merigng 1.9RC2 changes (#3657)

2025-03-01 09:00:15 +01:00 · 2023-02-05 23:11:49 +01:00 · 2023-02-05 23:11:49 +01:00 · 8727207987
commit 8727207987
parent 8d5f42ff2e
47 changed files with 1318 additions and 642 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -4,31 +4,37 @@
 - New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md)
 - New: Fatpack & Minimal sd card builds [details](SECURITY.md#minimal-sd-card-build)
 - New: I2P support for Bitcoin Core (i2pacceptincoming=1) [details](https://github.com/rootzoll/raspiblitz/issues/2413)
 - New: CLN Watchtower (The Eye of Satoshi) [details](https://github.com/talaia-labs/rust-teos/tree/master/watchtower-plugin)
 - New: LNDg v1.4.0 [details](https://github.com/cryptosharks131/lndg)
 - New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087)
 - New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry)
 - New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot)
 - New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333)
 - New on WebUI: Jam (JoinMarket Web UI) v0.1.4 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.4)
 - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md)
- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta
+- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta)
 - Update: Core Lightning v22.11.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v22.11.1)
- Update: Electrum Server in Rust (electrs) v0.9.10 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0910-nov-3-2022)
+- Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
 - Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha)
 - Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3)
 - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
- Update: LNbits 0.9.4 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.2)
+- Update: LNbits 0.9.6 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.6)
- Update: BTCPayServer 1.7.2 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.2)
+- Update: BTCPayServer 1.7.5 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5)
 - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0)
 - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5)
- Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8)
+- Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9)
- Update: JoininBox v0.7.4 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.3)
+- Update: JoininBox v0.7.6 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.6)
- Update: Balance of Satoshis 13.6.0 (BOS) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#1360)
+- Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150)
- Update: Circuitbreaker v0.3.2 [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
+- Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage)
 - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
 - Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez)
 - Update: Tallycoin Connect v1.7.5 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.7.5)
 - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file)
 - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
- Info: IP2Tor unavailable & deactivated in SSH menus [details](https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480)
+- Info: IP2Tor fix fulmo shop & added new ip2tor.com shop
 - Info: 32GB sdcard is now enforced (after being recommended since v1.5)
 - Info: 'Reindex Blockchain' is not part of 'repair' menu
 ## What's new in Version 1.8.0c of RaspiBlitz?
--- a/FAQ.cl.md
+++ b/FAQ.cl.md
@ -59,7 +59,7 @@
 * Yes, all [BOLT specification](https://github.com/lightningnetwork/lightning-rfc) compliant implementations can open channels to each other and route payments.
 ### Can I run LND and CLN connected to the same node?
-* Yes, both can run parallel on a RaspiBlitz and even have channels witch each other.
+* Yes, both can run parallel on a RaspiBlitz and even have channels with each other.
 ### Can I convert an LND node to CLN (or the opposite)?
 * No, currently there are no tools available to convert between the databases storing the channel states.
--- a/FAQ.md
+++ b/FAQ.md
@ -4,6 +4,7 @@
 ---
 Table of Contents
 ---
 - [Table of Contents](#table-of-contents)
 - [Upgrade](#upgrade)
  - [How to verify the SD card image after download?](#how-to-verify-the-sd-card-image-after-download)
  - [What changed on every upgrade?](#what-changed-on-every-upgrade)
@ -17,6 +18,7 @@ Table of Contents
  - [How to SSH over Tor?](#how-to-ssh-over-tor)
  - [How to setup port-forwarding with a SSH tunnel?](#how-to-setup-port-forwarding-with-a-ssh-tunnel)
  - [How do I setup just a port-forwarding user on my public server?](#how-do-i-setup-just-a-port-forwarding-user-on-my-public-server)
  - [How to reset the ssh config and keys?](#how-to-reset-the-ssh-config-and-keys)
 - [Display](#display)
  - [Can I flip the screen?](#can-i-flip-the-screen)
  - [How to fix my upside down LCD after update?](#how-to-fix-my-upside-down-lcd-after-update)
@ -27,12 +29,12 @@ Table of Contents
  - [How do I generate a Debug Report?](#how-do-i-generate-a-debug-report)
  - [Why is my "final sync" taking so long?](#why-is-my-final-sync-taking-so-long)
  - [How do I backup my Lightning Node?](#how-do-i-backup-my-lightning-node)
-      - [1) Securing your On-Chain- and Channel-Funds during Operation](#and-channel-funds-during-operation)
+    - [1) Securing your On-Chain- and Channel-Funds during Operation](#1-securing-your-on-chain--and-channel-funds-during-operation)
    - [2) Making a complete LND data backup](#2-making-a-complete-lnd-data-backup)
  - [How can I recover my coins from a failing RaspiBlitz?](#how-can-i-recover-my-coins-from-a-failing-raspiblitz)
    - [1) Recover LND data](#1-recover-lnd-data)
    - [2) Recover from Wallet Seed](#2-recover-from-wallet-seed)
-    - [How do I move funds & channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app)
+  - [How do I move funds \& channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app)
  - [How do I change the Name/Alias of my lightning node](#how-do-i-change-the-namealias-of-my-lightning-node)
  - [How do I change the public port LND/Lightning node is running on?](#how-do-i-change-the-public-port-lndlightning-node-is-running-on)
  - [How do I solve a "signature mismatch after caveat verification" error?](#how-do-i-solve-a-signature-mismatch-after-caveat-verification-error)
@ -43,9 +45,10 @@ Table of Contents
  - [Why is my bitcoin IP on the display red?](#why-is-my-bitcoin-ip-on-the-display-red)
  - [Why is my node address on the display red?](#why-is-my-node-address-on-the-display-red)
  - [Why is my node address on the display yellow (not green)?](#why-is-my-node-address-on-the-display-yellow-not-green)
  - [How can I set a fixed IP?](#how-can-i-set-a-fixed-ip)
  - [How do I fix a displayed Error in my Config?](#how-do-i-fix-a-displayed-error-in-my-config)
  - [Can I run the RaspiBlitz as Backend for BTCPayServer?](#can-i-run-the-raspiblitz-as-backend-for-btcpayserver)
-    - [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#how-do-i-connect-to-my-raspiblitz)
+  - [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#i-dont-have-a-lan-port-on-my-laptop---how-do-i-connect-to-my-raspiblitz)
  - [Is it possible to connect the Blitz over Wifi instead of using a LAN cable?](#is-it-possible-to-connect-the-blitz-over-wifi-instead-of-using-a-lan-cable)
  - [Can I directly connect the RaspiBlitz to my laptop?](#can-i-directly-connect-the-raspiblitz-to-my-laptop)
  - [How to attach the RaspberryPi to the HDD?](#how-to-attach-the-raspberrypi-to-the-hdd)
@ -53,18 +56,18 @@ Table of Contents
  - [Are those "Under-Voltage detected" warnings a problem?](#are-those-under-voltage-detected-warnings-a-problem)
  - [How do I return to the menu after exiting to the command line](#how-do-i-return-to-the-menu-after-exiting-to-the-command-line)
  - [How do I setup fresh/clean/reset and without going into recovery mode?](#how-do-i-setup-freshcleanreset-and-without-going-into-recovery-mode)
-    - [My blockchain data is corrupted - what can I do?](#what-can-i-do)
+  - [My blockchain data is corrupted - what can I do?](#my-blockchain-data-is-corrupted---what-can-i-do)
-    - [I have two RaspiBlitz in my network - can they both be public?](#can-they-both-be-public)
+  - [I have two RaspiBlitz in my network - can they both be public?](#i-have-two-raspiblitz-in-my-network---can-they-both-be-public)
  - [How can I enforce UASP mode for my SSD controller?](#how-can-i-enforce-uasp-mode-for-my-ssd-controller)
  - [I am facing maintenance/emergency mode on boot. How do I fix it?](#i-am-facing-maintenanceemergency-mode-on-boot-how-do-i-fix-it)
 - [Extras](#extras)
  - [How do I connect a UPS to the RaspiBlitz?](#how-do-i-connect-a-ups-to-the-raspiblitz)
  - [Can I run my RaspiBlitz on Solar Energy?](#can-i-run-my-raspiblitz-on-solar-energy)
  - [How to use the Let's Encrypt client](#how-to-use-the-lets-encrypt-client)
-      - [Let's Encrypt - HTTP-01](#http-01)
+    - [Let's Encrypt - HTTP-01](#lets-encrypt---http-01)
-      - [Let's Encrypt - DNS-01](#dns-01)
+    - [Let's Encrypt - DNS-01](#lets-encrypt---dns-01)
-      - [Let's Encrypt - eMail Address](#email-address)
+    - [Let's Encrypt - eMail Address](#lets-encrypt---email-address)
-      - [Let's Encrypt - Installation details](#installation-details)
+    - [Let's Encrypt - Installation details](#lets-encrypt---installation-details)
  - [What is this mnemonic seed word list?](#what-is-this-mnemonic-seed-word-list)
  - [How do I set up VNC?](#how-do-i-set-up-vnc)
  - [Why use BTRFS on RaspiBlitz?](#why-use-btrfs-on-raspiblitz)
@ -255,7 +258,7 @@ useradd -g forwardings -d /home [USERNAME]
 echo 'command="date" [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]' > /etc/ssh/authorized_keys/[USERNAME]
 ```
-As a result you should see a "good signature" message with a main fingerprint the same as you can find on the [keybase.io/rootzoll](https://keybase.io/rootzoll) that is ending on `1C73 060C 7C17 6461` the sub fingerprint should end on `A2D7 AA9D D1B5 CC56 47DA`. If that fingerprint is correct, the SD card image you downloaded is a original release RaspiBlitz.
+### How to reset the ssh config and keys?
 - shutdown the RaspiBlitz - if you dont have touchscreen activated, disconnect LAN cable, wait until HDD/SSD activity slows down (no constant blinking) and then cut the power
 - take out the SD card and connect it to your laptop - it should appear as a `boot` drive
@ -302,6 +305,17 @@ You can also put an empty file just called `hdmi` (without any ending) onto the
 ## Debug
 ### How do I generate a Debug Report?
 If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem - please follow the following steps to generate a debug report:
 - SSH into your raspiblitz as admin user with your password A
 - If you see the menu - use CTRL+C to get to the terminal
 - To generate debug report run: `debug`, optionally create a link with `debug -l`
 - Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this
 *PLEASE NOTICE: It's possible that these logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.*
 ### I have the full blockchain on another storage. How do I copy it to the RaspiBlitz?
 Copying a already synced blockchain from another storage (e.g. your Laptop or external hard drive) can be a quick way to get the RaspiBlitz started or replacing a corrupted blockchain with a fresh one. Also that way you have synced and verified the blockchain yourself, and are not trusting the RaspiBlitz Torrent downloads (Don't trust, verify).
@ -318,16 +332,13 @@ If everything described above is in order, start the setup of the new RaspiBlitz
 Once you finished all the transfers, the Raspiblitz will make a quick-check on the data - but that will not guarantee that everything in detail was OK with the transfer. Check further FAQ answers if you get stuck or see a final sync with a value below 90%.
-### How do I generate a Debug Report?
+### Bitcoind tells me to reindex - how can I do this?
-If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem - please follow the following steps to generate a debug report:
+ To find/access information fast in large data sets like the Bitcoin blockhain indexes are needed. Those indexes can get corrupted on your HDD/SSD and to repair them they need to be rebuild - re-indexed. Bitcoind has two different options to do this - a fast way called "reindex-chainstate" (which just rebuilds the UTXO set from the blocks as you have them) and the slow but complete way called just "reindex" that would even recheck all your block data - see for details here: https://bitcoin.stackexchange.com/questions/60709/when-should-i-use-reindex-chainstate-and-when-reindex 
- SSH into your raspiblitz as admin user with your password A
+ So if you read in your debug logs of bitcoind that you should "reindex" you can try first just to do a fast "reindex-chainstate" and if that didnt worked a slow and full "reindex".
 - If you see the menu - use CTRL+C to get to the terminal
 - To generate debug report run: `debug`, optionally create a link with `debug -l`
 - Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this
-*PLEASE NOTICE: It's possible that these logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.*
+See the raspiblitz script `./config.scripts/network.reindex.sh` or the REAPIR menu to start these processes.
 ### Why is my "final sync" taking so long?
@ -540,7 +551,7 @@ https://github.com/raspibolt/raspibolt/blob/a21788c0518618d17093e3f447f68a53e4ef
 ### Can I directly connect the RaspiBlitz to my laptop?
-If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055).
+If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055) and this [guide for Windows](https://www.tomshardware.com/how-to/share-internet-connection-windows-ethernet-wi-fi).
 In short for OSX:
@ -552,7 +563,19 @@ In short for OSX:
 * in terminal > `arp -a` and check for an IP of a client to the bridge
 * in terminal > ssh admin@[clientIP]
-If anyone has experience on doing this in Linux/Win, please share.
+In short for Windows:
 * make sure all VPNs are off (can interfere with local LAN)
 * connect Raspiblitz with laptop LAN/ethernet directly
 * Control Panel > Network and Internet > Network and Sharing Centre 
 * Click on your active internet connection highlighted in blue
 * Properties > Sharing
 * Check the box titled "Allow other network users to connect through this computer's Internet connection
 * Select LAN/Ethernet from the "Home networking connection:" dropdown menu
 * Click OK
 * Restart the Raspiblitz
 If anyone has experience on doing this in Linux please share.
 ### How to attach the RaspberryPi to the HDD?
--- a/README.md
+++ b/README.md
@ -772,7 +772,7 @@ Using pre-signed bitcoin transactions (PSBT) and [Hardware Wallet Interface](htt
 At the moment it is very Linux-focused.
 The same applies to multi-signature setups.
-The goal of the Specter Desktop wallet is to make a convenient and user-friendly GUI around Bitcoin Core, focusing on multi-signature setups with air-gapped hardware wallets like Trezor, Ledger, COLDCARD or the Specter-DIY.
+The goal of the Specter Desktop wallet is to make a sub and user-friendly GUI around Bitcoin Core, focusing on multi-signature setups with air-gapped hardware wallets like Trezor, Ledger, COLDCARD or the Specter-DIY.
 ![SPECTER](pictures/specter.jpg)
@ -855,6 +855,11 @@ LNbits is a very simple server that sits on top of your Lightning Wallet.
 ![LNBITS](pictures/lnbits.png)
 It can be used together with IP2Tor to provide:
 - Lightning Paper Vouchers (Plugin: LNURLw)
 - Merchant Onboarding (Plugin: TPOS)
 [![Video Tutorial](pictures/video-vouchers.png)](https://www.youtube.com/watch?v=0Bt3tHULAnw)
 You can also develop your own extensions on it.
@ -1009,7 +1014,20 @@ At the moment, the following subscription services are available:
 ##### IP2TOR (paid)
-DEACTIVATED SINCE 1.9 --> see for background: https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480
+IP2TOR is a tunnel service where you can run your RaspiBlitz anonymously behind TOR but you rent a port on a clearnet IP through which you can make services of your RaspiBlitz easy reachable for everybody on the internet.
 You don't need to care about your local router or firewall settings.
 You can pay for this service directly through Lightning from your RaspiBlitz as subscription.
 At first you select what services of your RaspiBlitz you like to tunnel through a IP2TOR bridge.
 You will get a list of available IP2TOR shops & bridge offerings.
 Select `OK` on an IP2TOR bridge offering and you will see more details on it, such as how many satoshis the subscription will cost you.
 Your node should be funded and have channels open already at this point.
 If you choose `AGREE` on the details of a IP2TOR bridge offering the RaspiBlitz tries for you to setup the IP2TOR bridge.
 If everything worked you will find now the subscription under `MAINMENU` > `SUBSCRIBE` > `LIST My Subscriptions` where you can cancel it again.
 To try out the IP2TOR tunnel choose in `MAINMENU` the extra menu point of the Service you choose the bridge for and it should give you now an updated URL or try calling the API on the IP and Port that is displayed under the details of the subscription in the `LIST My Subscriptions` section.
 ##### HTTPS with LetsEncrypt (free)
@ -1347,7 +1365,8 @@ But if you want to build that image yourself - here is a quick guide:
 - Get a latest RaspiOS 64-bit (Desktop): [DOWNLOAD](https://downloads.raspberrypi.org/raspios_arm64/images).
 - Write the image to an SD card: [TUTORIAL](https://www.raspberrypi.org/documentation/installation/installing-images/README.md).
 - Add a file called `ssh` to the root of the SD card when mounted on your laptop to enable SSH login.
- Add a file called `userconf` next to the empty `ssh` file that contains just the string `pi:$6$p2DNwHsYzR06mVFX$jwZnOo5Jl/6pEMFFowpUBqM7E0Rz8vEtXtupwxuXZA7eqyKxDk8barhYZ24ei/JEP4e8Jr0mOvRThASuUxIAZ0`.
+- Newest RasperryOS release did remove the default username therefore you need to create an own user. Add a file called `userconf` next to the empty `ssh` file and add your specified userstring as followed:
  Create a hashed password using command on linux `echo 'raspberry' | openssl passwd -6 -stdin` and copy the output allongside the username for example `pi:$6$6c.o/U6OkN3ST65b$7F3TIamnnQCwQT4h00Vp1mcVMdSg3 ams7yeVGfZbclcScEnRnw9tkgI9btalTCHFI84o3Pr3cDbdpbCXYTmF1` into the userconf file. See also https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
 - Start the card on a Raspi and login via SSH with `ssh pi@[IP-OF-YOUR-RASPI]`. Password is `raspberry`.
 Now you are ready to start the SD card build script (check the code to see if the installation and config are OK for you).
--- a/alternative.platforms/Proxmox/README.md
+++ b/alternative.platforms/Proxmox/README.md
@ -125,10 +125,10 @@ apt upgrade -y
 apt install sudo
 ```
-Now we need to download the Build SDCard Script from Rootzoll. The version can be customized as you like. The latest version (as of block time 755125) is the 1.8.
+Now we need to download the Build SDCard Script from Rootzoll. The version can be customized as you like. The latest version (as of block time 768745) is the 1.9.
 ```
-wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.8/build_sdcard.sh
+wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.9/build_sdcard.sh
 ```
 And run:
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -273,8 +273,18 @@ sleep 3 ## give time to cancel
 export DEBIAN_FRONTEND=noninteractive
-echo "*** Prevent sleep ***" # on all platforms
+echo "*** Prevent sleep ***" # on all platforms https://wiki.debian.org/Suspend
 sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
 sudo mkdir /etc/systemd/sleep.conf.d
 echo "[Sleep]
 AllowSuspend=no
 AllowHibernation=no
 AllowSuspendThenHibernate=no
 AllowHybridSleep=no" | sudo tee /etc/systemd/sleep.conf.d/nosuspend.conf
 sudo mkdir /etc/systemd/logind.conf.d
 echo "[Login]
 HandleLidSwitch=ignore
 HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.conf
 # FIXING LOCALES
 # https://github.com/rootzoll/raspiblitz/issues/138
@ -504,10 +514,9 @@ echo "
  sharedscripts
  postrotate
    invoke-rc.d rsyslog rotate > /dev/null
-  enscript
+  endscript
 }
 /var/log/kern.log
 /var/log/auth.log
 {
--- a/ci/README.md
+++ b/ci/README.md
@ -17,7 +17,7 @@
  - [fatpack image](#fatpack-image)
  - [lean image](#lean-image)
    - [Add Gnome desktop (optional)](#add-gnome-desktop-optional)
- [Add wifi](#add-wifi)
+  - [Add wifi (optional)](#add-wifi-optional)
  - [Add wifi driver (optional)](#add-wifi-driver-optional)
 - [Workflow notes](#workflow-notes)
  - [Packer .json settings:](#packer-json-settings)
@ -64,15 +64,15 @@ The workflow locally and in github actions generates a .qcow2 format amd64 image
 * find the compressed .qcow2 image and sh256 hashes in the `ci/amd64/builds` directory
 ## Images generated in github actions
-* Find the images in the green runs in github actions at:
+* To see the downloadable artifacts will need to log in to GitHub
-https://github.com/rootzoll/raspiblitz/actions
+* Find the latest successful builds for amd64 using the dev branch at:  
-
+https://github.com/rootzoll/raspiblitz/actions/workflows/amd64-lean-image.yml?query=workflow%3Aamd64-lean-image-build+branch%3Adev+is%3Asuccess++
  ```
  # unzip to the same directory
  unzip raspiblitz-amd64-image-YEAR-MM-DD-COMMITHASH.zip
  ```
 ## Write the image to a disk connected with USB
-identify the connected disk with `lsblk` eg `/dev/sdd`
+* identify the connected disk with `lsblk` eg `/dev/sdd`
 ### Convert the qcow2 volume to a raw disk image
 * the raw image is 33.5 GB
@ -82,6 +82,7 @@ identify the connected disk with `lsblk` eg `/dev/sdd`
  # convert
  qemu-img convert raspiblitz-amd64-debian-11.5-lean.qcow2 raspiblitz-amd64-debian-11.5-lean.img
  ```
 ### Write to a disk connected with USB with Balena Etcher or `dd`
 * [Balena Etcher](https://www.balena.io/etcher/) to write the .img to disk
 * dd to write the .img to disk
@ -139,13 +140,13 @@ identify the connected disk with `lsblk` eg `/dev/sdd`
  systemctl start gdm
  ```
-## Add wifi
+### Add wifi (optional)
 * if the wifi driver is included in the FOSS Debian distro
 * in the command line run the network manager interface to connect:
  ```
  sudo nmtui
  ```
-## Add wifi driver (optional)
+### Add wifi driver (optional)
 * as in https://wiki.debian.org/iwlwifi
 * add the component `non-free` after `deb http://deb.debian.org/debian bullseye main` in `/etc/apt/sources.list`
 * install the wifi driver for the mentioned cards:
--- a/home.admin/00infoBlitz.sh
+++ b/home.admin/00infoBlitz.sh
@ -353,7 +353,7 @@ else
  appInfoLine=""
  # Electrum Server - electrs
-  if [ "${ElectRS}" = "on" ]; then
+  if [ "${ElectRS}" == "on" ]; then
    error=""
    source <(sudo /home/admin/config.scripts/bonus.electrs.sh status-sync 2>/dev/null)
    if [ ${#infoSync} -gt 0 ]; then
@ -361,15 +361,10 @@ else
    fi
  fi
-  # BTC RPC EXPLORER
+  # Transaction Index
-  if [ "${BTCRPCexplorer}" = "on" ]; then
+  source <(/home/admin/config.scripts/network.txindex.sh status)
-    error=""
+  if [ "${txindex}" == "1" ] && [ "${isIndexed}" != "1" ]; then
-    source <(sudo /home/admin/config.scripts/bonus.btc-rpc-explorer.sh status 2>/dev/null)
+      appInfoLine="Transaction Index: ${indexInfo}"
    if [ ${#error} -gt 0 ]; then
      appInfoLine="ERROR BTC-RPC-Explorer: ${error} (try restart)"
    elif [ "${isIndexed}" = "0" ]; then
      appInfoLine="BTC-RPC-Explorer: ${indexInfo}"
    fi
  fi
  if [ ${#appInfoLine} -gt 0 ]; then
--- a/home.admin/00mainMenu.sh
+++ b/home.admin/00mainMenu.sh
@ -158,7 +158,7 @@ if [ "${homer}" == "on" ]; then
  CHOICE_HEIGHT=$((CHOICE_HEIGHT+1))
 fi
 if [ "${circuitbreaker}" == "on" ]; then
-  OPTIONS+=(CIRCUIT "Circuitbreaker (LND firewall)")
+  OPTIONS+=(CIRCUITBREAKER "Circuitbreaker (LND firewall)")
 fi
 if [ "${tallycoinConnect}" == "on" ]; then
  OPTIONS+=(TALLY "Tallycoin Connect")
@ -329,7 +329,6 @@ case $CHOICE in
        HELIPAD)
            sudo /home/admin/config.scripts/bonus.helipad.sh menu
            ;;
        SQUEAKNODE)
            /home/admin/config.scripts/bonus.squeaknode.sh menu
            ;;
@ -339,7 +338,7 @@ case $CHOICE in
        CHANTOOLS)
            sudo /home/admin/config.scripts/bonus.chantools.sh menu
            ;;
-        CIRCUIT)
+        CIRCUITBREAKER)
            sudo /home/admin/config.scripts/bonus.circuitbreaker.sh menu
            ;;
        TESTNETS)
--- a/home.admin/00raspiblitz.sh
+++ b/home.admin/00raspiblitz.sh
@ -48,13 +48,6 @@ if [ "${copyInProgress}" = "1" ]; then
  exit
 fi
 # special state: reindex was triggered
 if [ "${state}" = "reindex" ]; then
  echo "Re-Index in progress ... start monitoring:"
  /home/admin/config.scripts/network.reindex.sh
  exit
 fi
 # special state: copystation
 if [ "${state}" = "copystation" ]; then
  echo "Copy Station is Running ..."
--- a/home.admin/98repairBlockchain.sh
+++ b/home.admin/98repairBlockchain.sh
@ -29,10 +29,6 @@ elif [ "${CHOICE}" = "RESYNC" ]; then
    echo "rebooting .. (please wait)"
    sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
 elif [ "${CHOICE}" = "REINDEX" ]; then
    echo "Starting REINDEX ..."
    sudo /home/admin/config.scripts/network.reindex.sh
 elif [ "${CHOICE}" = "BACKUP" ]; then
    /home/admin/config.scripts/lnd.compact.sh interactive
    sudo /home/admin/config.scripts/lnd.backup.sh lnd-export-gui
--- a/home.admin/98repairMenu.sh
+++ b/home.admin/98repairMenu.sh
@ -65,6 +65,9 @@ RaspiBlitz image to your SD card.
 " 12 40
 }
 # get status of txindex
 source <(/home/admin/config.scripts/network.txindex.sh status)
 OPTIONS=()
 #OPTIONS+=(HARDWARE "Run Hardwaretest")
 OPTIONS+=(SOFTWARE "Run Softwaretest (DebugReport)")
@ -76,11 +79,17 @@ if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
 fi
 OPTIONS+=(MIGRATION "Migrate Blitz Data to new Hardware")
 OPTIONS+=(COPY-SOURCE "Copy Blockchain Source Modus")
 if [ "${txindex}" == "1" ]; then
  OPTIONS+=(DELETE-INDEX "Reindex Bitcoin Transaction-Index")
 elif [ "${indexByteSize}" != "0" ]; then
  OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index")
 fi
 OPTIONS+=(REINDEX-UTXO "Redindex Just Bitcoin Chainstate (Fast)")
 OPTIONS+=(REINDEX-FULL "Redindex Full Bitcoin Blockchain (Slow)")
 OPTIONS+=(RESET-CHAIN "Delete Blockchain & Re-Download")
 OPTIONS+=(RESET-HDD "Delete HDD Data but keep Blockchain")
 OPTIONS+=(RESET-ALL "Delete HDD completely to start fresh")
 OPTIONS+=(DELETE-ELEC "Delete Electrum Index")
 OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index")
 CHOICE=$(whiptail --clear --title "Repair Options" --menu "" 19 62 12 "${OPTIONS[@]}" 2>&1 >/dev/tty)
@ -89,7 +98,15 @@ case $CHOICE in
 #  HARDWARE)
 #    ;;
  SOFTWARE)
-    sudo /home/admin/config.scripts/blitz.debug.sh
+    echo "Generating debug logs. Be patient, this should take maximum 2 minutes .."
    sudo rm /var/cache/raspiblitz/debug.log 2>/dev/null
    /home/admin/config.scripts/blitz.debug.sh > /var/cache/raspiblitz/debug.log
    echo "Redacting .."
    /home/admin/config.scripts/blitz.debug.sh redact /var/cache/raspiblitz/debug.log
    sudo chmod 640 /var/cache/raspiblitz/debug.log
    sudo chown root:sudo /var/cache/raspiblitz/debug.log
    cat /var/cache/raspiblitz/debug.log
    echo
    echo "Press ENTER to return to main menu."
    read key
    ;;
@ -148,6 +165,14 @@ case $CHOICE in
    /home/admin/config.scripts/network.txindex.sh delete
    exit 0;
    ;;
  REINDEX-UTXO)
    /home/admin/config.scripts/network.reindex.sh reindex-chainstate mainnet
    exit 0;
    ;;
  REINDEX-FULL)
    /home/admin/config.scripts/network.reindex.sh reindex mainnet
    exit 0;
    ;;
  COPY-SOURCE)
    /home/admin/config.scripts/blitz.copychain.sh source
    /home/admin/config.scripts/lnd.unlock.sh
--- a/home.admin/99clMenu.sh
+++ b/home.admin/99clMenu.sh
@ -92,12 +92,9 @@ case $CHOICE in
      if [ ! -f /home/bitcoin/suez/suez ];then
        /home/admin/config.scripts/bonus.suez.sh on
      fi
-      cd /home/bitcoin/suez || exit 0
+      cd /home/bitcoin/suez || exit 1
      command="sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}"
      echo "# Running the command:"
      echo "${command}"
      echo
-      $command
+      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}
      echo
      echo "Press ENTER to return to main menu."
      read key
--- a/home.admin/_commands.sh
+++ b/home.admin/_commands.sh
@ -80,15 +80,18 @@ function blitzhelp() {
  echo "Extras:"
  echo "  whitepaper   download the whitepaper from the blockchain to /home/admin/bitcoin.pdf"
  echo "  notifyme     wrapper for blitz.notify.sh that will send a notification using the configured method and settings"
  echo "  suez         visualize channels (for the default ln implementation and chain when installed)"
  exho "  lnproxy      wrap invoices with lnproxy"
  echo
  echo "LND:"
  echo "  lncli        LND commandline interface (when installed)"
  echo "  balance      your satoshi balance"
  echo "  channels     your lightning channels"
  echo "  fwdreport    show forwarding report"
  echo "  manage       use the lndmanage bonus app"
  echo
  echo "CLN:"
-  echo " lightning-cli Core-Lightning commandline interface (when installed)"
+  echo " lightning-cli Core Lightning commandline interface (when installed)"
 }
 # command: raspiblitz
@ -369,6 +372,21 @@ function jm() {
  fi
 }
 # command: manage
 # switch to lndmanage env
 function manage() {
  if [ $(cat /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "lndmanage=on") -eq 1 ]; then
    cd /home/admin/lndmanage
    source venv/bin/activate
    echo "NOTICE: Needs at least one active channel to run without error."
    echo "to exit (venv) enter ---> deactivate"
    lndmanage
  else
    echo "lndmanage not installed - to install run:"
    echo "sudo /home/admin/config.scripts/bonus.lndmanage.sh on"
  fi
 }
 # command: ckbunker
 # switch to the ckbunker user
 function ckbunker() {
@ -512,15 +530,55 @@ function bm() {
 # command: lnproxy
 function lnproxy() {
-  if [ $(cat /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "runBehindTor=on") -eq 1 ]; then
+  source /mnt/hdd/raspiblitz.conf
-    echo
+  if [ $# -gt 0 ]; then
-    echo "Requesting a wrapped invoice from rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion ..."
+    invoice=$1
    echo
    torify curl http://rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion/api/${1}
  else
    echo "Paste the invoice to be wrapped and press enter:"
    read -r invoice
  fi
  if systemctl is-active --quiet tor@default; then
    if [ -z "${lnproxy_override_tor}" ]; then
      lnproxy_override_tor="rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion/api"
    fi
    wrapped=$(torsocks curl -sS http://${lnproxy_override_tor}/${invoice})
    echo
-    echo "Requesting a wrapped invoice from https://lnproxy.org ..."
+    echo "Requesting a wrapped invoice from ${lnproxy_override_tor}"
  else
    if [ -z "${lnproxy_override_clearnet}" ]; then
      lnproxy_override_clearnet="lnproxy.org/api"
    fi
    wrapped=$(curl -sS https://${lnproxy_override_clearnet}/${invoice})
    echo
-    curl https://lnproxy.org/api/${1}
+    echo "Requesting a wrapped invoice from ${lnproxy_override_clearnet}"
  fi
  echo
  /home/admin/config.scripts/blitz.check-invoice-wrap.py "$1" "$wrapped"
  echo
  echo $wrapped
 }
 # command: suez
 function suez() {
  source /mnt/hdd/raspiblitz.conf
  if [ ${lightning} = 'cl' ] || [ ${lightning} = 'lnd' ]; then
    if [ ! -f /home/bitcoin/suez/suez ];then
      /home/admin/config.scripts/bonus.suez.sh on
    fi
    source <(/home/admin/config.scripts/network.aliases.sh getvars ${lightning} ${chain}net)
    cd /home/bitcoin/suez || exit 1
    clear
    echo "# Showing the channels of ${lightning} ${chain}net - consider reducing the font size (press CTRL- or CMD-)"
    if [ ${lightning} = cl ]; then
      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
      --client=c-lightning --client-args=--conf=${CLCONF}
    elif [ ${lightning} = lnd ]; then
      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
      --client-args=-n=${CHAIN} \
      --client-args=--rpcserver=localhost:1${L2rpcportmod}009
    fi
    cd
  else
    echo "# Lightning is ${lightning}"
  fi
 }
--- a/home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf
@ -0,0 +1,21 @@
 ## circuitbreaker_ssl.conf
 server {
    listen 9236 ssl http2;
    listen [::]:9236 ssl http2;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
    include /etc/nginx/snippets/gzip-params.conf;
    access_log /var/log/nginx/access_circuitbreaker.log;
    error_log /var/log/nginx/error_circuitbreaker.log;
    location / {
        proxy_pass http://127.0.0.1:9235;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
 }
--- a/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_ssl.conf
@ -0,0 +1,27 @@
 ## lnproxy_ssl.conf
 server {
    listen 4749 ssl http2;
    listen [::]:4749 ssl http2;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
    include /etc/nginx/snippets/gzip-params.conf;
    access_log /var/log/nginx/access_lnproxy.log;
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
        proxy_pass http://127.0.0.1:4747;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
    location / {
        proxy_pass http://127.0.0.1:4748;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
 }
--- a/home.admin/assets/nginx/sites-available/lnproxy_tor.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_tor.conf
@ -0,0 +1,26 @@
 ## lnproxy_tor.conf
 server {
    listen 4750;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
    include /etc/nginx/snippets/gzip-params.conf;
    access_log /var/log/nginx/access_lnproxy.log;
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
        proxy_pass http://127.0.0.1:4747;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
    location / {
        proxy_pass http://127.0.0.1:4748;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
 }
--- a/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf
@ -0,0 +1,26 @@
 ## lnproxy_tor_ssl.conf
 server {
    listen 4751 ssl http2;
    server_name _;
    include /etc/nginx/snippets/ssl-params.conf;
    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
    include /etc/nginx/snippets/gzip-params.conf;
    access_log /var/log/nginx/access_lnproxy.log;
    error_log /var/log/nginx/error_lnproxy.log;
    location /api/ {
        proxy_pass http://127.0.0.1:4747;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
    location / {
        proxy_pass http://127.0.0.1:4748;
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
 }
--- a/home.admin/config.scripts/bitcoin.monitor.sh
+++ b/home.admin/config.scripts/bitcoin.monitor.sh
@ -156,12 +156,15 @@ if [ "$2" = "info" ]; then
  btc_blocks_behind=$((${btc_blocks_headers} - ${btc_blocks_verified}))
  btc_sync_initialblockdownload=$(echo "${blockchaininfo}" | jq -r '.initialblockdownload' | grep -c 'true')
  btc_sync_progress=$(echo "${blockchaininfo}" | jq -r '.verificationprogress')
-  btc_sync_percentage=$(echo ${btc_sync_progress} | awk '{printf( "%.2f%%", 100 * $1)}')
+  if (( $(awk 'BEGIN { print( '${btc_sync_progress}'<0.99995 ) }') )); then
-  if [ "${btc_blocks_headers}" != "" ]  && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then
+    # #3620 prevent displaying 100.00%, although incorrect because of rounding
    btc_sync_percentage=$(awk 'BEGIN { printf( "%.2f%%", 100 * '${btc_sync_progress}') }')
  elif [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then
    btc_sync_percentage="100.00"
  else
    btc_sync_percentage="99.99"
  fi
  # determine if synced (tolerate falling 1 block behind)
  # and be sure that initial blockdownload is done
  btc_synced=0
--- a/home.admin/config.scripts/blitz.check-invoice-wrap.py
+++ b/home.admin/config.scripts/blitz.check-invoice-wrap.py
@ -0,0 +1,54 @@
 #!/usr/bin/env python3
 # adapted from: https://github.com/lnproxy/lnproxy-cli/blob/fe18d16e42b58f635b94c7da59a34d5e092e4d56/check-wrap.py
 # Parses payment hashes and amounts in bolt11 invoices to check lnproxy
 # Can skip most bolt11 checks since both the user's wallet and lnproxy will do that
 from decimal import Decimal
 CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l"
 units = {
 	'p': 10**12,
 	'n': 10**9,
 	'u': 10**6,
 	'm': 10**3,
 }
 def parse(invoice):
 	invoice = invoice.lower()
 	pos = invoice.rfind('1')
 	amount = invoice[4:pos]
 	if amount == '':
 		amount = Decimal(0)
 	else:
 		amount = Decimal(amount[:-1]) / units[amount[-1]]
 	data = invoice[pos+1+7:]
 	i = 0
 	while i < len(data):
 		if data[i] == 'p' and data[i+1:i+1+2] == 'p5':
 			payment_hash = data[i+1+2:i+1+2+52]
 			break
 		else:
 			i += 3 + CHARSET.find(data[i+1]) * 32 + CHARSET.find(data[i+1+1])
 	return (amount, payment_hash)
 from sys import stderr, argv
 try:
 	if len(argv) != 3:
 		raise Exception("Incorrect number of arguments")
 	amt1, hash1 = parse(argv[1])
 	amt2, hash2 = parse(argv[2])
 	if hash1 != hash2:
 		print(f"Payment hashes do not match!", file=stderr)
 		exit(3)
 	if amt1 != Decimal(0):
 		print(f"Hashes match, routing fee is {(amt2-amt1)*10**8:0,.0f} sat ({(amt2-amt1)/amt1*100:0.2f}%)")
 	else:
 		print(f"Hashes match")
 except Exception as err:
 	print('Error:', err)
 	print(f"usage: {argv[0]} <original invoice> <wrapped invoice>", file=stderr)
 	exit(2)
--- a/home.admin/config.scripts/blitz.copychain.sh
+++ b/home.admin/config.scripts/blitz.copychain.sh
@ -141,7 +141,7 @@ if [ "$1" = "target" ]; then
    echo "Make sure that the Bitcoin Core Wallet is not running in the background anymore."
    echo ""
    echo "COPY, PASTE & EXECUTE the following command on your Windows computer terminal:"
-    echo "sftp -r ./chainstate ./blocks bitcoin@${internet_localip}:/mnt/hdd/bitcoin"
+    echo "scp -r ./chainstate ./blocks bitcoin@${internet_localip}:/mnt/hdd/bitcoin"
    echo ""
    echo "If asked for a password use PASSWORD A (or 'raspiblitz')."
  fi
--- a/home.admin/config.scripts/blitz.debug.sh
+++ b/home.admin/config.scripts/blitz.debug.sh
@ -148,8 +148,8 @@ if [ "${testnet}" == "on" ] || [ "${testnet}" == "1" ]; then
  sudo journalctl -u t${network}d -b --no-pager -n8
  echo
  echo "*** LAST BLOCKCHAIN (TESTNET) 20 INFO LOGS ***"
-  echo "sudo tail -n 20 /mnt/hdd/${network}/tdebug.log"
+  echo "sudo tail -n 20 /mnt/hdd/${network}/testnet3/debug.log"
-  sudo tail -n 20 /mnt/hdd/${network}/tdebug.log
+  sudo tail -n 20 /mnt/hdd/${network}/testnet3/debug.log
  echo
 else
  echo "- OFF by config -"
@ -192,8 +192,8 @@ if [ "${signet}" == "on" ] || [ "${signet}" == "1" ]; then
  sudo journalctl -u s${network}d -b --no-pager -n8
  echo
  echo "*** LAST BLOCKCHAIN (SIGNET) 20 INFO LOGS ***"
-  echo "sudo tail -n 20 /mnt/hdd/${network}/sdebug.log"
+  echo "sudo tail -n 20 /mnt/hdd/${network}/signet/debug.log"
-  sudo tail -n 20 /mnt/hdd/${network}/sdebug.log
+  sudo tail -n 20 /mnt/hdd/${network}/signet/debug.log
  echo
 else
  echo "- OFF by config -"
@ -313,6 +313,39 @@ else
  echo "- LIT is OFF by config"
 fi
 if [ "${lndg}" == "on" ]; then
  echo
  echo "*** LNDg Status ***"
  sudo /home/admin/config.scripts/bonus.lndg.sh status
  echo
  echo "*** LNDg JOBS SYSTEMD STATUS ***"
  sudo systemctl status jobs-lndg.service -n2 --no-pager
  echo "sudo tail -n 5 /var/log/lnd_jobs_error.log"
  sudo tail -n 5 /var/log/lnd_jobs_error.log
  echo
  echo "*** LNDg REBALANCER SYSTEMD STATUS ***"
  sudo systemctl status rebalancer-lndg.service -n2 --no-pager
  echo "sudo tail -n 5 /var/log/lnd_rebalancer_error.log"
  sudo tail -n 5 /var/log/lnd_rebalancer_error.log
  echo
  echo "*** LNDg HTLC-STREAM SYSTEMD STATUS ***"
  sudo systemctl status htlc-stream-lndg.service -n2 --no-pager
  echo "sudo tail -n 5 /var/log/lnd_htlc_stream_error.log"
  sudo tail -n 5 /var/log/lnd_htlc_stream_error.log
  echo
  echo "*** LNDg GUNICORN SERVER SYSTEMD STATUS ***"
  sudo systemctl status gunicorn.service -n2 --no-pager
  echo "sudo tail -n 5 /var/log/gunicorn_error.log"
  sudo tail -n 5 /var/log/gunicorn_error.log 2>/dev/null
  echo
  echo "*** LAST 10 LNDg LOGS ***"
  echo "sudo journalctl -u lndg -b --no-pager -n10"
  sudo journalctl -u lndg -b --no-pager -n20
  echo
 else
  echo "- LNDg is OFF by config"
 fi
 if [ "${BTCPayServer}" == "on" ]; then
  echo
  echo "*** LAST 20 BTCPayServer LOGS ***"
--- a/home.admin/config.scripts/blitz.passwords.sh
+++ b/home.admin/config.scripts/blitz.passwords.sh
@ -391,7 +391,15 @@ elif [ "${abcd}" = "b" ]; then
  # LNDg
  if [ "${lndg}" == "on" ]; then
    echo "# changing the password for lndg"
-    sudo -u lndg /home/lndg/lndg/.venv/bin/python initialize.py -pw ${newPassword}
+    sudo -u lndg /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/initialize.py -pw ${newPassword}
  fi
  # mempool Explorer
  if [ "${mempoolExplorer}" == "on" ]; then
    echo "# changing the password for mempool Explorer"
    sudo jq ".CORE_RPC.PASSWORD=\"${newPassword}\"" /home/mempool/mempool/backend/mempool-config.json > /var/cache/raspiblitz/mempool-config.json
    sudo mv /var/cache/raspiblitz/mempool-config.json /home/mempool/mempool/backend/mempool-config.json
    sudo chown mempool:mempool /home/mempool/mempool/backend/mempool-config.json
  fi
  echo "# OK -> RPC Password B changed"
--- a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
+++ b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
@ -595,37 +595,68 @@ def menuMakeSubscription(blitzServiceName, torAddress, torPort):
    torTarget = "{0}:{1}".format(torAddress, torPort)
    ############################
-    # PHASE 1: Enter Shop URL
+    # PHASE 1: Choose Shop URL
    shopurl = ""
    while True:
        # see if user had before entered another shop of preference
-    shopurl = DEFAULT_SHOPURL
+        lastusedShop = ""
        try:
            subscriptions = toml.load(SUBSCRIPTIONS_FILE)
-        shopurl = subscriptions['shop_ip2tor']
+            lastusedShop = subscriptions['shop_ip2tor']
            print("# using last shop url set in subscriptions.toml")
        except Exception as e:
            print("# using default shop url")
        # set choices of shops
        choices = []
        # remove https:// from shop url (to keep it short)
-    if shopurl.find("://") > 0:
+        if lastusedShop.find("://") > 0: lastusedShop = lastusedShop[lastusedShop.find("://") + 3:]
        shopurl = shopurl[shopurl.find("://") + 3:]
-    while True:
+        # IP2TOR.COM Shop
        choice_url_ip2torcom="ip2tor.com"
        choices.append(("A", "ip2tor.com Shop"))
        if lastusedShop == choice_url_ip2torcom: lastusedShop="" 
-        # input shop url
+        # FULMO Shop
        choice_url_fulmo="fulmo7x6yvgz6zs2b2ptduvzwevxmizhq23klkenslt5drxx2physlqd.onion"
        choices.append(("B", "Fulmo Shop"))
        if lastusedShop == choice_url_fulmo: lastusedShop="" 
        # add before option if different from static options
        if len(lastusedShop) > 0: choices.append(("Y", lastusedShop))
        # enter own shop address option
        choices.append(("X", "Enter a new Shop URL"))
        # select dialog
        d = Dialog(dialog="dialog", autowidgetsize=True)
-        d.set_background_title("Select IP2TOR Bridge Shop (communication secured thru TOR)")
+        d.set_background_title("IP2TOR - Select Shop")
-        code, text = d.inputbox(
+        code, selected = d.menu(
-            "Enter Address of the IP2TOR Shop (OR JUST PRESS OK):",
+            "\nChoose your IP2Tor provider/shop:",
-            height=10, width=72, init=shopurl,
+            choices=choices, width=75, height=10, title="Select IP2Tor Shop")
            title="Shop Address")
        # if user canceled
        if code != d.OK:
            sys.exit(0)
-        # get host list from shop
+        if selected == "A" : shopurl=choice_url_ip2torcom
-        shopurl = text
+        if selected == "B" : shopurl=choice_url_fulmo
        if selected == "Y" : shopurl=lastusedShop
        # input shop url
        if selected == "X":
            d = Dialog(dialog="dialog", autowidgetsize=True)
            d.set_background_title("IP2TOR - Add new Shop")
            code, shopurl = d.inputbox(
                "Enter Address of the IP2TOR Shop (OR JUST PRESS OK):",
                height=10, width=72, init=shopurl,
                title="Shop Address")
            if shopurl.find("://") > 0: shopurl = shopurl[shopurl.find("://") + 3:]
        # try & get host list from shop
        os.system('clear')
        try:
            hosts = shopList(shopurl)
@ -686,6 +717,9 @@ Try again later, enter another address or cancel.
        if len(host['terms_of_service']) == 0: host['terms_of_service'] = "-"
        if len(host['terms_of_service_url']) == 0: host['terms_of_service_url'] = "-"
        description=host['terms_of_service']
        if "description" in host: description = "{0} / {1}".format(host['description'], host['terms_of_service'])
        # show details of selected
        d = Dialog(dialog="dialog", autowidgetsize=True)
        d.set_background_title("IP2TOR Bridge Offer Details: {0}".format(shopurl))
@ -704,7 +738,7 @@ the "SUBSCRIPTONS" menu on your RaspiBlitz.
 There will be no refunds for not used hours.
 There is no guarantee for quality of service.
-The service has the following additional terms:
+The service has the following additional description & terms:
 {5}
 More information on the service you can find under:
@ -715,7 +749,7 @@ More information on the service you can find under:
            host['tor_bridge_price_extension_sats'],
            host['ip'],
            torTarget,
-            host['terms_of_service'],
+            description,
            host['terms_of_service_url'],
            blitzServiceName
        )
--- a/home.admin/config.scripts/blitz.subscriptions.py
+++ b/home.admin/config.scripts/blitz.subscriptions.py
@ -225,7 +225,7 @@ def main():
    choices = list()
    choices.append(("LIST", "My Subscriptions"))
-    #choices.append(("NEW1", "+ IP2TOR Bridge (paid)"))
+    choices.append(("NEW1", "+ IP2TOR Bridge (paid)"))
    choices.append(("NEW2", "+ LetsEncrypt HTTPS Domain (free)"))
    d = Dialog(dialog="dialog", autowidgetsize=True)
--- a/home.admin/config.scripts/bonus.bos.sh
+++ b/home.admin/config.scripts/bonus.bos.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/alexbosworth/balanceofsatoshis/blob/master/package.json#L81
-BOSVERSION="13.6.0"
+BOSVERSION="13.15.0"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@ -3,9 +3,9 @@
 # Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0
 # https://github.com/dgarage/NBXplorer/tags
-NBXplorerVersion="v2.3.49"
+NBXplorerVersion="v2.3.58"
 # https://github.com/btcpayserver/btcpayserver/releases
-BTCPayVersion="v1.7.2"
+BTCPayVersion="v1.7.5"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -25,27 +25,19 @@ source /mnt/hdd/raspiblitz.conf
 source /home/admin/raspiblitz.info
 source <(/home/admin/_cache.sh get state)
-function postgresConfig() {
+function NBXplorerConfig() {
-
+  # check the postgres database
-  echo "# Generate the database"
+  if sudo -u postgres psql -c '\l' | grep nbxplorermainnet; then
    echo "# nbxplorermainnet database already exists"
  else
    echo "# Generate the database for nbxplorer"
    sudo -u postgres psql -c "create database nbxplorermainnet;"
    sudo -u postgres psql -c "create user nbxplorer with encrypted password 'raspiblitz';"
  # change to ${newPassword} or use Passfile=
  # sudo -u postgres psql -c "alter user btcpay with encrypted password '${newPassword}';"
  # sudo -u btcpay sed -i "s/Password=*/Password='${newPassword}';/g" /home/btcpay/.nbxplorer/Main/settings.config
  # sudo -u btcpay sed -i "s/Password=*/Password='${newPassword}';/g" /home/btcpay/.btcpayserver/Main/settings.config
    sudo -u postgres psql -c "grant all privileges on database nbxplorermainnet to nbxplorer;"
  fi
  echo "# List databases with: sudo -u postgres psql -c '\l'"
  sudo -u postgres psql -c '\l'
  ## clean postgresql:
  # sudo su - postgres -c "/usr/lib/postgresql/${PGVERSION}/bin/pg_ctl stop --wait --pgdata=/var/lib/postgresql/${PGVERSION}/main"
  # sudo pg_dropcluster ${PGVERSION} main
  # sudo apt remove postgresql -y --purge
  # sudo apt remove  postgresql-${PGVERSION} -y --purge
 }
 function NBXplorerConfig() {
  # https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#4-create-a-configuration-file
  echo
  echo "# Getting RPC credentials from the bitcoin.conf"
@ -66,7 +58,24 @@ nomigrateevts=1
 function BtcPayConfig() {
  # set thumbprint
  FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/btcpay/.lnd/tls.cert | cut -d"=" -f2)
-  echo "# setting the LND TLS thumbprint for BTCPay"
+  if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
    echo "# sqlite database exists"
    databaseOption="# keep using sqlite as /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db exists (configured in the btcpayserver.service)"
  else
    echo "# sqlite database does not exist, using postgresql"
    databaseOption="postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';"
    if sudo -u postgres psql -c '\l' | grep btcpaymainnet; then
      echo "# btcpaymainnet database already exists"
    else
      echo "# Generate the database for btcpay"
      sudo -u postgres psql -c "create database btcpaymainnet;"
      sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';"
      sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;"
    fi
    echo "# List databases with: sudo -u postgres psql -c '\l'"
    sudo -u postgres psql -c '\l'
  fi
  echo "# Regenerate the btcpayserver settings (includes the LND TLS thumbprint)"
  # https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#3-create-a-configuration-file
  echo "
 ### Global settings ###
@ -82,14 +91,50 @@ BTC.explorer.url=http://127.0.0.1:24444/
 BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/home/btcpay/admin.macaroon;certthumbprint=$FINGERPRINT
 ### Database ###
-# keep sqlite for now as configured in the btcpayserver.service
+${databaseOption}
 # postgres=User ID=btcpay;Password=urpassword;Application Name=btcpayserver;Host=localhost;Port=5432;Database=btcpay;
 explorer.postgres=User ID=nbxplorer;Host=localhost;Port=5432;Application Name=nbxplorer;MaxPoolSize=20;Database=nbxplorermainnet;Password='raspiblitz';
 " | sudo -u btcpay tee /home/btcpay/.btcpayserver/Main/settings.config
-  #doesNetworkEntryAlreadyExists=$(sudo cat /home/btcpay/.btcpayserver/Main/settings.config | grep -c '^network=')
+}
-  #echo "# setting new LND TLS thumbprint for BTCPay"
+
-  #s="BTC.lightning=type=lnd-rest\;server=https\://127.0.0.1:8080/\;macaroonfilepath=/home/btcpay/admin.macaroon\;"
+function BtcPayService() {
-  #sudo -u btcpay sed -i "s|^${s}certthumbprint=.*|${s}certthumbprint=$FINGERPRINT|g" /home/btcpay/.btcpayserver/Main/settings.config
+  if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
    echo "# sqlite database exists"
    databaseOption=" -- --sqlitefile=sqllite.db"
  else
    echo "# sqlite database does not exist, using postgresql"
    databaseOption=""
  fi
  # see the configuration options with:
  # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- -h
  # run manually to debug:
  # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- --sqlitefile=sqllite.db
  echo "# create the btcpayserver.service"
  echo "
 [Unit]
 Description=BtcPayServer daemon
 Requires=nbxplorer.service
 After=nbxplorer.service
 [Service]
 ExecStart=/home/btcpay/dotnet/dotnet run --no-launch-profile --no-build \
 -c Release --project \"/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj\" ${databaseOption}
 User=btcpay
 Group=btcpay
 Type=simple
 PIDFile=/run/btcpayserver/btcpayserver.pid
 Restart=always
 RestartSec=10
 # Hardening measures
 PrivateTmp=true
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateDevices=true
 [Install]
 WantedBy=multi-user.target
 " | sudo tee /etc/systemd/system/btcpayserver.service
  sudo systemctl daemon-reload
 }
 if [ "$1" = "status" ]; then
@ -216,10 +261,10 @@ SHA1 ${sslFingerprintTOR}"
 IP2TOR: https://${ip2torIP}:${ip2torPort}
 SHA1 ${sslFingerprintTOR}
 go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain"
-#  elif [ ${#publicDomain} -eq 0 ]; then
+  elif [ ${#publicDomain} -eq 0 ]; then
-#    text="${text}\n
+    text="${text}\n
-#To enable easy reachability with normal browser from the outside
+To enable easy reachability with normal browser from the outside
-#consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR"
+consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR"
  fi
  text="${text}\n
@ -341,9 +386,9 @@ if [ "$1" = "install" ]; then
  echo "DOTNET_CLI_TELEMETRY_OPTOUT=1" | sudo tee -a /etc/environment
  # NBXplorer
-  echo "# Install NBXplorer"
+  echo "# Install NBXplorer $NBXplorerVersion"
  cd /home/btcpay || exit 1
-  echo "# Download the NBXplorer source code ..."
+  echo "# Download the NBXplorer source code $NBXplorerVersion"
  sudo -u btcpay git clone https://github.com/dgarage/NBXplorer.git 2>/dev/null
  cd NBXplorer || exit 1
  sudo -u btcpay git reset --hard $NBXplorerVersion
@ -352,14 +397,17 @@ if [ "$1" = "install" ]; then
  PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc"
  PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
  sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-  echo "# Build NBXplorer ..."
+  echo "# Build NBXplorer $NBXplorerVersion"
  # from the build.sh with path
-  sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj
+  sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || (
    echo "# Build failed"
    exit 1
  )
  # BTCPayServer
  echo "# Install BTCPayServer"
  cd /home/btcpay || exit 1
-  echo "# Download the BTCPayServer source code ..."
+  echo "# Download the BTCPayServer source code $BTCPayVersion"
  sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null
  cd btcpayserver || exit 1
  sudo -u btcpay git reset --hard $BTCPayVersion
@ -372,9 +420,13 @@ if [ "$1" = "install" ]; then
  #PGPpubkeyFingerprint="8E5530D9D1C93097"
  sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-  echo "# Build BTCPayServer ..."
+  echo "# Build BTCPayServer $BTCPayVersion"
  # from the build.sh with path
-  sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj
+  sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release \
    /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || (
    echo "# Build failed"
    exit 1
  )
  exit 0
 fi
@ -522,8 +574,7 @@ WantedBy=multi-user.target
    echo "# Starting nbxplorer"
    sudo systemctl start nbxplorer
    echo "# Checking for nbxplorer config"
-    while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]
+    while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]; do
      do
      echo "# Waiting for nbxplorer to start - CTRL+C to abort"
      sleep 10
      hasFailed=$(sudo systemctl status nbxplorer | grep -c "Active: failed")
@ -536,8 +587,6 @@ WantedBy=multi-user.target
    echo "# Because the system is not 'ready' the service 'nbxplorer' will not be started at this point .. its enabled and will start on next reboot"
  fi
  postgresConfig
  NBXplorerConfig
  # whitelist localhost in bitcoind
@ -554,38 +603,11 @@ WantedBy=multi-user.target
    sudo systemctl restart nbxplorer
  fi
-  # see the configuration options with:
+  BtcPayConfig
  # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release -p "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- -h
  # run manually to debug:
  # sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- --sqlitefile=sqllite.db
  echo "# create the btcpayserver.service"
  echo "
 [Unit]
 Description=BtcPayServer daemon
 Requires=nbxplorer.service
 After=nbxplorer.service
-[Service]
+  BtcPayService
 ExecStart=/home/btcpay/dotnet/dotnet run --no-launch-profile --no-build \
 -c Release --project \"/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj\" \
 -- --sqlitefile=sqllite.db
 User=btcpay
 Group=btcpay
 Type=simple
 PIDFile=/run/btcpayserver/btcpayserver.pid
 Restart=on-failure
 # Hardening measures
 PrivateTmp=true
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateDevices=true
 [Install]
 WantedBy=multi-user.target
 " | sudo tee /etc/systemd/system/btcpayserver.service
  sudo systemctl enable btcpayserver
  if [ "${state}" == "ready" ]; then
    echo "# Starting btcpayserver"
    sudo systemctl start btcpayserver
@ -600,7 +622,7 @@ WantedBy=multi-user.target
      fi
    done
  else
-    echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. its enabled and will start on next reboot"
+    echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. it is enabled and will start on next reboot"
  fi
  sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main/
@ -684,7 +706,10 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  else
    echo "# keeping data"
  fi
-  echo "# OK BTCPayServer deactivaed."
+  echo "# OK BTCPayServer deactivated."
  echo "# delete the btcpay user home directory"
  sudo userdel -rf btcpay 2>/dev/null
  # needed for API/WebUI as signal that install ran thru
  echo "result='OK'"
@ -693,6 +718,11 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
 fi
 if [ "$1" = "update" ]; then
  # prevent the git error 'detected dubious ownership in repository'
  git config --global --add safe.directory /home/btcpay/NBXplorer
  git config --global --add safe.directory /home/btcpay/btcpayserver
  echo "# Update NBXplorer"
  cd /home/btcpay || exit 1
  cd NBXplorer || exit 1
@ -712,7 +742,7 @@ if [ "$1" = "update" ]; then
    TAG=$(git tag | sort -V | tail -1)
    echo "# Up-to-date on version $TAG"
  else
-    echo "# Pulling latest changes..."
+    echo "# Pulling the latest changes..."
    sudo -u btcpay git pull -p
    TAG=$(git tag | sort -V | tail -1)
    echo "# Reset to the latest release tag: $TAG"
@ -720,12 +750,17 @@ if [ "$1" = "update" ]; then
    PGPsigner="nicolasdorier"
    PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc"
    PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
    sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
      "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-    echo "# Build NBXplorer ..."
+
    echo "# Build NBXplorer $TAG"
    # from the build.sh with path
    sudo systemctl stop nbxplorer
-    sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj
+    sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || (
      echo "# Build failed"
      exit 1
    )
    # whitelist localhost in bitcoind
    if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf; then
      echo "whitelist=127.0.0.1" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf
@ -733,9 +768,6 @@ if [ "$1" = "update" ]; then
      sudo systemctl restart bitcoind
    fi
    # POSTGRES
    postgresConfig
    NBXplorerConfig
    sudo systemctl start nbxplorer
@ -747,6 +779,9 @@ if [ "$1" = "update" ]; then
  BtcPayConfig
  # always update the btcpayserver.service
  BtcPayService
  echo "# Update BTCPayServer"
  cd /home/btcpay || exit 1
  cd btcpayserver || exit 1
@ -775,10 +810,13 @@ if [ "$1" = "update" ]; then
    # https://github.com/rootzoll/raspiblitz/issues/3025
    # sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
    #  "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-    echo "# Build BTCPayServer ..."
+    echo "# Build BTCPayServer $TAG"
    # from the build.sh with path
    sudo systemctl stop btcpayserver
-    sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj
+    sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || (
      echo "# Build failed"
      exit 1
    )
    sudo systemctl start btcpayserver
    echo "# Updated BTCPayServer to $TAG"
  fi
--- a/home.admin/config.scripts/bonus.circuitbreaker.sh
+++ b/home.admin/config.scripts/bonus.circuitbreaker.sh
@ -1,8 +1,8 @@
 #!/bin/bash
 # https://github.com/lightningequipment/circuitbreaker/releases
-pinnedVersion="v0.3.2"
+# https://github.com/lightningequipment/circuitbreaker/commits/master
-# the commits are not signed
+pinnedVersion="e223938d983b756b3893880f3b3bf77e624a9f00"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -16,10 +16,37 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  exit 1
 fi
 PGPsigner="web-flow"
 PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
 PGPpubkeyFingerprint="4AEE18F83AFDEB23"
 # PGPsigner="joostjager"
 # PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
 # PGPpubkeyFingerprint="B9A26449A5528325"
 source /mnt/hdd/raspiblitz.conf
 isInstalled=$(sudo ls /etc/systemd/system/circuitbreaker.service 2>/dev/null | grep -c 'circuitbreaker.service')
 # show info menu
 if [ "$1" = "menu" ]; then
  # get network info
  localip=$(hostname -I | awk '{print $1}')
  fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
  # info without Tor
  whiptail --title " Circuit Breaker" --msgbox "Open in your local web browser & accept self-signed cert:
 https://${localip}:9236\n
 SHA1 Thumb/Fingerprint:
 ${fingerprint}\n
 To follow the logs use the command:
 sudo journalctl -fu circuitbreaker
 " 14 63
  echo "please wait ..."
  exit 0
 fi
 # switch on
 if [ "$1" = "menu" ]; then
  if [ ${isInstalled} -eq 1 ]; then
@ -67,23 +94,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    sudo /usr/sbin/usermod --append --groups lndadmin circuitbreaker
    # install from source
-    cd /home/circuitbreaker
+    cd /home/circuitbreaker || exit 1
    sudo -u circuitbreaker git clone https://github.com/lightningequipment/circuitbreaker.git
-    cd circuitbreaker
+    cd circuitbreaker || exit 1
    sudo -u circuitbreaker git reset --hard $pinnedVersion
    sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
-    ##################
+    sudo -u circuitbreaker /home/admin/config.scripts/blitz.git-verify.sh \
-    # config
+     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-    ##################
+
-    echo
+    sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
    echo "# Setting the example configuration from:"
    echo "# https://github.com/lightningequipment/circuitbreaker/blob/$pinnedVersion/circuitbreaker-example.yaml"
    echo "# Find it at: /home/circuitbreaker/.circutbreaker/circuitbreaker.yaml"
    echo
    sudo -u circuitbreaker mkdir /home/circuitbreaker/.circuitbreaker 2>/dev/null
    sudo -u circuitbreaker cp circuitbreaker-example.yaml \
    /home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml
    # make systemd service
    # sudo nano /etc/systemd/system/circuitbreaker.service
@ -118,10 +137,18 @@ WantedBy=multi-user.target
    echo "# The circuitbreaker.service is already installed."
  fi
-  # setting value in raspi blitz config
+  ##################
-  /home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on"
+  # NGINX
  ##################
  # setup nginx symlinks
  if ! [ -f /etc/nginx/sites-available/circuitbreaker_ssl.conf ]; then
    sudo cp /home/admin/assets/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-available/circuitbreaker_ssl.conf
  fi
  sudo ln -sf /etc/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-enabled/
  sudo nginx -t
  sudo systemctl reload nginx
-  isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreaker version")
+  isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreakerd version")
  if [ ${isInstalled} -eq 1 ]; then
    echo
@ -139,34 +166,42 @@ WantedBy=multi-user.target
    exit 1
  fi
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on"
  sudo ufw allow 9236 comment circuitbreaker_https
  exit 0
 fi
 # switch off
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "# Removing the user and it's home directory"
  sudo userdel -rf circuitbreaker 2>/dev/null
  if [ ${isInstalled} -eq 1 ]; then
    echo "# Removing the circuitbreaker.service"
    sudo systemctl stop circuitbreaker
    sudo systemctl disable circuitbreaker
    sudo rm /etc/systemd/system/circuitbreaker.service
-    echo "# Removing the user and it's home directory"
+    echo "# OK, circuitbreaker.service is removed."
    sudo userdel -rf circuitbreaker 2>/dev/null
    echo "# OK, Circuit Breaker is removed."
  else
-    echo "# Circuit Breaker is not installed."
+    echo "# circuitbreaker.service is not installed."
  fi
  # setting value in raspiblitz.conf
  /home/admin/config.scripts/blitz.conf.sh set circuitbreaker "off"
  sudo ufw delete allow 9236
  exit 0
 fi
 # update
 if [ "$1" = "update" ]; then
  echo "# Updating Circuit Breaker"
-  cd /home/circuitbreaker/circuitbreaker
+  cd /home/circuitbreaker/circuitbreaker || exit 1
  # from https://github.com/apotdevin/thunderhub/blob/master/scripts/updateToLatest.sh
  # fetch latest master
  sudo -u circuitbreaker git fetch
@ -190,16 +225,12 @@ if [ "$1" = "update" ]; then
  echo "# Pulling latest changes..."
  sudo -u circuitbreaker git pull -p
  sudo -u circuitbreaker git reset --hard $TAG
  #TODO PGP verification on update
  echo "# Installing the version: $TAG"
  sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
  echo
  echo "# Setting the example configuration from:"
  echo "# https://github.com/lightningequipment/circuitbreaker/blob/$TAG/circuitbreaker-example.yaml"
  echo "# Find it at: /home/circuitbreaker/.circutbreaker/circuitbreaker.yaml"
  sudo -u circuitbreaker mkdir /home/circuitbreaker/.circuitbreaker 2>/dev/null
  sudo -u circuitbreaker cp circuitbreaker-example.yaml \
  /home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml
  echo
  echo "# Updated to version" $TAG
  echo
  echo "# Starting the circuitbreaker service ... "
--- a/home.admin/config.scripts/bonus.electrs.sh
+++ b/home.admin/config.scripts/bonus.electrs.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/romanz/electrs/releases
-ELECTRSVERSION="v0.9.10"
+ELECTRSVERSION="v0.9.11"
 # https://github.com/romanz/electrs/commits/master
 # ELECTRSVERSION="446858ea621416916f84cbce61be92b748e8133e"
@ -73,7 +73,7 @@ if [ "$1" = "status" ]; then
      # no answer on that port
      echo "publicHTTPPortAnswering=0"
    fi
-    # add TOR info
+    # add Tor info
    if [ "${runBehindTor}" == "on" ]; then
      echo "TorRunning=1"
      if [ "$2" = "showAddress" ]; then
@ -98,20 +98,21 @@ if [ "$1" = "status-sync" ] || [ "$1" = "status" ]; then
  echo "serviceRunning=${serviceRunning}"
  if [ ${serviceRunning} -eq 1 ]; then
-    # Experimental try to get sync Info
+    # Experimental try to get sync Info (electrs debug info would need more details)
-    syncedToBlock=$(sudo journalctl -u electrs --no-pager -n2000 | grep "height=" | tail -n1| cut -d= -f3)
+    #source <(/home/admin/_cache.sh get btc_mainnet_blocks_headers)
-    blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.headers' | sed 's/[^0-9]*//g')
+    #blockchainHeight="${btc_mainnet_blocks_headers}"
-    lastBlockchainHeight=$(($blockchainHeight -1))
+    #lastBlockchainHeight=$(($blockchainHeight -1))
-    syncProgress=0
+    #syncedToBlock=$(sudo journalctl -u electrs --no-pager -n2000 | grep "height=" | tail -n1| cut -d= -f3)
-    if [ "${syncedToBlock}" != "" ] && [ "${blockchainHeight}" != "" ] && [ "${blockchainHeight}" != "0" ]; then
+    #syncProgress=0
-      syncProgress="$(echo "$syncedToBlock" "$blockchainHeight" | awk '{printf "%.2f", $1 / $2 * 100}')"
+    #if [ "${syncedToBlock}" != "" ] && [ "${blockchainHeight}" != "" ] && [ "${blockchainHeight}" != "0" ]; then
-    fi
+    #  syncProgress="$(echo "$syncedToBlock" "$blockchainHeight" | awk '{printf "%.2f", $1 / $2 * 100}')"
-    echo "syncProgress=${syncProgress}%"
+    #fi
-    if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then
+    #echo "syncProgress=${syncProgress}%"
-      echo "tipSynced=1"
+    #if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then
-    else
+    #  echo "tipSynced=1"
-      echo "tipSynced=0"
+    #else
-    fi
+    #  echo "tipSynced=0"
    #fi
    # check if initial sync was done, by setting a file as once electrs is the first time responding on port 50001
    electrumResponding=$(echo '{"jsonrpc":"2.0","method":"server.ping","params":[],"id":"electrs-check"}' | netcat -w 2 127.0.0.1 50001 | grep -c "result")
@ -135,7 +136,7 @@ if [ "$1" = "status-sync" ] || [ "$1" = "status" ]; then
    fi
  else
-    echo "tipSynced=0"
+    # echo "tipSynced=0"
    echo "initialSynced=0"
    echo "electrumResponding=0"
    echo "infoSync='Not running - check: sudo journalctl -u electrs'"
@ -289,9 +290,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    echo
    sudo -u electrs git clone https://github.com/romanz/electrs
    cd /home/electrs/electrs || exit 1
    sudo -u electrs git reset --hard $ELECTRSVERSION
    # verify
    sudo -u electrs /home/admin/config.scripts/blitz.git-verify.sh \
     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
    # build
    sudo -u electrs /home/electrs/.cargo/bin/cargo build --locked --release || exit 1
    echo
@ -478,8 +484,7 @@ fi
 # switch off
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
-  # setting value in raspiblitz config
+  echo "# REMOVING ELECTRS"
  /home/admin/config.scripts/blitz.conf.sh set ElectRS "off"
  # if second parameter is "deleteindex"
  if [ "$2" == "deleteindex" ]; then
@ -487,23 +492,10 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
    sudo rm -rf /mnt/hdd/app-storage/electrs/
  fi
  # Hidden Service if Tor is active
  if [ "${runBehindTor}" = "on" ]; then
    /home/admin/config.scripts/tor.onion-service.sh off electrs
  fi
  isInstalled=$(sudo ls /etc/systemd/system/electrs.service 2>/dev/null | grep -c 'electrs.service')
  if [ ${isInstalled} -eq 1 ]; then
    echo "# REMOVING ELECTRS"
    sudo systemctl disable electrs
    sudo rm /etc/systemd/system/electrs.service
    # delete user and home directory
    sudo userdel -rf electrs
    # close ports on firewall
    sudo ufw deny 50001
    sudo ufw deny 50002
    echo "# OK ElectRS removed."
    # restart BTC-RPC-Explorer to reconfigure itself to use electrs for address API
    if [ "${BTCRPCexplorer}" == "on" ]; then
@ -512,8 +504,25 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
    fi
  else
-    echo "# ElectRS is not installed."
+    echo "# electrs.service is not installed."
  fi
  # Hidden Service if Tor is active
  if [ "${runBehindTor}" = "on" ]; then
    /home/admin/config.scripts/tor.onion-service.sh off electrs
  fi
  # close ports on firewall
  sudo ufw delete allow 50001
  sudo ufw delete allow 50002
  # delete user and home directory
  sudo userdel -rf electrs
  # setting value in raspiblitz config
  /home/admin/config.scripts/blitz.conf.sh set ElectRS "off"
  echo "# OK ElectRS removed."
  exit 0
 fi
@ -522,7 +531,7 @@ if [ "$1" = "update" ]; then
  cd /home/electrs/electrs || exit 1
  sudo -u electrs git fetch
-  localVersion=$(git describe --tag)
+  localVersion=$(/home/electrs/electrs/target/release/electrs --version)
  updateVersion=$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/romanz/electrs/releases/latest|grep tag_name|head -1|cut -d '"' -f4)
  if [ $localVersion = $updateVersion ]; then
@ -532,12 +541,21 @@ if [ "$1" = "update" ]; then
    sudo -u electrs git pull -p
    echo "# Reset to the latest release tag: $updateVersion"
    sudo -u electrs git reset --hard $updateVersion
    sudo -u electrs /home/admin/config.scripts/blitz.git-verify.sh \
     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
    echo "# Installing build dependencies"
    sudo -u electrs curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u electrs sh -s -- --default-toolchain none -y
    sudo apt install -y clang cmake build-essential  # for building 'rust-rocksdb'
    echo
    echo "# Build Electrs ..."
    sudo -u electrs /home/electrs/.cargo/bin/cargo build --locked --release || exit 1
    # update config
-    sed -i "/^server_banner =/d" /home/electrs/.electrs/config.toml
+    sudo -u electrs sed -i "/^server_banner = /d" /home/electrs/.electrs/config.toml
-    sudo bash -c "echo 'server_banner = \"Welcome to electrs $updateVersion - the Electrum Rust Server on your RaspiBlitz\"' >> /home/electrs/.electrs/config.toml"
+    sudo -u electrs bash -c "echo 'server_banner = \"Welcome to electrs $updateVersion - the Electrum Rust Server on your RaspiBlitz\"' >> /home/electrs/.electrs/config.toml"
    echo "# Updated Electrs to $updateVersion"
  fi
--- a/home.admin/config.scripts/bonus.go.sh
+++ b/home.admin/config.scripts/bonus.go.sh
@ -1,7 +1,12 @@
 #!/usr/bin/env sh
 # set version, check: https://golang.org/dl/
-goVersion="1.18.7"
+goVersion="1.19.5"
 # checksums:
 amd64Checksum="36519702ae2fd573c9869461990ae550c8c0d955cd28d2827a6b159fda81ff95"
 armv6lChecksum="ec14f04bdaf4a62bdcf8b55b9b6434cc27c2df7d214d0bb7076a7597283b026a"
 arm64Checksum="fc0aa29c933cec8d76f5435d859aaf42249aa08c74eb2d154689ae44c08d23b3"
 downloadFolder="/home/admin/download"
 usage() {
@ -14,19 +19,24 @@ case "$1" in
 1 | on)          # switch on
  . /etc/profile # get Go vars - needed if there was no log-out since Go installed
-    printf "Check Framework: Go\n"
+  printf "# Check Framework: Go\n"
  if go version 2>/dev/null | grep -q "${goVersion}"; then
    printf "\nThe requested version of Go is already installed.\n"
    go version
    printf "\n"
  else
-      architecture="$(uname -m)"
+    goOSversion=$(dpkg --print-architecture)
-      case "${architecture}" in
+    if [ ${goOSversion} = "armv6l" ]; then
-        arm*) goOSversion="armv6l";;
+      checksum=${armv6lChecksum}
-        aarch64) goOSversion="arm64";;
+    elif [ ${goOSversion{} = "arm64" ]; then
-        x86_64) goOSversion="amd64";;
+      checksum=${arm64Checksum}
-        *) printf %s"Not available for architecture=${architecture}\n"; exit 1
+    elif [ ${goOSversion} = "amd64" ]; then
-      esac
+      checksum=${amd64Checksum}
    else
      echo "# architecture $goOSversion not supported"
      exit 1
    fi
    printf %s"\n*** Installing Go v${goVersion} for ${goOSversion} \n***"
    wget https://dl.google.com/go/go${goVersion}.linux-${goOSversion}.tar.gz -P ${downloadFolder}
    if [ ! -f "${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz" ]; then
@ -34,7 +44,13 @@ case "$1" in
      rm -fv go${goVersion}.linux-${goOSversion}.tar.gz*
      exit 1
    fi
-      printf "Clean old Go version\n"
+    if ! echo ${checksum} ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz | sha256sum -c; then
      printf "# FAIL: Download corrupted\n"
      rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz*
      exit 1
    fi
    printf "# Clean old Go version\n"
    sudo rm -rf /usr/local/go /usr/local/gocode
    sudo tar -C /usr/local -xzf ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz
    rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz*
@ -46,7 +62,10 @@ case "$1" in
    export PATH=$PATH:$GOPATH/bin
    sudo grep -q "GOROOT=" /etc/profile || { printf "\nGOROOT=/usr/local/go\nPATH=\$PATH:\$GOROOT/bin/\nGOPATH=/usr/local/gocode\nPATH=\$PATH:\$GOPATH/bin/\n\n" | sudo tee -a /etc/profile; }
    go env -w GOPATH=/usr/local/gocode # set GOPATH https://github.com/golang/go/wiki/SettingGOPATH
-      go version | grep -q "go" || { printf "FAIL: Unable to install Go\n"; exit 1; }
+    go version | grep -q "go" || {
      printf "FAIL: Unable to install Go\n"
      exit 1
    }
    printf %s"Installed $(go version 2>/dev/null)\n\n"
  fi
  ;;
@ -54,9 +73,9 @@ case "$1" in
 0 | off) # switch off
  printf "*** REMOVING GO ***\n"
  sudo rm -rf /usr/local/go /usr/local/gocode
-    printf "OK Go removed.\n"
+  printf "# OK Go removed.\n"
  ;;
-  *) usage
+*) usage ;;
 esac
--- a/home.admin/config.scripts/bonus.joinmarket.sh
+++ b/home.admin/config.scripts/bonus.joinmarket.sh
@ -6,7 +6,7 @@
 # https://github.com/openoms/joininbox
 # https://github.com/openoms/joininbox/tags
-JBTAG="v0.7.4" # installs JoinMarket v0.9.8
+JBTAG="v0.7.6" # installs JoinMarket v0.9.9
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -35,8 +35,8 @@ and start the JoininBox menu.
 fi
 # check if sudo
-if [ "$EUID" -ne 0 ]
+if [ "$EUID" -ne 0 ]; then
-  then echo "Please run as root (with sudo)"
+  echo "Please run as root (with sudo)"
  exit
 fi
--- a/home.admin/config.scripts/bonus.lnbits.sh
+++ b/home.admin/config.scripts/bonus.lnbits.sh
@ -3,7 +3,7 @@
 # https://github.com/lnbits/lnbits-legend
 # https://github.com/lnbits/lnbits-legend/releases
-tag="0.9.4"
+tag="0.9.6"
 VERSION="${tag}"
 # command info
@ -174,10 +174,10 @@ https://${ip2torDomain}:${ip2torPort} ready for public use"
 IP2TOR: https://${ip2torIP}:${ip2torPort}
 SHA1 ${sslFingerprintTOR}\n
 Consider adding a LetsEncrypt HTTPS Domain under OPTIONS."
-#  elif [ ${#publicDomain} -eq 0 ]; then
+  elif [ ${#publicDomain} -eq 0 ]; then
-#    text="${text}\n
+    text="${text}\n
-#To enable easy reachability with normal browser from the outside
+To enable easy reachability with normal browser from the outside
-#Consider adding a IP2TOR Bridge under OPTIONS."
+Consider adding a IP2TOR Bridge under OPTIONS."
  fi
  whiptail --title " LNbits ${fundinginfo}" --yes-button "OK" --no-button "OPTIONS" --yesno "${text}" 18 69
@ -194,16 +194,16 @@ Consider adding a LetsEncrypt HTTPS Domain under OPTIONS."
  OPTIONS=()
  # IP2TOR options
-  #if [ "${ip2torDomain}" != "" ]; then
+  if [ "${ip2torDomain}" != "" ]; then
-  #  # IP2TOR+LetsEncrypt active - offer cancel
+    # IP2TOR+LetsEncrypt active - offer cancel
-  #  OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
+    OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
-  #elif [ "${ip2torIP}" != "" ]; then
+  elif [ "${ip2torIP}" != "" ]; then
-  #  # just IP2TOR active - offer cancel or Lets Encrypt
+    # just IP2TOR active - offer cancel or Lets Encrypt
-  #  OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits")
+    OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits")
-  #  OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
+    OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
-  #else
+  else
-  #  OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription")
+    OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription")
-  #fi
+  fi
  # Change Funding Source options (only if available)
  if [ "${LNBitsFunding}" == "lnd" ] && [ "${cl}" == "on" ]; then
@ -608,7 +608,7 @@ if [ "$1" = "install" ]; then
    exit 0
  fi
-  echo "# *** INSTALL THUNDERHUB ***"
+  echo "# *** INSTALL LNBIS ${VERSION} ***"
  # add lnbits user
  echo "*** Add the 'lnbits' user ***"
--- a/home.admin/config.scripts/bonus.lndconnect.sh
+++ b/home.admin/config.scripts/bonus.lndconnect.sh
@ -98,7 +98,7 @@ elif [ "${targetWallet}" = "zeus-ios" ]; then
    usingIP2TOR="LND-REST-API"
    forceTOR=1
    host=$(sudo cat /mnt/hdd/tor/lndrest8080/hostname)
-    connectInfo="- start the Zeus Wallet --> lndconnect\n- scan the QR code \n- activate 'Tor' option \n- activate 'Certification Verification' option\n- save Node Config"
+    connectInfo="- start the Zeus Wallet --> Scan Node Config\n- scan the QR code \n- save Node Config"
 elif [ "${targetWallet}" = "zeus-android" ]; then
@ -106,7 +106,7 @@ elif [ "${targetWallet}" = "zeus-android" ]; then
    usingIP2TOR="LND-REST-API"
    forceTOR=1
    host=$(sudo cat /mnt/hdd/tor/lndrest8080/hostname)
-    connectInfo="- start the Zeus Wallet --> lndconnect\n- scan the QR code \n- activate 'Tor' option \n- activate 'Certification Verification' option\n- save Node Config"
+    connectInfo="- start the Zeus Wallet --> Scan Node Config\n- scan the QR code \n- save Node Config"
 elif [ "${targetWallet}" = "sendmany-android" ]; then
--- a/home.admin/config.scripts/bonus.lndg.sh
+++ b/home.admin/config.scripts/bonus.lndg.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/cryptosharks131/lndg
-VERSION="1.4.0 "
+VERSION="1.5.0 "
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -166,6 +166,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
        # using existing database, so remove newly created database and link to existing one
        echo "Database already exists, using existing database"
        sudo rm /home/lndg/lndg/data/db.sqlite3
 	sudo chown -R lndg:lndg /mnt/hdd/app-data/lndg
 	sudo chmod -R 755 /mnt/hdd/app-data/lndg
 	sudo chmod 644 /mnt/hdd/app-data/lndg/data/db.sqlite3
        sudo -u lndg ln -sf /mnt/hdd/app-data/lndg/data/db.sqlite3 /home/lndg/lndg/data/db.sqlite3
 	sudo -u lndg /home/lndg/lndg/.venv/bin/python manage.py migrate
      fi
@ -243,7 +246,7 @@ ExecStart=/home/lndg/lndg/.venv/bin/gunicorn lndg.wsgi -w 4 -b 0.0.0.0:8889
 Restart=always
 KillSignal=SIGQUIT
 Type=notify
-StandardError=syslog
+StandardError=append:/var/log/gunicorn_error.log
 NotifyAccess=all
 RestartSec=60s
--- a/home.admin/config.scripts/bonus.lndmanage.sh
+++ b/home.admin/config.scripts/bonus.lndmanage.sh
@ -9,7 +9,7 @@ fi
 # set version of LND manage to install
 # https://github.com/bitromortac/lndmanage/releases
-lndmanageVersion="0.11.0"
+lndmanageVersion="0.14.2"
 pgpKeyDownload="https://github.com/bitromortac.gpg"
 gpgFingerprint="0453B9F5071261A40FDB34181965063FC13BEBE2"
@ -69,7 +69,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  echo "# installing ..."
  python3 -m venv venv
  source /home/admin/lndmanage/venv/bin/activate
-  python3 -m pip install lndmanage-0.11.0-py3-none-any.whl
+  python3 -m pip install lndmanage-${lndmanageVersion}-py3-none-any.whl
  # get build dependencies
  # python3 -m pip install --upgrade pip wheel setuptools
--- a/home.admin/config.scripts/bonus.lnproxy.sh
+++ b/home.admin/config.scripts/bonus.lnproxy.sh
@ -0,0 +1,252 @@
 #!/bin/bash
 # https://github.com/lnproxy/lnproxy/commits/main
 LNPROXYVERSION="423723b58cc45daa2fdf6c8b22537d560aca4d7a"
 # https://github.com/lnproxy/lnproxy-webui/commits/main
 WEBUIVERSION=24d291c884a0b60126c1915301f29c893900a155
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  echo "config script to install or uninstall the lnproxy server"
  echo "bonus.lnproxy.sh [on|off|menu]"
  echo "installs the version $LNPROXYVERSION by default"
  exit 1
 fi
 source /mnt/hdd/raspiblitz.conf
 localip=$(hostname -I | awk '{print $1}')
 # menu
 if [ "$1" = "menu" ]; then
  if systemctl is-active --quiet lnproxy; then
    # get network info
    torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null)
    fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
    if [ "${runBehindTor}" = "on" ] && [ -n "${torAddress}" ]; then
      # Info with Tor
      sudo /home/admin/config.scripts/blitz.display.sh qr "${torAddress}"
      whiptail --title " lnproxy-webui and API" --msgbox "\
 Open in your local web browser:
 http://${localip}:4748
 https://${localip}:4749 with Fingerprint:
 ${fingerprint}\n
 Hidden Service address for Tor Browser (see LCD for QR):
 ${torAddress}\n
 To use the API:
 curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n
 The Tor Hidden Service address to share for using the API:
 ${torAddress}/api
 " 19 67
      sudo /home/admin/config.scripts/blitz.display.sh hide
    else
      # Info without Tor
      whiptail --title " lnproxy-webui " --msgbox "Open in your local web browser:
 http://${localip}:4748\n
 Activate Tor to access the web interface from outside your local network.
 " 15 57
    fi
    echo "# please wait ..."
  else
    echo "# *** LNPROXY IS NOT INSTALLED ***"
  fi
  exit 0
 fi
 # install
 if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  if systemctl is-active --quiet lnproxy; then
    echo "# FAIL - lnproxy already installed"
    sleep 3
    exit 1
  fi
  echo "*** INSTALL LNPROXY ***"
  # check and install Go
  /home/admin/config.scripts/bonus.go.sh on
  # create lnproxy user
  sudo adduser --disabled-password --gecos "" lnproxy
  # create macaroon
  cd /home/bitcoin || exit 1
  sudo -u bitcoin lncli bakemacaroon --save_to lnproxy.macaroon \
    uri:/lnrpc.Lightning/DecodePayReq \
    uri:/lnrpc.Lightning/LookupInvoice \
    uri:/invoicesrpc.Invoices/AddHoldInvoice \
    uri:/invoicesrpc.Invoices/SubscribeSingleInvoice \
    uri:/invoicesrpc.Invoices/CancelInvoice \
    uri:/invoicesrpc.Invoices/SettleInvoice \
    uri:/routerrpc.Router/SendPaymentV2
  sudo mv ./lnproxy.macaroon /home/lnproxy/
  sudo chown lnproxy:lnproxy /home/lnproxy/lnproxy.macaroon
  sudo chmod 600 /home/lnproxy/lnproxy.macaroon
  # make sure symlink to central app-data directory exists
  sudo rm -rf /home/lnproxy/.lnd # not a symlink.. delete it silently
  # create symlink
  sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lnproxy/.lnd"
  # download source code
  cd /home/lnproxy/ || exit 1
  sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy.git /home/lnproxy/lnproxy
  cd /home/lnproxy/lnproxy || exit 1
  sudo -u lnproxy git reset --hard ${LNPROXYVERSION} || exit 1
  # build
  sudo -u lnproxy /usr/local/go/bin/go get lnproxy
  sudo -u lnproxy /usr/local/go/bin/go build
  # manual start (in tmux)
  # sudo -u lnproxy /home/lnproxy/lnproxy/lnproxy -lnd-cert /home/lnproxy/.lnd/tls.cert /home/lnproxy/lnproxy.macaroon
  # create systemd service
  cat <<EOF | sudo tee /etc/systemd/system/lnproxy.service
 [Unit]
 Description=lnproxy
 After=lnd.service
 [Service]
 User=lnproxy
 Group=lnproxy
 Type=simple
 ExecStart=/home/lnproxy/lnproxy/lnproxy -lnd-cert /home/lnproxy/.lnd/tls.cert /home/lnproxy/lnproxy.macaroon
 Restart=on-failure
 RestartSec=30
 TimeoutSec=120
 # Hardening measures
 PrivateTmp=true
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateDevices=true
 [Install]
 WantedBy=multi-user.target
 EOF
  # enable and start service
  sudo systemctl enable lnproxy
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    echo "# OK - the lnproxy.service is enabled, system is on ready so starting service"
    sudo systemctl start lnproxy
  else
    echo "# OK - the lnproxy.service is enabled, to start manually use: sudo systemctl start lnproxy"
  fi
  # lnproxy-webui
  cd /home/lnproxy/ || exit 1
  sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy-webui
  cd /home/lnproxy/lnproxy-webui || exit 1
  sudo -u lnproxy git reset --hard ${WEBUIVERSION} || exit 1
  # build
  sudo -u lnproxy /usr/local/go/bin/go get lnproxy-webui
  sudo -u lnproxy /usr/local/go/bin/go build
  # create systemd service
  cat <<EOF | sudo tee /etc/systemd/system/lnproxy-webui.service
 [Unit]
 Description=lnproxy-webui
 After=lnproxy.service
 [Service]
 WorkingDirectory=/home/lnproxy/lnproxy-webui
 User=lnproxy
 Group=lnproxy
 Type=simple
 ExecStart=/home/lnproxy/lnproxy-webui/lnproxy-webui
 Restart=on-failure
 RestartSec=30
 TimeoutSec=120
 # Hardening measures
 PrivateTmp=true
 ProtectSystem=full
 NoNewPrivileges=true
 PrivateDevices=true
 [Install]
 WantedBy=multi-user.target
 EOF
  # enable and start service
  sudo systemctl enable lnproxy-webui
  source <(/home/admin/_cache.sh get state)
  if [ "${state}" == "ready" ]; then
    echo "# OK - the lnproxy-webui.service is enabled, system is on ready so starting service"
    sudo systemctl start lnproxy-webui
  else
    echo "# OK - the lnproxy-webui.service is enabled, to start manually use: sudo systemctl start lnproxy-webui"
  fi
  ##################
  # NGINX
  ##################
  # setup nginx symlinks
  if ! [ -f /etc/nginx/sites-available/lnproxy_ssl.conf ]; then
    sudo cp -f /home/admin/assets/nginx/sites-available/lnproxy_ssl.conf /etc/nginx/sites-available/lnproxy_ssl.conf
  fi
  if ! [ -f /etc/nginx/sites-available/lnproxy_tor.conf ]; then
    sudo cp /home/admin/assets/nginx/sites-available/lnproxy_tor.conf /etc/nginx/sites-available/lnproxy_tor.conf
  fi
  if ! [ -f /etc/nginx/sites-available/lnproxy_tor_ssl.conf ]; then
    sudo cp /home/admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf /etc/nginx/sites-available/lnproxy_tor_ssl.conf
  fi
  sudo ln -sf /etc/nginx/sites-available/lnproxy_ssl.conf /etc/nginx/sites-enabled/
  sudo ln -sf /etc/nginx/sites-available/lnproxy_tor.conf /etc/nginx/sites-enabled/
  sudo ln -sf /etc/nginx/sites-available/lnproxy_tor_ssl.conf /etc/nginx/sites-enabled/
  sudo nginx -t
  sudo systemctl reload nginx
  sudo ufw allow 4747 comment lnproxy-HTTP
  sudo ufw allow 4748 comment lnproxy-webui-HTTP
  sudo ufw allow 4749 comment lnproxy-HTTPS
  /home/admin/config.scripts/tor.onion-service.sh lnproxy 80 4750 443 4751
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set lnproxy "on"
  echo "# API:"
  echo "curl http://${localip}:4747/{your_invoice}?routing_msat={routing_budget}"
  echo "# WebUI:"
  echo "http://${localip}:4748"
  echo "# More info at:"
  echo "https://github.com/lnproxy/lnproxy"
  exit 0
 fi
 # switch off
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "*** REMOVING LNPROXY***"
  # remove user and home directory
  sudo userdel -rf lnproxy
  # remove systemd services
  sudo systemctl disable --now lnproxy
  /etc/systemd/system/lnproxy.service
  sudo systemctl disable --now lnproxy-webui
  /etc/systemd/system/lnproxy-webui.service
  # remove Tor service
  /home/admin/config.scripts/tor.onion-service.sh off lnproxy
  # close ports on firewall
  sudo ufw delete allow 4747
  sudo ufw delete allow 4748
  sudo ufw delete allow 4749
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set lnproxy "off"
  echo "# OK, lnproxy is removed."
  exit 0
 fi
--- a/home.admin/config.scripts/bonus.postgresql.sh
+++ b/home.admin/config.scripts/bonus.postgresql.sh
@ -51,7 +51,7 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then
    fix_postgres=1
  fi
-  if [ fix_postgres = 1 ] || [ ! -d /mnt/hdd/app-data/postgresql ]; then
+  if [ ${fix_postgres} = 1 ] || [ ! -d /mnt/hdd/app-data/postgresql ]; then
    echo "# Move the PostgreSQL data to /mnt/hdd/app-data/postgresql"
    sudo systemctl stop postgresql 2>/dev/null
    sudo rsync -av $postgres_datadir /mnt/hdd/app-data
@ -67,9 +67,8 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then
    # wait for the postgres server to start
    count=0
    count_max=30
-    while ! nc -zv 127.0.0.1 5432 2>/dev/null;
+    while ! nc -zv 127.0.0.1 5432 2>/dev/null; do
-    do
+      count=$((count + 1))
      count=`expr $count + 1`
      echo "sleep $count/$count_max"
      sleep 1
      if [ $count = $count_max ]; then
@ -103,7 +102,7 @@ fi
 # backup
 backup_target="/mnt/hdd/app-data/backup/$db_name"
-backup_file="${db_name}_`date +%d`-`date +%m`-`date +%Y`_`date +%H`-`date +%M`_dump"
+backup_file="${db_name}_$(date +%d)-$(date +%m)-$(date +%Y)_$(date +%H)-$(date +%M)_dump"
 if [ ! -d $backup_target ]; then
  sudo mkdir -p $backup_target 1>&2
 fi
--- a/home.admin/config.scripts/bonus.sphinxrelay.sh
+++ b/home.admin/config.scripts/bonus.sphinxrelay.sh
@ -108,9 +108,9 @@ iOS support is native, Android needs Orbot"
 At the moment your Sphinx Relay Server is just available
 within the local network - without transport encryption.
 Local server for test & debug: ${publicURL}/app"#\n
-#To enable easy reachability from the outside consider
+To enable easy reachability from the outside consider
-#adding a IP2TOR Bridge and reconnect:
+adding a IP2TOR Bridge and reconnect:
-#MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
+MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
   extraPairInfo="You need to be on the same local network to make this work."
  else
--- a/home.admin/config.scripts/bonus.suez.sh
+++ b/home.admin/config.scripts/bonus.suez.sh
@ -1,7 +1,7 @@
 #!/bin/bash
 # https://github.com/prusnak/suez/commits/master
-SUEZVERSION="e402edbddb45d8a53af346b8582243f4068ece6c"
+SUEZVERSION="bcfd3502ac1f7d95b90c62c1daeae50aa7052be7"
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -12,7 +12,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
 fi
 PGPsigner="prusnak"
-PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
+PGPpubkeyLink="https://rusnak.io/public/pgp.txt"
 PGPpubkeyFingerprint="91F3B339B9A02A3D"
 source /mnt/hdd/raspiblitz.conf
@ -21,8 +21,7 @@ source /mnt/hdd/raspiblitz.conf
 if [ "$1" = "menu" ]; then
  dialog --title " Info Suez" --msgbox "
 Suez is a command line tool.
-Type: 'suez' for the default channel visualization for LND
+Type: 'suez' to visualize the channels of the default ln instance
 Type: 'suez --help' in the command line to see the usage options.
 Readme: https://github.com/prusnak/suez#readme
 " 10 75
  exit 0
@ -46,11 +45,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
  echo "# Adding alias"
  sudo -u admin touch /home/admin/_aliases
  echo "alias suez='cd /home/bitcoin/suez && sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez'"\
   | sudo tee -a /home/admin/_aliases
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set suez "on"
@ -65,16 +59,14 @@ fi
 # switch off
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "# REMOVING SUEZ"
  sudo rm -rf /home/bitcoin/suez
-  echo "# OK, suez is removed."
+  echo "# OK, Suez is removed."
  # setting value in raspi blitz config
  /home/admin/config.scripts/blitz.conf.sh set suez "off"
  exit 0
 fi
 # update
--- a/home.admin/config.scripts/bonus.tallycoin-connect.sh
+++ b/home.admin/config.scripts/bonus.tallycoin-connect.sh
@ -8,7 +8,7 @@ HOME_DIR=/home/$USERNAME
 CONFIG_FILE=$APP_DATA_DIR/tallycoin_api.key
 RASPIBLITZ_INFO=/home/admin/raspiblitz.info
 SERVICE_FILE=/etc/systemd/system/tallycoin-connect.service
-TC_VERSION=1.7.1
+TC_VERSION=1.7.5
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
--- a/home.admin/config.scripts/cl.backup.sh
+++ b/home.admin/config.scripts/cl.backup.sh
@ -189,7 +189,7 @@ if [ ${mode} = "cl-export-gui" ]; then
  echo 
  echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
  echo "sftp '${fileowner}@${localip}:${filename}' ./"
-  echo "ON WINDOWS USE:"
+  echo "ON WINDOWS - RUN IN CMD:"
  echo "sftp ${fileowner}@${localip}:${filename} ."
  echo
  echo "Use password A to authenticate file transfer."
--- a/home.admin/config.scripts/cl.hsmtool.sh
+++ b/home.admin/config.scripts/cl.hsmtool.sh
@ -156,7 +156,7 @@ function decryptHSMsecret() {
      /home/admin/config.scripts/cl.hsmtool.sh unlock ${CHAIN}
      # attempt to decrypt again
      sudo cat $passwordFile | sudo -u bitcoin lightning-hsmtool decrypt \
-       "$hsmSecretPath" || echo "# Couldn't decrypt"; exit 1
+       "$hsmSecretPath" || (echo "# Couldn't decrypt"; exit 1)
    fi
  fi
  shredPasswordFile
--- a/home.admin/config.scripts/lnd.backup.sh
+++ b/home.admin/config.scripts/lnd.backup.sh
@ -199,7 +199,7 @@ if [ ${mode} = "lnd-export-gui" ]; then
  echo 
  echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
  echo "sftp '${fileowner}@${localip}:${filename}' ./"
-  echo "ON WINDOWS USE:"
+  echo "ON WINDOWS - RUN IN CMD:"
  echo "sftp ${fileowner}@${localip}:${filename} ."
  echo "Use password A to authenticate file transfer."
  echo
--- a/home.admin/config.scripts/lnd.export.sh
+++ b/home.admin/config.scripts/lnd.export.sh
@ -136,9 +136,9 @@ elif [ "${exportType}" = "btcpay" ]; then
    echo "NOTE: You have a IP2TOR connection for LND REST API .. so you can use this connection string also with a external BTCPay server."
  else
    echo "IMPORTANT: You can only use this connection string for a BTCPay server running on this RaspiBlitz."
-    #echo "If you want to connect from a external BTCPay server activate a IP2TOR tunnel for LND-REST first:"
+    echo "If you want to connect from a external BTCPay server activate a IP2TOR tunnel for LND-REST first:"
-    #echo "MAIN MENU > SUBSCRIBE > IP2TOR > LND REST API"
+    echo "MAIN MENU > SUBSCRIBE > IP2TOR > LND REST API"
-    #echo "Then come back and get a new connection string."
+    echo "Then come back and get a new connection string."
  fi
  echo ""
--- a/home.admin/config.scripts/network.reindex.sh
+++ b/home.admin/config.scripts/network.reindex.sh
@ -1,93 +1,54 @@
 #!/bin/bash
 # command info
-if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
- echo "script to run re-index if the blockchain (in case of repair)"
+ echo "script to run re-index if the blockchain - blocks will not be deleted but re-indexed"
- echo "run to start or monitor re-index progress"
+ echo "will trigger reboot after started and progress can be monitored thru normal sync status"
 echo "There are two ways to re-index - for details see: https://bitcoin.stackexchange.com/a/60711"
 echo "network.reindex.sh reindex [mainnet|testnet|signet] --> re-index chain & repair corrupt blocks"
 echo "network.reindex.sh reindex-chainstate [mainnet|testnet|signet] --> only re-build UTXO set (fast)"
 exit 1
 fi
 # check and load raspiblitz config
 # to know which network is running
 source /home/admin/raspiblitz.info
 source /mnt/hdd/raspiblitz.conf
-# if re-index is not running, start ...
+if [ "$1" = "reindex" ] || [ "$1" = "reindex-chainstate" ]; then
 source <(/home/admin/_cache.sh get state)
 if [ "${state}" != "reindex" ]; then
-  # stop services
+  action="$1"
-  echo "making sure services are not running .."
+
-  sudo systemctl stop lnd 2>/dev/null
+  # network prefixes
-  sudo systemctl stop ${network}d 2>/dev/null
+  if [ "$2" = "mainnet" ]; then
    echo "# network.reindex.sh ${action} --> mainnet"
    prefix=""
    netparam=""
  elif [ "$2" = "testnet" ]; then
    echo "# network.reindex.sh ${action} --> testnet"
    prefix="t"
    netparam="-testnet "
  elif [ "$2" = "signet" ]; then
    echo "# network.reindex.sh ${action} --> signet"
    prefix="s"
    netparam="-signet "
  else
    echo "error='unknown/missing secondary parameter'"
    exit 1
  fi
  # stop bitcoin service
  echo "# stopping ${network} service (please wait - can take time) .."
  sudo systemctl stop ${prefix}${network}d
  # starting reindex
-  echo "starting re-index ..."
+  echo "# starting ${network} service with -${action} flag"
-  sudo -u bitcoin /usr/local/bin/${network}d -daemon -reindex -conf=/home/bitcoin/.${network}/${network}.conf -datadir=/home/bitcoin/.${network}
+  sudo -u bitcoin /usr/local/bin/${network}d ${netparam}-daemon -blockfilterindex=0 -${action} -conf=/mnt/hdd/${network}/${network}.conf -datadir=/mnt/hdd/${network} 1>&2
-
+  echo "# waiting 10 secs"
-  # set reindex flag in raspiblitz.info (gets deleted after (final) reboot)
+  sleep 10
-  sudo sed -i "s/^state=.*/state=reindex/g" /home/admin/raspiblitz.info
+  echo "# going into reboot - reindex process can be monitored like normal blockchain sync status"
 fi
 # while loop to wait to finish
 finished=0
 progress=0
 while [ ${finished} -eq 0 ]
  do
  clear
  echo "*************************"
  echo "REINDEXING BLOCKCHAIN"
  echo "*************************"
  date
  echo "THIS CAN TAKE SOME VERY LONG TIME"
  echo "See Raspiblitz FAQ: https://github.com/rootzoll/raspiblitz"
  echo "On question: My blockchain data is corrupted - what can I do?"
  echo "If you dont see any progress after 24h keep X pressed to stop."
  # get blockchain sync progress
  blockchaininfo=$(sudo -u bitcoin ${network}-cli -datadir=/home/bitcoin/.${network} getblockchaininfo)
  progress=$(echo "${blockchaininfo}" | jq -r '.verificationprogress')
  #progress=$(echo "${progress}*100" | bc)
  progress=$(echo $progress | awk '{printf( "%.2f%%", 100 * $1)}')
  inprogress="$(echo "${blockchaininfo}" | jq -r '.initialblockdownload')"
  if [ "${inprogress}" = "false" ]; then
    finished=1
  fi
  echo ""
  echo "RUNNING: ${inprogress}"
  echo "PROGRESS: ${progress}"
  echo ""
  echo "You can close terminal while reindex is running.."
  echo "But you have to login again to check if ready."
  # wait 2 seconds for key input
  read -n 1 -t 2 keyPressed
  # check if user wants to abort monitor
  if [ "${keyPressed}" = "x" ]; then
    echo "stopped by user ..."
    break
  fi
 done
 # trigger reboot when finished
 echo "*************************"
 if [ ${finished} -eq 0 ]; then
  echo "Re-Index CANCELED"
 else 
  echo "Re-Index finished"
 fi
 echo "Starting reboot ..."
 echo "*************************"
 # stop bitcoind
 sudo -u bitcoin ${network}-cli stop
 sleep 4
 # clean logs (to prevent a false reindex detection)
 sudo rm /mnt/hdd/${network}/debug.log 2>/dev/null
 # reboot
  sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
  exit 0
 fi
 echo "error='unknown main parameter'"
 exit 1
--- a/home.admin/config.scripts/network.txindex.sh
+++ b/home.admin/config.scripts/network.txindex.sh
@ -30,36 +30,47 @@ if [ "$1" = "status" ]; then
  echo "##### STATUS TXINDEX"
  indexByteSize=$(sudo du -s /mnt/hdd/bitcoin/indexes/txindex 2>/dev/null | cut -f1)
  if [ "${indexByteSize}" == "" ]; then
    indexByteSize=0
  fi
  echo "txindex=${txindex}"
  echo "indexByteSize=${indexByteSize}"
  if [ ${txindex} -eq 0 ]; then
    exit 0
  fi
  # try to gather if still indexing
  source <(/home/admin/_cache.sh get btc_mainnet_blocks_headers)
  blockchainHeight="${btc_mainnet_blocks_headers}"
  indexedToBlock=$(sudo tail -n 200 /mnt/hdd/${network}${pathAdd}/debug.log | grep "Syncing txindex with block chain from height" | tail -n 1 | cut -d " " -f 9 | sed 's/[^0-9]*//g')
  blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.blocks' | sed 's/[^0-9]*//g')
  indexFinished=$(sudo tail -n 200 /mnt/hdd/${network}${pathAdd}/debug.log | grep -c "txindex is enabled at height")
-  echo "indexedToBlock=${indexedToBlock}"
+
  echo "blockchainHeight=${blockchainHeight}"
  echo "indexFinished=${indexFinished}"
  if [ ${#indexedToBlock} -eq 0 ] || [ ${indexFinished} -gt 0 ] || [ "${indexedToBlock}" = "${blockchainHeight}" ]; then
    echo "isIndexed=1"
    indexedToBlock=$blockchainHeight
    indexFinished=1
    indexInfo="OK"
  else
    echo "isIndexed=0"
    if [ ${#indexedToBlock} -gt 0 ] && [ ${#blockchainHeight} -gt 0 ]; then
      progressPercent=$(printf %.2f $(echo "${indexedToBlock}/${blockchainHeight}*100" | bc -l))
-      indexInfo="Indexing is at ${progressPercent}% (please wait)"
+      indexInfo="Building ${progressPercent}% (please wait)"
    else
-      indexInfo="Indexing is running (please wait)"
+      indexInfo="Building (please wait)"
    fi
    echo "indexInfo='${indexInfo}'"
  fi  
  echo "indexFinished=${indexFinished}"
  echo "indexedToBlock=${indexedToBlock}"
  echo "blockchainHeight=${blockchainHeight}"
  exit 0
 fi
 ###################
 # switch on
 ###################
@ -84,27 +95,26 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  fi
 fi
 ###################
 # switch off
 ###################
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "# changing config ..."
  sudo sed -i "s/^txindex=.*/txindex=0/g" /mnt/hdd/${network}/${network}.conf
  echo "# deinstalling apps needing txindex ..."
  sudo -u admin /home/admin/config.scripts/bonus.btc-rpc-explorer.sh off
  echo "# restarting bitcoind ..."
  sudo systemctl restart ${network}d
  exit 0
 fi
 ###################
 # delete (and make sure all using apps are deinstalled)
 # on version update check all bonus scripts that this network.txindex.sh on
 ###################
 if [ "$1" = "delete" ]; then
-  echo "# deinstalling apps needing txindex ..."
+  echo "# stopping bitcoind ..."
  sudo -u admin /home/admin/config.scripts/bonus.btc-rpc-explorer.sh off
  echo "# changing config ..."
  sudo systemctl stop ${network}d
  sudo sed -i "s/^txindex=.*/txindex=0/g" /mnt/hdd/${network}/${network}.conf
  echo "# deleting tx index ..."
  sudo rm -r /mnt/hdd/${network}/indexes/txindex
  echo "# restarting bitcoind ..."
--- a/home.admin/config.scripts/tor.network.sh
+++ b/home.admin/config.scripts/tor.network.sh
@ -71,7 +71,7 @@ deactivateBitcoinOverTor()
 [ -f "/home/admin/raspiblitz.info" ] && . /home/admin/raspiblitz.info
 [ -f "/mnt/hdd/raspiblitz.conf" ] && . /mnt/hdd/raspiblitz.conf
-torActive=$(sudo systemctl is-active tor@default | grep -c "active")
+torActive=$(systemctl is-active tor@default | grep -c "^active")
 curl --socks5 127.0.0.1:9050 --socks5-hostname 127.0.0.1:9050 -m 5 -s https://check.torproject.org/api/ip | grep -q "\"IsTor\":true" && torFunctional=1
 case "$1" in
@ -156,7 +156,7 @@ EOF
    sudo chmod -R 700 /mnt/hdd/tor
    sudo chown -R debian-tor:debian-tor /mnt/hdd/tor
    sudo systemctl restart tor@default
-    echo "OK - Tor is now $(sudo systemctl is-active tor@default)"
+    echo "OK - Tor is now $(systemctl is-active tor@default)"
    echo "needs reboot to activate new setting"
  ;;