Merge pull request #3782 from rootzoll/dev

merge v1.9.0rc4
2025-03-01 00:59:23 +01:00 · 2023-05-03 23:06:15 +02:00 · 2023-05-03 23:06:15 +02:00 · 4af7fa5d94
commit 4af7fa5d94
parent d03f245bca 4cbdde88c2
29 changed files with 1200 additions and 2775 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -8,28 +8,29 @@
 - New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087)
 - New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry)
 - New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot)
- New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333)
+- New: ↬lnproxy cli shortcut and server [details](https://github.com/lnproxy)
 - New: Homebanking Interface FinTS/HBCI (experimental) [details](https://github.com/rootzoll/raspiblitz/issues/1186)
 - New on WebUI: Jam (JoinMarket Web UI) v0.1.5 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.5)
 - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md)
- Update: LND v0.16.0-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.0-beta)
+- Update: LND v0.16.2-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.2-beta)
- Update: Core Lightning v23.02 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02)
+- Update: Core Lightning v23.02.2 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02.2)
 - Update: C-lightningREST v0.10.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.2)
 - Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
 - Update: Lightning Terminal v0.8.6-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.6-alpha)
 - Update: RTL v0.13.6 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.13.6)
 - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
 - Update: LNbits 0.10.2 [details](https://github.com/lnbits/lnbits/releases/tag/0.10.2)
- Update: BTCPayServer 1.8.2 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.8.2)
+- Update: BTCPayServer 1.9.1 (postgres by default with sqlite migration) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.9.1)
 - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0)
 - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5)
 - Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9)
- Update: JoininBox v0.7.6 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.6)
+- Update: JoininBox v0.7.7 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.7)
 - Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150)
 - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage)
 - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
 - Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez)
 - Update: Tallycoin Connect v1.8.0 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.8.0)
 - Update: Fulcrum install script (CLI only) v1.9.1 [details](https://github.com/cculianu/Fulcrum/releases/tag/v1.9.1)
 - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file)
 - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
 - Info: IP2Tor fix fulmo shop & added new ip2tor.com shop
@ -64,7 +65,7 @@
 - Update: C-lightningREST v0.7.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.7.2)
 - Update: CLBOSS 0.13A [details](https://github.com/ZmnSCPxj/clboss/releases/tag/0.13A)
 - Update: Channel Tools (chantools) v0.10.4 [details](https://github.com/guggero/chantools/blob/master/README.md)
- Update: Lightning Terminal v0.7.0-alpha with Lightning Node Connect over Tor [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.7.0-alpha)
+- Update: Lightning Terminal v0.9.2-alpha with Lightning Node Connect over Tor [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.9.2-alpha)
 - Update: JoinMarket v0.9.6 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.6)
 - Update: JoininBox v0.6.8 [details](https://github.com/openoms/joininbox/releases/tag/v0.6.8)
 - Update: JoinMarket Web UI (Jam) v0.0.9 (CLI install script) [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.0.9)
--- a/README.md
+++ b/README.md
@ -3,7 +3,7 @@
 _Build your own Lightning & Bitcoin Fullnode on a RaspberryPi with an optional Display._
-`Version 1.9.0RC2 with bitcoin 24.0.1, lnd 0.15.5 & Core Lightning 22.11.1` ([api](https://github.com/fusion44/blitz_api)|[web](https://github.com/cstenglein/raspiblitz-web))
+`Version 1.9.0RC2 with bitcoin 24.0.1, lnd 0.16.2 & Core Lightning 23.02` ([api](https://github.com/fusion44/blitz_api)|[web](https://github.com/cstenglein/raspiblitz-web))
 ![RaspiBlitz](pictures/raspiblitz.jpg)
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -48,6 +48,12 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
  usage
 fi
 # check if started with sudo
 if [ "$EUID" -ne 0 ]; then 
  echo "error='run as root / may use sudo'"
  exit 1
 fi
 if [ "$1" = "-EXPORT" ] || [ "$1" = "EXPORT" ]; then
  cd /home/admin/raspiblitz 2>/dev/null
  activeBranch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
@ -143,7 +149,7 @@ range_argument(){
 }
 apt_install(){
-    sudo apt install -y ${@}
+    apt install -y ${@}
    if [ $? -eq 100 ]; then
        echo "FAIL! apt failed to install needed packages!"
        echo ${@}
@ -159,7 +165,7 @@ done
 ## if any of the required programs are not installed, update and if successfull, install packages
 if [ -n "${general_utils_install}" ]; then
  echo -e "\n*** SOFTWARE UPDATE ***"
-  sudo apt update -y || exit 1
+  apt update -y || exit 1
  apt_install ${general_utils_install}
 fi
@ -274,17 +280,17 @@ sleep 3 ## give time to cancel
 export DEBIAN_FRONTEND=noninteractive
 echo "*** Prevent sleep ***" # on all platforms https://wiki.debian.org/Suspend
-sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
+systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
-sudo mkdir /etc/systemd/sleep.conf.d
+mkdir /etc/systemd/sleep.conf.d
 echo "[Sleep]
 AllowSuspend=no
 AllowHibernation=no
 AllowSuspendThenHibernate=no
-AllowHybridSleep=no" | sudo tee /etc/systemd/sleep.conf.d/nosuspend.conf
+AllowHybridSleep=no" | tee /etc/systemd/sleep.conf.d/nosuspend.conf
-sudo mkdir /etc/systemd/logind.conf.d
+mkdir /etc/systemd/logind.conf.d
 echo "[Login]
 HandleLidSwitch=ignore
-HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.conf
+HandleLidSwitchDocked=ignore" | tee /etc/systemd/logind.conf.d/nosuspend.conf
 # FIXING LOCALES
 # https://github.com/rootzoll/raspiblitz/issues/138
@ -293,25 +299,25 @@ HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.co
 if [ "${baseimage}" = "raspios_arm64" ]||[ "${baseimage}" = "debian_rpi64" ]||[ "${baseimage}" = "armbian" ]; then
  echo -e "\n*** FIXING LOCALES FOR BUILD ***"
-  sudo sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
+  sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
-  sudo sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
+  sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
-  sudo locale-gen
+  locale-gen
  export LANGUAGE=en_US.UTF-8
  export LANG=en_US.UTF-8
  if [ ! -f /etc/apt/sources.list.d/raspi.list ]; then
    echo "# Add the archive.raspberrypi.org/debian/ to the sources.list"
-    echo "deb http://archive.raspberrypi.org/debian/ bullseye main" | sudo tee /etc/apt/sources.list.d/raspi.list
+    echo "deb http://archive.raspberrypi.org/debian/ bullseye main" | tee /etc/apt/sources.list.d/raspi.list
  fi
 fi
 echo "*** Remove unnecessary packages ***"
-sudo apt remove --purge -y libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi plymouth python2 vlc* cups
+apt remove --purge -y libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi plymouth python2 vlc* cups
-sudo apt clean -y
+apt clean -y
-sudo apt autoremove -y
+apt autoremove -y
 echo -e "\n*** UPDATE Debian***"
-sudo apt update -y
+apt update -y
-sudo apt upgrade -f -y
+apt upgrade -f -y
 echo -e "\n*** SOFTWARE UPDATE ***"
 # based on https://raspibolt.org/system-configuration.html#system-update
@ -342,23 +348,23 @@ server_utils="rsync net-tools xxd netcat openssh-client openssh-sftp-server sshp
 [ "${architecture}" = "amd64" ] && amd64_dependencies="network-manager" # add amd64 dependency
 apt_install ${general_utils} ${python_dependencies} ${server_utils} ${armbian_dependencies} ${amd64_dependencies}
-sudo apt clean -y
+apt clean -y
-sudo apt autoremove -y
+apt autoremove -y
 echo -e "\n*** Python DEFAULT libs & dependencies ***"
 if [ -f "/usr/bin/python3.9" ]; then
  # use python 3.9 if available
-  sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
+  update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
  echo "python calls python3.9"
 elif [ -f "/usr/bin/python3.10" ]; then
  # use python 3.10 if available
-  sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.10 1
+  update-alternatives --install /usr/bin/python python /usr/bin/python3.10 1
-  sudo ln -s /usr/bin/python3.10 /usr/bin/python3.9
+  ln -s /usr/bin/python3.10 /usr/bin/python3.9
  echo "python calls python3.10"
 elif [ -f "/usr/bin/python3.8" ]; then
  # use python 3.8 if available
-  sudo update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
+  update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
  echo "python calls python3.8"
 else
  echo "# FAIL #"
@ -367,7 +373,7 @@ else
 fi
 # make sure /usr/bin/pip exists (and calls pip3 in Debian Buster)
-sudo update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
+update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
 # 1. libs (for global python scripts)
 # grpcio==1.42.0 googleapis-common-protos==1.53.0 toml==0.10.2 j2cli==0.3.10 requests[socks]==2.21.0
 # 2. For TorBox bridges python scripts (pip3) https://github.com/radio24/TorBox/blob/master/requirements.txt
@ -383,8 +389,8 @@ echo -e "\n*** PREPARE ${baseimage} ***"
 # make sure the pi user is present
 if [ "$(compgen -u | grep -c pi)" -eq 0 ];then
  echo "# Adding the user pi"
-  sudo adduser --disabled-password --gecos "" pi
+  adduser --disabled-password --gecos "" pi
-  sudo adduser pi sudo
+  adduser pi sudo
 fi
 # special prepare when Raspbian
@ -393,12 +399,12 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
  echo -e "\n*** PREPARE RASPBERRY OS VARIANTS ***"
  apt_install raspi-config
  # do memory split (16MB)
-  sudo raspi-config nonint do_memory_split 16
+  raspi-config nonint do_memory_split 16
  # set to wait until network is available on boot (0 seems to yes)
-  sudo raspi-config nonint do_boot_wait 0
+  raspi-config nonint do_boot_wait 0
  # set WIFI country so boot does not block
  # this will undo the softblock of rfkill on RaspiOS
-  [ "${wifi_region}" != "off" ] && sudo raspi-config nonint do_wifi_country $wifi_region
+  [ "${wifi_region}" != "off" ] && raspi-config nonint do_wifi_country $wifi_region
  # see https://github.com/rootzoll/raspiblitz/issues/428#issuecomment-472822840
  configFile="/boot/config.txt"
@ -406,9 +412,9 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
  max_usb_currentDone=$(grep -c "$max_usb_current" $configFile)
  if [ ${max_usb_currentDone} -eq 0 ]; then
-    echo | sudo tee -a $configFile
+    echo | tee -a $configFile
-    echo "# Raspiblitz" | sudo tee -a $configFile
+    echo "# Raspiblitz" | tee -a $configFile
-    echo "$max_usb_current" | sudo tee -a $configFile
+    echo "$max_usb_current" | tee -a $configFile
  else
    echo "$max_usb_current already in $configFile"
  fi
@ -416,10 +422,10 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
  # run fsck on sd root partition on every startup to prevent "maintenance login" screen
  # see: https://github.com/rootzoll/raspiblitz/issues/782#issuecomment-564981630
  # see https://github.com/rootzoll/raspiblitz/issues/1053#issuecomment-600878695
-  # use command to check last fsck check: sudo tune2fs -l /dev/mmcblk0p2
+  # use command to check last fsck check: tune2fs -l /dev/mmcblk0p2
  if [ "${tweak_boot_drive}" == "true" ]; then
    echo "* running tune2fs"
-    sudo tune2fs -c 1 /dev/mmcblk0p2
+    tune2fs -c 1 /dev/mmcblk0p2
  else
    echo "* skipping tweak_boot_drive"
  fi
@ -432,13 +438,13 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
  fsOption2InFile=$(grep -c ${fsOption2} ${kernelOptionsFile})
  if [ ${fsOption1InFile} -eq 0 ]; then
-    sudo sed -i "s/^/$fsOption1 /g" "$kernelOptionsFile"
+    sed -i "s/^/$fsOption1 /g" "$kernelOptionsFile"
    echo "$fsOption1 added to $kernelOptionsFile"
  else
    echo "$fsOption1 already in $kernelOptionsFile"
  fi
  if [ ${fsOption2InFile} -eq 0 ]; then
-    sudo sed -i "s/^/$fsOption2 /g" "$kernelOptionsFile"
+    sed -i "s/^/$fsOption2 /g" "$kernelOptionsFile"
    echo "$fsOption2 added to $kernelOptionsFile"
  else
    echo "$fsOption2 already in $kernelOptionsFile"
@ -448,15 +454,15 @@ fi
 # special prepare when Nvidia Jetson Nano
 if [ $(uname -a | grep -c 'tegra') -gt 0 ] ; then
  echo "Nvidia --> disable GUI on boot"
-  sudo systemctl set-default multi-user.target
+  systemctl set-default multi-user.target
 fi
 echo -e "\n*** CONFIG ***"
 # based on https://raspibolt.github.io/raspibolt/raspibolt_20_pi.html#raspi-config
 # set new default password for root user
-echo "root:raspiblitz" | sudo chpasswd
+echo "root:raspiblitz" | chpasswd
-echo "pi:raspiblitz" | sudo chpasswd
+echo "pi:raspiblitz" | chpasswd
 # prepare auto-start of 00infoLCD.sh script on pi user login (just kicks in if auto-login of pi is activated in HDMI or LCD mode)
 if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ] || \
@ -467,10 +473,10 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ] |
    # bash autostart for pi
    # run as exec to dont allow easy physical access by keyboard
    # see https://github.com/rootzoll/raspiblitz/issues/54
-    sudo bash -c 'echo "# automatic start the LCD info loop" >> /home/pi/.bashrc'
+    bash -c 'echo "# automatic start the LCD info loop" >> /home/pi/.bashrc'
-    sudo bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/pi/.bashrc'
+    bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/pi/.bashrc'
-    sudo bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/pi/.bashrc'
+    bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/pi/.bashrc'
-    sudo bash -c 'echo "exec \$SCRIPT" >> /home/pi/.bashrc'
+    bash -c 'echo "exec \$SCRIPT" >> /home/pi/.bashrc'
    echo "autostart LCD added to $homeFile"
  else
    echo "autostart LCD already in $homeFile"
@ -480,8 +486,8 @@ else
 fi
 # limit journald system use
-sudo sed -i "s/^#SystemMaxUse=.*/SystemMaxUse=250M/g" /etc/systemd/journald.conf
+sed -i "s/^#SystemMaxUse=.*/SystemMaxUse=250M/g" /etc/systemd/journald.conf
-sudo sed -i "s/^#SystemMaxFileSize=.*/SystemMaxFileSize=50M/g" /etc/systemd/journald.conf
+sed -i "s/^#SystemMaxFileSize=.*/SystemMaxFileSize=50M/g" /etc/systemd/journald.conf
 # change log rotates
 # see https://github.com/rootzoll/raspiblitz/issues/394#issuecomment-471535483
@ -549,25 +555,25 @@ echo "
    invoke-rc.d rsyslog rotate > /dev/null
  endscript
 }
-" | sudo tee ./rsyslog
+" | tee ./rsyslog
-sudo mv ./rsyslog /etc/logrotate.d/rsyslog
+mv ./rsyslog /etc/logrotate.d/rsyslog
-sudo chown root:root /etc/logrotate.d/rsyslog
+chown root:root /etc/logrotate.d/rsyslog
-sudo service rsyslog restart
+service rsyslog restart
 echo -e "\n*** ADDING MAIN USER admin ***"
 # based on https://raspibolt.org/system-configuration.html#add-users
 # using the default password 'raspiblitz'
-sudo adduser --disabled-password --gecos "" admin
+adduser --disabled-password --gecos "" admin
-echo "admin:raspiblitz" | sudo chpasswd
+echo "admin:raspiblitz" | chpasswd
-sudo adduser admin sudo
+adduser admin sudo
-sudo chsh admin -s /bin/bash
+chsh admin -s /bin/bash
 # configure sudo for usage without password entry
 echo '%sudo ALL=(ALL) NOPASSWD:ALL' | sudo EDITOR='tee -a' visudo
 # check if group "admin" was created
 if [ $(sudo cat /etc/group | grep -c "^admin") -lt 1 ]; then
  echo -e "\nMissing group admin - creating it ..."
-  sudo /usr/sbin/groupadd --force --gid 1002 admin
+  /usr/sbin/groupadd --force --gid 1002 admin
-  sudo usermod -a -G admin admin
+  usermod -a -G admin admin
 else
  echo -e "\nOK group admin exists"
 fi
@ -575,31 +581,31 @@ fi
 echo -e "\n*** ADDING SERVICE USER bitcoin"
 # based on https://raspibolt.org/guide/raspberry-pi/system-configuration.html
 # create user and set default password for user
-sudo adduser --disabled-password --gecos "" bitcoin
+adduser --disabled-password --gecos "" bitcoin
-echo "bitcoin:raspiblitz" | sudo chpasswd
+echo "bitcoin:raspiblitz" | chpasswd
 # make home directory readable
-sudo chmod 755 /home/bitcoin
+chmod 755 /home/bitcoin
 # WRITE BASIC raspiblitz.info to sdcard
 # if further info gets added .. make sure to keep that on: blitz.preparerelease.sh
-sudo touch /home/admin/raspiblitz.info
+touch /home/admin/raspiblitz.info
 echo "baseimage=${baseimage}" | tee raspiblitz.info
 echo "cpu=${cpu}" | tee -a raspiblitz.info
 echo "displayClass=headless" | tee -a raspiblitz.info
-sudo mv raspiblitz.info /home/admin/
+mv raspiblitz.info /home/admin/
-sudo chmod 755 /home/admin/raspiblitz.info
+chmod 755 /home/admin/raspiblitz.info
-sudo chown admin:admin /home/admin/raspiblitz.info
+chown admin:admin /home/admin/raspiblitz.info
 echo -e "\n*** ADDING GROUPS FOR CREDENTIALS STORE ***"
 # access to credentials (e.g. macaroon files) in a central location is managed with unix groups and permissions
-sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
+/usr/sbin/groupadd --force --gid 9700 lndadmin
-sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
+/usr/sbin/groupadd --force --gid 9701 lndinvoice
-sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
+/usr/sbin/groupadd --force --gid 9702 lndreadonly
-sudo /usr/sbin/groupadd --force --gid 9703 lndinvoices
+/usr/sbin/groupadd --force --gid 9703 lndinvoices
-sudo /usr/sbin/groupadd --force --gid 9704 lndchainnotifier
+/usr/sbin/groupadd --force --gid 9704 lndchainnotifier
-sudo /usr/sbin/groupadd --force --gid 9705 lndsigner
+/usr/sbin/groupadd --force --gid 9705 lndsigner
-sudo /usr/sbin/groupadd --force --gid 9706 lndwalletkit
+/usr/sbin/groupadd --force --gid 9706 lndwalletkit
-sudo /usr/sbin/groupadd --force --gid 9707 lndrouter
+/usr/sbin/groupadd --force --gid 9707 lndrouter
 echo -e "\n*** SHELL SCRIPTS & ASSETS ***"
 # copy raspiblitz repo from github
@ -629,10 +635,10 @@ file="/home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py"
 ! grep -Eq "^from . import.*" "${file}" && sed -i -E 's/^(import.*_pb2)/from . \1/' "${file}"
 # add /sbin to path for all
-sudo bash -c "echo 'PATH=\$PATH:/sbin' >> /etc/profile"
+bash -c "echo 'PATH=\$PATH:/sbin' >> /etc/profile"
 # replace boot splash image when raspbian
-[ "${baseimage}" = "raspios_arm64" ] && { echo "* replacing boot splash"; sudo cp /home/admin/raspiblitz/pictures/splash.png /usr/share/plymouth/themes/pix/splash.png; }
+[ -d /usr/share/plymouth ] && [ "${baseimage}" = "raspios_arm64" ] && { echo "* replacing boot splash"; cp /home/admin/raspiblitz/pictures/splash.png /usr/share/plymouth/themes/pix/splash.png; }
 echo -e "\n*** RASPIBLITZ EXTRAS ***"
@ -641,26 +647,26 @@ echo -e "\n*** RASPIBLITZ EXTRAS ***"
 # fzf install a command-line fuzzy finder (https://github.com/junegunn/fzf)
 apt_install tmux screen fzf
-sudo bash -c "echo '' >> /home/admin/.bashrc"
+bash -c "echo '' >> /home/admin/.bashrc"
-sudo bash -c "echo '# https://github.com/rootzoll/raspiblitz/issues/1784' >> /home/admin/.bashrc"
+bash -c "echo '# https://github.com/rootzoll/raspiblitz/issues/1784' >> /home/admin/.bashrc"
-sudo bash -c "echo 'NG_CLI_ANALYTICS=ci' >> /home/admin/.bashrc"
+bash -c "echo 'NG_CLI_ANALYTICS=ci' >> /home/admin/.bashrc"
 # raspiblitz custom command prompt #2400
 if ! grep -Eq "^[[:space:]]*PS1.*₿" /home/admin/.bashrc; then
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i # raspiblitz custom command prompt https://github.com/rootzoll/raspiblitz/issues/2400' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i # raspiblitz custom command prompt https://github.com/rootzoll/raspiblitz/issues/2400' /home/admin/.bashrc
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i raspiIp=$(hostname -I | cut -d " " -f1)' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i raspiIp=$(hostname -I | cut -d " " -f1)' /home/admin/.bashrc
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i if [ "$color_prompt" = yes ]; then' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i if [ "$color_prompt" = yes ]; then' /home/admin/.bashrc
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i \    PS1=\x27${debian_chroot:+($debian_chroot)}\\[\\033[00;33m\\]\\u@$raspiIp:\\[\\033[00;34m\\]\\w\\[\\033[01;35m\\]$(__git_ps1 "(%s)") \\[\\033[01;33m\\]₿\\[\\033[00m\\] \x27' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i \    PS1=\x27${debian_chroot:+($debian_chroot)}\\[\\033[00;33m\\]\\u@$raspiIp:\\[\\033[00;34m\\]\\w\\[\\033[01;35m\\]$(__git_ps1 "(%s)") \\[\\033[01;33m\\]₿\\[\\033[00m\\] \x27' /home/admin/.bashrc
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i else' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i else' /home/admin/.bashrc
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i \    PS1=\x27${debian_chroot:+($debian_chroot)}\\u@$raspiIp:\\w₿ \x27' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i \    PS1=\x27${debian_chroot:+($debian_chroot)}\\u@$raspiIp:\\w₿ \x27' /home/admin/.bashrc
-    sudo sed -i '/^unset color_prompt force_color_prompt$/i fi' /home/admin/.bashrc
+    sed -i '/^unset color_prompt force_color_prompt$/i fi' /home/admin/.bashrc
 fi
 echo -e "\n*** FUZZY FINDER KEY BINDINGS ***"
 homeFile=/home/admin/.bashrc
 keyBindingsDone=$(grep -c "source /usr/share/doc/fzf/examples/key-bindings.bash" $homeFile)
 if [ ${keyBindingsDone} -eq 0 ]; then
-  sudo bash -c "echo 'source /usr/share/doc/fzf/examples/key-bindings.bash' >> /home/admin/.bashrc"
+  bash -c "echo 'source /usr/share/doc/fzf/examples/key-bindings.bash' >> /home/admin/.bashrc"
  echo "key-bindings added to $homeFile"
 else
  echo "key-bindings already in $homeFile"
@ -671,13 +677,13 @@ homeFile=/home/admin/.bashrc
 autostartDone=$(grep -c "automatically start main menu" $homeFile)
 if [ ${autostartDone} -eq 0 ]; then
  # bash autostart for admin
-  sudo bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
+  bash -c "echo '# shortcut commands' >> /home/admin/.bashrc"
-  sudo bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
+  bash -c "echo 'source /home/admin/_commands.sh' >> /home/admin/.bashrc"
-  sudo bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
+  bash -c "echo '# automatically start main menu for admin unless' >> /home/admin/.bashrc"
-  sudo bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
+  bash -c "echo '# when running in a tmux session' >> /home/admin/.bashrc"
-  sudo bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
+  bash -c "echo 'if [ -z \"\$TMUX\" ]; then' >> /home/admin/.bashrc"
-  sudo bash -c "echo '    ./00raspiblitz.sh newsshsession' >> /home/admin/.bashrc"
+  bash -c "echo '    ./00raspiblitz.sh newsshsession' >> /home/admin/.bashrc"
-  sudo bash -c "echo 'fi' >> /home/admin/.bashrc"
+  bash -c "echo 'fi' >> /home/admin/.bashrc"
  echo "autostart added to $homeFile"
 else
  echo "autostart already in $homeFile"
@ -686,21 +692,21 @@ fi
 echo -e "\n*** SWAP FILE ***"
 # based on https://stadicus.github.io/RaspiBolt/raspibolt_20_pi.html#move-swap-file
 # but just deactivating and deleting old (will be created alter when user adds HDD)
-sudo dphys-swapfile swapoff
+dphys-swapfile swapoff
-sudo dphys-swapfile uninstall
+dphys-swapfile uninstall
 echo -e "\n*** INCREASE OPEN FILE LIMIT ***"
 # based on https://raspibolt.org/guide/raspberry-pi/security.html#increase-your-open-files-limit
-sudo sed --in-place -i "56s/.*/*    soft nofile 256000/" /etc/security/limits.conf
+sed --in-place -i "56s/.*/*    soft nofile 256000/" /etc/security/limits.conf
-sudo bash -c "echo '*    hard nofile 256000' >> /etc/security/limits.conf"
+bash -c "echo '*    hard nofile 256000' >> /etc/security/limits.conf"
-sudo bash -c "echo 'root soft nofile 256000' >> /etc/security/limits.conf"
+bash -c "echo 'root soft nofile 256000' >> /etc/security/limits.conf"
-sudo bash -c "echo 'root hard nofile 256000' >> /etc/security/limits.conf"
+bash -c "echo 'root hard nofile 256000' >> /etc/security/limits.conf"
-sudo bash -c "echo '# End of file' >> /etc/security/limits.conf"
+bash -c "echo '# End of file' >> /etc/security/limits.conf"
-sudo sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
+sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
-sudo sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
+sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
-sudo bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
+bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
 # increase the possible number of running processes from 128
-sudo bash -c "echo 'fs.inotify.max_user_instances=4096' >> /etc/sysctl.conf"
+bash -c "echo 'fs.inotify.max_user_instances=4096' >> /etc/sysctl.conf"
 # *** fail2ban ***
 # based on https://raspibolt.org/security.html#fail2ban
@ -709,16 +715,16 @@ apt_install --no-install-recommends python3-systemd fail2ban
 # *** CACHE DISK IN RAM & KEYVALUE-STORE***
 echo "Activating CACHE RAM DISK ... "
-sudo /home/admin/_cache.sh ramdisk on
+/home/admin/_cache.sh ramdisk on
-sudo /home/admin/_cache.sh keyvalue on
+/home/admin/_cache.sh keyvalue on
 # *** Wifi, Bluetooth & other RaspberryPi configs ***
 if [ "${baseimage}" = "raspios_arm64"  ] || [ "${baseimage}" = "debian_rpi64" ]; then
  if [ "${wifi_region}" == "off" ]; then
    echo -e "\n*** DISABLE WIFI ***"
-    sudo systemctl disable wpa_supplicant.service
+    systemctl disable wpa_supplicant.service
-    sudo ifconfig wlan0 down
+    ifconfig wlan0 down
  fi
  echo -e "\n*** DISABLE BLUETOOTH ***"
@ -728,46 +734,46 @@ if [ "${baseimage}" = "raspios_arm64"  ] || [ "${baseimage}" = "debian_rpi64" ];
  if [ "${disableBTDone}" -eq 0 ]; then
    # disable bluetooth module
-    echo "" | sudo tee -a $configFile
+    echo "" | tee -a $configFile
-    echo "# Raspiblitz" | sudo tee -a $configFile
+    echo "# Raspiblitz" | tee -a $configFile
-    echo 'dtoverlay=pi3-disable-bt' | sudo tee -a $configFile
+    echo 'dtoverlay=pi3-disable-bt' | tee -a $configFile
-    echo 'dtoverlay=disable-bt' | sudo tee -a $configFile
+    echo 'dtoverlay=disable-bt' | tee -a $configFile
  else
    echo "disable BT already in $configFile"
  fi
  # remove bluetooth services
-  sudo systemctl disable bluetooth.service
+  systemctl disable bluetooth.service
-  sudo systemctl disable hciuart.service
+  systemctl disable hciuart.service
  # remove bluetooth packages
-  sudo apt remove -y --purge pi-bluetooth bluez bluez-firmware
+  apt remove -y --purge pi-bluetooth bluez bluez-firmware
  # disable audio
  echo -e "\n*** DISABLE AUDIO (snd_bcm2835) ***"
-  sudo sed -i "s/^dtparam=audio=on/# dtparam=audio=on/g" /boot/config.txt
+  sed -i "s/^dtparam=audio=on/# dtparam=audio=on/g" /boot/config.txt
  # disable DRM VC4 V3D
  echo -e "\n*** DISABLE DRM VC4 V3D driver ***"
  dtoverlay=vc4-fkms-v3d
-  sudo sed -i "s/^dtoverlay=${dtoverlay}/# dtoverlay=${dtoverlay}/g" /boot/config.txt
+  sed -i "s/^dtoverlay=${dtoverlay}/# dtoverlay=${dtoverlay}/g" /boot/config.txt
  # I2C fix (make sure dtparam=i2c_arm is not on)
  # see: https://github.com/rootzoll/raspiblitz/issues/1058#issuecomment-739517713
-  sudo sed -i "s/^dtparam=i2c_arm=.*//g" /boot/config.txt
+  sed -i "s/^dtparam=i2c_arm=.*//g" /boot/config.txt
 fi
 # *** BOOTSTRAP ***
 echo -e "\n*** RASPI BOOTSTRAP SERVICE ***"
-sudo chmod +x /home/admin/_bootstrap.sh
+chmod +x /home/admin/_bootstrap.sh
-sudo cp /home/admin/assets/bootstrap.service /etc/systemd/system/bootstrap.service
+cp /home/admin/assets/bootstrap.service /etc/systemd/system/bootstrap.service
-sudo systemctl enable bootstrap
+systemctl enable bootstrap
 # *** BACKGROUND TASKS ***
 echo -e "\n*** RASPI BACKGROUND SERVICE ***"
-sudo chmod +x /home/admin/_background.sh
+chmod +x /home/admin/_background.sh
-sudo cp /home/admin/assets/background.service /etc/systemd/system/background.service
+cp /home/admin/assets/background.service /etc/systemd/system/background.service
-sudo systemctl enable background
+systemctl enable background
 # *** BACKGROUND SCAN ***
 /home/admin/_background.scan.sh install
@ -806,23 +812,23 @@ fi
 byteSizeList=$(sudo -u admin stat -c %s /home/admin/fallback.bitnodes.nodes)
 if [ ${#byteSizeList} -eq 0 ] || [ ${byteSizeList} -lt 10240 ]; then
  echo "Using fallback list from repo: bitnodes"
-  sudo rm /home/admin/fallback.bitnodes.nodes 2>/dev/null
+  rm /home/admin/fallback.bitnodes.nodes 2>/dev/null
-  sudo cp /home/admin/assets/fallback.bitnodes.nodes /home/admin/fallback.bitnodes.nodes
+  cp /home/admin/assets/fallback.bitnodes.nodes /home/admin/fallback.bitnodes.nodes
 fi
-sudo chown admin:admin /home/admin/fallback.bitnodes.nodes
+chown admin:admin /home/admin/fallback.bitnodes.nodes
 # check fallback list bitcoin core
 byteSizeList=$(sudo -u admin stat -c %s /home/admin/fallback.bitcoin.nodes)
 if [ ${#byteSizeList} -eq 0 ] || [ ${byteSizeList} -lt 10240 ]; then
  echo "Using fallback list from repo: bitcoin core"
-  sudo rm /home/admin/fallback.bitcoin.nodes 2>/dev/null
+  rm /home/admin/fallback.bitcoin.nodes 2>/dev/null
-  sudo cp /home/admin/assets/fallback.bitcoin.nodes /home/admin/fallback.bitcoin.nodes
+  cp /home/admin/assets/fallback.bitcoin.nodes /home/admin/fallback.bitcoin.nodes
 fi
-sudo chown admin:admin /home/admin/fallback.bitcoin.nodes
+chown admin:admin /home/admin/fallback.bitcoin.nodes
 echo
 echo "*** raspiblitz.info ***"
-sudo cat /home/admin/raspiblitz.info
+cat /home/admin/raspiblitz.info
 # *** RASPIBLITZ IMAGE READY INFO ***
 echo -e "\n**********************************************"
@ -835,13 +841,13 @@ echo "1. login fresh --> user:admin password:raspiblitz"
 echo -e "2. run --> release\n"
 # make sure that at least the code is available (also if no internet)
-sudo /home/admin/config.scripts/blitz.display.sh prepare-install
+/home/admin/config.scripts/blitz.display.sh prepare-install
 # (do last - because might trigger reboot)
 if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then
  echo "*** ADDITIONAL DISPLAY OPTIONS ***"
  echo "- calling: blitz.display.sh set-display ${display}"
-  sudo /home/admin/config.scripts/blitz.display.sh set-display ${display}
+  /home/admin/config.scripts/blitz.display.sh set-display ${display}
-  sudo /home/admin/config.scripts/blitz.display.sh rotate 1
+  /home/admin/config.scripts/blitz.display.sh rotate 1
 fi
 echo "# BUILD DONE - see above"
--- a/home.admin/_version.info
+++ b/home.admin/_version.info
@ -1,3 +1,3 @@
 # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1')
-codeVersion="1.9.0rc3"
+codeVersion="1.9.0rc4"
 # keep last line with comment
--- a/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
@ -1,8 +1,8 @@
 ## lnproxy_ssl.conf
 server {
-    listen 4749 ssl http2;
+    listen 4748 ssl http2;
-    listen [::]:4749 ssl http2;
+    listen [::]:4748 ssl http2;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
@ -13,15 +13,7 @@ server {
    access_log /var/log/nginx/access_lnproxy.log;
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
        proxy_pass http://127.0.0.1:4747/;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
    location / {
-        proxy_pass http://127.0.0.1:4748;
+        proxy_pass http://127.0.0.1:4747;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
 }
--- a/home.admin/assets/nginx/sites-available/lnproxy_tor.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_tor.conf
@ -1,25 +1,16 @@
 ## lnproxy_tor.conf
 server {
-    listen 4750;
+    listen 4749;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
    include /etc/nginx/snippets/gzip-params.conf;
    access_log /var/log/nginx/access_lnproxy.log;
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
        proxy_pass http://127.0.0.1:4747/;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
    location / {
-        proxy_pass http://127.0.0.1:4748;
+        proxy_pass http://127.0.0.1:4747;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
@ -1,7 +1,7 @@
 ## lnproxy_tor_ssl.conf
 server {
-    listen 4751 ssl http2;
+    listen 4750 ssl http2;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
@ -12,14 +12,8 @@ server {
    access_log /var/log/nginx/access_lnproxy.log;
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
        proxy_pass http://127.0.0.1:4747/;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
    location / {
-        proxy_pass http://127.0.0.1:4748;
+        proxy_pass http://127.0.0.1:4747;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/config.scripts/bitcoin.update.sh
+++ b/home.admin/config.scripts/bitcoin.update.sh
@ -21,33 +21,32 @@ mode="$1"
 bitcoinVersion="" # example: 22.0 .. keep empty if no newer version as sd card build is available
 # needed to check code signing
-# https://github.com/laanwj
+# https://github.com/sipa.gpg
-laanwjPGP="71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6"
+fallbackSigner=sipa
 # GATHER DATA
 # setting download directory to the current user
 downloadDir="/home/$(whoami)/download/bitcoin.update"
 # detect CPU architecture & fitting download link
-if [ $(uname -m | grep -c 'arm') -eq 1 ] ; then
+if [ $(uname -m | grep -c 'arm') -eq 1 ]; then
  bitcoinOSversion="arm-linux-gnueabihf"
 fi
-if [ $(uname -m | grep -c 'aarch64') -eq 1 ] ; then
+if [ $(uname -m | grep -c 'aarch64') -eq 1 ]; then
  bitcoinOSversion="aarch64-linux-gnu"
 fi
-if [ $(uname -m | grep -c 'x86_64') -eq 1 ] ; then
+if [ $(uname -m | grep -c 'x86_64') -eq 1 ]; then
  bitcoinOSversion="x86_64-linux-gnu"
 fi
 # installed version
-installedVersion=$(sudo -u bitcoin bitcoind --version | head -n1| cut -d" " -f4|cut -c 2-)
+installedVersion=$(sudo -u bitcoin bitcoind --version | head -n1 | cut -d" " -f4 | cut -c 2-)
 # test if the installed version already the tested/recommended update version
 bitcoinUpdateInstalled=$(echo "${installedVersion}" | grep -c "${bitcoinVersion}")
 # get latest release from GitHub releases
-gitHubLatestReleaseJSON="$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/bitcoin/bitcoin/releases | jq '.[0]')"
+bitcoinLatestVersion=$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/bitcoin/bitcoin/releases | jq -r '.[].tag_name' | sort | tail -n1 | cut -c 2-)
 bitcoinLatestVersion=$(echo "${gitHubLatestReleaseJSON}"|jq -r '.tag_name'|cut -c 2-)
 # INFO
 function displayInfo() {
@ -106,10 +105,10 @@ elif [ "${mode}" = "custom" ]; then
  echo "# Input the version you would like to install and press ENTER."
  echo "# Examples (versions below 22 are not supported):"
  echo "22.0rc3"
-  echo "22.0"
+  echo "24.0.1"
  echo
  read bitcoinVersion
-  if [ $(echo ${bitcoinVersion} | grep -c "rc") -gt 0 ];then
+  if [ $(echo ${bitcoinVersion} | grep -c "rc") -gt 0 ]; then
    cutVersion=$(echo ${bitcoinVersion} | awk -F"r" '{print $1}')
    rcVersion=$(echo ${bitcoinVersion} | awk -F"r" '{print $2}')
    # https://bitcoincore.org/bin/bitcoin-core-22.0/test.rc3/
@ -133,7 +132,7 @@ elif [ "${mode}" = "custom" ]; then
 fi
 # JOINED INSTALL
-if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom" ]; then
+if [ "${mode}" = "tested" ] || [ "${mode}" = "reckless" ] || [ "${mode}" = "custom" ]; then
  displayInfo
@ -149,42 +148,42 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
  mkdir -p "${downloadDir}"
  cd "${downloadDir}" || exit 1
-  # download signed binary sha256 hash sum file
+  echo "# Enter the github username of a signer. Find the list of signers at: "
-  wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS
+  echo "https://github.com/bitcoin-core/guix.sigs/tree/main/${pathVersion}"
-  # download signed binary sha256 hash sum file and check
+  echo "# Example for Peter Wuille (https://github.com/sipa):"
-  wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/SHA256SUMS.asc
+  echo "sipa"
  echo "# example for Emzy (https://github.com/Emzy):"
  echo "Emzy"
  read customSigner
-  echo "# Paste the PGP pubkey fingerprint of a signer."
+  if [ ${#customSigner} -eq 0 ]; then
-  echo "# Example for W. J. van der Laan (https://github.com/laanwj):"
+    customSigner=$fallbackSigner
  echo "71A3 B167 3540 5025 D447 E8F2 7481 0B01 2346 C9A6"
  echo ""
  read customKey
  if [ ${#customKey} -eq 0 ];then
    customKey=$laanwjPGP
  fi
-  # receive signer key
+  echo "# Download the binary sha256 hash sum file"
-  if ! gpg --recv-key "$customKey"
+  wget -O all.SHA256SUMS https://raw.githubusercontent.com/bitcoin-core/guix.sigs/main/${pathVersion}/${customSigner}/all.SHA256SUMS
-  then
+  echo "# Download signature of the binary sha256 hash sum file"
-    echo
+  wget -O all.SHA256SUMS.asc https://raw.githubusercontent.com/bitcoin-core/guix.sigs/main/${pathVersion}/${customSigner}/all.SHA256SUMS.asc
-    echo "# FAIL # Could not download the PGP pubkey"
+
-    echo
+  echo "# Download PGP pubkey of ${customSigner}"
-    echo "See the signers of this release:"
+  if ! wget -O pubkey.asc https://github.com/${customSigner}.gpg; then
-    echo
+    echo "# FAIL # Could not down
-    gpg --verify SHA256SUMS.asc 
+    load the PGP pubkey of ${customSigner}"
-    echo
+    rm pubkey.asc
    exit 1
  fi
  echo "# Import PGP pubkey of ${customSigner}"
  if ! gpg --import pubkey.asc; then
    echo "# FAIL # Couldn't import the PGP pubkey of ${customSigner}"
    rm pubkey.asc
    exit 1
  fi
  rm pubkey.asc
-  verifyResult=$(LANG=en_US.utf8; gpg --verify SHA256SUMS.asc 2>&1)
+  echo "# Checking PGP signature of the binary sha256 hash sum file"
-  goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
+  if ! gpg --verify all.SHA256SUMS.asc; then
  echo "goodSignature(${goodSignature})"
  correctKey=$(echo ${verifyResult} | grep "${customKey}" -c)
  echo "correctKey(${correctKey})"
  if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
    echo
-    echo "# BUILD FAILED --> PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
+    echo "# BUILD FAILED --> the signature does not match"
    exit 1
  else
    echo
@ -195,18 +194,15 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
  echo "# Downloading Bitcoin Core v${bitcoinVersion} for ${bitcoinOSversion} ..."
  binaryName="bitcoin-${bitcoinVersion}-${bitcoinOSversion}.tar.gz"
  wget https://bitcoincore.org/bin/bitcoin-core-${pathVersion}/${binaryName}
-  if [ ! -f "./${binaryName}" ]
+  if [ ! -f "./${binaryName}" ]; then
  then
    echo "# FAIL # Downloading BITCOIN BINARY did not succeed."
    exit 1
  fi
-  echo "# Checking binary checksum ..."
+  echo "# Checking the binary checksum ..."
-  checksumTest=$(sha256sum -c --ignore-missing SHA256SUMS ${binaryName} 2>/dev/null \
+  if ! sha256sum -c --ignore-missing all.SHA256SUMS; then
                | grep -c "${binaryName}: OK")
  if [ "${checksumTest}" -eq 0 ]; then
    # get the sha256 value for the corresponding platform from signed hash sum file
-    bitcoinSHA256=$(grep -i "${binaryName}}" SHA256SUMS | cut -d " " -f1)
+    bitcoinSHA256=$(grep -i "${binaryName}}" all.SHA256SUMS | cut -d " " -f1)
    echo "# FAIL # Downloaded BITCOIN BINARY CHECKSUM:"
    echo "$(sha256sum ${binaryName})"
    echo "NOT matching SHA256 checksum:"
@ -219,14 +215,14 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
  fi
 fi
-if [ "${mode}" = "tested" ]||[ "${mode}" = "custom" ]; then
+if [ "${mode}" = "tested" ] || [ "${mode}" = "custom" ]; then
  bitcoinInterimsUpdateNew="${bitcoinVersion}"
 elif [ "${mode}" = "reckless" ]; then
  bitcoinInterimsUpdateNew="reckless"
 fi
 # JOINED INSTALL
-if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom" ];then
+if [ "${mode}" = "tested" ] || [ "${mode}" = "reckless" ] || [ "${mode}" = "custom" ]; then
  # install
  echo "# Stopping bitcoind ..."
@ -238,8 +234,7 @@ if [ "${mode}" = "tested" ]||[ "${mode}" = "reckless" ]||[ "${mode}" = "custom"
  tar -xvf ${binaryName}
  sudo install -m 0755 -o root -g root -t /usr/local/bin/ bitcoin-${bitcoinVersion}/bin/*
  sleep 3
-  installed=$(bitcoind --version | grep "${bitcoinVersion}" -c)
+  if ! bitcoind --version | grep "${bitcoinVersion}"; then
  if [ ${installed} -lt 1 ]; then
    echo
    echo "# BUILD FAILED --> Was not able to install bitcoind version(${bitcoinVersion})"
    exit 1
--- a/home.admin/config.scripts/blitz.display.sh
+++ b/home.admin/config.scripts/blitz.display.sh
@ -140,7 +140,7 @@ if [ "${command}" == "rotate" ]; then
    sed -i "s/^dtoverlay=.*/dtoverlay=waveshare35a:rotate=90/g" /boot/config.txt
    rm /etc/X11/xorg.conf.d/40-libinput.conf 2>/dev/null
-    /home/admin/config.scripts/blitz.conf.sh set lcdrotate 1 2>/dev/null
+    /home/admin/config.scripts/blitz.conf.sh set lcdrotate 1 1>/dev/null 2>/dev/null
    echo "# OK - a restart is needed: sudo shutdown -r now"
  # TURN ROTATE OFF
@ -165,7 +165,7 @@ EOF
    fi
    # update raspiblitz conf
-    /home/admin/config.scripts/blitz.conf.sh set lcdrotate 0 2>/dev/null
+    /home/admin/config.scripts/blitz.conf.sh set lcdrotate 0 1>/dev/null 2>/dev/null
    echo "OK - a restart is needed: sudo shutdown -r now"
  else
--- a/home.admin/config.scripts/blitz.fatpack.sh
+++ b/home.admin/config.scripts/blitz.fatpack.sh
@ -9,6 +9,15 @@ if [ "$EUID" -ne 0 ]
  exit 1
 fi
 apt_install() {
  apt install -y ${@}
  if [ $? -eq 100 ]; then
    echo "FAIL! apt failed to install needed packages!"
    echo ${@}
    exit 1
  fi
 }
 echo "# getting default user/repo from build_sdcard.sh"
 sudo cp /home/admin/raspiblitz/build_sdcard.sh /home/admin/build_sdcard.sh
 sudo chmod +x /home/admin/build_sdcard.sh 2>/dev/null
@ -48,6 +57,7 @@ sudo /home/admin/config.scripts/blitz.web.ui.sh on "${defaultWEBUIuser}" "${defa
 # set build code as new www default
 sudo rm -r /home/admin/assets/nginx/www_public
 mkdir -p /home/admin/assets/nginx/www_public
 sudo cp -a /home/blitzapi/blitz_web/build/* /home/admin/assets/nginx/www_public
 sudo chown admin:admin /home/admin/assets/nginx/www_public
 sudo rm -r /home/blitzapi/blitz_web/build/*
--- a/home.admin/config.scripts/blitz.web.api.sh
+++ b/home.admin/config.scripts/blitz.web.api.sh
@ -33,7 +33,7 @@ if [ "$1" = "update-config" ]; then
  fi
  # prepare config update
-  cd /home/blitzapi/blitz_api
+  cd /home/blitzapi/blitz_api || exit 1
  secret=$(cat ./.env 2>/dev/null | grep "secret=" | cut -d "=" -f2)
  cp ./.env_sample ./.env
  dateStr=$(date)
@ -44,7 +44,7 @@ if [ "$1" = "update-config" ]; then
  # configure access token secret
  if [ "${secret}" == "" ] || [ "${secret}" == "please_please_update_me_please" ]; then
    echo "# init secret ..."
-    secret=$(dd if=/dev/urandom bs=256 count=1 2> /dev/null | shasum -a256 | cut -d " " -f1)
+    secret=$(dd if=/dev/urandom bs=256 count=1 2>/dev/null | shasum -a256 | cut -d " " -f1)
  else
    echo "# use existing secret"
  fi
@ -78,13 +78,13 @@ if [ "$1" = "update-config" ]; then
      sed -i "s/^lnd_grpc_ip=.*/lnd_grpc_ip=127.0.0.1/g" ./.env
      sed -i "s/^lnd_macaroon=.*/lnd_macaroon=${adminMacaroon}/g" ./.env
      sed -i "s/^lnd_cert=.*/lnd_cert=${tlsCert}/g" ./.env
-      if [ "${chain}" == "main" ];then
+      if [ "${chain}" == "main" ]; then
        L2rpcportmod=0
        portprefix=""
-      elif [ "${chain}" == "test" ];then
+      elif [ "${chain}" == "test" ]; then
        L2rpcportmod=1
        portprefix=1
-      elif [ "${chain}" == "sig" ];then
+      elif [ "${chain}" == "sig" ]; then
        L2rpcportmod=3
        portprefix=3
      fi
@ -96,7 +96,7 @@ if [ "$1" = "update-config" ]; then
      echo "# CONFIG Web API Lightning --> CL"
      sed -i "s/^ln_node=.*/ln_node=cln_jrpc/g" ./.env
-      sed -i "s/^cln_jrpc_path=.*/cln_jrpc_path="/mnt/hdd/app-data/.lightning/bitcoin/lightning-rpc"/g" ./.env
+      sed -i "s#^cln_jrpc_path=.*#cln_jrpc_path=\"/mnt/hdd/app-data/.lightning/bitcoin/lightning-rpc\"#g" ./.env
      # make sure cln-grpc is on
      # sudo /home/admin/config.scripts/cl-plugin.cln-grpc.sh on mainnet
@ -330,7 +330,7 @@ if [ "$1" = "update-code" ]; then
    echo "# Update Web API CODE"
    systemctl stop blitzapi
    sudo chown -R blitzapi:blitzapi /home/blitzapi/blitz_api
-    cd /home/blitzapi/blitz_api
+    cd /home/blitzapi/blitz_api || exit 1
    if [ "$currentBranch" == "" ]; then
      currentBranch=$(sudo -u blitzapi git rev-parse --abbrev-ref HEAD)
    fi
--- a/home.admin/config.scripts/blitz.web.sh
+++ b/home.admin/config.scripts/blitz.web.sh
@ -72,7 +72,7 @@ EOF
  sudo mkdir -p /var/www/letsencrypt/.well-known/acme-challenge
  sudo chown -R admin:www-data /var/www/letsencrypt
  sudo cp -a /home/admin/assets/nginx/www_public/ /var/www/public
-  sudo chown www-data:www-data /var/www/public
+  sudo chown -R www-data:www-data /var/www/public
  sudo cp /home/admin/assets/nginx/snippets/* /etc/nginx/snippets/
  # enable public site & API redirect
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@ -5,7 +5,7 @@
 # https://github.com/dgarage/NBXplorer/tags
 NBXplorerVersion="v2.3.62"
 # https://github.com/btcpayserver/btcpayserver/releases
-BTCPayVersion="v1.8.2"
+BTCPayVersion="v1.9.1"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -58,12 +58,7 @@ nomigrateevts=1
 function BtcPayConfig() {
  # set thumbprint
  FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/btcpay/.lnd/tls.cert | cut -d"=" -f2)
-  if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
+  # set up postgres
    echo "# sqlite database exists"
    databaseOption="# keep using sqlite as /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db exists (configured in the btcpayserver.service)"
  else
    echo "# sqlite database does not exist, using postgresql"
    databaseOption="postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';"
  if sudo -u postgres psql -c '\l' | grep btcpaymainnet; then
    echo "# btcpaymainnet database already exists"
  else
@ -74,9 +69,9 @@ function BtcPayConfig() {
  fi
  echo "# List databases with: sudo -u postgres psql -c '\l'"
  sudo -u postgres psql -c '\l'
  fi
  echo "# Regenerate the btcpayserver settings (includes the LND TLS thumbprint)"
  # https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#3-create-a-configuration-file
  sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main
  echo "
 ### Global settings ###
 network=mainnet
@ -85,20 +80,21 @@ network=mainnet
 port=23000
 bind=127.0.0.1
 externalurl=https://$BTCPayDomain
 socksendpoint=127.0.0.1:9050
 ### NBXplorer settings ###
 BTC.explorer.url=http://127.0.0.1:24444/
 BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/home/btcpay/admin.macaroon;certthumbprint=$FINGERPRINT
 ### Database ###
-${databaseOption}
+postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';
 explorer.postgres=User ID=nbxplorer;Host=localhost;Port=5432;Application Name=nbxplorer;MaxPoolSize=20;Database=nbxplorermainnet;Password='raspiblitz';
 " | sudo -u btcpay tee /home/btcpay/.btcpayserver/Main/settings.config
 }
 function BtcPayService() {
  if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
-    echo "# sqlite database exists"
+    echo "# sqlite database exists - will be ignored after the migration to postgresql"
    databaseOption=" -- --sqlitefile=sqllite.db"
  else
    echo "# sqlite database does not exist, using postgresql"
@ -619,7 +615,6 @@ WantedBy=multi-user.target
    echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. it is enabled and will start on next reboot"
  fi
  sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main/
  if [ "${lnd}" = on ]; then
    /home/admin/config.scripts/bonus.btcpayserver.sh write-tls-macaroon
  fi
--- a/home.admin/config.scripts/bonus.fulcrum.sh
+++ b/home.admin/config.scripts/bonus.fulcrum.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/cculianu/Fulcrum/releases
-fulcrumVersion="1.7.0"
+fulcrumVersion="1.9.1"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -12,7 +12,6 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  exit 1
 fi
 if [ "$1" = on ]; then
  # ?wait until txindex finishes?
  /home/admin/config.scripts/network.txindex.sh on
@ -26,6 +25,7 @@ if [ "$1" = on ]; then
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    echo "# Restarting bitcoind"
    sudo systemctl restart bitcoind
  fi
@ -51,26 +51,25 @@ if [ "$1" = on ]; then
  # get the PGP key
  curl https://raw.githubusercontent.com/Electron-Cash/keys-n-hashes/master/pubkeys/calinkey.txt | sudo -u fulcrum gpg --import
-  # look for 'Good signature'
+  echo "# Look for 'Good signature'"
  sudo -u fulcrum gpg --verify Fulcrum-${fulcrumVersion}-${build}.tar.gz.asc || exit 1
-  # look for 'OK'
+  echo "# Look for 'OK'"
  sudo -u fulcrum sha256sum -c Fulcrum-${fulcrumVersion}-${build}.tar.gz.sha256sum --ignore-missing || exit 1
-  # decompress
+  echo "# Unpack"
  sudo -u fulcrum tar -xvf Fulcrum-${fulcrumVersion}-${build}.tar.gz
-  # create the database directory in /mnt/hdd/app-storage (on the disk)
+  echo "# Create the database directory in /mnt/hdd/app-storage (on the disk)"
  sudo mkdir -p /mnt/hdd/app-storage/fulcrum/db
  sudo chown -R fulcrum:fulcrum /mnt/hdd/app-storage/fulcrum
-  # create a symlink to /home/fulcrum/.fulcrum
+  echo "# Create a symlink to /home/fulcrum/.fulcrum"
  sudo ln -s /mnt/hdd/app-storage/fulcrum /home/fulcrum/.fulcrum
  sudo chown -R fulcrum:fulcrum /home/fulcrum/.fulcrum
-  # Create a config file
+  echo "# Create a config file"
-  echo "# Getting RPC credentials from the bitcoin.conf"
+  echo "# Get the RPC credentials from the bitcoin.conf"
  #read PASSWORD_B
  RPC_USER=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcuser | cut -c 9-)
  PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
  echo "\
@ -96,7 +95,7 @@ tcp = 0.0.0.0:50021
 # ssl via nginx
 " | sudo -u fulcrum tee /home/fulcrum/.fulcrum/fulcrum.conf
-  # Create a systemd service
+  echo "# Create a systemd service"
  echo "\
 [Unit]
 Description=Fulcrum
@ -119,12 +118,10 @@ WantedBy=multi-user.target
  sudo systemctl enable fulcrum
  if [ "${state}" == "ready" ]; then
    echo "# Starting the fulcrum.service"
    sudo systemctl start fulcrum
  fi
  # sudo journalctl -fu fulcrum
  # sudo systemctl status fulcrum
  sudo ufw allow 50021 comment 'Fulcrum TCP'
  sudo ufw allow 50022 comment 'Fulcrum SSL'
@ -184,8 +181,10 @@ stream {
  # setting value in raspiblitz config
  /home/admin/config.scripts/blitz.conf.sh set fulcrum "on"
 fi
  echo "# Follow the logs with the command:"
  echo "sudo journalctl -fu fulcrum"
 fi
 if [ "$1" = off ]; then
  sudo systemctl disable fulcrum
--- a/home.admin/config.scripts/bonus.joinmarket.sh
+++ b/home.admin/config.scripts/bonus.joinmarket.sh
@ -6,7 +6,7 @@
 # https://github.com/openoms/joininbox
 # https://github.com/openoms/joininbox/tags
-JBTAG="v0.7.6" # installs JoinMarket v0.9.9
+JBTAG="v0.7.7" # installs JoinMarket v0.9.9
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -159,25 +159,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    sudo /home/admin/config.scripts/bonus.joinmarket.sh install
  fi
  # make sure the Bitcoin Core wallet is on
  /home/admin/config.scripts/network.wallet.sh on
  if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ]; then
    echo "# Create a non-descriptor wallet.dat"
    /usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
  else
    isDescriptor=$(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -rpcwallet=wallet.dat getwalletinfo | grep -c '"descriptors": true,')
    if [ "$isDescriptor" -gt 0 ]; then
      # unload
      bitcoin-cli unloadwallet wallet.dat
      echo "# Move the wallet.dat with descriptors to /mnt/hdd/bitcoin/descriptors"
      sudo mv /mnt/hdd/bitcoin/wallet.dat /mnt/hdd/bitcoin/descriptors
      echo "# Create a non-descriptor wallet.dat"
      bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
    else
      echo "# The non-descriptor wallet.dat is loaded in bitcoind."
    fi
  fi
  # store JoinMarket data on HDD
  mkdir /mnt/hdd/app-data/.joinmarket 2>/dev/null
@ -212,6 +193,25 @@ if [ -z \"\$TMUX\" ]; then
 fi
 " | sudo -u joinmarket tee -a /home/joinmarket/.bashrc
  # make sure the Bitcoin Core wallet is on
  /home/admin/config.scripts/network.wallet.sh on
  if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ]; then
    echo "# Create a non-descriptor wallet.dat"
    /usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
  else
    isDescriptor=$(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -rpcwallet=wallet.dat getwalletinfo | grep -c '"descriptors": true,')
    if [ "$isDescriptor" -gt 0 ]; then
      # unload
      bitcoin-cli unloadwallet wallet.dat
      echo "# Move the wallet.dat with descriptors to /mnt/hdd/bitcoin/descriptors"
      sudo mv /mnt/hdd/bitcoin/wallet.dat /mnt/hdd/bitcoin/descriptors
      echo "# Create a non-descriptor wallet.dat"
      bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
    else
      echo "# The non-descriptor wallet.dat is loaded in bitcoind."
    fi
  fi
  # configure joinmarket (includes a check if it is installed)
  if sudo -u joinmarket /home/joinmarket/start.joininbox.sh; then
    echo "# Start to use by logging in to the 'joinmarket' user with:"
--- a/home.admin/config.scripts/bonus.lit.sh
+++ b/home.admin/config.scripts/bonus.lit.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/lightninglabs/lightning-terminal/releases
-LITVERSION="0.8.6-alpha"
+LITVERSION="0.9.2-alpha"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -14,15 +14,18 @@ fi
 # check who signed the release in https://github.com/lightninglabs/lightning-terminal/releases
 PGPsigner="ellemouton"
-if [ $PGPsigner = ellemouton ];then
+if [ $PGPsigner = ellemouton ]; then
  PGPpkeys="https://github.com/${PGPsigner}.gpg"
  PGPcheck="D7D916376026F177"
-elif [ $PGPsigner = guggero ];then
+elif [ $PGPsigner = guggero ]; then
  PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc"
  PGPcheck="03DB6322267C373B"
-elif [ $PGPsigner = roasbeef ];then
+elif [ $PGPsigner = roasbeef ]; then
  PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc "
  PGPcheck="3BBD59E99B280306"
 elif [ $PGPsigner = ellemouton ]; then
  PGPpkeys="https://keybase.io/ellemo/pgp_keys.asc "
  PGPcheck="D7D916376026F17"
 fi
 source /mnt/hdd/raspiblitz.conf
--- a/home.admin/config.scripts/bonus.lnbits.sh
+++ b/home.admin/config.scripts/bonus.lnbits.sh
@ -3,7 +3,7 @@
 # https://github.com/lnbits/lnbits
 # https://github.com/lnbits/lnbits/releases
-tag="0.10.2"
+tag="0.10.4.1"
 VERSION="${tag}"
 # command info
@ -781,7 +781,7 @@ After=bitcoind.service
 [Service]
 WorkingDirectory=/home/lnbits/lnbits
 ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart
-ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && poetry run lnbits --port 5000'
+ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && poetry run lnbits --port 5000 --host 0.0.0.0'
 User=lnbits
 Restart=always
 TimeoutSec=120
--- a/home.admin/config.scripts/bonus.lnproxy.sh
+++ b/home.admin/config.scripts/bonus.lnproxy.sh
@ -1,9 +1,7 @@
 #!/bin/bash
 # https://github.com/lnproxy/lnproxy/commits/main
-LNPROXYVERSION="423723b58cc45daa2fdf6c8b22537d560aca4d7a"
+LNPROXYVERSION="7c8a14106b42cfd89471c1dc02d7baab1122dfa2"
 # https://github.com/lnproxy/lnproxy-webui/commits/main
 WEBUIVERSION=24d291c884a0b60126c1915301f29c893900a155
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -20,33 +18,21 @@ localip=$(hostname -I | awk '{print $1}')
 if [ "$1" = "menu" ]; then
  if systemctl is-active --quiet lnproxy; then
    # get network info
    torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null)
    fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
    if [ "${runBehindTor}" = "on" ] && [ -n "${torAddress}" ]; then
      # Info with Tor
    sudo /home/admin/config.scripts/blitz.display.sh qr "${torAddress}"
-      whiptail --title " lnproxy-webui and API" --msgbox "\
+    whiptail --title " lnproxy server API" --msgbox "\
-Open in your local web browser:
+Use your hidden service as a relay on the lnproxy Tor website:
-http://${localip}:4748
+dx7pn6ehykq6cadce4bjbxn5tf64z7e3fufpxgxce7n4f5eja476cpyd.onion
-https://${localip}:4749 with Fingerprint:
+Your address to be used as the relay:
-${fingerprint}\n
+http://${torAddress}/spec
-Hidden Service address for Tor Browser (see LCD for QR):
+
-${torAddress}\n
+To use the API from another computer on your LAN:
-To use the API:
+curl -k https://${localip}:4748/api/{invoice}?routing_msat={budget}
-curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n
+
 The Tor Hidden Service address to share for using the API:
 ${torAddress}/api
-" 20 70
+" 16 78
    sudo /home/admin/config.scripts/blitz.display.sh hide
    else
      # Info without Tor
      whiptail --title " lnproxy-webui " --msgbox "Open in your local web browser:
 http://${localip}:4748\n
 Activate Tor to access the web interface from outside your local network.
 " 15 57
    fi
    echo "# please wait ..."
  else
    echo "# *** LNPROXY IS NOT INSTALLED ***"
@ -138,53 +124,6 @@ EOF
    echo "# OK - the lnproxy.service is enabled, to start manually use: sudo systemctl start lnproxy"
  fi
  # lnproxy-webui
  cd /home/lnproxy/ || exit 1
  sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy-webui
  cd /home/lnproxy/lnproxy-webui || exit 1
  sudo -u lnproxy git reset --hard ${WEBUIVERSION} || exit 1
  # build
  sudo -u lnproxy /usr/local/go/bin/go get lnproxy-webui
  sudo -u lnproxy /usr/local/go/bin/go build
  # create systemd service
  cat <<EOF | sudo tee /etc/systemd/system/lnproxy-webui.service
 [Unit]
 Description=lnproxy-webui
 After=lnproxy.service
 [Service]
 WorkingDirectory=/home/lnproxy/lnproxy-webui
 User=lnproxy
 Group=lnproxy
 Type=simple
 ExecStart=/home/lnproxy/lnproxy-webui/lnproxy-webui
 Restart=on-failure
 RestartSec=30
 TimeoutSec=120
 # Hardening measures
 PrivateTmp=true
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateDevices=true
 [Install]
 WantedBy=multi-user.target
 EOF
  # enable and start service
  sudo systemctl enable lnproxy-webui
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    echo "# OK - the lnproxy-webui.service is enabled, system is on ready so starting service"
    sudo systemctl start lnproxy-webui
  else
    echo "# OK - the lnproxy-webui.service is enabled, to start manually use: sudo systemctl start lnproxy-webui"
  fi
  ##################
  # NGINX
  ##################
@ -201,25 +140,28 @@ EOF
  sudo ln -sf /etc/nginx/sites-available/lnproxy_ssl.conf /etc/nginx/sites-enabled/
  sudo ln -sf /etc/nginx/sites-available/lnproxy_tor.conf /etc/nginx/sites-enabled/
  sudo ln -sf /etc/nginx/sites-available/lnproxy_tor_ssl.conf /etc/nginx/sites-enabled/
-  sudo nginx -t
+  sudo nginx -t || exit 1
  sudo systemctl reload nginx
-  sudo ufw allow 4748 comment lnproxy-webui-HTTP
+  sudo ufw allow 4748 comment lnproxy-HTTPS
  sudo ufw allow 4749 comment lnproxy-HTTPS
-  /home/admin/config.scripts/tor.onion-service.sh lnproxy 80 4750 443 4751
+  /home/admin/config.scripts/tor.onion-service.sh lnproxy 80 4749 443 4750
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set lnproxy "on"
-  echo "# API:"
+  torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null)
-  echo "curl http://127.0.0.1:4747/{your_invoice}?routing_msat={routing_budget}"
+  echo
-  echo "curl -k https://${localip}:4749/api/{your_invoice}?routing_msat={routing_budget}"
+  echo "# Use your hidden service as a relay on the lnproxy Tor website:"
-  echo "# WebUI:"
+  echo "dx7pn6ehykq6cadce4bjbxn5tf64z7e3fufpxgxce7n4f5eja476cpyd.onion"
-  echo "http://${localip}:4748"
+  echo "# Your address to be used as the relay:"
-  echo "https://${localip}:4749"
+  echo "http://${torAddress}/spec"
  echo "# To use the API from another computer on your LAN:"
  echo "curl -k https://${localip}:4748/api/{invoice}?routing_msat={budget}\n"
  echo "# The Tor Hidden Service address to share for using the API:"
  echo "${torAddress}/api"
  echo "# More info at:"
-  echo "https://github.com/lnproxy/lnproxy"
+  echo "https://github.com/lnproxy"
  exit 0
 fi
@ -233,15 +175,22 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  # remove systemd services
  sudo systemctl disable --now lnproxy
  sudo rm -f /etc/systemd/system/lnproxy.service
  sudo systemctl disable --now lnproxy-webui
  sudo rm -f /etc/systemd/system/lnproxy-webui.service
  # remove Tor service
  /home/admin/config.scripts/tor.onion-service.sh off lnproxy
  sudo rm /etc/nginx/sites-available/lnproxy_ssl.conf
  sudo rm /etc/nginx/sites-available/lnproxy_tor.conf
  sudo rm /etc/nginx/sites-available/lnproxy_tor_ssl.conf
  sudo rm /etc/nginx/sites-enabled/lnproxy_ssl.conf
  sudo rm /etc/nginx/sites-enabled/lnproxy_tor.conf
  sudo rm /etc/nginx/sites-enabled/lnproxy_tor_ssl.conf
  sudo nginx -t || exit 1
  sudo systemctl reload nginx
  # close ports on firewall
  sudo ufw delete allow 4748
  sudo ufw delete allow 4749
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set lnproxy "off"
--- a/home.admin/config.scripts/bonus.postgresql.sh
+++ b/home.admin/config.scripts/bonus.postgresql.sh
@ -59,6 +59,10 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then
    sudo rm -rf $postgres_datadir # not a symlink.. delete it silently
    sudo ln -s /mnt/hdd/app-data/postgresql /var/lib/
  fi
  # always fix ownership
  sudo chown -R postgres:postgres  /mnt/hdd/app-data/postgresql
  sudo systemctl enable postgresql
  sudo systemctl start postgresql
--- a/home.admin/config.scripts/cl-plugin.cln-grpc.sh
+++ b/home.admin/config.scripts/cl-plugin.cln-grpc.sh
@ -45,6 +45,7 @@ function buildGRPCplugin() {
    echo "# delete old dir or binary"
    sudo rm -rf /home/bitcoin/cl-plugins-available/cln-grpc
    echo "# move to /home/bitcoin/cl-plugins-available/"
    sudo mkdir -p /home/bitcoin/cl-plugins-available
    sudo -u bitcoin mv /home/bitcoin/cln-grpc-build/debug/cln-grpc /home/bitcoin/cl-plugins-available/
  else
    echo "# - cln-grpc plugin was already built/installed"
--- a/home.admin/config.scripts/lnd.check.sh
+++ b/home.admin/config.scripts/lnd.check.sh
@ -305,6 +305,39 @@ fi
  fi
  ##### RPCMIDDLEWARE SECTION #####
  # [rpcmiddleware]
  sectionName="[Rr]pcmiddleware"
  echo "# [${sectionName}] config ..."
  # make sure lnd config has a [rpcmiddleware] section
  sectionExists=$(cat ${lndConfFile} | grep -c "^\[${sectionName}\]")
  echo "# sectionExists(${sectionExists})"
  if [ "${sectionExists}" == "0" ]; then
    echo "# adding section [${sectionName}]"
    echo "
  [${sectionName}]
  " | tee -a ${lndConfFile}
  fi
  # get line number of [rpcmiddleware] section
  sectionLine=$(cat ${lndConfFile} | grep -n "^\[${sectionName}\]" | cut -d ":" -f1)
  echo "# sectionLine(${sectionLine})"
  insertLine=$(expr $sectionLine + 1)
  echo "# insertLine(${insertLine})"
  fileLines=$(wc -l ${lndConfFile} | cut -d " " -f1)
  echo "# fileLines(${fileLines})"
  if [ ${fileLines} -lt ${insertLine} ]; then
    echo "# adding new line for inserts"
    echo "
  " | tee -a ${lndConfFile}
  fi
  # SET/UPDATE rpcmiddleware.enable
  setting ${lndConfFile} ${insertLine} "rpcmiddleware.enable" "true"
  echo "# OK PRESTART DONE"
 ######################################################################
--- a/home.admin/config.scripts/lnd.install.sh
+++ b/home.admin/config.scripts/lnd.install.sh
@ -4,7 +4,7 @@
 ## based on https://raspibolt.github.io/raspibolt/raspibolt_40_lnd.html#lightning-lnd
 ## see LND releases: https://github.com/lightningnetwork/lnd/releases
 ### If you change here - make sure to also change interims version in lnd.update.sh #!
-lndVersion="0.16.0-beta"
+lndVersion="0.16.2-beta"
 # olaoluwa
 #PGPauthor="roasbeef"
--- a/home.admin/config.scripts/lndlibs/README.md
+++ b/home.admin/config.scripts/lndlibs/README.md
@ -41,6 +41,7 @@ from . import walletunlocker_pb2 as walletunlocker__pb2
 Make sure the first lines (ignore comments) of the `walletunlocker_pb2.py` look like the following for python3 compatibility:
 ```
 from google.protobuf.internal import builder as _builder
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
 from google.protobuf import message as _message
--- a/home.admin/config.scripts/lndlibs/lightning.proto
+++ b/home.admin/config.scripts/lndlibs/lightning.proto
@ -567,9 +567,42 @@ service Lightning {
    /* lncli: `subscribecustom`
    SubscribeCustomMessages subscribes to a stream of incoming custom peer
    messages.
    To include messages with type outside of the custom range (>= 32768) lnd
    needs to be compiled with  the `dev` build tag, and the message type to
    override should be specified in lnd's experimental protocol configuration.
    */
    rpc SubscribeCustomMessages (SubscribeCustomMessagesRequest)
        returns (stream CustomMessage);
    /* lncli: `listaliases`
    ListAliases returns the set of all aliases that have ever existed with
    their confirmed SCID (if it exists) and/or the base SCID (in the case of
    zero conf).
    */
    rpc ListAliases (ListAliasesRequest) returns (ListAliasesResponse);
    /*
    LookupHtlcResolution retrieves a final htlc resolution from the database.
    If the htlc has no final resolution yet, a NotFound grpc status code is
    returned.
    */
    rpc LookupHtlcResolution (LookupHtlcResolutionRequest)
        returns (LookupHtlcResolutionResponse);
 }
 message LookupHtlcResolutionRequest {
    uint64 chan_id = 1;
    uint64 htlc_index = 2;
 }
 message LookupHtlcResolutionResponse {
    // Settled is true is the htlc was settled. If false, the htlc was failed.
    bool settled = 1;
    // Offchain indicates whether the htlc was resolved off-chain or on-chain.
    bool offchain = 2;
 }
 message SubscribeCustomMessagesRequest {
@ -591,6 +624,9 @@ message SendCustomMessageRequest {
    bytes peer = 1;
    // Message type. This value needs to be in the custom range (>= 32768).
    // To send a type < custom range, lnd needs to be compiled with the `dev`
    // build tag, and the message type to override should be specified in lnd's
    // experimental protocol configuration.
    uint32 type = 2;
    // Raw message data.
@ -630,6 +666,7 @@ enum OutputScriptType {
    SCRIPT_TYPE_NULLDATA = 6;
    SCRIPT_TYPE_NON_STANDARD = 7;
    SCRIPT_TYPE_WITNESS_UNKNOWN = 8;
    SCRIPT_TYPE_WITNESS_V1_TAPROOT = 9;
 }
 message OutputDetail {
@ -919,6 +956,14 @@ message ChannelAcceptRequest {
    // The commitment type the initiator wishes to use for the proposed channel.
    CommitmentType commitment_type = 14;
    // Whether the initiator wants to open a zero-conf channel via the channel
    // type.
    bool wants_zero_conf = 15;
    // Whether the initiator wants to use the scid-alias channel type. This is
    // separate from the feature bit.
    bool wants_scid_alias = 16;
 }
 message ChannelAcceptResponse {
@ -979,6 +1024,13 @@ message ChannelAcceptResponse {
    The number of confirmations we require before we consider the channel open.
    */
    uint32 min_accept_depth = 10;
    /*
    Whether the responder wants this to be a zero-conf channel. This will fail
    if either side does not have the scid-alias feature bit set. The minimum
    depth field must be zero if this is true.
    */
    bool zero_conf = 11;
 }
 message ChannelPoint {
@ -1475,6 +1527,24 @@ message Channel {
    // List constraints for the remote node.
    ChannelConstraints remote_constraints = 30;
    /*
    This lists out the set of alias short channel ids that exist for a channel.
    This may be empty.
    */
    repeated uint64 alias_scids = 31;
    // Whether or not this is a zero-conf channel.
    bool zero_conf = 32;
    // This is the confirmed / on-chain zero-conf SCID.
    uint64 zero_conf_confirmed_scid = 33;
    // The configured alias name of our peer.
    string peer_alias = 34;
    // This is the peer SCID alias.
    uint64 peer_scid_alias = 35 [jstype = JS_STRING];
 }
 message ListChannelsRequest {
@ -1488,12 +1558,33 @@ message ListChannelsRequest {
    empty, all channels will be returned.
    */
    bytes peer = 5;
    // Informs the server if the peer alias lookup per channel should be
    // enabled. It is turned off by default in order to avoid degradation of
    // performance for existing clients.
    bool peer_alias_lookup = 6;
 }
 message ListChannelsResponse {
    // The list of active channels
    repeated Channel channels = 11;
 }
 message AliasMap {
    /*
    For non-zero-conf channels, this is the confirmed SCID. Otherwise, this is
    the first assigned "base" alias.
    */
    uint64 base_scid = 1;
    // The set of all aliases stored for the base SCID.
    repeated uint64 aliases = 2;
 }
 message ListAliasesRequest {
 }
 message ListAliasesResponse {
    repeated AliasMap alias_maps = 1;
 }
 enum Initiator {
    INITIATOR_UNKNOWN = 0;
    INITIATOR_LOCAL = 1;
@ -1558,6 +1649,15 @@ message ChannelCloseSummary {
    Initiator close_initiator = 12;
    repeated Resolution resolutions = 13;
    /*
    This lists out the set of alias short channel ids that existed for the
    closed channel. This may be empty.
    */
    repeated uint64 alias_scids = 14;
    //  The confirmed SCID for a zero-conf channel.
    uint64 zero_conf_confirmed_scid = 15 [jstype = JS_STRING];
 }
 enum ResolutionType {
@ -1831,6 +1931,9 @@ message GetInfoResponse {
    Indicates whether the HTLC interceptor API is in always-on mode.
    */
    bool require_htlc_interceptor = 21;
    // Indicates whether final htlc resolutions are stored on disk.
    bool store_final_htlc_resolutions = 22;
 }
 message GetRecoveryInfoRequest {
@ -1903,6 +2006,11 @@ message CloseChannelRequest {
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // closure transaction.
    uint64 sat_per_vbyte = 6;
    // The maximum fee rate the closer is willing to pay.
    //
    // NOTE: This field is only respected if we're the initiator of the channel.
    uint64 max_fee_per_vbyte = 7;
 }
 message CloseStatusUpdate {
@ -2114,6 +2222,58 @@ message OpenChannelRequest {
    the remote peer supports explicit channel negotiation.
    */
    CommitmentType commitment_type = 18;
    /*
    If this is true, then a zero-conf channel open will be attempted.
    */
    bool zero_conf = 19;
    /*
    If this is true, then an option-scid-alias channel-type open will be
    attempted.
    */
    bool scid_alias = 20;
    /*
    The base fee charged regardless of the number of milli-satoshis sent.
    */
    uint64 base_fee = 21;
    /*
    The fee rate in ppm (parts per million) that will be charged in
    proportion of the value of each forwarded HTLC.
    */
    uint64 fee_rate = 22;
    /*
    If use_base_fee is true the open channel announcement will update the
    channel base fee with the value specified in base_fee. In the case of
    a base_fee of 0 use_base_fee is needed downstream to distinguish whether
    to use the default base fee value specified in the config or 0.
    */
    bool use_base_fee = 23;
    /*
    If use_fee_rate is true the open channel announcement will update the
    channel fee rate with the value specified in fee_rate. In the case of
    a fee_rate of 0 use_fee_rate is needed downstream to distinguish whether
    to use the default fee rate value specified in the config or 0.
    */
    bool use_fee_rate = 24;
    /*
    The number of satoshis we require the remote peer to reserve. This value,
    if specified, must be above the dust limit and below 20% of the channel
    capacity.
    */
    uint64 remote_chan_reserve_sat = 25;
    /*
    If set, then lnd will attempt to commit all the coins under control of the
    internal wallet to open the channel, and the LocalFundingAmount field must
    be zero and is ignored.
    */
    bool fund_max = 26;
 }
 message OpenStatusUpdate {
    oneof update {
@ -2488,9 +2648,17 @@ message PendingChannelsResponse {
        repeated PendingHTLC pending_htlcs = 8;
        /*
          There are three resolution states for the anchor:
          limbo, lost and recovered. Derive the current state
          from the limbo and recovered balances.
        */
        enum AnchorState {
            // The recovered_balance is zero and limbo_balance is non-zero.
            LIMBO = 0;
            // The recovered_balance is non-zero.
            RECOVERED = 1;
            // A state that is neither LIMBO nor RECOVERED.
            LOST = 2;
        }
@ -2936,6 +3104,9 @@ message LightningNode {
    repeated NodeAddress addresses = 4;
    string color = 5;
    map<uint32, Feature> features = 6;
    // Custom node announcement tlv records.
    map<uint64, bytes> custom_records = 7;
 }
 message NodeAddress {
@ -2951,6 +3122,9 @@ message RoutingPolicy {
    bool disabled = 5;
    uint64 max_htlc_msat = 6;
    uint32 last_update = 7;
    // Custom channel update tlv records.
    map<uint64, bytes> custom_records = 8;
 }
 /*
@ -2978,6 +3152,9 @@ message ChannelEdge {
    RoutingPolicy node1_policy = 7;
    RoutingPolicy node2_policy = 8;
    // Custom channel announcement tlv records.
    map<uint64, bytes> custom_records = 9;
 }
 message ChannelGraphRequest {
@ -3209,17 +3386,23 @@ message Invoice {
    */
    int64 value_msat = 23;
-    // Whether this invoice has been fulfilled
+    /*
    Whether this invoice has been fulfilled.
    The field is deprecated. Use the state field instead (compare to SETTLED).
    */
    bool settled = 6 [deprecated = true];
    /*
    When this invoice was created.
    Measured in seconds since the unix epoch.
    Note: Output only, don't specify for creating an invoice.
    */
    int64 creation_date = 7;
    /*
    When this invoice was settled.
    Measured in seconds since the unix epoch.
    Note: Output only, don't specify for creating an invoice.
    */
    int64 settle_date = 8;
@ -3240,7 +3423,7 @@ message Invoice {
    */
    bytes description_hash = 10;
-    // Payment request expiry time in seconds. Default is 3600 (1 hour).
+    // Payment request expiry time in seconds. Default is 86400 (24 hours).
    int64 expiry = 11;
    // Fallback on-chain address.
@ -3256,6 +3439,8 @@ message Invoice {
    repeated RouteHint route_hints = 14;
    // Whether this invoice should include routing hints for private channels.
    // Note: When enabled, if value and value_msat are zero, a large number of
    // hints with these channels can be included, which might not be desirable.
    bool private = 15;
    /*
@ -3484,7 +3669,16 @@ message ListInvoiceRequest {
    specified index offset. This can be used to paginate backwards.
    */
    bool reversed = 6;
    // If set, returns all invoices with a creation date greater than or equal
    // to it. Measured in seconds since the unix epoch.
    uint64 creation_date_start = 7;
    // If set, returns all invoices with a creation date less than or equal to
    // it. Measured in seconds since the unix epoch.
    uint64 creation_date_end = 8;
 }
 message ListInvoiceResponse {
    /*
    A list of invoices from the time slice of the time series specified in the
@ -3683,6 +3877,14 @@ message ListPaymentsRequest {
    of payments, as all of them have to be iterated through to be counted.
    */
    bool count_total_payments = 5;
    // If set, returns all invoices with a creation date greater than or equal
    // to it. Measured in seconds since the unix epoch.
    uint64 creation_date_start = 6;
    // If set, returns all invoices with a creation date less than or equal to
    // it. Measured in seconds since the unix epoch.
    uint64 creation_date_end = 7;
 }
 message ListPaymentsResponse {
@ -3927,6 +4129,10 @@ message ForwardingHistoryRequest {
    // The max number of events to return in the response to this query.
    uint32 num_max_events = 4;
    // Informs the server if the peer alias should be looked up for each
    // forwarding event.
    bool peer_alias_lookup = 5;
 }
 message ForwardingEvent {
    // Timestamp is the time (unix epoch offset) that this circuit was
@ -3966,6 +4172,12 @@ message ForwardingEvent {
    // circuit was completed.
    uint64 timestamp_ns = 11;
    // The peer alias of the incoming channel.
    string peer_alias_in = 12;
    // The peer alias of the outgoing channel.
    string peer_alias_out = 13;
    // TODO(roasbeef): add settlement latency?
    //  * use FPE on the chan id?
    //  * also list failures?
@ -4361,6 +4573,14 @@ message RPCMiddlewareRequest {
        the same type, or replaced by an error message.
        */
        RPCMessage response = 6;
        /*
        This is used to indicate to the client that the server has successfully
        registered the interceptor. This is only used in the very first message
        that the server sends to the client after the client sends the server
        the middleware registration message.
        */
        bool reg_complete = 8;
    }
    /*
@ -4398,7 +4618,8 @@ message RPCMessage {
    /*
    The full canonical gRPC name of the message type (in the format
-    <rpcpackage>.TypeName, for example lnrpc.GetInfoRequest).
+    <rpcpackage>.TypeName, for example lnrpc.GetInfoRequest). In case of an
    error being returned from lnd, this simply contains the string "error".
    */
    string type_name = 3;
@ -4407,6 +4628,13 @@ message RPCMessage {
    format.
    */
    bytes serialized = 4;
    /*
    Indicates that the response from lnd was an error, not a gRPC response. If
    this is set to true then the type_name contains the string "error" and
    serialized contains the error string.
    */
    bool is_error = 5;
 }
 message RPCMiddlewareResponse {
@ -4483,18 +4711,16 @@ message InterceptFeedback {
    string error = 1;
    /*
-    A boolean indicating that the gRPC response should be replaced/overwritten.
+    A boolean indicating that the gRPC message should be replaced/overwritten.
-    As its name suggests, this can only be used as a feedback to an intercepted
+    This boolean is needed because in protobuf an empty message is serialized as
-    response RPC message and is ignored for feedback on any other message. This
+    a 0-length or nil byte slice and we wouldn't be able to distinguish between
    boolean is needed because in protobuf an empty message is serialized as a
    0-length or nil byte slice and we wouldn't be able to distinguish between
    an empty replacement message and the "don't replace anything" case.
    */
    bool replace_response = 2;
    /*
    If the replace_response field is set to true, this field must contain the
-    binary serialized gRPC response message in the protobuf format.
+    binary serialized gRPC message in the protobuf format.
    */
    bytes replacement_serialized = 3;
 }
--- a/home.admin/config.scripts/lndlibs/lightning_pb2.py
+++ b/home.admin/config.scripts/lndlibs/lightning_pb2.py
--- a/home.admin/config.scripts/lndlibs/lightning_pb2_grpc.py
+++ b/home.admin/config.scripts/lndlibs/lightning_pb2_grpc.py
@ -5,7 +5,6 @@ import grpc
 from . import lightning_pb2 as lightning__pb2
 class LightningStub(object):
    """
    Comments in this file will be directly parsed into the API
@ -358,6 +357,16 @@ class LightningStub(object):
                request_serializer=lightning__pb2.SubscribeCustomMessagesRequest.SerializeToString,
                response_deserializer=lightning__pb2.CustomMessage.FromString,
                )
        self.ListAliases = channel.unary_unary(
                '/lnrpc.Lightning/ListAliases',
                request_serializer=lightning__pb2.ListAliasesRequest.SerializeToString,
                response_deserializer=lightning__pb2.ListAliasesResponse.FromString,
                )
        self.LookupHtlcResolution = channel.unary_unary(
                '/lnrpc.Lightning/LookupHtlcResolution',
                request_serializer=lightning__pb2.LookupHtlcResolutionRequest.SerializeToString,
                response_deserializer=lightning__pb2.LookupHtlcResolutionResponse.FromString,
                )
 class LightningServicer(object):
@ -1093,6 +1102,30 @@ class LightningServicer(object):
        """lncli: `subscribecustom`
        SubscribeCustomMessages subscribes to a stream of incoming custom peer
        messages.
        To include messages with type outside of the custom range (>= 32768) lnd
        needs to be compiled with  the `dev` build tag, and the message type to
        override should be specified in lnd's experimental protocol configuration.
        """
        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
        context.set_details('Method not implemented!')
        raise NotImplementedError('Method not implemented!')
    def ListAliases(self, request, context):
        """lncli: `listaliases`
        ListAliases returns the set of all aliases that have ever existed with
        their confirmed SCID (if it exists) and/or the base SCID (in the case of
        zero conf).
        """
        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
        context.set_details('Method not implemented!')
        raise NotImplementedError('Method not implemented!')
    def LookupHtlcResolution(self, request, context):
        """
        LookupHtlcResolution retrieves a final htlc resolution from the database.
        If the htlc has no final resolution yet, a NotFound grpc status code is
        returned.
        """
        context.set_code(grpc.StatusCode.UNIMPLEMENTED)
        context.set_details('Method not implemented!')
@ -1426,6 +1459,16 @@ def add_LightningServicer_to_server(servicer, server):
                    request_deserializer=lightning__pb2.SubscribeCustomMessagesRequest.FromString,
                    response_serializer=lightning__pb2.CustomMessage.SerializeToString,
            ),
            'ListAliases': grpc.unary_unary_rpc_method_handler(
                    servicer.ListAliases,
                    request_deserializer=lightning__pb2.ListAliasesRequest.FromString,
                    response_serializer=lightning__pb2.ListAliasesResponse.SerializeToString,
            ),
            'LookupHtlcResolution': grpc.unary_unary_rpc_method_handler(
                    servicer.LookupHtlcResolution,
                    request_deserializer=lightning__pb2.LookupHtlcResolutionRequest.FromString,
                    response_serializer=lightning__pb2.LookupHtlcResolutionResponse.SerializeToString,
            ),
    }
    generic_handler = grpc.method_handlers_generic_handler(
            'lnrpc.Lightning', rpc_method_handlers)
@ -2558,3 +2601,37 @@ class Lightning(object):
            lightning__pb2.CustomMessage.FromString,
            options, channel_credentials,
            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
    @staticmethod
    def ListAliases(request,
            target,
            options=(),
            channel_credentials=None,
            call_credentials=None,
            insecure=False,
            compression=None,
            wait_for_ready=None,
            timeout=None,
            metadata=None):
        return grpc.experimental.unary_unary(request, target, '/lnrpc.Lightning/ListAliases',
            lightning__pb2.ListAliasesRequest.SerializeToString,
            lightning__pb2.ListAliasesResponse.FromString,
            options, channel_credentials,
            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
    @staticmethod
    def LookupHtlcResolution(request,
            target,
            options=(),
            channel_credentials=None,
            call_credentials=None,
            insecure=False,
            compression=None,
            wait_for_ready=None,
            timeout=None,
            metadata=None):
        return grpc.experimental.unary_unary(request, target, '/lnrpc.Lightning/LookupHtlcResolution',
            lightning__pb2.LookupHtlcResolutionRequest.SerializeToString,
            lightning__pb2.LookupHtlcResolutionResponse.FromString,
            options, channel_credentials,
            insecure, call_credentials, compression, wait_for_ready, timeout, metadata)
--- a/home.admin/config.scripts/lndlibs/walletunlocker.proto
+++ b/home.admin/config.scripts/lndlibs/walletunlocker.proto
@ -185,6 +185,13 @@ message InitWalletRequest {
    corresponding private keys and can serve signing RPC requests.
    */
    WatchOnly watch_only = 9;
    /*
    macaroon_root_key is an optional 32 byte macaroon root key that can be
    provided when initializing the wallet rather than letting lnd generate one
    on its own.
    */
    bytes macaroon_root_key = 10;
 }
 message InitWalletResponse {
    /*
--- a/home.admin/config.scripts/lndlibs/walletunlocker_pb2.py
+++ b/home.admin/config.scripts/lndlibs/walletunlocker_pb2.py
@ -2,6 +2,7 @@
 # Generated by the protocol buffer compiler.  DO NOT EDIT!
 # source: walletunlocker.proto
 """Generated protocol buffer code."""
 from google.protobuf.internal import builder as _builder
 from google.protobuf import descriptor as _descriptor
 from google.protobuf import descriptor_pool as _descriptor_pool
 from google.protobuf import message as _message
@ -15,91 +16,10 @@ _sym_db = _symbol_database.Default()
 from . import lightning_pb2 as lightning__pb2
-DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14walletunlocker.proto\x12\x05lnrpc\x1a\x0flightning.proto\"A\n\x0eGenSeedRequest\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x01 \x01(\x0c\x12\x14\n\x0cseed_entropy\x18\x02 \x01(\x0c\"H\n\x0fGenSeedResponse\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x01 \x03(\t\x12\x17\n\x0f\x65nciphered_seed\x18\x02 \x01(\x0c\"\xbd\x02\n\x11InitWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x02 \x03(\t\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x03 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x04 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x05 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x06 \x01(\x08\x12\x1b\n\x13\x65xtended_master_key\x18\x07 \x01(\t\x12.\n&extended_master_key_birthday_timestamp\x18\x08 \x01(\x04\x12$\n\nwatch_only\x18\t \x01(\x0b\x32\x10.lnrpc.WatchOnly\",\n\x12InitWalletResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\"}\n\tWatchOnly\x12%\n\x1dmaster_key_birthday_timestamp\x18\x01 \x01(\x04\x12\x1e\n\x16master_key_fingerprint\x18\x02 \x01(\x0c\x12)\n\x08\x61\x63\x63ounts\x18\x03 \x03(\x0b\x32\x17.lnrpc.WatchOnlyAccount\"U\n\x10WatchOnlyAccount\x12\x0f\n\x07purpose\x18\x01 \x01(\r\x12\x11\n\tcoin_type\x18\x02 \x01(\r\x12\x0f\n\x07\x61\x63\x63ount\x18\x03 \x01(\r\x12\x0c\n\x04xpub\x18\x04 \x01(\t\"\x93\x01\n\x13UnlockWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x02 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x03 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x04 \x01(\x08\"\x16\n\x14UnlockWalletResponse\"~\n\x15\x43hangePasswordRequest\x12\x18\n\x10\x63urrent_password\x18\x01 \x01(\x0c\x12\x14\n\x0cnew_password\x18\x02 \x01(\x0c\x12\x16\n\x0estateless_init\x18\x03 \x01(\x08\x12\x1d\n\x15new_macaroon_root_key\x18\x04 \x01(\x08\"0\n\x16\x43hangePasswordResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\x32\xa5\x02\n\x0eWalletUnlocker\x12\x38\n\x07GenSeed\x12\x15.lnrpc.GenSeedRequest\x1a\x16.lnrpc.GenSeedResponse\x12\x41\n\nInitWallet\x12\x18.lnrpc.InitWalletRequest\x1a\x19.lnrpc.InitWalletResponse\x12G\n\x0cUnlockWallet\x12\x1a.lnrpc.UnlockWalletRequest\x1a\x1b.lnrpc.UnlockWalletResponse\x12M\n\x0e\x43hangePassword\x12\x1c.lnrpc.ChangePasswordRequest\x1a\x1d.lnrpc.ChangePasswordResponseB\'Z%github.com/lightningnetwork/lnd/lnrpcb\x06proto3')
+DESCRIPTOR = _descriptor_pool.Default().AddSerializedFile(b'\n\x14walletunlocker.proto\x12\x05lnrpc\x1a\x0flightning.proto\"A\n\x0eGenSeedRequest\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x01 \x01(\x0c\x12\x14\n\x0cseed_entropy\x18\x02 \x01(\x0c\"H\n\x0fGenSeedResponse\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x01 \x03(\t\x12\x17\n\x0f\x65nciphered_seed\x18\x02 \x01(\x0c\"\xd8\x02\n\x11InitWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x02 \x03(\t\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x03 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x04 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x05 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x06 \x01(\x08\x12\x1b\n\x13\x65xtended_master_key\x18\x07 \x01(\t\x12.\n&extended_master_key_birthday_timestamp\x18\x08 \x01(\x04\x12$\n\nwatch_only\x18\t \x01(\x0b\x32\x10.lnrpc.WatchOnly\x12\x19\n\x11macaroon_root_key\x18\n \x01(\x0c\",\n\x12InitWalletResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\"}\n\tWatchOnly\x12%\n\x1dmaster_key_birthday_timestamp\x18\x01 \x01(\x04\x12\x1e\n\x16master_key_fingerprint\x18\x02 \x01(\x0c\x12)\n\x08\x61\x63\x63ounts\x18\x03 \x03(\x0b\x32\x17.lnrpc.WatchOnlyAccount\"U\n\x10WatchOnlyAccount\x12\x0f\n\x07purpose\x18\x01 \x01(\r\x12\x11\n\tcoin_type\x18\x02 \x01(\r\x12\x0f\n\x07\x61\x63\x63ount\x18\x03 \x01(\r\x12\x0c\n\x04xpub\x18\x04 \x01(\t\"\x93\x01\n\x13UnlockWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x02 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x03 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x04 \x01(\x08\"\x16\n\x14UnlockWalletResponse\"~\n\x15\x43hangePasswordRequest\x12\x18\n\x10\x63urrent_password\x18\x01 \x01(\x0c\x12\x14\n\x0cnew_password\x18\x02 \x01(\x0c\x12\x16\n\x0estateless_init\x18\x03 \x01(\x08\x12\x1d\n\x15new_macaroon_root_key\x18\x04 \x01(\x08\"0\n\x16\x43hangePasswordResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\x32\xa5\x02\n\x0eWalletUnlocker\x12\x38\n\x07GenSeed\x12\x15.lnrpc.GenSeedRequest\x1a\x16.lnrpc.GenSeedResponse\x12\x41\n\nInitWallet\x12\x18.lnrpc.InitWalletRequest\x1a\x19.lnrpc.InitWalletResponse\x12G\n\x0cUnlockWallet\x12\x1a.lnrpc.UnlockWalletRequest\x1a\x1b.lnrpc.UnlockWalletResponse\x12M\n\x0e\x43hangePassword\x12\x1c.lnrpc.ChangePasswordRequest\x1a\x1d.lnrpc.ChangePasswordResponseB\'Z%github.com/lightningnetwork/lnd/lnrpcb\x06proto3')
-
+_builder.BuildMessageAndEnumDescriptors(DESCRIPTOR, globals())
-
+_builder.BuildTopDescriptorsAndMessages(DESCRIPTOR, 'walletunlocker_pb2', globals())
 _GENSEEDREQUEST = DESCRIPTOR.message_types_by_name['GenSeedRequest']
 _GENSEEDRESPONSE = DESCRIPTOR.message_types_by_name['GenSeedResponse']
 _INITWALLETREQUEST = DESCRIPTOR.message_types_by_name['InitWalletRequest']
 _INITWALLETRESPONSE = DESCRIPTOR.message_types_by_name['InitWalletResponse']
 _WATCHONLY = DESCRIPTOR.message_types_by_name['WatchOnly']
 _WATCHONLYACCOUNT = DESCRIPTOR.message_types_by_name['WatchOnlyAccount']
 _UNLOCKWALLETREQUEST = DESCRIPTOR.message_types_by_name['UnlockWalletRequest']
 _UNLOCKWALLETRESPONSE = DESCRIPTOR.message_types_by_name['UnlockWalletResponse']
 _CHANGEPASSWORDREQUEST = DESCRIPTOR.message_types_by_name['ChangePasswordRequest']
 _CHANGEPASSWORDRESPONSE = DESCRIPTOR.message_types_by_name['ChangePasswordResponse']
 GenSeedRequest = _reflection.GeneratedProtocolMessageType('GenSeedRequest', (_message.Message,), {
  'DESCRIPTOR' : _GENSEEDREQUEST,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.GenSeedRequest)
  })
 _sym_db.RegisterMessage(GenSeedRequest)
 GenSeedResponse = _reflection.GeneratedProtocolMessageType('GenSeedResponse', (_message.Message,), {
  'DESCRIPTOR' : _GENSEEDRESPONSE,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.GenSeedResponse)
  })
 _sym_db.RegisterMessage(GenSeedResponse)
 InitWalletRequest = _reflection.GeneratedProtocolMessageType('InitWalletRequest', (_message.Message,), {
  'DESCRIPTOR' : _INITWALLETREQUEST,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.InitWalletRequest)
  })
 _sym_db.RegisterMessage(InitWalletRequest)
 InitWalletResponse = _reflection.GeneratedProtocolMessageType('InitWalletResponse', (_message.Message,), {
  'DESCRIPTOR' : _INITWALLETRESPONSE,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.InitWalletResponse)
  })
 _sym_db.RegisterMessage(InitWalletResponse)
 WatchOnly = _reflection.GeneratedProtocolMessageType('WatchOnly', (_message.Message,), {
  'DESCRIPTOR' : _WATCHONLY,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.WatchOnly)
  })
 _sym_db.RegisterMessage(WatchOnly)
 WatchOnlyAccount = _reflection.GeneratedProtocolMessageType('WatchOnlyAccount', (_message.Message,), {
  'DESCRIPTOR' : _WATCHONLYACCOUNT,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.WatchOnlyAccount)
  })
 _sym_db.RegisterMessage(WatchOnlyAccount)
 UnlockWalletRequest = _reflection.GeneratedProtocolMessageType('UnlockWalletRequest', (_message.Message,), {
  'DESCRIPTOR' : _UNLOCKWALLETREQUEST,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.UnlockWalletRequest)
  })
 _sym_db.RegisterMessage(UnlockWalletRequest)
 UnlockWalletResponse = _reflection.GeneratedProtocolMessageType('UnlockWalletResponse', (_message.Message,), {
  'DESCRIPTOR' : _UNLOCKWALLETRESPONSE,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.UnlockWalletResponse)
  })
 _sym_db.RegisterMessage(UnlockWalletResponse)
 ChangePasswordRequest = _reflection.GeneratedProtocolMessageType('ChangePasswordRequest', (_message.Message,), {
  'DESCRIPTOR' : _CHANGEPASSWORDREQUEST,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.ChangePasswordRequest)
  })
 _sym_db.RegisterMessage(ChangePasswordRequest)
 ChangePasswordResponse = _reflection.GeneratedProtocolMessageType('ChangePasswordResponse', (_message.Message,), {
  'DESCRIPTOR' : _CHANGEPASSWORDRESPONSE,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.ChangePasswordResponse)
  })
 _sym_db.RegisterMessage(ChangePasswordResponse)
 _WALLETUNLOCKER = DESCRIPTOR.services_by_name['WalletUnlocker']
 if _descriptor._USE_C_DESCRIPTORS == False:
  DESCRIPTOR._options = None
@ -109,21 +29,21 @@ if _descriptor._USE_C_DESCRIPTORS == False:
  _GENSEEDRESPONSE._serialized_start=115
  _GENSEEDRESPONSE._serialized_end=187
  _INITWALLETREQUEST._serialized_start=190
-  _INITWALLETREQUEST._serialized_end=507
+  _INITWALLETREQUEST._serialized_end=534
-  _INITWALLETRESPONSE._serialized_start=509
+  _INITWALLETRESPONSE._serialized_start=536
-  _INITWALLETRESPONSE._serialized_end=553
+  _INITWALLETRESPONSE._serialized_end=580
-  _WATCHONLY._serialized_start=555
+  _WATCHONLY._serialized_start=582
-  _WATCHONLY._serialized_end=680
+  _WATCHONLY._serialized_end=707
-  _WATCHONLYACCOUNT._serialized_start=682
+  _WATCHONLYACCOUNT._serialized_start=709
-  _WATCHONLYACCOUNT._serialized_end=767
+  _WATCHONLYACCOUNT._serialized_end=794
-  _UNLOCKWALLETREQUEST._serialized_start=770
+  _UNLOCKWALLETREQUEST._serialized_start=797
-  _UNLOCKWALLETREQUEST._serialized_end=917
+  _UNLOCKWALLETREQUEST._serialized_end=944
-  _UNLOCKWALLETRESPONSE._serialized_start=919
+  _UNLOCKWALLETRESPONSE._serialized_start=946
-  _UNLOCKWALLETRESPONSE._serialized_end=941
+  _UNLOCKWALLETRESPONSE._serialized_end=968
-  _CHANGEPASSWORDREQUEST._serialized_start=943
+  _CHANGEPASSWORDREQUEST._serialized_start=970
-  _CHANGEPASSWORDREQUEST._serialized_end=1069
+  _CHANGEPASSWORDREQUEST._serialized_end=1096
-  _CHANGEPASSWORDRESPONSE._serialized_start=1071
+  _CHANGEPASSWORDRESPONSE._serialized_start=1098
-  _CHANGEPASSWORDRESPONSE._serialized_end=1119
+  _CHANGEPASSWORDRESPONSE._serialized_end=1146
-  _WALLETUNLOCKER._serialized_start=1122
+  _WALLETUNLOCKER._serialized_start=1149
-  _WALLETUNLOCKER._serialized_end=1415
+  _WALLETUNLOCKER._serialized_end=1442
 # @@protoc_insertion_point(module_scope)
--- a/home.admin/config.scripts/lndlibs/walletunlocker_pb2_grpc.py
+++ b/home.admin/config.scripts/lndlibs/walletunlocker_pb2_grpc.py
@ -5,7 +5,6 @@ import grpc
 from . import walletunlocker_pb2 as walletunlocker__pb2
 class WalletUnlockerStub(object):
    """
    Comments in this file will be directly parsed into the API