mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-02-24 06:48:00 +01:00
Run LND with a separate Tor instance to avoid restarts (#2148)
This commit is contained in:
openoms
GitHub
parent
2a723d4f91
commit
fae7b4eb2f
4 changed files with 100 additions and 34 deletions
|
|
@ -4,6 +4,7 @@
|
|||
|
||||
- New: Raspberry Pi OS Base Image 64-bit (August 2020)
|
||||
- New: Build SD card Image with parameters & FatPack [details](https://github.com/rootzoll/raspiblitz/pull/2044)
|
||||
- New: Improve LND uptime and reliability over Tor [details](https://github.com/rootzoll/raspiblitz/pull/2148)
|
||||
- New: Lightning Terminal 0.4.1-alpha (Loop, Pool & Faraday UI Bundle) [details](https://github.com/lightninglabs/lightning-terminal#lightning-terminal-lit)
|
||||
- New: chantools 0.8.2 [details](https://github.com/guggero/chantools/blob/master/README.md)
|
||||
- New: Circuitbreaker LND firewall (settings menu) [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
|
||||
|
|
|
|||
|
|
@ -145,11 +145,11 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
|||
sudo sed -i "s:^CookieAuthFile*:#CookieAuthFile:g" /etc/tor/torrc
|
||||
if ! grep -Eq "^CookieAuthentication 1" /etc/tor/torrc; then
|
||||
echo "CookieAuthentication 1" | sudo tee -a /etc/tor/torrc
|
||||
sudo systemctl restart tor
|
||||
sudo systemctl restart tor@default
|
||||
fi
|
||||
if ! grep -Eq "^AllowOutboundLocalhost 1" /etc/tor/torsocks.conf; then
|
||||
echo "AllowOutboundLocalhost 1" | sudo tee -a /etc/tor/torsocks.conf
|
||||
sudo systemctl restart tor
|
||||
sudo systemctl restart tor@default
|
||||
fi
|
||||
|
||||
# joinin.conf settings
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ if [ "$1" == "off" ]; then
|
|||
sudo chown bitcoin:bitcoin /etc/tor/torrc
|
||||
|
||||
echo "# OK service is removed - restarting TOR ..."
|
||||
sudo systemctl restart tor
|
||||
sudo systemctl restart tor@default
|
||||
sleep 10
|
||||
echo "# Done"
|
||||
exit 0
|
||||
|
|
@ -100,7 +100,7 @@ HiddenServicePort $toPort 127.0.0.1:$fromPort" | sudo tee -a /etc/tor/torrc
|
|||
echo ""
|
||||
echo "Restarting Tor to activate the Hidden Service..."
|
||||
sudo chmod 644 /etc/tor/torrc
|
||||
sudo systemctl restart tor
|
||||
sudo systemctl restart tor@default
|
||||
sleep 10
|
||||
|
||||
# show the Hidden Service address
|
||||
|
|
|
|||
|
|
@ -87,26 +87,100 @@ activateLndOverTOR()
|
|||
lndExists=$(sudo ls /etc/systemd/system/lnd.service | grep -c "lnd.service")
|
||||
if [ ${lndExists} -gt 0 ]; then
|
||||
|
||||
echo "# Make sure the user bitcoin is in the debian-tor group"
|
||||
sudo usermod -a -G debian-tor bitcoin
|
||||
# deprecate 'torpassword='
|
||||
sudo sed -i '/\[Tor\]*/d' /mnt/hdd/lnd/lnd.conf
|
||||
sudo sed -i '/^tor.password=*/d' /mnt/hdd/lnd/lnd.conf
|
||||
|
||||
# lnd-tor instance
|
||||
# https://www.torservers.net/wiki/setup/server#multiple_tor_processes
|
||||
NODENAME="lnd"
|
||||
SOCKSPORT=9070
|
||||
CONTROLPORT=$((SOCKSPORT+1))
|
||||
echo "# Creating a dedicated Tor instance for $NODENAME"
|
||||
sudo tor-instance-create $NODENAME
|
||||
|
||||
echo "# Make sure the user bitcoin is in the _tor-$NODENAME group"
|
||||
sudo usermod -a -G _tor-$NODENAME bitcoin
|
||||
|
||||
# create tor data directory if it not exist
|
||||
if [ ! -d "/mnt/hdd/tor-$NODENAME" ]; then
|
||||
echo "# - creating tor data directory"
|
||||
sudo mkdir -p /mnt/hdd/tor-$NODENAME
|
||||
sudo mkdir -p /mnt/hdd/tor-$NODENAME/sys
|
||||
else
|
||||
echo "# - /mnt/hdd/tor-$NODENAME data directory exists"
|
||||
fi
|
||||
# make sure its the correct owner
|
||||
sudo chmod -R 700 /mnt/hdd/tor-$NODENAME
|
||||
sudo chown -R _tor-$NODENAME:_tor-$NODENAME /mnt/hdd/tor-$NODENAME
|
||||
|
||||
echo "
|
||||
### torrc for tor@$NODENAME
|
||||
### https://github.com/lightningnetwork/lnd/blob/master/docs/configuring_tor.md
|
||||
|
||||
DataDirectory /mnt/hdd/tor-$NODENAME/sys
|
||||
PidFile /mnt/hdd/tor-$NODENAME/sys/tor.pid
|
||||
|
||||
SocksPort $SOCKSPORT
|
||||
ControlPort $CONTROLPORT
|
||||
CookieAuthentication 1
|
||||
CookieAuthFileGroupReadable 1
|
||||
|
||||
SafeLogging 1
|
||||
Log notice stdout
|
||||
Log notice file /mnt/hdd/tor-$NODENAME/notice.log
|
||||
Log info file /mnt/hdd/tor-$NODENAME/info.log
|
||||
" | sudo tee /etc/tor/instances/$NODENAME/torrc
|
||||
sudo chmod 644 /etc/tor/instances/$NODENAME/torrc
|
||||
|
||||
sudo mkdir -p /etc/systemd/system/tor@$NODENAME.service.d
|
||||
sudo tee /etc/systemd/system/tor@$NODENAME.service.d/raspiblitz.conf >/dev/null <<EOF
|
||||
# DO NOT EDIT! This file is generated by raspiblitz and will be overwritten
|
||||
[Service]
|
||||
ReadWriteDirectories=-/mnt/hdd/tor-$NODENAME
|
||||
[Unit]
|
||||
After=network.target nss-lookup.target mnt-hdd.mount
|
||||
EOF
|
||||
|
||||
echo "Setup logrotate"
|
||||
# add logrotate config for modified Tor dir on ext. disk
|
||||
sudo tee /etc/logrotate.d/raspiblitz-tor-$NODENAME >/dev/null <<EOF
|
||||
/mnt/hdd/tor-$NODENAME/*log {
|
||||
daily
|
||||
rotate 5
|
||||
compress
|
||||
delaycompress
|
||||
missingok
|
||||
notifempty
|
||||
create 0640 _tor-$NODENAME _tor-$NODENAME
|
||||
sharedscripts
|
||||
postrotate
|
||||
if invoke-rc.d tor status > /dev/null; then
|
||||
invoke-rc.d tor reload > /dev/null
|
||||
fi
|
||||
endscript
|
||||
}
|
||||
EOF
|
||||
sudo systemctl daemon-reload
|
||||
sudo systemctl enable tor@$NODENAME
|
||||
sudo systemctl start tor@$NODENAME
|
||||
|
||||
# modify LND service
|
||||
echo "Make sure LND is disabled"
|
||||
echo "# Make sure LND is disabled"
|
||||
sudo systemctl disable lnd 2>/dev/null
|
||||
|
||||
echo "editing /etc/systemd/system/lnd.service"
|
||||
sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*/ExecStart=\/usr\/local\/bin\/lnd --tor\.active --tor\.streamisolation --tor\.v3 --listen=127\.0\.0\.1\:9735 \${lndExtraParameter}/g" /etc/systemd/system/lnd.service
|
||||
echo "# Editing /etc/systemd/system/lnd.service"
|
||||
sudo sed -i "s/^ExecStart=\/usr\/local\/bin\/lnd.*\
|
||||
/ExecStart=\/usr\/local\/bin\/lnd --tor\.active --tor\.streamisolation --tor\.v3 --tor\.socks=$SOCKSPORT --tor\.control=$CONTROLPORT --listen=127\.0\.0\.1\:9735 \${lndExtraParameter}/g" \
|
||||
/etc/systemd/system/lnd.service
|
||||
|
||||
echo "Enable LND again"
|
||||
echo "# Enable LND again"
|
||||
sudo systemctl enable lnd
|
||||
echo "OK"
|
||||
echo ""
|
||||
echo "# OK"
|
||||
echo
|
||||
|
||||
else
|
||||
echo "LND service not found (yet) - try with 'internet.tor.sh lndconf-on' again later"
|
||||
echo "# LND service not found (yet) - try with 'internet.tor.sh lndconf-on' again later"
|
||||
fi
|
||||
}
|
||||
|
||||
|
|
@ -231,9 +305,8 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
|||
isTorConfigOK=$(sudo cat /etc/tor/torrc 2>/dev/null | grep -c "BITCOIN")
|
||||
if [ ${isTorConfigOK} -eq 0 ]; then
|
||||
echo "# - updating Tor config ${torrc}"
|
||||
PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
|
||||
HASHED_PASSWORD=$(sudo -u debian-tor tor --hash-password "$PASSWORD_B")
|
||||
cat > ./torrc <<EOF
|
||||
### torrc for tor@default
|
||||
### See 'man tor', or https://www.torproject.org/docs/tor-manual.html
|
||||
|
||||
DataDirectory /mnt/hdd/tor/sys
|
||||
|
|
@ -259,35 +332,19 @@ HiddenServicePort 80 127.0.0.1:80
|
|||
# NOTE: since Bitcoin Core v0.21.0 sets up a v3 Tor service automatically
|
||||
# see /mnt/hdd/bitcoin for the onion private key - delete and restart bitcoind to reset
|
||||
|
||||
# Hidden Service for BITCOIN P2P (v2FallBack for Bisq)
|
||||
HiddenServiceDir /mnt/hdd/tor/bitcoin8333
|
||||
HiddenServiceVersion 2
|
||||
HiddenServicePort 8333 127.0.0.1:8333
|
||||
|
||||
# Hidden Service for LND (incoming connections)
|
||||
HiddenServiceDir /mnt/hdd/tor/lnd9735
|
||||
HiddenServiceVersion 3
|
||||
HiddenServicePort 9735 127.0.0.1:9735
|
||||
# NOTE: LND is using a separate Tor instance: tor@lnd
|
||||
# find the torrc at /etc/tor/instances/lnd/torrc
|
||||
# onion private key at /mnt/hdd/lnd/v3_onion_private_key
|
||||
|
||||
# Hidden Service for LND RPC
|
||||
HiddenServiceDir /mnt/hdd/tor/lndrpc10009/
|
||||
HiddenServiceVersion 3
|
||||
HiddenServicePort 10009 127.0.0.1:10009
|
||||
|
||||
# Hidden Service for LND RPC (v2Fallback)
|
||||
HiddenServiceDir /mnt/hdd/tor/lndrpc10009fallback/
|
||||
HiddenServiceVersion 2
|
||||
HiddenServicePort 10009 127.0.0.1:10009
|
||||
|
||||
# Hidden Service for LND REST
|
||||
HiddenServiceDir /mnt/hdd/tor/lndrest8080/
|
||||
HiddenServiceVersion 3
|
||||
HiddenServicePort 8080 127.0.0.1:8080
|
||||
|
||||
# Hidden Service for LND REST (v2Fallback)
|
||||
HiddenServiceDir /mnt/hdd/tor/lndrest8080fallback/
|
||||
HiddenServiceVersion 2
|
||||
HiddenServicePort 8080 127.0.0.1:8080
|
||||
EOF
|
||||
sudo rm $torrc
|
||||
sudo mv ./torrc $torrc
|
||||
|
|
@ -396,6 +453,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
|||
# disable TOR service
|
||||
echo "# *** Disable Tor service ***"
|
||||
sudo systemctl disable tor@default
|
||||
sudo systemctl disable tor@lnd
|
||||
echo ""
|
||||
|
||||
# DEACTIVATE BITCOIN OVER TOR (function call)
|
||||
|
|
@ -415,6 +473,7 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
|||
|
||||
echo "# *** Stop Tor service ***"
|
||||
sudo systemctl stop tor@default
|
||||
sudo systemctl stop tor@lnd
|
||||
echo ""
|
||||
|
||||
if [ "$2" == "clear" ]; then
|
||||
|
|
@ -449,6 +508,12 @@ if [ "$1" = "update" ]; then
|
|||
echo "# Starting the tor.service "
|
||||
sudo systemctl start tor
|
||||
echo "# Installed $(tor --version)"
|
||||
if [ $(systemctl status lnd | grep -c "active (running)") -gt 0 ];then
|
||||
echo "# LND needs to restart"
|
||||
sudo systemctl restart lnd
|
||||
sleep 10
|
||||
lncli unlock
|
||||
fi
|
||||
exit 0
|
||||
fi
|
||||
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue