mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-02-25 07:07:46 +01:00
lnbits: run with separate user
This commit is contained in:
openoms
parent
dd6bce73a4
commit
20b916ed93
1 changed files with 32 additions and 29 deletions
|
|
@ -83,11 +83,11 @@ if [ "$1" = "write-macaroons" ]; then
|
||||||
macaroonAdminHex=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)
|
macaroonAdminHex=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon)
|
||||||
macaroonInvoiceHex=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon)
|
macaroonInvoiceHex=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon)
|
||||||
macaroonReadHex=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon)
|
macaroonReadHex=$(sudo xxd -ps -u -c 1000 /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon)
|
||||||
sudo sed -i "s/^LND_CERT=.*/LND_CERT=/mnt/hdd/lnd/data/chain/${network}/${chain}net/tls.cert/g" /home/admin/lnbits/.env
|
sudo -u lnbits sed -i "s/^LND_CERT=.*/LND_CERT=\/mnt\/hdd\/lnd\/data\/chain\/${network}\/${chain}net\/tls.cert/g" /home/lnbits/lnbits/.env
|
||||||
sudo sed -i "s/^LND_ADMIN_MACAROON=.*/LND_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/admin/lnbits/.env
|
sudo -u lnbits sed -i "s/^LND_ADMIN_MACAROON=.*/LND_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
|
||||||
sudo sed -i "s/^LND_INVOICE_MACAROON=.*/LND_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/admin/lnbits/.env
|
sudo -u lnbits sed -i "s/^LND_INVOICE_MACAROON=.*/LND_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
|
||||||
sudo sed -i "s/^LND_READ_MACAROON=.*/LND_READ_MACAROON=${macaroonReadHex}/g" /home/admin/lnbits/.env
|
sudo -u lnbits sed -i "s/^LND_READ_MACAROON=.*/LND_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
|
||||||
echo "# OK - macaroons written to /home/admin/lnbits/.env"
|
echo "# OK - macaroons written to /home/lnbits/lnbits/.env"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
@ -102,43 +102,46 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
isInstalled=$(sudo ls /etc/systemd/system/lnbits.service 2>/dev/null | grep -c 'lnbits.service')
|
isInstalled=$(sudo ls /etc/systemd/system/lnbits.service 2>/dev/null | grep -c 'lnbits.service')
|
||||||
if [ ${isInstalled} -eq 0 ]; then
|
if [ ${isInstalled} -eq 0 ]; then
|
||||||
|
|
||||||
|
echo "*** Add the 'lnbits' user ***"
|
||||||
|
sudo adduser --disabled-password --gecos "" lnbits
|
||||||
|
|
||||||
# make sure needed debian packages are installed
|
# make sure needed debian packages are installed
|
||||||
echo "# installing needed packages"
|
echo "# installing needed packages"
|
||||||
sudo apt-get install -y pipenv 2>/dev/null
|
sudo apt-get install -y pipenv 2>/dev/null
|
||||||
|
|
||||||
# install from GitHub
|
# install from GitHub
|
||||||
echo "# get the github code"
|
echo "# get the github code"
|
||||||
sudo rm -r /home/admin/lnbits 2>/dev/null
|
sudo rm -r /home/lnbits/lnbits 2>/dev/null
|
||||||
cd /home/admin
|
cd /home/lnbits
|
||||||
sudo -u admin git clone https://github.com/arcbtc/lnbits.git
|
sudo -u lnbits git clone https://github.com/arcbtc/lnbits.git
|
||||||
cd /home/admin/lnbits
|
cd /home/lnbits/lnbits
|
||||||
sudo -u admin git checkout tags/0.1.0
|
sudo -u lnbits git checkout tags/0.1.0
|
||||||
|
|
||||||
# prepare .env file
|
# prepare .env file
|
||||||
echo "# preparing env file"
|
echo "# preparing env file"
|
||||||
sudo rm /home/admin/lnbits/.env 2>/dev/null
|
sudo rm /home/lnbits/lnbits/.env 2>/dev/null
|
||||||
echo "FLASK_APP=lnbits" >> /home/admin/lnbits/.env
|
sudo -u lnbits touch /home/lnbits/lnbits/.env
|
||||||
echo "FLASK_ENV=production" >> /home/admin/lnbits/.env
|
sudo bash -c "echo 'FLASK_APP=lnbits' >> /home/lnbits/lnbits/.env"
|
||||||
echo "LNBITS_BACKEND_WALLET_CLASS=LndWallet" >> /home/admin/lnbits/.env
|
sudo bash -c "echo 'FLASK_ENV=production' >> /home/lnbits/lnbits/.env"
|
||||||
echo "LND_GRPC_ENDPOINT=127.0.0.1" >> /home/admin/lnbits/.env
|
sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=LndWallet' >> /home/lnbits/lnbits/.env"
|
||||||
echo "LND_GRPC_PORT=10009" >> /home/admin/lnbits/.env
|
sudo bash -c "echo 'LND_GRPC_ENDPOINT=127.0.0.1' >> /home/lnbits/lnbits/.env"
|
||||||
echo "LNBITS_FORCE_HTTPS=0" >> /home/admin/lnbits/.env
|
sudo bash -c "echo 'LND_GRPC_PORT=10009' >> /home/lnbits/lnbits/.env"
|
||||||
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
|
sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env"
|
||||||
|
/home/admin/config.scripts/bonus.lnbits.sh write-macaroons
|
||||||
|
|
||||||
# set database path to HDD data so that its survives updates and migrations
|
# set database path to HDD data so that its survives updates and migrations
|
||||||
sudo mkdir /mnt/hdd/app-data/LNBits 2>/dev/null
|
sudo mkdir /mnt/hdd/app-data/LNBits 2>/dev/null
|
||||||
sudo chown admin:admin -R /mnt/hdd/app-data/LNBits
|
sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits
|
||||||
echo "LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits" >> /home/admin/lnbits/.env
|
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> sudo /home/lnbits/lnbits/.env"
|
||||||
|
|
||||||
# to the install
|
# to the install
|
||||||
echo "# installing application dependencies"
|
echo "# installing application dependencies"
|
||||||
cd /home/admin/lnbits
|
cd /home/lnbits/lnbits
|
||||||
sudo -u admin pipenv install
|
sudo -u lnbits pipenv install
|
||||||
sudo -u admin /usr/bin/pipenv run pip install python-dotenv
|
sudo -u lnbits /usr/bin/pipenv run pip install python-dotenv
|
||||||
|
|
||||||
# to the install
|
# to the install
|
||||||
echo "# updating databases"
|
echo "# updating databases"
|
||||||
sudo -u admin /usr/bin/pipenv run flask migrate
|
sudo -u lnbits /usr/bin/pipenv run flask migrate
|
||||||
|
|
||||||
# open firewall
|
# open firewall
|
||||||
echo
|
echo
|
||||||
|
|
@ -158,9 +161,9 @@ Wants=lnd.service
|
||||||
After=lnd.service
|
After=lnd.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
WorkingDirectory=/home/admin/lnbits
|
WorkingDirectory=/home/lnbits/lnbits
|
||||||
ExecStart=/bin/sh -c 'cd /home/admin/lnbits && pipenv run gunicorn -b :5000 lnbits:app -k gevent'
|
ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && pipenv run gunicorn -b :5000 lnbits:app -k gevent'
|
||||||
User=admin
|
User=lnbits
|
||||||
Restart=always
|
Restart=always
|
||||||
TimeoutSec=120
|
TimeoutSec=120
|
||||||
RestartSec=30
|
RestartSec=30
|
||||||
|
|
@ -202,7 +205,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
||||||
sudo systemctl stop lnbits
|
sudo systemctl stop lnbits
|
||||||
sudo systemctl disable lnbits
|
sudo systemctl disable lnbits
|
||||||
sudo rm /etc/systemd/system/lnbits.service
|
sudo rm /etc/systemd/system/lnbits.service
|
||||||
sudo rm -r /home/admin/lnbits
|
sudo userdel -rf lnbits
|
||||||
echo "OK LNbits removed."
|
echo "OK LNbits removed."
|
||||||
else
|
else
|
||||||
echo "LNbits is not installed."
|
echo "LNbits is not installed."
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue