mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-03-01 00:59:23 +01:00
Code Issues Projects Releases Packages Wiki Activity

merigng 1.9RC2 changes (#3657)

Browse source
This commit is contained in:
/rootzoll 2023-02-05 23:11:49 +01:00 committed by GitHub
parent 8d5f42ff2e
commit 8727207987
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
47 changed files with 1318 additions and 642 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
CHANGES.md
View file

@ -4,31 +4,37 @@
- New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md)
- New: Fatpack & Minimal sd card builds [details](SECURITY.md#minimal-sd-card-build)
- New: I2P support for Bitcoin Core (i2pacceptincoming=1) [details](https://github.com/rootzoll/raspiblitz/issues/2413)
- New: CLN Watchtower (The Eye of Satoshi) [details](https://github.com/talaia-labs/rust-teos/tree/master/watchtower-plugin)
- New: LNDg v1.4.0 [details](https://github.com/cryptosharks131/lndg)
- New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087)
- New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry)
- New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot)
- New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333)
- New on WebUI: Jam (JoinMarket Web UI) v0.1.4 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.4)
- Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md)
- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta
- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta)
- Update: Core Lightning v22.11.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v22.11.1)
- Update: Electrum Server in Rust (electrs) v0.9.10 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0910-nov-3-2022)
- Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
- Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha)
- Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3)
- Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
- Update: LNbits 0.9.4 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.2)
- Update: BTCPayServer 1.7.2 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.2)
- Update: LNbits 0.9.6 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.6)
- Update: BTCPayServer 1.7.5 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5)
- Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0)
- Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5)
- Update: JoinMarket v0.9.8 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.8)
- Update: JoininBox v0.7.4 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.3)
- Update: Balance of Satoshis 13.6.0 (BOS) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#1360)
- Update: Circuitbreaker v0.3.2 [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
- Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9)
- Update: JoininBox v0.7.6 [details](https://github.com/openoms/joininbox/releases/tag/v0.7.6)
- Update: Balance of Satoshis 13.15.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#13150)
- Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage)
- Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
- Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez)
- Update: Tallycoin Connect v1.7.5 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.7.5)
- Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file)
- Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
- Info: IP2Tor unavailable & deactivated in SSH menus [details](https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480)
- Info: IP2Tor fix fulmo shop & added new ip2tor.com shop
- Info: 32GB sdcard is now enforced (after being recommended since v1.5)
- Info: 'Reindex Blockchain' is not part of 'repair' menu
## What's new in Version 1.8.0c of RaspiBlitz?

2
FAQ.cl.md
View file

@ -59,7 +59,7 @@
* Yes, all [BOLT specification](https://github.com/lightningnetwork/lightning-rfc) compliant implementations can open channels to each other and route payments.
### Can I run LND and CLN connected to the same node?
* Yes, both can run parallel on a RaspiBlitz and even have channels witch each other.
* Yes, both can run parallel on a RaspiBlitz and even have channels with each other.
### Can I convert an LND node to CLN (or the opposite)?
* No, currently there are no tools available to convert between the databases storing the channel states.

61
FAQ.md
View file

@ -4,6 +4,7 @@
---
Table of Contents
---
- [Table of Contents](#table-of-contents)
- [Upgrade](#upgrade)
- [How to verify the SD card image after download?](#how-to-verify-the-sd-card-image-after-download)
- [What changed on every upgrade?](#what-changed-on-every-upgrade)
@ -17,6 +18,7 @@ Table of Contents
- [How to SSH over Tor?](#how-to-ssh-over-tor)
- [How to setup port-forwarding with a SSH tunnel?](#how-to-setup-port-forwarding-with-a-ssh-tunnel)
- [How do I setup just a port-forwarding user on my public server?](#how-do-i-setup-just-a-port-forwarding-user-on-my-public-server)
- [How to reset the ssh config and keys?](#how-to-reset-the-ssh-config-and-keys)
- [Display](#display)
- [Can I flip the screen?](#can-i-flip-the-screen)
- [How to fix my upside down LCD after update?](#how-to-fix-my-upside-down-lcd-after-update)
@ -27,12 +29,12 @@ Table of Contents
- [How do I generate a Debug Report?](#how-do-i-generate-a-debug-report)
- [Why is my "final sync" taking so long?](#why-is-my-final-sync-taking-so-long)
- [How do I backup my Lightning Node?](#how-do-i-backup-my-lightning-node)
- [1) Securing your On-Chain- and Channel-Funds during Operation](#and-channel-funds-during-operation)
- [1) Securing your On-Chain- and Channel-Funds during Operation](#1-securing-your-on-chain--and-channel-funds-during-operation)
- [2) Making a complete LND data backup](#2-making-a-complete-lnd-data-backup)
- [How can I recover my coins from a failing RaspiBlitz?](#how-can-i-recover-my-coins-from-a-failing-raspiblitz)
- [1) Recover LND data](#1-recover-lnd-data)
- [2) Recover from Wallet Seed](#2-recover-from-wallet-seed)
- [How do I move funds & channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app)
- [How do I move funds \& channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app)
- [How do I change the Name/Alias of my lightning node](#how-do-i-change-the-namealias-of-my-lightning-node)
- [How do I change the public port LND/Lightning node is running on?](#how-do-i-change-the-public-port-lndlightning-node-is-running-on)
- [How do I solve a "signature mismatch after caveat verification" error?](#how-do-i-solve-a-signature-mismatch-after-caveat-verification-error)
@ -43,9 +45,10 @@ Table of Contents
- [Why is my bitcoin IP on the display red?](#why-is-my-bitcoin-ip-on-the-display-red)
- [Why is my node address on the display red?](#why-is-my-node-address-on-the-display-red)
- [Why is my node address on the display yellow (not green)?](#why-is-my-node-address-on-the-display-yellow-not-green)
- [How can I set a fixed IP?](#how-can-i-set-a-fixed-ip)
- [How do I fix a displayed Error in my Config?](#how-do-i-fix-a-displayed-error-in-my-config)
- [Can I run the RaspiBlitz as Backend for BTCPayServer?](#can-i-run-the-raspiblitz-as-backend-for-btcpayserver)
- [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#how-do-i-connect-to-my-raspiblitz)
- [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#i-dont-have-a-lan-port-on-my-laptop---how-do-i-connect-to-my-raspiblitz)
- [Is it possible to connect the Blitz over Wifi instead of using a LAN cable?](#is-it-possible-to-connect-the-blitz-over-wifi-instead-of-using-a-lan-cable)
- [Can I directly connect the RaspiBlitz to my laptop?](#can-i-directly-connect-the-raspiblitz-to-my-laptop)
- [How to attach the RaspberryPi to the HDD?](#how-to-attach-the-raspberrypi-to-the-hdd)
@ -53,18 +56,18 @@ Table of Contents
- [Are those "Under-Voltage detected" warnings a problem?](#are-those-under-voltage-detected-warnings-a-problem)
- [How do I return to the menu after exiting to the command line](#how-do-i-return-to-the-menu-after-exiting-to-the-command-line)
- [How do I setup fresh/clean/reset and without going into recovery mode?](#how-do-i-setup-freshcleanreset-and-without-going-into-recovery-mode)
- [My blockchain data is corrupted - what can I do?](#what-can-i-do)
- [I have two RaspiBlitz in my network - can they both be public?](#can-they-both-be-public)
- [My blockchain data is corrupted - what can I do?](#my-blockchain-data-is-corrupted---what-can-i-do)
- [I have two RaspiBlitz in my network - can they both be public?](#i-have-two-raspiblitz-in-my-network---can-they-both-be-public)
- [How can I enforce UASP mode for my SSD controller?](#how-can-i-enforce-uasp-mode-for-my-ssd-controller)
- [I am facing maintenance/emergency mode on boot. How do I fix it?](#i-am-facing-maintenanceemergency-mode-on-boot-how-do-i-fix-it)
- [Extras](#extras)
- [How do I connect a UPS to the RaspiBlitz?](#how-do-i-connect-a-ups-to-the-raspiblitz)
- [Can I run my RaspiBlitz on Solar Energy?](#can-i-run-my-raspiblitz-on-solar-energy)
- [How to use the Let's Encrypt client](#how-to-use-the-lets-encrypt-client)
- [Let's Encrypt - HTTP-01](#http-01)
- [Let's Encrypt - DNS-01](#dns-01)
- [Let's Encrypt - eMail Address](#email-address)
- [Let's Encrypt - Installation details](#installation-details)
- [Let's Encrypt - HTTP-01](#lets-encrypt---http-01)
- [Let's Encrypt - DNS-01](#lets-encrypt---dns-01)
- [Let's Encrypt - eMail Address](#lets-encrypt---email-address)
- [Let's Encrypt - Installation details](#lets-encrypt---installation-details)
- [What is this mnemonic seed word list?](#what-is-this-mnemonic-seed-word-list)
- [How do I set up VNC?](#how-do-i-set-up-vnc)
- [Why use BTRFS on RaspiBlitz?](#why-use-btrfs-on-raspiblitz)
@ -255,7 +258,7 @@ useradd -g forwardings -d /home [USERNAME]
echo 'command="date" [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]' > /etc/ssh/authorized_keys/[USERNAME]
```
As a result you should see a "good signature" message with a main fingerprint the same as you can find on the [keybase.io/rootzoll](https://keybase.io/rootzoll) that is ending on `1C73 060C 7C17 6461` the sub fingerprint should end on `A2D7 AA9D D1B5 CC56 47DA`. If that fingerprint is correct, the SD card image you downloaded is a original release RaspiBlitz.
### How to reset the ssh config and keys?
- shutdown the RaspiBlitz - if you dont have touchscreen activated, disconnect LAN cable, wait until HDD/SSD activity slows down (no constant blinking) and then cut the power
- take out the SD card and connect it to your laptop - it should appear as a `boot` drive
@ -302,6 +305,17 @@ You can also put an empty file just called `hdmi` (without any ending) onto the
## Debug
### How do I generate a Debug Report?
If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem - please follow the following steps to generate a debug report:
- SSH into your raspiblitz as admin user with your password A
- If you see the menu - use CTRL+C to get to the terminal
- To generate debug report run: `debug`, optionally create a link with `debug -l`
- Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this
*PLEASE NOTICE: It's possible that these logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.*
### I have the full blockchain on another storage. How do I copy it to the RaspiBlitz?
Copying a already synced blockchain from another storage (e.g. your Laptop or external hard drive) can be a quick way to get the RaspiBlitz started or replacing a corrupted blockchain with a fresh one. Also that way you have synced and verified the blockchain yourself, and are not trusting the RaspiBlitz Torrent downloads (Don't trust, verify).
@ -318,16 +332,13 @@ If everything described above is in order, start the setup of the new RaspiBlitz
Once you finished all the transfers, the Raspiblitz will make a quick-check on the data - but that will not guarantee that everything in detail was OK with the transfer. Check further FAQ answers if you get stuck or see a final sync with a value below 90%.
### How do I generate a Debug Report?
### Bitcoind tells me to reindex - how can I do this?
If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem - please follow the following steps to generate a debug report:
To find/access information fast in large data sets like the Bitcoin blockhain indexes are needed. Those indexes can get corrupted on your HDD/SSD and to repair them they need to be rebuild - re-indexed. Bitcoind has two different options to do this - a fast way called "reindex-chainstate" (which just rebuilds the UTXO set from the blocks as you have them) and the slow but complete way called just "reindex" that would even recheck all your block data - see for details here: https://bitcoin.stackexchange.com/questions/60709/when-should-i-use-reindex-chainstate-and-when-reindex
- SSH into your raspiblitz as admin user with your password A
- If you see the menu - use CTRL+C to get to the terminal
- To generate debug report run: `debug`, optionally create a link with `debug -l`
- Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this
So if you read in your debug logs of bitcoind that you should "reindex" you can try first just to do a fast "reindex-chainstate" and if that didnt worked a slow and full "reindex".
*PLEASE NOTICE: It's possible that these logs can contain private information (like IPs, node IDs, ...) - just share publicly what you feel OK with.*
See the raspiblitz script `./config.scripts/network.reindex.sh` or the REAPIR menu to start these processes.
### Why is my "final sync" taking so long?
@ -540,7 +551,7 @@ https://github.com/raspibolt/raspibolt/blob/a21788c0518618d17093e3f447f68a53e4ef
### Can I directly connect the RaspiBlitz to my laptop?
If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055).
If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055) and this [guide for Windows](https://www.tomshardware.com/how-to/share-internet-connection-windows-ethernet-wi-fi).
In short for OSX:
@ -552,7 +563,19 @@ In short for OSX:
* in terminal > `arp -a` and check for an IP of a client to the bridge
* in terminal > ssh admin@[clientIP]
If anyone has experience on doing this in Linux/Win, please share.
In short for Windows:
* make sure all VPNs are off (can interfere with local LAN)
* connect Raspiblitz with laptop LAN/ethernet directly
* Control Panel > Network and Internet > Network and Sharing Centre
* Click on your active internet connection highlighted in blue
* Properties > Sharing
* Check the box titled "Allow other network users to connect through this computer's Internet connection
* Select LAN/Ethernet from the "Home networking connection:" dropdown menu
* Click OK
* Restart the Raspiblitz
If anyone has experience on doing this in Linux please share.
### How to attach the RaspberryPi to the HDD?

25
README.md
View file

@ -772,7 +772,7 @@ Using pre-signed bitcoin transactions (PSBT) and [Hardware Wallet Interface](htt
At the moment it is very Linux-focused.
The same applies to multi-signature setups.
The goal of the Specter Desktop wallet is to make a convenient and user-friendly GUI around Bitcoin Core, focusing on multi-signature setups with air-gapped hardware wallets like Trezor, Ledger, COLDCARD or the Specter-DIY.
The goal of the Specter Desktop wallet is to make a sub and user-friendly GUI around Bitcoin Core, focusing on multi-signature setups with air-gapped hardware wallets like Trezor, Ledger, COLDCARD or the Specter-DIY.
![SPECTER](pictures/specter.jpg)
@ -855,6 +855,11 @@ LNbits is a very simple server that sits on top of your Lightning Wallet.
![LNBITS](pictures/lnbits.png)
It can be used together with IP2Tor to provide:
- Lightning Paper Vouchers (Plugin: LNURLw)
- Merchant Onboarding (Plugin: TPOS)
[![Video Tutorial](pictures/video-vouchers.png)](https://www.youtube.com/watch?v=0Bt3tHULAnw)
You can also develop your own extensions on it.
@ -1009,7 +1014,20 @@ At the moment, the following subscription services are available:
##### IP2TOR (paid)
DEACTIVATED SINCE 1.9 --> see for background: https://github.com/rootzoll/raspiblitz/issues/3417#issuecomment-1310303480
IP2TOR is a tunnel service where you can run your RaspiBlitz anonymously behind TOR but you rent a port on a clearnet IP through which you can make services of your RaspiBlitz easy reachable for everybody on the internet.
You don't need to care about your local router or firewall settings.
You can pay for this service directly through Lightning from your RaspiBlitz as subscription.
At first you select what services of your RaspiBlitz you like to tunnel through a IP2TOR bridge.
You will get a list of available IP2TOR shops & bridge offerings.
Select `OK` on an IP2TOR bridge offering and you will see more details on it, such as how many satoshis the subscription will cost you.
Your node should be funded and have channels open already at this point.
If you choose `AGREE` on the details of a IP2TOR bridge offering the RaspiBlitz tries for you to setup the IP2TOR bridge.
If everything worked you will find now the subscription under `MAINMENU` > `SUBSCRIBE` > `LIST My Subscriptions` where you can cancel it again.
To try out the IP2TOR tunnel choose in `MAINMENU` the extra menu point of the Service you choose the bridge for and it should give you now an updated URL or try calling the API on the IP and Port that is displayed under the details of the subscription in the `LIST My Subscriptions` section.
##### HTTPS with LetsEncrypt (free)
@ -1347,7 +1365,8 @@ But if you want to build that image yourself - here is a quick guide:
- Get a latest RaspiOS 64-bit (Desktop): [DOWNLOAD](https://downloads.raspberrypi.org/raspios_arm64/images).
- Write the image to an SD card: [TUTORIAL](https://www.raspberrypi.org/documentation/installation/installing-images/README.md).
- Add a file called `ssh` to the root of the SD card when mounted on your laptop to enable SSH login.
- Add a file called `userconf` next to the empty `ssh` file that contains just the string `pi:$6$p2DNwHsYzR06mVFX$jwZnOo5Jl/6pEMFFowpUBqM7E0Rz8vEtXtupwxuXZA7eqyKxDk8barhYZ24ei/JEP4e8Jr0mOvRThASuUxIAZ0`.
- Newest RasperryOS release did remove the default username therefore you need to create an own user. Add a file called `userconf` next to the empty `ssh` file and add your specified userstring as followed:
Create a hashed password using command on linux `echo 'raspberry' | openssl passwd -6 -stdin` and copy the output allongside the username for example `pi:$6$6c.o/U6OkN3ST65b$7F3TIamnnQCwQT4h00Vp1mcVMdSg3 ams7yeVGfZbclcScEnRnw9tkgI9btalTCHFI84o3Pr3cDbdpbCXYTmF1` into the userconf file. See also https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
- Start the card on a Raspi and login via SSH with `ssh pi@[IP-OF-YOUR-RASPI]`. Password is `raspberry`.
Now you are ready to start the SD card build script (check the code to see if the installation and config are OK for you).

4
alternative.platforms/Proxmox/README.md
View file

@ -125,10 +125,10 @@ apt upgrade -y
apt install sudo
```
Now we need to download the Build SDCard Script from Rootzoll. The version can be customized as you like. The latest version (as of block time 755125) is the 1.8.
Now we need to download the Build SDCard Script from Rootzoll. The version can be customized as you like. The latest version (as of block time 768745) is the 1.9.
```
wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.8/build_sdcard.sh
wget https://raw.githubusercontent.com/rootzoll/raspiblitz/v1.9/build_sdcard.sh
```
And run:

15
build_sdcard.sh
View file

@ -273,8 +273,18 @@ sleep 3 ## give time to cancel
export DEBIAN_FRONTEND=noninteractive
echo "*** Prevent sleep ***" # on all platforms
echo "*** Prevent sleep ***" # on all platforms https://wiki.debian.org/Suspend
sudo systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target
sudo mkdir /etc/systemd/sleep.conf.d
echo "[Sleep]
AllowSuspend=no
AllowHibernation=no
AllowSuspendThenHibernate=no
AllowHybridSleep=no" | sudo tee /etc/systemd/sleep.conf.d/nosuspend.conf
sudo mkdir /etc/systemd/logind.conf.d
echo "[Login]
HandleLidSwitch=ignore
HandleLidSwitchDocked=ignore" | sudo tee /etc/systemd/logind.conf.d/nosuspend.conf
# FIXING LOCALES
# https://github.com/rootzoll/raspiblitz/issues/138
@ -504,10 +514,9 @@ echo "
sharedscripts
postrotate
invoke-rc.d rsyslog rotate > /dev/null
enscript
endscript
}
/var/log/kern.log
/var/log/auth.log
{

15
ci/README.md
View file

@ -17,7 +17,7 @@
- [fatpack image](#fatpack-image)
- [lean image](#lean-image)
- [Add Gnome desktop (optional)](#add-gnome-desktop-optional)
- [Add wifi](#add-wifi)
- [Add wifi (optional)](#add-wifi-optional)
- [Add wifi driver (optional)](#add-wifi-driver-optional)
- [Workflow notes](#workflow-notes)
- [Packer .json settings:](#packer-json-settings)
@ -64,15 +64,15 @@ The workflow locally and in github actions generates a .qcow2 format amd64 image
* find the compressed .qcow2 image and sh256 hashes in the `ci/amd64/builds` directory
## Images generated in github actions
* Find the images in the green runs in github actions at:
https://github.com/rootzoll/raspiblitz/actions
* To see the downloadable artifacts will need to log in to GitHub
* Find the latest successful builds for amd64 using the dev branch at:
https://github.com/rootzoll/raspiblitz/actions/workflows/amd64-lean-image.yml?query=workflow%3Aamd64-lean-image-build+branch%3Adev+is%3Asuccess++
```
# unzip to the same directory
unzip raspiblitz-amd64-image-YEAR-MM-DD-COMMITHASH.zip
```
## Write the image to a disk connected with USB
identify the connected disk with `lsblk` eg `/dev/sdd`
* identify the connected disk with `lsblk` eg `/dev/sdd`
### Convert the qcow2 volume to a raw disk image
* the raw image is 33.5 GB
@ -82,6 +82,7 @@ identify the connected disk with `lsblk` eg `/dev/sdd`
# convert
qemu-img convert raspiblitz-amd64-debian-11.5-lean.qcow2 raspiblitz-amd64-debian-11.5-lean.img
```
### Write to a disk connected with USB with Balena Etcher or `dd`
* [Balena Etcher](https://www.balena.io/etcher/) to write the .img to disk
* dd to write the .img to disk
@ -139,13 +140,13 @@ identify the connected disk with `lsblk` eg `/dev/sdd`
systemctl start gdm
```
## Add wifi
### Add wifi (optional)
* if the wifi driver is included in the FOSS Debian distro
* in the command line run the network manager interface to connect:
```
sudo nmtui
```
## Add wifi driver (optional)
### Add wifi driver (optional)
* as in https://wiki.debian.org/iwlwifi
* add the component `non-free` after `deb http://deb.debian.org/debian bullseye main` in `/etc/apt/sources.list`
* install the wifi driver for the mentioned cards:

15
home.admin/00infoBlitz.sh
View file

@ -353,7 +353,7 @@ else
appInfoLine=""
# Electrum Server - electrs
if [ "${ElectRS}" = "on" ]; then
if [ "${ElectRS}" == "on" ]; then
error=""
source <(sudo /home/admin/config.scripts/bonus.electrs.sh status-sync 2>/dev/null)
if [ ${#infoSync} -gt 0 ]; then
@ -361,15 +361,10 @@ else
fi
fi
# BTC RPC EXPLORER
if [ "${BTCRPCexplorer}" = "on" ]; then
error=""
source <(sudo /home/admin/config.scripts/bonus.btc-rpc-explorer.sh status 2>/dev/null)
if [ ${#error} -gt 0 ]; then
appInfoLine="ERROR BTC-RPC-Explorer: ${error} (try restart)"
elif [ "${isIndexed}" = "0" ]; then
appInfoLine="BTC-RPC-Explorer: ${indexInfo}"
fi
# Transaction Index
source <(/home/admin/config.scripts/network.txindex.sh status)
if [ "${txindex}" == "1" ] && [ "${isIndexed}" != "1" ]; then
appInfoLine="Transaction Index: ${indexInfo}"
fi
if [ ${#appInfoLine} -gt 0 ]; then

5
home.admin/00mainMenu.sh
View file

@ -158,7 +158,7 @@ if [ "${homer}" == "on" ]; then
CHOICE_HEIGHT=$((CHOICE_HEIGHT+1))
fi
if [ "${circuitbreaker}" == "on" ]; then
OPTIONS+=(CIRCUIT "Circuitbreaker (LND firewall)")
OPTIONS+=(CIRCUITBREAKER "Circuitbreaker (LND firewall)")
fi
if [ "${tallycoinConnect}" == "on" ]; then
OPTIONS+=(TALLY "Tallycoin Connect")
@ -329,7 +329,6 @@ case $CHOICE in
HELIPAD)
sudo /home/admin/config.scripts/bonus.helipad.sh menu
;;
SQUEAKNODE)
/home/admin/config.scripts/bonus.squeaknode.sh menu
;;
@ -339,7 +338,7 @@ case $CHOICE in
CHANTOOLS)
sudo /home/admin/config.scripts/bonus.chantools.sh menu
;;
CIRCUIT)
CIRCUITBREAKER)
sudo /home/admin/config.scripts/bonus.circuitbreaker.sh menu
;;
TESTNETS)

7
home.admin/00raspiblitz.sh
View file

@ -48,13 +48,6 @@ if [ "${copyInProgress}" = "1" ]; then
exit
fi
# special state: reindex was triggered
if [ "${state}" = "reindex" ]; then
echo "Re-Index in progress ... start monitoring:"
/home/admin/config.scripts/network.reindex.sh
exit
fi
# special state: copystation
if [ "${state}" = "copystation" ]; then
echo "Copy Station is Running ..."

4
home.admin/98repairBlockchain.sh
View file

@ -29,10 +29,6 @@ elif [ "${CHOICE}" = "RESYNC" ]; then
echo "rebooting .. (please wait)"
sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
elif [ "${CHOICE}" = "REINDEX" ]; then
echo "Starting REINDEX ..."
sudo /home/admin/config.scripts/network.reindex.sh
elif [ "${CHOICE}" = "BACKUP" ]; then
/home/admin/config.scripts/lnd.compact.sh interactive
sudo /home/admin/config.scripts/lnd.backup.sh lnd-export-gui

29
home.admin/98repairMenu.sh
View file

@ -65,6 +65,9 @@ RaspiBlitz image to your SD card.
" 12 40
}
# get status of txindex
source <(/home/admin/config.scripts/network.txindex.sh status)
OPTIONS=()
#OPTIONS+=(HARDWARE "Run Hardwaretest")
OPTIONS+=(SOFTWARE "Run Softwaretest (DebugReport)")
@ -76,11 +79,17 @@ if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
fi
OPTIONS+=(MIGRATION "Migrate Blitz Data to new Hardware")
OPTIONS+=(COPY-SOURCE "Copy Blockchain Source Modus")
if [ "${txindex}" == "1" ]; then
OPTIONS+=(DELETE-INDEX "Reindex Bitcoin Transaction-Index")
elif [ "${indexByteSize}" != "0" ]; then
OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index")
fi
OPTIONS+=(REINDEX-UTXO "Redindex Just Bitcoin Chainstate (Fast)")
OPTIONS+=(REINDEX-FULL "Redindex Full Bitcoin Blockchain (Slow)")
OPTIONS+=(RESET-CHAIN "Delete Blockchain & Re-Download")
OPTIONS+=(RESET-HDD "Delete HDD Data but keep Blockchain")
OPTIONS+=(RESET-ALL "Delete HDD completely to start fresh")
OPTIONS+=(DELETE-ELEC "Delete Electrum Index")
OPTIONS+=(DELETE-INDEX "Delete Bitcoin Transaction-Index")
CHOICE=$(whiptail --clear --title "Repair Options" --menu "" 19 62 12 "${OPTIONS[@]}" 2>&1 >/dev/tty)
@ -89,7 +98,15 @@ case $CHOICE in
# HARDWARE)
# ;;
SOFTWARE)
sudo /home/admin/config.scripts/blitz.debug.sh
echo "Generating debug logs. Be patient, this should take maximum 2 minutes .."
sudo rm /var/cache/raspiblitz/debug.log 2>/dev/null
/home/admin/config.scripts/blitz.debug.sh > /var/cache/raspiblitz/debug.log
echo "Redacting .."
/home/admin/config.scripts/blitz.debug.sh redact /var/cache/raspiblitz/debug.log
sudo chmod 640 /var/cache/raspiblitz/debug.log
sudo chown root:sudo /var/cache/raspiblitz/debug.log
cat /var/cache/raspiblitz/debug.log
echo
echo "Press ENTER to return to main menu."
read key
;;
@ -148,6 +165,14 @@ case $CHOICE in
/home/admin/config.scripts/network.txindex.sh delete
exit 0;
;;
REINDEX-UTXO)
/home/admin/config.scripts/network.reindex.sh reindex-chainstate mainnet
exit 0;
;;
REINDEX-FULL)
/home/admin/config.scripts/network.reindex.sh reindex mainnet
exit 0;
;;
COPY-SOURCE)
/home/admin/config.scripts/blitz.copychain.sh source
/home/admin/config.scripts/lnd.unlock.sh

7
home.admin/99clMenu.sh
View file

@ -92,12 +92,9 @@ case $CHOICE in
if [ ! -f /home/bitcoin/suez/suez ];then
/home/admin/config.scripts/bonus.suez.sh on
fi
cd /home/bitcoin/suez || exit 0
command="sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}"
echo "# Running the command:"
echo "${command}"
cd /home/bitcoin/suez || exit 1
echo
$command
sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}
echo
echo "Press ENTER to return to main menu."
read key

74
home.admin/_commands.sh
View file

@ -80,15 +80,18 @@ function blitzhelp() {
echo "Extras:"
echo " whitepaper download the whitepaper from the blockchain to /home/admin/bitcoin.pdf"
echo " notifyme wrapper for blitz.notify.sh that will send a notification using the configured method and settings"
echo " suez visualize channels (for the default ln implementation and chain when installed)"
exho " lnproxy wrap invoices with lnproxy"
echo
echo "LND:"
echo " lncli LND commandline interface (when installed)"
echo " balance your satoshi balance"
echo " channels your lightning channels"
echo " fwdreport show forwarding report"
echo " manage use the lndmanage bonus app"
echo
echo "CLN:"
echo " lightning-cli Core-Lightning commandline interface (when installed)"
echo " lightning-cli Core Lightning commandline interface (when installed)"
}
# command: raspiblitz
@ -369,6 +372,21 @@ function jm() {
fi
}
# command: manage
# switch to lndmanage env
function manage() {
if [ $(cat /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "lndmanage=on") -eq 1 ]; then
cd /home/admin/lndmanage
source venv/bin/activate
echo "NOTICE: Needs at least one active channel to run without error."
echo "to exit (venv) enter ---> deactivate"
lndmanage
else
echo "lndmanage not installed - to install run:"
echo "sudo /home/admin/config.scripts/bonus.lndmanage.sh on"
fi
}
# command: ckbunker
# switch to the ckbunker user
function ckbunker() {
@ -512,15 +530,55 @@ function bm() {
# command: lnproxy
function lnproxy() {
if [ $(cat /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "runBehindTor=on") -eq 1 ]; then
echo
echo "Requesting a wrapped invoice from rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion ..."
echo
torify curl http://rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion/api/${1}
source /mnt/hdd/raspiblitz.conf
if [ $# -gt 0 ]; then
invoice=$1
else
echo "Paste the invoice to be wrapped and press enter:"
read -r invoice
fi
if systemctl is-active --quiet tor@default; then
if [ -z "${lnproxy_override_tor}" ]; then
lnproxy_override_tor="rdq6tvulanl7aqtupmoboyk2z3suzkdwurejwyjyjf4itr3zhxrm2lad.onion/api"
fi
wrapped=$(torsocks curl -sS http://${lnproxy_override_tor}/${invoice})
echo
echo "Requesting a wrapped invoice from https://lnproxy.org ..."
echo "Requesting a wrapped invoice from ${lnproxy_override_tor}"
else
if [ -z "${lnproxy_override_clearnet}" ]; then
lnproxy_override_clearnet="lnproxy.org/api"
fi
wrapped=$(curl -sS https://${lnproxy_override_clearnet}/${invoice})
echo
curl https://lnproxy.org/api/${1}
echo "Requesting a wrapped invoice from ${lnproxy_override_clearnet}"
fi
echo
/home/admin/config.scripts/blitz.check-invoice-wrap.py "$1" "$wrapped"
echo
echo $wrapped
}
# command: suez
function suez() {
source /mnt/hdd/raspiblitz.conf
if [ ${lightning} = 'cl' ] || [ ${lightning} = 'lnd' ]; then
if [ ! -f /home/bitcoin/suez/suez ];then
/home/admin/config.scripts/bonus.suez.sh on
fi
source <(/home/admin/config.scripts/network.aliases.sh getvars ${lightning} ${chain}net)
cd /home/bitcoin/suez || exit 1
clear
echo "# Showing the channels of ${lightning} ${chain}net - consider reducing the font size (press CTRL- or CMD-)"
if [ ${lightning} = cl ]; then
sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
--client=c-lightning --client-args=--conf=${CLCONF}
elif [ ${lightning} = lnd ]; then
sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
--client-args=-n=${CHAIN} \
--client-args=--rpcserver=localhost:1${L2rpcportmod}009
fi
cd
else
echo "# Lightning is ${lightning}"
fi
}

21
home.admin/assets/nginx/sites-available/circuitbreaker_ssl.conf Normal file
View file

@ -0,0 +1,21 @@
## circuitbreaker_ssl.conf
server {
listen 9236 ssl http2;
listen [::]:9236 ssl http2;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
include /etc/nginx/snippets/gzip-params.conf;
access_log /var/log/nginx/access_circuitbreaker.log;
error_log /var/log/nginx/error_circuitbreaker.log;
location / {
proxy_pass http://127.0.0.1:9235;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

27
home.admin/assets/nginx/sites-available/lnproxy_ssl.conf Normal file
View file

@ -0,0 +1,27 @@
## lnproxy_ssl.conf
server {
listen 4749 ssl http2;
listen [::]:4749 ssl http2;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
include /etc/nginx/snippets/gzip-params.conf;
access_log /var/log/nginx/access_lnproxy.log;
error_log /var/log/nginx/error_lnproxy.log;
location /api/ {
proxy_pass http://127.0.0.1:4747;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
location / {
proxy_pass http://127.0.0.1:4748;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

26
home.admin/assets/nginx/sites-available/lnproxy_tor.conf Normal file
View file

@ -0,0 +1,26 @@
## lnproxy_tor.conf
server {
listen 4750;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
include /etc/nginx/snippets/gzip-params.conf;
access_log /var/log/nginx/access_lnproxy.log;
error_log /var/log/nginx/error_lnproxy.log;
location /api/ {
proxy_pass http://127.0.0.1:4747;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
location / {
proxy_pass http://127.0.0.1:4748;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

26
home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf Normal file
View file

@ -0,0 +1,26 @@
## lnproxy_tor_ssl.conf
server {
listen 4751 ssl http2;
server_name _;
include /etc/nginx/snippets/ssl-params.conf;
include /etc/nginx/snippets/ssl-certificate-app-data.conf;
include /etc/nginx/snippets/gzip-params.conf;
access_log /var/log/nginx/access_lnproxy.log;
error_log /var/log/nginx/error_lnproxy.log;
location /api/ {
proxy_pass http://127.0.0.1:4747;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
location / {
proxy_pass http://127.0.0.1:4748;
include /etc/nginx/snippets/ssl-proxy-params.conf;
}
}

9
home.admin/config.scripts/bitcoin.monitor.sh
View file

@ -156,12 +156,15 @@ if [ "$2" = "info" ]; then
btc_blocks_behind=$((${btc_blocks_headers} - ${btc_blocks_verified}))
btc_sync_initialblockdownload=$(echo "${blockchaininfo}" | jq -r '.initialblockdownload' | grep -c 'true')
btc_sync_progress=$(echo "${blockchaininfo}" | jq -r '.verificationprogress')
btc_sync_percentage=$(echo ${btc_sync_progress} | awk '{printf( "%.2f%%", 100 * $1)}')
if [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then
if (( $(awk 'BEGIN { print( '${btc_sync_progress}'<0.99995 ) }') )); then
# #3620 prevent displaying 100.00%, although incorrect because of rounding
btc_sync_percentage=$(awk 'BEGIN { printf( "%.2f%%", 100 * '${btc_sync_progress}') }')
elif [ "${btc_blocks_headers}" != "" ] && [ "${btc_blocks_headers}" == "${btc_blocks_verified}" ]; then
btc_sync_percentage="100.00"
else
btc_sync_percentage="99.99"
fi
# determine if synced (tolerate falling 1 block behind)
# and be sure that initial blockdownload is done
btc_synced=0

54
home.admin/config.scripts/blitz.check-invoice-wrap.py Normal file
View file

@ -0,0 +1,54 @@
#!/usr/bin/env python3
# adapted from: https://github.com/lnproxy/lnproxy-cli/blob/fe18d16e42b58f635b94c7da59a34d5e092e4d56/check-wrap.py
# Parses payment hashes and amounts in bolt11 invoices to check lnproxy
# Can skip most bolt11 checks since both the user's wallet and lnproxy will do that
from decimal import Decimal
CHARSET = "qpzry9x8gf2tvdw0s3jn54khce6mua7l"
units = {
'p': 10**12,
'n': 10**9,
'u': 10**6,
'm': 10**3,
}
def parse(invoice):
invoice = invoice.lower()
pos = invoice.rfind('1')
amount = invoice[4:pos]
if amount == '':
amount = Decimal(0)
else:
amount = Decimal(amount[:-1]) / units[amount[-1]]
data = invoice[pos+1+7:]
i = 0
while i < len(data):
if data[i] == 'p' and data[i+1:i+1+2] == 'p5':
payment_hash = data[i+1+2:i+1+2+52]
break
else:
i += 3 + CHARSET.find(data[i+1]) * 32 + CHARSET.find(data[i+1+1])
return (amount, payment_hash)
from sys import stderr, argv
try:
if len(argv) != 3:
raise Exception("Incorrect number of arguments")
amt1, hash1 = parse(argv[1])
amt2, hash2 = parse(argv[2])
if hash1 != hash2:
print(f"Payment hashes do not match!", file=stderr)
exit(3)
if amt1 != Decimal(0):
print(f"Hashes match, routing fee is {(amt2-amt1)*10**8:0,.0f} sat ({(amt2-amt1)/amt1*100:0.2f}%)")
else:
print(f"Hashes match")
except Exception as err:
print('Error:', err)
print(f"usage: {argv[0]} <original invoice> <wrapped invoice>", file=stderr)
exit(2)

2
home.admin/config.scripts/blitz.copychain.sh
View file

@ -141,7 +141,7 @@ if [ "$1" = "target" ]; then
echo "Make sure that the Bitcoin Core Wallet is not running in the background anymore."
echo ""
echo "COPY, PASTE & EXECUTE the following command on your Windows computer terminal:"
echo "sftp -r ./chainstate ./blocks bitcoin@${internet_localip}:/mnt/hdd/bitcoin"
echo "scp -r ./chainstate ./blocks bitcoin@${internet_localip}:/mnt/hdd/bitcoin"
echo ""
echo "If asked for a password use PASSWORD A (or 'raspiblitz')."
fi

41
home.admin/config.scripts/blitz.debug.sh
View file

@ -148,8 +148,8 @@ if [ "${testnet}" == "on" ] || [ "${testnet}" == "1" ]; then
sudo journalctl -u t${network}d -b --no-pager -n8
echo
echo "*** LAST BLOCKCHAIN (TESTNET) 20 INFO LOGS ***"
echo "sudo tail -n 20 /mnt/hdd/${network}/tdebug.log"
sudo tail -n 20 /mnt/hdd/${network}/tdebug.log
echo "sudo tail -n 20 /mnt/hdd/${network}/testnet3/debug.log"
sudo tail -n 20 /mnt/hdd/${network}/testnet3/debug.log
echo
else
echo "- OFF by config -"
@ -192,8 +192,8 @@ if [ "${signet}" == "on" ] || [ "${signet}" == "1" ]; then
sudo journalctl -u s${network}d -b --no-pager -n8
echo
echo "*** LAST BLOCKCHAIN (SIGNET) 20 INFO LOGS ***"
echo "sudo tail -n 20 /mnt/hdd/${network}/sdebug.log"
sudo tail -n 20 /mnt/hdd/${network}/sdebug.log
echo "sudo tail -n 20 /mnt/hdd/${network}/signet/debug.log"
sudo tail -n 20 /mnt/hdd/${network}/signet/debug.log
echo
else
echo "- OFF by config -"
@ -313,6 +313,39 @@ else
echo "- LIT is OFF by config"
fi
if [ "${lndg}" == "on" ]; then
echo
echo "*** LNDg Status ***"
sudo /home/admin/config.scripts/bonus.lndg.sh status
echo
echo "*** LNDg JOBS SYSTEMD STATUS ***"
sudo systemctl status jobs-lndg.service -n2 --no-pager
echo "sudo tail -n 5 /var/log/lnd_jobs_error.log"
sudo tail -n 5 /var/log/lnd_jobs_error.log
echo
echo "*** LNDg REBALANCER SYSTEMD STATUS ***"
sudo systemctl status rebalancer-lndg.service -n2 --no-pager
echo "sudo tail -n 5 /var/log/lnd_rebalancer_error.log"
sudo tail -n 5 /var/log/lnd_rebalancer_error.log
echo
echo "*** LNDg HTLC-STREAM SYSTEMD STATUS ***"
sudo systemctl status htlc-stream-lndg.service -n2 --no-pager
echo "sudo tail -n 5 /var/log/lnd_htlc_stream_error.log"
sudo tail -n 5 /var/log/lnd_htlc_stream_error.log
echo
echo "*** LNDg GUNICORN SERVER SYSTEMD STATUS ***"
sudo systemctl status gunicorn.service -n2 --no-pager
echo "sudo tail -n 5 /var/log/gunicorn_error.log"
sudo tail -n 5 /var/log/gunicorn_error.log 2>/dev/null
echo
echo "*** LAST 10 LNDg LOGS ***"
echo "sudo journalctl -u lndg -b --no-pager -n10"
sudo journalctl -u lndg -b --no-pager -n20
echo
else
echo "- LNDg is OFF by config"
fi
if [ "${BTCPayServer}" == "on" ]; then
echo
echo "*** LAST 20 BTCPayServer LOGS ***"

10
home.admin/config.scripts/blitz.passwords.sh
View file

@ -391,7 +391,15 @@ elif [ "${abcd}" = "b" ]; then
# LNDg
if [ "${lndg}" == "on" ]; then
echo "# changing the password for lndg"
sudo -u lndg /home/lndg/lndg/.venv/bin/python initialize.py -pw ${newPassword}
sudo -u lndg /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/initialize.py -pw ${newPassword}
fi
# mempool Explorer
if [ "${mempoolExplorer}" == "on" ]; then
echo "# changing the password for mempool Explorer"
sudo jq ".CORE_RPC.PASSWORD=\"${newPassword}\"" /home/mempool/mempool/backend/mempool-config.json > /var/cache/raspiblitz/mempool-config.json
sudo mv /var/cache/raspiblitz/mempool-config.json /home/mempool/mempool/backend/mempool-config.json
sudo chown mempool:mempool /home/mempool/mempool/backend/mempool-config.json
fi
echo "# OK -> RPC Password B changed"

66
home.admin/config.scripts/blitz.subscriptions.ip2tor.py
View file

@ -595,37 +595,68 @@ def menuMakeSubscription(blitzServiceName, torAddress, torPort):
torTarget = "{0}:{1}".format(torAddress, torPort)
############################
# PHASE 1: Enter Shop URL
# PHASE 1: Choose Shop URL
shopurl = ""
while True:
# see if user had before entered another shop of preference
shopurl = DEFAULT_SHOPURL
lastusedShop = ""
try:
subscriptions = toml.load(SUBSCRIPTIONS_FILE)
shopurl = subscriptions['shop_ip2tor']
lastusedShop = subscriptions['shop_ip2tor']
print("# using last shop url set in subscriptions.toml")
except Exception as e:
print("# using default shop url")
# set choices of shops
choices = []
# remove https:// from shop url (to keep it short)
if shopurl.find("://") > 0:
shopurl = shopurl[shopurl.find("://") + 3:]
if lastusedShop.find("://") > 0: lastusedShop = lastusedShop[lastusedShop.find("://") + 3:]
while True:
# IP2TOR.COM Shop
choice_url_ip2torcom="ip2tor.com"
choices.append(("A", "ip2tor.com Shop"))
if lastusedShop == choice_url_ip2torcom: lastusedShop=""
# input shop url
# FULMO Shop
choice_url_fulmo="fulmo7x6yvgz6zs2b2ptduvzwevxmizhq23klkenslt5drxx2physlqd.onion"
choices.append(("B", "Fulmo Shop"))
if lastusedShop == choice_url_fulmo: lastusedShop=""
# add before option if different from static options
if len(lastusedShop) > 0: choices.append(("Y", lastusedShop))
# enter own shop address option
choices.append(("X", "Enter a new Shop URL"))
# select dialog
d = Dialog(dialog="dialog", autowidgetsize=True)
d.set_background_title("Select IP2TOR Bridge Shop (communication secured thru TOR)")
code, text = d.inputbox(
"Enter Address of the IP2TOR Shop (OR JUST PRESS OK):",
height=10, width=72, init=shopurl,
title="Shop Address")
d.set_background_title("IP2TOR - Select Shop")
code, selected = d.menu(
"\nChoose your IP2Tor provider/shop:",
choices=choices, width=75, height=10, title="Select IP2Tor Shop")
# if user canceled
if code != d.OK:
sys.exit(0)
# get host list from shop
shopurl = text
if selected == "A" : shopurl=choice_url_ip2torcom
if selected == "B" : shopurl=choice_url_fulmo
if selected == "Y" : shopurl=lastusedShop
# input shop url
if selected == "X":
d = Dialog(dialog="dialog", autowidgetsize=True)
d.set_background_title("IP2TOR - Add new Shop")
code, shopurl = d.inputbox(
"Enter Address of the IP2TOR Shop (OR JUST PRESS OK):",
height=10, width=72, init=shopurl,
title="Shop Address")
if shopurl.find("://") > 0: shopurl = shopurl[shopurl.find("://") + 3:]
# try & get host list from shop
os.system('clear')
try:
hosts = shopList(shopurl)
@ -686,6 +717,9 @@ Try again later, enter another address or cancel.
if len(host['terms_of_service']) == 0: host['terms_of_service'] = "-"
if len(host['terms_of_service_url']) == 0: host['terms_of_service_url'] = "-"
description=host['terms_of_service']
if "description" in host: description = "{0} / {1}".format(host['description'], host['terms_of_service'])
# show details of selected
d = Dialog(dialog="dialog", autowidgetsize=True)
d.set_background_title("IP2TOR Bridge Offer Details: {0}".format(shopurl))
@ -704,7 +738,7 @@ the "SUBSCRIPTONS" menu on your RaspiBlitz.
There will be no refunds for not used hours.
There is no guarantee for quality of service.
The service has the following additional terms:
The service has the following additional description & terms:
{5}
More information on the service you can find under:
@ -715,7 +749,7 @@ More information on the service you can find under:
host['tor_bridge_price_extension_sats'],
host['ip'],
torTarget,
host['terms_of_service'],
description,
host['terms_of_service_url'],
blitzServiceName
)

2
home.admin/config.scripts/blitz.subscriptions.py
View file

@ -225,7 +225,7 @@ def main():
choices = list()
choices.append(("LIST", "My Subscriptions"))
#choices.append(("NEW1", "+ IP2TOR Bridge (paid)"))
choices.append(("NEW1", "+ IP2TOR Bridge (paid)"))
choices.append(("NEW2", "+ LetsEncrypt HTTPS Domain (free)"))
d = Dialog(dialog="dialog", autowidgetsize=True)

2
home.admin/config.scripts/bonus.bos.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# https://github.com/alexbosworth/balanceofsatoshis/blob/master/package.json#L81
BOSVERSION="13.6.0"
BOSVERSION="13.15.0"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then

194
home.admin/config.scripts/bonus.btcpayserver.sh
View file

@ -3,9 +3,9 @@
# Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0
# https://github.com/dgarage/NBXplorer/tags
NBXplorerVersion="v2.3.49"
NBXplorerVersion="v2.3.58"
# https://github.com/btcpayserver/btcpayserver/releases
BTCPayVersion="v1.7.2"
BTCPayVersion="v1.7.5"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -25,27 +25,19 @@ source /mnt/hdd/raspiblitz.conf
source /home/admin/raspiblitz.info
source <(/home/admin/_cache.sh get state)
function postgresConfig() {
echo "# Generate the database"
function NBXplorerConfig() {
# check the postgres database
if sudo -u postgres psql -c '\l' | grep nbxplorermainnet; then
echo "# nbxplorermainnet database already exists"
else
echo "# Generate the database for nbxplorer"
sudo -u postgres psql -c "create database nbxplorermainnet;"
sudo -u postgres psql -c "create user nbxplorer with encrypted password 'raspiblitz';"
# change to ${newPassword} or use Passfile=
# sudo -u postgres psql -c "alter user btcpay with encrypted password '${newPassword}';"
# sudo -u btcpay sed -i "s/Password=*/Password='${newPassword}';/g" /home/btcpay/.nbxplorer/Main/settings.config
# sudo -u btcpay sed -i "s/Password=*/Password='${newPassword}';/g" /home/btcpay/.btcpayserver/Main/settings.config
sudo -u postgres psql -c "grant all privileges on database nbxplorermainnet to nbxplorer;"
fi
echo "# List databases with: sudo -u postgres psql -c '\l'"
sudo -u postgres psql -c '\l'
## clean postgresql:
# sudo su - postgres -c "/usr/lib/postgresql/${PGVERSION}/bin/pg_ctl stop --wait --pgdata=/var/lib/postgresql/${PGVERSION}/main"
# sudo pg_dropcluster ${PGVERSION} main
# sudo apt remove postgresql -y --purge
# sudo apt remove postgresql-${PGVERSION} -y --purge
}
function NBXplorerConfig() {
# https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#4-create-a-configuration-file
echo
echo "# Getting RPC credentials from the bitcoin.conf"
@ -66,7 +58,24 @@ nomigrateevts=1
function BtcPayConfig() {
# set thumbprint
FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/btcpay/.lnd/tls.cert | cut -d"=" -f2)
echo "# setting the LND TLS thumbprint for BTCPay"
if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
echo "# sqlite database exists"
databaseOption="# keep using sqlite as /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db exists (configured in the btcpayserver.service)"
else
echo "# sqlite database does not exist, using postgresql"
databaseOption="postgres=User ID=btcpay;Host=localhost;Port=5432;Application Name=btcpay;MaxPoolSize=20;Database=btcpaymainnet;Password='raspiblitz';"
if sudo -u postgres psql -c '\l' | grep btcpaymainnet; then
echo "# btcpaymainnet database already exists"
else
echo "# Generate the database for btcpay"
sudo -u postgres psql -c "create database btcpaymainnet;"
sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';"
sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;"
fi
echo "# List databases with: sudo -u postgres psql -c '\l'"
sudo -u postgres psql -c '\l'
fi
echo "# Regenerate the btcpayserver settings (includes the LND TLS thumbprint)"
# https://docs.btcpayserver.org/Deployment/ManualDeploymentExtended/#3-create-a-configuration-file
echo "
### Global settings ###
@ -82,14 +91,50 @@ BTC.explorer.url=http://127.0.0.1:24444/
BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/home/btcpay/admin.macaroon;certthumbprint=$FINGERPRINT
### Database ###
# keep sqlite for now as configured in the btcpayserver.service
# postgres=User ID=btcpay;Password=urpassword;Application Name=btcpayserver;Host=localhost;Port=5432;Database=btcpay;
${databaseOption}
explorer.postgres=User ID=nbxplorer;Host=localhost;Port=5432;Application Name=nbxplorer;MaxPoolSize=20;Database=nbxplorermainnet;Password='raspiblitz';
" | sudo -u btcpay tee /home/btcpay/.btcpayserver/Main/settings.config
#doesNetworkEntryAlreadyExists=$(sudo cat /home/btcpay/.btcpayserver/Main/settings.config | grep -c '^network=')
#echo "# setting new LND TLS thumbprint for BTCPay"
#s="BTC.lightning=type=lnd-rest\;server=https\://127.0.0.1:8080/\;macaroonfilepath=/home/btcpay/admin.macaroon\;"
#sudo -u btcpay sed -i "s|^${s}certthumbprint=.*|${s}certthumbprint=$FINGERPRINT|g" /home/btcpay/.btcpayserver/Main/settings.config
}
function BtcPayService() {
if sudo ls /mnt/hdd/app-data/.btcpayserver/Main/sqllite.db 1>/dev/null 2>&1; then
echo "# sqlite database exists"
databaseOption=" -- --sqlitefile=sqllite.db"
else
echo "# sqlite database does not exist, using postgresql"
databaseOption=""
fi
# see the configuration options with:
# sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- -h
# run manually to debug:
# sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- --sqlitefile=sqllite.db
echo "# create the btcpayserver.service"
echo "
[Unit]
Description=BtcPayServer daemon
Requires=nbxplorer.service
After=nbxplorer.service
[Service]
ExecStart=/home/btcpay/dotnet/dotnet run --no-launch-profile --no-build \
-c Release --project \"/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj\" ${databaseOption}
User=btcpay
Group=btcpay
Type=simple
PIDFile=/run/btcpayserver/btcpayserver.pid
Restart=always
RestartSec=10
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee /etc/systemd/system/btcpayserver.service
sudo systemctl daemon-reload
}
if [ "$1" = "status" ]; then
@ -216,10 +261,10 @@ SHA1 ${sslFingerprintTOR}"
IP2TOR: https://${ip2torIP}:${ip2torPort}
SHA1 ${sslFingerprintTOR}
go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain"
# elif [ ${#publicDomain} -eq 0 ]; then
# text="${text}\n
#To enable easy reachability with normal browser from the outside
#consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR"
elif [ ${#publicDomain} -eq 0 ]; then
text="${text}\n
To enable easy reachability with normal browser from the outside
consider adding a IP2TOR Bridge: MAINMENU > SUBSCRIBE > IP2TOR"
fi
text="${text}\n
@ -341,9 +386,9 @@ if [ "$1" = "install" ]; then
echo "DOTNET_CLI_TELEMETRY_OPTOUT=1" | sudo tee -a /etc/environment
# NBXplorer
echo "# Install NBXplorer"
echo "# Install NBXplorer $NBXplorerVersion"
cd /home/btcpay || exit 1
echo "# Download the NBXplorer source code ..."
echo "# Download the NBXplorer source code $NBXplorerVersion"
sudo -u btcpay git clone https://github.com/dgarage/NBXplorer.git 2>/dev/null
cd NBXplorer || exit 1
sudo -u btcpay git reset --hard $NBXplorerVersion
@ -352,14 +397,17 @@ if [ "$1" = "install" ]; then
PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc"
PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
echo "# Build NBXplorer ..."
echo "# Build NBXplorer $NBXplorerVersion"
# from the build.sh with path
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || (
echo "# Build failed"
exit 1
)
# BTCPayServer
echo "# Install BTCPayServer"
cd /home/btcpay || exit 1
echo "# Download the BTCPayServer source code ..."
echo "# Download the BTCPayServer source code $BTCPayVersion"
sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null
cd btcpayserver || exit 1
sudo -u btcpay git reset --hard $BTCPayVersion
@ -372,9 +420,13 @@ if [ "$1" = "install" ]; then
#PGPpubkeyFingerprint="8E5530D9D1C93097"
sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
echo "# Build BTCPayServer ..."
echo "# Build BTCPayServer $BTCPayVersion"
# from the build.sh with path
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release \
/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || (
echo "# Build failed"
exit 1
)
exit 0
fi
@ -522,8 +574,7 @@ WantedBy=multi-user.target
echo "# Starting nbxplorer"
sudo systemctl start nbxplorer
echo "# Checking for nbxplorer config"
while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]
do
while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]; do
echo "# Waiting for nbxplorer to start - CTRL+C to abort"
sleep 10
hasFailed=$(sudo systemctl status nbxplorer | grep -c "Active: failed")
@ -536,8 +587,6 @@ WantedBy=multi-user.target
echo "# Because the system is not 'ready' the service 'nbxplorer' will not be started at this point .. its enabled and will start on next reboot"
fi
postgresConfig
NBXplorerConfig
# whitelist localhost in bitcoind
@ -554,38 +603,11 @@ WantedBy=multi-user.target
sudo systemctl restart nbxplorer
fi
# see the configuration options with:
# sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release -p "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- -h
# run manually to debug:
# sudo -u btcpay /home/btcpay/dotnet/dotnet run --no-launch-profile --no-build -c Release --project "/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj" -- --sqlitefile=sqllite.db
echo "# create the btcpayserver.service"
echo "
[Unit]
Description=BtcPayServer daemon
Requires=nbxplorer.service
After=nbxplorer.service
BtcPayConfig
[Service]
ExecStart=/home/btcpay/dotnet/dotnet run --no-launch-profile --no-build \
-c Release --project \"/home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj\" \
-- --sqlitefile=sqllite.db
User=btcpay
Group=btcpay
Type=simple
PIDFile=/run/btcpayserver/btcpayserver.pid
Restart=on-failure
BtcPayService
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee /etc/systemd/system/btcpayserver.service
sudo systemctl enable btcpayserver
if [ "${state}" == "ready" ]; then
echo "# Starting btcpayserver"
sudo systemctl start btcpayserver
@ -600,7 +622,7 @@ WantedBy=multi-user.target
fi
done
else
echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. its enabled and will start on next reboot"
echo "# Because the system is not 'ready' the service 'btcpayserver' will not be started at this point .. it is enabled and will start on next reboot"
fi
sudo -u btcpay mkdir -p /home/btcpay/.btcpayserver/Main/
@ -684,7 +706,10 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
else
echo "# keeping data"
fi
echo "# OK BTCPayServer deactivaed."
echo "# OK BTCPayServer deactivated."
echo "# delete the btcpay user home directory"
sudo userdel -rf btcpay 2>/dev/null
# needed for API/WebUI as signal that install ran thru
echo "result='OK'"
@ -693,6 +718,11 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
fi
if [ "$1" = "update" ]; then
# prevent the git error 'detected dubious ownership in repository'
git config --global --add safe.directory /home/btcpay/NBXplorer
git config --global --add safe.directory /home/btcpay/btcpayserver
echo "# Update NBXplorer"
cd /home/btcpay || exit 1
cd NBXplorer || exit 1
@ -712,7 +742,7 @@ if [ "$1" = "update" ]; then
TAG=$(git tag | sort -V | tail -1)
echo "# Up-to-date on version $TAG"
else
echo "# Pulling latest changes..."
echo "# Pulling the latest changes..."
sudo -u btcpay git pull -p
TAG=$(git tag | sort -V | tail -1)
echo "# Reset to the latest release tag: $TAG"
@ -720,12 +750,17 @@ if [ "$1" = "update" ]; then
PGPsigner="nicolasdorier"
PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc"
PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
echo "# Build NBXplorer ..."
echo "# Build NBXplorer $TAG"
# from the build.sh with path
sudo systemctl stop nbxplorer
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj || (
echo "# Build failed"
exit 1
)
# whitelist localhost in bitcoind
if ! sudo grep -Eq "^whitelist=127.0.0.1" /mnt/hdd/bitcoin/bitcoin.conf; then
echo "whitelist=127.0.0.1" | sudo tee -a /mnt/hdd/bitcoin/bitcoin.conf
@ -733,9 +768,6 @@ if [ "$1" = "update" ]; then
sudo systemctl restart bitcoind
fi
# POSTGRES
postgresConfig
NBXplorerConfig
sudo systemctl start nbxplorer
@ -747,6 +779,9 @@ if [ "$1" = "update" ]; then
BtcPayConfig
# always update the btcpayserver.service
BtcPayService
echo "# Update BTCPayServer"
cd /home/btcpay || exit 1
cd btcpayserver || exit 1
@ -775,10 +810,13 @@ if [ "$1" = "update" ]; then
# https://github.com/rootzoll/raspiblitz/issues/3025
# sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
# "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
echo "# Build BTCPayServer ..."
echo "# Build BTCPayServer $TAG"
# from the build.sh with path
sudo systemctl stop btcpayserver
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj || (
echo "# Build failed"
exit 1
)
sudo systemctl start btcpayserver
echo "# Updated BTCPayServer to $TAG"
fi

93
home.admin/config.scripts/bonus.circuitbreaker.sh
View file

@ -1,8 +1,8 @@
#!/bin/bash
# https://github.com/lightningequipment/circuitbreaker/releases
pinnedVersion="v0.3.2"
# the commits are not signed
# https://github.com/lightningequipment/circuitbreaker/commits/master
pinnedVersion="e223938d983b756b3893880f3b3bf77e624a9f00"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -16,10 +16,37 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
exit 1
fi
PGPsigner="web-flow"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
PGPpubkeyFingerprint="4AEE18F83AFDEB23"
# PGPsigner="joostjager"
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
# PGPpubkeyFingerprint="B9A26449A5528325"
source /mnt/hdd/raspiblitz.conf
isInstalled=$(sudo ls /etc/systemd/system/circuitbreaker.service 2>/dev/null | grep -c 'circuitbreaker.service')
# show info menu
if [ "$1" = "menu" ]; then
# get network info
localip=$(hostname -I | awk '{print $1}')
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
# info without Tor
whiptail --title " Circuit Breaker" --msgbox "Open in your local web browser & accept self-signed cert:
https://${localip}:9236\n
SHA1 Thumb/Fingerprint:
${fingerprint}\n
To follow the logs use the command:
sudo journalctl -fu circuitbreaker
" 14 63
echo "please wait ..."
exit 0
fi
# switch on
if [ "$1" = "menu" ]; then
if [ ${isInstalled} -eq 1 ]; then
@ -67,23 +94,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
sudo /usr/sbin/usermod --append --groups lndadmin circuitbreaker
# install from source
cd /home/circuitbreaker
cd /home/circuitbreaker || exit 1
sudo -u circuitbreaker git clone https://github.com/lightningequipment/circuitbreaker.git
cd circuitbreaker
cd circuitbreaker || exit 1
sudo -u circuitbreaker git reset --hard $pinnedVersion
sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
##################
# config
##################
echo
echo "# Setting the example configuration from:"
echo "# https://github.com/lightningequipment/circuitbreaker/blob/$pinnedVersion/circuitbreaker-example.yaml"
echo "# Find it at: /home/circuitbreaker/.circutbreaker/circuitbreaker.yaml"
echo
sudo -u circuitbreaker mkdir /home/circuitbreaker/.circuitbreaker 2>/dev/null
sudo -u circuitbreaker cp circuitbreaker-example.yaml \
/home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml
sudo -u circuitbreaker /home/admin/config.scripts/blitz.git-verify.sh \
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
# make systemd service
# sudo nano /etc/systemd/system/circuitbreaker.service
@ -118,10 +137,18 @@ WantedBy=multi-user.target
echo "# The circuitbreaker.service is already installed."
fi
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on"
##################
# NGINX
##################
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/circuitbreaker_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-available/circuitbreaker_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreaker version")
isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreakerd version")
if [ ${isInstalled} -eq 1 ]; then
echo
@ -139,34 +166,42 @@ WantedBy=multi-user.target
exit 1
fi
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on"
sudo ufw allow 9236 comment circuitbreaker_https
exit 0
fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "# Removing the user and it's home directory"
sudo userdel -rf circuitbreaker 2>/dev/null
if [ ${isInstalled} -eq 1 ]; then
echo "# Removing the circuitbreaker.service"
sudo systemctl stop circuitbreaker
sudo systemctl disable circuitbreaker
sudo rm /etc/systemd/system/circuitbreaker.service
echo "# Removing the user and it's home directory"
sudo userdel -rf circuitbreaker 2>/dev/null
echo "# OK, Circuit Breaker is removed."
echo "# OK, circuitbreaker.service is removed."
else
echo "# Circuit Breaker is not installed."
echo "# circuitbreaker.service is not installed."
fi
# setting value in raspiblitz.conf
/home/admin/config.scripts/blitz.conf.sh set circuitbreaker "off"
sudo ufw delete allow 9236
exit 0
fi
# update
if [ "$1" = "update" ]; then
echo "# Updating Circuit Breaker"
cd /home/circuitbreaker/circuitbreaker
cd /home/circuitbreaker/circuitbreaker || exit 1
# from https://github.com/apotdevin/thunderhub/blob/master/scripts/updateToLatest.sh
# fetch latest master
sudo -u circuitbreaker git fetch
@ -190,16 +225,12 @@ if [ "$1" = "update" ]; then
echo "# Pulling latest changes..."
sudo -u circuitbreaker git pull -p
sudo -u circuitbreaker git reset --hard $TAG
#TODO PGP verification on update
echo "# Installing the version: $TAG"
sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
echo
echo "# Setting the example configuration from:"
echo "# https://github.com/lightningequipment/circuitbreaker/blob/$TAG/circuitbreaker-example.yaml"
echo "# Find it at: /home/circuitbreaker/.circutbreaker/circuitbreaker.yaml"
sudo -u circuitbreaker mkdir /home/circuitbreaker/.circuitbreaker 2>/dev/null
sudo -u circuitbreaker cp circuitbreaker-example.yaml \
/home/circuitbreaker/.circuitbreaker/circuitbreaker.yaml
echo
echo "# Updated to version" $TAG
echo
echo "# Starting the circuitbreaker service ... "

90
home.admin/config.scripts/bonus.electrs.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# https://github.com/romanz/electrs/releases
ELECTRSVERSION="v0.9.10"
ELECTRSVERSION="v0.9.11"
# https://github.com/romanz/electrs/commits/master
# ELECTRSVERSION="446858ea621416916f84cbce61be92b748e8133e"
@ -73,7 +73,7 @@ if [ "$1" = "status" ]; then
# no answer on that port
echo "publicHTTPPortAnswering=0"
fi
# add TOR info
# add Tor info
if [ "${runBehindTor}" == "on" ]; then
echo "TorRunning=1"
if [ "$2" = "showAddress" ]; then
@ -98,20 +98,21 @@ if [ "$1" = "status-sync" ] || [ "$1" = "status" ]; then
echo "serviceRunning=${serviceRunning}"
if [ ${serviceRunning} -eq 1 ]; then
# Experimental try to get sync Info
syncedToBlock=$(sudo journalctl -u electrs --no-pager -n2000 | grep "height=" | tail -n1| cut -d= -f3)
blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.headers' | sed 's/[^0-9]*//g')
lastBlockchainHeight=$(($blockchainHeight -1))
syncProgress=0
if [ "${syncedToBlock}" != "" ] && [ "${blockchainHeight}" != "" ] && [ "${blockchainHeight}" != "0" ]; then
syncProgress="$(echo "$syncedToBlock" "$blockchainHeight" | awk '{printf "%.2f", $1 / $2 * 100}')"
fi
echo "syncProgress=${syncProgress}%"
if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then
echo "tipSynced=1"
else
echo "tipSynced=0"
fi
# Experimental try to get sync Info (electrs debug info would need more details)
#source <(/home/admin/_cache.sh get btc_mainnet_blocks_headers)
#blockchainHeight="${btc_mainnet_blocks_headers}"
#lastBlockchainHeight=$(($blockchainHeight -1))
#syncedToBlock=$(sudo journalctl -u electrs --no-pager -n2000 | grep "height=" | tail -n1| cut -d= -f3)
#syncProgress=0
#if [ "${syncedToBlock}" != "" ] && [ "${blockchainHeight}" != "" ] && [ "${blockchainHeight}" != "0" ]; then
# syncProgress="$(echo "$syncedToBlock" "$blockchainHeight" | awk '{printf "%.2f", $1 / $2 * 100}')"
#fi
#echo "syncProgress=${syncProgress}%"
#if [ "${syncedToBlock}" = "${blockchainHeight}" ] || [ "${syncedToBlock}" = "${lastBlockchainHeight}" ]; then
# echo "tipSynced=1"
#else
# echo "tipSynced=0"
#fi
# check if initial sync was done, by setting a file as once electrs is the first time responding on port 50001
electrumResponding=$(echo '{"jsonrpc":"2.0","method":"server.ping","params":[],"id":"electrs-check"}' | netcat -w 2 127.0.0.1 50001 | grep -c "result")
@ -135,7 +136,7 @@ if [ "$1" = "status-sync" ] || [ "$1" = "status" ]; then
fi
else
echo "tipSynced=0"
# echo "tipSynced=0"
echo "initialSynced=0"
echo "electrumResponding=0"
echo "infoSync='Not running - check: sudo journalctl -u electrs'"
@ -289,9 +290,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo
sudo -u electrs git clone https://github.com/romanz/electrs
cd /home/electrs/electrs || exit 1
sudo -u electrs git reset --hard $ELECTRSVERSION
# verify
sudo -u electrs /home/admin/config.scripts/blitz.git-verify.sh \
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
# build
sudo -u electrs /home/electrs/.cargo/bin/cargo build --locked --release || exit 1
echo
@ -478,8 +484,7 @@ fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
# setting value in raspiblitz config
/home/admin/config.scripts/blitz.conf.sh set ElectRS "off"
echo "# REMOVING ELECTRS"
# if second parameter is "deleteindex"
if [ "$2" == "deleteindex" ]; then
@ -487,23 +492,10 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
sudo rm -rf /mnt/hdd/app-storage/electrs/
fi
# Hidden Service if Tor is active
if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/tor.onion-service.sh off electrs
fi
isInstalled=$(sudo ls /etc/systemd/system/electrs.service 2>/dev/null | grep -c 'electrs.service')
if [ ${isInstalled} -eq 1 ]; then
echo "# REMOVING ELECTRS"
sudo systemctl disable electrs
sudo rm /etc/systemd/system/electrs.service
# delete user and home directory
sudo userdel -rf electrs
# close ports on firewall
sudo ufw deny 50001
sudo ufw deny 50002
echo "# OK ElectRS removed."
# restart BTC-RPC-Explorer to reconfigure itself to use electrs for address API
if [ "${BTCRPCexplorer}" == "on" ]; then
@ -512,8 +504,25 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
fi
else
echo "# ElectRS is not installed."
echo "# electrs.service is not installed."
fi
# Hidden Service if Tor is active
if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/tor.onion-service.sh off electrs
fi
# close ports on firewall
sudo ufw delete allow 50001
sudo ufw delete allow 50002
# delete user and home directory
sudo userdel -rf electrs
# setting value in raspiblitz config
/home/admin/config.scripts/blitz.conf.sh set ElectRS "off"
echo "# OK ElectRS removed."
exit 0
fi
@ -522,7 +531,7 @@ if [ "$1" = "update" ]; then
cd /home/electrs/electrs || exit 1
sudo -u electrs git fetch
localVersion=$(git describe --tag)
localVersion=$(/home/electrs/electrs/target/release/electrs --version)
updateVersion=$(curl --header "X-GitHub-Api-Version:2022-11-28" -s https://api.github.com/repos/romanz/electrs/releases/latest|grep tag_name|head -1|cut -d '"' -f4)
if [ $localVersion = $updateVersion ]; then
@ -532,12 +541,21 @@ if [ "$1" = "update" ]; then
sudo -u electrs git pull -p
echo "# Reset to the latest release tag: $updateVersion"
sudo -u electrs git reset --hard $updateVersion
sudo -u electrs /home/admin/config.scripts/blitz.git-verify.sh \
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
echo "# Installing build dependencies"
sudo -u electrs curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u electrs sh -s -- --default-toolchain none -y
sudo apt install -y clang cmake build-essential # for building 'rust-rocksdb'
echo
echo "# Build Electrs ..."
sudo -u electrs /home/electrs/.cargo/bin/cargo build --locked --release || exit 1
# update config
sed -i "/^server_banner =/d" /home/electrs/.electrs/config.toml
sudo bash -c "echo 'server_banner = \"Welcome to electrs $updateVersion - the Electrum Rust Server on your RaspiBlitz\"' >> /home/electrs/.electrs/config.toml"
sudo -u electrs sed -i "/^server_banner = /d" /home/electrs/.electrs/config.toml
sudo -u electrs bash -c "echo 'server_banner = \"Welcome to electrs $updateVersion - the Electrum Rust Server on your RaspiBlitz\"' >> /home/electrs/.electrs/config.toml"
echo "# Updated Electrs to $updateVersion"
fi

45
home.admin/config.scripts/bonus.go.sh
View file

@ -1,7 +1,12 @@
#!/usr/bin/env sh
# set version, check: https://golang.org/dl/
goVersion="1.18.7"
goVersion="1.19.5"
# checksums:
amd64Checksum="36519702ae2fd573c9869461990ae550c8c0d955cd28d2827a6b159fda81ff95"
armv6lChecksum="ec14f04bdaf4a62bdcf8b55b9b6434cc27c2df7d214d0bb7076a7597283b026a"
arm64Checksum="fc0aa29c933cec8d76f5435d859aaf42249aa08c74eb2d154689ae44c08d23b3"
downloadFolder="/home/admin/download"
usage() {
@ -14,19 +19,24 @@ case "$1" in
1 | on) # switch on
. /etc/profile # get Go vars - needed if there was no log-out since Go installed
printf "Check Framework: Go\n"
printf "# Check Framework: Go\n"
if go version 2>/dev/null | grep -q "${goVersion}"; then
printf "\nThe requested version of Go is already installed.\n"
go version
printf "\n"
else
architecture="$(uname -m)"
case "${architecture}" in
arm*) goOSversion="armv6l";;
aarch64) goOSversion="arm64";;
x86_64) goOSversion="amd64";;
*) printf %s"Not available for architecture=${architecture}\n"; exit 1
esac
goOSversion=$(dpkg --print-architecture)
if [ ${goOSversion} = "armv6l" ]; then
checksum=${armv6lChecksum}
elif [ ${goOSversion{} = "arm64" ]; then
checksum=${arm64Checksum}
elif [ ${goOSversion} = "amd64" ]; then
checksum=${amd64Checksum}
else
echo "# architecture $goOSversion not supported"
exit 1
fi
printf %s"\n*** Installing Go v${goVersion} for ${goOSversion} \n***"
wget https://dl.google.com/go/go${goVersion}.linux-${goOSversion}.tar.gz -P ${downloadFolder}
if [ ! -f "${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz" ]; then
@ -34,7 +44,13 @@ case "$1" in
rm -fv go${goVersion}.linux-${goOSversion}.tar.gz*
exit 1
fi
printf "Clean old Go version\n"
if ! echo ${checksum} ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz | sha256sum -c; then
printf "# FAIL: Download corrupted\n"
rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz*
exit 1
fi
printf "# Clean old Go version\n"
sudo rm -rf /usr/local/go /usr/local/gocode
sudo tar -C /usr/local -xzf ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz
rm -fv ${downloadFolder}/go${goVersion}.linux-${goOSversion}.tar.gz*
@ -46,7 +62,10 @@ case "$1" in
export PATH=$PATH:$GOPATH/bin
sudo grep -q "GOROOT=" /etc/profile || { printf "\nGOROOT=/usr/local/go\nPATH=\$PATH:\$GOROOT/bin/\nGOPATH=/usr/local/gocode\nPATH=\$PATH:\$GOPATH/bin/\n\n" | sudo tee -a /etc/profile; }
go env -w GOPATH=/usr/local/gocode # set GOPATH https://github.com/golang/go/wiki/SettingGOPATH
go version | grep -q "go" || { printf "FAIL: Unable to install Go\n"; exit 1; }
go version | grep -q "go" || {
printf "FAIL: Unable to install Go\n"
exit 1
}
printf %s"Installed $(go version 2>/dev/null)\n\n"
fi
;;
@ -54,9 +73,9 @@ case "$1" in
0 | off) # switch off
printf "*** REMOVING GO ***\n"
sudo rm -rf /usr/local/go /usr/local/gocode
printf "OK Go removed.\n"
printf "# OK Go removed.\n"
;;
*) usage
*) usage ;;
esac

6
home.admin/config.scripts/bonus.joinmarket.sh
View file

@ -6,7 +6,7 @@
# https://github.com/openoms/joininbox
# https://github.com/openoms/joininbox/tags
JBTAG="v0.7.4" # installs JoinMarket v0.9.8
JBTAG="v0.7.6" # installs JoinMarket v0.9.9
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -35,8 +35,8 @@ and start the JoininBox menu.
fi
# check if sudo
if [ "$EUID" -ne 0 ]
then echo "Please run as root (with sudo)"
if [ "$EUID" -ne 0 ]; then
echo "Please run as root (with sudo)"
exit
fi

32
home.admin/config.scripts/bonus.lnbits.sh
View file

@ -3,7 +3,7 @@
# https://github.com/lnbits/lnbits-legend
# https://github.com/lnbits/lnbits-legend/releases
tag="0.9.4"
tag="0.9.6"
VERSION="${tag}"
# command info
@ -174,10 +174,10 @@ https://${ip2torDomain}:${ip2torPort} ready for public use"
IP2TOR: https://${ip2torIP}:${ip2torPort}
SHA1 ${sslFingerprintTOR}\n
Consider adding a LetsEncrypt HTTPS Domain under OPTIONS."
# elif [ ${#publicDomain} -eq 0 ]; then
# text="${text}\n
#To enable easy reachability with normal browser from the outside
#Consider adding a IP2TOR Bridge under OPTIONS."
elif [ ${#publicDomain} -eq 0 ]; then
text="${text}\n
To enable easy reachability with normal browser from the outside
Consider adding a IP2TOR Bridge under OPTIONS."
fi
whiptail --title " LNbits ${fundinginfo}" --yes-button "OK" --no-button "OPTIONS" --yesno "${text}" 18 69
@ -194,16 +194,16 @@ Consider adding a LetsEncrypt HTTPS Domain under OPTIONS."
OPTIONS=()
# IP2TOR options
#if [ "${ip2torDomain}" != "" ]; then
# # IP2TOR+LetsEncrypt active - offer cancel
# OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
#elif [ "${ip2torIP}" != "" ]; then
# # just IP2TOR active - offer cancel or Lets Encrypt
# OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits")
# OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
#else
# OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription")
#fi
if [ "${ip2torDomain}" != "" ]; then
# IP2TOR+LetsEncrypt active - offer cancel
OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
elif [ "${ip2torIP}" != "" ]; then
# just IP2TOR active - offer cancel or Lets Encrypt
OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits")
OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
else
OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription")
fi
# Change Funding Source options (only if available)
if [ "${LNBitsFunding}" == "lnd" ] && [ "${cl}" == "on" ]; then
@ -608,7 +608,7 @@ if [ "$1" = "install" ]; then
exit 0
fi
echo "# *** INSTALL THUNDERHUB ***"
echo "# *** INSTALL LNBIS ${VERSION} ***"
# add lnbits user
echo "*** Add the 'lnbits' user ***"

4
home.admin/config.scripts/bonus.lndconnect.sh
View file

@ -98,7 +98,7 @@ elif [ "${targetWallet}" = "zeus-ios" ]; then
usingIP2TOR="LND-REST-API"
forceTOR=1
host=$(sudo cat /mnt/hdd/tor/lndrest8080/hostname)
connectInfo="- start the Zeus Wallet --> lndconnect\n- scan the QR code \n- activate 'Tor' option \n- activate 'Certification Verification' option\n- save Node Config"
connectInfo="- start the Zeus Wallet --> Scan Node Config\n- scan the QR code \n- save Node Config"
elif [ "${targetWallet}" = "zeus-android" ]; then
@ -106,7 +106,7 @@ elif [ "${targetWallet}" = "zeus-android" ]; then
usingIP2TOR="LND-REST-API"
forceTOR=1
host=$(sudo cat /mnt/hdd/tor/lndrest8080/hostname)
connectInfo="- start the Zeus Wallet --> lndconnect\n- scan the QR code \n- activate 'Tor' option \n- activate 'Certification Verification' option\n- save Node Config"
connectInfo="- start the Zeus Wallet --> Scan Node Config\n- scan the QR code \n- save Node Config"
elif [ "${targetWallet}" = "sendmany-android" ]; then

7
home.admin/config.scripts/bonus.lndg.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# https://github.com/cryptosharks131/lndg
VERSION="1.4.0 "
VERSION="1.5.0 "
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -166,6 +166,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
# using existing database, so remove newly created database and link to existing one
echo "Database already exists, using existing database"
sudo rm /home/lndg/lndg/data/db.sqlite3
sudo chown -R lndg:lndg /mnt/hdd/app-data/lndg
sudo chmod -R 755 /mnt/hdd/app-data/lndg
sudo chmod 644 /mnt/hdd/app-data/lndg/data/db.sqlite3
sudo -u lndg ln -sf /mnt/hdd/app-data/lndg/data/db.sqlite3 /home/lndg/lndg/data/db.sqlite3
sudo -u lndg /home/lndg/lndg/.venv/bin/python manage.py migrate
fi
@ -243,7 +246,7 @@ ExecStart=/home/lndg/lndg/.venv/bin/gunicorn lndg.wsgi -w 4 -b 0.0.0.0:8889
Restart=always
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
StandardError=append:/var/log/gunicorn_error.log
NotifyAccess=all
RestartSec=60s

4
home.admin/config.scripts/bonus.lndmanage.sh
View file

@ -9,7 +9,7 @@ fi
# set version of LND manage to install
# https://github.com/bitromortac/lndmanage/releases
lndmanageVersion="0.11.0"
lndmanageVersion="0.14.2"
pgpKeyDownload="https://github.com/bitromortac.gpg"
gpgFingerprint="0453B9F5071261A40FDB34181965063FC13BEBE2"
@ -69,7 +69,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "# installing ..."
python3 -m venv venv
source /home/admin/lndmanage/venv/bin/activate
python3 -m pip install lndmanage-0.11.0-py3-none-any.whl
python3 -m pip install lndmanage-${lndmanageVersion}-py3-none-any.whl
# get build dependencies
# python3 -m pip install --upgrade pip wheel setuptools

252
home.admin/config.scripts/bonus.lnproxy.sh Normal file
View file

@ -0,0 +1,252 @@
#!/bin/bash
# https://github.com/lnproxy/lnproxy/commits/main
LNPROXYVERSION="423723b58cc45daa2fdf6c8b22537d560aca4d7a"
# https://github.com/lnproxy/lnproxy-webui/commits/main
WEBUIVERSION=24d291c884a0b60126c1915301f29c893900a155
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "config script to install or uninstall the lnproxy server"
echo "bonus.lnproxy.sh [on|off|menu]"
echo "installs the version $LNPROXYVERSION by default"
exit 1
fi
source /mnt/hdd/raspiblitz.conf
localip=$(hostname -I | awk '{print $1}')
# menu
if [ "$1" = "menu" ]; then
if systemctl is-active --quiet lnproxy; then
# get network info
torAddress=$(sudo cat /mnt/hdd/tor/lnproxy/hostname 2>/dev/null)
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
if [ "${runBehindTor}" = "on" ] && [ -n "${torAddress}" ]; then
# Info with Tor
sudo /home/admin/config.scripts/blitz.display.sh qr "${torAddress}"
whiptail --title " lnproxy-webui and API" --msgbox "\
Open in your local web browser:
http://${localip}:4748
https://${localip}:4749 with Fingerprint:
${fingerprint}\n
Hidden Service address for Tor Browser (see LCD for QR):
${torAddress}\n
To use the API:
curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n
The Tor Hidden Service address to share for using the API:
${torAddress}/api
" 19 67
sudo /home/admin/config.scripts/blitz.display.sh hide
else
# Info without Tor
whiptail --title " lnproxy-webui " --msgbox "Open in your local web browser:
http://${localip}:4748\n
Activate Tor to access the web interface from outside your local network.
" 15 57
fi
echo "# please wait ..."
else
echo "# *** LNPROXY IS NOT INSTALLED ***"
fi
exit 0
fi
# install
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
if systemctl is-active --quiet lnproxy; then
echo "# FAIL - lnproxy already installed"
sleep 3
exit 1
fi
echo "*** INSTALL LNPROXY ***"
# check and install Go
/home/admin/config.scripts/bonus.go.sh on
# create lnproxy user
sudo adduser --disabled-password --gecos "" lnproxy
# create macaroon
cd /home/bitcoin || exit 1
sudo -u bitcoin lncli bakemacaroon --save_to lnproxy.macaroon \
uri:/lnrpc.Lightning/DecodePayReq \
uri:/lnrpc.Lightning/LookupInvoice \
uri:/invoicesrpc.Invoices/AddHoldInvoice \
uri:/invoicesrpc.Invoices/SubscribeSingleInvoice \
uri:/invoicesrpc.Invoices/CancelInvoice \
uri:/invoicesrpc.Invoices/SettleInvoice \
uri:/routerrpc.Router/SendPaymentV2
sudo mv ./lnproxy.macaroon /home/lnproxy/
sudo chown lnproxy:lnproxy /home/lnproxy/lnproxy.macaroon
sudo chmod 600 /home/lnproxy/lnproxy.macaroon
# make sure symlink to central app-data directory exists
sudo rm -rf /home/lnproxy/.lnd # not a symlink.. delete it silently
# create symlink
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lnproxy/.lnd"
# download source code
cd /home/lnproxy/ || exit 1
sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy.git /home/lnproxy/lnproxy
cd /home/lnproxy/lnproxy || exit 1
sudo -u lnproxy git reset --hard ${LNPROXYVERSION} || exit 1
# build
sudo -u lnproxy /usr/local/go/bin/go get lnproxy
sudo -u lnproxy /usr/local/go/bin/go build
# manual start (in tmux)
# sudo -u lnproxy /home/lnproxy/lnproxy/lnproxy -lnd-cert /home/lnproxy/.lnd/tls.cert /home/lnproxy/lnproxy.macaroon
# create systemd service
cat <<EOF | sudo tee /etc/systemd/system/lnproxy.service
[Unit]
Description=lnproxy
After=lnd.service
[Service]
User=lnproxy
Group=lnproxy
Type=simple
ExecStart=/home/lnproxy/lnproxy/lnproxy -lnd-cert /home/lnproxy/.lnd/tls.cert /home/lnproxy/lnproxy.macaroon
Restart=on-failure
RestartSec=30
TimeoutSec=120
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
EOF
# enable and start service
sudo systemctl enable lnproxy
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# OK - the lnproxy.service is enabled, system is on ready so starting service"
sudo systemctl start lnproxy
else
echo "# OK - the lnproxy.service is enabled, to start manually use: sudo systemctl start lnproxy"
fi
# lnproxy-webui
cd /home/lnproxy/ || exit 1
sudo -u lnproxy git clone https://github.com/lnproxy/lnproxy-webui
cd /home/lnproxy/lnproxy-webui || exit 1
sudo -u lnproxy git reset --hard ${WEBUIVERSION} || exit 1
# build
sudo -u lnproxy /usr/local/go/bin/go get lnproxy-webui
sudo -u lnproxy /usr/local/go/bin/go build
# create systemd service
cat <<EOF | sudo tee /etc/systemd/system/lnproxy-webui.service
[Unit]
Description=lnproxy-webui
After=lnproxy.service
[Service]
WorkingDirectory=/home/lnproxy/lnproxy-webui
User=lnproxy
Group=lnproxy
Type=simple
ExecStart=/home/lnproxy/lnproxy-webui/lnproxy-webui
Restart=on-failure
RestartSec=30
TimeoutSec=120
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
EOF
# enable and start service
sudo systemctl enable lnproxy-webui
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# OK - the lnproxy-webui.service is enabled, system is on ready so starting service"
sudo systemctl start lnproxy-webui
else
echo "# OK - the lnproxy-webui.service is enabled, to start manually use: sudo systemctl start lnproxy-webui"
fi
##################
# NGINX
##################
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/lnproxy_ssl.conf ]; then
sudo cp -f /home/admin/assets/nginx/sites-available/lnproxy_ssl.conf /etc/nginx/sites-available/lnproxy_ssl.conf
fi
if ! [ -f /etc/nginx/sites-available/lnproxy_tor.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/lnproxy_tor.conf /etc/nginx/sites-available/lnproxy_tor.conf
fi
if ! [ -f /etc/nginx/sites-available/lnproxy_tor_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf /etc/nginx/sites-available/lnproxy_tor_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/lnproxy_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/lnproxy_tor.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/lnproxy_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
sudo ufw allow 4747 comment lnproxy-HTTP
sudo ufw allow 4748 comment lnproxy-webui-HTTP
sudo ufw allow 4749 comment lnproxy-HTTPS
/home/admin/config.scripts/tor.onion-service.sh lnproxy 80 4750 443 4751
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set lnproxy "on"
echo "# API:"
echo "curl http://${localip}:4747/{your_invoice}?routing_msat={routing_budget}"
echo "# WebUI:"
echo "http://${localip}:4748"
echo "# More info at:"
echo "https://github.com/lnproxy/lnproxy"
exit 0
fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "*** REMOVING LNPROXY***"
# remove user and home directory
sudo userdel -rf lnproxy
# remove systemd services
sudo systemctl disable --now lnproxy
/etc/systemd/system/lnproxy.service
sudo systemctl disable --now lnproxy-webui
/etc/systemd/system/lnproxy-webui.service
# remove Tor service
/home/admin/config.scripts/tor.onion-service.sh off lnproxy
# close ports on firewall
sudo ufw delete allow 4747
sudo ufw delete allow 4748
sudo ufw delete allow 4749
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set lnproxy "off"
echo "# OK, lnproxy is removed."
exit 0
fi

9
home.admin/config.scripts/bonus.postgresql.sh
View file

@ -51,7 +51,7 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then
fix_postgres=1
fi
if [ fix_postgres = 1 ] || [ ! -d /mnt/hdd/app-data/postgresql ]; then
if [ ${fix_postgres} = 1 ] || [ ! -d /mnt/hdd/app-data/postgresql ]; then
echo "# Move the PostgreSQL data to /mnt/hdd/app-data/postgresql"
sudo systemctl stop postgresql 2>/dev/null
sudo rsync -av $postgres_datadir /mnt/hdd/app-data
@ -67,9 +67,8 @@ if [ "$command" = "1" ] || [ "$command" = "on" ]; then
# wait for the postgres server to start
count=0
count_max=30
while ! nc -zv 127.0.0.1 5432 2>/dev/null;
do
count=`expr $count + 1`
while ! nc -zv 127.0.0.1 5432 2>/dev/null; do
count=$((count + 1))
echo "sleep $count/$count_max"
sleep 1
if [ $count = $count_max ]; then
@ -103,7 +102,7 @@ fi
# backup
backup_target="/mnt/hdd/app-data/backup/$db_name"
backup_file="${db_name}_`date +%d`-`date +%m`-`date +%Y`_`date +%H`-`date +%M`_dump"
backup_file="${db_name}_$(date +%d)-$(date +%m)-$(date +%Y)_$(date +%H)-$(date +%M)_dump"
if [ ! -d $backup_target ]; then
sudo mkdir -p $backup_target 1>&2
fi

6
home.admin/config.scripts/bonus.sphinxrelay.sh
View file

@ -108,9 +108,9 @@ iOS support is native, Android needs Orbot"
At the moment your Sphinx Relay Server is just available
within the local network - without transport encryption.
Local server for test & debug: ${publicURL}/app"#\n
#To enable easy reachability from the outside consider
#adding a IP2TOR Bridge and reconnect:
#MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
To enable easy reachability from the outside consider
adding a IP2TOR Bridge and reconnect:
MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
extraPairInfo="You need to be on the same local network to make this work."
else

16
home.admin/config.scripts/bonus.suez.sh
View file

@ -1,7 +1,7 @@
#!/bin/bash
# https://github.com/prusnak/suez/commits/master
SUEZVERSION="e402edbddb45d8a53af346b8582243f4068ece6c"
SUEZVERSION="bcfd3502ac1f7d95b90c62c1daeae50aa7052be7"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -12,7 +12,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
fi
PGPsigner="prusnak"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
PGPpubkeyLink="https://rusnak.io/public/pgp.txt"
PGPpubkeyFingerprint="91F3B339B9A02A3D"
source /mnt/hdd/raspiblitz.conf
@ -21,8 +21,7 @@ source /mnt/hdd/raspiblitz.conf
if [ "$1" = "menu" ]; then
dialog --title " Info Suez" --msgbox "
Suez is a command line tool.
Type: 'suez' for the default channel visualization for LND
Type: 'suez --help' in the command line to see the usage options.
Type: 'suez' to visualize the channels of the default ln instance
Readme: https://github.com/prusnak/suez#readme
" 10 75
exit 0
@ -46,11 +45,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
echo "# Adding alias"
sudo -u admin touch /home/admin/_aliases
echo "alias suez='cd /home/bitcoin/suez && sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez'"\
| sudo tee -a /home/admin/_aliases
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set suez "on"
@ -65,16 +59,14 @@ fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "# REMOVING SUEZ"
sudo rm -rf /home/bitcoin/suez
echo "# OK, suez is removed."
echo "# OK, Suez is removed."
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set suez "off"
exit 0
fi
# update

2
home.admin/config.scripts/bonus.tallycoin-connect.sh
View file

@ -8,7 +8,7 @@ HOME_DIR=/home/$USERNAME
CONFIG_FILE=$APP_DATA_DIR/tallycoin_api.key
RASPIBLITZ_INFO=/home/admin/raspiblitz.info
SERVICE_FILE=/etc/systemd/system/tallycoin-connect.service
TC_VERSION=1.7.1
TC_VERSION=1.7.5
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then

2
home.admin/config.scripts/cl.backup.sh
View file

@ -189,7 +189,7 @@ if [ ${mode} = "cl-export-gui" ]; then
echo
echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
echo "sftp '${fileowner}@${localip}:${filename}' ./"
echo "ON WINDOWS USE:"
echo "ON WINDOWS - RUN IN CMD:"
echo "sftp ${fileowner}@${localip}:${filename} ."
echo
echo "Use password A to authenticate file transfer."

2
home.admin/config.scripts/cl.hsmtool.sh
View file

@ -156,7 +156,7 @@ function decryptHSMsecret() {
/home/admin/config.scripts/cl.hsmtool.sh unlock ${CHAIN}
# attempt to decrypt again
sudo cat $passwordFile | sudo -u bitcoin lightning-hsmtool decrypt \
"$hsmSecretPath" || echo "# Couldn't decrypt"; exit 1
"$hsmSecretPath" || (echo "# Couldn't decrypt"; exit 1)
fi
fi
shredPasswordFile

2
home.admin/config.scripts/lnd.backup.sh
View file

@ -199,7 +199,7 @@ if [ ${mode} = "lnd-export-gui" ]; then
echo
echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
echo "sftp '${fileowner}@${localip}:${filename}' ./"
echo "ON WINDOWS USE:"
echo "ON WINDOWS - RUN IN CMD:"
echo "sftp ${fileowner}@${localip}:${filename} ."
echo "Use password A to authenticate file transfer."
echo

6
home.admin/config.scripts/lnd.export.sh
View file

@ -136,9 +136,9 @@ elif [ "${exportType}" = "btcpay" ]; then
echo "NOTE: You have a IP2TOR connection for LND REST API .. so you can use this connection string also with a external BTCPay server."
else
echo "IMPORTANT: You can only use this connection string for a BTCPay server running on this RaspiBlitz."
#echo "If you want to connect from a external BTCPay server activate a IP2TOR tunnel for LND-REST first:"
#echo "MAIN MENU > SUBSCRIBE > IP2TOR > LND REST API"
#echo "Then come back and get a new connection string."
echo "If you want to connect from a external BTCPay server activate a IP2TOR tunnel for LND-REST first:"
echo "MAIN MENU > SUBSCRIBE > IP2TOR > LND REST API"
echo "Then come back and get a new connection string."
fi
echo ""

123
home.admin/config.scripts/network.reindex.sh
View file

@ -1,93 +1,54 @@
#!/bin/bash
# command info
if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "script to run re-index if the blockchain (in case of repair)"
echo "run to start or monitor re-index progress"
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "script to run re-index if the blockchain - blocks will not be deleted but re-indexed"
echo "will trigger reboot after started and progress can be monitored thru normal sync status"
echo "There are two ways to re-index - for details see: https://bitcoin.stackexchange.com/a/60711"
echo "network.reindex.sh reindex [mainnet|testnet|signet] --> re-index chain & repair corrupt blocks"
echo "network.reindex.sh reindex-chainstate [mainnet|testnet|signet] --> only re-build UTXO set (fast)"
exit 1
fi
# check and load raspiblitz config
# to know which network is running
source /home/admin/raspiblitz.info
source /mnt/hdd/raspiblitz.conf
# if re-index is not running, start ...
source <(/home/admin/_cache.sh get state)
if [ "${state}" != "reindex" ]; then
if [ "$1" = "reindex" ] || [ "$1" = "reindex-chainstate" ]; then
# stop services
echo "making sure services are not running .."
sudo systemctl stop lnd 2>/dev/null
sudo systemctl stop ${network}d 2>/dev/null
action="$1"
# network prefixes
if [ "$2" = "mainnet" ]; then
echo "# network.reindex.sh ${action} --> mainnet"
prefix=""
netparam=""
elif [ "$2" = "testnet" ]; then
echo "# network.reindex.sh ${action} --> testnet"
prefix="t"
netparam="-testnet "
elif [ "$2" = "signet" ]; then
echo "# network.reindex.sh ${action} --> signet"
prefix="s"
netparam="-signet "
else
echo "error='unknown/missing secondary parameter'"
exit 1
fi
# stop bitcoin service
echo "# stopping ${network} service (please wait - can take time) .."
sudo systemctl stop ${prefix}${network}d
# starting reindex
echo "starting re-index ..."
sudo -u bitcoin /usr/local/bin/${network}d -daemon -reindex -conf=/home/bitcoin/.${network}/${network}.conf -datadir=/home/bitcoin/.${network}
# set reindex flag in raspiblitz.info (gets deleted after (final) reboot)
sudo sed -i "s/^state=.*/state=reindex/g" /home/admin/raspiblitz.info
fi
# while loop to wait to finish
finished=0
progress=0
while [ ${finished} -eq 0 ]
do
clear
echo "*************************"
echo "REINDEXING BLOCKCHAIN"
echo "*************************"
date
echo "THIS CAN TAKE SOME VERY LONG TIME"
echo "See Raspiblitz FAQ: https://github.com/rootzoll/raspiblitz"
echo "On question: My blockchain data is corrupted - what can I do?"
echo "If you dont see any progress after 24h keep X pressed to stop."
# get blockchain sync progress
blockchaininfo=$(sudo -u bitcoin ${network}-cli -datadir=/home/bitcoin/.${network} getblockchaininfo)
progress=$(echo "${blockchaininfo}" | jq -r '.verificationprogress')
#progress=$(echo "${progress}*100" | bc)
progress=$(echo $progress | awk '{printf( "%.2f%%", 100 * $1)}')
inprogress="$(echo "${blockchaininfo}" | jq -r '.initialblockdownload')"
if [ "${inprogress}" = "false" ]; then
finished=1
fi
echo ""
echo "RUNNING: ${inprogress}"
echo "PROGRESS: ${progress}"
echo ""
echo "You can close terminal while reindex is running.."
echo "But you have to login again to check if ready."
# wait 2 seconds for key input
read -n 1 -t 2 keyPressed
# check if user wants to abort monitor
if [ "${keyPressed}" = "x" ]; then
echo "stopped by user ..."
break
fi
done
# trigger reboot when finished
echo "*************************"
if [ ${finished} -eq 0 ]; then
echo "Re-Index CANCELED"
else
echo "Re-Index finished"
fi
echo "Starting reboot ..."
echo "*************************"
# stop bitcoind
sudo -u bitcoin ${network}-cli stop
sleep 4
# clean logs (to prevent a false reindex detection)
sudo rm /mnt/hdd/${network}/debug.log 2>/dev/null
# reboot
echo "# starting ${network} service with -${action} flag"
sudo -u bitcoin /usr/local/bin/${network}d ${netparam}-daemon -blockfilterindex=0 -${action} -conf=/mnt/hdd/${network}/${network}.conf -datadir=/mnt/hdd/${network} 1>&2
echo "# waiting 10 secs"
sleep 10
echo "# going into reboot - reindex process can be monitored like normal blockchain sync status"
sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
exit 0
fi
echo "error='unknown main parameter'"
exit 1

36
home.admin/config.scripts/network.txindex.sh
View file

@ -30,36 +30,47 @@ if [ "$1" = "status" ]; then
echo "##### STATUS TXINDEX"
indexByteSize=$(sudo du -s /mnt/hdd/bitcoin/indexes/txindex 2>/dev/null | cut -f1)
if [ "${indexByteSize}" == "" ]; then
indexByteSize=0
fi
echo "txindex=${txindex}"
echo "indexByteSize=${indexByteSize}"
if [ ${txindex} -eq 0 ]; then
exit 0
fi
# try to gather if still indexing
source <(/home/admin/_cache.sh get btc_mainnet_blocks_headers)
blockchainHeight="${btc_mainnet_blocks_headers}"
indexedToBlock=$(sudo tail -n 200 /mnt/hdd/${network}${pathAdd}/debug.log | grep "Syncing txindex with block chain from height" | tail -n 1 | cut -d " " -f 9 | sed 's/[^0-9]*//g')
blockchainHeight=$(sudo -u bitcoin ${network}-cli getblockchaininfo 2>/dev/null | jq -r '.blocks' | sed 's/[^0-9]*//g')
indexFinished=$(sudo tail -n 200 /mnt/hdd/${network}${pathAdd}/debug.log | grep -c "txindex is enabled at height")
echo "indexedToBlock=${indexedToBlock}"
echo "blockchainHeight=${blockchainHeight}"
echo "indexFinished=${indexFinished}"
if [ ${#indexedToBlock} -eq 0 ] || [ ${indexFinished} -gt 0 ] || [ "${indexedToBlock}" = "${blockchainHeight}" ]; then
echo "isIndexed=1"
indexedToBlock=$blockchainHeight
indexFinished=1
indexInfo="OK"
else
echo "isIndexed=0"
if [ ${#indexedToBlock} -gt 0 ] && [ ${#blockchainHeight} -gt 0 ]; then
progressPercent=$(printf %.2f $(echo "${indexedToBlock}/${blockchainHeight}*100" | bc -l))
indexInfo="Indexing is at ${progressPercent}% (please wait)"
indexInfo="Building ${progressPercent}% (please wait)"
else
indexInfo="Indexing is running (please wait)"
indexInfo="Building (please wait)"
fi
echo "indexInfo='${indexInfo}'"
fi
echo "indexFinished=${indexFinished}"
echo "indexedToBlock=${indexedToBlock}"
echo "blockchainHeight=${blockchainHeight}"
exit 0
fi
###################
# switch on
###################
@ -84,27 +95,26 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
fi
fi
###################
# switch off
###################
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "# changing config ..."
sudo sed -i "s/^txindex=.*/txindex=0/g" /mnt/hdd/${network}/${network}.conf
echo "# deinstalling apps needing txindex ..."
sudo -u admin /home/admin/config.scripts/bonus.btc-rpc-explorer.sh off
echo "# restarting bitcoind ..."
sudo systemctl restart ${network}d
exit 0
fi
###################
# delete (and make sure all using apps are deinstalled)
# on version update check all bonus scripts that this network.txindex.sh on
###################
if [ "$1" = "delete" ]; then
echo "# deinstalling apps needing txindex ..."
sudo -u admin /home/admin/config.scripts/bonus.btc-rpc-explorer.sh off
echo "# changing config ..."
echo "# stopping bitcoind ..."
sudo systemctl stop ${network}d
sudo sed -i "s/^txindex=.*/txindex=0/g" /mnt/hdd/${network}/${network}.conf
echo "# deleting tx index ..."
sudo rm -r /mnt/hdd/${network}/indexes/txindex
echo "# restarting bitcoind ..."

4
home.admin/config.scripts/tor.network.sh
View file

@ -71,7 +71,7 @@ deactivateBitcoinOverTor()
[ -f "/home/admin/raspiblitz.info" ] && . /home/admin/raspiblitz.info
[ -f "/mnt/hdd/raspiblitz.conf" ] && . /mnt/hdd/raspiblitz.conf
torActive=$(sudo systemctl is-active tor@default | grep -c "active")
torActive=$(systemctl is-active tor@default | grep -c "^active")
curl --socks5 127.0.0.1:9050 --socks5-hostname 127.0.0.1:9050 -m 5 -s https://check.torproject.org/api/ip | grep -q "\"IsTor\":true" && torFunctional=1
case "$1" in
@ -156,7 +156,7 @@ EOF
sudo chmod -R 700 /mnt/hdd/tor
sudo chown -R debian-tor:debian-tor /mnt/hdd/tor
sudo systemctl restart tor@default
echo "OK - Tor is now $(sudo systemctl is-active tor@default)"
echo "OK - Tor is now $(systemctl is-active tor@default)"
echo "needs reboot to activate new setting"
;;