Merge branch 'dev' of https://github.com/rootzoll/raspiblitz into dev

2025-02-23 14:40:45 +01:00 · 2022-05-30 20:27:04 +02:00 · 2022-05-30 20:27:04 +02:00 · 963b3349e3
commit 963b3349e3
parent d16599bedd a8a02d9a9c
6 changed files with 82 additions and 72 deletions
--- a/CHANGES.md
+++ b/CHANGES.md
@ -18,7 +18,7 @@
 - Update: CLBOSS 0.13A [details](https://github.com/ZmnSCPxj/clboss/releases/tag/0.13A)
 - Update: Channel Tools (chantools) v0.10.4 [details](https://github.com/guggero/chantools/blob/master/README.md)
 - Update: Electrum Server in Rust (electrs) v0.9.7 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#097-apr-30-2022)
- Update: BTCPayServer v1.5.1 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.5.1)
+- Update: BTCPayServer v1.5.4 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.5.4)
 - Update: Helipad (Podcasting 2.0 Boostagram reader) v0.1.10 [details](https://github.com/Podcastindex-org/helipad/releases/tag/v0.1.10)
 - Info: Run RaspiBlitz on VirtualBox & TrueNAS [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms)

--- a/home.admin/config.scripts/blitz.web.api.sh
+++ b/home.admin/config.scripts/blitz.web.api.sh
@ -91,6 +91,7 @@ Type=simple
 Restart=always
 StandardOutput=journal
 StandardError=journal
+RestartSec=60

 # Hardening measures
 PrivateTmp=true
--- a/home.admin/config.scripts/bonus.btcpayserver.sh
+++ b/home.admin/config.scripts/bonus.btcpayserver.sh
@ -5,11 +5,7 @@
 # https://github.com/dgarage/NBXplorer/tags
 NBXplorerVersion="v2.2.20"
 # https://github.com/btcpayserver/btcpayserver/releases
-BTCPayVersion="v1.5.1"
-
-PGPsigner="nicolasdorier"
-PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc"
-PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
+BTCPayVersion="v1.5.4"

 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@ -340,6 +336,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    cd NBXplorer || exit 1
    sudo -u btcpay git reset --hard $NBXplorerVersion
    # PGP verify
+
+    PGPsigner="nicolasdorier"
+    PGPpubkeyLink="https://keybase.io/nicolasdorier/pgp_keys.asc"
+    PGPpubkeyFingerprint="AB4CFA9895ACA0DBE27F6B346618763EF09186FE"
+
    sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
    echo "# Build NBXplorer ..."
@ -436,6 +437,10 @@ btc.rpc.password=$PASSWORD_B

    # sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
    #  "web-flow" "https://github.com/web-flow.gpg" "4AEE18F83AFDEB23" || exit 1
+    PGPsigner="Kukks"
+    PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
+    PGPpubkeyFingerprint="8E5530D9D1C93097"
+
    sudo -u btcpay /home/admin/config.scripts/blitz.git-verify.sh \
     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1

@ -547,45 +552,48 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
    sudo systemctl stop btcpayserver
    sudo systemctl disable btcpayserver
    sudo rm /etc/systemd/system/btcpayserver.service
-    # nbxplorer
-    sudo systemctl stop nbxplorer
-    sudo systemctl disable nbxplorer
-    sudo rm /etc/systemd/system/nbxplorer.service
-    # clear dotnet cache
-    /home/btcpay/dotnet/dotnet nuget locals all --clear
-    sudo rm -rf /tmp/NuGetScratch
-    # remove dotnet
-    sudo rm -rf /usr/share/dotnet
-    # clear app config (not user data)
-    sudo rm -f /home/btcpay/.nbxplorer/Main/settings.config
-    sudo rm -f /home/btcpay/.btcpayserver/Main/settings.config
-    # clear nginx config (from btcpaysetdomain)
-    sudo rm -f /etc/nginx/sites-enabled/btcpayserver
-    sudo rm -f /etc/nginx/sites-available/btcpayserver
-    # remove nginx symlinks
-    sudo rm -f /etc/nginx/sites-enabled/btcpay_ssl.conf
-    sudo rm -f /etc/nginx/sites-enabled/btcpay_tor.conf
-    sudo rm -f /etc/nginx/sites-enabled/btcpay_tor_ssl.conf
-    sudo rm -f /etc/nginx/sites-available/btcpay_ssl.conf
-    sudo rm -f /etc/nginx/sites-available/btcpay_tor.conf
-    sudo rm -f /etc/nginx/sites-available/btcpay_tor_ssl.conf
-    sudo nginx -t
-    sudo systemctl reload nginx
-    # nuke user
-    sudo userdel -rf btcpay 2>/dev/null
-    if [ ${deleteData} -eq 1 ]; then
-      echo "# deleting data"
-      sudo rm -R /mnt/hdd/app-data/.btcpayserver/
-    else
-      echo "# keeping data"
-    fi
-    echo "# OK BTCPayServer removed."
  else
-    echo "# BTCPayServer is not installed."
+    echo "# The btcpayserver.service is not installed."
  fi

+  # nbxplorer
+  sudo systemctl stop nbxplorer
+  sudo systemctl disable nbxplorer
+  sudo rm /etc/systemd/system/nbxplorer.service
+  # clear dotnet cache
+  /home/btcpay/dotnet/dotnet nuget locals all --clear
+  sudo rm -rf /tmp/NuGetScratch
+  # remove dotnet
+  sudo rm -rf /usr/share/dotnet
+  # clear app config (not user data)
+  sudo rm -f /home/btcpay/.nbxplorer/Main/settings.config
+  sudo rm -f /home/btcpay/.btcpayserver/Main/settings.config
+  # clear nginx config (from btcpaysetdomain)
+  sudo rm -f /etc/nginx/sites-enabled/btcpayserver
+  sudo rm -f /etc/nginx/sites-available/btcpayserver
+  # remove nginx symlinks
+  sudo rm -f /etc/nginx/sites-enabled/btcpay_ssl.conf
+  sudo rm -f /etc/nginx/sites-enabled/btcpay_tor.conf
+  sudo rm -f /etc/nginx/sites-enabled/btcpay_tor_ssl.conf
+  sudo rm -f /etc/nginx/sites-available/btcpay_ssl.conf
+  sudo rm -f /etc/nginx/sites-available/btcpay_tor.conf
+  sudo rm -f /etc/nginx/sites-available/btcpay_tor_ssl.conf
+  sudo nginx -t
+  sudo systemctl reload nginx
+  # nuke user
+  sudo userdel -rf btcpay 2>/dev/null
+  if [ ${deleteData} -eq 1 ]; then
+    echo "# deleting data"
+    sudo rm -R /mnt/hdd/app-data/.btcpayserver/
+  else
+    echo "# keeping data"
+  fi
+  echo "# OK BTCPayServer removed."
+
  # needed for API/WebUI as signal that install ran thru
  echo "result='OK'"
+
+  exit 0
 fi

 if [ "$1" = "update" ]; then
--- a/home.admin/config.scripts/bonus.template.sh
+++ b/home.admin/config.scripts/bonus.template.sh
@ -8,21 +8,21 @@

 # id string of your app (short single string unique in raspiblitz)
 # should be same as used in name if script
-APPID="template" # one-word lower-case no-specials  
+APPID="template" # one-word lower-case no-specials

 # the git repo to get the source code from for install
 GITHUB_REPO="https://github.com/rootzoll/webapp-template"

 # the github tag of the version of the source code to install
-# can also be a commit hash 
+# can also be a commit hash
 # if empty it will use the latest source version
 GITHUB_VERSION="v0.1"

 # the github signature to verify the author
-# leave GITHUB_SIGN_AUTHOR empty to skip verifying 
-GITHUB_SIGN_AUTHOR="web-flow" 
+# leave GITHUB_SIGN_AUTHOR empty to skip verifying
+GITHUB_SIGN_AUTHOR="web-flow"
 GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
-GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23" 
+GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23"

 # port numbers the app should run on
 # delete if not an web app
@ -44,7 +44,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
  exit 1
 fi

-# echoing comments is useful for logs - but start output with # when not a key=value 
+# echoing comments is useful for logs - but start output with # when not a key=value
 echo "# Running: 'bonus.${APPID}.sh $*'"

 # check & load raspiblitz config
@ -72,13 +72,13 @@ if [ "${isInstalled}" == "1" ]; then

 fi

-# if the action parameter `info` was called - just stop here and output all
+# if the action parameter `status` was called - just stop here and output all
 # status information as a key=value list
-if [ "$1" = "menu" ]; then
+if [ "$1" = "status" ]; then
  echo "appID='${APPID}'"
  echo "githubRepo='${GITHUB_REPO}'"
  echo "githubVersion='${GITHUB_VERSION}'"
-  echo "githubSignature='${GITHUB_SIGNATURE}'"  
+  echo "githubSignature='${GITHUB_SIGNATURE}'"
  echo "isInstalled=${isInstalled}"
  echo "isRunning=${isRunning}"
  if [ "${isInstalled}" == "1" ]; then
@ -123,7 +123,7 @@ Use your Password B to login.\n
  # add tor info (if available)
  if [ "${toraddress}" != "" ]; then
    dialogText="${dialogText}Hidden Service address for Tor Browser (QRcode on LCD):\n${toraddress}"
-  fi 
+  fi

  # use whiptail to show SSH dialog & exit
  whiptail --title "${dialogTitle}" --msgbox "${dialogText}" 18 67
@ -152,8 +152,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # check and install NodeJS - if already installed it will skip
  /home/admin/config.scripts/bonus.nodejs.sh on

-  # create a dedicated user for the app 
-  # BACKGROUND is here to separate running apps by unix users
+  # create a dedicated user for the app
+  # BACKGROUND is here to seperate running apps by unix users
  # and only give file write access to the rest of the system where needed.
  echo "# create user"
  sudo adduser --disabled-password --gecos "" ${APPID} || exit 1
@ -164,12 +164,12 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # `cut -d: -f1 /etc/group | sort` command on raspiblitz commandline
  echo "# add use to special groups"
  sudo /usr/sbin/usermod --append --groups lndadmin ${APPID}
-  
+
  # create a data directory on /mnt/hdd/app-data/ for the app
  # BACKGROUND is that any critical data that needs to survive an update should
  # be stored in that app-data directory. All data there will also be part of
  # any raspiblitz data migration. Also on install handle the case that there
-  # is already data from a previous install available the user wants to
+  # is already data from a pervious install available the user wants to
  # continue to use and even may come from an older version from your app.

  if ! [ -d /mnt/hdd/app-data/${APPID} ]; then
@ -184,7 +184,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
    sudo chown ${APPID}:${APPID} -R /mnt/hdd/app-data/${APPID}

  fi
-  
+
  # make sure needed debian packages are installed
  # 'fbi' is here just an example - change to what you need or delete
  echo "# install from source code"
@ -194,9 +194,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # BACKGROUND is that now you download the code from github, reset to a given version tag/commit,
  # verify the author. If you app provides its source/binaries in another way, may check
  # other install scripts to see how that implement code download & verify.
-  echo "# download from source code & verify"
+  echo "# download the source code & verify"
  sudo -u ${APPID} git clone ${GITHUB_REPO} /home/${APPID}/${APPID}
-  cd /home/${APPID}/${APPID} 
+  cd /home/${APPID}/${APPID}
  sudo -u ${APPID} git reset --hard $GITHUB_VERSION
  if [ "${GITHUB_SIGN_AUTHOR}" != "" ]; then
    sudo -u ${APPID} /home/admin/config.scripts/blitz.git-verify.sh \
@ -207,21 +207,21 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # BACKGROUND on this example is a web app that compiles with NodeJS. But of course
  # your app could have a complete other way to install - check other install scripts as examples.
  echo "# compile/install the app"
-  cd /home/${APPID}/${APPID} 
+  cd /home/${APPID}/${APPID}
  sudo -u ${APPID} npm install --only=prod --logLevel warn
  if ! [ $? -eq 0 ]; then
      echo "# FAIL - npm install did not run correctly - deleting code & exit"
      sudo rm -r /home/${APPID}/${APPID}
      exit 1
  fi
-    
+
  # open the ports in the firewall
  echo "# updating Firewall"
  sudo ufw allow ${PORT_CLEAR} comment "${APPID} HTTP"
  sudo ufw allow ${PORT_SSL} comment "${APPID} HTTPS"


-  # every app should have their own systemd service that cares about starting & 
+  # every app should have their own systemd service that cares about starting &
  # running the app in the background - see the PRESTART section for adhoc config
  # please config this systemd template to your needs
  echo "# create systemd service: ${APPID}.service"
@ -283,7 +283,7 @@ server {
 " | sudo tee /etc/nginx/sites-available/${APPID}_ssl.conf
  sudo ln -sf /etc/nginx/sites-available/${APPID}_ssl.conf /etc/nginx/sites-enabled/

-  # write the TOR config
+  # write the Tor config
  echo "
 server {
    listen localhost:${PORT_TOR_CLEAR};
@ -298,7 +298,7 @@ server {
 " | sudo tee /etc/nginx/sites-available/${APPID}_tor.conf
  sudo ln -sf /etc/nginx/sites-available/${APPID}_tor.conf /etc/nginx/sites-enabled/

-  # write the TOR+HTTPS config
+  # write the Tor+HTTPS config
  echo "
 server {
    listen localhost:${PORT_TOR_SSL} ssl;
@ -332,7 +332,7 @@ server {
  # OK so your app is now installed, but there please also check the following parts to ensure a propper integration
  # into the raspiblitz system:

-  # PROVISION - reinstall on updates & recovery 
+  # PROVISION - reinstall on updates & recovery
  # Take a look at `_provision_.sh` script - you can see that there all bonus apps install scripts get called if
  # they have an active entry in the raspiblitz config. This is needed so that on sd card image update or recovery
  # all apps get installed again. So add your app there accordantly so its install will survive an sd card update.
@ -387,7 +387,7 @@ if [ "$1" = "prestart" ]; then
 fi

 ###########################################
-# OFF / DEINSTALL
+# OFF / UNINSTALL
 # call with parameter `delete-data` to also
 # delete the persistent data directory
 ###########################################
@ -399,7 +399,7 @@ fi
 if [ "$1" = "0" ] || [ "$1" = "off" ]; then

  echo "# stop & remove systemd service"
-  sudo systemctl stop ${APPID} 2>/dev/null  
+  sudo systemctl stop ${APPID} 2>/dev/null
  sudo systemctl disable ${APPID}.service
  sudo rm /etc/systemd/system/${APPID}.service

@ -416,9 +416,9 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
  echo "# close ports on firewall"
  sudo ufw deny "${PORT_CLEAR}"
  sudo ufw deny "${PORT_SSL}"
- 
+
  echo "# removing Tor hidden service (if active)"
-  /home/admin/config.scripts/tor.onion-service.sh off ${APPID}  
+  /home/admin/config.scripts/tor.onion-service.sh off ${APPID}

  echo "# mark app as uninstalled in raspiblitz config"
  /home/admin/config.scripts/blitz.conf.sh set ${APPID} "off"
@ -429,7 +429,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
    sudo rm -r /mnt/hdd/app-data/${APPID}
  fi

-  echo "# OK - app should be deinstalled now"
+  echo "# OK - app should be uninstalled now"
  exit 0

 fi
@ -439,5 +439,5 @@ echo "# FAIL - Unknown Parameter $1"
 exit 1

 # LAST NOTES:
-# Best is to contribute a new app install script as a PR to the raspiblitz GitHub repo. 
+# Best is to contribute a new app install script as a PR to the raspiblitz GitHub repo.
 # Please base your PR on the `dev` branch - not on the default branch displayed.
--- a/home.admin/config.scripts/lnd.compact.sh
+++ b/home.admin/config.scripts/lnd.compact.sh
@ -52,7 +52,7 @@ sudo systemctl stop lnd
 sudo touch /home/admin/lnd.db.bolt.auto-compact.log
 sudo chmod 777 /home/admin/lnd.db.bolt.auto-compact.log
 echo "# Run LND with --db.bolt.auto-compact"
-sudo -u bitcoin /usr/local/bin/lnd --configfile=/home/bitcoin/.lnd/lnd.conf --db.bolt.auto-compact > /home/admin/lnd.db.bolt.auto-compact.log &
+sudo -u bitcoin /usr/local/bin/lnd --configfile=/home/bitcoin/.lnd/lnd.conf --db.bolt.auto-compact --db.bolt.auto-compact-min-age=0 > /home/admin/lnd.db.bolt.auto-compact.log &

 echo "# Compacting channel.db, this can take a long time"

--- a/home.admin/config.scripts/tor.onion-service.sh
+++ b/home.admin/config.scripts/tor.onion-service.sh
@ -29,12 +29,13 @@ if [ "$1" == "off" ]; then
  sudo sed -i "/# Hidden Service for ${service}/,/^\s*$/{d}" "${torrc_services}"

  # remove double empty lines
+  _temp=$(mktemp -p /dev/shm/)
  sudo mkdir /var/cache/raspiblitz/tmp 2>/dev/null
  sudo cp "${torrc_services}" /var/cache/raspiblitz/tmp
  sudo chmod 777 /var/cache/raspiblitz/tmp
  sudo chown -R admin:admin /var/cache/raspiblitz/tmp
-  sudo awk 'NF > 0 {blank=0} NF == 0 {blank++} blank < 2' "${torrc_services}" > /var/cache/raspiblitz/tmp
-  sudo mv /var/cache/raspiblitz/tmp "${torrc_services}"
+  sudo awk 'NF > 0 {blank=0} NF == 0 {blank++} blank < 2' "${torrc_services}" > "${_temp}"
+  sudo mv "${_temp}" "${torrc_services}"
  sudo chmod 644 "${torrc_services}"
  sudo chown bitcoin:bitcoin "${torrc_services}"