mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-02-28 16:58:03 +01:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #3782 from rootzoll/dev

Browse source 
merge v1.9.0rc4
This commit is contained in:
/rootzoll 2023-05-03 23:06:15 +02:00 committed by GitHub
commit 4af7fa5d94
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
29 changed files with 1200 additions and 2775 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
CHANGES.md
View file

@ -8,28 +8,29 @@
- New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087)
- New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry)
- New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot)
- New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333)
- New: ↬lnproxy cli shortcut and server [details](https://github.com/lnproxy)
- New: Homebanking Interface FinTS/HBCI (experimental) [details](https://github.com/rootzoll/raspiblitz/issues/1186)
- New on WebUI: Jam (JoinMarket Web UI) v0.1.5 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.5)
- Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md)
- Update: LND v0.16.0-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.0-beta)
- Update: Core Lightning v23.02 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02)
- Update: LND v0.16.2-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.2-beta)
- Update: Core Lightning v23.02.2 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02.2)
- Update: C-lightningREST v0.10.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.2)
- Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
- Update: Lightning Terminal v0.8.6-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.6-alpha)
- Update: RTL v0.13.6 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.13.6)
- Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
- Update: LNbits 0.10.2 [details](https://github.com/lnbits/lnbits/releases/tag/0.10.2)
- Update: BTCPayServer 1.8.2 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.8.2)
- Update: BTCPayServer 1.9.1 (postgres by default with sqlite migration) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.9.1)
- Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0)
- Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5)
- Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9)
- Update: JoininBox v0.7.6 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.6)
- Update: JoininBox v0.7.7 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.7)
- Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150)
- Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage)
- Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
- Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez)
- Update: Tallycoin Connect v1.8.0 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.8.0)
- Update: Fulcrum install script (CLI only) v1.9.1 [details](https://github.com/cculianu/Fulcrum/releases/tag/v1.9.1)
- Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file)
- Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
- Info: IP2Tor fix fulmo shop & added new ip2tor.com shop
@ -64,7 +65,7 @@
- Update: C-lightningREST v0.7.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.7.2)
- Update: CLBOSS 0.13A [details](https://github.com/ZmnSCPxj/clboss/releases/tag/0.13A)
- Update: Channel Tools (chantools) v0.10.4 [details](https://github.com/guggero/chantools/blob/master/README.md)
- Update: Lightning Terminal v0.7.0-alpha with Lightning Node Connect over Tor [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.7.0-alpha)
- Update: Lightning Terminal v0.9.2-alpha with Lightning Node Connect over Tor [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.9.2-alpha)
- Update: JoinMarket v0.9.6 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.6)
- Update: JoininBox v0.6.8 [details](https://github.com/openoms/joininbox/releases/tag/v0.6.8)
- Update: JoinMarket Web UI (Jam) v0.0.9 (CLI install script) [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.0.9)

2
README.md
View file

@ -3,7 +3,7 @@
_Build your own Lightning & Bitcoin Fullnode on a RaspberryPi with an optional Display._
`Version 1.9.0RC2 with bitcoin 24.0.1, lnd 0.15.5 & Core Lightning 22.11.1` ([api](https://github.com/fusion44/blitz_api)|[web](https://github.com/cstenglein/raspiblitz-web))
`Version 1.9.0RC2 with bitcoin 24.0.1, lnd 0.16.2 & Core Lightning 23.02` ([api](https://github.com/fusion44/blitz_api)|[web](https://github.com/cstenglein/raspiblitz-web))
![RaspiBlitz](pictures/raspiblitz.jpg)

266
build_sdcard.sh
View file

@ -48,6 +48,12 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
usage
fi
# check if started with sudo
if [ "$EUID" -ne 0 ]; then
echo "error='run as root / may use sudo'"
exit 1
fi
if [ "$1" = "-EXPORT" ] || [ "$1" = "EXPORT" ]; then
cd /home/admin/raspiblitz 2>/dev/null
activeBranch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
@ -143,7 +149,7 @@ range_argument(){
}
apt_install(){
sudo apt install -y ${@}
apt install -y ${@}
if [ $? -eq 100 ]; then
echo "FAIL! apt failed to install needed packages!"
echo ${@}
@ -159,7 +165,7 @@ done
## if any of the required programs are not installed, update and if successfull, install packages
if [ -n "${general_utils_install}" ]; then
echo -e "\n*** SOFTWARE UPDATE ***"
sudo apt update -y || exit 1
apt update -y || exit 1
apt_install ${general_utils_install}
fi
@ -274,17 +280,17 @@ sleep 3 ## give time to cancel
export DEBIAN_FRONTEND=noninteractive
echo "*** Prevent sleep ***" # on all platforms https://wiki.debian.org/Suspend
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
sudo mkdir /etc/systemd/sleep.conf.d
systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
mkdir /etc/systemd/sleep.conf.d
echo "[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no" | sudo tee /etc/systemd/sleep.conf.d/nosuspend.conf
sudo mkdir /etc/systemd/logind.conf.d
AllowHybridSleep=no" | tee /etc/systemd/sleep.conf.d/nosuspend.conf
mkdir /etc/systemd/logind.conf.d
echo "[Login]
HandleLidSwitch=ignore
HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.conf
HandleLidSwitchDocked=ignore" | tee /etc/systemd/logind.conf.d/nosuspend.conf
# FIXING LOCALES
# https://github.com/rootzoll/raspiblitz/issues/138
@ -293,25 +299,25 @@ HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.co
if [ "${baseimage}" = "raspios_arm64" ]||[ "${baseimage}" = "debian_rpi64" ]||[ "${baseimage}" = "armbian" ]; then
echo -e "\n*** FIXING LOCALES FOR BUILD ***"
sudo sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
sudo sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
sudo locale-gen
sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
locale-gen
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8
if [ ! -f /etc/apt/sources.list.d/raspi.list ]; then
echo "# Add the archive.raspberrypi.org/debian/ to the sources.list"
echo "deb http://archive.raspberrypi.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/raspi.list
echo "deb http://archive.raspberrypi.org/debian/ bullseye main" | tee /etc/apt/sources.list.d/raspi.list
fi
fi
echo "*** Remove unnecessary packages ***"
sudo apt remove --purge -y libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi plymouth python2 vlc* cups
sudo apt clean -y
sudo apt autoremove -y
apt remove --purge -y libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi plymouth python2 vlc* cups
apt clean -y
apt autoremove -y
echo -e "\n*** UPDATE Debian***"
sudo apt update -y
sudo apt upgrade -f -y
apt update -y
apt upgrade -f -y
echo -e "\n*** SOFTWARE UPDATE ***"
# based on https://raspibolt.org/system-configuration.html#system-update
@ -342,23 +348,23 @@ server_utils="rsync net-tools xxd netcat openssh-client openssh-sftp-server sshp
[ "${architecture}" = "amd64" ] && amd64_dependencies="network-manager" # add amd64 dependency
apt_install ${general_utils} ${python_dependencies} ${server_utils} ${armbian_dependencies} ${amd64_dependencies}
sudo apt clean -y
sudo apt autoremove -y
apt clean -y
apt autoremove -y
echo -e "\n*** Python DEFAULT libs & dependencies ***"
if [ -f "/usr/bin/python3.9" ]; then
# use python 3.9 if available
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
echo "python calls python3.9"
elif [ -f "/usr/bin/python3.10" ]; then
# use python 3.10 if available
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.10 1
sudo ln -s /usr/bin/python3.10 /usr/bin/python3.9
update-alternatives --install /usr/bin/python python /usr/bin/python3.10 1
ln -s /usr/bin/python3.10 /usr/bin/python3.9
echo "python calls python3.10"
elif [ -f "/usr/bin/python3.8" ]; then
# use python 3.8 if available
sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
echo "python calls python3.8"
else
echo "# FAIL #"
@ -367,7 +373,7 @@ else
fi
# make sure /usr/bin/pip exists (and calls pip3 in Debian Buster)
sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
# 1. libs (for global python scripts)
# grpcio==1.42.0 googleapis-common-protos==1.53.0 toml==0.10.2 j2cli==0.3.10 requests[socks]==2.21.0
# 2. For TorBox bridges python scripts (pip3) https://github.com/radio24/TorBox/blob/master/requirements.txt
@ -383,8 +389,8 @@ echo -e "\n*** PREPARE ${baseimage} ***"
# make sure the pi user is present
if [ "$(compgen -u | grep -c pi)" -eq 0 ];then
echo "# Adding the user pi"
sudo adduser --disabled-password --gecos "" pi
sudo adduser pi sudo
adduser --disabled-password --gecos "" pi
adduser pi sudo
fi
# special prepare when Raspbian
@ -393,12 +399,12 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
echo -e "\n*** PREPARE RASPBERRY OS VARIANTS ***"
apt_install raspi-config
# do memory split (16MB)
sudo raspi-config nonint do_memory_split 16
raspi-config nonint do_memory_split 16
# set to wait until network is available on boot (0 seems to yes)
sudo raspi-config nonint do_boot_wait 0
raspi-config nonint do_boot_wait 0
# set WIFI country so boot does not block
# this will undo the softblock of rfkill on RaspiOS
[ "${wifi_region}" != "off" ] && sudo raspi-config nonint do_wifi_country $wifi_region
[ "${wifi_region}" != "off" ] && raspi-config nonint do_wifi_country $wifi_region
# see https://github.com/rootzoll/raspiblitz/issues/428#issuecomment-472822840
configFile="/boot/config.txt"
@ -406,9 +412,9 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
max_usb_currentDone=$(grep -c "$max_usb_current" $configFile)
if [ ${max_usb_currentDone} -eq 0 ]; then
echo | sudo tee -a $configFile
echo "# Raspiblitz" | sudo tee -a $configFile
echo "$max_usb_current" | sudo tee -a $configFile
echo | tee -a $configFile
echo "# Raspiblitz" | tee -a $configFile
echo "$max_usb_current" | tee -a $configFile
else
echo "$max_usb_current already in $configFile"
fi
@ -416,10 +422,10 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
# run fsck on sd root partition on every startup to prevent "maintenance login" screen
# see: https://github.com/rootzoll/raspiblitz/issues/782#issuecomment-564981630
# see https://github.com/rootzoll/raspiblitz/issues/1053#issuecomment-600878695
# use command to check last fsck check: sudo tune2fs -l /dev/mmcblk0p2
# use command to check last fsck check: tune2fs -l /dev/mmcblk0p2
if [ "${tweak_boot_drive}" == "true" ]; then
echo "* running tune2fs"
sudo tune2fs -c 1 /dev/mmcblk0p2
tune2fs -c 1 /dev/mmcblk0p2
else
echo "* skipping tweak_boot_drive"
fi
@ -432,13 +438,13 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
fsOption2InFile=$(grep -c ${fsOption2} ${kernelOptionsFile})
if [ ${fsOption1InFile} -eq 0 ]; then
sudo sed -i "s/^/$fsOption1 /g" "$kernelOptionsFile"
sed -i "s/^/$fsOption1 /g" "$kernelOptionsFile"
echo "$fsOption1 added to $kernelOptionsFile"
else
echo "$fsOption1 already in $kernelOptionsFile"
fi
if [ ${fsOption2InFile} -eq 0 ]; then
sudo sed -i "s/^/$fsOption2 /g" "$kernelOptionsFile"
sed -i "s/^/$fsOption2 /g" "$kernelOptionsFile"
echo "$fsOption2 added to $kernelOptionsFile"
else
echo "$fsOption2 already in $kernelOptionsFile"
@ -448,15 +454,15 @@ fi
# special prepare when Nvidia Jetson Nano
if [ $(uname -a | grep -c 'tegra') -gt 0 ] ; then
echo "Nvidia --> disable GUI on boot"
sudo systemctl set-default multi-user.target
systemctl set-default multi-user.target
fi
echo -e "\n*** CONFIG ***"
# based on https://raspibolt.github.io/raspibolt/raspibolt_20_pi.html#raspi-config
# set new default password for root user
echo "root:raspiblitz" | sudo chpasswd
echo "pi:raspiblitz" | sudo chpasswd
echo "root:raspiblitz" | chpasswd
echo "pi:raspiblitz" | chpasswd
# prepare auto-start of 00infoLCD.sh script on pi user login (just kicks in if auto-login of pi is activated in HDMI or LCD mode)
if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ] || \
@ -467,10 +473,10 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ] |
# bash autostart for pi
# run as exec to dont allow easy physical access by keyboard
# see https://github.com/rootzoll/raspiblitz/issues/54
sudo bash -c 'echo "# automatic start the LCD info loop" >> /home/pi/.bashrc'
sudo bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/pi/.bashrc'
sudo bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/pi/.bashrc'
sudo bash -c 'echo "exec \$SCRIPT" >> /home/pi/.bashrc'
bash -c 'echo "# automatic start the LCD info loop" >> /home/pi/.bashrc'
bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/pi/.bashrc'
bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/pi/.bashrc'
bash -c 'echo "exec \$SCRIPT" >> /home/pi/.bashrc'
echo "autostart LCD added to $homeFile"
else
echo "autostart LCD already in $homeFile"
@ -480,8 +486,8 @@ else
fi
# limit journald system use
sudo sed -i "s/^#SystemMaxUse=.*/SystemMaxUse=250M/g" /etc/systemd/journald.conf
sudo sed -i "s/^#SystemMaxFileSize=.*/SystemMaxFileSize=50M/g" /etc/systemd/journald.conf
sed -i "s/^#SystemMaxUse=.*/SystemMaxUse=250M/g" /etc/systemd/journald.conf
sed -i "s/^#SystemMaxFileSize=.*/SystemMaxFileSize=50M/g" /etc/systemd/journald.conf
# change log rotates
# see https://github.com/rootzoll/raspiblitz/issues/394#issuecomment-471535483
@ -549,25 +555,25 @@ echo "
invoke-rc.d rsyslog rotate > /dev/null
endscript
}
" | sudo tee ./rsyslog
sudo mv ./rsyslog /etc/logrotate.d/rsyslog
sudo chown root:root /etc/logrotate.d/rsyslog
sudo service rsyslog restart
" | tee ./rsyslog
mv ./rsyslog /etc/logrotate.d/rsyslog
chown root:root /etc/logrotate.d/rsyslog
service rsyslog restart
echo -e "\n*** ADDING MAIN USER admin ***"
# based on https://raspibolt.org/system-configuration.html#add-users
# using the default password 'raspiblitz'
sudo adduser --disabled-password --gecos "" admin
echo "admin:raspiblitz" | sudo chpasswd
sudo adduser admin sudo
sudo chsh admin -s /bin/bash
adduser --disabled-password --gecos "" admin
echo "admin:raspiblitz" | chpasswd
adduser admin sudo
chsh admin -s /bin/bash
# configure sudo for usage without password entry
echo '%sudo ALL=(ALL) NOPASSWD:ALL' | sudo EDITOR='tee -a' visudo
# check if group "admin" was created
if [ $(sudo cat /etc/group | grep -c "^admin") -lt 1 ]; then
echo -e "\nMissing group admin - creating it ..."
sudo /usr/sbin/groupadd --force --gid 1002 admin
sudo usermod -a -G admin admin
/usr/sbin/groupadd --force --gid 1002 admin
usermod -a -G admin admin
else
echo -e "\nOK group admin exists"
fi
@ -575,31 +581,31 @@ fi
echo -e "\n*** ADDING SERVICE USER bitcoin"
# based on https://raspibolt.org/guide/raspberry-pi/system-configuration.html
# create user and set default password for user
sudo adduser --disabled-password --gecos "" bitcoin
echo "bitcoin:raspiblitz" | sudo chpasswd
adduser --disabled-password --gecos "" bitcoin
echo "bitcoin:raspiblitz" | chpasswd
# make home directory readable
sudo chmod 755 /home/bitcoin
chmod 755 /home/bitcoin
# WRITE BASIC raspiblitz.info to sdcard
# if further info gets added .. make sure to keep that on: blitz.preparerelease.sh
sudo touch /home/admin/raspiblitz.info
touch /home/admin/raspiblitz.info
echo "baseimage=${baseimage}" | tee raspiblitz.info
echo "cpu=${cpu}" | tee -a raspiblitz.info
echo "displayClass=headless" | tee -a raspiblitz.info
sudo mv raspiblitz.info /home/admin/
sudo chmod 755 /home/admin/raspiblitz.info
sudo chown admin:admin /home/admin/raspiblitz.info
mv raspiblitz.info /home/admin/
chmod 755 /home/admin/raspiblitz.info
chown admin:admin /home/admin/raspiblitz.info
echo -e "\n*** ADDING GROUPS FOR CREDENTIALS STORE ***"
# access to credentials (e.g. macaroon files) in a central location is managed with unix groups and permissions
sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
/usr/sbin/groupadd --force --gid 9700 lndadmin
/usr/sbin/groupadd --force --gid 9701 lndinvoice
/usr/sbin/groupadd --force --gid 9702 lndreadonly
/usr/sbin/groupadd --force --gid 9703 lndinvoices
/usr/sbin/groupadd --force --gid 9704 lndchainnotifier
/usr/sbin/groupadd --force --gid 9705 lndsigner
/usr/sbin/groupadd --force --gid 9706 lndwalletkit
/usr/sbin/groupadd --force --gid 9707 lndrouter
echo -e "\n*** SHELL SCRIPTS & ASSETS ***"
# copy raspiblitz repo from github
@ -629,10 +635,10 @@ file="/home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py"
! grep -Eq "^from . import.*" "${file}" && sed -i -E 's/^(import.*_pb2)/from . \1/' "${file}"
# add /sbin to path for all
sudo bash -c "echo 'PATH=\$PATH:/sbin' >> /etc/profile"
bash -c "echo 'PATH=\$PATH:/sbin' >> /etc/profile"
# replace boot splash image when raspbian
[ "${baseimage}" = "raspios_arm64" ] && { echo "* replacing boot splash"; sudo cp /home/admin/raspiblitz/pictures/splash.png /usr/share/plymouth/themes/pix/splash.png; }
[ -d /usr/share/plymouth ] && [ "${baseimage}" = "raspios_arm64" ] && { echo "* replacing boot splash"; cp /home/admin/raspiblitz/pictures/splash.png /usr/share/plymouth/themes/pix/splash.png; }
echo -e "\n*** RASPIBLITZ EXTRAS ***"
@ -641,26 +647,26 @@ echo -e "\n*** RASPIBLITZ EXTRAS ***"
# fzf install a command-line fuzzy finder (https://github.com/junegunn/fzf)
apt_install tmux screen fzf
sudo bash -c "echo '' >> /home/admin/.bashrc"
sudo bash -c "echo '# https://github.com/rootzoll/raspiblitz/issues/1784' >> /home/admin/.bashrc"
sudo bash -c "echo 'NG_CLI_ANALYTICS=ci' >> /home/admin/.bashrc"
bash -c "echo '' >> /home/admin/.bashrc"
bash -c "echo '# https://github.com/rootzoll/raspiblitz/issues/1784' >> /home/admin/.bashrc"
bash -c "echo 'NG_CLI_ANALYTICS=ci' >> /home/admin/.bashrc"
# raspiblitz custom command prompt #2400
if ! grep -Eq "^[[:space:]]*PS1.*₿" /home/admin/.bashrc; then
sudo sed -i '/^unset color_prompt force_color_prompt$/i # raspiblitz custom command prompt https://github.com/rootzoll/raspiblitz/issues/2400' /home/admin/.bashrc
sudo sed -i '/^unset color_prompt force_color_prompt$/i raspiIp=$(hostname -I | cut -d " " -f1)' /home/admin/.bashrc
sudo sed -i '/^unset color_prompt force_color_prompt$/i if [ "$color_prompt" = yes ]; then' /home/admin/.bashrc
sudo sed -i '/^unset color_prompt force_color_prompt$/i \ PS1=\x27${debian_chroot:+($debian_chroot)}\\[\\033[00;33m\\]\\u@$raspiIp:\\[\\033[00;34m\\]\\w\\[\\033[01;35m\\]$(__git_ps1 "(%s)") \\[\\033[01;33m\\]₿\\[\\033[00m\\] \x27' /home/admin/.bashrc
sudo sed -i '/^unset color_prompt force_color_prompt$/i else' /home/admin/.bashrc
sudo sed -i '/^unset color_prompt force_color_prompt$/i \ PS1=\x27${debian_chroot:+($debian_chroot)}\\u@$raspiIp:\\w₿ \x27' /home/admin/.bashrc
sudo sed -i '/^unset color_prompt force_color_prompt$/i fi' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i # raspiblitz custom command prompt https://github.com/rootzoll/raspiblitz/issues/2400' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i raspiIp=$(hostname -I | cut -d " " -f1)' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i if [ "$color_prompt" = yes ]; then' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i \ PS1=\x27${debian_chroot:+($debian_chroot)}\\[\\033[00;33m\\]\\u@$raspiIp:\\[\\033[00;34m\\]\\w\\[\\033[01;35m\\]$(__git_ps1 "(%s)") \\[\\033[01;33m\\]₿\\[\\033[00m\\] \x27' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i else' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i \ PS1=\x27${debian_chroot:+($debian_chroot)}\\u@$raspiIp:\\w₿ \x27' /home/admin/.bashrc
sed -i '/^unset color_prompt force_color_prompt$/i fi' /home/admin/.bashrc
fi
echo -e "\n*** FUZZY FINDER KEY BINDINGS ***"
homeFile=/home/admin/.bashrc
keyBindingsDone=$(grep -c "source /usr/share/doc/fzf/examples/key-bindings.bash" $homeFile)
if [ ${keyBindingsDone} -eq 0 ]; then
sudo bash -c "echo 'source /usr/share/doc/fzf/examples/key-bindings.bash' >> /home/admin/.bashrc"
bash -c "echo 'source /usr/share/doc/fzf/examples/key-bindings.bash' >> /home/admin/.bashrc"
echo "key-bindings added to $homeFile"
else
echo "key-bindings already in $homeFile"
@ -671,13 +677,13 @@ homeFile=/home/admin/.bashrc
autostartDone=$(grep -c "automatically start main menu" $homeFile)
if [ ${autostartDone} -eq 0 ]; then
# bash autostart for admin
sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
sudo bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
sudo bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
sudo bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
sudo bash -c "echo ' ./00raspiblitz.sh newsshsession' >> /home/admin/.bashrc"
sudo bash -c "echo 'fi' >> /home/admin/.bashrc"
bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
bash -c "echo ' ./00raspiblitz.sh newsshsession' >> /home/admin/.bashrc"
bash -c "echo 'fi' >> /home/admin/.bashrc"
echo "autostart added to $homeFile"
else
echo "autostart already in $homeFile"
@ -686,21 +692,21 @@ fi
echo -e "\n*** SWAP FILE ***"
# based on https://stadicus.github.io/RaspiBolt/raspibolt_20_pi.html#move-swap-file
# but just deactivating and deleting old (will be created alter when user adds HDD)
sudo dphys-swapfile swapoff
sudo dphys-swapfile uninstall
dphys-swapfile swapoff
dphys-swapfile uninstall
echo -e "\n*** INCREASE OPEN FILE LIMIT ***"
# based on https://raspibolt.org/guide/raspberry-pi/security.html#increase-your-open-files-limit
sudo sed --in-place -i "56s/.*/* soft nofile 256000/" /etc/security/limits.conf
sudo bash -c "echo '* hard nofile 256000' >> /etc/security/limits.conf"
sudo bash -c "echo 'root soft nofile 256000' >> /etc/security/limits.conf"
sudo bash -c "echo 'root hard nofile 256000' >> /etc/security/limits.conf"
sudo bash -c "echo '# End of file' >> /etc/security/limits.conf"
sudo sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
sudo sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
sudo bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
sed --in-place -i "56s/.*/* soft nofile 256000/" /etc/security/limits.conf
bash -c "echo '* hard nofile 256000' >> /etc/security/limits.conf"
bash -c "echo 'root soft nofile 256000' >> /etc/security/limits.conf"
bash -c "echo 'root hard nofile 256000' >> /etc/security/limits.conf"
bash -c "echo '# End of file' >> /etc/security/limits.conf"
sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
# increase the possible number of running processes from 128
sudo bash -c "echo 'fs.inotify.max_user_instances=4096' >> /etc/sysctl.conf"
bash -c "echo 'fs.inotify.max_user_instances=4096' >> /etc/sysctl.conf"
# *** fail2ban ***
# based on https://raspibolt.org/security.html#fail2ban
@ -709,16 +715,16 @@ apt_install --no-install-recommends python3-systemd fail2ban
# *** CACHE DISK IN RAM & KEYVALUE-STORE***
echo "Activating CACHE RAM DISK ... "
sudo /home/admin/_cache.sh ramdisk on
sudo /home/admin/_cache.sh keyvalue on
/home/admin/_cache.sh ramdisk on
/home/admin/_cache.sh keyvalue on
# *** Wifi, Bluetooth & other RaspberryPi configs ***
if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ]; then
if [ "${wifi_region}" == "off" ]; then
echo -e "\n*** DISABLE WIFI ***"
sudo systemctl disable wpa_supplicant.service
sudo ifconfig wlan0 down
systemctl disable wpa_supplicant.service
ifconfig wlan0 down
fi
echo -e "\n*** DISABLE BLUETOOTH ***"
@ -728,46 +734,46 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
if [ "${disableBTDone}" -eq 0 ]; then
# disable bluetooth module
echo "" | sudo tee -a $configFile
echo "# Raspiblitz" | sudo tee -a $configFile
echo 'dtoverlay=pi3-disable-bt' | sudo tee -a $configFile
echo 'dtoverlay=disable-bt' | sudo tee -a $configFile
echo "" | tee -a $configFile
echo "# Raspiblitz" | tee -a $configFile
echo 'dtoverlay=pi3-disable-bt' | tee -a $configFile
echo 'dtoverlay=disable-bt' | tee -a $configFile
else
echo "disable BT already in $configFile"
fi
# remove bluetooth services
sudo systemctl disable bluetooth.service
sudo systemctl disable hciuart.service
systemctl disable bluetooth.service
systemctl disable hciuart.service
# remove bluetooth packages
sudo apt remove -y --purge pi-bluetooth bluez bluez-firmware
apt remove -y --purge pi-bluetooth bluez bluez-firmware
# disable audio
echo -e "\n*** DISABLE AUDIO (snd_bcm2835) ***"
sudo sed -i "s/^dtparam=audio=on/# dtparam=audio=on/g" /boot/config.txt
sed -i "s/^dtparam=audio=on/# dtparam=audio=on/g" /boot/config.txt
# disable DRM VC4 V3D
echo -e "\n*** DISABLE DRM VC4 V3D driver ***"
dtoverlay=vc4-fkms-v3d
sudo sed -i "s/^dtoverlay=${dtoverlay}/# dtoverlay=${dtoverlay}/g" /boot/config.txt
sed -i "s/^dtoverlay=${dtoverlay}/# dtoverlay=${dtoverlay}/g" /boot/config.txt
# I2C fix (make sure dtparam=i2c_arm is not on)
# see: https://github.com/rootzoll/raspiblitz/issues/1058#issuecomment-739517713
sudo sed -i "s/^dtparam=i2c_arm=.*//g" /boot/config.txt
sed -i "s/^dtparam=i2c_arm=.*//g" /boot/config.txt
fi
# *** BOOTSTRAP ***
echo -e "\n*** RASPI BOOTSTRAP SERVICE ***"
sudo chmod +x /home/admin/_bootstrap.sh
sudo cp /home/admin/assets/bootstrap.service /etc/systemd/system/bootstrap.service
sudo systemctl enable bootstrap
chmod +x /home/admin/_bootstrap.sh
cp /home/admin/assets/bootstrap.service /etc/systemd/system/bootstrap.service
systemctl enable bootstrap
# *** BACKGROUND TASKS ***
echo -e "\n*** RASPI BACKGROUND SERVICE ***"
sudo chmod +x /home/admin/_background.sh
sudo cp /home/admin/assets/background.service /etc/systemd/system/background.service
sudo systemctl enable background
chmod +x /home/admin/_background.sh
cp /home/admin/assets/background.service /etc/systemd/system/background.service
systemctl enable background
# *** BACKGROUND SCAN ***
/home/admin/_background.scan.sh install
@ -806,23 +812,23 @@ fi
byteSizeList=$(sudo -u admin stat -c %s /home/admin/fallback.bitnodes.nodes)
if [ ${#byteSizeList} -eq 0 ] || [ ${byteSizeList} -lt 10240 ]; then
echo "Using fallback list from repo: bitnodes"
sudo rm /home/admin/fallback.bitnodes.nodes 2>/dev/null
sudo cp /home/admin/assets/fallback.bitnodes.nodes /home/admin/fallback.bitnodes.nodes
rm /home/admin/fallback.bitnodes.nodes 2>/dev/null
cp /home/admin/assets/fallback.bitnodes.nodes /home/admin/fallback.bitnodes.nodes
fi
sudo chown admin:admin /home/admin/fallback.bitnodes.nodes
chown admin:admin /home/admin/fallback.bitnodes.nodes
# check fallback list bitcoin core
byteSizeList=$(sudo -u admin stat -c %s /home/admin/fallback.bitcoin.nodes)
if [ ${#byteSizeList} -eq 0 ] || [ ${byteSizeList} -lt 10240 ]; then
echo "Using fallback list from repo: bitcoin core"
sudo rm /home/admin/fallback.bitcoin.nodes 2>/dev/null
sudo cp /home/admin/assets/fallback.bitcoin.nodes /home/admin/fallback.bitcoin.nodes
rm /home/admin/fallback.bitcoin.nodes 2>/dev/null
cp /home/admin/assets/fallback.bitcoin.nodes /home/admin/fallback.bitcoin.nodes
fi
sudo chown admin:admin /home/admin/fallback.bitcoin.nodes
chown admin:admin /home/admin/fallback.bitcoin.nodes
echo
echo "*** raspiblitz.info ***"
sudo cat /home/admin/raspiblitz.info
cat /home/admin/raspiblitz.info
# *** RASPIBLITZ IMAGE READY INFO ***
echo -e "\n**********************************************"
@ -835,13 +841,13 @@ echo "1. login fresh --> user:admin password:raspiblitz"
echo -e "2. run --> release\n"
# make sure that at least the code is available (also if no internet)
sudo /home/admin/config.scripts/blitz.display.sh prepare-install
/home/admin/config.scripts/blitz.display.sh prepare-install
# (do last - because might trigger reboot)
if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then
echo "*** ADDITIONAL DISPLAY OPTIONS ***"
echo "- calling: blitz.display.sh set-display ${display}"
sudo /home/admin/config.scripts/blitz.display.sh set-display ${display}
sudo /home/admin/config.scripts/blitz.display.sh rotate 1
/home/admin/config.scripts/blitz.display.sh set-display ${display}
/home/admin/config.scripts/blitz.display.sh rotate 1
fi
echo "# BUILD DONE - see above"

2
home.admin/_version.info
View file

@ -1,3 +1,3 @@
# RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1')
codeVersion="1.9.0rc3"
codeVersion="1.9.0rc4"
# keep last line with comment

14
home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
View file

@ -1,8 +1,8 @@
## lnproxy_ssl.conf
server {
listen 4749 ssl http2;
listen [::]:4749 ssl http2;
listen 4748 ssl http2;
listen [::]:4748 ssl http2;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
@ -13,15 +13,7 @@ server {
access_log /var/log/nginx/access_lnproxy.log;
error_log /var/log/nginx/error_lnproxy.log;
location /api/ {
proxy_pass http://127.0.0.1:4747/;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
location / {
proxy_pass http://127.0.0.1:4748;
include /etc/nginx/snippets/ssl-proxy-params.conf;
proxy_pass http://127.0.0.1:4747;
}
}

13
home.admin/assets/nginx/sites-available/lnproxy_tor.conf
View file

@ -1,25 +1,16 @@
## lnproxy_tor.conf
server {
listen 4750;
listen 4749;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
include /etc/nginx/snippets/gzip-params.conf;
access_log /var/log/nginx/access_lnproxy.log;
error_log /var/log/nginx/error_lnproxy.log;
location /api/ {
proxy_pass http://127.0.0.1:4747/;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
location / {
proxy_pass http://127.0.0.1:4748;
proxy_pass http://127.0.0.1:4747;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}

10
home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
View file

@ -1,7 +1,7 @@
## lnproxy_tor_ssl.conf
server {
listen 4751 ssl http2;
listen 4750 ssl http2;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
@ -12,14 +12,8 @@ server {
access_log /var/log/nginx/access_lnproxy.log;
error_log /var/log/nginx/error_lnproxy.log;
location /api/ {
proxy_pass http://127.0.0.1:4747/;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
location / {
proxy_pass http://127.0.0.1:4748;
proxy_pass http://127.0.0.1:4747;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}

113
home.admin/config.scripts/bitcoin.update.sh
View file

@ -17,37 +17,36 @@ fi
mode="$1"
# RECOMMENDED UPDATE BY RASPIBLITZ TEAM
# comment will be shown as "BEWARE Info" when option is choosen (can be multiple lines)
# comment will be shown as "BEWARE Info" when option is choosen (can be multiple lines)
bitcoinVersion="" # example: 22.0 .. keep empty if no newer version as sd card build is available
# needed to check code signing
# https://github.com/laanwj
laanwjPGP="71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6"
# https://github.com/sipa.gpg
fallbackSigner=sipa
# GATHER DATA
# setting download directory to the current user
downloadDir="/home/$(whoami)/download/bitcoin.update"
# detect CPU architecture & fitting download link
if [ $(uname -m | grep -c 'arm') -eq 1 ] ; then
if [ $(uname -m | grep -c 'arm') -eq 1 ]; then
bitcoinOSversion="arm-linux-gnueabihf"
fi
if [ $(uname -m | grep -c 'aarch64') -eq 1 ] ; then
if [ $(uname -m | grep -c 'aarch64') -eq 1 ]; then
bitcoinOSversion="aarch64-linux-gnu"
fi
if [ $(uname -m | grep -c 'x86_64') -eq 1 ] ; then
if [ $(uname -m | grep -c 'x86_64') -eq 1 ]; then
bitcoinOSversion="x86_64-linux-gnu"
fi
# installed version
installedVersion=$(sudo -u bitcoin bitcoind --version | head -n1| cut -d" " -f4|cut -c 2-)
installedVersion=$(sudo -u bitcoin bitcoind --version | head -n1 | cut -d" " -f4 | cut -c 2-)
# test if the installed version already the tested/recommended update version
bitcoinUpdateInstalled=$(echo "${installedVersion}" | grep -c "${bitcoinVersion}")
# get latest release from GitHub releases
gitHubLatestReleaseJSON="$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/bitcoin/bitcoin/releases | jq '.[0]')"
bitcoinLatestVersion=$(echo "${gitHubLatestReleaseJSON}"|jq -r '.tag_name'|cut -c 2-)
bitcoinLatestVersion=$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/bitcoin/bitcoin/releases | jq -r '.[].tag_name' | sort | tail -n1 | cut -c 2-)
# INFO
function displayInfo() {
@ -75,7 +74,7 @@ if [ "${mode}" = "tested" ]; then
# check for optional second parameter: forced update version
# --> only does the tested update if its the given version
# this is needed for recovery/update.
# this is needed for recovery/update.
fixedBitcoinVersion="$2"
if [ ${#fixedBitcoinVersion} -gt 0 ]; then
echo "# checking for fixed version update: askedFor(${bitcoinVersion}) available(${bitcoinVersion})"
@ -106,10 +105,10 @@ elif [ "${mode}" = "custom" ]; then
echo "# Input the version you would like to install and press ENTER."
echo "# Examples (versions below 22 are not supported):"
echo "22.0rc3"
echo "22.0"
echo "24.0.1"
echo
read bitcoinVersion
if [ $(echo ${bitcoinVersion} | grep -c "rc") -gt 0 ];then
if [ $(echo ${bitcoinVersion} | grep -c "rc") -gt 0 ]; then
cutVersion=$(echo ${bitcoinVersion} | awk -F"r" '{print $1}')
rcVersion=$(echo ${bitcoinVersion} | awk -F"r" '{print $2}')
# https://bitcoincore.org/bin/bitcoin-core-22.0/test.rc3/
@ -119,11 +118,11 @@ elif [ "${mode}" = "custom" ]; then
fi
if curl --output /dev/null --silent --head --fail \
https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS.asc; then
https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS.asc; then
echo "# OK version exists at https://bitcoincore.org/bin/bitcoin-core-${pathVersion}"
echo "# Press ENTER to proceed to install Bitcoin Core $bitcoinVersion or CTRL+C to abort."
read key
else
else
echo "# FAIL $bitcoinVersion does not exist"
echo
echo "# Press ENTER to return to the main menu"
@ -133,8 +132,8 @@ elif [ "${mode}" = "custom" ]; then
fi
# JOINED INSTALL
if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom" ]; then
if [ "${mode}" = "tested" ] || [ "${mode}" = "reckless" ] || [ "${mode}" = "custom" ]; then
displayInfo
if [ "$installedVersion" = "$bitcoinVersion" ]; then
@ -143,48 +142,48 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
exit 0
fi
echo
echo
echo "# clean & change into download directory"
sudo rm -rf "${downloadDir}"
mkdir -p "${downloadDir}"
cd "${downloadDir}" || exit 1
# download signed binary sha256 hash sum file
wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS
# download signed binary sha256 hash sum file and check
wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS.asc
echo "# Enter the github username of a signer. Find the list of signers at: "
echo "https://github.com/bitcoin-core/guix.sigs/tree/main/${pathVersion}"
echo "# Example for Peter Wuille (https://github.com/sipa):"
echo "sipa"
echo "# example for Emzy (https://github.com/Emzy):"
echo "Emzy"
read customSigner
echo "# Paste the PGP pubkey fingerprint of a signer."
echo "# Example for W. J. van der Laan (https://github.com/laanwj):"
echo "71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6"
echo ""
read customKey
if [ ${#customKey} -eq 0 ];then
customKey=$laanwjPGP
if [ ${#customSigner} -eq 0 ]; then
customSigner=$fallbackSigner
fi
# receive signer key
if ! gpg --recv-key "$customKey"
then
echo
echo "# FAIL # Could not download the PGP pubkey"
echo
echo "See the signers of this release:"
echo
gpg --verify SHA256SUMS.asc
echo
echo "# Download the binary sha256 hash sum file"
wget -O all.SHA256SUMS https://raw.githubusercontent.com/bitcoin-core/guix.sigs/main/${pathVersion}/${customSigner}/all.SHA256SUMS
echo "# Download signature of the binary sha256 hash sum file"
wget -O all.SHA256SUMS.asc https://raw.githubusercontent.com/bitcoin-core/guix.sigs/main/${pathVersion}/${customSigner}/all.SHA256SUMS.asc
echo "# Download PGP pubkey of ${customSigner}"
if ! wget -O pubkey.asc https://github.com/${customSigner}.gpg; then
echo "# FAIL # Could not down
load the PGP pubkey of ${customSigner}"
rm pubkey.asc
exit 1
fi
verifyResult=$(LANG=en_US.utf8; gpg --verify SHA256SUMS.asc 2>&1)
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
echo "goodSignature(${goodSignature})"
correctKey=$(echo ${verifyResult} | grep "${customKey}" -c)
echo "correctKey(${correctKey})"
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
echo "# Import PGP pubkey of ${customSigner}"
if ! gpg --import pubkey.asc; then
echo "# FAIL # Couldn't import the PGP pubkey of ${customSigner}"
rm pubkey.asc
exit 1
fi
rm pubkey.asc
echo "# Checking PGP signature of the binary sha256 hash sum file"
if ! gpg --verify all.SHA256SUMS.asc; then
echo
echo "# BUILD FAILED --> PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
echo "# BUILD FAILED --> the signature does not match"
exit 1
else
echo
@ -195,18 +194,15 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
echo "# Downloading Bitcoin Core v${bitcoinVersion} for ${bitcoinOSversion} ..."
binaryName="bitcoin-${bitcoinVersion}-${bitcoinOSversion}.tar.gz"
wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/${binaryName}
if [ ! -f "./${binaryName}" ]
then
if [ ! -f "./${binaryName}" ]; then
echo "# FAIL # Downloading BITCOIN BINARY did not succeed."
exit 1
fi
echo "# Checking binary checksum ..."
checksumTest=$(sha256sum -c --ignore-missing SHA256SUMS ${binaryName} 2>/dev/null \
| grep -c "${binaryName}: OK")
if [ "${checksumTest}" -eq 0 ]; then
echo "# Checking the binary checksum ..."
if ! sha256sum -c --ignore-missing all.SHA256SUMS; then
# get the sha256 value for the corresponding platform from signed hash sum file
bitcoinSHA256=$(grep -i "${binaryName}}" SHA256SUMS | cut -d " " -f1)
bitcoinSHA256=$(grep -i "${binaryName}}" all.SHA256SUMS | cut -d " " -f1)
echo "# FAIL # Downloaded BITCOIN BINARY CHECKSUM:"
echo "$(sha256sum ${binaryName})"
echo "NOT matching SHA256 checksum:"
@ -217,16 +213,16 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
echo "# OK --> VERIFIED BITCOIN CORE BINARY CHECKSUM IS CORRECT"
echo
fi
fi
fi
if [ "${mode}" = "tested" ]||[ "${mode}" = "custom" ]; then
if [ "${mode}" = "tested" ] || [ "${mode}" = "custom" ]; then
bitcoinInterimsUpdateNew="${bitcoinVersion}"
elif [ "${mode}" = "reckless" ]; then
bitcoinInterimsUpdateNew="reckless"
fi
# JOINED INSTALL
if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom" ];then
if [ "${mode}" = "tested" ] || [ "${mode}" = "reckless" ] || [ "${mode}" = "custom" ]; then
# install
echo "# Stopping bitcoind ..."
@ -238,8 +234,7 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
tar -xvf ${binaryName}
sudo install -m 0755 -o root -g root -t /usr/local/bin/ bitcoin-${bitcoinVersion}/bin/*
sleep 3
installed=$(bitcoind --version | grep "${bitcoinVersion}" -c)
if [ ${installed} -lt 1 ]; then
if ! bitcoind --version | grep "${bitcoinVersion}"; then
echo
echo "# BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})"
exit 1

4
home.admin/config.scripts/blitz.display.sh
View file

@ -140,7 +140,7 @@ if [ "${command}" == "rotate" ]; then
sed -i "s/^dtoverlay=.*/dtoverlay=waveshare35a:rotate=90/g" /boot/config.txt
rm /etc/X11/xorg.conf.d/40-libinput.conf 2>/dev/null
/home/admin/config.scripts/blitz.conf.sh set lcdrotate 1 2>/dev/null
/home/admin/config.scripts/blitz.conf.sh set lcdrotate 1 1>/dev/null 2>/dev/null
echo "# OK - a restart is needed: sudo shutdown -r now"
# TURN ROTATE OFF
@ -165,7 +165,7 @@ EOF
fi
# update raspiblitz conf
/home/admin/config.scripts/blitz.conf.sh set lcdrotate 0 2>/dev/null
/home/admin/config.scripts/blitz.conf.sh set lcdrotate 0 1>/dev/null 2>/dev/null
echo "OK - a restart is needed: sudo shutdown -r now"
else

10
home.admin/config.scripts/blitz.fatpack.sh
View file

@ -9,6 +9,15 @@ if [ "$EUID" -ne 0 ]
exit 1
fi
apt_install() {
apt install -y ${@}
if [ $? -eq 100 ]; then
echo "FAIL! apt failed to install needed packages!"
echo ${@}
exit 1
fi
}
echo "# getting default user/repo from build_sdcard.sh"
sudo cp /home/admin/raspiblitz/build_sdcard.sh /home/admin/build_sdcard.sh
sudo chmod +x /home/admin/build_sdcard.sh 2>/dev/null
@ -48,6 +57,7 @@ sudo /home/admin/config.scripts/blitz.web.ui.sh on "${defaultWEBUIuser}" "${defa
# set build code as new www default
sudo rm -r /home/admin/assets/nginx/www_public
mkdir -p /home/admin/assets/nginx/www_public
sudo cp -a /home/blitzapi/blitz_web/build/* /home/admin/assets/nginx/www_public
sudo chown admin:admin /home/admin/assets/nginx/www_public
sudo rm -r /home/blitzapi/blitz_web/build/*

26
home.admin/config.scripts/blitz.web.api.sh
View file

@ -33,7 +33,7 @@ if [ "$1" = "update-config" ]; then
fi
# prepare config update
cd /home/blitzapi/blitz_api
cd /home/blitzapi/blitz_api || exit 1
secret=$(cat ./.env 2>/dev/null | grep "secret=" | cut -d "=" -f2)
cp ./.env_sample ./.env
dateStr=$(date)
@ -44,7 +44,7 @@ if [ "$1" = "update-config" ]; then
# configure access token secret
if [ "${secret}" == "" ] || [ "${secret}" == "please_please_update_me_please" ]; then
echo "# init secret ..."
secret=$(dd if=/dev/urandom bs=256 count=1 2> /dev/null | shasum -a256 | cut -d " " -f1)
secret=$(dd if=/dev/urandom bs=256 count=1 2>/dev/null | shasum -a256 | cut -d " " -f1)
else
echo "# use existing secret"
fi
@ -78,13 +78,13 @@ if [ "$1" = "update-config" ]; then
sed -i "s/^lnd_grpc_ip=.*/lnd_grpc_ip=127.0.0.1/g" ./.env
sed -i "s/^lnd_macaroon=.*/lnd_macaroon=${adminMacaroon}/g" ./.env
sed -i "s/^lnd_cert=.*/lnd_cert=${tlsCert}/g" ./.env
if [ "${chain}" == "main" ];then
if [ "${chain}" == "main" ]; then
L2rpcportmod=0
portprefix=""
elif [ "${chain}" == "test" ];then
elif [ "${chain}" == "test" ]; then
L2rpcportmod=1
portprefix=1
elif [ "${chain}" == "sig" ];then
elif [ "${chain}" == "sig" ]; then
L2rpcportmod=3
portprefix=3
fi
@ -96,7 +96,7 @@ if [ "$1" = "update-config" ]; then
echo "# CONFIG Web API Lightning --> CL"
sed -i "s/^ln_node=.*/ln_node=cln_jrpc/g" ./.env
sed -i "s/^cln_jrpc_path=.*/cln_jrpc_path="/mnt/hdd/app-data/.lightning/bitcoin/lightning-rpc"/g" ./.env
sed -i "s#^cln_jrpc_path=.*#cln_jrpc_path=\"/mnt/hdd/app-data/.lightning/bitcoin/lightning-rpc\"#g" ./.env
# make sure cln-grpc is on
# sudo /home/admin/config.scripts/cl-plugin.cln-grpc.sh on mainnet
@ -122,9 +122,9 @@ if [ "$1" = "update-config" ]; then
fi
else
echo "# CONFIG Web API ... still in setup, skip bitcoin & lightning"
sed -i "s/^network=.*/network=/g" ./.env
sed -i "s/^ln_node=.*/ln_node=/g" ./.env
echo "# CONFIG Web API ... still in setup, skip bitcoin & lightning"
sed -i "s/^network=.*/network=/g" ./.env
sed -i "s/^ln_node=.*/ln_node=/g" ./.env
fi
echo "# '.env' config updates - blitzapi maybe needs to be restarted"
@ -230,12 +230,12 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
fi
/usr/sbin/usermod --append --groups bitcoin blitzapi
# symlink the CLN data dir for blitzapi
sudo rm -rf /home/blitzapi/.lightning # not a symlink.. delete it silently
sudo rm -rf /home/blitzapi/.lightning # not a symlink.. delete it silently
# create symlink
sudo -u blitzapi ln -s /mnt/hdd/app-data/.lightning /home/blitzapi/
cd /home/blitzapi || exit 1
# git clone https://github.com/fusion44/blitz_api.git /home/blitzapi/blitz_api
echo "# clone github: ${GITHUB_USER}/${GITHUB_REPO}"
if ! sudo -u blitzapi git clone https://github.com/${GITHUB_USER}/${GITHUB_REPO}.git blitz_api; then
@ -264,7 +264,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "error='pip install failed'"
exit 1
fi
# prepare systemd service
echo "
[Unit]
@ -330,7 +330,7 @@ if [ "$1" = "update-code" ]; then
echo "# Update Web API CODE"
systemctl stop blitzapi
sudo chown -R blitzapi:blitzapi /home/blitzapi/blitz_api
cd /home/blitzapi/blitz_api
cd /home/blitzapi/blitz_api || exit 1
if [ "$currentBranch" == "" ]; then
currentBranch=$(sudo -u blitzapi git rev-parse --abbrev-ref HEAD)
fi

2
home.admin/config.scripts/blitz.web.sh
View file

@ -72,7 +72,7 @@ EOF
sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
sudo chown -R admin:www-data /var/www/letsencrypt
sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public
sudo chown www-data:www-data /var/www/public
sudo chown -R www-data:www-data /var/www/public
sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/
# enable public site & API redirect

33
home.admin/config.scripts/bonus.btcpayserver.sh
View file

@ -5,7 +5,7 @@
# https://github.com/dgarage/NBXplorer/tags
NBXplorerVersion="v2.3.62"
# https://github.com/btcpayserver/btcpayserver/releases
BTCPayVersion="v1.8.2"
BTCPayVersion="v1.9.1"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -58,25 +58,20 @@ nomigrateevts=1
function BtcPayConfig() {
# set thumbprint
FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/btcpay/.lnd/tls.cert | cut -d"=" -f2)
if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
echo "# sqlite database exists"
databaseOption="# keep using sqlite as /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db exists (configured in the btcpayserver.service)"
# set up postgres
if sudo -u postgres psql -c '\l' | grep btcpaymainnet; then
echo "# btcpaymainnet database already exists"
else
echo "# sqlite database does not exist, using postgresql"
databaseOption="postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';"
if sudo -u postgres psql -c '\l' | grep btcpaymainnet; then
echo "# btcpaymainnet database already exists"
else
echo "# Generate the database for btcpay"
sudo -u postgres psql -c "CREATE DATABASE btcpaymainnet TEMPLATE template0 LC_CTYPE 'C' LC_COLLATE 'C' ENCODING 'UTF8';"
sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';"
sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;"
fi
echo "# List databases with: sudo -u postgres psql -c '\l'"
sudo -u postgres psql -c '\l'
echo "# Generate the database for btcpay"
sudo -u postgres psql -c "CREATE DATABASE btcpaymainnet TEMPLATE template0 LC_CTYPE 'C' LC_COLLATE 'C' ENCODING 'UTF8';"
sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';"
sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;"
fi
echo "# List databases with: sudo -u postgres psql -c '\l'"
sudo -u postgres psql -c '\l'
echo "# Regenerate the btcpayserver settings (includes the LND TLS thumbprint)"
# https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#3-create-a-configuration-file
sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main
echo "
### Global settings ###
network=mainnet
@ -85,20 +80,21 @@ network=mainnet
port=23000
bind=127.0.0.1
externalurl=https://$BTCPayDomain
socksendpoint=127.0.0.1:9050
### NBXplorer settings ###
BTC.explorer.url=http://127.0.0.1:24444/
BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/home/btcpay/admin.macaroon;certthumbprint=$FINGERPRINT
### Database ###
${databaseOption}
postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';
explorer.postgres=User ID=nbxplorer;Host=localhost;Port=5432;Application Name=nbxplorer;MaxPoolSize=20;Database=nbxplorermainnet;Password='raspiblitz';
" | sudo -u btcpay tee /home/btcpay/.btcpayserver/Main/settings.config
}
function BtcPayService() {
if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
echo "# sqlite database exists"
echo "# sqlite database exists - will be ignored after the migration to postgresql"
databaseOption=" -- --sqlitefile=sqllite.db"
else
echo "# sqlite database does not exist, using postgresql"
@ -619,7 +615,6 @@ WantedBy=multi-user.target
echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. it is enabled and will start on next reboot"
fi
sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main/
if [ "${lnd}" = on ]; then
/home/admin/config.scripts/bonus.btcpayserver.sh write-tls-macaroon
fi

37
home.admin/config.scripts/bonus.fulcrum.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# https://github.com/cculianu/Fulcrum/releases
fulcrumVersion="1.7.0"
fulcrumVersion="1.9.1"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -12,7 +12,6 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
exit 1
fi
if [ "$1" = on ]; then
# ?wait until txindex finishes?
/home/admin/config.scripts/network.txindex.sh on
@ -26,6 +25,7 @@ if [ "$1" = on ]; then
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# Restarting bitcoind"
sudo systemctl restart bitcoind
fi
@ -51,26 +51,25 @@ if [ "$1" = on ]; then
# get the PGP key
curl https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/pubkeys/calinkey.txt | sudo -u fulcrum gpg --import
# look for 'Good signature'
echo "# Look for 'Good signature'"
sudo -u fulcrum gpg --verify Fulcrum-${fulcrumVersion}-${build}.tar.gz.asc || exit 1
# look for 'OK'
echo "# Look for 'OK'"
sudo -u fulcrum sha256sum -c Fulcrum-${fulcrumVersion}-${build}.tar.gz.sha256sum --ignore-missing || exit 1
# decompress
echo "# Unpack"
sudo -u fulcrum tar -xvf Fulcrum-${fulcrumVersion}-${build}.tar.gz
# create the database directory in /mnt/hdd/app-storage (on the disk)
echo "# Create the database directory in /mnt/hdd/app-storage (on the disk)"
sudo mkdir -p /mnt/hdd/app-storage/fulcrum/db
sudo chown -R fulcrum:fulcrum /mnt/hdd/app-storage/fulcrum
# create a symlink to /home/fulcrum/.fulcrum
echo "# Create a symlink to /home/fulcrum/.fulcrum"
sudo ln -s /mnt/hdd/app-storage/fulcrum /home/fulcrum/.fulcrum
sudo chown -R fulcrum:fulcrum /home/fulcrum/.fulcrum
# Create a config file
echo "# Getting RPC credentials from the bitcoin.conf"
#read PASSWORD_B
echo "# Create a config file"
echo "# Get the RPC credentials from the bitcoin.conf"
RPC_USER=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcuser | cut -c 9-)
PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
echo "\
@ -96,7 +95,7 @@ tcp = 0.0.0.0:50021
# ssl via nginx
" | sudo -u fulcrum tee /home/fulcrum/.fulcrum/fulcrum.conf
# Create a systemd service
echo "# Create a systemd service"
echo "\
[Unit]
Description=Fulcrum
@ -119,12 +118,10 @@ WantedBy=multi-user.target
sudo systemctl enable fulcrum
if [ "${state}" == "ready" ]; then
echo "# Starting the fulcrum.service"
sudo systemctl start fulcrum
fi
# sudo journalctl -fu fulcrum
# sudo systemctl status fulcrum
sudo ufw allow 50021 comment 'Fulcrum TCP'
sudo ufw allow 50022 comment 'Fulcrum SSL'
@ -135,7 +132,7 @@ WantedBy=multi-user.target
elif [ ${isConfigured} -eq 0 ]; then
isStream=$(sudo cat /etc/nginx/nginx.conf 2>/dev/null | grep -c 'stream {')
if [ ${isStream} -eq 0 ]; then
echo "
echo "
stream {
upstream fulcrum {
server 127.0.0.1:50021;
@ -152,9 +149,9 @@ stream {
}
}" | sudo tee -a /etc/nginx/nginx.conf
elif [ ${isStream} -eq 1 ]; then
sudo truncate -s-2 /etc/nginx/nginx.conf
echo "
elif [ ${isStream} -eq 1 ]; then
sudo truncate -s-2 /etc/nginx/nginx.conf
echo "
upstream fulcrum {
server 127.0.0.1:50021;
}
@ -184,8 +181,10 @@ stream {
# setting value in raspiblitz config
/home/admin/config.scripts/blitz.conf.sh set fulcrum "on"
fi
echo "# Follow the logs with the command:"
echo "sudo journalctl -fu fulcrum"
fi
if [ "$1" = off ]; then
sudo systemctl disable fulcrum

40
home.admin/config.scripts/bonus.joinmarket.sh
View file

@ -6,7 +6,7 @@
# https://github.com/openoms/joininbox
# https://github.com/openoms/joininbox/tags
JBTAG="v0.7.6" # installs JoinMarket v0.9.9
JBTAG="v0.7.7" # installs JoinMarket v0.9.9
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -159,25 +159,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
sudo /home/admin/config.scripts/bonus.joinmarket.sh install
fi
# make sure the Bitcoin Core wallet is on
/home/admin/config.scripts/network.wallet.sh on
if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ]; then
echo "# Create a non-descriptor wallet.dat"
/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
else
isDescriptor=$(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -rpcwallet=wallet.dat getwalletinfo | grep -c '"descriptors": true,')
if [ "$isDescriptor" -gt 0 ]; then
# unload
bitcoin-cli unloadwallet wallet.dat
echo "# Move the wallet.dat with descriptors to /mnt/hdd/bitcoin/descriptors"
sudo mv /mnt/hdd/bitcoin/wallet.dat /mnt/hdd/bitcoin/descriptors
echo "# Create a non-descriptor wallet.dat"
bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
else
echo "# The non-descriptor wallet.dat is loaded in bitcoind."
fi
fi
# store JoinMarket data on HDD
mkdir /mnt/hdd/app-data/.joinmarket 2>/dev/null
@ -212,6 +193,25 @@ if [ -z \"\$TMUX\" ]; then
fi
" | sudo -u joinmarket tee -a /home/joinmarket/.bashrc
# make sure the Bitcoin Core wallet is on
/home/admin/config.scripts/network.wallet.sh on
if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ]; then
echo "# Create a non-descriptor wallet.dat"
/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
else
isDescriptor=$(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -rpcwallet=wallet.dat getwalletinfo | grep -c '"descriptors": true,')
if [ "$isDescriptor" -gt 0 ]; then
# unload
bitcoin-cli unloadwallet wallet.dat
echo "# Move the wallet.dat with descriptors to /mnt/hdd/bitcoin/descriptors"
sudo mv /mnt/hdd/bitcoin/wallet.dat /mnt/hdd/bitcoin/descriptors
echo "# Create a non-descriptor wallet.dat"
bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
else
echo "# The non-descriptor wallet.dat is loaded in bitcoind."
fi
fi
# configure joinmarket (includes a check if it is installed)
if sudo -u joinmarket /home/joinmarket/start.joininbox.sh; then
echo "# Start to use by logging in to the 'joinmarket' user with:"

11
home.admin/config.scripts/bonus.lit.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# https://github.com/lightninglabs/lightning-terminal/releases
LITVERSION="0.8.6-alpha"
LITVERSION="0.9.2-alpha"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -14,15 +14,18 @@ fi
# check who signed the release in https://github.com/lightninglabs/lightning-terminal/releases
PGPsigner="ellemouton"
if [ $PGPsigner = ellemouton ];then
if [ $PGPsigner = ellemouton ]; then
PGPpkeys="https://github.com/${PGPsigner}.gpg"
PGPcheck="D7D916376026F177"
elif [ $PGPsigner = guggero ];then
elif [ $PGPsigner = guggero ]; then
PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc"
PGPcheck="03DB6322267C373B"
elif [ $PGPsigner = roasbeef ];then
elif [ $PGPsigner = roasbeef ]; then
PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc "
PGPcheck="3BBD59E99B280306"
elif [ $PGPsigner = ellemouton ]; then
PGPpkeys="https://keybase.io/ellemo/pgp_keys.asc "
PGPcheck="D7D916376026F17"
fi
source /mnt/hdd/raspiblitz.conf

4
home.admin/config.scripts/bonus.lnbits.sh
View file

@ -3,7 +3,7 @@
# https://github.com/lnbits/lnbits
# https://github.com/lnbits/lnbits/releases
tag="0.10.2"
tag="0.10.4.1"
VERSION="${tag}"
# command info
@ -781,7 +781,7 @@ After=bitcoind.service
[Service]
WorkingDirectory=/home/lnbits/lnbits
ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart
ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && poetry run lnbits --port 5000'
ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && poetry run lnbits --port 5000 --host 0.0.0.0'
User=lnbits
Restart=always
TimeoutSec=120

123
home.admin/config.scripts/bonus.lnproxy.sh
View file

@ -1,9 +1,7 @@
#!/bin/bash
# https://github.com/lnproxy/lnproxy/commits/main
LNPROXYVERSION="423723b58cc45daa2fdf6c8b22537d560aca4d7a"
# https://github.com/lnproxy/lnproxy-webui/commits/main
WEBUIVERSION=24d291c884a0b60126c1915301f29c893900a155
LNPROXYVERSION="7c8a14106b42cfd89471c1dc02d7baab1122dfa2"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -20,33 +18,21 @@ localip=$(hostname -I | awk '{print $1}')
if [ "$1" = "menu" ]; then
if systemctl is-active --quiet lnproxy; then
# get network info
torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null)
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
sudo /home/admin/config.scripts/blitz.display.sh qr "${torAddress}"
whiptail --title " lnproxy server API" --msgbox "\
Use your hidden service as a relay on the lnproxy Tor website:
dx7pn6ehykq6cadce4bjbxn5tf64z7e3fufpxgxce7n4f5eja476cpyd.onion
Your address to be used as the relay:
http://${torAddress}/spec
To use the API from another computer on your LAN:
curl -k https://${localip}:4748/api/{invoice}?routing_msat={budget}
if [ "${runBehindTor}" = "on" ] && [ -n "${torAddress}" ]; then
# Info with Tor
sudo /home/admin/config.scripts/blitz.display.sh qr "${torAddress}"
whiptail --title " lnproxy-webui and API" --msgbox "\
Open in your local web browser:
http://${localip}:4748
https://${localip}:4749 with Fingerprint:
${fingerprint}\n
Hidden Service address for Tor Browser (see LCD for QR):
${torAddress}\n
To use the API:
curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n
The Tor Hidden Service address to share for using the API:
${torAddress}/api
" 20 70
sudo /home/admin/config.scripts/blitz.display.sh hide
else
# Info without Tor
whiptail --title " lnproxy-webui " --msgbox "Open in your local web browser:
http://${localip}:4748\n
Activate Tor to access the web interface from outside your local network.
" 15 57
fi
" 16 78
sudo /home/admin/config.scripts/blitz.display.sh hide
echo "# please wait ..."
else
echo "# *** LNPROXY IS NOT INSTALLED ***"
@ -138,53 +124,6 @@ EOF
echo "# OK - the lnproxy.service is enabled, to start manually use: sudo systemctl start lnproxy"
fi
# lnproxy-webui
cd /home/lnproxy/ || exit 1
sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy-webui
cd /home/lnproxy/lnproxy-webui || exit 1
sudo -u lnproxy git reset --hard ${WEBUIVERSION} || exit 1
# build
sudo -u lnproxy /usr/local/go/bin/go get lnproxy-webui
sudo -u lnproxy /usr/local/go/bin/go build
# create systemd service
cat <<EOF | sudo tee /etc/systemd/system/lnproxy-webui.service
[Unit]
Description=lnproxy-webui
After=lnproxy.service
[Service]
WorkingDirectory=/home/lnproxy/lnproxy-webui
User=lnproxy
Group=lnproxy
Type=simple
ExecStart=/home/lnproxy/lnproxy-webui/lnproxy-webui
Restart=on-failure
RestartSec=30
TimeoutSec=120
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
EOF
# enable and start service
sudo systemctl enable lnproxy-webui
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# OK - the lnproxy-webui.service is enabled, system is on ready so starting service"
sudo systemctl start lnproxy-webui
else
echo "# OK - the lnproxy-webui.service is enabled, to start manually use: sudo systemctl start lnproxy-webui"
fi
##################
# NGINX
##################
@ -201,25 +140,28 @@ EOF
sudo ln -sf /etc/nginx/sites-available/lnproxy_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/lnproxy_tor.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/lnproxy_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo nginx -t || exit 1
sudo systemctl reload nginx
sudo ufw allow 4748 comment lnproxy-webui-HTTP
sudo ufw allow 4749 comment lnproxy-HTTPS
sudo ufw allow 4748 comment lnproxy-HTTPS
/home/admin/config.scripts/tor.onion-service.sh lnproxy 80 4750 443 4751
/home/admin/config.scripts/tor.onion-service.sh lnproxy 80 4749 443 4750
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set lnproxy "on"
echo "# API:"
echo "curl http://127.0.0.1:4747/{your_invoice}?routing_msat={routing_budget}"
echo "curl -k https://${localip}:4749/api/{your_invoice}?routing_msat={routing_budget}"
echo "# WebUI:"
echo "http://${localip}:4748"
echo "https://${localip}:4749"
torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null)
echo
echo "# Use your hidden service as a relay on the lnproxy Tor website:"
echo "dx7pn6ehykq6cadce4bjbxn5tf64z7e3fufpxgxce7n4f5eja476cpyd.onion"
echo "# Your address to be used as the relay:"
echo "http://${torAddress}/spec"
echo "# To use the API from another computer on your LAN:"
echo "curl -k https://${localip}:4748/api/{invoice}?routing_msat={budget}\n"
echo "# The Tor Hidden Service address to share for using the API:"
echo "${torAddress}/api"
echo "# More info at:"
echo "https://github.com/lnproxy/lnproxy"
echo "https://github.com/lnproxy"
exit 0
fi
@ -233,15 +175,22 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
# remove systemd services
sudo systemctl disable --now lnproxy
sudo rm -f /etc/systemd/system/lnproxy.service
sudo systemctl disable --now lnproxy-webui
sudo rm -f /etc/systemd/system/lnproxy-webui.service
# remove Tor service
/home/admin/config.scripts/tor.onion-service.sh off lnproxy
sudo rm /etc/nginx/sites-available/lnproxy_ssl.conf
sudo rm /etc/nginx/sites-available/lnproxy_tor.conf
sudo rm /etc/nginx/sites-available/lnproxy_tor_ssl.conf
sudo rm /etc/nginx/sites-enabled/lnproxy_ssl.conf
sudo rm /etc/nginx/sites-enabled/lnproxy_tor.conf
sudo rm /etc/nginx/sites-enabled/lnproxy_tor_ssl.conf
sudo nginx -t || exit 1
sudo systemctl reload nginx
# close ports on firewall
sudo ufw delete allow 4748
sudo ufw delete allow 4749
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set lnproxy "off"

4
home.admin/config.scripts/bonus.postgresql.sh
View file

@ -59,6 +59,10 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then
sudo rm -rf $postgres_datadir # not a symlink.. delete it silently
sudo ln -s /mnt/hdd/app-data/postgresql /var/lib/
fi
# always fix ownership
sudo chown -R postgres:postgres /mnt/hdd/app-data/postgresql
sudo systemctl enable postgresql
sudo systemctl start postgresql

1
home.admin/config.scripts/cl-plugin.cln-grpc.sh
View file

@ -45,6 +45,7 @@ function buildGRPCplugin() {
echo "# delete old dir or binary"
sudo rm -rf /home/bitcoin/cl-plugins-available/cln-grpc
echo "# move to /home/bitcoin/cl-plugins-available/"
sudo mkdir -p /home/bitcoin/cl-plugins-available
sudo -u bitcoin mv /home/bitcoin/cln-grpc-build/debug/cln-grpc /home/bitcoin/cl-plugins-available/
else
echo "# - cln-grpc plugin was already built/installed"

33
home.admin/config.scripts/lnd.check.sh
View file

@ -305,6 +305,39 @@ fi
fi
##### RPCMIDDLEWARE SECTION #####
# [rpcmiddleware]
sectionName="[Rr]pcmiddleware"
echo "# [${sectionName}] config ..."
# make sure lnd config has a [rpcmiddleware] section
sectionExists=$(cat ${lndConfFile} | grep -c "^\[${sectionName}\]")
echo "# sectionExists(${sectionExists})"
if [ "${sectionExists}" == "0" ]; then
echo "# adding section [${sectionName}]"
echo "
[${sectionName}]
" | tee -a ${lndConfFile}
fi
# get line number of [rpcmiddleware] section
sectionLine=$(cat ${lndConfFile} | grep -n "^\[${sectionName}\]" | cut -d ":" -f1)
echo "# sectionLine(${sectionLine})"
insertLine=$(expr $sectionLine + 1)
echo "# insertLine(${insertLine})"
fileLines=$(wc -l ${lndConfFile} | cut -d " " -f1)
echo "# fileLines(${fileLines})"
if [ ${fileLines} -lt ${insertLine} ]; then
echo "# adding new line for inserts"
echo "
" | tee -a ${lndConfFile}
fi
# SET/UPDATE rpcmiddleware.enable
setting ${lndConfFile} ${insertLine} "rpcmiddleware.enable" "true"
echo "# OK PRESTART DONE"
######################################################################

2
home.admin/config.scripts/lnd.install.sh
View file

@ -4,7 +4,7 @@
## based on https://raspibolt.github.io/raspibolt/raspibolt_40_lnd.html#lightning-lnd
## see LND releases: https://github.com/lightningnetwork/lnd/releases
### If you change here - make sure to also change interims version in lnd.update.sh #!
lndVersion="0.16.0-beta"
lndVersion="0.16.2-beta"
# olaoluwa
#PGPauthor="roasbeef"

1
home.admin/config.scripts/lndlibs/README.md
View file

@ -41,6 +41,7 @@ from . import walletunlocker_pb2 as walletunlocker__pb2
Make sure the first lines (ignore comments) of the `walletunlocker_pb2.py` look like the following for python3 compatibility:
```
from google.protobuf.internal import builder as _builder
from google.protobuf import descriptor as _descriptor
from google.protobuf import descriptor_pool as _descriptor_pool
from google.protobuf import message as _message

244
home.admin/config.scripts/lndlibs/lightning.proto
View file

@ -567,9 +567,42 @@ service Lightning {
/* lncli: `subscribecustom`
SubscribeCustomMessages subscribes to a stream of incoming custom peer
messages.
To include messages with type outside of the custom range (>= 32768) lnd
needs to be compiled with the `dev` build tag, and the message type to
override should be specified in lnd's experimental protocol configuration.
*/
rpc SubscribeCustomMessages (SubscribeCustomMessagesRequest)
returns (stream CustomMessage);
/* lncli: `listaliases`
ListAliases returns the set of all aliases that have ever existed with
their confirmed SCID (if it exists) and/or the base SCID (in the case of
zero conf).
*/
rpc ListAliases (ListAliasesRequest) returns (ListAliasesResponse);
/*
LookupHtlcResolution retrieves a final htlc resolution from the database.
If the htlc has no final resolution yet, a NotFound grpc status code is
returned.
*/
rpc LookupHtlcResolution (LookupHtlcResolutionRequest)
returns (LookupHtlcResolutionResponse);
}
message LookupHtlcResolutionRequest {
uint64 chan_id = 1;
uint64 htlc_index = 2;
}
message LookupHtlcResolutionResponse {
// Settled is true is the htlc was settled. If false, the htlc was failed.
bool settled = 1;
// Offchain indicates whether the htlc was resolved off-chain or on-chain.
bool offchain = 2;
}
message SubscribeCustomMessagesRequest {
@ -591,6 +624,9 @@ message SendCustomMessageRequest {
bytes peer = 1;
// Message type. This value needs to be in the custom range (>= 32768).
// To send a type < custom range, lnd needs to be compiled with the `dev`
// build tag, and the message type to override should be specified in lnd's
// experimental protocol configuration.
uint32 type = 2;
// Raw message data.
@ -630,6 +666,7 @@ enum OutputScriptType {
SCRIPT_TYPE_NULLDATA = 6;
SCRIPT_TYPE_NON_STANDARD = 7;
SCRIPT_TYPE_WITNESS_UNKNOWN = 8;
SCRIPT_TYPE_WITNESS_V1_TAPROOT = 9;
}
message OutputDetail {
@ -919,6 +956,14 @@ message ChannelAcceptRequest {
// The commitment type the initiator wishes to use for the proposed channel.
CommitmentType commitment_type = 14;
// Whether the initiator wants to open a zero-conf channel via the channel
// type.
bool wants_zero_conf = 15;
// Whether the initiator wants to use the scid-alias channel type. This is
// separate from the feature bit.
bool wants_scid_alias = 16;
}
message ChannelAcceptResponse {
@ -979,6 +1024,13 @@ message ChannelAcceptResponse {
The number of confirmations we require before we consider the channel open.
*/
uint32 min_accept_depth = 10;
/*
Whether the responder wants this to be a zero-conf channel. This will fail
if either side does not have the scid-alias feature bit set. The minimum
depth field must be zero if this is true.
*/
bool zero_conf = 11;
}
message ChannelPoint {
@ -1475,6 +1527,24 @@ message Channel {
// List constraints for the remote node.
ChannelConstraints remote_constraints = 30;
/*
This lists out the set of alias short channel ids that exist for a channel.
This may be empty.
*/
repeated uint64 alias_scids = 31;
// Whether or not this is a zero-conf channel.
bool zero_conf = 32;
// This is the confirmed / on-chain zero-conf SCID.
uint64 zero_conf_confirmed_scid = 33;
// The configured alias name of our peer.
string peer_alias = 34;
// This is the peer SCID alias.
uint64 peer_scid_alias = 35 [jstype = JS_STRING];
}
message ListChannelsRequest {
@ -1488,12 +1558,33 @@ message ListChannelsRequest {
empty, all channels will be returned.
*/
bytes peer = 5;
// Informs the server if the peer alias lookup per channel should be
// enabled. It is turned off by default in order to avoid degradation of
// performance for existing clients.
bool peer_alias_lookup = 6;
}
message ListChannelsResponse {
// The list of active channels
repeated Channel channels = 11;
}
message AliasMap {
/*
For non-zero-conf channels, this is the confirmed SCID. Otherwise, this is
the first assigned "base" alias.
*/
uint64 base_scid = 1;
// The set of all aliases stored for the base SCID.
repeated uint64 aliases = 2;
}
message ListAliasesRequest {
}
message ListAliasesResponse {
repeated AliasMap alias_maps = 1;
}
enum Initiator {
INITIATOR_UNKNOWN = 0;
INITIATOR_LOCAL = 1;
@ -1558,6 +1649,15 @@ message ChannelCloseSummary {
Initiator close_initiator = 12;
repeated Resolution resolutions = 13;
/*
This lists out the set of alias short channel ids that existed for the
closed channel. This may be empty.
*/
repeated uint64 alias_scids = 14;
// The confirmed SCID for a zero-conf channel.
uint64 zero_conf_confirmed_scid = 15 [jstype = JS_STRING];
}
enum ResolutionType {
@ -1831,6 +1931,9 @@ message GetInfoResponse {
Indicates whether the HTLC interceptor API is in always-on mode.
*/
bool require_htlc_interceptor = 21;
// Indicates whether final htlc resolutions are stored on disk.
bool store_final_htlc_resolutions = 22;
}
message GetRecoveryInfoRequest {
@ -1903,6 +2006,11 @@ message CloseChannelRequest {
// A manual fee rate set in sat/vbyte that should be used when crafting the
// closure transaction.
uint64 sat_per_vbyte = 6;
// The maximum fee rate the closer is willing to pay.
//
// NOTE: This field is only respected if we're the initiator of the channel.
uint64 max_fee_per_vbyte = 7;
}
message CloseStatusUpdate {
@ -2114,6 +2222,58 @@ message OpenChannelRequest {
the remote peer supports explicit channel negotiation.
*/
CommitmentType commitment_type = 18;
/*
If this is true, then a zero-conf channel open will be attempted.
*/
bool zero_conf = 19;
/*
If this is true, then an option-scid-alias channel-type open will be
attempted.
*/
bool scid_alias = 20;
/*
The base fee charged regardless of the number of milli-satoshis sent.
*/
uint64 base_fee = 21;
/*
The fee rate in ppm (parts per million) that will be charged in
proportion of the value of each forwarded HTLC.
*/
uint64 fee_rate = 22;
/*
If use_base_fee is true the open channel announcement will update the
channel base fee with the value specified in base_fee. In the case of
a base_fee of 0 use_base_fee is needed downstream to distinguish whether
to use the default base fee value specified in the config or 0.
*/
bool use_base_fee = 23;
/*
If use_fee_rate is true the open channel announcement will update the
channel fee rate with the value specified in fee_rate. In the case of
a fee_rate of 0 use_fee_rate is needed downstream to distinguish whether
to use the default fee rate value specified in the config or 0.
*/
bool use_fee_rate = 24;
/*
The number of satoshis we require the remote peer to reserve. This value,
if specified, must be above the dust limit and below 20% of the channel
capacity.
*/
uint64 remote_chan_reserve_sat = 25;
/*
If set, then lnd will attempt to commit all the coins under control of the
internal wallet to open the channel, and the LocalFundingAmount field must
be zero and is ignored.
*/
bool fund_max = 26;
}
message OpenStatusUpdate {
oneof update {
@ -2488,9 +2648,17 @@ message PendingChannelsResponse {
repeated PendingHTLC pending_htlcs = 8;
/*
There are three resolution states for the anchor:
limbo, lost and recovered. Derive the current state
from the limbo and recovered balances.
*/
enum AnchorState {
// The recovered_balance is zero and limbo_balance is non-zero.
LIMBO = 0;
// The recovered_balance is non-zero.
RECOVERED = 1;
// A state that is neither LIMBO nor RECOVERED.
LOST = 2;
}
@ -2936,6 +3104,9 @@ message LightningNode {
repeated NodeAddress addresses = 4;
string color = 5;
map<uint32, Feature> features = 6;
// Custom node announcement tlv records.
map<uint64, bytes> custom_records = 7;
}
message NodeAddress {
@ -2951,6 +3122,9 @@ message RoutingPolicy {
bool disabled = 5;
uint64 max_htlc_msat = 6;
uint32 last_update = 7;
// Custom channel update tlv records.
map<uint64, bytes> custom_records = 8;
}
/*
@ -2978,6 +3152,9 @@ message ChannelEdge {
RoutingPolicy node1_policy = 7;
RoutingPolicy node2_policy = 8;
// Custom channel announcement tlv records.
map<uint64, bytes> custom_records = 9;
}
message ChannelGraphRequest {
@ -3209,17 +3386,23 @@ message Invoice {
*/
int64 value_msat = 23;
// Whether this invoice has been fulfilled
/*
Whether this invoice has been fulfilled.
The field is deprecated. Use the state field instead (compare to SETTLED).
*/
bool settled = 6 [deprecated = true];
/*
When this invoice was created.
Measured in seconds since the unix epoch.
Note: Output only, don't specify for creating an invoice.
*/
int64 creation_date = 7;
/*
When this invoice was settled.
Measured in seconds since the unix epoch.
Note: Output only, don't specify for creating an invoice.
*/
int64 settle_date = 8;
@ -3240,7 +3423,7 @@ message Invoice {
*/
bytes description_hash = 10;
// Payment request expiry time in seconds. Default is 3600 (1 hour).
// Payment request expiry time in seconds. Default is 86400 (24 hours).
int64 expiry = 11;
// Fallback on-chain address.
@ -3256,6 +3439,8 @@ message Invoice {
repeated RouteHint route_hints = 14;
// Whether this invoice should include routing hints for private channels.
// Note: When enabled, if value and value_msat are zero, a large number of
// hints with these channels can be included, which might not be desirable.
bool private = 15;
/*
@ -3484,7 +3669,16 @@ message ListInvoiceRequest {
specified index offset. This can be used to paginate backwards.
*/
bool reversed = 6;
// If set, returns all invoices with a creation date greater than or equal
// to it. Measured in seconds since the unix epoch.
uint64 creation_date_start = 7;
// If set, returns all invoices with a creation date less than or equal to
// it. Measured in seconds since the unix epoch.
uint64 creation_date_end = 8;
}
message ListInvoiceResponse {
/*
A list of invoices from the time slice of the time series specified in the
@ -3683,6 +3877,14 @@ message ListPaymentsRequest {
of payments, as all of them have to be iterated through to be counted.
*/
bool count_total_payments = 5;
// If set, returns all invoices with a creation date greater than or equal
// to it. Measured in seconds since the unix epoch.
uint64 creation_date_start = 6;
// If set, returns all invoices with a creation date less than or equal to
// it. Measured in seconds since the unix epoch.
uint64 creation_date_end = 7;
}
message ListPaymentsResponse {
@ -3927,6 +4129,10 @@ message ForwardingHistoryRequest {
// The max number of events to return in the response to this query.
uint32 num_max_events = 4;
// Informs the server if the peer alias should be looked up for each
// forwarding event.
bool peer_alias_lookup = 5;
}
message ForwardingEvent {
// Timestamp is the time (unix epoch offset) that this circuit was
@ -3966,6 +4172,12 @@ message ForwardingEvent {
// circuit was completed.
uint64 timestamp_ns = 11;
// The peer alias of the incoming channel.
string peer_alias_in = 12;
// The peer alias of the outgoing channel.
string peer_alias_out = 13;
// TODO(roasbeef): add settlement latency?
// * use FPE on the chan id?
// * also list failures?
@ -4361,6 +4573,14 @@ message RPCMiddlewareRequest {
the same type, or replaced by an error message.
*/
RPCMessage response = 6;
/*
This is used to indicate to the client that the server has successfully
registered the interceptor. This is only used in the very first message
that the server sends to the client after the client sends the server
the middleware registration message.
*/
bool reg_complete = 8;
}
/*
@ -4398,7 +4618,8 @@ message RPCMessage {
/*
The full canonical gRPC name of the message type (in the format
<rpcpackage>.TypeName, for example lnrpc.GetInfoRequest).
<rpcpackage>.TypeName, for example lnrpc.GetInfoRequest). In case of an
error being returned from lnd, this simply contains the string "error".
*/
string type_name = 3;
@ -4407,6 +4628,13 @@ message RPCMessage {
format.
*/
bytes serialized = 4;
/*
Indicates that the response from lnd was an error, not a gRPC response. If
this is set to true then the type_name contains the string "error" and
serialized contains the error string.
*/
bool is_error = 5;
}
message RPCMiddlewareResponse {
@ -4483,18 +4711,16 @@ message InterceptFeedback {
string error = 1;
/*
A boolean indicating that the gRPC response should be replaced/overwritten.
As its name suggests, this can only be used as a feedback to an intercepted
response RPC message and is ignored for feedback on any other message. This
boolean is needed because in protobuf an empty message is serialized as a
0-length or nil byte slice and we wouldn't be able to distinguish between
A boolean indicating that the gRPC message should be replaced/overwritten.
This boolean is needed because in protobuf an empty message is serialized as
a 0-length or nil byte slice and we wouldn't be able to distinguish between
an empty replacement message and the "don't replace anything" case.
*/
bool replace_response = 2;
/*
If the replace_response field is set to true, this field must contain the
binary serialized gRPC response message in the protobuf format.
binary serialized gRPC message in the protobuf format.
*/
bytes replacement_serialized = 3;
}

2758
home.admin/config.scripts/lndlibs/lightning_pb2.py
View file

File diff suppressed because one or more lines are too long

79
home.admin/config.scripts/lndlibs/lightning_pb2_grpc.py
View file

@ -5,7 +5,6 @@ import grpc
from . import lightning_pb2 as lightning__pb2
class LightningStub(object):
"""
Comments in this file will be directly parsed into the API
@ -358,6 +357,16 @@ class LightningStub(object):
request_serializer=lightning__pb2.SubscribeCustomMessagesRequest.SerializeToString,
response_deserializer=lightning__pb2.CustomMessage.FromString,
)
self.ListAliases = channel.unary_unary(
'/lnrpc.Lightning/ListAliases',
request_serializer=lightning__pb2.ListAliasesRequest.SerializeToString,
response_deserializer=lightning__pb2.ListAliasesResponse.FromString,
)
self.LookupHtlcResolution = channel.unary_unary(
'/lnrpc.Lightning/LookupHtlcResolution',
request_serializer=lightning__pb2.LookupHtlcResolutionRequest.SerializeToString,
response_deserializer=lightning__pb2.LookupHtlcResolutionResponse.FromString,
)
class LightningServicer(object):
@ -1093,6 +1102,30 @@ class LightningServicer(object):
"""lncli: `subscribecustom`
SubscribeCustomMessages subscribes to a stream of incoming custom peer
messages.
To include messages with type outside of the custom range (>= 32768) lnd
needs to be compiled with the `dev` build tag, and the message type to
override should be specified in lnd's experimental protocol configuration.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
def ListAliases(self, request, context):
"""lncli: `listaliases`
ListAliases returns the set of all aliases that have ever existed with
their confirmed SCID (if it exists) and/or the base SCID (in the case of
zero conf).
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
raise NotImplementedError('Method not implemented!')
def LookupHtlcResolution(self, request, context):
"""
LookupHtlcResolution retrieves a final htlc resolution from the database.
If the htlc has no final resolution yet, a NotFound grpc status code is
returned.
"""
context.set_code(grpc.StatusCode.UNIMPLEMENTED)
context.set_details('Method not implemented!')
@ -1426,6 +1459,16 @@ def add_LightningServicer_to_server(servicer, server):
request_deserializer=lightning__pb2.SubscribeCustomMessagesRequest.FromString,
response_serializer=lightning__pb2.CustomMessage.SerializeToString,
),
'ListAliases': grpc.unary_unary_rpc_method_handler(
servicer.ListAliases,
request_deserializer=lightning__pb2.ListAliasesRequest.FromString,
response_serializer=lightning__pb2.ListAliasesResponse.SerializeToString,
),
'LookupHtlcResolution': grpc.unary_unary_rpc_method_handler(
servicer.LookupHtlcResolution,
request_deserializer=lightning__pb2.LookupHtlcResolutionRequest.FromString,
response_serializer=lightning__pb2.LookupHtlcResolutionResponse.SerializeToString,
),
}
generic_handler = grpc.method_handlers_generic_handler(
'lnrpc.Lightning', rpc_method_handlers)
@ -2558,3 +2601,37 @@ class Lightning(object):
lightning__pb2.CustomMessage.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
@staticmethod
def ListAliases(request,
target,
options=(),
channel_credentials=None,
call_credentials=None,
insecure=False,
compression=None,
wait_for_ready=None,
timeout=None,
metadata=None):
return grpc.experimental.unary_unary(request, target, '/lnrpc.Lightning/ListAliases',
lightning__pb2.ListAliasesRequest.SerializeToString,
lightning__pb2.ListAliasesResponse.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
@staticmethod
def LookupHtlcResolution(request,
target,
options=(),
channel_credentials=None,
call_credentials=None,
insecure=False,
compression=None,
wait_for_ready=None,
timeout=None,
metadata=None):
return grpc.experimental.unary_unary(request, target, '/lnrpc.Lightning/LookupHtlcResolution',
lightning__pb2.LookupHtlcResolutionRequest.SerializeToString,
lightning__pb2.LookupHtlcResolutionResponse.FromString,
options, channel_credentials,
insecure, call_credentials, compression, wait_for_ready, timeout, metadata)

7
home.admin/config.scripts/lndlibs/walletunlocker.proto
View file

@ -185,6 +185,13 @@ message InitWalletRequest {
corresponding private keys and can serve signing RPC requests.
*/
WatchOnly watch_only = 9;
/*
macaroon_root_key is an optional 32 byte macaroon root key that can be
provided when initializing the wallet rather than letting lnd generate one
on its own.
*/
bytes macaroon_root_key = 10;
}
message InitWalletResponse {
/*

122
home.admin/config.scripts/lndlibs/walletunlocker_pb2.py
View file

@ -2,6 +2,7 @@
# Generated by the protocol buffer compiler. DO NOT EDIT!
# source: walletunlocker.proto
"""Generated protocol buffer code."""
from google.protobuf.internal import builder as _builder
from google.protobuf import descriptor as _descriptor
from google.protobuf import descriptor_pool as _descriptor_pool
from google.protobuf import message as _message
@ -15,91 +16,10 @@ _sym_db = _symbol_database.Default()
from . import lightning_pb2 as lightning__pb2
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14walletunlocker.proto\x12\x05lnrpc\x1a\x0flightning.proto\"A\n\x0eGenSeedRequest\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x01 \x01(\x0c\x12\x14\n\x0cseed_entropy\x18\x02 \x01(\x0c\"H\n\x0fGenSeedResponse\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x01 \x03(\t\x12\x17\n\x0f\x65nciphered_seed\x18\x02 \x01(\x0c\"\xbd\x02\n\x11InitWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x02 \x03(\t\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x03 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x04 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x05 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x06 \x01(\x08\x12\x1b\n\x13\x65xtended_master_key\x18\x07 \x01(\t\x12.\n&extended_master_key_birthday_timestamp\x18\x08 \x01(\x04\x12$\n\nwatch_only\x18\t \x01(\x0b\x32\x10.lnrpc.WatchOnly\",\n\x12InitWalletResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\"}\n\tWatchOnly\x12%\n\x1dmaster_key_birthday_timestamp\x18\x01 \x01(\x04\x12\x1e\n\x16master_key_fingerprint\x18\x02 \x01(\x0c\x12)\n\x08\x61\x63\x63ounts\x18\x03 \x03(\x0b\x32\x17.lnrpc.WatchOnlyAccount\"U\n\x10WatchOnlyAccount\x12\x0f\n\x07purpose\x18\x01 \x01(\r\x12\x11\n\tcoin_type\x18\x02 \x01(\r\x12\x0f\n\x07\x61\x63\x63ount\x18\x03 \x01(\r\x12\x0c\n\x04xpub\x18\x04 \x01(\t\"\x93\x01\n\x13UnlockWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x02 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x03 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x04 \x01(\x08\"\x16\n\x14UnlockWalletResponse\"~\n\x15\x43hangePasswordRequest\x12\x18\n\x10\x63urrent_password\x18\x01 \x01(\x0c\x12\x14\n\x0cnew_password\x18\x02 \x01(\x0c\x12\x16\n\x0estateless_init\x18\x03 \x01(\x08\x12\x1d\n\x15new_macaroon_root_key\x18\x04 \x01(\x08\"0\n\x16\x43hangePasswordResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\x32\xa5\x02\n\x0eWalletUnlocker\x12\x38\n\x07GenSeed\x12\x15.lnrpc.GenSeedRequest\x1a\x16.lnrpc.GenSeedResponse\x12\x41\n\nInitWallet\x12\x18.lnrpc.InitWalletRequest\x1a\x19.lnrpc.InitWalletResponse\x12G\n\x0cUnlockWallet\x12\x1a.lnrpc.UnlockWalletRequest\x1a\x1b.lnrpc.UnlockWalletResponse\x12M\n\x0e\x43hangePassword\x12\x1c.lnrpc.ChangePasswordRequest\x1a\x1d.lnrpc.ChangePasswordResponseB\'Z%github.com/lightningnetwork/lnd/lnrpcb\x06proto3')
DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14walletunlocker.proto\x12\x05lnrpc\x1a\x0flightning.proto\"A\n\x0eGenSeedRequest\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x01 \x01(\x0c\x12\x14\n\x0cseed_entropy\x18\x02 \x01(\x0c\"H\n\x0fGenSeedResponse\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x01 \x03(\t\x12\x17\n\x0f\x65nciphered_seed\x18\x02 \x01(\x0c\"\xd8\x02\n\x11InitWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x02 \x03(\t\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x03 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x04 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x05 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x06 \x01(\x08\x12\x1b\n\x13\x65xtended_master_key\x18\x07 \x01(\t\x12.\n&extended_master_key_birthday_timestamp\x18\x08 \x01(\x04\x12$\n\nwatch_only\x18\t \x01(\x0b\x32\x10.lnrpc.WatchOnly\x12\x19\n\x11macaroon_root_key\x18\n \x01(\x0c\",\n\x12InitWalletResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\"}\n\tWatchOnly\x12%\n\x1dmaster_key_birthday_timestamp\x18\x01 \x01(\x04\x12\x1e\n\x16master_key_fingerprint\x18\x02 \x01(\x0c\x12)\n\x08\x61\x63\x63ounts\x18\x03 \x03(\x0b\x32\x17.lnrpc.WatchOnlyAccount\"U\n\x10WatchOnlyAccount\x12\x0f\n\x07purpose\x18\x01 \x01(\r\x12\x11\n\tcoin_type\x18\x02 \x01(\r\x12\x0f\n\x07\x61\x63\x63ount\x18\x03 \x01(\r\x12\x0c\n\x04xpub\x18\x04 \x01(\t\"\x93\x01\n\x13UnlockWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x02 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x03 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x04 \x01(\x08\"\x16\n\x14UnlockWalletResponse\"~\n\x15\x43hangePasswordRequest\x12\x18\n\x10\x63urrent_password\x18\x01 \x01(\x0c\x12\x14\n\x0cnew_password\x18\x02 \x01(\x0c\x12\x16\n\x0estateless_init\x18\x03 \x01(\x08\x12\x1d\n\x15new_macaroon_root_key\x18\x04 \x01(\x08\"0\n\x16\x43hangePasswordResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\x32\xa5\x02\n\x0eWalletUnlocker\x12\x38\n\x07GenSeed\x12\x15.lnrpc.GenSeedRequest\x1a\x16.lnrpc.GenSeedResponse\x12\x41\n\nInitWallet\x12\x18.lnrpc.InitWalletRequest\x1a\x19.lnrpc.InitWalletResponse\x12G\n\x0cUnlockWallet\x12\x1a.lnrpc.UnlockWalletRequest\x1a\x1b.lnrpc.UnlockWalletResponse\x12M\n\x0e\x43hangePassword\x12\x1c.lnrpc.ChangePasswordRequest\x1a\x1d.lnrpc.ChangePasswordResponseB\'Z%github.com/lightningnetwork/lnd/lnrpcb\x06proto3')
_GENSEEDREQUEST = DESCRIPTOR.message_types_by_name['GenSeedRequest']
_GENSEEDRESPONSE = DESCRIPTOR.message_types_by_name['GenSeedResponse']
_INITWALLETREQUEST = DESCRIPTOR.message_types_by_name['InitWalletRequest']
_INITWALLETRESPONSE = DESCRIPTOR.message_types_by_name['InitWalletResponse']
_WATCHONLY = DESCRIPTOR.message_types_by_name['WatchOnly']
_WATCHONLYACCOUNT = DESCRIPTOR.message_types_by_name['WatchOnlyAccount']
_UNLOCKWALLETREQUEST = DESCRIPTOR.message_types_by_name['UnlockWalletRequest']
_UNLOCKWALLETRESPONSE = DESCRIPTOR.message_types_by_name['UnlockWalletResponse']
_CHANGEPASSWORDREQUEST = DESCRIPTOR.message_types_by_name['ChangePasswordRequest']
_CHANGEPASSWORDRESPONSE = DESCRIPTOR.message_types_by_name['ChangePasswordResponse']
GenSeedRequest = _reflection.GeneratedProtocolMessageType('GenSeedRequest', (_message.Message,), {
'DESCRIPTOR' : _GENSEEDREQUEST,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.GenSeedRequest)
})
_sym_db.RegisterMessage(GenSeedRequest)
GenSeedResponse = _reflection.GeneratedProtocolMessageType('GenSeedResponse', (_message.Message,), {
'DESCRIPTOR' : _GENSEEDRESPONSE,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.GenSeedResponse)
})
_sym_db.RegisterMessage(GenSeedResponse)
InitWalletRequest = _reflection.GeneratedProtocolMessageType('InitWalletRequest', (_message.Message,), {
'DESCRIPTOR' : _INITWALLETREQUEST,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.InitWalletRequest)
})
_sym_db.RegisterMessage(InitWalletRequest)
InitWalletResponse = _reflection.GeneratedProtocolMessageType('InitWalletResponse', (_message.Message,), {
'DESCRIPTOR' : _INITWALLETRESPONSE,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.InitWalletResponse)
})
_sym_db.RegisterMessage(InitWalletResponse)
WatchOnly = _reflection.GeneratedProtocolMessageType('WatchOnly', (_message.Message,), {
'DESCRIPTOR' : _WATCHONLY,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.WatchOnly)
})
_sym_db.RegisterMessage(WatchOnly)
WatchOnlyAccount = _reflection.GeneratedProtocolMessageType('WatchOnlyAccount', (_message.Message,), {
'DESCRIPTOR' : _WATCHONLYACCOUNT,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.WatchOnlyAccount)
})
_sym_db.RegisterMessage(WatchOnlyAccount)
UnlockWalletRequest = _reflection.GeneratedProtocolMessageType('UnlockWalletRequest', (_message.Message,), {
'DESCRIPTOR' : _UNLOCKWALLETREQUEST,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.UnlockWalletRequest)
})
_sym_db.RegisterMessage(UnlockWalletRequest)
UnlockWalletResponse = _reflection.GeneratedProtocolMessageType('UnlockWalletResponse', (_message.Message,), {
'DESCRIPTOR' : _UNLOCKWALLETRESPONSE,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.UnlockWalletResponse)
})
_sym_db.RegisterMessage(UnlockWalletResponse)
ChangePasswordRequest = _reflection.GeneratedProtocolMessageType('ChangePasswordRequest', (_message.Message,), {
'DESCRIPTOR' : _CHANGEPASSWORDREQUEST,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.ChangePasswordRequest)
})
_sym_db.RegisterMessage(ChangePasswordRequest)
ChangePasswordResponse = _reflection.GeneratedProtocolMessageType('ChangePasswordResponse', (_message.Message,), {
'DESCRIPTOR' : _CHANGEPASSWORDRESPONSE,
'__module__' : 'walletunlocker_pb2'
# @@protoc_insertion_point(class_scope:lnrpc.ChangePasswordResponse)
})
_sym_db.RegisterMessage(ChangePasswordResponse)
_WALLETUNLOCKER = DESCRIPTOR.services_by_name['WalletUnlocker']
_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'walletunlocker_pb2', globals())
if _descriptor._USE_C_DESCRIPTORS == False:
DESCRIPTOR._options = None
@ -109,21 +29,21 @@ if _descriptor._USE_C_DESCRIPTORS == False:
_GENSEEDRESPONSE._serialized_start=115
_GENSEEDRESPONSE._serialized_end=187
_INITWALLETREQUEST._serialized_start=190
_INITWALLETREQUEST._serialized_end=507
_INITWALLETRESPONSE._serialized_start=509
_INITWALLETRESPONSE._serialized_end=553
_WATCHONLY._serialized_start=555
_WATCHONLY._serialized_end=680
_WATCHONLYACCOUNT._serialized_start=682
_WATCHONLYACCOUNT._serialized_end=767
_UNLOCKWALLETREQUEST._serialized_start=770
_UNLOCKWALLETREQUEST._serialized_end=917
_UNLOCKWALLETRESPONSE._serialized_start=919
_UNLOCKWALLETRESPONSE._serialized_end=941
_CHANGEPASSWORDREQUEST._serialized_start=943
_CHANGEPASSWORDREQUEST._serialized_end=1069
_CHANGEPASSWORDRESPONSE._serialized_start=1071
_CHANGEPASSWORDRESPONSE._serialized_end=1119
_WALLETUNLOCKER._serialized_start=1122
_WALLETUNLOCKER._serialized_end=1415
_INITWALLETREQUEST._serialized_end=534
_INITWALLETRESPONSE._serialized_start=536
_INITWALLETRESPONSE._serialized_end=580
_WATCHONLY._serialized_start=582
_WATCHONLY._serialized_end=707
_WATCHONLYACCOUNT._serialized_start=709
_WATCHONLYACCOUNT._serialized_end=794
_UNLOCKWALLETREQUEST._serialized_start=797
_UNLOCKWALLETREQUEST._serialized_end=944
_UNLOCKWALLETRESPONSE._serialized_start=946
_UNLOCKWALLETRESPONSE._serialized_end=968
_CHANGEPASSWORDREQUEST._serialized_start=970
_CHANGEPASSWORDREQUEST._serialized_end=1096
_CHANGEPASSWORDRESPONSE._serialized_start=1098
_CHANGEPASSWORDRESPONSE._serialized_end=1146
_WALLETUNLOCKER._serialized_start=1149
_WALLETUNLOCKER._serialized_end=1442
# @@protoc_insertion_point(module_scope)

1
home.admin/config.scripts/lndlibs/walletunlocker_pb2_grpc.py
View file

@ -5,7 +5,6 @@ import grpc
from . import walletunlocker_pb2 as walletunlocker__pb2
class WalletUnlockerStub(object):
"""
Comments in this file will be directly parsed into the API