mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-02-25 07:07:46 +01:00
Merge pull request #1147 from frennkie/add-macaroon-store
Add central LND credential store (e.g. macaroons)
This commit is contained in:
commit
8b25b150ed
13 changed files with 272 additions and 173 deletions
|
@ -101,7 +101,7 @@ if [ "${baseImage}" = "raspbian" ] || [ "${baseImage}" = "dietpi" ] ; then
|
||||||
sudo sed -i "s/^ SendEnv LANG LC.*/# SendEnv LANG LC_*/g" /etc/ssh/ssh_config
|
sudo sed -i "s/^ SendEnv LANG LC.*/# SendEnv LANG LC_*/g" /etc/ssh/ssh_config
|
||||||
|
|
||||||
# remove unneccesary files
|
# remove unneccesary files
|
||||||
sudo rm -rf /home/pi/MagPi
|
sudo rm -rf /home/pi/MagPi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# remove some (big) packages that are not needed
|
# remove some (big) packages that are not needed
|
||||||
|
@ -281,7 +281,7 @@ sudo apt-get install -y fbi
|
||||||
sudo apt install -y sysbench
|
sudo apt install -y sysbench
|
||||||
|
|
||||||
# check for dependencies on DietPi, Ubuntu, Armbian
|
# check for dependencies on DietPi, Ubuntu, Armbian
|
||||||
sudo apt install -y build-essential
|
sudo apt install -y build-essential
|
||||||
if [ "${baseImage}" = "armbian" ]; then
|
if [ "${baseImage}" = "armbian" ]; then
|
||||||
# add armbian config
|
# add armbian config
|
||||||
sudo apt --fix-broken install -y
|
sudo apt --fix-broken install -y
|
||||||
|
@ -330,6 +330,13 @@ echo "*** ADDING SERVICE USER bitcoin"
|
||||||
sudo adduser --disabled-password --gecos "" bitcoin
|
sudo adduser --disabled-password --gecos "" bitcoin
|
||||||
echo "bitcoin:raspiblitz" | sudo chpasswd
|
echo "bitcoin:raspiblitz" | sudo chpasswd
|
||||||
|
|
||||||
|
echo ""
|
||||||
|
echo "*** ADDING GROUPS FOR CREDENTIALS STORE ***"
|
||||||
|
# access to credentials (e.g. macaroon files) in a central location is managed with unix groups and permissions
|
||||||
|
sudo /usr/sbin/groupadd --force --gid 9700 lndadmin
|
||||||
|
sudo /usr/sbin/groupadd --force --gid 9701 lndinvoice
|
||||||
|
sudo /usr/sbin/groupadd --force --gid 9702 lndreadonly
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "*** SWAP FILE ***"
|
echo "*** SWAP FILE ***"
|
||||||
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#moving-the-swap-file
|
# based on https://github.com/Stadicus/guides/blob/master/raspibolt/raspibolt_20_pi.md#moving-the-swap-file
|
||||||
|
@ -709,7 +716,7 @@ sudo -u admin chmod -R 755 LCD-show
|
||||||
sudo -u admin chown -R admin:admin LCD-show
|
sudo -u admin chown -R admin:admin LCD-show
|
||||||
cd LCD-show/
|
cd LCD-show/
|
||||||
# set comit hard to old version - that seemed to run better
|
# set comit hard to old version - that seemed to run better
|
||||||
#
|
#
|
||||||
sudo -u admin git reset --hard ce52014
|
sudo -u admin git reset --hard ce52014
|
||||||
|
|
||||||
# install xinput calibrator package
|
# install xinput calibrator package
|
||||||
|
|
|
@ -87,7 +87,7 @@ fi
|
||||||
|
|
||||||
OPTIONS+=(SERVICES "Activate/Deactivate Services")
|
OPTIONS+=(SERVICES "Activate/Deactivate Services")
|
||||||
OPTIONS+=(MOBILE "Connect Mobile Wallet")
|
OPTIONS+=(MOBILE "Connect Mobile Wallet")
|
||||||
OPTIONS+=(EXPORT "Macaroons and TLS.cert")
|
OPTIONS+=(LNDCREDS "Manage LND Credentials")
|
||||||
OPTIONS+=(NAME "Change Name/Alias of Node")
|
OPTIONS+=(NAME "Change Name/Alias of Node")
|
||||||
OPTIONS+=(PASSWORD "Change Passwords")
|
OPTIONS+=(PASSWORD "Change Passwords")
|
||||||
|
|
||||||
|
@ -210,8 +210,8 @@ case $CHOICE in
|
||||||
MOBILE)
|
MOBILE)
|
||||||
/home/admin/97addMobileWallet.sh
|
/home/admin/97addMobileWallet.sh
|
||||||
;;
|
;;
|
||||||
EXPORT)
|
LNDCREDS)
|
||||||
sudo /home/admin/config.scripts/lnd.export.sh
|
sudo /home/admin/config.scripts/lnd.credentials.sh
|
||||||
;;
|
;;
|
||||||
NAME)
|
NAME)
|
||||||
sudo /home/admin/config.scripts/lnd.setname.sh
|
sudo /home/admin/config.scripts/lnd.setname.sh
|
||||||
|
|
|
@ -450,7 +450,7 @@ if [ ${macaroonExists} -eq 0 ]; then
|
||||||
sleep 3
|
sleep 3
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check if macatoon exists now - if not fail
|
# check if macaroon exists now - if not fail
|
||||||
macaroonExists=$(sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon 2>/dev/null | grep -c admin.macaroon)
|
macaroonExists=$(sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon 2>/dev/null | grep -c admin.macaroon)
|
||||||
if [ ${macaroonExists} -eq 0 ]; then
|
if [ ${macaroonExists} -eq 0 ]; then
|
||||||
sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon
|
sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon
|
||||||
|
@ -463,7 +463,7 @@ if [ ${macaroonExists} -eq 0 ]; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# copy macaroons to all needed users
|
# copy macaroons to all needed users
|
||||||
sudo /home/admin/config.scripts/lnd.check.sh update-credentials
|
sudo /home/admin/config.scripts/lnd.credentials.sh sync
|
||||||
echo "OK - LND Macaroons created and copied"
|
echo "OK - LND Macaroons created and copied"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
|
|
|
@ -202,19 +202,20 @@ do
|
||||||
echo "--> Channel Backup File changed"
|
echo "--> Channel Backup File changed"
|
||||||
|
|
||||||
# make copy to sd card (as local basic backup)
|
# make copy to sd card (as local basic backup)
|
||||||
|
# ToDo(frennkie) /home/admin/.lnd/ no longer is on the SD card
|
||||||
sudo mkdir -p /home/admin/.lnd/data/chain/${network}/${chain}net/ 2>/dev/null
|
sudo mkdir -p /home/admin/.lnd/data/chain/${network}/${chain}net/ 2>/dev/null
|
||||||
sudo cp /mnt/hdd/lnd/data/chain/${network}/${chain}net/channel.backup /home/admin/.lnd/data/chain/${network}/${chain}net/channel.backup
|
sudo cp /mnt/hdd/lnd/data/chain/${network}/${chain}net/channel.backup /home/admin/.lnd/data/chain/${network}/${chain}net/channel.backup
|
||||||
echo "OK channel.backup copied to '/home/admin/.lnd/data/chain/${network}/${chain}net/channel.backup'"
|
echo "OK channel.backup copied to '/home/admin/.lnd/data/chain/${network}/${chain}net/channel.backup'"
|
||||||
|
|
||||||
# check if a SCP backup target is set
|
# check if a SCP backup target is set
|
||||||
# paramter in raspiblitz.conf:
|
# parameter in raspiblitz.conf:
|
||||||
# scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'
|
# scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'
|
||||||
# On target server add the public key of your RaspiBlitz to the authorized_keys for the user
|
# On target server add the public key of your RaspiBlitz to the authorized_keys for the user
|
||||||
# https://www.linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/
|
# https://www.linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/
|
||||||
if [ ${#scpBackupTarget} -gt 0 ]; then
|
if [ ${#scpBackupTarget} -gt 0 ]; then
|
||||||
echo "--> Offsite-Backup SCP Server"
|
echo "--> Offsite-Backup SCP Server"
|
||||||
# its ok to ignore known host, because data is encrypted (worst case of MiM would be: no offsite channel backup)
|
# its ok to ignore known host, because data is encrypted (worst case of MiM would be: no offsite channel backup)
|
||||||
# but its more likely that whithout ignoriing known host, script might not run thru and that way: no offsite channel backup
|
# but its more likely that without ignoring known host, script might not run thru and that way: no offsite channel backup
|
||||||
sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null /home/admin/.lnd/data/chain/${network}/${chain}net/channel.backup ${scpBackupTarget}/channel.backup
|
sudo scp -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null /home/admin/.lnd/data/chain/${network}/${chain}net/channel.backup ${scpBackupTarget}/channel.backup
|
||||||
result=$?
|
result=$?
|
||||||
if [ ${result} -eq 0 ]; then
|
if [ ${result} -eq 0 ]; then
|
||||||
|
@ -225,7 +226,7 @@ do
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# check if a DropBox backup target is set
|
# check if a DropBox backup target is set
|
||||||
# paramter in raspiblitz.conf:
|
# parameter in raspiblitz.conf:
|
||||||
# dropboxBackupTarget='[DROPBOX-APP-OAUTH2-TOKEN]'
|
# dropboxBackupTarget='[DROPBOX-APP-OAUTH2-TOKEN]'
|
||||||
# see dropbox setup: https://gist.github.com/vindard/e0cd3d41bb403a823f3b5002488e3f90
|
# see dropbox setup: https://gist.github.com/vindard/e0cd3d41bb403a823f3b5002488e3f90
|
||||||
if [ ${#dropboxBackupTarget} -gt 0 ]; then
|
if [ ${#dropboxBackupTarget} -gt 0 ]; then
|
||||||
|
|
|
@ -98,9 +98,15 @@ EOF
|
||||||
# remove minimize, maximize, close from titlebar
|
# remove minimize, maximize, close from titlebar
|
||||||
sudo sed -i -E 's/titleLayout>LIMC/titleLayout>L/g' /etc/xdg/openbox/lxde-pi-rc.xml
|
sudo sed -i -E 's/titleLayout>LIMC/titleLayout>L/g' /etc/xdg/openbox/lxde-pi-rc.xml
|
||||||
|
|
||||||
# make sure that the directory for tls & macaroons exists
|
echo "make sure pi is member of lndreadonly and lndinvoice"
|
||||||
# fresh copy will be put there by bootstrap script on every start- restart needed
|
sudo /usr/sbin/usermod --append --groups lndinvoice pi
|
||||||
sudo mkdir -p /home/pi/.lnd 2>/dev/null
|
sudo /usr/sbin/usermod --append --groups lndreadonly pi
|
||||||
|
|
||||||
|
echo "make sure symlink to central app-data directory exists"
|
||||||
|
if ! [[ -L "/home/pi/.lnd" ]]; then
|
||||||
|
sudo rm -rf "/home/pi/.lnd" # not a symlink.. delete it silently
|
||||||
|
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/pi/.lnd" # and create symlink
|
||||||
|
fi
|
||||||
|
|
||||||
# rotate touchscreen based on if LCD is rotated
|
# rotate touchscreen based on if LCD is rotated
|
||||||
if [ "${lcdrotate}" = "0" ]; then
|
if [ "${lcdrotate}" = "0" ]; then
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0
|
# Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0
|
||||||
|
|
||||||
# command info
|
# command info
|
||||||
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
||||||
|
@ -51,13 +51,24 @@ fi
|
||||||
|
|
||||||
# write-tls-macaroon
|
# write-tls-macaroon
|
||||||
if [ "$1" = "write-tls-macaroon" ]; then
|
if [ "$1" = "write-tls-macaroon" ]; then
|
||||||
|
|
||||||
|
echo "make sure btcpay is member of lndadmin"
|
||||||
|
sudo /usr/sbin/usermod --append --groups lndadmin btcpay
|
||||||
|
|
||||||
|
echo "make sure symlink to central app-data directory exists"
|
||||||
|
if ! [[ -L "/home/btcpay/.lnd" ]]; then
|
||||||
|
sudo rm -rf "/home/btcpay/.lnd" # not a symlink.. delete it silently
|
||||||
|
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/btcpay/.lnd" # and create symlink
|
||||||
|
fi
|
||||||
|
|
||||||
# copy admin macaroon
|
# copy admin macaroon
|
||||||
echo "copyin admin.macaroon for btcpay"
|
echo "extra symlink to admin.macaroon for btcpay"
|
||||||
sudo cp /mnt/hdd/lnd/data/chain/bitcoin/mainnet/admin.macaroon /home/btcpay/admin.macaroon
|
if ! [[ -L "/home/btcpay/admin.macaroon" ]]; then
|
||||||
sudo chown btcpay:btcpay /home/btcpay/admin.macaroon
|
sudo ln -s "/home/btcpay/.lnd/data/chain/${network}/${chain}net/admin.macaroon" "/home/btcpay/admin.macaroon"
|
||||||
sudo chmod 600 /home/btcpay/admin.macaroon
|
fi
|
||||||
|
|
||||||
# set thumbprint
|
# set thumbprint
|
||||||
FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/admin/.lnd/tls.cert | cut -c 20-)
|
FINGERPRINT=$(openssl x509 -noout -fingerprint -sha256 -inform pem -in /home/btcpay/.lnd/tls.cert | cut -d"=" -f2)
|
||||||
doesNetworkEntryAlreadyExists=$(sudo cat /home/btcpay/.btcpayserver/Main/settings.config | grep -c '^network=')
|
doesNetworkEntryAlreadyExists=$(sudo cat /home/btcpay/.btcpayserver/Main/settings.config | grep -c '^network=')
|
||||||
if [ ${doesNetworkEntryAlreadyExists} -eq 0 ]; then
|
if [ ${doesNetworkEntryAlreadyExists} -eq 0 ]; then
|
||||||
echo "setting the LND TLS thumbprint for BTCPay"
|
echo "setting the LND TLS thumbprint for BTCPay"
|
||||||
|
@ -76,10 +87,8 @@ BTC.lightning=type=lnd-rest;server=https://127.0.0.1:8080/;macaroonfilepath=/hom
|
||||||
" | sudo -u btcpay tee -a /home/btcpay/.btcpayserver/Main/settings.config
|
" | sudo -u btcpay tee -a /home/btcpay/.btcpayserver/Main/settings.config
|
||||||
else
|
else
|
||||||
echo "setting new LND TLS thumbprint for BTCPay"
|
echo "setting new LND TLS thumbprint for BTCPay"
|
||||||
sudo -u btcpay sed -i \
|
s="BTC.lightning=type=lnd-rest\;server=https\://127.0.0.1:8080/\;macaroonfilepath=/home/btcpay/admin.macaroon\;"
|
||||||
"s/^BTC.lightning=type=lnd-rest\;server=https\:\/\/127.0.0.1:8080\/\;macaroonfilepath=\/home\/btcpay\/admin.macaroon\;certthumbprint=.*\
|
sudo -u btcpay sed -i "s|^${s}certthumbprint=.*|${s}certthumbprint=$FINGERPRINT|g" /home/btcpay/.btcpayserver/Main/settings.config
|
||||||
/BTC.lightning=type=lnd-rest\;server=https\:\/\/127.0.0.1:8080\/\;macaroonfilepath=\/home\/btcpay\/admin.macaroon\;certthumbprint=$FINGERPRINT/g" \
|
|
||||||
/home/btcpay/.btcpayserver/Main/settings.config
|
|
||||||
fi
|
fi
|
||||||
sudo systemctl restart btcpayserver
|
sudo systemctl restart btcpayserver
|
||||||
exit 0
|
exit 0
|
||||||
|
@ -90,11 +99,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
echo "*** INSTALL BTCPAYSERVER ***"
|
echo "*** INSTALL BTCPAYSERVER ***"
|
||||||
|
|
||||||
# --> just serving directly thru TOR for now
|
# --> just serving directly thru TOR for now
|
||||||
# setting up nginx and the SSL certificate
|
# setting up nginx and the SSL certificate
|
||||||
#/home/admin/config.scripts/bonus.btcpaysetdomain.sh
|
#/home/admin/config.scripts/bonus.btcpaysetdomain.sh
|
||||||
#errorOnInstall=$?
|
#errorOnInstall=$?
|
||||||
#if [ ${errorOnInstall} -eq 1 ]; then
|
#if [ ${errorOnInstall} -eq 1 ]; then
|
||||||
# echo "exiting as user cancelled BTCPayServer installation"
|
# echo "exiting as user cancelled BTCPayServer installation"
|
||||||
# exit 1
|
# exit 1
|
||||||
#fi
|
#fi
|
||||||
|
|
||||||
|
@ -136,7 +145,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
echo "Installing .NET"
|
echo "Installing .NET"
|
||||||
echo "***"
|
echo "***"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
# download dotnet-sdk
|
# download dotnet-sdk
|
||||||
# https://dotnet.microsoft.com/download/dotnet-core/3.1
|
# https://dotnet.microsoft.com/download/dotnet-core/3.1
|
||||||
sudo apt-get -y install libunwind8 gettext libssl1.0
|
sudo apt-get -y install libunwind8 gettext libssl1.0
|
||||||
|
@ -150,7 +159,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
echo "!!! FAIL !!! Downloaded ${dotnetName} not matching SHA512 checksum: ${binaryChecksum}"
|
echo "!!! FAIL !!! Downloaded ${dotnetName} not matching SHA512 checksum: ${binaryChecksum}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# download aspnetcore-runtime
|
# download aspnetcore-runtime
|
||||||
aspnetcoreName="aspnetcore-runtime-3.1.1-linux-arm.tar.gz"
|
aspnetcoreName="aspnetcore-runtime-3.1.1-linux-arm.tar.gz"
|
||||||
sudo rm /home/btcpay/${aspnetcoreName} 2>/dev/null
|
sudo rm /home/btcpay/${aspnetcoreName} 2>/dev/null
|
||||||
|
@ -162,15 +171,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
echo "!!! FAIL !!! Downloaded ${aspnetcoreName} not matching SHA512 checksum: ${binaryChecksum}"
|
echo "!!! FAIL !!! Downloaded ${aspnetcoreName} not matching SHA512 checksum: ${binaryChecksum}"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
sudo -u btcpay mkdir /home/btcpay/dotnet
|
sudo -u btcpay mkdir /home/btcpay/dotnet
|
||||||
sudo -u btcpay tar -xvf ${dotnetName} -C /home/btcpay/dotnet
|
sudo -u btcpay tar -xvf ${dotnetName} -C /home/btcpay/dotnet
|
||||||
sudo -u btcpay tar -xvf ${aspnetcoreName} -C /home/btcpay/dotnet
|
sudo -u btcpay tar -xvf ${aspnetcoreName} -C /home/btcpay/dotnet
|
||||||
sudo rm -f *.tar.gz*
|
sudo rm -f *.tar.gz*
|
||||||
|
|
||||||
# opt out of telemetry
|
# opt out of telemetry
|
||||||
echo "DOTNET_CLI_TELEMETRY_OPTOUT=1" | sudo tee -a /etc/environment
|
echo "DOTNET_CLI_TELEMETRY_OPTOUT=1" | sudo tee -a /etc/environment
|
||||||
|
|
||||||
# make .NET accessible and add to PATH
|
# make .NET accessible and add to PATH
|
||||||
sudo ln -s /home/btcpay/dotnet /usr/share
|
sudo ln -s /home/btcpay/dotnet /usr/share
|
||||||
export PATH=$PATH:/usr/share
|
export PATH=$PATH:/usr/share
|
||||||
|
@ -184,14 +193,14 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
sudo bash -c "echo 'PATH=\$PATH:/home/btcpay/dotnet' >> /etc/profile"
|
sudo bash -c "echo 'PATH=\$PATH:/home/btcpay/dotnet' >> /etc/profile"
|
||||||
fi
|
fi
|
||||||
sudo -u btcpay /home/btcpay/dotnet/dotnet --info
|
sudo -u btcpay /home/btcpay/dotnet/dotnet --info
|
||||||
|
|
||||||
# NBXplorer
|
# NBXplorer
|
||||||
echo ""
|
echo ""
|
||||||
echo "***"
|
echo "***"
|
||||||
echo "Install NBXplorer"
|
echo "Install NBXplorer"
|
||||||
echo "***"
|
echo "***"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
cd /home/btcpay
|
cd /home/btcpay
|
||||||
echo "Downloading NBXplorer source code.."
|
echo "Downloading NBXplorer source code.."
|
||||||
sudo -u btcpay git clone https://github.com/dgarage/NBXplorer.git 2>/dev/null
|
sudo -u btcpay git clone https://github.com/dgarage/NBXplorer.git 2>/dev/null
|
||||||
|
@ -201,7 +210,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
# from the build.sh with path
|
# from the build.sh with path
|
||||||
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj
|
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release NBXplorer/NBXplorer.csproj
|
||||||
|
|
||||||
|
|
||||||
# create nbxplorer service
|
# create nbxplorer service
|
||||||
echo "
|
echo "
|
||||||
[Unit]
|
[Unit]
|
||||||
|
@ -225,12 +234,12 @@ PrivateDevices=true
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
" | sudo tee /etc/systemd/system/nbxplorer.service
|
" | sudo tee /etc/systemd/system/nbxplorer.service
|
||||||
|
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
# start to create settings.config
|
# start to create settings.config
|
||||||
sudo systemctl enable nbxplorer
|
sudo systemctl enable nbxplorer
|
||||||
sudo systemctl start nbxplorer
|
sudo systemctl start nbxplorer
|
||||||
|
|
||||||
echo "Checking for nbxplorer config"
|
echo "Checking for nbxplorer config"
|
||||||
while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]
|
while [ ! -f "/home/btcpay/.nbxplorer/Main/settings.config" ]
|
||||||
do
|
do
|
||||||
|
@ -242,7 +251,7 @@ WantedBy=multi-user.target
|
||||||
echo "maybe report here: https://github.com/rootzoll/raspiblitz/issues/214"
|
echo "maybe report here: https://github.com/rootzoll/raspiblitz/issues/214"
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo ""
|
echo ""
|
||||||
echo "***"
|
echo "***"
|
||||||
echo "getting RPC credentials from the bitcoin.conf"
|
echo "getting RPC credentials from the bitcoin.conf"
|
||||||
|
@ -259,14 +268,14 @@ EOF
|
||||||
sudo mv /home/admin/settings.config /home/btcpay/.nbxplorer/Main/settings.config
|
sudo mv /home/admin/settings.config /home/btcpay/.nbxplorer/Main/settings.config
|
||||||
sudo chown btcpay:btcpay /home/btcpay/.nbxplorer/Main/settings.config
|
sudo chown btcpay:btcpay /home/btcpay/.nbxplorer/Main/settings.config
|
||||||
sudo systemctl restart nbxplorer
|
sudo systemctl restart nbxplorer
|
||||||
|
|
||||||
# BTCPayServer
|
# BTCPayServer
|
||||||
echo ""
|
echo ""
|
||||||
echo "***"
|
echo "***"
|
||||||
echo "Install BTCPayServer"
|
echo "Install BTCPayServer"
|
||||||
echo "***"
|
echo "***"
|
||||||
echo ""
|
echo ""
|
||||||
|
|
||||||
cd /home/btcpay
|
cd /home/btcpay
|
||||||
echo "Downloading BTCPayServer source code.."
|
echo "Downloading BTCPayServer source code.."
|
||||||
sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null
|
sudo -u btcpay git clone https://github.com/btcpayserver/btcpayserver.git 2>/dev/null
|
||||||
|
@ -274,8 +283,8 @@ EOF
|
||||||
# check https://github.com/btcpayserver/btcpayserver/releases
|
# check https://github.com/btcpayserver/btcpayserver/releases
|
||||||
sudo -u btcpay git reset --hard v1.0.4.2
|
sudo -u btcpay git reset --hard v1.0.4.2
|
||||||
# from the build.sh with path
|
# from the build.sh with path
|
||||||
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj
|
sudo -u btcpay /home/btcpay/dotnet/dotnet build -c Release /home/btcpay/btcpayserver/BTCPayServer/BTCPayServer.csproj
|
||||||
|
|
||||||
# create btcpayserver service
|
# create btcpayserver service
|
||||||
echo "
|
echo "
|
||||||
[Unit]
|
[Unit]
|
||||||
|
@ -294,11 +303,11 @@ Restart=on-failure
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
" | sudo tee /etc/systemd/system/btcpayserver.service
|
" | sudo tee /etc/systemd/system/btcpayserver.service
|
||||||
|
|
||||||
sudo systemctl daemon-reload
|
sudo systemctl daemon-reload
|
||||||
sudo systemctl enable btcpayserver
|
sudo systemctl enable btcpayserver
|
||||||
sudo systemctl start btcpayserver
|
sudo systemctl start btcpayserver
|
||||||
|
|
||||||
echo "Checking for btcpayserver config"
|
echo "Checking for btcpayserver config"
|
||||||
while [ ! -f "/home/btcpay/.btcpayserver/Main/settings.config" ]
|
while [ ! -f "/home/btcpay/.btcpayserver/Main/settings.config" ]
|
||||||
do
|
do
|
||||||
|
@ -313,13 +322,13 @@ WantedBy=multi-user.target
|
||||||
|
|
||||||
/home/admin/config.scripts/bonus.btcpayserver.sh write-tls-macaroon
|
/home/admin/config.scripts/bonus.btcpayserver.sh write-tls-macaroon
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "BTCPay Server is already installed."
|
echo "BTCPay Server is already installed."
|
||||||
# start service
|
# start service
|
||||||
echo "start service"
|
echo "start service"
|
||||||
sudo systemctl start nbxplorer 2>/dev/null
|
sudo systemctl start nbxplorer 2>/dev/null
|
||||||
sudo systemctl start btcpayserver 2>/dev/null
|
sudo systemctl start btcpayserver 2>/dev/null
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# setting value in raspi blitz config
|
# setting value in raspi blitz config
|
||||||
sudo sed -i "s/^BTCPayServer=.*/BTCPayServer=on/g" /mnt/hdd/raspiblitz.conf
|
sudo sed -i "s/^BTCPayServer=.*/BTCPayServer=on/g" /mnt/hdd/raspiblitz.conf
|
||||||
|
@ -358,7 +367,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
||||||
# nuke user
|
# nuke user
|
||||||
sudo userdel -rf btcpay 2>/dev/null
|
sudo userdel -rf btcpay 2>/dev/null
|
||||||
echo "OK BTCPayServer removed."
|
echo "OK BTCPayServer removed."
|
||||||
else
|
else
|
||||||
echo "BTCPayServer is not installed."
|
echo "BTCPayServer is not installed."
|
||||||
fi
|
fi
|
||||||
exit 0
|
exit 0
|
||||||
|
|
|
@ -79,24 +79,23 @@ if [ "$1" = "write-macaroons" ]; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# copy cert and macaroons cert for lnbits environment
|
echo "make sure lnbits is member of lndreadonly and lndinvoice"
|
||||||
# set tls.cert path
|
sudo /usr/sbin/usermod --append --groups lndinvoice lnbits
|
||||||
sudo -u lnbits sed -i "s/^LND_REST_CERT=.*/LND_REST_CERT=\/home\/admin\/.lnd\/tls.cert/g" /home/lnbits/lnbits/.env
|
sudo /usr/sbin/usermod --append --groups lndreadonly lnbits
|
||||||
# copy macaroons
|
|
||||||
echo "copy macaroons to lnbits user"
|
echo "make sure symlink to central app-data directory exists"
|
||||||
sudo -u lnbits mkdir -p /home/lnbits/.lnd/data/chain/${network}/${chain}net/
|
if ! [[ -L "/home/lnbits/.lnd" ]]; then
|
||||||
sudo cp /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon /home/lnbits/.lnd/data/chain/${network}/${chain}net/
|
sudo rm -rf "/home/lnbits/.lnd" # not a symlink.. delete it silently
|
||||||
sudo cp /home/bitcoin/.lnd/data/chain/${network}/${chain}net/invoice.macaroon /home/lnbits/.lnd/data/chain/${network}/${chain}net/
|
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lnbits/.lnd" # and create symlink
|
||||||
sudo cp /home/bitcoin/.lnd/data/chain/${network}/${chain}net/readonly.macaroon /home/lnbits/.lnd/data/chain/${network}/${chain}net/
|
fi
|
||||||
sudo chown lnbits:lnbits -R /home/lnbits/.lnd/data/chain/${network}/${chain}net/*.macaroon
|
|
||||||
sudo chmod 600 /home/lnbits/.lnd/data/chain/${network}/${chain}net/*.macaroon
|
# set tls.cert path (use | as separator to avoid escaping file path slashes)
|
||||||
echo "OK DONE"
|
sudo -u lnbits sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/home/lnbits/.lnd/tls.cert|g" /home/lnbits/lnbits/.env
|
||||||
macaroonAdminHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/admin.macaroon)
|
|
||||||
macaroonInvoiceHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/invoice.macaroon)
|
# set macaroon path info in .env
|
||||||
macaroonReadHex=$(sudo xxd -ps -u -c 1000 /home/lnbits/.lnd/data/chain/${network}/${chain}net/readonly.macaroon)
|
sudo sed -i "s|^LND_REST_ADMIN_MACAROON=.*|LND_REST_ADMIN_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/admin.macaroon|g" /home/lnbits/lnbits/.env
|
||||||
sudo sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
|
sudo sed -i "s|^LND_REST_INVOICE_MACAROON=.*|LND_REST_INVOICE_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/invoice.macaroon|g" /home/lnbits/lnbits/.env
|
||||||
sudo sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
|
sudo sed -i "s|^LND_REST_READ_MACAROON=.*|LND_REST_READ_MACAROON=/home/lnbits/.lnd/data/chain/${network}/${chain}net/read.macaroon|g" /home/lnbits/lnbits/.env
|
||||||
sudo sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
|
|
||||||
echo "# OK - macaroons written to /home/lnbits/lnbits/.env"
|
echo "# OK - macaroons written to /home/lnbits/lnbits/.env"
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -188,6 +187,7 @@ WantedBy=multi-user.target
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
sudo mv /home/admin/lnbits.service /etc/systemd/system/lnbits.service
|
sudo mv /home/admin/lnbits.service /etc/systemd/system/lnbits.service
|
||||||
|
sudo chown root:root /etc/systemd/system/lnbits.service
|
||||||
sudo systemctl enable lnbits
|
sudo systemctl enable lnbits
|
||||||
echo "# OK - service needs starting: sudo systemctl start lnbits"
|
echo "# OK - service needs starting: sudo systemctl start lnbits"
|
||||||
|
|
||||||
|
|
|
@ -51,7 +51,7 @@ fi
|
||||||
connector=""
|
connector=""
|
||||||
host=""
|
host=""
|
||||||
port=""
|
port=""
|
||||||
extraparamter=""
|
extraparameter=""
|
||||||
supportsTOR=0
|
supportsTOR=0
|
||||||
|
|
||||||
if [ "${targetWallet}" = "zap-ios" ]; then
|
if [ "${targetWallet}" = "zap-ios" ]; then
|
||||||
|
@ -59,7 +59,7 @@ if [ "${targetWallet}" = "zap-ios" ]; then
|
||||||
if [ ${forceTOR} -eq 1 ]; then
|
if [ ${forceTOR} -eq 1 ]; then
|
||||||
# when ZAP runs on TOR it uses REST
|
# when ZAP runs on TOR it uses REST
|
||||||
port="8080"
|
port="8080"
|
||||||
extraparamter="--nocert"
|
extraparameter="--nocert"
|
||||||
else
|
else
|
||||||
# normal ZAP uses gRPC ports
|
# normal ZAP uses gRPC ports
|
||||||
port="10009"
|
port="10009"
|
||||||
|
@ -70,7 +70,7 @@ elif [ "${targetWallet}" = "zap-android" ]; then
|
||||||
if [ ${forceTOR} -eq 1 ]; then
|
if [ ${forceTOR} -eq 1 ]; then
|
||||||
# when ZAP runs on TOR it uses REST
|
# when ZAP runs on TOR it uses REST
|
||||||
port="8080"
|
port="8080"
|
||||||
extraparamter="--nocert"
|
extraparameter="--nocert"
|
||||||
else
|
else
|
||||||
# normal ZAP uses gRPC ports
|
# normal ZAP uses gRPC ports
|
||||||
port="10009"
|
port="10009"
|
||||||
|
@ -97,7 +97,7 @@ elif [ "${targetWallet}" = "sendmany-android" ]; then
|
||||||
echo "error='no tor support'"
|
echo "error='no tor support'"
|
||||||
exit 1
|
exit 1
|
||||||
#port="8080"
|
#port="8080"
|
||||||
#extraparamter="--nocert"
|
#extraparameter="--nocert"
|
||||||
fi
|
fi
|
||||||
port="10009"
|
port="10009"
|
||||||
|
|
||||||
|
@ -185,7 +185,7 @@ if [ "${connector}" == "lndconnect" ]; then
|
||||||
|
|
||||||
# write qr code data to an image
|
# write qr code data to an image
|
||||||
cd /home/admin
|
cd /home/admin
|
||||||
lndconnect --host=${host} --port=${port} --image ${extraparamter}
|
lndconnect --host=${host} --port=${port} --image ${extraparameter}
|
||||||
|
|
||||||
# display qr code image on LCD
|
# display qr code image on LCD
|
||||||
/home/admin/config.scripts/blitz.lcd.sh image /home/admin/lndconnect-qr.png
|
/home/admin/config.scripts/blitz.lcd.sh image /home/admin/lndconnect-qr.png
|
||||||
|
@ -199,7 +199,7 @@ elif [ "${connector}" == "shango" ]; then
|
||||||
/home/admin/config.scripts/blitz.lcd.sh qr "${datastring}"
|
/home/admin/config.scripts/blitz.lcd.sh qr "${datastring}"
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "error='unkown connector'"
|
echo "error='unknown connector'"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -217,7 +217,7 @@ whiptail --backtitle "Connecting Mobile Wallet" \
|
||||||
if [ $? -eq 1 ]; then
|
if [ $? -eq 1 ]; then
|
||||||
# backup - show QR code on screen (not LCD)
|
# backup - show QR code on screen (not LCD)
|
||||||
if [ "${connector}" == "lndconnect" ]; then
|
if [ "${connector}" == "lndconnect" ]; then
|
||||||
lndconnect --host=${hostscreen} --port=${port} ${extraparamter}
|
lndconnect --host=${hostscreen} --port=${port} ${extraparameter}
|
||||||
echo "(To shrink QR code: OSX->CMD- / LINUX-> CTRL-) Press ENTER when finished."
|
echo "(To shrink QR code: OSX->CMD- / LINUX-> CTRL-) Press ENTER when finished."
|
||||||
read key
|
read key
|
||||||
elif [ "${connector}" == "shango" ]; then
|
elif [ "${connector}" == "shango" ]; then
|
||||||
|
|
|
@ -78,6 +78,15 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
# create rtl user
|
# create rtl user
|
||||||
sudo adduser --disabled-password --gecos "" rtl
|
sudo adduser --disabled-password --gecos "" rtl
|
||||||
|
|
||||||
|
echo "*** make sure rtl is member of lndadmin ***"
|
||||||
|
sudo /usr/sbin/usermod --append --groups lndadmin rtl
|
||||||
|
|
||||||
|
echo "*** make sure symlink to central app-data directory exists ***"
|
||||||
|
if ! [[ -L "/home/rtl/.lnd" ]]; then
|
||||||
|
sudo rm -rf "/home/rtl/.lnd" # not a symlink.. delete it silently
|
||||||
|
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/rtl/.lnd" # and create symlink
|
||||||
|
fi
|
||||||
|
|
||||||
# download source code and set to tag release
|
# download source code and set to tag release
|
||||||
echo "*** Get the RTL Source Code ***"
|
echo "*** Get the RTL Source Code ***"
|
||||||
rm -rf /home/admin/RTL 2>/dev/null
|
rm -rf /home/admin/RTL 2>/dev/null
|
||||||
|
@ -129,8 +138,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
||||||
var data = require('/home/rtl/RTL/sample-RTL-Config.json');
|
var data = require('/home/rtl/RTL/sample-RTL-Config.json');
|
||||||
//Manipulate data
|
//Manipulate data
|
||||||
data.nodes[0].lnNode = '$hostname'
|
data.nodes[0].lnNode = '$hostname'
|
||||||
data.nodes[0].Authentication.macaroonPath = '/home/admin/.lnd/data/chain/${network}/${chain}net/';
|
data.nodes[0].Authentication.macaroonPath = '/home/rtl/.lnd/data/chain/${network}/${chain}net/';
|
||||||
data.nodes[0].Authentication.configPath = '/mnt/hdd/lnd/lnd.conf';
|
data.nodes[0].Authentication.configPath = '/home/rtl/.lnd/lnd.conf';
|
||||||
data.multiPass = '$PASSWORD_B';
|
data.multiPass = '$PASSWORD_B';
|
||||||
data.nodes[0].Settings.userPersona = 'OPERATOR'
|
data.nodes[0].Settings.userPersona = 'OPERATOR'
|
||||||
data.nodes[0].Settings.channelBackupPath = '/home/rtl/RTL-SCB-backup-$hostname'
|
data.nodes[0].Settings.channelBackupPath = '/home/rtl/RTL-SCB-backup-$hostname'
|
||||||
|
@ -160,7 +169,7 @@ Wants=lnd.service
|
||||||
After=lnd.service
|
After=lnd.service
|
||||||
|
|
||||||
[Service]
|
[Service]
|
||||||
ExecStart=/usr/bin/node /home/rtl/RTL/rtl --lndir /home/admin/.lnd/data/chain/bitcoin/mainnet
|
ExecStart=/usr/bin/node /home/rtl/RTL/rtl --lndir /home/rtl/.lnd/data/chain/bitcoin/mainnet
|
||||||
User=rtl
|
User=rtl
|
||||||
Restart=always
|
Restart=always
|
||||||
TimeoutSec=120
|
TimeoutSec=120
|
||||||
|
@ -174,6 +183,7 @@ EOF
|
||||||
|
|
||||||
sudo mv /home/admin/RTL.service /etc/systemd/system/RTL.service
|
sudo mv /home/admin/RTL.service /etc/systemd/system/RTL.service
|
||||||
sudo sed -i "s|chain/bitcoin/mainnet|chain/${network}/${chain}net|" /etc/systemd/system/RTL.service
|
sudo sed -i "s|chain/bitcoin/mainnet|chain/${network}/${chain}net|" /etc/systemd/system/RTL.service
|
||||||
|
sudo chown root:root /etc/systemd/system/RTL.service
|
||||||
sudo systemctl enable RTL
|
sudo systemctl enable RTL
|
||||||
echo "OK - the RTL service is now enabled"
|
echo "OK - the RTL service is now enabled"
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -1,20 +1,19 @@
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ $# -eq 0 ]; then
|
# command info
|
||||||
echo "# script to check LND states"
|
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
|
||||||
echo "# lnd.check.sh basic-setup"
|
echo "# script to check LND states"
|
||||||
echo "# lnd.check.sh update-credentials"
|
echo "# lnd.check.sh basic-setup"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# load raspiblitz conf
|
# load raspiblitz conf
|
||||||
source /home/admin/raspiblitz.info
|
|
||||||
source /mnt/hdd/raspiblitz.conf
|
source /mnt/hdd/raspiblitz.conf
|
||||||
|
|
||||||
# check basic LND setup
|
# check basic LND setup
|
||||||
if [ "$1" == "basic-setup" ]; then
|
if [ "$1" == "basic-setup" ]; then
|
||||||
|
|
||||||
# check TLS exits
|
# check TLS exits
|
||||||
tlsExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c 'tls.cert')
|
tlsExists=$(sudo ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c 'tls.cert')
|
||||||
if [ ${tlsExists} -gt 0 ]; then
|
if [ ${tlsExists} -gt 0 ]; then
|
||||||
echo "tls=1"
|
echo "tls=1"
|
||||||
|
@ -22,7 +21,7 @@ if [ "$1" == "basic-setup" ]; then
|
||||||
echo "tls=0"
|
echo "tls=0"
|
||||||
echo "err='tls.cert is missing in /mnt/hdd/lnd'"
|
echo "err='tls.cert is missing in /mnt/hdd/lnd'"
|
||||||
fi
|
fi
|
||||||
# check TLS exits (on SD card for admin)
|
# check TLS exits (on SD card for admin)
|
||||||
tlsExists=$(sudo ls /home/admin/.lnd/tls.cert 2>/dev/null | grep -c 'tls.cert')
|
tlsExists=$(sudo ls /home/admin/.lnd/tls.cert 2>/dev/null | grep -c 'tls.cert')
|
||||||
if [ ${tlsExists} -gt 0 ]; then
|
if [ ${tlsExists} -gt 0 ]; then
|
||||||
echo "tlsCopy=1"
|
echo "tlsCopy=1"
|
||||||
|
@ -67,7 +66,7 @@ if [ "$1" == "basic-setup" ]; then
|
||||||
echo "configMismatch=0"
|
echo "configMismatch=0"
|
||||||
echo "err='lnd.conf is missing for user admin'"
|
echo "err='lnd.conf is missing for user admin'"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# get network from config (BLOCKCHAIN)
|
# get network from config (BLOCKCHAIN)
|
||||||
lndNetwork=""
|
lndNetwork=""
|
||||||
source <(sudo cat /mnt/hdd/lnd/lnd.conf 2>/dev/null | grep 'bitcoin.active' | sed 's/^[a-z]*\./bitcoin_/g')
|
source <(sudo cat /mnt/hdd/lnd/lnd.conf 2>/dev/null | grep 'bitcoin.active' | sed 's/^[a-z]*\./bitcoin_/g')
|
||||||
|
@ -175,46 +174,7 @@ if [ "$1" == "basic-setup" ]; then
|
||||||
fi
|
fi
|
||||||
echo "rpcpasscorrect=${rpcpasscorrect}"
|
echo "rpcpasscorrect=${rpcpasscorrect}"
|
||||||
|
|
||||||
# enforce basic LND credentials for users
|
|
||||||
elif [ "$1" == "update-credentials" ]; then
|
|
||||||
|
|
||||||
echo "# making sure LND blockchain RPC password is set correct in lnd.conf"
|
|
||||||
source <(sudo cat /mnt/hdd/${network}/${network}.conf 2>/dev/null | grep "rpcpass" | sed 's/^[a-z]*\./lnd/g')
|
|
||||||
if [ ${#rpcpassword} -gt 0 ]; then
|
|
||||||
sudo sed -i "s/^${network}d.rpcpass=.*/${network}d.rpcpass=${rpcpassword}/g" /mnt/hdd/lnd/lnd.conf 2>/dev/null
|
|
||||||
else
|
|
||||||
echo "# WARN: could not get value 'rpcuser' from blockchain conf"
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo "# make sure admin user LND data dirs exist"
|
|
||||||
sudo mkdir -p /home/admin/.lnd
|
|
||||||
sudo mkdir -p /home/admin/.lnd/data
|
|
||||||
sudo mkdir -p /home/admin/.lnd/data/chain
|
|
||||||
sudo mkdir -p /home/admin/.lnd/data/chain/${network}
|
|
||||||
sudo mkdir -p /home/admin/.lnd/data/chain/${network}/${chain}net
|
|
||||||
|
|
||||||
echo "# updating/cleaning admin user LND data"
|
|
||||||
sudo rm -R /home/admin/.lnd 2>/dev/null
|
|
||||||
sudo mkdir -p /home/admin/.lnd/data/chain/${network}/${chain}net 2>/dev/null
|
|
||||||
sudo cp /mnt/hdd/lnd/lnd.conf /home/admin/.lnd/lnd.conf
|
|
||||||
sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert
|
|
||||||
sudo sh -c "cat /mnt/hdd/lnd/data/chain/${network}/${chain}net/admin.macaroon > /home/admin/.lnd/data/chain/${network}/${chain}net/admin.macaroon"
|
|
||||||
sudo chown admin:admin -R /home/admin/.lnd
|
|
||||||
|
|
||||||
echo "# updating/cleaning pi user LND data (just read & invoice)"
|
|
||||||
sudo rm -R /home/pi/.lnd 2>/dev/null
|
|
||||||
sudo mkdir -p /home/pi/.lnd/data/chain/${network}/${chain}net/
|
|
||||||
sudo cp /mnt/hdd/lnd/tls.cert /home/pi/.lnd/tls.cert
|
|
||||||
sudo sh -c "cat /mnt/hdd/lnd/data/chain/${network}/${chain}net/readonly.macaroon > /home/pi/.lnd/data/chain/${network}/${chain}net/readonly.macaroon"
|
|
||||||
sudo sh -c "cat /mnt/hdd/lnd/data/chain/${network}/${chain}net/invoice.macaroon > /home/pi/.lnd/data/chain/${network}/${chain}net/invoice.macaroon"
|
|
||||||
sudo chown pi:pi -R /home/pi/.lnd
|
|
||||||
|
|
||||||
if [ "${LNBits}" = "on" ]; then
|
|
||||||
echo "# updating macaroons for LNBits fresh on start"
|
|
||||||
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
|
|
||||||
sudo chown admin:admin -R /mnt/hdd/app-data/LNBits
|
|
||||||
fi
|
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "# FAIL: parameter not known"
|
echo "# FAIL: parameter not known - run with -h for help"
|
||||||
fi
|
exit 1
|
||||||
|
fi
|
||||||
|
|
141
home.admin/config.scripts/lnd.credentials.sh
Executable file
141
home.admin/config.scripts/lnd.credentials.sh
Executable file
|
@ -0,0 +1,141 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# command info
|
||||||
|
if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
||||||
|
echo "tool to reset or sync credentials (e.g. macaroons)"
|
||||||
|
echo "lnd.credentials.sh [reset|sync]"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
# interactive choose type of action
|
||||||
|
if [ "$1" = "" ] || [ $# -eq 0 ]; then
|
||||||
|
OPTIONS=()
|
||||||
|
OPTIONS+=(RESET "Recreate Macaroons + TLS")
|
||||||
|
OPTIONS+=(SYNC "Sync central store with LND")
|
||||||
|
OPTIONS+=(EXPORT "Macaroons and TLS.cert")
|
||||||
|
CHOICE=$(dialog --clear \
|
||||||
|
--backtitle "RaspiBlitz" \
|
||||||
|
--title "Manage LND credentials" \
|
||||||
|
--menu "Choose action" \
|
||||||
|
11 50 7 \
|
||||||
|
"${OPTIONS[@]}" \
|
||||||
|
2>&1 >/dev/tty)
|
||||||
|
clear
|
||||||
|
case $CHOICE in
|
||||||
|
RESET)
|
||||||
|
sudo /home/admin/config.scripts/lnd.credentials.sh reset
|
||||||
|
echo "Press ENTER to return to main menu."
|
||||||
|
read key
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
SYNC)
|
||||||
|
sudo /home/admin/config.scripts/lnd.credentials.sh sync
|
||||||
|
echo "Press ENTER to return to main menu."
|
||||||
|
read key
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
EXPORT)
|
||||||
|
sudo /home/admin/config.scripts/lnd.export.sh
|
||||||
|
exit 0
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
|
||||||
|
# load data from config
|
||||||
|
source /mnt/hdd/raspiblitz.conf
|
||||||
|
|
||||||
|
###########################
|
||||||
|
# FUNCTIONS
|
||||||
|
###########################
|
||||||
|
|
||||||
|
function copy_mac_set_perms() {
|
||||||
|
local file_name=${1} # the file name (e.g. admin.macaroon)
|
||||||
|
local group_name=${2} # the unix group name (e.g. lndadmin)
|
||||||
|
local n=${3:-bitcoin} # the network (e.g. bitcoin or litecoin) defaults to bitcoin
|
||||||
|
local c=${4:-main} # the chain (e.g. main, test, sim, reg) defaults to main (for mainnet)
|
||||||
|
|
||||||
|
sudo /bin/cp /mnt/hdd/lnd/data/chain/"${n}"/"${c}"net/"${file_name}" /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
|
||||||
|
sudo /bin/chown --silent admin:"${group_name}" /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
|
||||||
|
sudo /bin/chmod --silent 640 /mnt/hdd/app-data/lnd/data/chain/"${n}"/"${c}"net/"${file_name}"
|
||||||
|
}
|
||||||
|
|
||||||
|
###########################
|
||||||
|
# RESET Macaroons and TLS
|
||||||
|
###########################
|
||||||
|
if [ "$1" = "reset" ]; then
|
||||||
|
clear
|
||||||
|
echo "###### RESET MACAROONS AND TLS.cert ######"
|
||||||
|
echo ""
|
||||||
|
echo "All your macaroons and the tls.cert get deleted and recreated."
|
||||||
|
echo "Use this to invalidate former EXPORTS for example if you loose a device."
|
||||||
|
echo ""
|
||||||
|
cd || exit
|
||||||
|
echo "- deleting old macaroons"
|
||||||
|
sudo find /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
|
||||||
|
sudo find /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/ -iname '*.macaroon' -delete
|
||||||
|
sudo rm /home/bitcoin/.lnd/data/chain/"${network}"/"${chain}"net/macaroons.db
|
||||||
|
echo "- resetting TLS cert"
|
||||||
|
sudo /home/admin/config.scripts/lnd.newtlscert.sh
|
||||||
|
echo "- restarting LND ... wait 10 secs"
|
||||||
|
sudo systemctl start lnd
|
||||||
|
sleep 10
|
||||||
|
sudo -u bitcoin lncli --chain="${network}" --network="${chain}"net unlock
|
||||||
|
echo "- creating new macaroons ... wait 10 secs"
|
||||||
|
sleep 10
|
||||||
|
echo "- copy new macaroons to central app-data directory and ensure unix ownerships and permissions"
|
||||||
|
copy_mac_set_perms admin.macaroon lndadmin "${network}" "${chain}"
|
||||||
|
copy_mac_set_perms invoice.macaroon lndinvoice "${network}" "${chain}"
|
||||||
|
copy_mac_set_perms readonly.macaroon lndreadonly "${network}" "${chain}"
|
||||||
|
echo "OK DONE"
|
||||||
|
|
||||||
|
###########################
|
||||||
|
# SYNC
|
||||||
|
###########################
|
||||||
|
elif [ "$1" = "sync" ]; then
|
||||||
|
echo "###### SYNCING MACAROONS, RPC Password AND TLS Certificate ######"
|
||||||
|
|
||||||
|
echo "# make sure LND app-data directories exist"
|
||||||
|
sudo /bin/mkdir --mode 0755 --parents /mnt/hdd/app-data/lnd/data/chain/"${network}"/"${chain}"net/
|
||||||
|
|
||||||
|
echo "# copy macaroons to central app-data directory and ensure unix ownerships and permissions"
|
||||||
|
copy_mac_set_perms admin.macaroon lndadmin "${network}" "${chain}"
|
||||||
|
copy_mac_set_perms invoice.macaroon lndinvoice "${network}" "${chain}"
|
||||||
|
copy_mac_set_perms readonly.macaroon lndreadonly "${network}" "${chain}"
|
||||||
|
|
||||||
|
echo "# make sure admin has a symlink at ~/.lnd to /mnt/hdd/app-data/lnd/"
|
||||||
|
if ! [[ -L "/home/admin/.lnd" ]]; then
|
||||||
|
sudo rm -rf "/home/admin/.lnd" # not a symlink.. delete it silently
|
||||||
|
ln -s /mnt/hdd/app-data/lnd/ /home/admin/.lnd # and create symlink
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "# make sure network (bitcoin/litecoin) RPC password is set correctly in lnd.conf"
|
||||||
|
source <(sudo cat /mnt/hdd/"${network}"/"${network}".conf 2>/dev/null | grep "rpcpass" | sed 's/^[a-z]*\./lnd/g')
|
||||||
|
if [ "${#rpcpassword}" -gt 0 ]; then
|
||||||
|
sudo sed -i 's/^"${network}"d.rpcpass=.*/"${network}"d.rpcpass="${rpcpassword}"/g' /mnt/hdd/lnd/lnd.conf 2>/dev/null
|
||||||
|
else
|
||||||
|
echo "# WARN: could not get value 'rpcpass' from network config (e.g. bitcoin.conf)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "# make sure LND conf is readable and symlinked"
|
||||||
|
sudo chmod 644 "/mnt/hdd/lnd/lnd.conf"
|
||||||
|
sudo chown bitcoin:bitcoin "/mnt/hdd/lnd/lnd.conf"
|
||||||
|
if ! [[ -L "/mnt/hdd/app-data/lnd/lnd.conf" ]]; then
|
||||||
|
sudo rm -rf "/mnt/hdd/app-data/lnd/lnd.conf" # not a symlink.. delete it silently
|
||||||
|
sudo ln -s "/mnt/hdd/lnd/lnd.conf" "/mnt/hdd/app-data/lnd/lnd.conf" # and create symlink
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo "# make sure TLS certificate is readable and symlinked"
|
||||||
|
sudo chmod 644 "/mnt/hdd/lnd/tls.cert"
|
||||||
|
sudo chown bitcoin:bitcoin "/mnt/hdd/lnd/tls.cert"
|
||||||
|
if ! [[ -L "/mnt/hdd/app-data/lnd/tls.cert" ]]; then
|
||||||
|
sudo rm -rf "/mnt/hdd/app-data/lnd/tls.cert" # not a symlink.. delete it silently
|
||||||
|
sudo ln -s "/mnt/hdd/lnd/tls.cert" "/mnt/hdd/app-data/lnd/tls.cert" # and create symlink
|
||||||
|
fi
|
||||||
|
|
||||||
|
###########################
|
||||||
|
# UNKNOWN
|
||||||
|
###########################
|
||||||
|
else
|
||||||
|
echo "# FAIL: parameter not known - run with -h for help"
|
||||||
|
exit 1
|
||||||
|
fi
|
|
@ -3,7 +3,7 @@
|
||||||
# command info
|
# command info
|
||||||
if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
||||||
echo "tool to export macaroons & tls.cert"
|
echo "tool to export macaroons & tls.cert"
|
||||||
echo "lnd.export.sh [hexstring|scp|http|reset]"
|
echo "lnd.export.sh [hexstring|scp|http]"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -16,7 +16,6 @@ if [ "$1" = "" ] || [ $# -eq 0 ]; then
|
||||||
OPTIONS+=(HEX "Hex-String (Copy+Paste)")
|
OPTIONS+=(HEX "Hex-String (Copy+Paste)")
|
||||||
OPTIONS+=(SCP "SSH Download (Commands)")
|
OPTIONS+=(SCP "SSH Download (Commands)")
|
||||||
OPTIONS+=(HTTP "Browserdownload (bit risky)")
|
OPTIONS+=(HTTP "Browserdownload (bit risky)")
|
||||||
OPTIONS+=(RESET "RENEW MACAROONS & TLS")
|
|
||||||
CHOICE=$(dialog --clear \
|
CHOICE=$(dialog --clear \
|
||||||
--backtitle "RaspiBlitz" \
|
--backtitle "RaspiBlitz" \
|
||||||
--title "Export Macaroons & TLS.cert" \
|
--title "Export Macaroons & TLS.cert" \
|
||||||
|
@ -35,9 +34,6 @@ if [ "$1" = "" ] || [ $# -eq 0 ]; then
|
||||||
HTTP)
|
HTTP)
|
||||||
exportType='http';
|
exportType='http';
|
||||||
;;
|
;;
|
||||||
RESET)
|
|
||||||
exportType='reset';
|
|
||||||
;;
|
|
||||||
esac
|
esac
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -131,45 +127,8 @@ elif [ "${exportType}" = "http" ]; then
|
||||||
sudo rm -r ${randomFolderName}
|
sudo rm -r ${randomFolderName}
|
||||||
echo "OK - temp HTTP server is stopped."
|
echo "OK - temp HTTP server is stopped."
|
||||||
|
|
||||||
###########################
|
|
||||||
# RESET Macaroons and TLS
|
|
||||||
###########################
|
|
||||||
elif [ "${exportType}" = "reset" ]; then
|
|
||||||
|
|
||||||
clear
|
|
||||||
echo "###### RESET MACAROONS AND TLS.cert ######"
|
|
||||||
echo ""
|
|
||||||
echo "All your macaroons and the tls.cert get deleted and recreated."
|
|
||||||
echo "Use this to invalidate former EXPORTS for example if you loose a device."
|
|
||||||
echo ""
|
|
||||||
cd
|
|
||||||
echo "- deleting old macaroons"
|
|
||||||
sudo rm /home/admin/.lnd/data/chain/${network}/${chain}net/*.macaroon
|
|
||||||
sudo rm /home/bitcoin/.lnd/data/chain/${network}/${chain}net/*.macaroon
|
|
||||||
sudo rm /home/bitcoin/.lnd/data/chain/${network}/${chain}net/macaroons.db
|
|
||||||
echo "- resetting TLS cert"
|
|
||||||
sudo /home/admin/config.scripts/lnd.newtlscert.sh
|
|
||||||
echo "- restarting LND ... wait 10 secs"
|
|
||||||
sudo systemctl start lnd
|
|
||||||
sleep 10
|
|
||||||
sudo -u bitcoin lncli --chain=${network} --network=${chain}net unlock
|
|
||||||
echo "- creating new macaroons ... wait 10 secs"
|
|
||||||
sleep 10
|
|
||||||
echo "- copy new macaroons to admin user"
|
|
||||||
sudo cp /home/bitcoin/.lnd/data/chain/${network}/${chain}net/*.macaroon /home/admin/.lnd/data/chain/${network}/${chain}net/
|
|
||||||
sudo chown admin:admin -R /home/admin/.lnd/data/chain/${network}/${chain}net/*.macaroon
|
|
||||||
# BTCPayServer
|
|
||||||
if [ "${BTCPayServer}" == "on" ]; then
|
|
||||||
/home/admin/config.scripts/bonus.btcpayserver.sh write-tls-macaroon
|
|
||||||
fi
|
|
||||||
# LNBits
|
|
||||||
if [ "${LNBits}" = "on" ]; then
|
|
||||||
sudo -u admin /home/admin/config.scripts/bonus.lnbits.sh write-macaroons
|
|
||||||
fi
|
|
||||||
echo "OK DONE"
|
|
||||||
|
|
||||||
else
|
else
|
||||||
echo "FAIL: unknown '${exportType}' -run-> ./lnd.export.sh -h"
|
echo "FAIL: unknown '${exportType}' - run with -h for help"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ "$1" = "" ] || [ $# -eq 0 ]; then
|
if [ "$1" = "" ] || [ $# -eq 0 ]; then
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
|
|
||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
# stop services
|
# stop services
|
||||||
|
@ -27,7 +26,14 @@ do
|
||||||
done
|
done
|
||||||
sudo killall /usr/local/bin/lnd
|
sudo killall /usr/local/bin/lnd
|
||||||
sudo chmod 664 /mnt/hdd/lnd/tls.cert
|
sudo chmod 664 /mnt/hdd/lnd/tls.cert
|
||||||
echo "copy new cert to admin user"
|
sudo chown bitcoin:bitcoin "/mnt/hdd/lnd/tls.cert"
|
||||||
sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd
|
echo "symlink new cert to lnd app-data directory"
|
||||||
sudo chown admin:admin -R /home/admin/.lnd/*.cert
|
if ! [[ -L "/mnt/hdd/app-data/lnd/tls.cert" ]]; then
|
||||||
echo "OK TLS certs are fresh"
|
sudo rm -rf "/mnt/hdd/app-data/lnd/tls.cert" # not a symlink.. delete it silently
|
||||||
|
sudo ln -s /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert # and create symlink
|
||||||
|
fi
|
||||||
|
echo "OK TLS certs are fresh"
|
||||||
|
|
||||||
|
# ToDo(frennkie) why doesn't this start lnd again? - I assume as _background will start it anyway?!
|
||||||
|
# ToDo(frennkie) the way LND generates the x509 certificate is not ideal -
|
||||||
|
# it may be better to simply run openssl and create a cert with our settings...
|
||||||
|
|
Loading…
Add table
Reference in a new issue