v1.9.0rc3 Merge (#3742)

* cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
2025-02-28 16:58:03 +01:00 · 2023-04-08 23:10:01 +02:00 · 2023-04-08 23:10:01 +02:00 · 1a0c4fe09a
commit 1a0c4fe09a
parent 3f7f6b7ced
49 changed files with 1147 additions and 551 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,26 +1,26 @@
 # CHANGES between Releases
 ## What's new in Version 1.9.0 of RaspiBlitz?
 - New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md)
 - New: Fatpack & Minimal sd card builds [details](SECURITY.md#minimal-sd-card-build)
 - New: I2P support for Bitcoin Core (i2pacceptincoming=1) [details](https://github.com/rootzoll/raspiblitz/issues/2413)
 - New: CLN Watchtower (The Eye of Satoshi) [details](https://github.com/talaia-labs/rust-teos/tree/master/watchtower-plugin)
- New: LNDg v1.4.0 [details](https://github.com/cryptosharks131/lndg)
+- New: LNDg v1.6.0 [details](https://github.com/cryptosharks131/lndg)
 - New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087)
 - New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry)
 - New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot)
 - New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333)
- New on WebUI: Jam (JoinMarket Web UI) v0.1.4 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.4)
+- New: Homebanking Interface FinTS/HBCI (experimental) [details](https://github.com/rootzoll/raspiblitz/issues/1186)
 - New on WebUI: Jam (JoinMarket Web UI) v0.1.5 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.5)
 - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md)
- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta)
+- Update: LND v0.16.0-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.0-beta)
- Update: Core Lightning v22.11.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v22.11.1)
+- Update: Core Lightning v23.02 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02)
 - Update: C-lightningREST v0.10.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.2)
 - Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
- Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha)
+- Update: Lightning Terminal v0.8.6-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.6-alpha)
- Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3)
+- Update: RTL v0.13.6 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.13.6)
 - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
- Update: LNbits 0.9.6 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.6)
+- Update: LNbits 0.10.2 [details](https://github.com/lnbits/lnbits/releases/tag/0.10.2)
- Update: BTCPayServer 1.7.5 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5)
+- Update: BTCPayServer 1.8.2 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.8.2)
 - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0)
 - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5)
 - Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9)
@ -29,7 +29,7 @@
 - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage)
 - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
 - Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez)
- Update: Tallycoin Connect v1.7.5 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.7.5)
+- Update: Tallycoin Connect v1.8.0 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.8.0)
 - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file)
 - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
 - Info: IP2Tor fix fulmo shop & added new ip2tor.com shop
--- a/FAQ.cl.md
+++ b/FAQ.cl.md
@ -34,18 +34,19 @@
 - [Backups](#backups)
  - [Backup strategy](#backup-strategy)
  - [Seed](#seed)
-  - [How to display the hsm_secret in a human-readable format?](#how-to-display-the-hsm_secret-in-a-human-readable-format)
+  - [How to display the hsm\_secret in a human-readable format?](#how-to-display-the-hsm_secret-in-a-human-readable-format)
  - [How to test the seedwords?](#how-to-test-the-seedwords)
-  - [How to restore the hsm_secret from text?](#how-to-restore-the-hsm_secret-from-text)
+  - [How to restore the hsm\_secret from text?](#how-to-restore-the-hsm_secret-from-text)
  - [Channel database](#channel-database)
-  - [Recovery](#recovery)
+- [Recovery](#recovery)
-    - [Recover from a cl-rescue file](#recover-from-a-cl-rescue-file)
+  - [Recover from a cl-rescue file](#recover-from-a-cl-rescue-file)
-    - [Recover from a seed](#recover-from-a-seed)
+  - [Recover from a seed](#recover-from-a-seed)
-    - [Restore a CLN node from the database backup on the SDcard](#restore-a-cln-node-from-the-database-backup-on-the-sdcard)
+  - [Emergency recovery in case of lost channel states](#emergency-recovery-in-case-of-lost-channel-states)
-    - [Rescan the chain after restoring a used CLN wallet](#rescan-the-chain-after-restoring-a-used-cln-wallet)
+  - [Restore a CLN node from the database backup on the SDcard](#restore-a-cln-node-from-the-database-backup-on-the-sdcard)
-    - [Guesstoremote to recover funds from force-closed channels](#guesstoremote-to-recover-funds-from-force-closed-channels)
+  - [Rescan the chain after restoring a used CLN wallet](#rescan-the-chain-after-restoring-a-used-cln-wallet)
  - [Guesstoremote to recover funds from force-closed channels](#guesstoremote-to-recover-funds-from-force-closed-channels)
 - [sqlite3 queries](#sqlite3-queries)
- [Extract the private and public key from the hsm_secret file](#extract-the-private-and-public-key-from-the-hsm_secret-file)
+- [Extract the private and public key from the hsm\_secret file](#extract-the-private-and-public-key-from-the-hsm_secret-file)
 - [Update](#update)
  - [Update to a new CLN release](#update-to-a-new-cln-release)
  - [Experimental update to the latest master](#experimental-update-to-the-latest-master)
@ -457,7 +458,7 @@ Will need to pay through a peer which supports the onion messages which means yo
    ```
 ## Backups
-*<> https://lightning.readthedocs.io/FAQ.html#how-to-backup-my-wallet>
+* <https://lightning.readthedocs.io/FAQ.html#how-to-backup-my-wallet>>
 * General details: <https://lightning.readthedocs.io/BACKUP.html>
 ### Backup strategy
@ -479,7 +480,7 @@ Will need to pay through a peer which supports the onion messages which means yo
 * If there is no such file and you have not funded the CLN wallet yet can reset the wallet and the next wallet will be created with a seed.
 ### How to display the hsm_secret in a human-readable format?
-* If there is no seed available it is best to save the hsm_secret as a file with `sftp` or note down the alphanumeric characters in the two line displayed with:
+* If there is no seed available it is best to save the hsm_secret as a file with `scp` or note down the alphanumeric characters in the two line displayed with:
    ```
    sudo xxd /home/bitcoin/.lightning/bitcoin/hsm_secret
    ```
@ -519,20 +520,98 @@ Will need to pay through a peer which supports the onion messages which means yo
 ### Channel database
 * Stored on the disk and synchronised to the SDcard with the help of the `backup` plugin.
-### Recovery
+## Recovery
 * https://lightning.readthedocs.io/FAQ.html#database-corruption-channel-state-lost
 * https://lightning.readthedocs.io/FAQ.html#loss
-#### Recover from a cl-rescue file
+### Recover from a cl-rescue file
 * use the `REPAIR-CL` - `FILERESTORE` option in the menu for instructions to upload
-#### Recover from a seed
+### Recover from a seed
 * use the `REPAIR-CL` - `SEEDRESTORE` option in the menu for instructions to paste the seedwords to restore
 * or use the manual commands
  ```
  # stop CLN
  sudo systemctl stop lightningd
-#### Restore a CLN node from the database backup on the SDcard
+  # change to the bitcoin user
  sudo su - bitcoin
  # generate the hsm_secret in temporary directory from your CLN seed words (follow the instructions)
   lightning-hsmtool generatehsm /dev/shm/hsm_secret
  # backup your old hsm_secret and channel database
  mkdir /home/bitcoin/.lightning/bitcoin/old_node
  mv /home/bitcoin/.lightning/bitcoin/** /home/bitcoin/.lightning/bitcoin/old_node/
  # move the new hsm_secret in place
  mv /dev/shm/hsm_secret /home/bitcoin/.lightning/bitcoin/
  # back to admin
  exit
  # start lightningd
  sudo systemctl start lightningd
  # show the logs
  cllog
  ```
 ### Emergency recovery in case of lost channel states
 * blogpost: <https://blog.blockstream.com/core-lightning-v0-12-0/>
 * demo video: https://youtu.be/zBmEieZuS8Q
 * manpage: <https://lightning.readthedocs.io/lightning-emergencyrecover.7.html>
   ```
   lightning-cli help emergencyrecover
   ```
 1. [Restore the hsm_secret (onchain wallet keys) from seed](#recover-from-a-seed) (or hex).
   * There is no need to wait for the (few hours) rescan to finish, but can follow it any time with:
    ```
    cllog
    ```
 1. Upload and copy the emergency.recover file in place
    * upload the file with scp:
    ```
    scp hsm_secret emergency.recover admin@RASPIBLITZ_IP:~/
    ```
    * copy it from `/home/admin/`:
    ```
    sudo cp /home/admin/emergency.recover /home/bitcoin/.lightning/bitcoin/
    sudo chown bitcoin:bitcoin /home/bitcoin/.lightning/bitcoin/emergency.recover
    ```
 1. Recover
    * run (as admin or bitcoin user):
    ```
    lightning-cli emergencyrecover
    ```
    * a list of channelID-s should be returned if it worked:
    ```
    {
       "stubs": [
          "................",
       ]
    }
    ```
 1. See more data about the recovered funds and channels
   ```
   lightning-cli listfunds
   lightning-cli listpeers
   ```
   * List the funding txid-s:
   ```
   lightning-cli listfunds | jq -r '.channels[] | .funding_txid'
   ```
   Can check the txid-s in a mempool explorer. If one is spent that channel is already closed.
 ### Restore a CLN node from the database backup on the SDcard
 * https://gist.github.com/openoms/3516cd8f393d69d52f858c3d47c9e469
-#### Rescan the chain after restoring a used CLN wallet
+### Rescan the chain after restoring a used CLN wallet
-
+* automatically done when using `SEEDRESTORE`
 * controlled by the entry in the cln config file
 * can use the `menu` -> `REPAIR` -> `REPAIR-CL` -> `RESCAN` option
 * or follow the manual process:
  <https://lightning.readthedocs.io/FAQ.html#rescanning-the-block-chain-for-lost-utxos>
@ -554,7 +633,7 @@ Will need to pay through a peer which supports the onion messages which means yo
    cllog
    ```
-#### Guesstoremote to recover funds from force-closed channels
+### Guesstoremote to recover funds from force-closed channels
 * <https://lightning.readthedocs.io/lightning-hsmtool.8.html>
    ```
    $ man lightning-hsmtool
@ -708,9 +787,9 @@ Will need to pay through a peer which supports the onion messages which means yo
    seed-force will delete any old wallet and will work without dialog
    cl.hsmtool.sh [unlock] <mainnet|testnet|signet> <password>
-    success: exit 0
+        success: exit 0
-    wrong password: exit 2
+        wrong password: exit 2
-    fail to unlock after 1 minute + show logs: exit 3
+        fail to unlock after 1 minute + show logs: exit 3
    cl.hsmtool.sh [lock] <mainnet|testnet|signet>
    cl.hsmtool.sh [encrypt|decrypt] <mainnet|testnet|signet>
    cl.hsmtool.sh [autounlock-on|autounlock-off] <mainnet|testnet|signet>
@ -726,7 +805,7 @@ Will need to pay through a peer which supports the onion messages which means yo
    + ./cl.install.sh -h
    Core Lightning install script
-    The default version is: v0.11.2
+    The default version is: v22.11.1
    mainnet / testnet / signet instances can run parallel
    Usage:
@ -807,14 +886,22 @@ Will need to pay through a peer which supports the onion messages which means yo
    + ./cl-plugin.summary.sh -h
-    Install and show the output if the summary plugin for Core Lightning
+    Install and show the output if the summary plugin forCore Lightning
    Usage:
    cl-plugin.summary.sh [testnet|mainnet|signet] [runonce]
    + ./cl-plugin.watchtower-client.sh -h
    Install the rust-teos watchtower-client plugin for CLN
    Usage:
    cl-plugin.watchtower-client.sh on <testnet|mainnet|signet>
    cl-plugin.watchtower-client.sh off <testnet|mainnet|signet> <purge>
    cl-plugin.watchtower-client.sh info
    + ./cl.rest.sh -h
-    Core Lightning-REST install script
+    Core-Lightning-REST install script
-    The default version is: v0.7.2
+    The default version is: v0.9.0
    mainnet | testnet | signet instances can run parallel
    Usage:
@ -830,7 +917,7 @@ Will need to pay through a peer which supports the onion messages which means yo
    Install, remove or get info about the Spark Wallet for Core Lightning
    version: v0.3.1
    Usage:
-    cl.spark.sh [on|off|menu] <testnet|mainnet|signet> 
+    cl.spark.sh [on|off|menu] <testnet|mainnet|signet>
    + ./cl.update.sh -h
@ -838,10 +925,10 @@ Will need to pay through a peer which supports the onion messages which means yo
    cl.update.sh [info|verified|reckless]
    info -> get actual state and possible actions
    verified -> only do recommended updates by RaspiBlitz team
-    binary will be checked by signature and checksum
+        binary will be checked by signature and checksum
    reckless -> if you just want to update to the latest release
-    published on Core Lightning GitHub releases (RC or final) without any
+        published on Core Lightning GitHub releases (RC or final) without any
-    testing or security checks.
+        testing or security checks.
    ```
 ## All possible config options
@ -869,9 +956,10 @@ Will need to pay through a peer which supports the onion messages which means yo
    --wallet <arg>                                    Location of the wallet database.
    --large-channels|--wumbo                          Allow channels larger than 0.16777215 BTC
    --experimental-dual-fund                          experimental: Advertise dual-funding and allow peers to establish channels via v2 channel open protocol.
-    --experimental-onion-messages                     EXPERIMENTAL: enable send, receive and relay of onion messages
+    --experimental-onion-messages                     EXPERIMENTAL: enable send, receive and relay of onion messages and blinded payments
    --experimental-offers                             EXPERIMENTAL: enable send and receive of offers (also sets experimental-onion-messages)
    --experimental-shutdown-wrong-funding             EXPERIMENTAL: allow shutdown with alternate txids
    --announce-addr-dns <arg>                         Use DNS entries in --announce-addr and --addr (not widely supported!) (default: false)
    --help|-h                                         Print this message.
    --rgb <arg>                                       RRGGBB hex color for node
    --alias <arg>                                     Up to 32-byte alias for node
@ -897,25 +985,36 @@ Will need to pay through a peer which supports the onion messages which means yo
    --disable-ip-discovery                            Turn off announcement of discovered public IPs
    --offline                                         Start in offline-mode (do not automatically reconnect and do not accept incoming connections)
    --autolisten <arg>                                If true, listen on default port and announce if it seems to be a public interface (default: true)
    --dev-allowdustreserve <arg>                      If true, we allow the `fundchannel` RPC command and the `openchannel` plugin hook to set a reserve that is below the dust limit.
                                                        (default: false)
    --proxy <arg>                                     Set a socks v5 proxy IP address and port
    --tor-service-password <arg>                      Set a Tor hidden service password
-    --experimental-accept-extra-tlv-types <arg>       Comma separated list of extra TLV types to accept.
+    --accept-htlc-tlv-types <arg>                     Comma separated list of extra HTLC TLV types to accept.
    --disable-dns                                     Disable DNS lookups of peers
    --encrypted-hsm                                   Set the password to encrypt hsm_secret with. If no password is passed through command line, you will be prompted to enter it.
    --rpc-file-mode <arg>                             Set the file mode (permissions) for the JSON-RPC socket (default: "0600")
-    --force-feerates <arg>                            Set testnet/regtest feerates in sats perkw, opening/mutual_close/unlateral_close/delayed_to_us/htlc_resolution/penalty: if fewer specified, last number applies to remainder
+    --force-feerates <arg>                            Set testnet/regtest feerates in sats perkw, opening/mutual_close/unlateral_close/delayed_to_us/htlc_resolution/penalty: if fewer
-    --subdaemon <arg>                                 Arg specified as SUBDAEMON:PATH. Specifies an alternate subdaemon binary. If the supplied path is relative the subdaemon binary is found in the working directory. This option may be
+                                                        specified, last number applies to remainder
-                                                    specified multiple times. For example, --subdaemon=hsmd:remote_signer would use a hypothetical remote signing subdaemon.
+    --subdaemon <arg>                                 Arg specified as SUBDAEMON:PATH. Specifies an alternate subdaemon binary. If the supplied path is relative the subdaemon binary is
                                                        found in the working directory. This option may be specified multiple times. For example, --subdaemon=hsmd:remote_signer would use
                                                        a hypothetical remote signing subdaemon.
    --experimental-websocket-port <arg>               experimental: alternate port for peers to connect using WebSockets (RFC6455)
    --database-upgrade <arg>                          Set to true to allow database upgrades even on non-final releases (WARNING: you won't be able to downgrade!)
    --log-level <arg>                                 log level (io, debug, info, unusual, broken) [:prefix] (default: info)
    --log-timestamps <arg>                            prefix log messages with timestamp (default: true)
-    --log-prefix <arg>                                log prefix (default: lightningd)
+    --log-prefix <arg>                                log prefix (default: )
-    --log-file=<file>                                 log to file instead of stdout
+    --log-file=<file>                                 Also log to file (- for stdout)
    --version|-V                                      Print version and exit
    --fetchinvoice-noconnect                          Don't try to connect directly to fetch an invoice.
    --autocleaninvoice-cycle <arg>                    Perform cleanup of expired invoices every given seconds, or do not autoclean if 0
    --autocleaninvoice-expired-by <arg>               If expired invoice autoclean enabled, invoices that have expired for at least this given seconds are cleaned
-    --fetchinvoice-noconnect                          Don't try to connect directly to fetch an invoice.
+    --autoclean-cycle <arg>                           Perform cleanup every given seconds
-    --disable-mpp                                     Disable multi-part payments.
+    --autoclean-succeededforwards-age <arg>           How old do successful forwards have to be before deletion (0 = never)
    --autoclean-failedforwards-age <arg>              How old do failed forwards have to be before deletion (0 = never)
    --autoclean-succeededpays-age <arg>               How old do successful pays have to be before deletion (0 = never)
    --autoclean-failedpays-age <arg>                  How old do failed pays have to be before deletion (0 = never)
    --autoclean-paidinvoices-age <arg>                How old do paid invoices have to be before deletion (0 = never)
    --autoclean-expiredinvoices-age <arg>             How old do expired invoices have to be before deletion (0 = never)
    --bitcoin-datadir <arg>                           -datadir arg for bitcoin-cli
    --bitcoin-cli <arg>                               bitcoin-cli pathname
    --bitcoin-rpcuser <arg>                           bitcoind RPC username
@ -924,6 +1023,7 @@ Will need to pay through a peer which supports the onion messages which means yo
    --bitcoin-rpcport <arg>                           bitcoind RPC host's port
    --bitcoin-retry-timeout <arg>                     how long to keep retrying to contact bitcoind before fatally exiting
    --commit-fee <arg>                                Percentage of fee to request for their commitment
    --disable-mpp                                     Disable multi-part payments.
    --funder-policy <arg>                             Policy to use for dual-funding requests. [match, available, fixed]
    --funder-policy-mod <arg>                         Percent to apply policy at (match/available); or amount to fund (fixed)
    --funder-min-their-funding <arg>                  Minimum funding peer must open with to activate our policy
@ -939,5 +1039,8 @@ Will need to pay through a peer which supports the onion messages which means yo
    --lease-fee-basis <arg>                           Channel lease rates, basis charged for leased funds (per 10,000 satoshi.)
    --lease-funding-weight <arg>                      Channel lease rates, weight we'll ask opening peer to pay for in funding transaction
    --channel-fee-max-base-msat <arg>                 Channel lease rates, maximum channel fee base we'll charge for funds routed through a leased channel.
-    --channel-fee-max-proportional-thousandths <arg>  Channel lease rates, maximum proportional fee (in thousandths, or ppt) we'll charge for funds routed through a leased channel. Note: 1ppt = 1,000ppm
+    --channel-fee-max-proportional-thousandths <arg>  Channel lease rates, maximum proportional fee (in thousandths, or ppt) we'll charge for funds routed through a leased channel.
                                                        Note: 1ppt = 1,000ppm
    --bookkeeper-dir <arg>                            Location for bookkeeper records.
    --bookkeeper-db <arg>                             Location of the bookkeeper database
    ```
--- a/README.md
+++ b/README.md
@ -132,9 +132,11 @@ _If the above mentioned LCD screen is sold out you can also use these different
 - Quimat 3,5'' Zoll Inch Touch
 - ELEGOO Display 3.5" Zoll TFT LCD
- kuman 3.5 Inch Touch Screen TFT Monitor
+- kuman 3.5 Inch Touch Screen TFT Monitor 
 - Waveshare 3.5inch Display for Raspberry Pi
 With all LCD screen models dont use the ones that have an HDMI port/connector - what you need is a 3.5 inch LCD screen model (resolution of 480×320) that connects only thru the GPIO ports (SPI) and has an XPT2046 touch controller.
 _You can even pay for your RaspiBlitz Amazon Shopping with Bitcoin & Lightning through [Bitrefill](https://blog.bitrefill.com/its-here-buy-amazon-vouchers-with-bitcoin-on-bitrefill-bb2a4449724a)._
 [What other case options do I have?](FAQ.md#what-other-case-options-do-i-have)
@ -1034,7 +1036,7 @@ To try out the IP2TOR tunnel choose in `MAINMENU` the extra menu point of the Se
 If you want a web service, like BTCPay Server or LNbits, to be available to the outside internet (like with IP2TOR) people expect you to offer an HTTPS address so that the communication between the client and your RaspiBlitz is encrypted.
 You could use the self-signed HTTPS certificate that RaspiBlitz is offering you, but this will give users Security Warnings in their browser and is not very user friendly.
-That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is excepted without warning from almost all common browsers
+That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is accepted without warning from almost all common browsers
 Because you also need a domain name for that you will need to open a free account, the following are presently supported, would be good to add more with the help of the community:
 [DuckDNS.org](https://www.duckdns.org)
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -2,8 +2,8 @@
 #########################################################################
 # Build your SD card image based on: 2022-04-04-raspios-bullseye-arm64.img.xz
-# https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2022-09-26/
+# https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2023-02-21/
-# SHA256: c42856ffca096480180b5aff66e1dad2f727fdc33359b24e0d2d49cc7676b576
+# SHA256: 4c963bcd53b9a77fa8235e2dc16785cc7d56372ec83c3090eac9073bd262833f
 # PGP fingerprint: 8738CD6B956F460C
 # PGP key: https://www.raspberrypi.org/raspberrypi_downloads.gpg.key
 # setup fresh SD card with image above - login per SSH and run this script:
--- a/home.admin/00mainMenu.sh
+++ b/home.admin/00mainMenu.sh
@ -132,6 +132,9 @@ fi
 if [ "${bos}" == "on" ]; then
  OPTIONS+=(BOS "Balance of Satoshis")
 fi
 if [ "${lnproxy}" == "on" ]; then
  OPTIONS+=(LNPROXY "lnproxy server")
 fi
 if [ "${pyblock}" == "on" ]; then
  OPTIONS+=(PYBLOCK "PyBlock")
 fi
@ -172,6 +175,9 @@ fi
 if [ "${lightningtipbot}" == "on" ]; then
  OPTIONS+=(LIGHTNINGTIPBOT "Show LightningTipBot details")
 fi
 if [ "${fints}" == "on" ]; then
  OPTIONS+=(FINTS "Show FinTS/HBCI details")
 fi
 # dont offer to switch to "testnet view for now" - so no wswitch back to mainnet needed
 #if [ ${chain} != "main" ]; then
@ -307,6 +313,9 @@ case $CHOICE in
            ;;
        BOS)
            sudo /home/admin/config.scripts/bonus.bos.sh menu
            ;;
        LNPROXY)
            sudo /home/admin/config.scripts/bonus.lnproxy.sh menu
            ;;
 		    PYBLOCK)
            sudo /home/admin/config.scripts/bonus.pyblock.sh menu
@ -341,6 +350,9 @@ case $CHOICE in
        CIRCUITBREAKER)
            sudo /home/admin/config.scripts/bonus.circuitbreaker.sh menu
            ;;
        FINTS)
            sudo /home/admin/config.scripts/bonus.fints.sh menu
            ;;
        TESTNETS)
            /home/admin/00parallelChainsMenu.sh
            ;;
--- a/home.admin/00settingsMenuBasics.sh
+++ b/home.admin/00settingsMenuBasics.sh
@ -441,6 +441,7 @@ if [ "${clNode}" != "${choice}" ]; then
    fi
    # make sure that cln-grpc is on for the WebAPI
    echo "# install the cln-grpc plugin"
    /home/admin/config.scripts/cl-plugin.cln-grpc.sh install
    /home/admin/config.scripts/cl-plugin.cln-grpc.sh on
--- a/home.admin/00settingsMenuServices.sh
+++ b/home.admin/00settingsMenuServices.sh
@ -19,6 +19,7 @@ if [ ${#jam} -eq 0 ]; then jam="off"; fi
 if [ ${#LNBits} -eq 0 ]; then LNBits="off"; fi
 if [ ${#mempoolExplorer} -eq 0 ]; then mempoolExplorer="off"; fi
 if [ ${#bos} -eq 0 ]; then bos="off"; fi
 if [ ${#lnproxy} -eq 0 ]; then lnproxy="off"; fi
 if [ ${#pyblock} -eq 0 ]; then pyblock="off"; fi
 if [ ${#thunderhub} -eq 0 ]; then thunderhub="off"; fi
 if [ ${#sphinxrelay} -eq 0 ]; then sphinxrelay="off"; fi
@ -35,6 +36,7 @@ if [ ${#bitcoinminds} -eq 0 ]; then bitcoinminds="off"; fi
 if [ ${#squeaknode} -eq 0 ]; then squeaknode="off"; fi
 if [ ${#itchysats} -eq 0 ]; then itchysats="off"; fi
 if [ ${#lightningtipbot} -eq 0 ]; then lightningtipbot="off"; fi
 if [ ${#fints} -eq 0 ]; then fints="off"; fi
 # show select dialog
 echo "run dialog ..."
@ -68,6 +70,7 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
  OPTIONS+=(la 'LND LIT (loop, pool, faraday)' ${lit})
  OPTIONS+=(gb 'LND LNDg (auto-rebalance, auto-fees)' ${lndg})
  OPTIONS+=(oa 'LND Balance of Satoshis' ${bos})
  OPTIONS+=(lp 'LND lnproxy server' ${lnproxy})
  OPTIONS+=(ya 'LND PyBLOCK' ${pyblock})
  OPTIONS+=(ha 'LND ChannelTools (Fund Rescue)' ${chantools})
  OPTIONS+=(xa 'LND Sphinx-Relay' ${sphinxrelay})
@ -84,6 +87,7 @@ if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
 fi
 OPTIONS+=(ma 'Homer Dashboard' ${homer})
 OPTIONS+=(fn 'FinTS/HBCI Interface (experimental)' ${fints})
 CHOICES=$(dialog --title ' Additional Mainnet Services ' \
          --checklist ' use spacebar to activate/de-activate ' \
@ -339,6 +343,21 @@ else
  echo "Balance of Satoshis setting unchanged."
 fi
 # lnproxy process choice
 choice="off"; check=$(echo "${CHOICES}" | grep -c "lp")
 if [ ${check} -eq 1 ]; then choice="on"; fi
 if [ "${lnproxy}" != "${choice}" ]; then
  echo "lnproxy setting changed .."
  anychange=1
  sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh ${choice}
  source /mnt/hdd/raspiblitz.conf
  if [ "${lnproxy}" =  "on" ]; then
    sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh menu
  fi
 else
  echo "lnproxy setting unchanged."
 fi
 # PyBLOCK process choice
 choice="off"; check=$(echo "${CHOICES}" | grep -c "ya")
 if [ ${check} -eq 1 ]; then choice="on"; fi
@ -717,6 +736,17 @@ else
  echo "ItchySats setting unchanged."
 fi
 # fints process choice  
 choice="off"; check=$(echo "${CHOICES}" | grep -c "fn")
 if [ ${check} -eq 1 ]; then choice="on"; fi
 if [ "${fints}" != "${choice}" ]; then
  echo "fints setting changed .."
  anychange=1
  sudo -u admin /home/admin/config.scripts/bonus.fints.sh ${choice}
 else
  echo "fints setting unchanged."
 fi
 if [ ${anychange} -eq 0 ]; then
     dialog --msgbox "NOTHING CHANGED!\nUse Spacebar to check/uncheck services." 8 58
     exit 0
--- a/home.admin/99clMenu.sh
+++ b/home.admin/99clMenu.sh
@ -94,7 +94,7 @@ case $CHOICE in
      fi
      cd /home/bitcoin/suez || exit 1
      echo
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}
+      sudo -u bitcoin poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}
      echo
      echo "Press ENTER to return to main menu."
      read key
--- a/home.admin/99lndMenu.sh
+++ b/home.admin/99lndMenu.sh
@ -118,7 +118,7 @@ case $CHOICE in
        /home/admin/config.scripts/bonus.suez.sh on
      fi
      cd /home/bitcoin/suez || exit 1 
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
+      sudo -u bitcoin poetry run ./suez \
        --client-args=-n=${CHAIN} \
        --client-args=--rpcserver=localhost:1${L2rpcportmod}009
      echo
--- a/home.admin/BBcashoutWallet.sh
+++ b/home.admin/BBcashoutWallet.sh
@ -97,7 +97,7 @@ echo "******************************"
 # execute command
 if [ ${LNTYPE} = "cl" ];then
  # withdraw destination satoshi [feerate] [minconf] [utxos]
-  command="$lightningcli_alias withdraw ${address} all slow"
+  command="$lightningcli_alias withdraw ${address} all"
 elif [ ${LNTYPE} = "lnd" ];then
  command="$lncli_alias sendcoins --sweepall --addr=${address} --conf_target=36"
 fi
--- a/home.admin/_background.scan.sh
+++ b/home.admin/_background.scan.sh
@ -565,7 +565,7 @@ do
    fi
    if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_QUICK} ]; then
      echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net status"
-      source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net status)
+      source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net status)
      /home/admin/_cache.sh set ln_lnd_${CHAIN}net_activated "1"
      /home/admin/_cache.sh set ln_lnd_${CHAIN}net_locked "${ln_lnd_locked}"
      /home/admin/_cache.sh set ln_lnd_${CHAIN}net_version "${ln_lnd_version}"
@ -595,7 +595,7 @@ do
      if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_LONG} ]; then
        error=""
        echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net config"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net config)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net config)
        if [ "${error}" == "" ]; then
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_alias "${ln_lnd_alias}"
          if [ "${isDefaultLightning}" == "1" ] && [ "${isDefaultChain}" == "1" ]; then
@ -638,7 +638,7 @@ do
      if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_MID} ]; then
        error=""
        echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net info"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net info)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net info)
        if [ "${error}" == "" ]; then
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_address "${ln_lnd_address}"
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_tor "${ln_lnd_tor}"
@ -688,7 +688,7 @@ do
      if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_QUICK} ]; then
        error=""
        echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net wallet"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net wallet)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net wallet)
        if [ "${error}" == "" ]; then
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_wallet_onchain_balance "${ln_lnd_wallet_onchain_balance}"
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_wallet_onchain_pending "${ln_lnd_wallet_onchain_pending}"
@ -720,7 +720,7 @@ do
      if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_LONG} ]; then
        error=""
        echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net fees"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net fees)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net fees)
        if [ "${error}" == "" ]; then
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_fees_daily "${ln_lnd_fees_daily}"
          /home/admin/_cache.sh set ln_lnd_${CHAIN}net_fees_weekly "${ln_lnd_fees_weekly}"
@ -795,7 +795,7 @@ do
    fi
    if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_QUICK} ]; then
      echo "updating: /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net status"
-      source <(/home/admin/config.scripts/cl.monitor.sh ${CHAIN}net status)
+      source <(timeout 30s /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net status)
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_activated "1"
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_version "${ln_cl_version}"
      /home/admin/_cache.sh set ln_cl_${CHAIN}net_running "${ln_cl_running}"
@ -850,7 +850,7 @@ do
      if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_MID} ]; then
        error=""
        echo "updating: /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net info"
-        source <(/home/admin/config.scripts/cl.monitor.sh ${CHAIN}net info)
+        source <(timeout 30s /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net info)
        if [ "${error}" == "" ]; then
          /home/admin/_cache.sh set ln_cl_${CHAIN}net_alias "${ln_cl_alias}"
          /home/admin/_cache.sh set ln_cl_${CHAIN}net_address "${ln_cl_address}"
@ -904,7 +904,7 @@ do
      if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_MID} ]; then
        error=""
        echo "updating: /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net wallet"
-        source <(/home/admin/config.scripts/cl.monitor.sh ${CHAIN}net wallet)
+        source <(timeout 30s /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net wallet)
        if [ "${error}" == "" ]; then
          /home/admin/_cache.sh set ln_cl_${CHAIN}net_wallet_onchain_balance "${ln_cl_wallet_onchain_balance}"
          /home/admin/_cache.sh set ln_cl_${CHAIN}net_wallet_onchain_pending "${ln_cl_wallet_onchain_pending}"
--- a/home.admin/_commands.sh
+++ b/home.admin/_commands.sh
@ -570,10 +570,10 @@ function suez() {
    clear
    echo "# Showing the channels of ${lightning} ${chain}net - consider reducing the font size (press CTRL- or CMD-)"
    if [ ${lightning} = cl ]; then
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
+      sudo -u bitcoin poetry run ./suez \
      --client=c-lightning --client-args=--conf=${CLCONF}
    elif [ ${lightning} = lnd ]; then
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
+      sudo -u bitcoin poetry run ./suez \
      --client-args=-n=${CHAIN} \
      --client-args=--rpcserver=localhost:1${L2rpcportmod}009
    fi
--- a/home.admin/_provision_.sh
+++ b/home.admin/_provision_.sh
@ -643,6 +643,15 @@ else
  echo "Provisioning Balance of Satoshis - keep default" >> ${logFile}
 fi
 # LNPROXY
 if [ "${lnproxy}" = "on" ]; then
  echo "Provisioning lnproxy - run config script" >> ${logFile}
  /home/admin/_cache.sh set message "Setup lnproxy"
  sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh on >> ${logFile} 2>&1
 else
  echo "Provisioning lnproxy - keep default" >> ${logFile}
 fi
 # thunderhub
 if [ "${thunderhub}" = "on" ]; then
  echo "Provisioning ThunderHub - run config script" >> ${logFile}
@ -805,6 +814,15 @@ else
  echo "Provisioning LightningTipBot - keep default" >> ${logFile}
 fi
 # FinTS
 if [ "${fints}" = "on" ]; then
  echo "Provisioning FinTS - run config script" >> ${logFile}
  /home/admin/_cache.sh set message "Setup FinTS"
  sudo -u admin /home/admin/config.scripts/bonus.fints.sh on >> ${logFile} 2>&1
 else
  echo "Provisioning FinTS - keep default" >> ${logFile}
 fi
 # custom install script from user
 customInstallAvailable=$(ls /mnt/hdd/app-data/custom-installs.sh 2>/dev/null | grep -c "custom-installs.sh")
 if [ ${customInstallAvailable} -gt 0 ]; then
--- a/home.admin/_version.info
+++ b/home.admin/_version.info
@ -1,3 +1,3 @@
 # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1')
-codeVersion="1.9.0rc2"
+codeVersion="1.9.0rc3"
 # keep last line with comment
--- a/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
@ -14,7 +14,7 @@ server {
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
-        proxy_pass http://127.0.0.1:4747;
+        proxy_pass http://127.0.0.1:4747/;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/assets/nginx/sites-available/lnproxy_tor.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_tor.conf
@ -13,7 +13,7 @@ server {
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
-        proxy_pass http://127.0.0.1:4747;
+        proxy_pass http://127.0.0.1:4747/;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
@ -13,7 +13,7 @@ server {
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
-        proxy_pass http://127.0.0.1:4747;
+        proxy_pass http://127.0.0.1:4747/;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/config.scripts/blitz.debug.sh
+++ b/home.admin/config.scripts/blitz.debug.sh
@ -406,6 +406,17 @@ else
  echo "- SPHINX is OFF by config"
 fi
 if [ "${fints}" == "on" ]; then  
  echo
  echo "*** LAST 20 FINTS LOGS ***"
  echo "sudo journalctl -u fints -b --no-pager -n20"
  sudo journalctl -u fints -b --no-pager -n20
  echo "sudo tail -n 30 /home/fints/log/fuelifints.log"
  sudo tail -n 30 /home/fints/log/fuelifints.log
 else
  echo "- FINTS is OFF by config"
 fi
 echo
 echo "*** MOUNTED DRIVES ***"
 echo "df -T -h"
--- a/home.admin/config.scripts/blitz.git-verify.sh
+++ b/home.admin/config.scripts/blitz.git-verify.sh
@ -30,10 +30,9 @@ PGPsigner="$1"
 PGPpubkeyLink="$2"
 PGPpubkeyFingerprint="$3"
 wget -O /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"
 gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
-fingerprint=$(gpg --show-keys /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
+fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
 if [ "${fingerprint}" -lt 1 ]; then
  echo
  echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2
@ -65,7 +64,7 @@ echo
 cat "$_temp"
 echo "# goodSignature(${goodSignature})"
-correctKey=$(tr -d " \t\n\r" < "$_temp" | grep "${PGPpubkeyFingerprint}" -c)
+correctKey=$(tr -d " \t\n\r" <"$_temp" | grep "${PGPpubkeyFingerprint}" -c)
 echo "# correctKey(${correctKey})"
 if [ "${correctKey}" -lt 1 ] || [ "${goodSignature}" -lt 1 ]; then
--- a/home.admin/config.scripts/blitz.migration.sh
+++ b/home.admin/config.scripts/blitz.migration.sh
@ -26,21 +26,21 @@ defaultUploadPath="/mnt/hdd/temp/migration"
 # get local ip
 source <(/home/admin/config.scripts/internet.sh status local)
-# SFTP download and upload links
+# SCP download and upload links
-sftpDownloadUnix="sftp -r 'bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz' ./"
+downloadUnix="scp -r 'bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz' ./"
-sftpDownloadWin="sftp -r bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz ."
+downloadWin="scp -r bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz ."
-sftpUploadUnix="sftp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
+uploadUnix="scp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
-sftpUploadWin="sftp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
+uploadWin="scp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
 # output status data & exit
 if [ "$1" = "status" ]; then
  echo "# RASPIBLITZ Data Import & Export"
  echo "localip=\"${localip}\""
  echo "defaultUploadPath=\"${defaultUploadPath}\""
-  echo "sftpDownloadUnix=\"${sftpDownloadUnix}\""
+  echo "downloadUnix=\"${downloadUnix}\""
-  echo "sftpUploadUnix=\"${sftpUploadUnix}\""
+  echo "uploadUnix=\"${uploadUnix}\""
-  echo "sftpDownloadWin=\"${sftpDownloadWin}\""
+  echo "downloadWin=\"${downloadWin}\""
-  echo "sftpUploadWin=\"${sftpUploadWin}\""
+  echo "uploadWin=\"${uploadWin}\""
  exit 1
 fi
--- a/home.admin/config.scripts/blitz.ssh.sh
+++ b/home.admin/config.scripts/blitz.ssh.sh
@ -32,11 +32,23 @@ fi
 ###################
 if [ "$1" = "renew" ]; then
  echo "# *** $0 $1"
-  sudo systemctl stop sshd
+
-  sudo rm /etc/ssh/ssh_host_*
+  # stop sshd
-  sudo ssh-keygen -A
+  systemctl stop sshd
-  sudo dpkg-reconfigure openssh-server
+
-  sudo systemctl start sshd
+  # remove old keys
  rm /etc/ssh/ssh_host_*
  # generate new keys
  ssh-keygen -A
  dpkg-reconfigure openssh-server
  # clear journalctl logs
  journalctl --rotate
  journalctl --vacuum-time=1s
  # restart sshd
  systemctl start sshd
  exit 0
 fi
@ -70,23 +82,15 @@ if [ "$1" = "checkrepair" ]; then
  countKeyFiles=$(ls -la /etc/ssh/ssh_host_* 2>/dev/null | grep -c "/etc/ssh/ssh_host")
  echo "# countKeyFiles(${countKeyFiles})"
  if [ ${countKeyFiles} -lt 8 ]; then
    echo "# DETECTED: MISSING SSHD KEYFILES --> Generating new ones"
-    systemctl stop ssh
+    /home/admin/config.scripts/blitz.ssh.sh renew
-    echo "# ssh-keygen1"
+  fi
    cd /etc/ssh
    ssh-keygen -A
    systemctl start sshd
    sleep 3
-    countKeyFiles=$(ls -la /etc/ssh/ssh_host_* 2>/dev/null | grep -c "/etc/ssh/ssh_host")
+  # check logs for "no hostkeys available"
-    echo "# countKeyFiles(${countKeyFiles})"
+  noHostKeys=$(journalctl -u sshd | grep -c "no hostkeys available")
-    if [ ${countKeyFiles} -lt 8 ]; then
+  if [ ${noHostKeys} -gt 0 ]; then
-      echo "# FAIL: Was not able to generate new sshd host keys"
+    echo "# DETECTED: SSHD LOGS 'no hostkeys available' --> Generating new ones"
-    else
+    /home/admin/config.scripts/blitz.ssh.sh renew
      echo "# OK: New sshd host keys generated"
    fi
  fi
  # check if SSHD service is NOT running & active
--- a/home.admin/config.scripts/blitz.upload.sh
+++ b/home.admin/config.scripts/blitz.upload.sh
@ -2,7 +2,7 @@
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
- echo "# use to prepare & check sftp or web file upload to RaspiBlitz"
+ echo "# use to prepare & check scp or web file upload to RaspiBlitz"
 echo "# blitz.upload.sh prepare-upload"
 echo "# blitz.upload.sh check-upload ?[scb|lnd-rescue|migration]"
 exit 0
--- a/home.admin/config.scripts/blitz.web.api.sh
+++ b/home.admin/config.scripts/blitz.web.api.sh
@ -95,25 +95,26 @@ if [ "$1" = "update-config" ]; then
    elif [ "${lightning}" == "cl" ]; then
      echo "# CONFIG Web API Lightning --> CL"
-      sed -i "s/^ln_node=.*/ln_node=cln_grpc/g" ./.env
+      sed -i "s/^ln_node=.*/ln_node=cln_jrpc/g" ./.env
      sed -i "s/^cln_jrpc_path=.*/cln_jrpc_path="/mnt/hdd/app-data/.lightning/bitcoin/lightning-rpc"/g" ./.env
      # make sure cln-grpc is on
-      sudo /home/admin/config.scripts/cl-plugin.cln-grpc.sh on mainnet
+      # sudo /home/admin/config.scripts/cl-plugin.cln-grpc.sh on mainnet
      # get hex values of pem files
-      hexClient=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client.pem)
+      # hexClient=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client.pem)
-      hexClientKey=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client-key.pem)
+      # hexClientKey=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client-key.pem)
-      hexCa=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/ca.pem)
+      # hexCa=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/ca.pem)
-      if [ "${hexClient}" == "" ]; then
+      # if [ "${hexClient}" == "" ]; then
-        echo "# FAIL /home/bitcoin/.lightning/bitcoin/*.pem files maybe missing"
+      #   echo "# FAIL /home/bitcoin/.lightning/bitcoin/*.pem files maybe missing"
-      fi
+      # fi
      # update config with hex values
-      sed -i "s/^cln_grpc_cert=.*/cln_grpc_cert=${hexClient}/g" ./.env
+      # sed -i "s/^cln_grpc_cert=.*/cln_grpc_cert=${hexClient}/g" ./.env
-      sed -i "s/^cln_grpc_key=.*/cln_grpc_key=${hexClientKey}/g" ./.env
+      # sed -i "s/^cln_grpc_key=.*/cln_grpc_key=${hexClientKey}/g" ./.env
-      sed -i "s/^cln_grpc_ca=.*/cln_grpc_ca=${hexCa}/g" ./.env
+      # sed -i "s/^cln_grpc_ca=.*/cln_grpc_ca=${hexCa}/g" ./.env
-      sed -i "s/^cln_grpc_ip=.*/cln_grpc_ip=127.0.0.1/g" ./.env
+      # sed -i "s/^cln_grpc_ip=.*/cln_grpc_ip=127.0.0.1/g" ./.env
-      sed -i "s/^cln_grpc_port=.*/cln_grpc_port=4772/g" ./.env
+      # sed -i "s/^cln_grpc_port=.*/cln_grpc_port=4772/g" ./.env
    else
      echo "# CONFIG Web API Lightning --> OFF"
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@ -3,9 +3,9 @@
 # Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0
 # https://github.com/dgarage/NBXplorer/tags
-NBXplorerVersion="v2.3.59"
+NBXplorerVersion="v2.3.62"
 # https://github.com/btcpayserver/btcpayserver/releases
-BTCPayVersion="v1.7.5"
+BTCPayVersion="v1.8.2"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -31,7 +31,7 @@ function NBXplorerConfig() {
    echo "# nbxplorermainnet database already exists"
  else
    echo "# Generate the database for nbxplorer"
-    sudo -u postgres psql -c "create database nbxplorermainnet;"
+    sudo -u postgres psql -c "CREATE DATABASE nbxplorermainnet TEMPLATE template0 LC_CTYPE 'C' LC_COLLATE 'C' ENCODING 'UTF8';"
    sudo -u postgres psql -c "create user nbxplorer with encrypted password 'raspiblitz';"
    sudo -u postgres psql -c "grant all privileges on database nbxplorermainnet to nbxplorer;"
  fi
@ -68,7 +68,7 @@ function BtcPayConfig() {
      echo "# btcpaymainnet database already exists"
    else
      echo "# Generate the database for btcpay"
-      sudo -u postgres psql -c "create database btcpaymainnet;"
+      sudo -u postgres psql -c "CREATE DATABASE btcpaymainnet TEMPLATE template0 LC_CTYPE 'C' LC_COLLATE 'C' ENCODING 'UTF8';"
      sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';"
      sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;"
    fi
@ -696,6 +696,8 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
    echo "# deleting data"
    sudo -u postgres psql -c "drop database nbxplorermainnet;"
    sudo -u postgres psql -c "drop user nbxplorer;"
    sudo -u postgres psql -c "drop database btcpaymainnet;"
    sudo -u postgres psql -c "drop user btcpay;"
    sudo rm -R /mnt/hdd/app-data/.btcpayserver/
  else
    echo "# keeping data"
--- a/home.admin/config.scripts/bonus.fints.sh
+++ b/home.admin/config.scripts/bonus.fints.sh
@ -0,0 +1,430 @@
 #!/bin/bash
 APPID="fints"
 VERSION="2.23"
 # the git repo to get the source code from for install
 GITHUB_REPO="https://github.com/drmartinberger/FueliFinTS"
 # the github tag of the version of the source code to install
 # can also be a commit hash
 # if empty it will use the latest source version
 GITHUB_TAG=""
 # the github signature to verify the author
 # leave GITHUB_SIGN_AUTHOR empty to skip verifying
 GITHUB_SIGN_AUTHOR="" #web-flow
 GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
 GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23"
 # port numbers the app should run on
 # delete if not an web app
 PORT_CLEAR="3110"
 PORT_SSL="3111"
 # BASIC COMMANDLINE OPTIONS
 # you can add more actions or parameters if needed - for example see the bonus.rtl.sh
 # to see how you can deal with an app that installs multiple instances depending on
 # lightning implementation or testnets - but this should be OK for a start:
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "# Github Repo: ${GITHUB_REPO}"
  echo "# Telegram Community Support: https://t.me/LN_FinTS"
  echo "# bonus.${APPID}.sh status    -> status information (key=value)"
  echo "# bonus.${APPID}.sh on        -> install the app"
  echo "# bonus.${APPID}.sh off       -> uninstall the app"
  echo "# bonus.${APPID}.sh menu      -> SSH menu dialog"
  echo "# bonus.${APPID}.sh prestart  -> will be called by systemd before start"
  exit 1
 fi
 # echoing comments is useful for logs - but start output with # when not a key=value
 echo "# Running: 'bonus.${APPID}.sh $*'"
 # check & load raspiblitz config
 source /mnt/hdd/raspiblitz.conf
 #########################
 # INFO
 #########################
 # this section is always executed to gather status information that
 # all the following commands can use & execute on
 # check if app is already installed
 isInstalled=$(sudo ls /etc/systemd/system/${APPID}.service 2>/dev/null | grep -c "${APPID}.service")
 # check if service is running
 isRunning=$(systemctl status ${APPID} 2>/dev/null | grep -c 'active (running)')
 if [ "${isInstalled}" == "1" ]; then
  # gather address info (whats needed to call the app)
  localIP=$(hostname -I | awk '{print $1}')
  toraddress=$(sudo cat /mnt/hdd/tor/${APPID}/hostname 2>/dev/null)
  #fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
 fi
 # if the action parameter `status` was called - just stop here and output all
 # status information as a key=value list
 if [ "$1" = "status" ]; then
  echo "appID='${APPID}'"
  echo "version='${VERSION}'"
  echo "githubRepo='${GITHUB_REPO}'"
  echo "githubVersion='${GITHUB_TAG}'"
  echo "githubSignature='${GITHUB_SIGNATURE}'"
  echo "isInstalled=${isInstalled}"
  echo "isRunning=${isRunning}"
  if [ "${isInstalled}" == "1" ]; then
    echo "portCLEAR=${PORT_CLEAR}"
    echo "portSSL=${PORT_SSL}"
    echo "localIP='${localIP}'"
    echo "toraddress='${toraddress}'"
    #echo "fingerprint='${fingerprint}'"
    echo "toraddress='${toraddress}'"
  fi
  exit
 fi
 ##########################
 # MENU
 #########################
 # The `menu` action should give at least a SSH info dialog - when an webapp show
 # URL to call (http & https+fingerprint) otherwise some instruction how to start it.
 # This SSH dialog will be later called by the MAIN MENU to be available to the user
 # when app is installed.
 # This menu can also have some more complex structure if you want to make it easy
 # to the user to set configurations or maintenance options - example bonus.lnbits.sh
 # show info menu
 if [ "$1" = "menu" ]; then
  # get local ip
  localIP=$(hostname -I | awk '{print $1}')
  # set the title for the dialog
  dialogTitle=" FinTS / HBCI Interface "
  # basic info text - for an web app how to call with http & self-signed https
  dialogText="This is an very early experimental feature.\nServer-URL: ${localIP}:${PORT_SSL}\n\nSee GitHub Repo for more Details:\n${GITHUB_REPO}\n\nTelegram Community Chat & Support (say hi):\nhttps://t.me/LN_FinTS\n\nUse OPTIONS to config with LNbits & Debug.\n\n"
  # add tor info (if available)
  if [ "${toraddress}" != "" ]; then
    dialogText="${dialogText}Hidden Service address for Tor Connection:\n${toraddress}"
  fi
  # use whiptail to show SSH dialog & exit
  whiptail --title "${dialogTitle}" --yes-button "OK" --no-button "OPTIONS" --yesno "${dialogText}" 19 67
  result=$?
  if [ ${result} -eq 0 ]; then
    exit 0
  fi
  OPTIONS=()
  OPTIONS+=(LNBITS "Edit lnbits.properties")
  OPTIONS+=(DEBUG "Print Logs")
  WIDTH=66
  CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
  HEIGHT=$((CHOICE_HEIGHT+7))
  CHOICE=$(dialog --clear \
                --title " ${APPID} - Options" \
                --ok-label "Select" \
                --cancel-label "Back" \
                --menu "Choose one of the following options:" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)
  case $CHOICE in
    DEBUG)
      clear
      echo "# sudo tail -n 100 /home/fints/log/fuelifints.log"
      sudo tail -n 100 /home/fints/log/fuelifints.log
      echo "# PRESS ENTER to continue"
      read key
      ;;
    LNBITS)
      edittemp=$(mktemp -p /dev/shm/)
      sudo -u fints dialog --title "Editing /home/fints/config/lnbits.properties" --editbox "/home/fints/config/lnbits.properties" 200 200 2> "${edittemp}"
      result=$?
      clear
      if [ "${result}" == "0" ]; then
        echo "# saving changes to /home/fints/config/lnbits.properties"
        sudo rm /home/fints/config/lnbits.properties
        sudo mv ${edittemp} /home/fints/config/lnbits.properties
        sudo chown fints:fints /home/fints/config/lnbits.properties
      else
        echo "# (${result}) no changes - dont save"
      fi
      echo "# restarting fints service"
      sudo systemctl restart fints
      sleep 2
      ;;
  esac
  echo "please wait ..."
  exit 0
 fi
 ##########################
 # ON / INSTALL
 ##########################
 # This section takes care of installing the app.
 # The template contains some basic steps but also look at other install scripts
 # to see how special cases are solved.
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # dont run install if already installed
  if [ ${isInstalled} -eq 1 ]; then
    echo "# ${APPID}.service is already installed."
    exit 1
  fi
  echo "# Installing ${APPID} ..."
  # install java & build tool
  sudo apt install -y default-jdk
  sudo apt install -y maven
  # make sure mysql/myria db is available
  sudo apt-get install -y mariadb-server mariadb-client
  # create a dedicated user for the app
  echo "# create user"
  sudo adduser --disabled-password --gecos "" ${APPID} || exit 1
  # add user to special groups with special access rights
  # echo "# add use to special groups"
  # sudo /usr/sbin/usermod --append --groups lndadmin ${APPID}
  # create a data directory on /mnt/hdd/app-data/ for the app
  if ! [ -d /mnt/hdd/app-data/${APPID} ]; then
    echo "# create app-data directory"
    sudo mkdir /mnt/hdd/app-data/${APPID} 2>/dev/null
    sudo chown ${APPID}:${APPID} -R /mnt/hdd/app-data/${APPID}
  else
    echo "# reuse existing app-directory"
    sudo chown ${APPID}:${APPID} -R /mnt/hdd/app-data/${APPID}
  fi
  # download source code and verify
  # BACKGROUND is that now you download the code from github, reset to a given version tag/commit,
  # verify the author. If you app provides its source/binaries in another way, may check
  # other install scripts to see how that implement code download & verify.
  echo "# download the source code & verify"
  sudo -u ${APPID} git clone ${GITHUB_REPO} /home/${APPID}/${APPID}
  cd /home/${APPID}/${APPID}
  if [ "${GITHUB_TAG}" != "" ]; then
    sudo -u ${APPID} git reset --hard $GITHUB_TAG
  fi
  if [ "${GITHUB_SIGN_AUTHOR}" != "" ]; then
    sudo -u ${APPID} /home/admin/config.scripts/blitz.git-verify.sh \
     "${GITHUB_SIGN_AUTHOR}" "${GITHUB_SIGN_PUBKEYLINK}" "${GITHUB_SIGN_FINGERPRINT}" "${GITHUB_TAG}" || exit 1
  fi
  # compile/install the app
  echo "# compile/install the app"
  cd /home/${APPID}/${APPID}
  # install dependencies from pom.xml
  sudo -u fints mvn package
  if ! [ $? -eq 0 ]; then
      echo "# FAIL - mvn package did not run correctly - deleting code & exit"
      sudo rm -r /home/${APPID}/${APPID}
      exit 1
  fi
  sudo -u fints cp /home/fints/fints/target/LN-FinTS-jar-with-dependencies.jar /home/fints/fints-fat.jar
  if ! [ $? -eq 0 ]; then 
      echo "# FAIL - was not able to copy /home/fints/fints-fat.jar"
      sudo rm -r /home/${APPID}/${APPID}
      exit 1
  fi
  # init database
  sudo mariadb -e "DROP DATABASE IF EXISTS fints;"
  sudo mariadb -e "CREATE DATABASE fints;"
  sudo mariadb -e "GRANT ALL PRIVILEGES ON fints.* TO 'fintsuser' IDENTIFIED BY 'fints';"
  sudo mariadb -e "FLUSH PRIVILEGES;"
  if [ -f "dbsetup.sql" ]; then
    mariadb -ufintsuser -pfints fints < dbsetup.sql
  else
    echo "# FAIL - dbsetup.sql not found - deleting code & exit"
    sudo rm -r /home/${APPID}/${APPID}
    exit 1
  fi
  # open the ports in the firewall
  echo "# updating Firewall"
  sudo ufw allow ${PORT_CLEAR} comment "${APPID} HTTP"
  sudo ufw allow ${PORT_SSL} comment "${APPID} HTTPS"
  # every app has their own systemd service that cares about starting &
  # running the app in the background - see the PRESTART section for adhoc config
  echo "# create systemd service: ${APPID}.service"
  echo "
 [Unit]
 Description=${APPID}
 Wants=bitcoind
 After=bitcoind
 [Service]
 WorkingDirectory=/home/${APPID}
 Environment=\"HOME_PATH=/mnt/hdd/app-data/${APPID}\"
 ExecStartPre=-/home/admin/config.scripts/bonus.${APPID}.sh prestart
 ExecStart=java -jar /home/${APPID}/fints-fat.jar
 User=${APPID}
 Restart=always
 TimeoutSec=120
 RestartSec=30
 StandardOutput=null
 StandardError=journal
 # Hardening measures
 PrivateTmp=true
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateDevices=true
 [Install]
 WantedBy=multi-user.target
 " | sudo tee /etc/systemd/system/${APPID}.service
  sudo chown root:root /etc/systemd/system/${APPID}.service
  # when tor is set on also install the hidden service
  if [ "${runBehindTor}" = "on" ]; then
    # activating tor hidden service
    /home/admin/config.scripts/tor.onion-service.sh ${APPID} 80 ${PORT_CLEAR} 443 ${PORT_SSL}
  fi
  # create keystore if needed
  keystoreExists=$(sudo ls /mnt/hdd/app-data/fints/keystore.jks 2>/dev/null | grep -c 'keystore.jks')
  if [ ${keystoreExists} -eq 0 ]; then
    echo "# creating keystore"
    sudo -u fints keytool -genkey -keyalg RSA -alias fints -keystore /mnt/hdd/app-data/fints/keystore.jks -storepass raspiblitz -noprompt -dname "CN=raspiblitz, OU=IT, O=raspiblitz, L=world, S=world, C=BZ"
  else
    echo "# keystore already exists"
  fi
  # config app basics: lnbits.properties
  sudo -u fints mkdir /home/fints/config
  sudo -u fints cp /home/fints/fints/config/fuelifints.properties /home/fints/config/fuelifints.properties
  sudo sed -i "s/^productinfo.csv.check=.*/productinfo.csv.check=false/g" /home/fints/config/fuelifints.properties
  sudo sed -i "s/^rdh_port =.*/rdh_port = ${PORT_CLEAR}/g" /home/fints/config/fuelifints.properties
  sudo sed -i "s/^ssl_port =.*/ssl_port = ${PORT_SSL}/g" /home/fints/config/fuelifints.properties
  sudo sed -i "s/^keystore_location =.*/keystore_location = \/mnt\/hdd\/app-data\/fints\/keystore.jks/g" /home/fints/config/fuelifints.properties
  sudo sed -i "s/^keystore_password =.*/keystore_password = raspiblitz/g" /home/fints/config/fuelifints.properties
  # config app basics: blz.banking2.properties.example
  sudo -u fints cp /home/fints/fints/config/blz.banking2.properties.example /home/fints/config/blz.banking2.properties
  # config app basics: lnbits.properties
  sudo -u fints cp /home/fints/fints/config/lnbits.properties.example /home/fints/config/lnbits.properties
  # in file lnbits.properties replace the line starting with lnbitsUrl with the following line 'lnbitsUrl = http://127.0.0.1:5000'
  sudo sed -i "s/lnbitsUrl =.*/lnbitsUrl = http:\/\/127.0.0.1:5000/g" /home/fints/config/lnbits.properties   
  # mark app as installed in raspiblitz config
  /home/admin/config.scripts/blitz.conf.sh set ${APPID} "on"
  # enable app up thru systemd
  sudo systemctl enable ${APPID}
  echo "# OK - the ${APPID}.service is now enabled"
  # start app (only when blitz is ready)
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    sudo systemctl start ${APPID}
    echo "# OK - the ${APPID}.service is now started"
  fi
  echo "# Monitor with: sudo journalctl -f -u ${APPID}"
  exit 0
 fi
 ##########################
 # PRESTART
 ##########################
 # BACKGROUND is that this script will be called with `prestart` on every start & restart
 # of this apps systemd service. This has the benefit that right before the app is started
 # config parameters for this app can be updated so that it always starts with the most updated
 # values. With such an "adhoc config" it is for example possible to check right before start
 # what other apps are installed and configure connections. Even if those configs outdate later
 # while the app is running with the next restart they will then automatically update their config
 # again. If you dont need such "adhoc" config for your app - just leave it empty as it is, so
 # you maybe later on have the option to use it.
 if [ "$1" = "prestart" ]; then
  # needs to be run as the app user - stop if not run as the app user
  # keep in mind that in the prestart section you cannot use `sudo` command
  if [ "$USER" != "${APPID}" ]; then
    echo "# FAIL: run as user ${APPID}"
    exit 1
  fi
  echo "## PRESTART CONFIG START for ${APPID} (called by systemd prestart)"
  # at the moment no on the fly config is needed
  echo "## PRESTART CONFIG DONE for ${APPID}"
  exit 0
 fi
 ###########################################
 # OFF / UNINSTALL
 # call with parameter `delete-data` to also
 # delete the persistent data directory
 ###########################################
 # BACKGROUND is that this section removes entries in systemd, nginx, etc and then
 # deletes the user with its home directory to nuke all installed code
 # switch off
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "# stop & remove systemd service"
  sudo systemctl stop ${APPID} 2>/dev/null
  sudo systemctl disable ${APPID}.service
  sudo rm /etc/systemd/system/${APPID}.service
  #echo "# remove nginx symlinks"
  #sudo rm -f /etc/nginx/sites-enabled/${APPID}_ssl.conf 2>/dev/null
  #sudo rm -f /etc/nginx/sites-enabled/${APPID}_tor.conf 2>/dev/null
  #sudo rm -f /etc/nginx/sites-enabled/${APPID}_tor_ssl.conf 2>/dev/null
  #sudo rm -f /etc/nginx/sites-available/${APPID}_ssl.conf 2>/dev/null
  #sudo rm -f /etc/nginx/sites-available/${APPID}_tor.conf 2>/dev/null
  #sudo rm -f /etc/nginx/sites-available/${APPID}_tor_ssl.conf 2>/dev/null
  #sudo nginx -t
  #sudo systemctl reload nginx
  echo "# close ports on firewall"
  sudo ufw deny "${PORT_CLEAR}"
  sudo ufw deny "${PORT_SSL}"
  echo "# delete user"
  sudo userdel -rf ${APPID}
  echo "# removing Tor hidden service (if active)"
  /home/admin/config.scripts/tor.onion-service.sh off ${APPID}
  echo "# mark app as uninstalled in raspiblitz config"
  /home/admin/config.scripts/blitz.conf.sh set ${APPID} "off"
  # only if 'delete-data' is an additional parameter then also the data directory gets deleted
  if [ "$(echo "$@" | grep -c delete-data)" -gt 0 ]; then
    echo "# found 'delete-data' parameter --> also deleting the app-data"
    sudo rm -r /mnt/hdd/app-data/${APPID}
  fi
  echo "# OK - app should be uninstalled now"
  exit 0
 fi
 # just a basic error message when unknown action parameter was given
 echo "# FAIL - Unknown Parameter $1"
 exit 1
--- a/home.admin/config.scripts/bonus.go.sh
+++ b/home.admin/config.scripts/bonus.go.sh
@ -28,7 +28,7 @@ case "$1" in
    goOSversion=$(dpkg --print-architecture)
    if [ ${goOSversion} = "armv6l" ]; then
      checksum=${armv6lChecksum}
-    elif [ ${goOSversion{} = "arm64" ]; then
+    elif [ ${goOSversion} = "arm64" ]; then
      checksum=${arm64Checksum}
    elif [ ${goOSversion} = "amd64" ]; then
      checksum=${amd64Checksum}
--- a/home.admin/config.scripts/bonus.jam.sh
+++ b/home.admin/config.scripts/bonus.jam.sh
@ -2,7 +2,7 @@
 # https://github.com/joinmarket-webui/jam
-WEBUI_VERSION=0.1.4
+WEBUI_VERSION=0.1.5
 REPO=joinmarket-webui/jam
 USERNAME=jam
 HOME_DIR=/home/$USERNAME
--- a/home.admin/config.scripts/bonus.lit.sh
+++ b/home.admin/config.scripts/bonus.lit.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/lightninglabs/lightning-terminal/releases
-LITVERSION="0.8.4-alpha"
+LITVERSION="0.8.6-alpha"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -216,6 +216,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
      echo "# BUILD FAILED --> LND PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
      exit 1
    fi
    ###########
    # install #
    ###########
@ -231,6 +232,17 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    ###########
    # config  #
    ###########
    # check if lnd.conf has rpcmiddleware.enable entry under section Application Options
    entryExists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c "rpcmiddleware.enable=")
    if [ "${entryExists}" == "0" ]; then
      echo "# add rpcmiddleware.enable=true to lnd.conf"
      sudo sed -i "/^\[Application Options\]$/arpcmiddleware.enable=true" /mnt/hdd/lnd/lnd.conf
    fi
    # make sure lnd.conf has rpcmiddleware.enable=true
    sudo sed -i "s/^rpcmiddleware.enable=.*/rpcmiddleware.enable=true/g" /mnt/hdd/lnd/lnd.conf
    if [ "${runBehindTor}" = "on" ]; then
      echo "# Connect to the Pool, Loop and Terminal server through Tor"
      LOOPPROXY="loop.server.proxy=127.0.0.1:9050"
@ -240,7 +252,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
      LOOPPROXY=""
      POOLPROXY=""
    fi
-    PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
+    PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
    echo "
 # Application Options
 httpslisten=0.0.0.0:8443
@ -251,7 +263,7 @@ remote.lit-debuglevel=debug
 # Remote lnd options
 remote.lnd.rpcserver=127.0.0.1:10009
-remote.lnd.macaroonpath=/home/lit/.lnd/data/chain/${network}/${chain}net/admin.macaroon
+remote.lnd.macaroonpath=/home/lit/.lnd/data/chain/bitcoin/${chain}net/admin.macaroon
 remote.lnd.tlscertpath=/home/lit/.lnd/tls.cert
 # Loop
@ -347,6 +359,7 @@ alias lit-frcli=\"frcli --rpcserver=localhost:8443 \
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    echo "# OK - the litd.service is enabled, system is ready so starting service"
    sudo systemctl restart lnd
    sudo systemctl start litd
  else
    echo "# OK - the litd.service is enabled, to start manually use: 'sudo systemctl start litd'"
--- a/home.admin/config.scripts/bonus.lnbits.sh
+++ b/home.admin/config.scripts/bonus.lnbits.sh
@ -1,9 +1,9 @@
 #!/bin/bash
-# https://github.com/lnbits/lnbits-legend
+# https://github.com/lnbits/lnbits
-# https://github.com/lnbits/lnbits-legend/releases
+# https://github.com/lnbits/lnbits/releases
-tag="0.9.6"
+tag="0.10.2"
 VERSION="${tag}"
 # command info
@ -21,7 +21,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "bonus.lnbits.sh repo [githubuser] [branch]"
  echo "bonus.lnbits.sh sync"
  echo "bonus.lnbits.sh backup"
-  echo "bonus.lnbits.sh restore [?FILE]"    
+  echo "bonus.lnbits.sh restore [?FILE]"
  echo "bonus.lnbits.sh migrate"
  exit 1
 fi
@ -53,7 +53,7 @@ function postgresConfig() {
    echo "# Setup PostgreSQL successful, new database found: $check"
  fi
-  /home/admin/config.scripts/blitz.conf.sh set LNBitsDB "PostgreSQL"  
+  /home/admin/config.scripts/blitz.conf.sh set LNBitsDB "PostgreSQL"
 }
 function migrateMsg() {
@ -97,9 +97,9 @@ function revertMigration() {
      echo "# No backup file found!"
    fi
-    # update config 
+    # update config
    echo "# Configure config .env"
-    
+
    # clean up
    sudo sed -i "/^LNBITS_DATABASE_URL=/d" /home/lnbits/lnbits/.env
    sudo sed -i "/^LNBITS_DATA_FOLDER=/d" /home/lnbits/lnbits/.env
@ -293,25 +293,25 @@ Consider adding a IP2TOR Bridge under OPTIONS."
            else
              backup_target="/mnt/hdd/app-data/backup/lnbits_sqlite"
              backup_file=$(ls -t $backup_target/*.tar | head -n1)
-            fi      
+            fi
            if [ "$backup_file" = "" ]; then
              echo "ABORT - No Backup found to restore from"
              exit 1
            else
              # build dialog to choose backup file from menu
              OPTIONS_RESTORE=()
-                     
+
              counter=0
              cd $backup_target
-              for f in `find *.* -maxdepth 1 -type f`; do 
+              for f in `find *.* -maxdepth 1 -type f`; do
                [[ -f "$f" ]] || continue
                counter=$(($counter+1))
                OPTIONS_RESTORE+=($counter "$f")
              done
-              WIDTH_RESTORE=66  
+              WIDTH_RESTORE=66
              CHOICE_HEIGHT_RESTORE=$(("${#OPTIONS_RESTORE[@]}/2+1"))
-              HEIGHT_RESTORE=$((CHOICE_HEIGHT_RESTORE+7))     
+              HEIGHT_RESTORE=$((CHOICE_HEIGHT_RESTORE+7))
              CHOICE_RESTORE=$(dialog --clear \
              --title " LNbits - Backup restore" \
              --ok-label "Select" \
@ -339,19 +339,19 @@ Consider adding a IP2TOR Bridge under OPTIONS."
            dialog --title "MIGRATE LNBITS" --yesno "
 Do you want to proceed the migration?
-Try to migrate your LNBits SQLite database to PostgreSQL. 
+Try to migrate your LNBits SQLite database to PostgreSQL.
 This can fail for unknown circumstances. Revert of this process is possible afterwards, a backup will be saved.
            " 12 65
            if [ $? -eq 0 ]; then
-              clear     
+              clear
              /home/admin/config.scripts/bonus.lnbits.sh migrate
              echo
              migrateMsg
              echo
              echo "OK please test your LNBits installation."
              echo "PRESS ENTER to continue"
-              read key              
+              read key
            fi
            exit 0
            ;;
@ -502,7 +502,6 @@ if [ "$1" = "prestart" ]; then
    # set tls.cert path (use | as separator to avoid escaping file path slashes)
    sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/mnt/hdd/app-data/lnd/tls.cert|g" /home/lnbits/lnbits/.env
    # set macaroon  path info in .env - USING HEX IMPORT
    chmod 600 /home/lnbits/lnbits/.env
    macaroonAdminHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon)
@ -511,7 +510,8 @@ if [ "$1" = "prestart" ]; then
    sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
    sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
    sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
-    sed -i "s/^LND_REST_ENDPOINT=.*/LND_REST_ENDPOINT=https://127.0.0.1:${portprefix}8080/g" /home/lnbits/lnbits/.env
+    # set the REST endpoint (use | as separator to avoid escaping slashes)
    sed -i "s|^LND_REST_ENDPOINT=.*|LND_REST_ENDPOINT=https://127.0.0.1:${portprefix}8080|g" /home/lnbits/lnbits/.env
  elif [ "${LNBitsLightning}" == "cl" ]; then
@ -579,16 +579,11 @@ if [ "$1" = "sync" ] || [ "$1" = "repo" ]; then
  # pull latest code
  sudo -u lnbits git pull
-  # install
+  # check if poetry in installed, if not install it
-  sudo -u lnbits python3 -m venv venv
+  sudo -u lnbits which poetry || sudo -u lnbits curl -sSL https://install.python-poetry.org | sudo -u lnbits python3 -
-  sudo -u lnbits ./venv/bin/pip install -r requirements.txt
+  # do install like this
-  sudo -u lnbits ./venv/bin/pip install pylightning
+  sudo -u lnbits poetry install
  sudo -u lnbits ./venv/bin/pip install secp256k1
  sudo -u lnbits ./venv/bin/pip install pyln-client
  sudo -u lnbits ./venv/bin/pip install psycopg2 # conv.py postgres migration dependency
  # build
  sudo -u lnbits ./venv/bin/python build.py
  # restart lnbits service
  sudo systemctl restart lnbits
  echo "# server is restarting ... maybe takes some seconds until available"
@ -627,7 +622,7 @@ if [ "$1" = "install" ]; then
  echo "# get the github code user(${githubUser}) branch(${tag})"
  sudo rm -r /home/lnbits/lnbits 2>/dev/null
  cd /home/lnbits  || exit 1
-  sudo -u lnbits git clone https://github.com/${githubUser}/lnbits-legend lnbits
+  sudo -u lnbits git clone https://github.com/${githubUser}/lnbits lnbits
  cd /home/lnbits/lnbits || exit 1
  sudo -u lnbits git checkout ${tag} || exit 1
@ -635,16 +630,14 @@ if [ "$1" = "install" ]; then
  echo "# installing application dependencies"
  cd /home/lnbits/lnbits  || exit 1
  # check if poetry in installed, if not install it
  if ! sudo -u lnbits which poetry; then
    echo "# install poetry"
    sudo pip3 install --upgrade pip
    sudo pip3 install poetry
  fi
  # do install like this
-  sudo -u lnbits python3 -m venv venv
+  sudo -u lnbits poetry install
  sudo -u lnbits ./venv/bin/pip install -r requirements.txt
  sudo -u lnbits ./venv/bin/pip install pylightning
  sudo -u lnbits ./venv/bin/pip install secp256k1
  sudo -u lnbits ./venv/bin/pip install pyln-client
  sudo -u lnbits ./venv/bin/pip install psycopg2 # conv.py postgres migration dependency
  # build
  sudo -u lnbits ./venv/bin/python build.py
  exit 0
 fi
@ -739,7 +732,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "# preparing env file"
  sudo rm /home/lnbits/lnbits/.env 2>/dev/null
  sudo -u lnbits touch /home/lnbits/lnbits/.env
  sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env"
  if [ ! -e /mnt/hdd/app-data/LNBits/database.sqlite3 ]; then
    echo "# install database: PostgreSQL"
@ -752,11 +744,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    # config update
    # example: postgres://<user>:<password>@<host>/<database>
    sudo bash -c "echo 'LNBITS_DATABASE_URL=postgres://lnbits_user:raspiblitz@localhost:5432/lnbits_db' >> /home/lnbits/lnbits/.env"
-    sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits/data' >> /home/lnbits/lnbits/.env"  
+    sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits/data' >> /home/lnbits/lnbits/.env"
  else
    echo "# install database: SQLite"
    /home/admin/config.scripts/blitz.conf.sh set LNBitsDB "SQLite"
-    
+
    # new data directory
    sudo mkdir -p /mnt/hdd/app-data/LNBits
@ -789,7 +781,7 @@ After=bitcoind.service
 [Service]
 WorkingDirectory=/home/lnbits/lnbits
 ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart
-ExecStart=/home/lnbits/lnbits/venv/bin/uvicorn lnbits.__main__:app --port 5000
+ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && poetry run lnbits --port 5000'
 User=lnbits
 Restart=always
 TimeoutSec=120
@ -1081,7 +1073,7 @@ if [ "$1" = "restore" ]; then
    else
      echo "# Restore SQLite database"
      cd $backup_target
-       
+
      if [ "$2" != "" ]; then
        if [ -e $2 ]; then
          backup_file=$2
@ -1102,7 +1094,7 @@ if [ "$1" = "restore" ]; then
      # backup current db
      /home/admin/config.scripts/bonus.lnbits.sh backup
-      
+
      # apply backup data
      sudo rm -R /mnt/hdd/app-data/LNBits/
      sudo chown -R lnbits:lnbits LNBits/
@ -1166,7 +1158,7 @@ if [ "$1" = "migrate" ]; then
    # example: postgres://<user>:<password>@<host>/<database>
    # add new postgres config
    sudo bash -c "echo 'LNBITS_DATABASE_URL=postgres://lnbits_user:raspiblitz@localhost:5432/lnbits_db' >> /home/lnbits/lnbits/.env"
-    
+
    # clean start on new postgres db prior migration
    echo "# LNBits first start with clean PostgreSQL"
    sudo systemctl start lnbits
@ -1192,7 +1184,7 @@ if [ "$1" = "migrate" ]; then
    sudo systemctl stop lnbits
    echo "# Start convert old SQLite to new PostgreSQL"
-    if ! sudo -u lnbits ./venv/bin/python tools/conv.py; then
+    if ! sudo -u lnbits poetry run python tools/conv.py; then
      echo "FAIL - Convert failed, revert migration process"
      revertMigration
      exit 1
@ -1224,4 +1216,4 @@ if [ "$1" = "migrate" ]; then
 fi
 echo "FAIL - Unknown Parameter $1"
-exit 1
+exit 1
--- a/home.admin/config.scripts/bonus.lndg.sh
+++ b/home.admin/config.scripts/bonus.lndg.sh
@ -1,13 +1,13 @@
 #!/bin/bash
 # https://github.com/cryptosharks131/lndg
-VERSION="1.5.0 "
+VERSION="1.6.0 "
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
- echo "config script to install, update or uninstall LNDG"
+  echo "config script to install, update or uninstall LNDG"
- echo "bonus.lndg.sh [on|off|menu|update|setpassword|status]"
+  echo "bonus.lndg.sh [on|off|menu|update|setpassword|status]"
- exit 1
+  exit 1
 fi
 # check and load raspiblitz config
@ -110,7 +110,7 @@ if __name__ == '__main__':
    sudo chmod 644 /home/lndg/lndg/changepassword.py
    sudo chown lndg:lndg /home/lndg/lndg/changepassword.py
-	sudo -u lndg /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/changepassword.py "$2"
+    sudo -u lndg /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/changepassword.py "$2"
  fi
  echo "ok, password changed to $2"
  exit 0
@ -152,28 +152,28 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    # first check and see if a database exists
    isDatabase=$(sudo ls /mnt/hdd/app-data/lndg/data/db.sqlite3 2>/dev/null | grep -c 'db.sqlite3')
    if ! [ ${isDatabase} -eq 0 ]; then
-	  if [ "$2" == "deletedatabase" ]; then
+      if [ "$2" == "deletedatabase" ]; then
-	  
+    
-	    # deleting old database and moving new database
+      # deleting old database and moving new database
-	echo "Deleting existing database and creating new one"
+        echo "Deleting existing database and creating new one"
        sudo rm -rf /mnt/hdd/app-data/lndg/data
        sudo cp -p -r /home/lndg/lndg/data /mnt/hdd/app-data/lndg/data
        sudo rm /home/lndg/lndg/data/db.sqlite3
        sudo ln -sf /mnt/hdd/app-data/lndg/data/db.sqlite3 /home/lndg/lndg/data/db.sqlite3
        sudo chown lndg:lndg -R /mnt/hdd/app-data/lndg/
-      else		
+      else    
-	  
+    
        # using existing database, so remove newly created database and link to existing one
        echo "Database already exists, using existing database"
        sudo rm /home/lndg/lndg/data/db.sqlite3
-	sudo chown -R lndg:lndg /mnt/hdd/app-data/lndg
+        sudo chown -R lndg:lndg /mnt/hdd/app-data/lndg
-	sudo chmod -R 755 /mnt/hdd/app-data/lndg
+        sudo chmod -R 755 /mnt/hdd/app-data/lndg
-	sudo chmod 644 /mnt/hdd/app-data/lndg/data/db.sqlite3
+        sudo chmod 644 /mnt/hdd/app-data/lndg/data/db.sqlite3
        sudo -u lndg ln -sf /mnt/hdd/app-data/lndg/data/db.sqlite3 /home/lndg/lndg/data/db.sqlite3
-	sudo -u lndg /home/lndg/lndg/.venv/bin/python manage.py migrate
+        sudo -u lndg /home/lndg/lndg/.venv/bin/python manage.py migrate
      fi
    else
-	
+  
      # database doesn't exist, so move to HDD and simlink
      sudo mkdir -p /mnt/hdd/app-data/lndg
      sudo cp -p -r /home/lndg/lndg/data /mnt/hdd/app-data/lndg/data
@ -222,15 +222,15 @@ if __name__ == '__main__':
    ##################
    # first install and configure whitenoise
-    sudo /home/lndg/lndg/.venv/bin/pip install whitenoise 
+    sudo /home/lndg/lndg/.venv/bin/pip install whitenoise
-    sudo rm /home/lndg/lndg/lndg/settings.py 
+    sudo rm /home/lndg/lndg/lndg/settings.py
    sudo /home/lndg/lndg/.venv/bin/python initialize.py -wn
-	
+
-	# install gunicorn application server
+    # install gunicorn application server
    sudo /home/lndg/lndg/.venv/bin/python -m pip install 'gunicorn==20.1.*'
-	
+
-	# switch back to home directory
+    # switch back to home directory
-	cd /home/admin/
+    cd /home/admin/
    echo "# Install gunicorn.service file for gunicorn lndg.wsgi application server"
    echo "
@ -258,13 +258,13 @@ WantedBy=multi-user.target
    # setup nginx .conf files
    if ! [ -f /etc/nginx/sites-available/lndg_ssl.conf ]; then
-       sudo cp -f /home/admin/assets/nginx/sites-available/lndg_ssl.conf /etc/nginx/sites-available/lndg_ssl.conf
+      sudo cp -f /home/admin/assets/nginx/sites-available/lndg_ssl.conf /etc/nginx/sites-available/lndg_ssl.conf
    fi
    if ! [ -f /etc/nginx/sites-available/lndg_tor.conf ]; then
-       sudo cp -f /home/admin/assets/nginx/sites-available/lndg_tor.conf /etc/nginx/sites-available/lndg_tor.conf
+      sudo cp -f /home/admin/assets/nginx/sites-available/lndg_tor.conf /etc/nginx/sites-available/lndg_tor.conf
    fi
    if ! [ -f /etc/nginx/sites-available/lndg_tor_ssl.conf ]; then
-       sudo cp -f /home/admin/assets/nginx/sites-available/lndg_tor_ssl.conf /etc/nginx/sites-available/lndg_tor_ssl.conf
+      sudo cp -f /home/admin/assets/nginx/sites-available/lndg_tor_ssl.conf /etc/nginx/sites-available/lndg_tor_ssl.conf
    fi
    # setup nginx symlinks
@ -449,11 +449,13 @@ if [ "$1" = "update" ]; then
  cd /home/lndg/lndg || exit 1
  sudo -u lndg git pull
  sudo -u lndg .venv/bin/pip install requests
  sudo -u lndg .venv/bin/pip install -r requirements.txt
  sudo -u lndg .venv/bin/python manage.py migrate
  # reinitialize settings.py in case update requires it
  sudo rm /home/lndg/lndg/lndg/settings.py 
-  sudo /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/initialize.py -wn
+  sudo /home/lndg/lndg/.venv/bin/python initialize.py -wn
  cd /home/admin
  # restart services
  sudo systemctl restart nginx
--- a/home.admin/config.scripts/bonus.lnproxy.sh
+++ b/home.admin/config.scripts/bonus.lnproxy.sh
@ -38,7 +38,7 @@ To use the API:
 curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n
 The Tor Hidden Service address to share for using the API:
 ${torAddress}/api
-" 19 67
+" 20 70
      sudo /home/admin/config.scripts/blitz.display.sh hide
    else
      # Info without Tor
@ -204,7 +204,6 @@ EOF
  sudo nginx -t
  sudo systemctl reload nginx
  sudo ufw allow 4747 comment lnproxy-HTTP
  sudo ufw allow 4748 comment lnproxy-webui-HTTP
  sudo ufw allow 4749 comment lnproxy-HTTPS
@ -214,9 +213,11 @@ EOF
  /home/admin/config.scripts/blitz.conf.sh set lnproxy "on"
  echo "# API:"
-  echo "curl http://${localip}:4747/{your_invoice}?routing_msat={routing_budget}"
+  echo "curl http://127.0.0.1:4747/{your_invoice}?routing_msat={routing_budget}"
  echo "curl -k https://${localip}:4749/api/{your_invoice}?routing_msat={routing_budget}"
  echo "# WebUI:"
  echo "http://${localip}:4748"
  echo "https://${localip}:4749"
  echo "# More info at:"
  echo "https://github.com/lnproxy/lnproxy"
@ -231,15 +232,14 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  # remove systemd services
  sudo systemctl disable --now lnproxy
-  /etc/systemd/system/lnproxy.service
+  sudo rm -f /etc/systemd/system/lnproxy.service
  sudo systemctl disable --now lnproxy-webui
-  /etc/systemd/system/lnproxy-webui.service
+  sudo rm -f /etc/systemd/system/lnproxy-webui.service
  # remove Tor service
  /home/admin/config.scripts/tor.onion-service.sh off lnproxy
  # close ports on firewall
  sudo ufw delete allow 4747
  sudo ufw delete allow 4748
  sudo ufw delete allow 4749
--- a/home.admin/config.scripts/bonus.rtl.sh
+++ b/home.admin/config.scripts/bonus.rtl.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/Ride-The-Lightning/RTL/releases
-RTLVERSION="v0.13.0"
+RTLVERSION="v0.13.6"
 # check and load raspiblitz config
 # to know which network is running
@ -63,10 +63,10 @@ if [ "$1" = "status" ] || [ "$1" = "menu" ]; then
  localip=$(hostname -I | awk '{print $1}')
  toraddress=$(sudo cat /mnt/hdd/tor/${netprefix}${typeprefix}RTL/hostname 2>/dev/null)
  fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
-  RTLHTTPS=$((RTLHTTP+1))
+  RTLHTTPS=$((RTLHTTP + 1))
  if [ "$1" = "status" ]; then
-  
+
    echo "version='${RTLVERSION}'"
    echo "installed='${isInstalled}'"
    echo "localIP='${localip}'"
@ -96,7 +96,7 @@ if [ "$1" = "menu" ]; then
    sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
    whiptail --title "Ride The Lightning (RTL - $LNTYPE - $CHAIN)" --msgbox "Open in your local web browser:
 http://${localip}:${RTLHTTP}\n
-https://${localip}:$((RTLHTTP+1)) with Fingerprint:
+https://${localip}:$((RTLHTTP + 1)) with Fingerprint:
 ${fingerprint}\n
 Use your Password B to login.\n
 Hidden Service address for Tor Browser (QRcode on LCD):\n${toraddress}
@ -107,7 +107,7 @@ Hidden Service address for Tor Browser (QRcode on LCD):\n${toraddress}
  else
    whiptail --title "Ride The Lightning (RTL - $LNTYPE - $CHAIN)" --msgbox "Open in your local web browser & accept self-signed cert:
 http://${localip}:${RTLHTTP}\n
-https://${localip}:$((RTLHTTP+1)) with Fingerprint:
+https://${localip}:$((RTLHTTP + 1)) with Fingerprint:
 ${fingerprint}\n
 Use your Password B to login.\n
 Activate Tor to access the web interface from outside your local network.
@ -117,7 +117,6 @@ Activate Tor to access the web interface from outside your local network.
  exit 0
 fi
 ########################################
 # INSTALL (just user, code & compile)
 ########################################
@ -125,7 +124,7 @@ fi
 if [ "$1" = "install" ]; then
  # check if already installed
-  if [ -f /home/rtl/RTL/LICENSE ];then
+  if [ -f /home/rtl/RTL/LICENSE ]; then
    echo "# RTL already installed - skipping"
    exit 0
  fi
@ -136,7 +135,7 @@ if [ "$1" = "install" ]; then
  /home/admin/config.scripts/bonus.nodejs.sh on
  # create rtl user (one for all instances)
-  if [ $(compgen -u | grep -c rtl) -eq 0 ];then
+  if [ $(compgen -u | grep -c rtl) -eq 0 ]; then
    sudo adduser --disabled-password --gecos "" rtl || exit 1
  fi
@ -163,7 +162,7 @@ if [ "$1" = "install" ]; then
  # install
  echo "# Running npm install ..."
  export NG_CLI_ANALYTICS=false
-  sudo -u rtl npm install --omit=dev
+  sudo -u rtl npm install --omit=dev --legacy-peer-deps
  if ! [ $? -eq 0 ]; then
    echo "# FAIL - npm install did not run correctly - deleting code and exit"
    sudo rm -r /home/rtl/RTL
@ -229,7 +228,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  fi
  # make sure softwarte is installed
-  if [ -f /home/rtl/RTL/LICENSE ];then
+  if [ -f /home/rtl/RTL/LICENSE ]; then
    echo "# OK - the RTL code is already present"
  else
    echo "# install of codebase is needed first"
@ -241,8 +240,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "# Make sure symlink to central app-data directory exists"
  if ! [[ -L "/home/rtl/.lnd" ]]; then
-    sudo rm -rf "/home/rtl/.lnd" 2>/dev/null              # not a symlink.. delete it silently
+    sudo rm -rf "/home/rtl/.lnd" 2>/dev/null             # not a symlink.. delete it silently
-    sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/rtl/.lnd"  # and create symlink
+    sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/rtl/.lnd" # and create symlink
  fi
  if [ "${LNTYPE}" == "lnd" ]; then
@ -252,8 +251,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  fi
  echo "# Updating Firewall"
-  sudo ufw allow ${RTLHTTP} comment "${systemdService} HTTP"
+  sudo ufw allow "${RTLHTTP}" comment "${systemdService} HTTP"
-  sudo ufw allow $((RTLHTTP+1)) comment "${systemdService} HTTPS"
+  sudo ufw allow $((RTLHTTP + 1)) comment "${systemdService} HTTPS"
  echo
  # make sure config directory exists
@ -314,7 +313,7 @@ WantedBy=multi-user.target
  # Hidden Service for RTL if Tor is active
  if [ "${runBehindTor}" = "on" ]; then
    # make sure to keep in sync with tor.network.sh script
-    /home/admin/config.scripts/tor.onion-service.sh ${netprefix}${typeprefix}RTL 80 $((RTLHTTP+2)) 443 $((RTLHTTP+3))
+    /home/admin/config.scripts/tor.onion-service.sh ${netprefix}${typeprefix}RTL 80 $((RTLHTTP + 2)) 443 $((RTLHTTP + 3))
  fi
  # nginx configuration
@ -323,11 +322,11 @@ WantedBy=multi-user.target
  sudo cp /home/admin/assets/nginx/sites-available/rtl_tor.conf /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor.conf
  sudo cp /home/admin/assets/nginx/sites-available/rtl_tor_ssl.conf /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor_ssl.conf
  sudo sed -i "s/3000/$RTLHTTP/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_ssl.conf
-  sudo sed -i "s/3001/$((RTLHTTP+1))/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_ssl.conf
+  sudo sed -i "s/3001/$((RTLHTTP + 1))/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_ssl.conf
  sudo sed -i "s/3000/$RTLHTTP/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor.conf
-  sudo sed -i "s/3002/$((RTLHTTP+2))/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor.conf
+  sudo sed -i "s/3002/$((RTLHTTP + 2))/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor.conf
  sudo sed -i "s/3000/$RTLHTTP/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor_ssl.conf
-  sudo sed -i "s/3003/$((RTLHTTP+3))/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor_ssl.conf
+  sudo sed -i "s/3003/$((RTLHTTP + 3))/g" /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor_ssl.conf
  sudo ln -sf /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_ssl.conf /etc/nginx/sites-enabled/
  sudo ln -sf /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor.conf /etc/nginx/sites-enabled/
  sudo ln -sf /etc/nginx/sites-available/${netprefix}${typeprefix}rtl_tor_ssl.conf /etc/nginx/sites-enabled/
@ -345,7 +344,7 @@ WantedBy=multi-user.target
  echo "# OK - the ${systemdService}.service is now enabled & started"
  echo "# Monitor with: sudo journalctl -f -u ${systemdService}"
-  # needed for API/WebUI as signal that install ran thru 
+  # needed for API/WebUI as signal that install ran thru
  echo "result='OK'"
  exit 0
 fi
@ -379,8 +378,8 @@ if [ "$1" = "connect-services" ]; then
    echo "# Add the rtl user to the lit group"
    sudo /usr/sbin/usermod --append --groups lit rtl
    echo "# Symlink the lit-loop.macaroon"
-    sudo rm -rf "/home/rtl/.loop"                    #  delete symlink
+    sudo rm -rf "/home/rtl/.loop"                   #  delete symlink
-    sudo ln -s "/home/lit/.loop/" "/home/rtl/.loop"  # create symlink
+    sudo ln -s "/home/lit/.loop/" "/home/rtl/.loop" # create symlink
    echo "# Make the loop macaroon group readable"
    sudo chmod 640 /home/rtl/.loop/mainnet/macaroons.db
  elif [ "${loop}" = "on" ]; then
@ -388,8 +387,8 @@ if [ "$1" = "connect-services" ]; then
    echo "# Add the rtl user to the loop group"
    sudo /usr/sbin/usermod --append --groups loop rtl
    echo "# Symlink the loop.macaroon"
-    sudo rm -rf "/home/rtl/.loop"                     # delete symlink
+    sudo rm -rf "/home/rtl/.loop"                    # delete symlink
-    sudo ln -s "/home/loop/.loop/" "/home/rtl/.loop"  # create symlink
+    sudo ln -s "/home/loop/.loop/" "/home/rtl/.loop" # create symlink
    echo "# Make the loop macaroon group readable"
    sudo chmod 640 /home/rtl/.loop/mainnet/macaroons.db
  else
@ -428,14 +427,14 @@ if [ "$1" = "prestart" ]; then
  # determine correct loop swap server port (lit over loop single)
  if [ "${lit}" = "on" ]; then
-      echo "# use lit loop port"
+    echo "# use lit loop port"
-      SWAPSERVERPORT=8443
+    SWAPSERVERPORT=8443
  elif [ "${loop}" = "on" ]; then
-      echo "# use loop single instance port"
+    echo "# use loop single instance port"
-      SWAPSERVERPORT=8081
+    SWAPSERVERPORT=8081
  else
-      echo "# No lit or loop single detected"
+    echo "# No lit or loop single detected"
-      SWAPSERVERPORT=""
+    SWAPSERVERPORT=""
  fi
  # prepare RTL-Config.json file
@ -455,20 +454,20 @@ if [ "$1" = "prestart" ]; then
  # LND changes of config
  if [ "${LNTYPE}" == "lnd" ]; then
    echo "# LND Config"
-    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json | \
+    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json |
-    jq ".port = \"${RTLHTTP}\"" | \
+      jq ".port = \"${RTLHTTP}\"" |
-    jq ".multiPass = \"${RPCPASSWORD}\"" | \
+      jq ".multiPass = \"${RPCPASSWORD}\"" |
-    jq ".multiPassHashed = \"\"" | \
+      jq ".multiPassHashed = \"\"" |
-    jq ".nodes[0].lnNode = \"${hostname}\"" | \
+      jq ".nodes[0].lnNode = \"${hostname}\"" |
-    jq ".nodes[0].lnImplementation = \"LND\"" | \
+      jq ".nodes[0].lnImplementation = \"LND\"" |
-    jq ".nodes[0].Authentication.macaroonPath = \"/home/rtl/.lnd/data/chain/${network}/${CHAIN}/\"" | \
+      jq ".nodes[0].Authentication.macaroonPath = \"/home/rtl/.lnd/data/chain/${network}/${CHAIN}/\"" |
-    jq ".nodes[0].Authentication.configPath = \"/home/rtl/.lnd/${netprefix}lnd.conf\"" | \
+      jq ".nodes[0].Authentication.configPath = \"/home/rtl/.lnd/${netprefix}lnd.conf\"" |
-    jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" | \
+      jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" |
-    jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" | \
+      jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" |
-    jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" | \
+      jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" |
-    jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}8080\"" | \
+      jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}8080\"" |
-    jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" | \
+      jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" |
-    jq ".nodes[0].Settings.swapServerUrl = \"https://127.0.0.1:${SWAPSERVERPORT}\"" > /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp
+      jq ".nodes[0].Settings.swapServerUrl = \"https://127.0.0.1:${SWAPSERVERPORT}\"" >/mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp
    mv /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json
  fi
@ -476,20 +475,20 @@ if [ "$1" = "prestart" ]; then
  # https://github.com/Ride-The-Lightning/RTL/blob/master/docs/C-Lightning-setup.md
  if [ "${LNTYPE}" == "cl" ]; then
    echo "# CL Config"
-    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json | \
+    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json |
-    jq ".port = \"${RTLHTTP}\"" | \
+      jq ".port = \"${RTLHTTP}\"" |
-    jq ".multiPass = \"${RPCPASSWORD}\"" | \
+      jq ".multiPass = \"${RPCPASSWORD}\"" |
-    jq ".multiPassHashed = \"\"" | \
+      jq ".multiPassHashed = \"\"" |
-    jq ".nodes[0].lnNode = \"${hostname}\"" | \
+      jq ".nodes[0].lnNode = \"${hostname}\"" |
-    jq ".nodes[0].lnImplementation = \"CLT\"" | \
+      jq ".nodes[0].lnImplementation = \"CLT\"" |
-    jq ".nodes[0].Authentication.macaroonPath = \"/home/bitcoin/c-lightning-REST/${CLNETWORK}/certs\"" | \
+      jq ".nodes[0].Authentication.macaroonPath = \"/home/bitcoin/c-lightning-REST/${CLNETWORK}/certs\"" |
-    jq ".nodes[0].Authentication.configPath = \"${CLCONF}\"" | \
+      jq ".nodes[0].Authentication.configPath = \"${CLCONF}\"" |
-    jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" | \
+      jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" |
-    jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" | \
+      jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" |
-    jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" | \
+      jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" |
-    jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}6100\"" | \
+      jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}6100\"" |
-    jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" | \
+      jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" |
-    jq ".nodes[0].Settings.swapServerUrl = \"https://127.0.0.1:${SWAPSERVERPORT}\"" > /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp
+      jq ".nodes[0].Settings.swapServerUrl = \"https://127.0.0.1:${SWAPSERVERPORT}\"" >/mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp
    mv /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json
  fi
@ -546,25 +545,24 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  fi
  # only if 'purge' is an additional parameter (other instances/services might need this)
-  if [ "$(echo "$@" | grep -c purge)" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c purge)" -gt 0 ]; then
-    home/admin/config.scripts/bonus.rtl.sh uninstall
+    /home/admin/config.scripts/bonus.rtl.sh uninstall
-    if [ $LNTYPE = cl ];then
+    if [ $LNTYPE = cl ]; then
-      /home/admin/config.scripts/cl.rest.sh off ${CHAIN}
+      /home/admin/config.scripts/cl.rest.sh off ${CHAIN} purge
    fi
    echo "# Delete all configs"
    sudo rm -rf /mnt/hdd/app-data/rtl
  fi
  # close ports on firewall
-  sudo ufw deny "${RTLHTTP}"
+  sudo ufw delete allow "${RTLHTTP}"
-  sudo ufw deny $((RTLHTTP+1))
+  sudo ufw delete allow $((RTLHTTP + 1))
-  # needed for API/WebUI as signal that install ran thru 
+  # needed for API/WebUI as signal that install ran thru
  echo "result='OK'"
  exit 0
 fi
 if [ "$1" = "update" ]; then
  echo "# UPDATING RTL"
  cd /home/rtl/RTL || exit 1
@ -591,7 +589,7 @@ if [ "$1" = "update" ]; then
      # https://github.com/Ride-The-Lightning/RTL#or-update-existing-dependencies
      echo "# Running npm install ..."
      export NG_CLI_ANALYTICS=false
-      sudo -u rtl npm install --omit=dev
+      sudo -u rtl npm install --omit=dev --legacy-peer-deps
      if ! [ $? -eq 0 ]; then
        echo "# FAIL - npm install did not run correctly - deleting code and exit"
        sudo rm -r /home/rtl/RTL
@ -607,7 +605,7 @@ if [ "$1" = "update" ]; then
    sudo -u rtl git pull -p
    echo "# Running npm install ..."
    export NG_CLI_ANALYTICS=false
-    sudo -u rtl npm install --only=prod --logLevel warn
+    sudo -u rtl npm install --omit=dev --legacy-peer-deps
    if ! [ $? -eq 0 ]; then
      echo "# FAIL - npm install did not run correctly - deleting code and exit"
      sudo rm -r /home/rtl/RTL
@ -616,7 +614,10 @@ if [ "$1" = "update" ]; then
      echo "# OK - RTL install looks good"
      echo
    fi
-    currentRTLcommit=$(cd /home/rtl/RTL; git describe --tags)
+    currentRTLcommit=$(
      cd /home/rtl/RTL || exit 1
      git describe --tags
    )
    echo "# Updated RTL to $currentRTLcommit"
  else
    echo "# Unknown option: $updateOption"
--- a/home.admin/config.scripts/bonus.sphinxrelay.sh
+++ b/home.admin/config.scripts/bonus.sphinxrelay.sh
@ -107,7 +107,7 @@ iOS support is native, Android needs Orbot"
    text="${text}\n
 At the moment your Sphinx Relay Server is just available
 within the local network - without transport encryption.
-Local server for test & debug: ${publicURL}/app"#\n
+Local server for test & debug: ${publicURL}/app#\n
 To enable easy reachability from the outside consider
 adding a IP2TOR Bridge and reconnect:
 MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
@ -132,8 +132,7 @@ MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
 BUT TO MAKE THIS WORK:\n
 It needs an additional Domain with LetsEncrypt certificate for HTTPS: Go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain\n
 (or cancel the IP2Tor & just use sphinx within local network)"
-    whiptail --title " Warning " \
+    whiptail --title " Warning " --msgbox "${text}" 15 72
    --msgbox "${text}" 15 72
    exit 0
  fi
--- a/home.admin/config.scripts/bonus.suez.sh
+++ b/home.admin/config.scripts/bonus.suez.sh
@ -33,17 +33,17 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  cd /home/bitcoin || exit 1
-  # dependency
+  # poetry
-  sudo -u bitcoin curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py\
+  sudo pip3 install --upgrade pip
-    | sudo -u bitcoin python -
+  sudo pip3 install poetry
  # download source code
  sudo -u bitcoin git clone https://github.com/prusnak/suez.git
  cd suez || exit 1
  sudo -u bitcoin git reset --hard $SUEZVERSION
  sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
-   "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
+    "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
+  sudo -u bitcoin poetry install
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set suez "on"
@ -74,8 +74,8 @@ if [ "$1" = "update" ]; then
  echo "# UPDATE SUEZ"
  cd /home/bitcoin || exit 1
  # dependency
-  sudo -u bitcoin curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py\
+  sudo pip3 install --upgrade pip
-    | sudo -u bitcoin python -
+  sudo pip3 install poetry
  # download source code
  if [ -d suez ]; then
    sudo -u bitcoin git clone https://github.com/prusnak/suez.git
@ -83,8 +83,8 @@ if [ "$1" = "update" ]; then
  cd suez || exit 1
  sudo -u bitcoin git pull
  sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
-   "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
+    "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
+  sudo -u bitcoin poetry install
  echo "# Updated to the latest in https://github.com/prusnak/suez/commits/master"
  exit 0
 fi
--- a/home.admin/config.scripts/bonus.tallycoin-connect.sh
+++ b/home.admin/config.scripts/bonus.tallycoin-connect.sh
@ -8,7 +8,7 @@ HOME_DIR=/home/$USERNAME
 CONFIG_FILE=$APP_DATA_DIR/tallycoin_api.key
 RASPIBLITZ_INFO=/home/admin/raspiblitz.info
 SERVICE_FILE=/etc/systemd/system/tallycoin-connect.service
-TC_VERSION=1.7.5
+TC_VERSION=1.8.0
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
--- a/home.admin/config.scripts/bonus.telegraf.sh
+++ b/home.admin/config.scripts/bonus.telegraf.sh
@ -68,6 +68,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # 
  # changed according suggestion from @frennkie in #1501
  echo "deb https://repos.influxdata.com/debian ${DISTRIB_ID} stable" | sudo tee -a /etc/apt/sources.list.d/influxdb.list >/dev/null
  #
  # as the key is untrusted, this is a dirty fix
  sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D8FF8E1F7DF8B07E
  sudo apt-get update
  sudo apt-get install -y telegraf
@ -77,6 +80,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  #
  # enable telegraf as admin for lnd
  sudo usermod telegraf -a -G lndadmin
  #
  # add telegraf to sudoers (for later application with smartmontools)
  sudo usermod telegraf -a -G sudo
  # stop telegraf service
  sudo systemctl stop telegraf.service
@ -84,7 +90,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "*** telegraf installation: copying telegraf config templates"
  # copy custom "telegraf.conf" template to the telegraf target dir
  # the telegraf inputs part goes into telegraf.d subdir
-  # this split into "telegraf.conf" and "telegraf.d/teöegraf_inputs.conf" is necessary
+  # this split into "telegraf.conf" and "telegraf.d/telegraf_inputs.conf" is necessary
  # as the the [[inputs.***]] part contains lines with the keywords
  # "urls", "database", "username" "password"
  # so the sed-replacement-part would get confused
--- a/home.admin/config.scripts/bonus.template.sh
+++ b/home.admin/config.scripts/bonus.template.sh
@ -202,7 +202,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "# download the source code & verify"
  sudo -u ${APPID} git clone ${GITHUB_REPO} /home/${APPID}/${APPID}
  cd /home/${APPID}/${APPID}
-  sudo -u ${APPID} git reset --hard $GITHUB_TAG
+  if [ "${GITHUB_TAG}" != "" ]; then
    sudo -u ${APPID} git reset --hard $GITHUB_TAG
  fi
  if [ "${GITHUB_SIGN_AUTHOR}" != "" ]; then
    sudo -u ${APPID} /home/admin/config.scripts/blitz.git-verify.sh \
     "${GITHUB_SIGN_AUTHOR}" "${GITHUB_SIGN_PUBKEYLINK}" "${GITHUB_SIGN_FINGERPRINT}" "${GITHUB_TAG}" || exit 1
@ -237,6 +239,7 @@ Wants=bitcoind
 After=bitcoind
 [Service]
 WorkingDirectory=/home/${APPID}
 Environment=\"HOME_PATH=/mnt/hdd/app-data/${APPID}\"
 ExecStartPre=-/home/admin/config.scripts/bonus.${APPID}.sh prestart
 ExecStart=/usr/bin/node /home/${APPID}/${APPID}/${APPID}
@ -327,10 +330,17 @@ server {
  # mark app as installed in raspiblitz config
  /home/admin/config.scripts/blitz.conf.sh set ${APPID} "on"
-  # start app up thru systemd
+  # enable app up thru systemd
  sudo systemctl enable ${APPID}
-  sudo systemctl start ${APPID}
+  echo "# OK - the ${APPID}.service is now enabled"
-  echo "# OK - the ${APPID}.service is now enabled & started"
+
  # start app (only when blitz is ready)
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    sudo systemctl start ${APPID}
    echo "# OK - the ${APPID}.service is now started"
  fi
  echo "# Monitor with: sudo journalctl -f -u ${APPID}"
  exit 0
@ -422,6 +432,9 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  sudo ufw deny "${PORT_CLEAR}"
  sudo ufw deny "${PORT_SSL}"
  echo "# delete user"
  sudo userdel -rf ${APPID}
  echo "# removing Tor hidden service (if active)"
  /home/admin/config.scripts/tor.onion-service.sh off ${APPID}
--- a/home.admin/config.scripts/cl-plugin.backup.sh
+++ b/home.admin/config.scripts/cl-plugin.backup.sh
@ -1,6 +1,6 @@
 #!/bin/bash
-function help(){
+function help() {
  echo
  echo "Install the backup plugin for Core Lightning"
  echo "Replicates the lightningd.sqlite3 database on the SDcard"
@ -16,11 +16,10 @@ function help(){
 }
 # https://github.com/lightningd/plugins/commits/master/backup
-# use the version beore the migration to poetry
+pinnedVersion="30003279e35e5931fc85d7e6211ea4de6f9554d7"
 pinnedVersion="4d3560b129b12cba0381fff0b1e30ac32ef84106"
 # command info
-if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ];then
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  help
 fi
@ -38,25 +37,32 @@ function install() {
  sudo -u bitcoin git pull
  sudo -u bitcoin git reset --hard ${pinnedVersion} || exit 1
-  if [ $($lightningcli_alias plugin list 2>/dev/null | grep -c "${plugin}") -eq 0 ];then
+  if [ $($lightningcli_alias plugin list 2>/dev/null | grep -c "/${plugin}") -eq 0 ]; then
    echo "# Checking dependencies"
-    sudo -u bitcoin pip install --user -r ${plugindir}/${plugin}/requirements.txt 1>/dev/null
+    # upgrade pip
-      if [ $(echo $PATH | grep -c "/home/bitcoin/.local/bin") -eq 0 ];then
+    sudo pip3 install --upgrade pip
-        export PATH=$PATH:/home/bitcoin/.local/bin
+
-        echo "PATH=\$PATH:/home/bitcoin/.local/bin" | sudo tee -a /etc/profile
+    # pip dependencies
-      fi
+    sudo -u bitcoin pip3 install pyln-client tqdm
    # poetry
    sudo pip3 install poetry || exit 1
    cd ${plugindir}/backup/ || exit 1
    sudo -u bitcoin poetry install
    sudo chmod +x ${plugindir}/${plugin}/${plugin}.py
    # symlink to the default plugin dir
-    if [ ! -L /home/bitcoin/${netprefix}cl-plugins-enabled/backup.py ];then
+    if [ ! -L /home/bitcoin/${netprefix}cl-plugins-enabled/backup.py ]; then
      sudo ln -s ${plugindir}/backup/backup.py \
-                 /home/bitcoin/${netprefix}cl-plugins-enabled/
+        /home/bitcoin/${netprefix}cl-plugins-enabled/
    fi
  else
    echo "# The ${plugin} plugin is already loaded"
  fi
 }
-if [ "$1" = on ];then
+if [ "$1" = on ]; then
  install
@ -64,27 +70,30 @@ if [ "$1" = on ];then
  sudo systemctl stop ${netprefix}lightningd
  # don't overwrite old backup
-  if [ -f /home/bitcoin/${netprefix}lightningd.sqlite3.backup ];then
+  if [ -f /home/bitcoin/${netprefix}lightningd.sqlite3.backup ]; then
    echo "# Backup the existing old backup on the SDcard"
    now=$(date +"%Y_%m_%d_%H%M%S")
    sudo mv /home/bitcoin/${netprefix}lightningd.sqlite3.backup \
-            /home/bitcoin/${netprefix}lightningd.sqlite3.backup.${now} || exit 1
+      /home/bitcoin/${netprefix}lightningd.sqlite3.backup.${now} || exit 1
  fi
  # always re-init plugin
-  if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/backup.lock; then
+  if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/backup.lock 2>/dev/null; then
    sudo rm /home/bitcoin/.lightning/${CLNETWORK}/backup.lock
  fi
  # https://github.com/lightningd/plugins/tree/master/backup#setup
  echo "# Initialize the backup plugin"
-  sudo -u bitcoin ${plugindir}/backup/backup-cli init\
+  cd ${plugindir}/backup/ || exit 1
-   --lightning-dir /home/bitcoin/.lightning/${CLNETWORK} \
+  sudo -u bitcoin poetry run ./backup-cli init --lightning-dir /home/bitcoin/.lightning/${CLNETWORK} \
-   file:///home/bitcoin/${netprefix}lightningd.sqlite3.backup
+    file:///home/bitcoin/${netprefix}lightningd.sqlite3.backup
  if [ $(crontab -u admin -l | grep -c "backup-compact $CHAIN") -eq 0 ]; then
    echo "Add weekly backup-compact as a cronjob"
    cronjob="@weekly /home/admin/config.scripts/cl-plugin.backup.sh backup-compact $CHAIN"
-    (crontab -u admin -l; echo "$cronjob" ) | crontab -u admin -
+    (
      crontab -u admin -l
      echo "$cronjob"
    ) | crontab -u admin -
  fi
  echo "# The crontab for admin now is:"
  crontab -u admin -l
@ -96,19 +105,21 @@ if [ "$1" = on ];then
    echo "# Started the ${netprefix}lightningd.service"
  fi
-
+elif
-elif [ "$1" = off ]; then
+  [ "$1" = off ]
 then
  echo "# Removing the backup plugin"
  sudo rm -f /home/bitcoin/${netprefix}cl-plugins-enabled/backup.py
  echo "# Backup the existing old backup on the SDcard"
  now=$(date +"%Y_%m_%d_%H%M%S")
  sudo mv /home/bitcoin/${netprefix}lightningd.sqlite3.backup \
-            /home/bitcoin/${netprefix}lightningd.sqlite3.backup.${now}
+    /home/bitcoin/${netprefix}lightningd.sqlite3.backup.${now}
  echo "# Removing the backup.lock file"
-  sudo rm -f  /home/bitcoin/.lightning/${CLNETWORK}/backup.lock
+  sudo rm -f /home/bitcoin/.lightning/${CLNETWORK}/backup.lock
-
+elif
-elif [ "$1" = restore ];then
+  [ "$1" = restore ]
 then
  install
@ -118,21 +129,22 @@ elif [ "$1" = restore ];then
    sudo systemctl stop ${netprefix}lightningd
    # https://github.com/lightningd/plugins/tree/master/backup#restoring-a-backup
-    # ./backup-cli restore file:///mnt/external/location ~/.lightning/bitcoin/lightningd.sqlite3
+    # poetry run ./backup-cli restore file:///mnt/external/location ~/.lightning/bitcoin/lightningd.sqlite3
    # make sure to not overwrite old database
-    if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3;then
+    if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3; then
      now=$(date +"%Y_%m_%d_%H%M%S")
      echo "# Backup the existing old database on the disk"
      sudo cp /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3 \
-              /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3.backup.${now} || exit 1
+        /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3.backup.${now} || exit 1
-      if [ "$(echo "$@" | grep -c "force")" -gt 0 ];then
+      if [ "$(echo "$@" | grep -c "force")" -gt 0 ]; then
        sudo rm /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3
      fi
    fi
    # restore
-    sudo -u bitcoin ${plugindir}/backup/backup-cli restore \
+    cd ${plugindir}/backup/ || exit 1
    sudo -u bitcoin poetry run ./backup-cli restore \
      file:///home/bitcoin/${netprefix}lightningd.sqlite3.backup \
      /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3
@ -143,8 +155,9 @@ elif [ "$1" = restore ];then
    fi
  fi
-
+elif
-elif [ "$1" = backup-compact ];then
+  [ "$1" = backup-compact ]
 then
  # https://github.com/lightningd/plugins/tree/master/backup#performing-backup-compaction
  dbPath="/home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3"
  backupPath="/home/bitcoin/${netprefix}lightningd.sqlite3.backup"
@ -154,7 +167,7 @@ elif [ "$1" = backup-compact ];then
    echo "$dbSize MB $dbPath"
    backupSize=$(sudo du -m "${backupPath}" | awk '{print $1}')
    echo "$backupSize MB $backupPath"
-    if [ "$backupSize" -gt $((dbSize+200)) ] ; then
+    if [ "$backupSize" -gt $((dbSize + 200)) ]; then
      echo "# The backup is 200MB+ larger than the db, running '${netprefix}lightning-cli backup-compact' ..."
      $lightningcli_alias backup-compact
    else
--- a/home.admin/config.scripts/cl-plugin.cln-grpc.sh
+++ b/home.admin/config.scripts/cl-plugin.cln-grpc.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # command info
-if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ];then
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo
  echo "Install the cln-grpc plugin for CLN"
  echo "Usage:"
@ -31,10 +31,12 @@ function buildGRPCplugin() {
  echo "# - Build the cln-grpc plugin"
  if [ ! -f /home/bitcoin/cl-plugins-available/cln-grpc ]; then
    # check if the source code is present
-    if [ ! -d /home/bitcoin/lightning/plugins/grpc-plugin ];then
+    if [ ! -d /home/bitcoin/lightning/plugins/grpc-plugin ]; then
      echo "# - install Core Lightning ..."
      /home/admin/config.scripts/cl.install.sh install || exit 1
    fi
    echo "# install dependencies"
    sudo apt-get install protobuf-compiler -y
    echo "# rust for cln-grpc, includes rustfmt"
    sudo -u bitcoin curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u bitcoin sh -s -- -y
    cd /home/bitcoin/lightning/plugins/grpc-plugin || exit 1
@ -61,7 +63,7 @@ function switchOn() {
    # symlink to plugin directory
    echo "# symlink cln-grpc to /home/bitcoin/${netprefix}cl-plugins-enabled/"
    # delete old symlink
-    sudo rm /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc
+    sudo rm -f /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc
    sudo ln -s /home/bitcoin/cl-plugins-available/cln-grpc /home/bitcoin/${netprefix}cl-plugins-enabled/
    # blitz.conf.sh set [key] [value] [?conffile] <noquotes>
@ -102,7 +104,7 @@ elif [ "$1" = on ]; then
 elif [ "$1" = off ]; then
  sed -i "/^grpc-port/d" "${CLCONF}"
  sudo rm -rf /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc
-  if [ "$(echo "$@" | grep -c purge)" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c purge)" -gt 0 ]; then
    sudo rm -rf /home/bitcoin/cl-plugins-available/cln-grpc
  fi
  /home/admin/config.scripts/blitz.conf.sh set "${netprefix}clnGRPCport" "off"
@ -113,7 +115,7 @@ elif [ "$1" = off ]; then
  exit 0
 elif [ "$1" = update ]; then
-  if [ "$(echo "$@" | grep -c source)" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c source)" -gt 0 ]; then
    cd /home/bitcoin/lightning/ || exit 1
    sudo -u bitcoin git pull
  fi
--- a/home.admin/config.scripts/cl-plugin.standard-python.sh
+++ b/home.admin/config.scripts/cl-plugin.standard-python.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # command info
-if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ];then
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo
  echo "Install and show the output of the chosen plugin for Core Lightning"
  echo "Usage:"
@ -16,7 +16,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ];then
  exit 1
 fi
-if [ "$1" = "on" ];then
+if [ "$1" = "on" ]; then
  source <(/home/admin/config.scripts/network.aliases.sh getvars cl $3)
@ -29,27 +29,27 @@ if [ "$1" = "on" ];then
  fi
  # enable
-  if [ "$(echo "$@" | grep -c "persist")" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c "persist")" -gt 0 ]; then
-    if [ ! -L /home/bitcoin/${netprefix}cl-plugins-enabled/${plugin}.py ];then
+    if [ ! -L /home/bitcoin/${netprefix}cl-plugins-enabled/${plugin}.py ]; then
      echo "# Symlink to /home/bitcoin/${netprefix}cl-plugins-enabled"
      sudo ln -s /home/bitcoin/cl-plugins-available/plugins/${plugin}/${plugin}.py \
-                 /home/bitcoin/${netprefix}cl-plugins-enabled
+        /home/bitcoin/${netprefix}cl-plugins-enabled
-      
+
      source <(/home/admin/_cache.sh get state)
      if [ "${state}" == "ready" ]; then
        echo "# Restart the ${netprefix}lightningd.service to activate the ${plugin} plugin"
        sudo systemctl restart ${netprefix}lightningd
      fi
    fi
-  
+
  else
-    if [ $($lightningcli_alias | grep -c "${plugin}") -eq 0 ];then
+    if [ $($lightningcli_alias | grep -c "/${plugin}") -eq 0 ]; then
      echo "# Just start the ${plugin} plugin"
      sudo -u bitcoin pip install -r /home/bitcoin/cl-plugins-available/plugins/${plugin}/requirements.txt
      $lightningcli_alias plugin start /home/bitcoin/cl-plugins-available/plugins/${plugin}/${plugin}.py
    fi
  fi
-  
+
  echo
  echo "Node URI:"
  ln_getinfo=$($lightningcli_alias -H getinfo 2>/dev/null)
@ -60,12 +60,12 @@ if [ "$1" = "on" ];then
  echo
  echo "# Running:"
  echo "${netprefix}lightning-cli ${plugin}"
-  echo 
+  echo
  $lightningcli_alias ${plugin}
  echo
-  if [ "$(echo "$@" | grep -c "runonce")" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c "runonce")" -gt 0 ]; then
    $lightningcli_alias plugin stop /home/bitcoin/cl-plugins-available/plugins/${plugin}/${plugin}.py
  fi
-fi
+fi
--- a/home.admin/config.scripts/cl.backup.sh
+++ b/home.admin/config.scripts/cl.backup.sh
@ -188,9 +188,9 @@ if [ ${mode} = "cl-export-gui" ]; then
  echo "*******************************************"
  echo 
  echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
-  echo "sftp '${fileowner}@${localip}:${filename}' ./"
+  echo "scp '${fileowner}@${localip}:${filename}' ./"
  echo "ON WINDOWS - RUN IN CMD:"
-  echo "sftp ${fileowner}@${localip}:${filename} ."
+  echo "scp ${fileowner}@${localip}:${filename} ."
  echo
  echo "Use password A to authenticate file transfer."
  echo "Check for correct file size after transfer: ${size} byte"
@ -291,7 +291,7 @@ if [ ${mode} = "cl-import-gui" ]; then
      echo "To make upload open a new terminal on your laptop,"
      echo "change into the directory where your cl-rescue file is and"
      echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp -r ./cl-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp -r ./cl-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
      echo
      echo "Use ${passwordInfo} to authenticate file transfer."
      echo "PRESS ENTER when upload is done"
--- a/home.admin/config.scripts/cl.install.sh
+++ b/home.admin/config.scripts/cl.install.sh
@ -2,19 +2,23 @@
 # https://lightning.readthedocs.io/
 # https://github.com/ElementsProject/lightning/releases
-CLVERSION=v22.11.1
+CLVERSION=v23.02.2
 # install the latest master by using the last commit id
 # https://github.com/ElementsProject/lightning/commit/master
 # CLVERSION="063366ed7e3b7cc12a8d1681acc2b639cf07fa23"
 # PGPsigner="endothermicdev"
 # PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
 # PGPpubkeyFingerprint="8F55EE750D950E3E"
 # https://github.com/ElementsProject/lightning/tree/master/contrib/keys
-PGPsigner="cdecker" # rustyrussel D9200E6CD1ADB8F1 # cdecker A26D6D9FE088ED58 # niftynei BFF0F67810C1EED1
+PGPsigner="rustyrussell" # rustyrussell D9200E6CD1ADB8F1 # cdecker A26D6D9FE088ED58 # niftynei BFF0F67810C1EED1 # endothermicdev 8F55EE750D950E3E
 PGPpubkeyLink="https://raw.githubusercontent.com/ElementsProject/lightning/master/contrib/keys/${PGPsigner}.txt"
-PGPpubkeyFingerprint="A26D6D9FE088ED58"
+PGPpubkeyFingerprint="D9200E6CD1ADB8F1"
 # help
-if [ $# -eq 0 ]||[ "$1" = "-h" ]||[ "$1" = "--help" ];then
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo
  echo "Core Lightning install script"
  echo "The default version is: ${CLVERSION}"
@ -30,30 +34,28 @@ if [ $# -eq 0 ]||[ "$1" = "-h" ]||[ "$1" = "--help" ];then
  exit 1
 fi
-function installDependencies()
+function installDependencies() {
 {
  echo "- installDependencies()"
  # from https://lightning.readthedocs.io/INSTALL.html#to-build-on-ubuntu
  sudo apt-get install -y \
-   autoconf automake build-essential git libtool libgmp-dev \
+    autoconf automake build-essential git libtool libgmp-dev \
-   libsqlite3-dev python3 net-tools zlib1g-dev libsodium-dev \
+    libsqlite3-dev python3 net-tools zlib1g-dev libsodium-dev \
-   gettext
+    gettext
  # additional requirements
  sudo apt-get install -y postgresql libpq-dev
  # upgrade pip
  sudo pip3 install --upgrade pip
  sudo -u bitcoin pip install mako
  # poetry
-  sudo -u bitcoin pip3 install --user poetry
+  sudo pip3 install poetry
-  if ! grep -Eq '^PATH="$HOME/.local/bin:$PATH"' /mnt/hdd/raspiblitz.conf; then
+  if ! grep -Eq '^PATH="$HOME/.local/bin:$PATH"' /home/bitcoin/.profile; then
    echo 'PATH="$HOME/.local/bin:$PATH"' | sudo tee -a /home/bitcoin/.profile
  fi
  export PATH="home/bitcoin/.local/bin:$PATH"
-  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
+  sudo -u bitcoin poetry install
 }
-function buildAndInstallCLbinaries()
+function buildAndInstallCLbinaries() {
 {
  echo "- Configuring EXPERIMENTAL_FEATURES enabled"
  echo
  sudo -u bitcoin ./configure --enable-experimental-features
@ -74,7 +76,7 @@ echo "# Running: 'cl.install.sh $*'"
 if [ "$1" = "update" ] && [ $# -gt 1 ]; then
  CLVERSION=$2
  if curl --output /dev/null --silent --head --fail \
-   https://github.com/ElementsProject/lightning/releases/tag/${CLVERSION};then
+    https://github.com/ElementsProject/lightning/releases/tag/${CLVERSION}; then
    echo "# OK version exists at https://github.com/ElementsProject/lightning/releases/tag/${CLVERSION}"
  else
    echo "# ${CLVERSION} does not exist"
@ -86,15 +88,15 @@ fi
 # check for PR if testPR
 if [ "$1" = "testPR" ]; then
-    if [ $# -gt 1 ]; then
+  if [ $# -gt 1 ]; then
-      PRnumber=$2
+    PRnumber=$2
-    else
+  else
-      echo "# Need PRnumber as the second paramater"
+    echo "# Need PRnumber as the second paramater"
-    fi
+  fi
-    echo "# Using the PR:"
+  echo "# Using the PR:"
-    echo "# https://github.com/ElementsProject/lightning/pull/${PRnumber}"
+  echo "# https://github.com/ElementsProject/lightning/pull/${PRnumber}"
  if curl --output /dev/null --silent --head --fail \
-   https://github.com/ElementsProject/lightning/pull/${PRnumber};then
+    https://github.com/ElementsProject/lightning/pull/${PRnumber}; then
    echo "# OK the PR exists at https://github.com/ElementsProject/lightning/pull/${PRnumber}"
    echo "# Press ENTER to proceed to install Core Lightning with the PR ${PRnumber} or CTRL+C to abort."
    read key
@ -116,68 +118,9 @@ if [ "$1" = "install" ]; then
  # check if the binary is already installed
  if [ -f /usr/local/bin/lightningd ]; then
    echo "Core Lightning binary already installed - done"
-    exit 1
+    exit 0
  fi
 ## Download and verify zip
 #  # prepare download dir
 #  sudo rm -rf /home/bitcoin/download
 #  sudo -u bitcoin mkdir -p /home/bitcoin/download
 #  cd /home/bitcoin/download || exit 1
 #
 #  sudo -u bitcoin wget -O "pgp_keys.asc" ${PGPpubkeyLink}
 #  sudo -u bitcoin gpg --import --import-options show-only ./pgp_keys.asc
 #  fingerprint=$(gpg "pgp_keys.asc" 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
 #  if [ ${fingerprint} -lt 1 ]; then
 #    echo
 #    echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}"
 #    echo "Should contain PGP: ${PGPpubkeyFingerprint}"
 #    echo "PRESS ENTER to TAKE THE RISK if you think all is OK"
 #    read key
 #  fi
 #  sudo -u bitcoin gpg --import ./pgp_keys.asc
 #
 #  sudo -u bitcoin wget https://github.com/ElementsProject/lightning/releases/download/${CLVERSION}/SHA256SUMS
 #  sudo -u bitcoin wget https://github.com/ElementsProject/lightning/releases/download/${CLVERSION}/SHA256SUMS.asc
 #
 #  verifyResult=$(LANG=en_US.utf8; sudo -u bitcoin gpg --verify SHA256SUMS.asc 2>&1)
 #
 #  goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
 #  echo "goodSignature(${goodSignature})"
 #  correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${PGPpubkeyFingerprint}" -c)
 #  echo "correctKey(${correctKey})"
 #  if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
 #    echo
 #    echo "# DOWNLOAD FAILED --> PGP verification not OK / signature(${goodSignature}) verify(${correctKey})"
 #    exit 1
 #  else
 #    echo
 #    echo "****************************************************************"
 #    echo "OK --> the PGP signature of the Core Lightning SHA256SUMS is correct"
 #    echo "****************************************************************"
 #    echo
 #  fi
 #
 #  sudo -u bitcoin wget https://github.com/ElementsProject/lightning/releases/download/${CLVERSION}/clightning-${CLVERSION}.zip
 #
 #  hashCheckResult=$(sha256sum -c SHA256SUMS 2>&1)
 #  goodHash=$(echo ${hashCheckResult} | grep 'OK' -c)
 #  echo "goodHash(${goodHash})"
 #  if [ ${goodHash} -lt 1 ]; then
 #    echo
 #    echo "# BUILD FAILED --> Hash check not OK"
 #    exit 1
 #  else
 #    echo
 #    echo "********************************************************************"
 #    echo "OK --> the hash of the downloaded Core Lightning source code is correct"
 #    echo "********************************************************************"
 #    echo
 #  fi
 #
 #  sudo -u bitcoin unzip clightning-${CLVERSION}.zip
 #  cd clightning-${CLVERSION} || exit 1
  # download and verify the source from github
  cd /home/bitcoin || exit 1
  echo
@ -190,7 +133,7 @@ if [ "$1" = "install" ]; then
  sudo -u bitcoin git reset --hard ${CLVERSION}
  sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
-   "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${CLVERSION}" || exit 1
+    "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${CLVERSION}" || exit 1
  installDependencies
@ -220,7 +163,7 @@ source /home/admin/raspiblitz.info
 source /mnt/hdd/raspiblitz.conf
 TORGROUP="debian-tor"
-if [ "$1" = update ]||[ "$1" = testPR ];then
+if [ "$1" = update ] || [ "$1" = testPR ]; then
  source <(/home/admin/config.scripts/network.aliases.sh getvars cl mainnet)
 else
  source <(/home/admin/config.scripts/network.aliases.sh getvars cl $2)
@ -228,7 +171,7 @@ fi
 echo "# Using the settings for: ${network} ${CHAIN}"
-if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
+if [ "$1" = on ] || [ "$1" = update ] || [ "$1" = testPR ]; then
  if [ "${CHAIN}" == "testnet" ] && [ "${testnet}" != "on" ]; then
    echo "# before activating testnet on cl, first activate testnet on bitcoind"
@ -242,14 +185,14 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
    exit 1
  fi
-  if [ "$1" = "update" ]||[ "$1" = "testPR" ];then
+  if [ "$1" = "update" ] || [ "$1" = "testPR" ]; then
    echo "# apt update"
    echo
    sudo apt-get update
    cd /home/bitcoin || exit 1
-    if [ "$1" = "update" ]||[ "$1" = "testPR" ];then
+    if [ "$1" = "update" ] || [ "$1" = "testPR" ]; then
      echo
      echo "# Deleting the old source code"
      sudo rm -rf lightning
@ -262,7 +205,7 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
    echo
    if [ "$1" = "update" ]; then
-      if [ $# -gt 1 ];then
+      if [ $# -gt 1 ]; then
        CLVERSION=$2
        echo "# Installing the version ${CLVERSION}"
        sudo -u bitcoin git reset --hard ${CLVERSION}
@ -284,8 +227,10 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
    installDependencies
-    currentCLversion=$(cd /home/bitcoin/lightning 2>/dev/null; \
+    currentCLversion=$(
-    git describe --tags 2>/dev/null)
+      cd /home/bitcoin/lightning 2>/dev/null
      git describe --tags 2>/dev/null
    )
    echo "# Building from source Core Lightning $currentCLversion"
    buildAndInstallCLbinaries
@ -296,7 +241,7 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
  ##########
  # make sure binary is installed (will skip if already done)
-  /home/admin/config.scripts/cl.install.sh install
+  /home/admin/config.scripts/cl.install.sh install || exit 1
  echo "# Make sure bitcoin is in the ${TORGROUP} group"
  sudo usermod -a -G ${TORGROUP} bitcoin
@ -313,11 +258,11 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
  sudo mkdir -p /mnt/hdd/app-data/.lightning
  sudo ln -s /mnt/hdd/app-data/.lightning /home/bitcoin/
-  if [ ${CLNETWORK} != "bitcoin" ] && [ ! -d /home/bitcoin/.lightning/${CLNETWORK} ] ;then
+  if [ ${CLNETWORK} != "bitcoin" ] && [ ! -d /home/bitcoin/.lightning/${CLNETWORK} ]; then
    sudo -u bitcoin mkdir /home/bitcoin/.lightning/${CLNETWORK}
  fi
-  if ! sudo ls ${CLCONF};then
+  if ! sudo ls ${CLCONF}; then
    echo "# Create ${CLCONF}"
    echo "# lightningd configuration for ${network} ${CHAIN}
@ -364,7 +309,9 @@ always-use-proxy=true
  #############
  echo
  echo "# Set logrotate for ${netprefix}lightningd"
-  sudo -u bitcoin mkdir /home/bitcoin/.lightning/${CLNETWORK}/cl.log_old
+  if ! sudo ls /home/bitcoin/.lightning/${CLNETWORK}/cl.log_old; then
    sudo -u bitcoin mkdir /home/bitcoin/.lightning/${CLNETWORK}/cl.log_old
  fi
  echo "\
 /home/bitcoin/.lightning/${CLNETWORK}/cl.log
 {
@ -376,10 +323,6 @@ always-use-proxy=true
        notifempty
        nocompress
        sharedscripts
        # We don't need to kill as we use copytruncate
        #postrotate
        #        kill -HUP \`cat /run/lightningd/lightningd.pid\'
        #endscript
        su bitcoin bitcoin
 }" | sudo tee /etc/logrotate.d/${netprefix}lightningd
  # debug:
@ -387,7 +330,7 @@ always-use-proxy=true
  echo
  sudo -u admin touch /home/admin/_aliases
-  if ! grep -Eq "${netprefix}lightning-cli" /home/admin/_aliases; then
+  if ! grep -Eq "^alias ${netprefix}lightning-cli" /home/admin/_aliases; then
    echo "# Adding aliases"
    echo "\
 alias ${netprefix}lightning-cli=\"sudo -u bitcoin /usr/local/bin/lightning-cli\
@ -396,8 +339,7 @@ alias ${netprefix}cl=\"sudo -u bitcoin /usr/local/bin/lightning-cli\
 --conf=${CLCONF}\"
 alias ${netprefix}cllog=\"sudo\
 tail -n 30 -f /home/bitcoin/.lightning/${CLNETWORK}/cl.log\"
-alias ${netprefix}clconf=\"sudo\
+alias ${netprefix}clconf=\"sudo nano ${CLCONF}\"
 nano ${CLCONF}\"
 " | sudo tee -a /home/admin/_aliases
    sudo chown admin:admin /home/admin/_aliases
  fi
@ -418,20 +360,21 @@ alias ${netprefix}clconf=\"sudo\
  # setting values in the raspiblitz.conf
  /home/admin/config.scripts/blitz.conf.sh set ${netprefix}cl on
  # blitz.conf.sh needs sudo access - cannot be run in cl.check.sh
-  if [ ! -f /home/bitcoin/${netprefix}cl-plugins-enabled/sparko ];then
+  if [ ! -f /home/bitcoin/${netprefix}cl-plugins-enabled/sparko ]; then
    /home/admin/config.scripts/blitz.conf.sh set ${netprefix}sparko "off"
  fi
-  if [ ! -f /home/bitcoin/cl-plugins-enabled/c-lightning-http-plugin ];then
+  if [ ! -f /home/bitcoin/cl-plugins-enabled/c-lightning-http-plugin ]; then
    /home/admin/config.scripts/blitz.conf.sh set clHTTPplugin "off"
  fi
  if [ ! -f /home/bitcoin/${netprefix}cl-plugins-enabled/feeadjuster.py ]; then
    /home/admin/config.scripts/blitz.conf.sh set ${netprefix}feeadjuster "off"
  fi
-  if [ ! -f /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc ];then
+  if [ ! -f /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc ]; then
    /home/admin/config.scripts/blitz.conf.sh set "${netprefix}clnGRPCport" "off"
  fi
  # if this is the first lightning mainnet turned on - make default
  [ "${lightning}" == "none" ] && lightning=""
  if [ "${CHAIN}" == "mainnet" ] && [ "${lightning}" == "" ]; then
    echo "# CL is now the default lightning implementation"
    /home/admin/config.scripts/blitz.conf.sh set lightning cl
@ -464,10 +407,9 @@ if [ "$1" = "display-seed" ]; then
    source ${seedwordFile}
    #echo "# seedwords(${seedwords})"
    #echo "# seedwords6x4(${seedwords6x4})"
-    if [ ${#seedwords6x4} -gt 0 ];then
+    if [ ${#seedwords6x4} -gt 0 ]; then
      ack=0
-      while [ ${ack} -eq 0 ]
+      while [ ${ack} -eq 0 ]; do
      do
        whiptail --title "Core Lightning ${displayNetwork} Wallet" \
          --msgbox "This is your Core Lightning ${displayNetwork} wallet seed. Store these numbered words in a safe location:\n\n${seedwords6x4}" 13 76
        whiptail --title "Please Confirm" --yes-button "Show Again" --no-button "CONTINUE" --yesno "  Are you sure that you wrote down the word list?" 8 55
@ -477,9 +419,9 @@ if [ "$1" = "display-seed" ]; then
      done
    else
      dialog \
-       --title "Core Lightning ${displayNetwork} Wallet" \
+        --title "Core Lightning ${displayNetwork} Wallet" \
-       --exit-label "exit" \
+        --exit-label "exit" \
-       --textbox "${seedwordFile}" 14 92
+        --textbox "${seedwordFile}" 14 92
    fi
  else
    # hsmFile="/home/bitcoin/.lightning/${CLNETWORK}/hsm_secret"
@ -489,14 +431,14 @@ if [ "$1" = "display-seed" ]; then
  exit 0
 fi
-if [ "$1" = "off" ];then
+if [ "$1" = "off" ]; then
  echo "# Removing the ${netprefix}lightningd.service"
  sudo systemctl disable ${netprefix}lightningd
  sudo systemctl stop ${netprefix}lightningd
  echo "# Removing the aliases"
  sudo sed -i "/${netprefix}lightning-cli/d" /home/admin/_aliases
  sudo sed -i "/${netprefix}cl/d" /home/admin/_aliases
-  if [ "$(echo "$@" | grep -c purge)" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c purge)" -gt 0 ]; then
    echo "# Removing the binaries"
    sudo rm -f /usr/local/bin/lightningd
    sudo rm -f /usr/local/bin/lightning-cli
--- a/home.admin/config.scripts/cl.rest.sh
+++ b/home.admin/config.scripts/cl.rest.sh
@ -1,18 +1,18 @@
 #!/bin/bash
 # https://github.com/Ride-The-Lightning/c-lightning-REST/releases/
-CLRESTVERSION="v0.9.0"
+CLRESTVERSION="v0.10.2"
 # help
-if [ $# -eq 0 ]||[ "$1" = "-h" ]||[ "$1" = "--help" ];then
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  echo
  echo "Core-Lightning-REST install script"
  echo "The default version is: $CLRESTVERSION"
  echo "mainnet | testnet | signet instances can run parallel"
  echo
  echo "Usage:"
-  echo "cl.rest.sh [on|off|connect] <mainnet|testnet|signet> [?key-value]"
+  echo "cl.rest.sh on <mainnet|testnet|signet>"
-  echo
+  echo "cl.rest.sh connect <mainnet|testnet|signet> [?key-value]"
  echo "cl.rest.sh off <mainnet|testnet|signet> <purge>"
  exit 1
 fi
@ -29,7 +29,7 @@ source <(/home/admin/config.scripts/network.aliases.sh getvars cl $2)
 echo "# Running 'cl.rest.sh $*'"
-if [ "$1" = connect ];then
+if [ "$1" = connect ]; then
  if ! systemctl is-active --quiet ${netprefix}clrest; then
    /home/admin/config.scripts/cl.rest.sh on ${CHAIN}
  fi
@ -58,74 +58,74 @@ if [ "$1" = connect ];then
  # deactivated
  function showStepByStepQR() {
-  clear
+    clear
-  echo
+    echo
-  sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
+    sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
-  echo "The Tor address is shown as a QRcode below and on the LCD"
+    echo "The Tor address is shown as a QRcode below and on the LCD"
-  echo "Scan it to your phone with a QR scanner app and paste it to: 'Host'"
+    echo "Scan it to your phone with a QR scanner app and paste it to: 'Host'"
-  echo
+    echo
-  echo "Host: ${toraddress}"
+    echo "Host: ${toraddress}"
-  echo "REST Port: 443"
+    echo "REST Port: 443"
-  echo
+    echo
-  qrencode -t ANSIUTF8 "${toraddress}"
+    qrencode -t ANSIUTF8 "${toraddress}"
-  echo
+    echo
-  echo
+    echo
-  echo "Alternatively to connect through the LAN the address is:"
+    echo "Alternatively to connect through the LAN the address is:"
-  echo "https://${localip}"
+    echo "https://${localip}"
-  echo "REST Port: ${portprefix}6100"
+    echo "REST Port: ${portprefix}6100"
-  echo
+    echo
-  echo "# Press enter to continue to show the Macaroon"
+    echo "# Press enter to continue to show the Macaroon"
-  read key
+    read key
-  sudo /home/admin/config.scripts/blitz.display.sh hide
+    sudo /home/admin/config.scripts/blitz.display.sh hide
-  sudo /home/admin/config.scripts/blitz.display.sh qr "${hex_macaroon}"
+    sudo /home/admin/config.scripts/blitz.display.sh qr "${hex_macaroon}"
-  clear
+    clear
-  echo
+    echo
-  echo "The Macaroon is shown as a QRcode below and on the LCD"
+    echo "The Macaroon is shown as a QRcode below and on the LCD"
-  echo "Scan it to your phone with a QR scanner app and paste it to: 'Macaroon (Hex format)'"
+    echo "Scan it to your phone with a QR scanner app and paste it to: 'Macaroon (Hex format)'"
-  echo
+    echo
-  echo "Macaroon: ${hex_macaroon}"
+    echo "Macaroon: ${hex_macaroon}"
-  echo
+    echo
-  qrencode -t ANSIUTF8 "${hex_macaroon}"
+    qrencode -t ANSIUTF8 "${hex_macaroon}"
-  echo
+    echo
-  echo "# Press enter to hide the QRcode from the LCD"
+    echo "# Press enter to hide the QRcode from the LCD"
-  read key
+    read key
-  sudo /home/admin/config.scripts/blitz.display.sh hide
+    sudo /home/admin/config.scripts/blitz.display.sh hide
-  exit 0
+    exit 0
  }
  function showClRestQr() {
-  # c-lightning-rest://http://your_hidden_service.onion:your_port?&macaroon=your_macaroon_file_in_HEX&protocol=http
+    # c-lightning-rest://http://your_hidden_service.onion:your_port?&macaroon=your_macaroon_file_in_HEX&protocol=http
-  clear
+    clear
-  echo
+    echo
-  sudo /home/admin/config.scripts/blitz.display.sh qr "${clresttor}"
+    sudo /home/admin/config.scripts/blitz.display.sh qr "${clresttor}"
-  echo "The string to connect over Tor is shown as a QRcode below and on the LCD"
+    echo "The string to connect over Tor is shown as a QRcode below and on the LCD"
-  echo "Scan it to Zeus using the c-lightning-REST option"
+    echo "Scan it to Zeus using the c-lightning-REST option"
-  echo
+    echo
-  echo "c-lightning-REST connection string:"
+    echo "c-lightning-REST connection string:"
-  echo "${clresttor}"
+    echo "${clresttor}"
-  echo
+    echo
-  qrencode -t ANSIUTF8 "${clresttor}"
+    qrencode -t ANSIUTF8 "${clresttor}"
-  echo
+    echo
-  echo "# Press enter to show the string to connect over LAN"
+    echo "# Press enter to show the string to connect over LAN"
-  read key
+    read key
-  sudo /home/admin/config.scripts/blitz.display.sh hide
+    sudo /home/admin/config.scripts/blitz.display.sh hide
-  sudo /home/admin/config.scripts/blitz.display.sh qr "${clrestlan}"
+    sudo /home/admin/config.scripts/blitz.display.sh qr "${clrestlan}"
-  clear
+    clear
-  echo
+    echo
-  echo "The string to connect over the local the network is shown as a QRcode below and on the LCD"
+    echo "The string to connect over the local the network is shown as a QRcode below and on the LCD"
-  echo "Scan it to Zeus using the c-lightning-REST option"
+    echo "Scan it to Zeus using the c-lightning-REST option"
-  echo "This will only work if your node si connected to the same network"
+    echo "This will only work if your node si connected to the same network"
-  echo "To connect reemotely consider using a VPN like ZeroTier or Tailscale"
+    echo "To connect reemotely consider using a VPN like ZeroTier or Tailscale"
-  echo
+    echo
-  echo "c-lightning-REST connection string:"
+    echo "c-lightning-REST connection string:"
-  echo "${clrestlan}"
+    echo "${clrestlan}"
-  echo
+    echo
-  qrencode -t ANSIUTF8 "${clrestlan}"
+    qrencode -t ANSIUTF8 "${clrestlan}"
-  echo
+    echo
-  echo "# Press enter to hide the QRcode from the LCD"
+    echo "# Press enter to hide the QRcode from the LCD"
-  read key
+    read key
-  sudo /home/admin/config.scripts/blitz.display.sh hide
+    sudo /home/admin/config.scripts/blitz.display.sh hide
-  exit 0
+    exit 0
  }
  showClRestQr
@ -138,14 +138,14 @@ if [ "$1" = on ]; then
  sudo systemctl stop ${netprefix}clrest
  sudo systemctl disable ${netprefix}clrest
-  if [ ! -f /home/bitcoin/c-lightning-REST/cl-rest.js ];then
+  if [ ! -f /home/bitcoin/c-lightning-REST/cl-rest.js ]; then
    cd /home/bitcoin || exit 1
    sudo -u bitcoin git clone https://github.com/saubyk/c-lightning-REST
    cd c-lightning-REST || exit 1
    sudo -u bitcoin git reset --hard $CLRESTVERSION
    sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
-     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${CLRESTVERSION}" || exit 1
+      "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${CLRESTVERSION}" || exit 1
    sudo -u bitcoin npm install
  fi
@ -163,10 +163,10 @@ if [ "$1" = on ]; then
    \"RPCCOMMANDS\": [\"*\"]
 }" | sudo -u bitcoin tee ./${CLNETWORK}/cl-rest-config.json
-  # copy clrest to a CLNETWORK subdor to make parallel networks possible
+  # copy clrest to a CLNETWORK subdir to make parallel networks possible
  sudo -u bitcoin mkdir /home/bitcoin/c-lightning-REST/${CLNETWORK}
  sudo -u bitcoin cp -r /home/bitcoin/c-lightning-REST/* \
-   /home/bitcoin/c-lightning-REST/${CLNETWORK}
+    /home/bitcoin/c-lightning-REST/${CLNETWORK}
  echo "
 # systemd unit for c-lightning-REST for ${CHAIN}
@ -209,7 +209,7 @@ WantedBy=multi-user.target
  echo
 fi
-if [ "$1" = off ];then
+if [ "$1" = off ]; then
  echo "# Removing c-lightning-REST for ${CHAIN}"
  sudo systemctl stop ${netprefix}clrest
  sudo systemctl disable ${netprefix}clrest
@ -217,7 +217,7 @@ if [ "$1" = off ];then
  echo "# Deny port ${portprefix}6100 through the firewall"
  sudo ufw deny "${portprefix}6100"
  /home/admin/config.scripts/tor.onion-service.sh off ${netprefix}clrest
-  if [ "$(echo "$@" | grep -c purge)" -gt 0 ];then
+  if [ "$(echo "$@" | grep -c purge)" -gt 0 ]; then
    echo "# Removing the source code and binaries"
    sudo rm -rf /home/bitcoin/c-lightning-REST
  fi
--- a/home.admin/config.scripts/internet.sh
+++ b/home.admin/config.scripts/internet.sh
@ -134,7 +134,7 @@ if [ ${runOnline} -eq 1 ]; then
  fi
  if [ ${online} -eq 0 ]; then
    # test with netcat to avoid firewall issues with ICMP packets
-    online=$(nc -v -z -w 8.8.8.8 53 &> /dev/null && echo "1" || echo "0")
+    online=$(nc -v -z -w 3 8.8.8.8 53 &> /dev/null && echo "1" || echo "0")
  fi
  if [ ${online} -eq 0 ]; then
    # re-test with other server
--- a/home.admin/config.scripts/lnd.backup.sh
+++ b/home.admin/config.scripts/lnd.backup.sh
@ -198,9 +198,9 @@ if [ ${mode} = "lnd-export-gui" ]; then
  echo "********************************"
  echo 
  echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
-  echo "sftp '${fileowner}@${localip}:${filename}' ./"
+  echo "scp '${fileowner}@${localip}:${filename}' ./"
  echo "ON WINDOWS - RUN IN CMD:"
-  echo "sftp ${fileowner}@${localip}:${filename} ."
+  echo "scp ${fileowner}@${localip}:${filename} ."
  echo "Use password A to authenticate file transfer."
  echo
  echo "Check for correct file size after transfer: ${size} byte"
@ -299,7 +299,7 @@ if [ ${mode} = "lnd-import-gui" ]; then
      echo "To make upload open a new terminal on your laptop,"
      echo "change into the directory where your lnd-rescue file is and"
      echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp -r ./lnd-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp -r ./lnd-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
      echo
      echo "Use ${passwordInfo} to authenticate file transfer."
      echo "PRESS ENTER when upload is done"
@ -413,7 +413,7 @@ if [ ${mode} = "scb-export-gui" ]; then
  echo "**************************************"
  echo 
  echo "RUN THE FOLLOWING COMMAND ON YOUR LAPTOP IN NEW TERMINAL:"
-  echo "sftp -r ${fileuser}@${localip}:${filename} ./"
+  echo "scp -r ${fileuser}@${localip}:${filename} ./"
  echo ""
  echo "Use password A to authenticate file transfer."
  echo
@ -492,7 +492,7 @@ if [ ${mode} = "scb-import-gui" ]; then
      echo "To make upload open a new terminal and change,"
      echo "into the directory where your lnd-rescue file is and"
      echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp ./channel.backup ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp ./channel.backup ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
      echo ""
      echo "Use ${passwordInfo} to authenticate file transfer."
      echo "PRESS ENTER when upload is done."
--- a/home.admin/config.scripts/lnd.export.sh
+++ b/home.admin/config.scripts/lnd.export.sh
@ -154,10 +154,10 @@ elif [ "${exportType}" = "sftp" ]; then
  echo "The password needed during download is your Password A."
  echo ""
  echo "Macaroons:"
-  echo "sftp bitcoin@${local_ip}:/home/bitcoin/.lnd/data/chain/${network}/${chain}net/\*.macaroon ./"
+  echo "scp bitcoin@${local_ip}:/home/bitcoin/.lnd/data/chain/${network}/${chain}net/\*.macaroon ./"
  echo ""
  echo "TLS Certificate:"
-  echo "sftp bitcoin@${local_ip}:/home/bitcoin/.lnd/tls.cert ./"
+  echo "scp bitcoin@${local_ip}:/home/bitcoin/.lnd/tls.cert ./"
  echo ""
 ###########################
--- a/home.admin/config.scripts/lnd.install.sh
+++ b/home.admin/config.scripts/lnd.install.sh
@ -4,17 +4,17 @@
 ## based on https://raspibolt.github.io/raspibolt/raspibolt_40_lnd.html#lightning-lnd
 ## see LND releases: https://github.com/lightningnetwork/lnd/releases
 ### If you change here - make sure to also change interims version in lnd.update.sh #!
-lndVersion="0.15.5-beta"
+lndVersion="0.16.0-beta"
 # olaoluwa
-PGPauthor="roasbeef"
+#PGPauthor="roasbeef"
-PGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"
+#PGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"
-PGPcheck="E4D85299674B2D31FAA1892E372CBD7633C61696"
+#PGPcheck="E4D85299674B2D31FAA1892E372CBD7633C61696"
 # guggero
-#PGPauthor="guggero"
+PGPauthor="guggero"
-#PGPpkeys="https://keybase.io/guggero/pgp_keys.asc"
+PGPpkeys="https://keybase.io/guggero/pgp_keys.asc"
-#PGPcheck="F4FC70F07310028424EFC20A8E4256593F177720"
+PGPcheck="F4FC70F07310028424EFC20A8E4256593F177720"
 # bitconner
 #PGPauthor="bitconner"
--- a/home.admin/config.scripts/lndlibs/README.md
+++ b/home.admin/config.scripts/lndlibs/README.md
@ -21,7 +21,7 @@ cp ./*.proto ./protobuffs
 Now copy the generated RPC libs per SFTP over to your Laptop and add them to the `/home/admin/config.scripts/lndlibs`.
-sftp -r admin@192.168.X.X:/home/admin/protobuffs ./protobuffs
+scp -r admin@192.168.X.X:/home/admin/protobuffs ./protobuffs
 Make sure the first lines (ignore comments) of the `lightning_pb2_grpc.py` look like the following for python3 compatibility:
 ```
--- a/home.admin/setup.scripts/dialogMigration.sh
+++ b/home.admin/setup.scripts/dialogMigration.sh
@ -55,7 +55,7 @@ if [ "${migrationOS}" == "raspiblitz" ]; then
      echo "ON YOUR LAPTOP open a new terminal and change into"
      echo "the directory where your migration file is and"
      echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp -r ./raspiblitz-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp -r ./raspiblitz-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
      echo ""
      echo "Use password 'raspiblitz' to authenticate file transfer."
      echo "PRESS ENTER when upload is done."