From 19c0298e911144d1841e95379ae8c882a3460264 Mon Sep 17 00:00:00 2001 From: openoms Date: Mon, 13 Sep 2021 07:20:30 +0100 Subject: [PATCH 1/5] Tor: remove tor@lnd instance The separate tor instance for LND became redundant: * now Tor is only reloaded, not restarted on config changes so the port remains open * using LND streamisolation means every LND connection is on a new Tor circuit --- home.admin/99systemMenu.sh | 4 +- home.admin/_provision.setup.sh | 3 - home.admin/config.scripts/internet.tor.sh | 107 +--------------------- home.admin/config.scripts/lnd.check.sh | 4 +- 4 files changed, 6 insertions(+), 112 deletions(-) diff --git a/home.admin/99systemMenu.sh b/home.admin/99systemMenu.sh index 0d33c9958..7407e13e5 100644 --- a/home.admin/99systemMenu.sh +++ b/home.admin/99systemMenu.sh @@ -162,7 +162,7 @@ case $CHOICE in btc-rpc-explorer, btcpayserver, circuitbreaker, specter, getty@tty1, electrs, litd, lnbits, mempool, nbxlorer, nginx, RTL, telegraf, -thunderhub, tor@default, tor@lnd, tor +thunderhub, tor@default, tor " echo "Type the name of the service you would like to monitor:" read SERVICE @@ -180,7 +180,7 @@ thunderhub, tor@default, tor@lnd, tor btc-rpc-explorer, btcpayserver, circuitbreaker, specter, getty@tty1, electrs, litd, lnbits, mempool, nbxlorer, nginx, RTL, telegraf, -thunderhub, tor@default, tor@lnd, tor +thunderhub, tor@default, tor " echo "Type the name of the service you would like to restart:" read SERVICE diff --git a/home.admin/_provision.setup.sh b/home.admin/_provision.setup.sh index 7a39dc825..51060511c 100755 --- a/home.admin/_provision.setup.sh +++ b/home.admin/_provision.setup.sh @@ -215,9 +215,6 @@ if [ "${lightning}" == "lnd" ]; then sed -i "6s/.*/After=${network}d.service/" /home/admin/assets/lnd.service >> ${logFile} sudo cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile} - # make sure LND starts with Tor by default - sudo /home/admin/config.scripts/internet.tor.sh lndconf-on >> ${logFile} - # start lnd up echo "Starting LND Service ..." >> ${logFile} sudo systemctl enable lnd >> ${logFile} diff --git a/home.admin/config.scripts/internet.tor.sh b/home.admin/config.scripts/internet.tor.sh index 82d51df41..cf22368e6 100755 --- a/home.admin/config.scripts/internet.tor.sh +++ b/home.admin/config.scripts/internet.tor.sh @@ -13,7 +13,7 @@ # command info if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then echo "script to switch Tor on or off" - echo "internet.tor.sh [status|on|off|btcconf-on|btcconf-off|lndconf-on|update]" + echo "internet.tor.sh [status|on|off|btcconf-on|btcconf-off|update]" exit 1 fi @@ -69,96 +69,6 @@ deactivateBitcoinOverTOR() sudo chown admin:admin /home/admin/.${network}/${network}.conf } -activateLndOverTOR() -{ - echo "*** Putting LND behind Tor ***" - - lndExists=$(sudo ls /etc/systemd/system/lnd.service | grep -c "lnd.service") - if [ ${lndExists} -gt 0 ]; then - - # lnd-tor instance - # https://www.torservers.net/wiki/setup/server#multiple_tor_processes - NODENAME="lnd" - SOCKSPORT=9070 - CONTROLPORT=$((SOCKSPORT+1)) - echo "# Creating a dedicated Tor instance for $NODENAME" - sudo tor-instance-create $NODENAME - - echo "# Make sure the user bitcoin is in the _tor-$NODENAME group" - sudo usermod -a -G _tor-$NODENAME bitcoin - - # create tor data directory if it not exist - if [ ! -d "/mnt/hdd/tor-$NODENAME" ]; then - echo "# - creating tor data directory" - sudo mkdir -p /mnt/hdd/tor-$NODENAME - sudo mkdir -p /mnt/hdd/tor-$NODENAME/sys - else - echo "# - /mnt/hdd/tor-$NODENAME data directory exists" - fi - # make sure its the correct owner - sudo chmod -R 700 /mnt/hdd/tor-$NODENAME - sudo chown -R _tor-$NODENAME:_tor-$NODENAME /mnt/hdd/tor-$NODENAME - - echo " -### torrc for tor@$NODENAME -### https://github.com/lightningnetwork/lnd/blob/master/docs/configuring_tor.md - -DataDirectory /mnt/hdd/tor-$NODENAME/sys -PidFile /mnt/hdd/tor-$NODENAME/sys/tor.pid - -SocksPort $SOCKSPORT -ControlPort $CONTROLPORT -CookieAuthentication 1 -CookieAuthFileGroupReadable 1 - -SafeLogging 1 -Log notice stdout -Log notice file /mnt/hdd/tor-$NODENAME/notice.log -Log info file /mnt/hdd/tor-$NODENAME/info.log -" | sudo tee /etc/tor/instances/$NODENAME/torrc - sudo chmod 644 /etc/tor/instances/$NODENAME/torrc - - sudo mkdir -p /etc/systemd/system/tor@$NODENAME.service.d - sudo tee /etc/systemd/system/tor@$NODENAME.service.d/raspiblitz.conf >/dev/null </dev/null < /dev/null; then - invoke-rc.d tor reload > /dev/null - fi - endscript -} -EOF - sudo systemctl daemon-reload - sudo systemctl enable tor@$NODENAME - sudo systemctl start tor@$NODENAME - - - echo "# OK" - echo - - else - echo "# LND service not found (yet) - try with 'internet.tor.sh lndconf-on' again later" - fi -} - # check and load raspiblitz config # to know which network is running if [ -f "/home/admin/raspiblitz.info" ]; then @@ -200,12 +110,6 @@ if [ "$1" = "btcconf-off" ]; then exit 0 fi -# if started with lndconf-on -if [ "$1" = "lndconf-on" ]; then - activateLndOverTOR - exit 0 -fi - # add default value to raspi config if needed checkTorEntry=$(sudo cat /mnt/hdd/raspiblitz.conf | grep -c "runBehindTor") if [ ${checkTorEntry} -eq 0 ]; then @@ -299,9 +203,7 @@ HiddenServicePort 80 127.0.0.1:80 # NOTE: since Bitcoin Core v0.21.0 sets up a v3 Tor service automatically # see /mnt/hdd/bitcoin for the onion private key - delete and restart bitcoind to reset -# NOTE: LND is using a separate Tor instance: tor@lnd -# find the torrc at /etc/tor/instances/lnd/torrc -# onion private key at /mnt/hdd/lnd/v3_onion_private_key +# NOTE: LND onion private key at /mnt/hdd/lnd/v3_onion_private_key # Hidden Service for LND RPC HiddenServiceDir /mnt/hdd/tor/lndrpc10009/ @@ -341,9 +243,6 @@ EOF # ACTIVATE BITCOIN OVER TOR (function call) activateBitcoinOverTOR - # ACTIVATE LND OVER TOR (function call) - activateLndOverTOR - # ACTIVATE APPS OVER TOR source /mnt/hdd/raspiblitz.conf 2>/dev/null if [ "${BTCRPCexplorer}" = "on" ]; then @@ -424,7 +323,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then # disable TOR service echo "# *** Disable Tor service ***" sudo systemctl disable tor@default - sudo systemctl disable tor@lnd echo "" # DEACTIVATE BITCOIN OVER TOR (function call) @@ -459,7 +357,6 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then echo "# *** Stop Tor service ***" sudo systemctl stop tor@default - sudo systemctl stop tor@lnd echo "" if [ "$2" == "clear" ]; then diff --git a/home.admin/config.scripts/lnd.check.sh b/home.admin/config.scripts/lnd.check.sh index 395478d0a..6f87207a9 100755 --- a/home.admin/config.scripts/lnd.check.sh +++ b/home.admin/config.scripts/lnd.check.sh @@ -188,8 +188,8 @@ if [ "$1" == "prestart" ]; then " | tee -a ${lndConfFile} fi - setting ${lndConfFile} ${insertLine} "tor.control" "9071" - setting ${lndConfFile} ${insertLine} "tor.socks" "9070" + setting ${lndConfFile} ${insertLine} "tor.control" "9051" + setting ${lndConfFile} ${insertLine} "tor.socks" "9050" setting ${lndConfFile} ${insertLine} "tor.privatekeypath" "\/mnt\/hdd\/lnd\/${netprefix}v3_onion_private_key" setting ${lndConfFile} ${insertLine} "tor.streamisolation" "true" setting ${lndConfFile} ${insertLine} "tor.v3" "true" From 8ea4227f479155787351638dd291b724d324c3c0 Mon Sep 17 00:00:00 2001 From: openoms Date: Mon, 13 Sep 2021 09:56:04 +0100 Subject: [PATCH 2/5] lnd.install: prepare directories --- home.admin/config.scripts/lnd.install.sh | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/home.admin/config.scripts/lnd.install.sh b/home.admin/config.scripts/lnd.install.sh index 4bb5da0a8..363935b2e 100644 --- a/home.admin/config.scripts/lnd.install.sh +++ b/home.admin/config.scripts/lnd.install.sh @@ -86,6 +86,18 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then sudo ufw allow ${portprefix}8080 comment '${netprefix}lnd REST' sudo ufw allow 1${rpcportmod}009 comment '${netprefix}lnd RPC' + echo "# Prepare directories" + if [ ! -d /mnt/hdd/lnd ]; then + echo "# Creating /mnt/hdd/lnd" + sudo mkdir /mnt/hdd/lnd + fi + sudo chown -R bitcoin:bitcoin /mnt/hdd/lnd + if [ ! -L /home/bitcoin/.lnd ];then + echo "# Linking lnd for user bitcoin" + sudo rm /home/bitcoin/.lnd 2>/dev/null + sudo ln -s /mnt/hdd/lnd /home/bitcoin/.lnd + fi + echo "# Create /home/bitcoin/.lnd/${netprefix}lnd.conf" if [ ! -f /home/bitcoin/.lnd/${netprefix}lnd.conf ];then echo "# LND configuration From 9b55ca632e42b8a3f30e4671ec13bf7735fe1f32 Mon Sep 17 00:00:00 2001 From: openoms Date: Mon, 13 Sep 2021 10:08:23 +0100 Subject: [PATCH 3/5] lnd.install: record seedwords with sudo --- home.admin/config.scripts/lnd.install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/lnd.install.sh b/home.admin/config.scripts/lnd.install.sh index 363935b2e..55305c6e2 100644 --- a/home.admin/config.scripts/lnd.install.sh +++ b/home.admin/config.scripts/lnd.install.sh @@ -193,8 +193,8 @@ alias ${netprefix}lncli=\"sudo -u bitcoin /usr/local/bin/lncli\ read key else seedFile="/mnt/hdd/lnd/data/chain/${network}/${CHAIN}/seedwords.info" - echo "seedwords='${seedwords}'" > ${seedFile} - echo "seedwords6x4='${seedwords6x4}'" >> ${seedFile} + echo "seedwords='${seedwords}'" | sudo tee ${seedFile} + echo "seedwords6x4='${seedwords6x4}'" | sudo tee -a ${seedFile} fi fi From 78989baeab15f10904bb33b63e8108507ce2b705 Mon Sep 17 00:00:00 2001 From: openoms Date: Mon, 13 Sep 2021 10:26:38 +0100 Subject: [PATCH 4/5] lnd.install: initwallet for correct chain --- home.admin/config.scripts/lnd.install.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/home.admin/config.scripts/lnd.install.sh b/home.admin/config.scripts/lnd.install.sh index 55305c6e2..f49e14136 100644 --- a/home.admin/config.scripts/lnd.install.sh +++ b/home.admin/config.scripts/lnd.install.sh @@ -184,10 +184,10 @@ alias ${netprefix}lncli=\"sudo -u bitcoin /usr/local/bin/lncli\ else passwordC="raspiblitz" fi - source <(sudo /home/admin/config.scripts/lnd.initwallet.py new mainnet ${passwordC}) + source <(sudo /home/admin/config.scripts/lnd.initwallet.py new ${CHAIN} ${passwordC}) if [ "${err}" != "" ]; then clear - echo "# !!! LND mainnet wallet creation failed" + echo "# !!! LND ${CHAIN} wallet creation failed" echo "# ${err}" echo "# press ENTER to continue" read key From d671aae4becb0348839af9af7785ed8a3ed2d888 Mon Sep 17 00:00:00 2001 From: openoms Date: Mon, 13 Sep 2021 10:36:45 +0100 Subject: [PATCH 5/5] lnd: activate SIGNET --- home.admin/config.scripts/lnd.initwallet.py | 2 -- home.admin/config.scripts/lnd.install.sh | 6 +----- 2 files changed, 1 insertion(+), 7 deletions(-) diff --git a/home.admin/config.scripts/lnd.initwallet.py b/home.admin/config.scripts/lnd.initwallet.py index 5759d3cca..b34cce4f1 100755 --- a/home.admin/config.scripts/lnd.initwallet.py +++ b/home.admin/config.scripts/lnd.initwallet.py @@ -269,8 +269,6 @@ def main(): grpcEndpoint="localhost:11009" elif network == "signet": grpcEndpoint="localhost:13009" - print("err='lnd does not support signet yet'") - sys.exit(1) else: print("err='chain not supported'") sys.exit(1) diff --git a/home.admin/config.scripts/lnd.install.sh b/home.admin/config.scripts/lnd.install.sh index f49e14136..db07a663f 100644 --- a/home.admin/config.scripts/lnd.install.sh +++ b/home.admin/config.scripts/lnd.install.sh @@ -13,12 +13,8 @@ fi # CHAIN is signet | testnet | mainnet CHAIN=$2 -if [ ${CHAIN} = testnet ]||[ ${CHAIN} = mainnet ];then +if [ ${CHAIN} = testnet ]||[ ${CHAIN} = mainnet ]||[ ${CHAIN} = signet ];then echo "# Configuring the LND instance on ${CHAIN}" -elif [ ${CHAIN} = signet ]; then - echo "# Signet is not yet supported in LND" - echo "# see https://github.com/lightningnetwork/lnd/issues/5018" - exit 1 else echo "# ${CHAIN} is not supported" exit 1