if activated) do the rest
+          sudo systemctl restart lnd.service
+        fi

-        # 3) trigger update if dnyamic domain (if set)
+        # 2) trigger update if dnyamic domain (if set)
        updateDynDomain=1

      else
@@ -97,6 +104,32 @@ do

  fi

+  ###############################
+  # LND AUTO-UNLOCK
+  ###############################
+
+  # check every 10secs
+  recheckAutoUnlock=$((($counter % 10)+1))
+  if [ ${recheckAutoUnlock} -eq 1 ]; then
+
+    # check if auto-unlock feature if activated
+    if [ "${autoUnlock}" = "on" ]; then
+
+      # check if lnd is locked
+      locked=$(sudo -u bitcoin /usr/local/bin/lncli --chain=${network} --network=${chain}net getinfo 2>&1 | grep -c unlock)
+      if [ ${locked} -gt 0 ]; then
+
+        # unlock thru REST call
+        curl -s \
+        -H "Grpc-Metadata-macaroon: $(xxd -ps -u -c 1000 /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon))" \
+        --cacert /home/bitcoin/.lnd/tls.cert \
+        -X POST -d "{\"wallet_password\": \"$(cat /root/lnd.autounlock.pwd | tr -d '\n' | base64 -w0)\"}" \
+        https://localhost:8080/v1/unlockwallet > /dev/null 2>&1
+      
+      fi
+    fi
+  fi
+
  ###############################
  # UPDATE DYNAMIC DOMAIN
  # like afraid.org
--- a/home.admin/assets/lnd.bitcoin.conf
+++ b/home.admin/assets/lnd.bitcoin.conf
@@ -9,6 +9,8 @@ nat=false

 # RPC open to all connections on Port 10009
 rpclisten=0.0.0.0:10009
+# REST open to all connections on Port 8080
+restlisten=0.0.0.0:8080
 # Domain, could use https://freedns.afraid.org
 #tlsextradomain=lightning.yourhost.com  

--- a/home.admin/assets/lnd.litecoin.conf
+++ b/home.admin/assets/lnd.litecoin.conf
@@ -9,6 +9,9 @@ nat=false

 # RPC open to all connections on Port 10009
 rpclisten=0.0.0.0:10009
+# REST open to all connections on Port 8080
+restlisten=0.0.0.0:8080
+
 # Domain, could use https://freedns.afraid.org
 #tlsextradomain=lightning.yourhost.com

--- a/home.admin/config.scripts/lnd.autounlock.sh
+++ b/home.admin/config.scripts/lnd.autounlock.sh
@@ -46,22 +46,30 @@ if [ ${configExists} -eq 0 ]; then
 exit 1
 fi

-# make sure entry line for 'lndAutoUnlock' exists 
-entryExists=$(cat ${configFile} | grep -c 'lndAutoUnlock=')
+# make sure entry line for 'autoUnlock' exists 
+entryExists=$(cat ${configFile} | grep -c 'autoUnlock=')
 if [ ${entryExists} -eq 0 ]; then
-  echo "lndAutoUnlock=" >> ${configFile}
+  echo "autoUnlock=" >> ${configFile}
 fi

 # switch on
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then
+
+  # check if lnd has REST in config
+  restActive=$(sudo cat /mnt/hdd/lnd.lnd.conf | grep -c 'restlisten=0.0.0.0:8080')
+  if [ ${restActive} -eq 0 ]; then
+    echo "FAIL: /mnt/hdd/lnd.lnd.conf needs to include the line 'restlisten=0.0.0.0:8080'"
+    exit 1
+  fi
+
  echo "switching the Auto-Unlock ON"

  # setting value in raspi blitz config
-  sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=on/g" /mnt/hdd/raspiblitz.conf
+  sudo sed -i "s/^autoUnlock=.*/autoUnlock=on/g" /mnt/hdd/raspiblitz.conf

  # password C needs to be stored on RaspiBlitz
  echo "storing password for root in /root/lnd.autounlock.pwd"
-  sudo sh -c 'echo "${passwordC}" > /root/lnd.autounlock.pwd'
+  sudo sh -c "echo \"${passwordC}\" > /root/lnd.autounlock.pwd"

  echo "Auto-Unlock is now ON"
 fi
@@ -71,7 +79,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "switching the Auto-Unlock OFF"

  # setting value in raspi blitz config
-  sudo sed -i "s/^lndAutoUnlock=.*/lndAutoUnlock=off/g" /mnt/hdd/raspiblitz.conf
+  sudo sed -i "s/^autoUnlock=.*/autoUnlock=off/g" /mnt/hdd/raspiblitz.conf

  # delete password C securly
  echo "shredding password on RaspiBlitz"