add LND repair menu (#2833)

* add 99lndRepairMenu.sh * add more lnd checks and improve output * add sudo to syncAndCheckLND * add ${netprefix} to lnd service * restore seed and scb separately * update lnd proto files * lnd.initwallet: add unlock method * lndrepair: use recovery window with unlock * change all rpc_pb2 to lightning_pb2 * mainnet -> ${chain}net * _provison.setup: restore SCB separately * clear up the placement of channel.backup * unloc kLND before SCB restore * provison.setup: add more logging * lnd.install: make sure bitcoin is in debian-tor * lndRepairMenu: add RETRYSCB option * wait to create macaroons for 2 minutes * lndRepairMenu: add RESCAN option
2024-11-19 01:40:16 +01:00 · 2022-01-04 19:08:38 +00:00 · 2022-01-04 19:08:38 +00:00 · fc5becc6b5
commit fc5becc6b5
parent dd10808f9f
19 changed files with 4527 additions and 1314 deletions
--- a/.gitignore
+++ b/.gitignore
@ -3,6 +3,6 @@ home.admin/.DS_Store
 *.log
 *.pyc
 __pycache__
-rpc_pb2.pyc
+lightning_pb2.pyc
-rpc_pb2_grpc.pyc
+lightning_pb2_grpc.pyc
 /.vagrant/
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -464,7 +464,7 @@ echo -e "\n*** INSTALLING BlitzPy Version: ${blitzpy_version} ***"
 sudo -H /usr/bin/python -m pip install "/home/admin/raspiblitz/home.admin/BlitzPy/dist/${blitzpy_wheel}" >/dev/null 2>&1
 # make sure lndlibs are patched for compatibility for both Python2 and Python3
-file="/home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py"
+file="/home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py"
 ! grep -Fxq "from __future__ import absolute_import" "${file}" && sed -i -E '1 a from __future__ import absolute_import' "${file}"
 ! grep -Eq "^from . import.*" "${file}" && sed -i -E 's/^(import.*_pb2)/from . \1/' "${file}"
--- a/home.admin/98repairMenu.sh
+++ b/home.admin/98repairMenu.sh
@ -39,9 +39,9 @@ Download Lightning Data Backup now?
      fi
    else
      clear
-      echo "*****************************************"
+      echo "*************************************"
-      echo "* JUST MAKING A BACKUP TO THE OLD SD CARD"
+      echo "* JUST MAKING A BACKUP TO THE SD CARD"
-      echo "*****************************************"
+      echo "*************************************"
      echo "please wait .."
      sleep 2
      if [ "${lightning}" == "lnd" ] || [ "${lnd}" = "on" ]; then
@ -69,9 +69,7 @@ OPTIONS=()
 #OPTIONS+=(HARDWARE "Run Hardwaretest")
 OPTIONS+=(SOFTWARE "Run Softwaretest (DebugReport)")
 if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
-  OPTIONS+=(BACKUP-LND "Backup your LND data (Rescue-File)")
+  OPTIONS+=(REPAIR-LND "Repair/Backup LND")
  OPTIONS+=(RESET-LND "Delete LND & start new node/wallet")
  OPTIONS+=(COMPACT "Compact the LND channel.db")
 fi
 if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
  OPTIONS+=(REPAIR-CL "Repair/Backup C-Lightning")
@ -95,18 +93,8 @@ case $CHOICE in
    echo "Press ENTER to return to main menu."
    read key
    ;;
-  BACKUP-LND)
+  REPAIR-LND)
-    /home/admin/config.scripts/lnd.compact.sh interactive
+    sudo /home/admin/99lndRepairMenu.sh
    sudo /home/admin/config.scripts/lnd.backup.sh lnd-export-gui
    echo
    echo "Press ENTER when your backup download is done to shutdown."
    read key
    /home/admin/config.scripts/blitz.shutdown.sh
    ;;
  COMPACT)
    /home/admin/config.scripts/lnd.compact.sh interactive
    echo "# Starting lnd.service ..."
    sudo systemctl start lnd
    echo
    echo "Press ENTER to return to main menu."
    read key
@ -128,45 +116,6 @@ case $CHOICE in
    echo "For reboot type: sudo shutdown -r now"
    exit 1;
    ;;
  RESET-LND)
    askBackupCopy
    # ask for a new name so that network analysis has harder time to connect new node id with old
    result=""
    while [ ${#result} -eq 0 ]
    do
        trap 'rm -f "$_temp"' EXIT
        _temp=$(mktemp -p /dev/shm/)
        l1="Please enter the new name of your LND node:\n"
        l2="different name is better for a fresh identity\n"
        l3="one word, keep characters basic & not too long"
        dialog --backtitle "RaspiBlitz - Setup (${network}/${chain})" --inputbox "$l1$l2$l3" 13 52 2>$_temp
        result=$( cat $_temp | tr -dc '[:alnum:]-.' | tr -d ' ' )
        echo "processing ..."
        sleep 3
    done
    # make sure host is named like in the raspiblitz config
    echo "Setting the Name/Alias/Hostname .."
    sudo /home/admin/config.scripts/lnd.setname.sh mainnet ${result}
    /home/admin/config.scripts/blitz.conf.sh set hostname "${result}"
    echo "stopping lnd ..."
    sudo systemctl stop lnd
    sudo rm -r /mnt/hdd/lnd
    # create wallet
    /home/admin/config.scripts/lnd.install.sh on mainnet initwallet
    # display and delete the seed for mainnet
    sudo /home/admin/config.scripts/lnd.install.sh display-seed mainnet delete
    if [ "${tlnd}" == "on" ];then
      /home/admin/config.scripts/lnd.install.sh on testnet initwallet
    fi
    if [ "${slnd}" == "on" ];then
      /home/admin/config.scripts/lnd.install.sh on signet initwallet
    fi
    # go back to main menu (and show)
    /home/admin/00raspiblitz.sh
    exit 0;
    ;;
  RESET-HDD)
    askBackupCopy
    /home/admin/XXcleanHDD.sh
--- a/home.admin/99lndRepairMenu.sh
+++ b/home.admin/99lndRepairMenu.sh
@ -0,0 +1,494 @@
 #!/bin/bash
 # get raspiblitz config
 echo "# get raspiblitz config"
 source /home/admin/raspiblitz.info
 source /mnt/hdd/raspiblitz.conf
 source <(/home/admin/config.scripts/network.aliases.sh getvars lnd $1)
 if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi
 askLNDbackupCopy()
 {
  whiptail --title "LND Data Backup" --yes-button "Backup" --no-button "Skip" --yesno "
 Before deleting your data, do you want
 to make a backup of all your LND Data
 and download the file(s) to your laptop?
 Download LND Data Backup now?
  " 12 44
  if [ $? -eq 0 ]; then
    clear
    echo "***********************************"
    echo "* PREPARING THE LND BACKUP DOWNLOAD"
    echo "***********************************"
    echo "please wait .."
    /home/admin/config.scripts/lnd.compact.sh interactive
    /home/admin/config.scripts/lnd.backup.sh lnd-export-gui
    echo
    echo "PRESS ENTER to continue once you're done downloading."
    read key
  else
    clear
    echo "*************************************"
    echo "* JUST MAKING A BACKUP TO THE SD CARD"
    echo "*************************************"
    echo "please wait .."
    sleep 2
    /home/admin/config.scripts/lnd.backup.sh lnd-export
    sleep 3
  fi
 }
 getpasswordC() # from dialogPasswords.sh
 {
  # temp file for password results
  _temp="/var/cache/raspiblitz/temp/.temp.tmp"
  sudo /home/admin/config.scripts/blitz.setpassword.sh x "PASSWORD C - Lightning Wallet Password" $_temp
  passwordC=$(sudo cat $_temp)
  sudo rm $_temp
  dialog --backtitle "RaspiBlitz - Setup" --msgbox "\nThanks - Password C accepted.\n\nAlways use this password to \nunlock your Lightning Wallet." 10 34
 }
 lndHealthCheck() 
 {
  # check that lnd started
  lndRunning=0
  loopcount=0
  while [ ${lndRunning} -eq 0 ]
  do
    lndRunning=$(systemctl status ${netprefix}lnd.service | grep -c running)
    if [ ${lndRunning} -eq 0 ]; then
      date +%s
      echo "LND not ready yet ... waiting another 60 seconds."
      sleep 10
    fi
    loopcount=$(($loopcount +1))
    if [ ${loopcount} -gt 100 ]; then
      echo "lnd-start-fail" "lnd service not getting to running status" "sudo systemctl status ${netprefix}lnd.service | grep -c running --> ${lndRunning}"
      exit 8
    fi
  done
  echo "OK - LND is running"
  sleep 10
  # Check LND health/fails (to be extended)
  tlsExists=$(ls /mnt/hdd/lnd/tls.cert 2>/dev/null | grep -c "tls.cert")
  if [ ${tlsExists} -eq 0 ]; then
    echo "lnd-no-tls" "lnd not created TLS cert" "no /mnt/hdd/lnd/tls.cert"
    exit 9
  fi
 }
 syncAndCheckLND() # from _provision.setup.sh
 {
  # make sure all directories are linked
  sudo /home/admin/config.scripts/blitz.datadrive.sh link
  # check if now a config exists
  configLinkedCorrectly=$(ls /home/bitcoin/.lnd/lnd.conf | grep -c "lnd.conf")
  if [ "${configLinkedCorrectly}" != "1" ]; then
    echo "lnd-link-broken" "link /home/bitcoin/.lnd/lnd.conf broken" ""
    exit 7
  fi
  # Init LND service & start
  echo "*** Init LND Service & Start ***"
  /home/admin/_cache.sh set message "LND Testrun"
  # just in case
  sudo systemctl stop ${netprefix}lnd 2>/dev/null
  sudo systemctl disable ${netprefix}lnd 2>/dev/null
  # copy lnd service
  sudo cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service
  # start lnd up
  echo "Starting LND Service ..."
  sudo systemctl enable ${netprefix}lnd
  sudo systemctl start ${netprefix}lnd
  echo "Starting LND Service ... executed"  
  if [ $(sudo -u bitcoin ls /mnt/hdd/lnd/data/chain/bitcoin/${chain}net/wallet.db 2>/dev/null | grep -c wallet.db) -gt 0 ]; then
    echo "# OK, there is an LND wallet present"
  else
    echo "lnd-no-wallet" "there is no LND wallet present" "/mnt/hdd/lnd/data/chain/bitcoin/${chain}net/wallet.db --> missing"
    exit 13
  fi
  # sync macaroons & TLS to other users
  echo "*** Copy LND Macaroons to user admin ***"
  /home/admin/_cache.sh set message "LND Credentials"
  # check if macaroon exists now - if not fail
  attempt=0
  while [ $(sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon 2>/dev/null | grep -c admin.macaroon) -eq 0 ]; do
    echo "Waiting 2 mins for LND to create macaroons ... (${attempt}0s)"
    sleep 10
    attempt=$((attempt+1))
    if [ $attempt -eq 12 ];then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-no-macaroons" "lnd did not create macaroons" "/home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon --> missing"
      exit 14
    fi
  done
  # now sync macaroons & TLS to other users
  sudo /home/admin/config.scripts/lnd.credentials.sh sync
  # make a final lnd check
  source <(/home/admin/config.scripts/lnd.check.sh basic-setup)
  if [ "${err}" != "" ]; then
    echo "lnd-check-error" "lnd.check.sh basic-setup with error" "/home/admin/config.scripts/lnd.check.sh basic-setup --> ${err}"
    exit 15
  fi
 }
 function restoreFromSeed()
 {
    askLNDbackupCopy
    ## from dialogLightningWallet.sh 
    # let people know about the difference between SEED & SEED+SCB
    whiptail --title "IMPORTANT INFO" --yes-button "ENTER SEED" --no-button "Go Back" --yesno "
 Using JUST SEED WORDS will only recover your on-chain funds.
 To also try to recover the open channel funds you need the
 channel.backup file (since RaspiBlitz v1.2 / LND 0.6-beta)
 or having a complete LND rescue-backup from your old node.
    " 11 65
    # start seed input and get results
    _temp="/var/cache/raspiblitz/.temp.tmp"
    /home/admin/config.scripts/lnd.backup.sh seed-import-gui $_temp
    source $_temp 2>/dev/null
    sudo rm $_temp 2>/dev/null
    # if user canceled the seed input
    if [ "${seedWords}" == "" ]; then
      # signal cancel to the calling script by exit code (4 = exit on seedwords)
      exit 4
    fi
    getpasswordC
    clear
    echo  
    echo "The next step will overwrite the old LND wallets on all chains"
    echo "Press ENTER to continue or CTRL+C to abort"
    read key
    echo "Stopping ${netprefix}lnd ..."
    sudo systemctl stop ${netprefix}lnd
    if [ "${tlnd}" == "on" ];then
      sudo systemctl stop tlnd
    fi
    if [ "${slnd}" == "on" ];then
      sudo systemctl stop slnd
    fi
    echo "Reset wallet"
    sudo rm -r /mnt/hdd/lnd
    # creates fresh lnd.conf without an alias
    /home/admin/config.scripts/lnd.install.sh on $CHAIN
    sudo systemctl start ${netprefix}lnd
    lndHealthCheck
    # from _provison.setup.sh
    # create wallet
    # WALLET --> SEED
    if [ "${seedWords}" != "" ]; then
      echo "WALLET --> SEED"
      /home/admin/_cache.sh set message "LND Wallet (SEED)"
      source <(/home/admin/config.scripts/lnd.initwallet.py seed "${chain}net" "${passwordC}" "${seedWords}" "${seedPassword}")
      if [ "${err}" != "" ]; then
      echo "lnd-wallet-seed" "lnd.initwallet.py seed returned error" "/home/admin/config.scripts/lnd.initwallet.py seed ${chain}net ... --> ${err} + ${errMore}"
      exit 12
      fi
    fi
    syncAndCheckLND
 }
 function restoreSCB()
 {
    # import SCB and get results
    _temp="/var/cache/raspiblitz/.temp.tmp"
    /home/admin/config.scripts/lnd.backup.sh scb-import-gui setup $_temp
    source $_temp 2>/dev/null
    sudo rm $_temp 2>/dev/null
    # if user canceled the upload
    if [ "${staticchannelbackup}" == "" ]; then
      # signal cancel to the calling script by exit code (5 = exit on scb)
      exit 5
    fi
    echo
    echo "The next step will attempt to trigger all online peers to force close the channels with this node."
    echo "Restoring the channel.backup can be repeated again until all the channels are force closed."
    echo "Contacting the peers and asking them to force close achieves the same."
    echo "Press ENTER to continue or CTRL+C to abort"
    read key
    # WALLET --> SEED + SCB 
    if [ "${staticchannelbackup}" != "" ]; then
      # LND was restarted so need to unlock
      echo "WALLET --> UNLOCK WALLET - SCAN 0"
      /home/admin/_cache.sh set message "LND Wallet Unlock - scan 0"
      source <(/home/admin/config.scripts/lnd.initwallet.py unlock "${chain}net" "${passwordC}" 0)
      if [ "${err}" != "" ]; then
        echo "lnd-wallet-unlock" "lnd.initwallet.py unlock returned error" "/home/admin/config.scripts/lnd.initwallet.py unlock ${chain}net ... --> ${err} + ${errMore}"
        if [ "${errMore}" = "wallet already unlocked, WalletUnlocker service is no longer available" ]; then
          echo "The wallet is already unlocked, continue."
        else
          exit 11
        fi
      fi
      echo "WALLET --> SCB "
      /home/admin/_cache.sh set message "LND Wallet (SEED & SCB)"
      macaroonPath="/home/admin/.lnd/data/chain/${network}/${chain}net/admin.macaroon"
      source <(/home/admin/config.scripts/lnd.initwallet.py scb ${chain}net "/home/admin/channel.backup" "${macaroonPath}")
      if [ "${err}" != "" ]; then
        echo "lnd-wallet-seed+scb" "lnd.initwallet.py scb returned error" "/home/admin/config.scripts/lnd.initwallet.py scb ${chain}net ... --> ${err} + ${errMore}"
        if [ "${errMore}" = "server is still in the process of starting" ]; then
          echo "The SCB recovery is not possible now - use the RETRYSCB option the REPAIR-LND menu after LND is synced."
          echo "Can repeat the SCB recovery until all peers have force closed the channels to this node."
        else
          exit 12
        fi
      fi
    fi
    syncAndCheckLND
    # LND was restarted so need to unlock
    echo "WALLET --> UNLOCK WALLET - SCAN 5000"
    /home/admin/_cache.sh set message "LND Wallet Unlock - scan 5000"
    source <(/home/admin/config.scripts/lnd.initwallet.py unlock ${chain}net "${passwordC}" 5000)
    if [ "${err}" != "" ]; then
      echo "lnd-wallet-unlock" "lnd.initwallet.py unlock returned error" "/home/admin/config.scripts/lnd.initwallet.py unlock ${chain}net ... --> ${err} + ${errMore}"
      exit 50
    fi
 }
 # BASIC MENU INFO
 WIDTH=64
 BACKTITLE="RaspiBlitz"
 TITLE="LND repair options for $CHAIN"
 MENU=""
 OPTIONS=()
 OPTIONS+=(COMPACT "Compact the LND channel.db")
 OPTIONS+=(BACKUP-LND "Backup your LND data (Rescue-File)")
 OPTIONS+=(RESET-LND "Delete LND & start new node/wallet")
 OPTIONS+=(LNDRESCUE "Restore from a rescue file")
 OPTIONS+=(SEED+SCB "Restore from a seed and channel.backup")
 OPTIONS+=(RETRYSCB "Retry closing channels with the channel.backup")
 OPTIONS+=(ONLYSEED "Restore from a seed (onchain funds only)")
 OPTIONS+=(RESCAN "Rescan the blockchain to recover onchain funds")
 CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
 HEIGHT=$((CHOICE_HEIGHT+6))
 CHOICE=$(dialog --clear \
                --backtitle "$BACKTITLE" \
                --title "$TITLE" \
                --ok-label "Select" \
                --cancel-label "Main menu" \
                --menu "$MENU" \
                $HEIGHT $WIDTH $CHOICE_HEIGHT \
                "${OPTIONS[@]}" \
                2>&1 >/dev/tty)
 case $CHOICE in
  COMPACT)
    /home/admin/config.scripts/lnd.compact.sh interactive
    echo "# Starting ${netprefix}lnd.service ..."
    sudo systemctl start lnd
    echo
    echo "Press ENTER to return to main menu."
    read key
    ;;
  BACKUP-LND)
    /home/admin/config.scripts/lnd.compact.sh interactive
    sudo /home/admin/config.scripts/lnd.backup.sh ${netprefix}lnd-export-gui
    echo
    echo "Press ENTER when your backup download is done to shutdown."
    read key
    /home/admin/config.scripts/blitz.shutdown.sh
    ;;
  RESET-LND)
    askLNDbackupCopy
    # ask for a new name so that network analysis has harder time to connect new node id with old
    result=""
    while [ ${#result} -eq 0 ]
    do
        trap 'rm -f "$_temp"' EXIT
        _temp=$(mktemp -p /dev/shm/)
        l1="Please enter the name of your new LND node:\n"
        l2="different name is better for a fresh identity\n"
        l3="one word, use up to 32 basic characters"
        dialog --backtitle "RaspiBlitz - Setup (${network}/${chain})" --inputbox "$l1$l2$l3" 13 52 2>$_temp
        result=$( cat $_temp | tr -dc '[:alnum:]-.' | tr -d ' ' )
        echo "processing ..."
        sleep 3
    done
    #TODO the new hostname is not taken into account on init (user can change set the lnd name in menu later)
    # make sure host is named like in the raspiblitz config
    # echo "Setting the Name/Alias/Hostname .."
    # sudo /home/admin/config.scripts/lnd.setname.sh ${chain}net "${result}"
    # /home/admin/config.scripts/blitz.conf.sh set hostname "${result}"
    echo "stopping ${netprefix}lnd ..."
    sudo systemctl stop ${netprefix}lnd
    if [ "${tlnd}" == "on" ];then
      sudo systemctl stop tlnd
    fi
    if [ "${slnd}" == "on" ];then
      sudo systemctl stop slnd
    fi
    echo "Delete wallet"
    sudo rm -r /mnt/hdd/lnd
    # create wallet
    /home/admin/config.scripts/lnd.install.sh on ${chain}net initwallet
    # display and delete the seed for ${chain}net
    sudo /home/admin/config.scripts/lnd.install.sh display-seed ${chain}net delete
    if [ "${tlnd}" == "on" ];then
      /home/admin/config.scripts/lnd.install.sh on testnet initwallet
    fi
    if [ "${slnd}" == "on" ];then
      /home/admin/config.scripts/lnd.install.sh on signet initwallet
    fi
    syncAndCheckLND
    echo "Press ENTER to return to main menu."
    read key    
    # go back to main menu (and show)
    /home/admin/00raspiblitz.sh
    exit 0
    ;;
  LNDRESCUE)
    askLNDbackupCopy
    echo "The next step will overwrite the old LND wallets on all chains"
    echo "Press ENTER to continue or CTRL+C to abort"
    read key
    echo "Stopping ${netprefix}lnd ..."
    sudo systemctl stop ${netprefix}lnd
    if [ "${tlnd}" == "on" ];then
      sudo systemctl stop tlnd
    fi
    if [ "${slnd}" == "on" ];then
      sudo systemctl stop slnd
    fi
    echo "Delete wallet"
    sudo rm -r /mnt/hdd/lnd
    ## from dialogLightningWallet.sh 
    # import file
    # run upload dialog and get result
    _temp="/var/cache/raspiblitz/temp/.temp.tmp"
    /home/admin/config.scripts/lnd.backup.sh lnd-import-gui production $_temp
    source $_temp 2>/dev/null
    sudo rm $_temp 2>/dev/null
    /home/admin/config.scripts/lnd.install.sh on ${CHAIN}
    sudo systemctl start ${netprefix}lnd
    syncAndCheckLND
    echo "Press ENTER to return to main menu."
    read key
    # go back to main menu (and show)
    /home/admin/00raspiblitz.sh
    exit 0
    ;;
  SEED+SCB)
    restoreFromSeed
    restoreSCB
    echo
    echo "Press ENTER to return to main menu."
    read key
    # go back to main menu (and show)
    /home/admin/00raspiblitz.sh
    exit 0
    ;;
  RETRYSCB)
    restoreSCB
    echo
    echo "Press ENTER to return to main menu."
    read key
    # go back to main menu (and show)
    /home/admin/00raspiblitz.sh
    exit 0
    ;;
  ONLYSEED)
    restoreFromSeed
    echo "WALLET --> UNLOCK WALLET - SCAN 5000"
    /home/admin/_cache.sh set message "LND Wallet Unlock - scan 5000"
    source <(/home/admin/config.scripts/lnd.initwallet.py unlock "${chain}net" "${passwordC}" 5000)
    if [ "${err}" != "" ]; then
      echo "lnd-wallet-unlock" "lnd.initwallet.py unlock returned error" "/home/admin/config.scripts/lnd.initwallet.py unlock ${chain}net ... --> ${err} + ${errMore}"
      exit 50
    fi
    echo "Press ENTER to return to main menu."
    read key
    # go back to main menu (and show)
    /home/admin/00raspiblitz.sh
    exit 0
    ;;
  RESCAN)
    clear
    echo "Restart lnd to lock the wallet ..."
    echo "If this takes very long LND might be already rescanning."
    echo "Can use 'sudo pkill lnd' to shut down ungracefully."
    sudo systemctl restart lnd
    # from blitz.conf.sh
    configFile="/home/admin/raspiblitz.info"
    keystr="fundRecovery"
    valuestr="1"
    # check if key needs to be added (prepare new entry)
    entryExists=$(grep -c "^${keystr}=" ${configFile})
    if [ ${entryExists} -eq 0 ]; then
      echo "${keystr}=" | tee -a ${configFile}
    fi
    # add valuestr quotes if not standard values
    if [ "${valuestr}" != "on" ] && [ "${valuestr}" != "off" ] && [ "${valuestr}" != "1" ] && [ "${valuestr}" != "0" ]; then
      valuestr="'${valuestr}'"
    fi
    # set value (sed needs sudo to operate when user is not root)
    sudo sed -i "s/^${keystr}=.*/${keystr}=${valuestr}/g" ${configFile}
    /home/admin/config.scripts/lnd.unlock.sh unlock
    # switch rescan off for the next unlock
    valuestr="0"
    sudo sed -i "s/^${keystr}=.*/${keystr}=${valuestr}/g" ${configFile}
    echo
    echo "To show the scanning progress in the background will follow the lnd.log with:" 
    echo "'sudo tail -n 30 -f /mnt/hdd/lnd/logs/${network}/${chain}net/lnd.log'"
    echo
    echo "Press ENTER to continue"
    echo "use CTRL+C any time to exit .. then use the command 'raspiblitz' to return to the menu"
    echo "(the rescan will continue in the background)"
    echo "#######################################################################################"
    read key
    sudo tail -n 30 -f /mnt/hdd/lnd/logs/${network}/${chain}net/lnd.log    
    ;;
 esac
 exit 0
--- a/home.admin/99systemMenu.sh
+++ b/home.admin/99systemMenu.sh
@ -63,8 +63,8 @@ case $CHOICE in
    echo "running: 'sudo tail -n 30 -f ${bitcoinlogpath}'"
    echo
    echo "Press ENTER to continue"
-    echo "use CTRL+C any time to abort .. then use command 'raspiblitz' to return to menu"
+    echo "use CTRL+C any time to abort .. then use the command 'raspiblitz' to return to the menu"
-    echo "###############################################################################"
+    echo "#######################################################################################"
    read key
    sudo tail -n 30 -f ${bitcoinlogpath};;
  ${network}CONF)
@ -90,8 +90,8 @@ case $CHOICE in
    echo "running 'sudo tail -n 30 -f /mnt/hdd/lnd/logs/${network}/${chain}net/lnd.log'"
    echo
    echo "Press ENTER to continue"
-    echo "use CTRL+C any time to abort .. then use command 'raspiblitz' to return to menu"
+    echo "use CTRL+C any time to abort .. then use the command 'raspiblitz' to return to the menu"
-    echo "###############################################################################"
+    echo "#######################################################################################"
    read key
    sudo tail -n 30 -f /mnt/hdd/lnd/logs/${network}/${chain}net/lnd.log;;
  LNDCONF)
@ -117,8 +117,8 @@ case $CHOICE in
    echo "running 'sudo tail -n 30 -f /home/bitcoin/.lightning/${CLNETWORK}/cl.log'"
    echo
    echo "Press ENTER to continue"
-    echo "use CTRL+C any time to abort .. then use command 'raspiblitz' to return to menu"
+    echo "use CTRL+C any time to abort .. then use the command 'raspiblitz' to return to the menu"
-    echo "###############################################################################"
+    echo "#######################################################################################"
    read key
    sudo tail -n 30 -f /home/bitcoin/.lightning/${CLNETWORK}/cl.log;;
  CLCONF)
@ -170,8 +170,8 @@ thunderhub, tor@default, tor
    echo "Will show the logs with:"
    echo "'sudo journalctl -n 10 -fu $SERVICE'"
    echo
-    echo "use CTRL+C any time to abort .. then use command 'raspiblitz' to return to menu"
+    echo "use CTRL+C any time to abort .. then use the command 'raspiblitz' to return to the menu"
-    echo "###############################################################################"
+    echo "#######################################################################################"
    sudo journalctl -n 10 -fu $SERVICE;;
  CUSTOMRESTART)
    clear
@ -195,7 +195,7 @@ thunderhub, tor@default, tor
    echo "Will show the logs with:"
    echo "'sudo journalctl -n 10 -fu $SERVICE'"
    echo
-    echo "use CTRL+C any time to abort .. then use command 'raspiblitz' to return to menu"
+    echo "use CTRL+C any time to abort .. then use the command 'raspiblitz' to return to the menu"
-    echo "###############################################################################"
+    echo "#######################################################################################"
    sudo journalctl -n 10 -fu $SERVICE;;
 esac
--- a/home.admin/BlitzTUI/blitztui/client.py
+++ b/home.admin/BlitzTUI/blitztui/client.py
@ -22,16 +22,16 @@ if IS_WIN32_ENV:
 else:
    sys.path.insert(1, '/home/admin/config.scripts')
-from lndlibs import rpc_pb2 as ln
+from lndlibs import lightning_pb2 as ln
 try:
-    from lndlibs import rpc_pb2_grpc as lnrpc
+    from lndlibs import lightning_pb2_grpc as lnrpc
 except ModuleNotFoundError as err:
    log.error("ModuleNotFoundError - most likely an issue with incompatible Python3 import.\n"
              "Please run the following two lines to fix this: \n"
              "\n"
              "sed -i -E '1 a from __future__ import absolute_import' "
-              "/home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py\n"
+              "/home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py\n"
-              "sed -i -E 's/^(import.*_pb2)/from . \\1/' /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py")
+              "sed -i -E 's/^(import.*_pb2)/from . \\1/' /home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py")
    sys.exit(1)
 if not IS_WIN32_ENV:
--- a/home.admin/_provision.setup.sh
+++ b/home.admin/_provision.setup.sh
@ -163,7 +163,7 @@ if [ "${lightning}" == "lnd" ]; then
  # if user uploaded an LND rescue file (raspiblitz.setup)
  if [ "${lndrescue}" != "" ]; then
    echo "Restore LND data from uploaded rescue file ${lndrescue} ..." >> ${logFile}
-    source <(/home/admin/config.scripts/lnd.backup.sh lnd-import ${lndrescue})
+    source <(/home/admin/config.scripts/lnd.backup.sh lnd-import "${lndrescue}")
    if [ "${error}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lndrescue-import" "setup: lnd import backup failed" "${error}" ${logFile}
      exit 6
@ -234,15 +234,6 @@ if [ "${lightning}" == "lnd" ]; then
      exit 9
  fi
  # import static channel backup if was uploaded
  if [ "${staticchannelbackup}" != "" ]; then
    echo "Preparing static channel backup file ${staticchannelbackup} ..." >> ${logFile}
    source <(/home/admin/config.scripts/lnd.backup.sh scb-import ${staticchannelbackup})
    if [ "${error}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-scb-import" "lnd.backup.sh scb-import returned error" "/home/admin/config.scripts/lnd.backup.sh scb-import ${staticchannelbackup} --> ${error}" ${logFile}
      exit 10
    fi
  fi
  # WALLET --> LNDRESCUE
  if  [ "${lndrescue}" != "" ];then
@ -250,37 +241,28 @@ if [ "${lightning}" == "lnd" ]; then
    echo "WALLET --> LNDRESCUE " >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet (LNDRESCUE)"
-  # WALLET --> SEED + SCB 
+  # WALLET --> SEED (+ SCB to be restored later)
  elif [ "${seedWords}" != "" ] && [ "${staticchannelbackup}" != "" ]; then
    echo "WALLET --> SEED + SCB " >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet (SEED & SCB)"
    if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi
    source <(/home/admin/config.scripts/lnd.initwallet.py scb mainnet ${passwordC} "${seedWords}" "${staticchannelbackup}" ${seedPassword})
    if [ "${err}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-wallet-seed+scb" "lnd.initwallet.py scb returned error" "/home/admin/config.scripts/lnd.initwallet.py scb mainnet ... --> ${err} + ${errMore}" ${logFile}
      exit 11
    fi
  # WALLET --> SEED
  elif [ "${seedWords}" != "" ]; then
    echo "WALLET --> SEED" >> ${logFile} 
    /home/admin/_cache.sh set message "LND Wallet (SEED)"
    if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi  
-    source <(/home/admin/config.scripts/lnd.initwallet.py seed mainnet ${passwordC} "${seedWords}" ${seedPassword})
+    source <(/home/admin/config.scripts/lnd.initwallet.py seed mainnet "${passwordC}" "${seedWords}" "${seedPassword}")
    if [ "${err}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-wallet-seed" "lnd.initwallet.py seed returned error" "/home/admin/config.scripts/lnd.initwallet.py seed mainnet ... --> ${err} + ${errMore}" ${logFile}
      exit 12
    fi
-
+    
    echo "Rescanning addresses takes a long time" >> ${logFile}
    echo "use the RESCAN option in the REPAIR-LND menu after LND is synced or 'lncli unlock ---recovery_window 5000'" >> ${logFile}
  # WALLET --> NEW
  else
    echo "WALLET --> NEW" >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet (NEW)"
    if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi 
-    source <(/home/admin/config.scripts/lnd.initwallet.py new mainnet ${passwordC})
+    source <(/home/admin/config.scripts/lnd.initwallet.py new mainnet "${passwordC}")
    if [ "${err}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-wallet-new" "lnd.initwallet.py new returned error" "/home/admin/config.scripts/lnd.initwallet.py new mainnet ... --> ${err} + ${errMore}" ${logFile}
      /home/admin/_cache.sh set state "error"
@ -303,11 +285,16 @@ if [ "${lightning}" == "lnd" ]; then
  /home/admin/_cache.sh set message "LND Credentials"
  # check if macaroon exists now - if not fail
-  macaroonExists=$(sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon 2>/dev/null | grep -c admin.macaroon)
+  attempt=0
-  if [ ${macaroonExists} -eq 0 ]; then
+  while [ $(sudo -u bitcoin ls -la /home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon 2>/dev/null | grep -c admin.macaroon) -eq 0 ]; do
    echo "Waiting 2 mins for LND to create macaroons ... (${attempt}0s)" >> ${logFile}
    sleep 10
    attempt=$((attempt+1))
    if [ $attempt -eq 12 ];then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-no-macaroons" "lnd did not create macaroons" "/home/bitcoin/.lnd/data/chain/${network}/${chain}net/admin.macaroon --> missing" ${logFile}
      exit 14
-  fi
+    fi
  done
  # now sync macaroons & TLS to other users
  /home/admin/config.scripts/lnd.credentials.sh sync >> ${logFile}
@ -319,6 +306,40 @@ if [ "${lightning}" == "lnd" ]; then
    exit 15
  fi
  # restore SCB
  if [ "${staticchannelbackup}" != "" ]; then
    # LND was restarted so need to unlock
    echo "WALLET --> UNLOCK WALLET - SCAN 0" >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet Unlock - scan 0"
    source <(/home/admin/config.scripts/lnd.initwallet.py unlock "${chain}net" "${passwordC}" 0)
    if [ "${err}" != "" ]; then
      echo "lnd-wallet-unlock" "lnd.initwallet.py unlock returned error" "/home/admin/config.scripts/lnd.initwallet.py unlock ${chain}net ... --> ${err} + ${errMore}"
      if [ "${errMore}" = "wallet already unlocked, WalletUnlocker service is no longer available" ]; then
        echo "The wallet is already unlocked, continue."
      else
        exit 11
      fi
    fi
    echo "WALLET --> SCB" >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet (SEED & SCB)"
    macaroonPath="/home/admin/.lnd/data/chain/${network}/${chain}net/admin.macaroon"
    source <(/home/admin/config.scripts/lnd.initwallet.py scb "${chain}net" "/home/admin/channel.backup" "${macaroonPath}")
    if [ "${err}" != "" ]; then
      echo "lnd-wallet-seed+scb" "lnd.initwallet.py scb returned error" "/home/admin/config.scripts/lnd.initwallet.py scb mainnet ... --> ${err} + ${errMore}"  ${logFile}
      if [ "${errMore}" = "server is still in the process of starting" ]; then
        echo "The SCB recovery is not possible now - use the RETRYSCB option the REPAIR-LND menu after LND is synced."  >> ${logFile}
        echo "Can repeat the SCB recovery until all peers have force closed the channels to this node." >> ${logFile}
      else
        exit 12
      fi
    fi
  fi
  echo "Rescanning addresses takes a long time" >> ${logFile}
  echo "use the RESCAN option in the REPAIR-LND menu after LND is synced or 'lncli unlock ---recovery_window 5000'" >> ${logFile}
  # stop lnd for the rest of the provision process
  echo "stopping lnd for the rest provision again (will start on next boot)" >> ${logFile}
  systemctl stop lnd >> ${logFile}
@ -339,7 +360,7 @@ if [ "${lightning}" == "cl" ]; then
  if [ "${clrescue}" != "" ]; then
    echo "Restore CL data from uploaded rescue file ${clrescue} ..." >> ${logFile}
-    source <(/home/admin/config.scripts/cl.backup.sh cl-import ${clrescue})
+    source <(/home/admin/config.scripts/cl.backup.sh cl-import "${clrescue}")
    if [ "${error}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "cl-import-backup" "cl.backup.sh cl-import with error" "/home/admin/config.scripts/cl.backup.sh cl-import ${clrescue} --> ${error}" ${logFile}
      exit 16
@ -357,12 +378,12 @@ if [ "${lightning}" == "cl" ]; then
    if [ "$(grep -c "hsm_secret is not encrypted" < "$output")" -gt 0 ];then
      echo "# The hsm_secret is not encrypted"
      echo "# Record in raspiblitz.conf"
-      /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clEncryptedHSM "off"
+      /home/admin/config.scripts/blitz.conf.sh set "${netprefix}clEncryptedHSM" "off"
    else
      cat $output
      echo "# The hsm_secret is encrypted"
      echo "# Record in raspiblitz.conf"
-      /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clEncryptedHSM "off"
+      /home/admin/config.scripts/blitz.conf.sh set "${netprefix}clEncryptedHSM" "off"
    fi
    # set the lightningd service file on each active network
--- a/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
+++ b/home.admin/config.scripts/blitz.subscriptions.ip2tor.py
@ -17,8 +17,8 @@ sys.path.append('/home/admin/raspiblitz/home.admin/BlitzPy/blitzpy')
 from config import RaspiBlitzConfig
 from exceptions import BlitzError
-from lndlibs import rpc_pb2 as lnrpc
+from lndlibs import lightning_pb2 as lnrpc
-from lndlibs import rpc_pb2_grpc as rpcstub
+from lndlibs import lightning_pb2_grpc as rpcstub
 #####################
 # SCRIPT INFO
--- a/home.admin/config.scripts/blitz.touchscreen.sh
+++ b/home.admin/config.scripts/blitz.touchscreen.sh
@ -50,12 +50,12 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  /home/admin/python3-env-lnd/bin/pip install /home/admin/raspiblitz/home.admin/BlitzTUI/ 
  # make sure lndlibs are patched for compatibility for both Python2 and Python3
-  if ! grep -Fxq "from __future__ import absolute_import" /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py; then
+  if ! grep -Fxq "from __future__ import absolute_import" /home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py; then
-    sed -i -E '1 a from __future__ import absolute_import' /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py
+    sed -i -E '1 a from __future__ import absolute_import' /home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py
  fi
-  if ! grep -Eq "^from . import.*" /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py; then
+  if ! grep -Eq "^from . import.*" /home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py; then
-    sed -i -E 's/^(import.*_pb2)/from . \1/' /home/admin/config.scripts/lndlibs/rpc_pb2_grpc.py
+    sed -i -E 's/^(import.*_pb2)/from . \1/' /home/admin/config.scripts/lndlibs/lightning_pb2_grpc.py
  fi
  # switch to desktop login
--- a/home.admin/config.scripts/lnd.backup.sh
+++ b/home.admin/config.scripts/lnd.backup.sh
@ -443,7 +443,7 @@ if [ ${mode} = "scb-import-gui" ]; then
  # run import process
  echo "OK importing channel.backup file ..."
-  source <(sudo /home/admin/config.scripts/lnd.backup.sh scb-import ${filename})
+  source <(sudo /home/admin/config.scripts/lnd.backup.sh scb-import "${filename}")
  # give final info
  echo "DONE - placed SCB file at /home/admin/channel.backup"
--- a/home.admin/config.scripts/lnd.initwallet.py
+++ b/home.admin/config.scripts/lnd.initwallet.py
@ -1,12 +1,9 @@
 #!/usr/bin/env python3
 import binascii
 import os
 import sys
 from pathlib import Path
 import grpc
 from lndlibs import walletunlocker_pb2 as lnrpc
 from lndlibs import walletunlocker_pb2_grpc as rpcstub
 if sys.version_info < (3, 0):
    print("Can't run on Python2")
@ -17,13 +14,24 @@ if len(sys.argv) <= 1 or sys.argv[1] in ["-h", "--help", "help"]:
    print("# creating or recovering the LND wallet")
    print("# lnd.initwallet.py new [mainnet|testnet|signet] [walletpassword] [?seedpassword]")
    print("# lnd.initwallet.py seed [mainnet|testnet|signet] [walletpassword] [\"seeds-words-seperated-spaces\"] [?seedpassword]")
-    print("# lnd.initwallet.py scb [mainnet|testnet|signet] [walletpassword] [\"seeds-words-seperated-spaces\"] [filepathSCB] [?seedpassword]")
+    print("# lnd.initwallet.py unlock [mainnet|testnet|signet] [walletpassword] [recovery_window]")
    print("# lnd.initwallet.py scb [mainnet|testnet|signet] [filepathSCB] [macaroonPath]")
    print("# lnd.initwallet.py change-password [mainnet|testnet|signet] [walletpassword-old] [walletpassword-new]")
    print("err='missing parameters'")
    sys.exit(1)
 mode = sys.argv[1]
 if mode == "scb":
    import codecs
    from lndlibs import lightning_pb2 as lnrpc
    from lndlibs import lightning_pb2_grpc as lightningstub
 else:
    from lndlibs import walletunlocker_pb2 as lnrpc
    from lndlibs import walletunlocker_pb2_grpc as rpcstub
 def new(stub, wallet_password="", seed_entropy=None):
    if seed_entropy:
        # provide 16-bytes of static data to get reproducible seeds for TESTING!)
@ -86,7 +94,7 @@ def seed(stub, wallet_password="", seed_words="", seed_password=""):
    request = lnrpc.InitWalletRequest(
        wallet_password=wallet_password.encode(),
        cipher_seed_mnemonic=[x.encode() for x in seed_words],
-        recovery_window=5000,
+        recovery_window=0,
        aezeed_passphrase=seed_password.encode()
    )
@ -105,42 +113,58 @@ def seed(stub, wallet_password="", seed_words="", seed_password=""):
        print("err='InitWallet'")
        sys.exit(1)
-
+def unlock(stub, wallet_password="", scan_depth=int):
-def scb(stub, wallet_password="", seed_words="", seed_password="", file_path_scb=""):
+    request = lnrpc.UnlockWalletRequest(
    with open(file_path_scb, 'rb') as f:
        content = f.read()
    scb_hex_str = binascii.hexlify(content)
    print(scb_hex_str)
    request = lnrpc.InitWalletRequest(
        wallet_password=wallet_password.encode(),
-        cipher_seed_mnemonic=[x.encode() for x in seed_words],
+        recovery_window=scan_depth,
        recovery_window=5000,
        aezeed_passphrase=seed_password.encode(),
        channel_backups=scb_hex_str.encode()
    )
    try:
-        response = stub.InitWallet(request)
+        response = stub.UnlockWallet(request)
        print("# ok - wallet unlocked - using recovery window:", scan_depth)
    except grpc.RpcError as rpc_error_call:
        code = rpc_error_call.code()
        print(code, file=sys.stderr)
        details = rpc_error_call.details()
-        print("err='RPCError InitWallet'")
+        print("err='RPCError UnlockWallet'")
        print("errMore=\"" + details + "\"")
        sys.exit(1)
    except:
        e = sys.exc_info()[0]
        print(e, file=sys.stderr)
-        print("err='InitWallet'")
+        print("err='UnlockWallet'")
        sys.exit(1)
 def scb(stub, file_path_scb="", macaroon_path=""):
    macaroon_file = Path(macaroon_path)
    print(macaroon_file)
    macaroon = codecs.encode(open(macaroon_file, 'rb').read(), 'hex')
    with open(file_path_scb, 'rb') as f:
        content = f.read()
        request = lnrpc.RestoreChanBackupRequest(
        multi_chan_backup=content
    )
    try:
        response = stub.RestoreChannelBackups(request, metadata=[('macaroon', macaroon)])
        print(response)
    except grpc.RpcError as rpc_error_call:
        code = rpc_error_call.code()
        print(code, file=sys.stderr)
        details = rpc_error_call.details()
        print("err='RPCError RestoreChanBackupRequest'")
        print("errMore=\"" + details + "\"")
        sys.exit(1)
    except:
        e = sys.exc_info()[0]
        print(e, file=sys.stderr)
        print("err='RestoreChanBackupRequest'")
        sys.exit(1)
    # TODO(rootzoll) implement creating from seed/scb
    print("err='TODO: implement creating from seed/scb'")
    sys.exit(1)
 def change_password(stub, wallet_password="", wallet_password_new=""):
    request = lnrpc.ChangePasswordRequest(
        current_password=wallet_password.encode(),
        new_password=wallet_password_new.encode()
@ -165,6 +189,7 @@ def change_password(stub, wallet_password="", wallet_password_new=""):
        print("err='ChangePassword'")
        sys.exit(1)
 def parse_args():
    network = ""
    wallet_password = ""
@ -172,6 +197,8 @@ def parse_args():
    seed_words = ""
    seed_password = ""
    filepath_scb = ""
    macaroon_path = ""
    scan_depth = int
    if len(sys.argv) > 2:
        network = sys.argv[2]
@ -207,7 +234,7 @@ def parse_args():
            print("err='missing parameters'")
            sys.exit(1)
-    elif mode == "seed" or mode == "scb":
+    elif mode == "seed":
        if len(sys.argv) > 3:
            wallet_password = sys.argv[3]
@ -228,39 +255,66 @@ def parse_args():
            print("err='not correct amount of parameter  - missing seed string'")
            sys.exit(1)
-        if mode == "seed":
+        if len(sys.argv) > 5:
            if len(sys.argv) > 5:
                seed_password = sys.argv[5]
        elif mode == "scb":
-            if len(sys.argv) > 5:
+    elif mode == "unlock":
-                filepath_scb = sys.argv[5]
+
-                scb_file = Path(filepath_scb)
+        if len(sys.argv) > 3:
-                if scb_file.is_file():
+            wallet_password = sys.argv[3]
-                    print("# OK SCB file exists")
+            if len(wallet_password) < 8:
-                else:
+                print("err='wallet password is too short'")
                    print("err='the given filepathSCB - file does not exists or no permission'")
                    sys.exit(1)
            else:
                print("err='not correct amount of parameter  - missing seed filepathSCB'")
                sys.exit(1)
        else:
            print("err='not correct amount of parameter - missing wallet password'")
            sys.exit(1)
        if len(sys.argv) > 4:
            scan_depth = int(sys.argv[4])
            if type(scan_depth) is not int:
                print("err='expecting a number for recovery_window'")
                sys.exit(1)
        else:
            print("err='not correct amount of parameter - missing recovery_window'")
            sys.exit(1)
-            if len(sys.argv) > 6:
+    elif mode == "scb":
-                seed_password = sys.argv[5]
+
        if len(sys.argv) > 3:
            filepath_scb = sys.argv[3]
            scb_file = Path(filepath_scb)
            if scb_file.is_file():
                print("# OK the SCB file exists")
            else:
                print("err='the given filepathSCB - file does not exist or no permission'")
                sys.exit(1)
        else:
            print("err='not correct amount of parameter  - missing filepathSCB'")
            sys.exit(1)
        if len(sys.argv) > 4:
            macaroon_path = sys.argv[4]
            macaroon_file = Path(macaroon_path)
            if macaroon_file.is_file():
                print("# OK the admin.macaroon exists")
            else:
                print("err='the given macaroonPath - file does not exist or no permission'")
                sys.exit(1)
        else:
            print("err='not correct amount of parameter  - missing macaroonPath'")
            sys.exit(1)
    else:
        print("err='unknown mode parameter - run without any parameters to see options'")
        sys.exit(1)
-    return network, wallet_password, seed_words, seed_password, filepath_scb, wallet_password_new 
+    return network, wallet_password, seed_words, seed_password, filepath_scb, macaroon_path, wallet_password_new, scan_depth
 def main():
-    network, wallet_password, seed_words, seed_password, file_path_scb, wallet_password_new = parse_args()
+    network, wallet_password, seed_words, seed_password, file_path_scb, macaroon_path, wallet_password_new, scan_depth = parse_args()
    grpcEndpoint="localhost:0"
    if network == "mainnet":
@ -277,7 +331,10 @@ def main():
    cert = open('/mnt/hdd/lnd/tls.cert', 'rb').read()
    ssl_creds = grpc.ssl_channel_credentials(cert)
    channel = grpc.secure_channel(grpcEndpoint, ssl_creds)
-    stub = rpcstub.WalletUnlockerStub(channel)
+    if mode == "scb":
        stub = lightningstub.LightningStub(channel)
    else:
        stub = rpcstub.WalletUnlockerStub(channel)
    if mode == "new":
        print("# *** CREATING NEW LND WALLET ***")
@ -287,9 +344,13 @@ def main():
        print("# *** RECOVERING LND WALLET FROM SEED ***")
        seed(stub, wallet_password, seed_words, seed_password)
    elif mode == "unlock":
        print("# *** UNLOCK WALLET WITH PASSWORD_C ***")
        unlock(stub, wallet_password, scan_depth)
    elif mode == "scb":
-        print("# *** RECOVERING LND WALLET FROM SEED + SCB ***")
+        print("# *** RECOVERING LND CHANNEL FUNDS FROM SCB ***")
-        scb(stub, wallet_password, seed_words, seed_password, file_path_scb)
+        scb(stub, file_path_scb, macaroon_path)
    elif mode == "change-password":
        print("# *** SETTING NEW PASSWORD FOR WALLET ***")
--- a/home.admin/config.scripts/lnd.install.sh
+++ b/home.admin/config.scripts/lnd.install.sh
@ -225,6 +225,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
  # make sure binary is installed (will skip if already done)
  /home/admin/config.scripts/lnd.install.sh install
  echo "# Make sure the user bitcoin is in the debian-tor group"
  sudo usermod -a -G debian-tor bitcoin
  sudo ufw allow ${portprefix}9735 comment "${netprefix}lnd"
  sudo ufw allow ${portprefix}8080 comment "${netprefix}lnd REST"
  sudo ufw allow 1${rpcportmod}009 comment "${netprefix}lnd RPC"
--- a/home.admin/config.scripts/lndlibs/README.md
+++ b/home.admin/config.scripts/lndlibs/README.md
@ -11,9 +11,9 @@ rm -rf googleapis
 git clone https://github.com/googleapis/googleapis.git
 rm -rf protobuffs
 mkdir protobuffs
 curl -o ./rpc.proto -s https://raw.githubusercontent.com/lightningnetwork/lnd/master/lnrpc/rpc.proto
 curl -o ./walletunlocker.proto -s https://raw.githubusercontent.com/lightningnetwork/lnd/master/lnrpc/walletunlocker.proto
-python3 -m grpc_tools.protoc --proto_path=googleapis:. --python_out=./protobuffs --grpc_python_out=./protobuffs ./rpc.proto ./walletunlocker.proto
+curl -o ./lightning.proto -s https://raw.githubusercontent.com/lightningnetwork/lnd/master/lnrpc/lightning.proto
 python3 -m grpc_tools.protoc --proto_path=googleapis:. --python_out=./protobuffs --grpc_python_out=./protobuffs ./walletunlocker.proto ./lightning.proto
 cp ./*.proto ./protobuffs
 ````
@ -23,12 +23,12 @@ Now copy the generated RPC libs per SCP over to your Laptop and add them to the
 scp -r admin@192.168.X.X:/home/admin/protobuffs ./protobuffs
-Make sure the first lines (ignore comments) of the `rpc_pb2_grpc.py` look like the following for python3 compatibility:
+Make sure the first lines (ignore comments) of the `lightning_pb2_grpc.py` look like the following for python3 compatibility:
 ```
 from __future__ import absolute_import
 import grpc
-from . import rpc_pb2 as rpc__pb2
+from . import lightning_pb2 as lightning__pb2
 ```
 Make sure the first lines (ignore comments) of the `walletunlocker_pb2_grpc.py` look like the following for python3 compatibility:
@ -50,7 +50,7 @@ from google.protobuf import symbol_database as _symbol_database
 _sym_db = _symbol_database.Default()
-from . import rpc_pb2 as rpc__pb2
+from . import lightning_pb2 as lightning__pb2
 ```
--- a/home.admin/config.scripts/lndlibs/lightning.proto
+++ b/home.admin/config.scripts/lndlibs/lightning.proto
@ -58,7 +58,7 @@ service Lightning {
    /* lncli: `sendcoins`
    SendCoins executes a request to send coins to a particular address. Unlike
    SendMany, this RPC call only allows creating a single output at a time. If
-    neither target_conf, or sat_per_byte are set, then the internal wallet will
+    neither target_conf, or sat_per_vbyte are set, then the internal wallet will
    consult its fee model to determine a fee for the default confirmation
    target.
    */
@ -82,7 +82,7 @@ service Lightning {
    /* lncli: `sendmany`
    SendMany handles a request for a transaction that creates multiple specified
-    outputs in parallel. If neither target_conf, or sat_per_byte are set, then
+    outputs in parallel. If neither target_conf, or sat_per_vbyte are set, then
    the internal wallet will consult its fee model to determine a fee for the
    default confirmation target.
    */
@ -200,6 +200,16 @@ service Lightning {
    */
    rpc OpenChannel (OpenChannelRequest) returns (stream OpenStatusUpdate);
    /* lncli: `batchopenchannel`
    BatchOpenChannel attempts to open multiple single-funded channels in a
    single transaction in an atomic way. This means either all channel open
    requests succeed at once or all attempts are aborted if any of them fail.
    This is the safer variant of using PSBTs to manually fund a batch of
    channels through the OpenChannel RPC.
    */
    rpc BatchOpenChannel (BatchOpenChannelRequest)
        returns (BatchOpenChannelResponse);
    /*
    FundingStateStep is an advanced funding related call that allows the caller
    to either execute some preparatory steps for a funding workflow, or
@ -330,7 +340,14 @@ service Lightning {
    rpc ListPayments (ListPaymentsRequest) returns (ListPaymentsResponse);
    /*
-    DeleteAllPayments deletes all outgoing payments from DB.
+    DeletePayment deletes an outgoing payment from DB. Note that it will not
    attempt to delete an In-Flight payment, since that would be unsafe.
    */
    rpc DeletePayment (DeletePaymentRequest) returns (DeletePaymentResponse);
    /*
    DeleteAllPayments deletes all outgoing payments from DB. Note that it will
    not attempt to delete In-Flight payments, since that would be unsafe.
    */
    rpc DeleteAllPayments (DeleteAllPaymentsRequest)
        returns (DeleteAllPaymentsResponse);
@ -426,8 +443,9 @@ service Lightning {
    /* lncli: `fwdinghistory`
    ForwardingHistory allows the caller to query the htlcswitch for a record of
    all HTLCs forwarded within the target time range, and integer offset
-    within that time range. If no time-range is specified, then the first chunk
+    within that time range, for a maximum number of events. If no maximum number
-    of the past 24 hrs of forwarding history are returned.
+    of events is specified, up to 100 events will be returned. If no time-range
    is specified, then events will be returned in the order that they occured.
    A list of forwarding events are returned. The size of each forwarding event
    is 40 bytes, and the max message size able to be returned in gRPC is 4 MiB.
@ -514,6 +532,72 @@ service Lightning {
    */
    rpc ListPermissions (ListPermissionsRequest)
        returns (ListPermissionsResponse);
    /*
    CheckMacaroonPermissions checks whether a request follows the constraints
    imposed on the macaroon and that the macaroon is authorized to follow the
    provided permissions.
    */
    rpc CheckMacaroonPermissions (CheckMacPermRequest)
        returns (CheckMacPermResponse);
    /*
    RegisterRPCMiddleware adds a new gRPC middleware to the interceptor chain. A
    gRPC middleware is software component external to lnd that aims to add
    additional business logic to lnd by observing/intercepting/validating
    incoming gRPC client requests and (if needed) replacing/overwriting outgoing
    messages before they're sent to the client. When registering the middleware
    must identify itself and indicate what custom macaroon caveats it wants to
    be responsible for. Only requests that contain a macaroon with that specific
    custom caveat are then sent to the middleware for inspection. The other
    option is to register for the read-only mode in which all requests/responses
    are forwarded for interception to the middleware but the middleware is not
    allowed to modify any responses. As a security measure, _no_ middleware can
    modify responses for requests made with _unencumbered_ macaroons!
    */
    rpc RegisterRPCMiddleware (stream RPCMiddlewareResponse)
        returns (stream RPCMiddlewareRequest);
    /* lncli: `sendcustom`
    SendCustomMessage sends a custom peer message.
    */
    rpc SendCustomMessage (SendCustomMessageRequest)
        returns (SendCustomMessageResponse);
    /* lncli: `subscribecustom`
    SubscribeCustomMessages subscribes to a stream of incoming custom peer
    messages.
    */
    rpc SubscribeCustomMessages (SubscribeCustomMessagesRequest)
        returns (stream CustomMessage);
 }
 message SubscribeCustomMessagesRequest {
 }
 message CustomMessage {
    // Peer from which the message originates
    bytes peer = 1;
    // Message type. This value will be in the custom range (>= 32768).
    uint32 type = 2;
    // Raw message data
    bytes data = 3;
 }
 message SendCustomMessageRequest {
    // Peer to send the message to
    bytes peer = 1;
    // Message type. This value needs to be in the custom range (>= 32768).
    uint32 type = 2;
    // Raw message data.
    bytes data = 3;
 }
 message SendCustomMessageResponse {
 }
 message Utxo {
@ -582,6 +666,9 @@ message GetTransactionsRequest {
    default to this option.
    */
    int32 end_height = 2;
    // An optional filter to only include transactions relevant to an account.
    string account = 3;
 }
 message TransactionDetails {
@ -708,6 +795,11 @@ message SendRequest {
    fallback.
    */
    repeated FeatureBit dest_features = 15;
    /*
    The payment address of the generated invoice.
    */
    bytes payment_addr = 16;
 }
 message SendResponse {
@ -783,6 +875,9 @@ message ChannelAcceptRequest {
    // A bit-field which the initiator uses to specify proposed channel
    // behavior.
    uint32 channel_flags = 13;
    // The commitment type the initiator wishes to use for the proposed channel.
    CommitmentType commitment_type = 14;
 }
 message ChannelAcceptResponse {
@ -891,14 +986,25 @@ message EstimateFeeRequest {
    // The target number of blocks that this transaction should be confirmed
    // by.
    int32 target_conf = 2;
    // The minimum number of confirmations each one of your outputs used for
    // the transaction must satisfy.
    int32 min_confs = 3;
    // Whether unconfirmed outputs should be used as inputs for the transaction.
    bool spend_unconfirmed = 4;
 }
 message EstimateFeeResponse {
    // The total fee in satoshis.
    int64 fee_sat = 1;
-    // The fee rate in satoshi/byte.
+    // Deprecated, use sat_per_vbyte.
-    int64 feerate_sat_per_byte = 2;
+    // The fee rate in satoshi/vbyte.
    int64 feerate_sat_per_byte = 2 [deprecated = true];
    // The fee rate in satoshi/vbyte.
    uint64 sat_per_vbyte = 3;
 }
 message SendManyRequest {
@ -909,9 +1015,14 @@ message SendManyRequest {
    // by.
    int32 target_conf = 3;
-    // A manual fee rate set in sat/byte that should be used when crafting the
+    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // transaction.
-    int64 sat_per_byte = 5;
+    uint64 sat_per_vbyte = 4;
    // Deprecated, use sat_per_vbyte.
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // transaction.
    int64 sat_per_byte = 5 [deprecated = true];
    // An optional label for the transaction, limited to 500 characters.
    string label = 6;
@ -939,9 +1050,14 @@ message SendCoinsRequest {
    // by.
    int32 target_conf = 3;
-    // A manual fee rate set in sat/byte that should be used when crafting the
+    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // transaction.
-    int64 sat_per_byte = 5;
+    uint64 sat_per_vbyte = 4;
    // Deprecated, use sat_per_vbyte.
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // transaction.
    int64 sat_per_byte = 5 [deprecated = true];
    /*
    If set, then the amount field will be ignored, and lnd will attempt to
@ -971,6 +1087,9 @@ message ListUnspentRequest {
    // The maximum number of confirmations to be included.
    int32 max_confs = 2;
    // An optional filter to only include outputs belonging to an account.
    string account = 3;
 }
 message ListUnspentResponse {
    // A list of utxos
@ -991,8 +1110,14 @@ enum AddressType {
 }
 message NewAddressRequest {
-    // The address type
+    // The type of address to generate.
    AddressType type = 1;
    /*
    The name of the account to generate a new address for. If empty, the
    default wallet account is used.
    */
    string account = 2;
 }
 message NewAddressResponse {
    // The newly generated wallet address
@ -1005,6 +1130,12 @@ message SignMessageRequest {
    base64.
    */
    bytes msg = 1;
    /*
    Instead of the default double-SHA256 hashing of the message before signing,
    only use one round of hashing instead.
    */
    bool single_hash = 2;
 }
 message SignMessageResponse {
    // The signature for the given message
@ -1076,11 +1207,16 @@ message HTLC {
 }
 enum CommitmentType {
    /*
    Returned when the commitment type isn't known or unavailable.
    */
    UNKNOWN_COMMITMENT_TYPE = 0;
    /*
    A channel using the legacy commitment format having tweaked to_remote
    keys.
    */
-    LEGACY = 0;
+    LEGACY = 1;
    /*
    A channel that uses the modern commitment format where the key in the
@ -1088,19 +1224,23 @@ enum CommitmentType {
    up and recovery easier as when the channel is closed, the funds go
    directly to that key.
    */
-    STATIC_REMOTE_KEY = 1;
+    STATIC_REMOTE_KEY = 2;
    /*
    A channel that uses a commitment format that has anchor outputs on the
    commitments, allowing fee bumping after a force close transaction has
    been broadcast.
    */
-    ANCHORS = 2;
+    ANCHORS = 3;
    /*
-    Returned when the commitment type isn't known or unavailable.
+    A channel that uses a commitment type that builds upon the anchors
    commitment format, but in addition requires a CLTV clause to spend outputs
    paying to the channel initiator. This is intended for use on leased channels
    to guarantee that the channel initiator has no incentives to close a leased
    channel before its maturity date.
    */
-    UNKNOWN_COMMITMENT_TYPE = 999;
+    SCRIPT_ENFORCED_LEASE = 4;
 }
 message ChannelConstraints {
@ -1522,6 +1662,11 @@ message Peer {
    zero, we have not observed any flaps for this peer.
    */
    int64 last_flap_ns = 14;
    /*
    The last ping payload the peer has sent to us.
    */
    bytes last_ping_payload = 15;
 }
 message TimestampedError {
@ -1680,9 +1825,10 @@ message CloseChannelRequest {
    // confirmed by.
    int32 target_conf = 3;
-    // A manual fee rate set in sat/byte that should be used when crafting the
+    // Deprecated, use sat_per_vbyte.
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // closure transaction.
-    int64 sat_per_byte = 4;
+    int64 sat_per_byte = 4 [deprecated = true];
    /*
    An optional address to send funds to in the case of a cooperative close.
@ -1691,6 +1837,10 @@ message CloseChannelRequest {
    to the upfront shutdown addresss.
    */
    string delivery_address = 5;
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // closure transaction.
    uint64 sat_per_vbyte = 6;
 }
 message CloseStatusUpdate {
@ -1727,7 +1877,89 @@ message ReadyForPsbtFunding {
    bytes psbt = 3;
 }
 message BatchOpenChannelRequest {
    // The list of channels to open.
    repeated BatchOpenChannel channels = 1;
    // The target number of blocks that the funding transaction should be
    // confirmed by.
    int32 target_conf = 2;
    // A manual fee rate set in sat/vByte that should be used when crafting the
    // funding transaction.
    int64 sat_per_vbyte = 3;
    // The minimum number of confirmations each one of your outputs used for
    // the funding transaction must satisfy.
    int32 min_confs = 4;
    // Whether unconfirmed outputs should be used as inputs for the funding
    // transaction.
    bool spend_unconfirmed = 5;
    // An optional label for the batch transaction, limited to 500 characters.
    string label = 6;
 }
 message BatchOpenChannel {
    // The pubkey of the node to open a channel with. When using REST, this
    // field must be encoded as base64.
    bytes node_pubkey = 1;
    // The number of satoshis the wallet should commit to the channel.
    int64 local_funding_amount = 2;
    // The number of satoshis to push to the remote side as part of the initial
    // commitment state.
    int64 push_sat = 3;
    // Whether this channel should be private, not announced to the greater
    // network.
    bool private = 4;
    // The minimum value in millisatoshi we will require for incoming HTLCs on
    // the channel.
    int64 min_htlc_msat = 5;
    // The delay we require on the remote's commitment transaction. If this is
    // not set, it will be scaled automatically with the channel size.
    uint32 remote_csv_delay = 6;
    /*
    Close address is an optional address which specifies the address to which
    funds should be paid out to upon cooperative close. This field may only be
    set if the peer supports the option upfront feature bit (call listpeers
    to check). The remote peer will only accept cooperative closes to this
    address if it is set.
    Note: If this value is set on channel creation, you will *not* be able to
    cooperatively close out to a different address.
    */
    string close_address = 7;
    /*
    An optional, unique identifier of 32 random bytes that will be used as the
    pending channel ID to identify the channel while it is in the pre-pending
    state.
    */
    bytes pending_chan_id = 8;
    /*
    The explicit commitment type to use. Note this field will only be used if
    the remote peer supports explicit channel negotiation.
    */
    CommitmentType commitment_type = 9;
 }
 message BatchOpenChannelResponse {
    repeated PendingUpdate pending_channels = 1;
 }
 message OpenChannelRequest {
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // funding transaction.
    uint64 sat_per_vbyte = 1;
    /*
    The pubkey of the node to open a channel with. When using REST, this field
    must be encoded as base64.
@ -1751,9 +1983,10 @@ message OpenChannelRequest {
    // confirmed by.
    int32 target_conf = 6;
-    // A manual fee rate set in sat/byte that should be used when crafting the
+    // Deprecated, use sat_per_vbyte.
    // A manual fee rate set in sat/vbyte that should be used when crafting the
    // funding transaction.
-    int64 sat_per_byte = 7;
+    int64 sat_per_byte = 7 [deprecated = true];
    // Whether this channel should be private, not announced to the greater
    // network.
@ -1813,6 +2046,12 @@ message OpenChannelRequest {
    transaction.
    */
    uint32 max_local_csv = 17;
    /*
    The explicit commitment type to use. Note this field will only be used if
    the remote peer supports explicit channel negotiation.
    */
    CommitmentType commitment_type = 18;
 }
 message OpenStatusUpdate {
    oneof update {
@ -1952,6 +2191,20 @@ message FundingPsbtVerify {
    // The pending channel ID of the channel to get the PSBT for.
    bytes pending_chan_id = 2;
    /*
    Can only be used if the no_publish flag was set to true in the OpenChannel
    call meaning that the caller is solely responsible for publishing the final
    funding transaction. If skip_finalize is set to true then lnd will not wait
    for a FundingPsbtFinalize state step and instead assumes that a transaction
    with the same TXID as the passed in PSBT will eventually confirm.
    IT IS ABSOLUTELY IMPERATIVE that the TXID of the transaction that is
    eventually published does have the _same TXID_ as the verified PSBT. That
    means no inputs or outputs can change, only signatures can be added. If the
    TXID changes between this call and the publish step then the channel will
    never be created and the funds will be in limbo.
    */
    bool skip_finalize = 3;
 }
 message FundingPsbtFinalize {
@ -2056,6 +2309,12 @@ message PendingChannelsResponse {
        // The commitment type used by this channel.
        CommitmentType commitment_type = 9;
        // Total number of forwarding packages created in this channel.
        int64 num_forwarding_packages = 10;
        // A set of flags showing the current state of the channel.
        string chan_status_flags = 11;
    }
    message PendingOpenChannel {
@ -2200,6 +2459,7 @@ message ChannelEventUpdate {
        ChannelPoint active_channel = 3;
        ChannelPoint inactive_channel = 4;
        PendingUpdate pending_open_channel = 6;
        ChannelPoint fully_resolved_channel = 7;
    }
    enum UpdateType {
@ -2208,13 +2468,23 @@ message ChannelEventUpdate {
        ACTIVE_CHANNEL = 2;
        INACTIVE_CHANNEL = 3;
        PENDING_OPEN_CHANNEL = 4;
        FULLY_RESOLVED_CHANNEL = 5;
    }
    UpdateType type = 5;
 }
 message WalletAccountBalance {
    // The confirmed balance of the account (with >= 1 confirmations).
    int64 confirmed_balance = 1;
    // The unconfirmed balance of the account (with 0 confirmations).
    int64 unconfirmed_balance = 2;
 }
 message WalletBalanceRequest {
 }
 message WalletBalanceResponse {
    // The balance of the wallet
    int64 total_balance = 1;
@ -2224,6 +2494,9 @@ message WalletBalanceResponse {
    // The unconfirmed balance of a wallet(with 0 confirmations)
    int64 unconfirmed_balance = 3;
    // A mapping of each wallet account's name to its balance.
    map<string, WalletAccountBalance> account_balance = 4;
 }
 message Amount {
@ -2338,7 +2611,7 @@ message QueryRoutesRequest {
    An optional field that can be used to pass an arbitrary set of TLV records
    to a peer which understands the new records. This can be used to pass
    application specific data during the payment attempt. If the destination
-    does not support the specified recrods, and error will be returned.
+    does not support the specified records, an error will be returned.
    Record types are required to be in the custom range >= 65536. When using
    REST, the values must be encoded as base64.
    */
@ -2418,7 +2691,7 @@ message Hop {
    output index for the channel.
    */
    uint64 chan_id = 1 [jstype = JS_STRING];
-    int64 chan_capacity = 2;
+    int64 chan_capacity = 2 [deprecated = true];
    int64 amt_to_forward = 3 [deprecated = true];
    int64 fee = 4 [deprecated = true];
    uint32 expiry = 5;
@ -2440,12 +2713,22 @@ message Hop {
    /*
    An optional TLV record that signals the use of an MPP payment. If present,
-    the receiver will enforce that that the same mpp_record is included in the
+    the receiver will enforce that the same mpp_record is included in the final
-    final hop payload of all non-zero payments in the HTLC set. If empty, a
+    hop payload of all non-zero payments in the HTLC set. If empty, a regular
-    regular single-shot payment is or was attempted.
+    single-shot payment is or was attempted.
    */
    MPPRecord mpp_record = 10;
    /*
    An optional TLV record that signals the use of an AMP payment. If present,
    the receiver will treat all received payments including the same
    (payment_addr, set_id) pair  as being part of one logical payment. The
    payment will be settled by XORing the root_share's together and deriving the
    child hashes and preimages according to BOLT XX. Must be used in conjunction
    with mpp_record.
    */
    AMPRecord amp_record = 12;
    /*
    An optional set of key-value TLV records. This is useful within the context
    of the SendToRoute call as it allows callers to specify arbitrary K-V pairs
@ -2472,6 +2755,14 @@ message MPPRecord {
    int64 total_amt_msat = 10;
 }
 message AMPRecord {
    bytes root_share = 1;
    bytes set_id = 2;
    uint32 child_index = 3;
 }
 /*
 A path through the channel graph which runs over one or more channels in
 succession. This struct carries all the information required to craft the
@ -2697,11 +2988,21 @@ message GraphTopologyUpdate {
    repeated ClosedChannelUpdate closed_chans = 3;
 }
 message NodeUpdate {
-    repeated string addresses = 1;
+    /*
    Deprecated, use node_addresses.
    */
    repeated string addresses = 1 [deprecated = true];
    string identity_key = 2;
    /*
    Deprecated, use features.
    */
    bytes global_features = 3 [deprecated = true];
    string alias = 4;
    string color = 5;
    repeated NodeAddress node_addresses = 7;
    /*
    Features that the node has advertised in the init message, node
@ -2758,6 +3059,10 @@ message HopHint {
    uint32 cltv_expiry_delta = 5;
 }
 message SetID {
    bytes set_id = 1;
 }
 message RouteHint {
    /*
    A list of hop hints that when chained together can assist in reaching a
@ -2766,6 +3071,20 @@ message RouteHint {
    repeated HopHint hop_hints = 1;
 }
 message AMPInvoiceState {
    // The state the HTLCs associated with this setID are in.
    InvoiceHTLCState state = 1;
    // The settle index of this HTLC set, if the invoice state is settled.
    uint64 settle_index = 2;
    // The time this HTLC set was settled expressed in unix epoch.
    int64 settle_time = 3;
    // The total amount paid for the sub-invoice expressed in milli satoshis.
    int64 amt_paid_msat = 5;
 }
 message Invoice {
    /*
    An optional memo to attach along with the invoice. Used for record keeping
@ -2911,10 +3230,25 @@ message Invoice {
    /*
    The payment address of this invoice. This value will be used in MPP
-    payments, and also for newer invoies that always require the MPP paylaod
+    payments, and also for newer invoices that always require the MPP payload
    for added end-to-end security.
    */
    bytes payment_addr = 26;
    /*
    Signals whether or not this is an AMP invoice.
    */
    bool is_amp = 27;
    /*
    [EXPERIMENTAL]:
    Maps a 32-byte hex-encoded set ID to the sub-invoice AMP state for the
    given set ID. This field is always populated for AMP invoices, and can be
    used along side LookupInvoice to obtain the HTLC information related to a
    given sub-invoice.
    */
    map<string, AMPInvoiceState> amp_invoice_state = 28;
 }
 enum InvoiceHTLCState {
@ -3253,6 +3587,16 @@ message ListPaymentsResponse {
    uint64 last_index_offset = 3;
 }
 message DeletePaymentRequest {
    // Payment hash to delete.
    bytes payment_hash = 1;
    /*
    Only delete failed HTLCs from the payment, not the payment itself.
    */
    bool failed_htlcs_only = 2;
 }
 message DeleteAllPaymentsRequest {
    // Only delete failed payments.
    bool failed_payments_only = 1;
@ -3263,6 +3607,9 @@ message DeleteAllPaymentsRequest {
    bool failed_htlcs_only = 2;
 }
 message DeletePaymentResponse {
 }
 message DeleteAllPaymentsResponse {
 }
@ -3270,6 +3617,13 @@ message AbandonChannelRequest {
    ChannelPoint channel_point = 1;
    bool pending_funding_shim_only = 2;
    /*
    Override the requirement for being in dev mode by setting this to true and
    confirming the user knows what they are doing and this is a potential foot
    gun to lose funds if used on active channels.
    */
    bool i_know_what_i_am_doing = 3;
 }
 message AbandonChannelResponse {
@ -3327,6 +3681,8 @@ enum FeatureBit {
    ANCHORS_OPT = 21;
    ANCHORS_ZERO_FEE_HTLC_REQ = 22;
    ANCHORS_ZERO_FEE_HTLC_OPT = 23;
    AMP_REQ = 30;
    AMP_OPT = 31;
 }
 message Feature {
@ -3403,7 +3759,28 @@ message PolicyUpdateRequest {
    // If true, min_htlc_msat is applied.
    bool min_htlc_msat_specified = 8;
 }
 enum UpdateFailure {
    UPDATE_FAILURE_UNKNOWN = 0;
    UPDATE_FAILURE_PENDING = 1;
    UPDATE_FAILURE_NOT_FOUND = 2;
    UPDATE_FAILURE_INTERNAL_ERR = 3;
    UPDATE_FAILURE_INVALID_PARAMETER = 4;
 }
 message FailedUpdate {
    // The outpoint in format txid:n
    OutPoint outpoint = 1;
    // Reason for the policy update failure.
    UpdateFailure reason = 2;
    // A string representation of the policy update error.
    string update_error = 3;
 }
 message PolicyUpdateResponse {
    // List of failed policy updates.
    repeated FailedUpdate failed_updates = 1;
 }
 message ForwardingHistoryRequest {
@ -3571,6 +3948,12 @@ message BakeMacaroonRequest {
    // The root key ID used to create the macaroon, must be a positive integer.
    uint64 root_key_id = 2;
    /*
    Informs the RPC on whether to allow external permissions that LND is not
    aware of.
    */
    bool allow_external_permissions = 3;
 }
 message BakeMacaroonResponse {
    // The hex encoded macaroon, serialized in binary format.
@ -3782,3 +4165,210 @@ message Op {
    string entity = 1;
    repeated string actions = 2;
 }
 message CheckMacPermRequest {
    bytes macaroon = 1;
    repeated MacaroonPermission permissions = 2;
    string fullMethod = 3;
 }
 message CheckMacPermResponse {
    bool valid = 1;
 }
 message RPCMiddlewareRequest {
    /*
    The unique ID of the intercepted original gRPC request. Useful for mapping
    request to response when implementing full duplex message interception. For
    streaming requests, this will be the same ID for all incoming and outgoing
    middleware intercept messages of the _same_ stream.
    */
    uint64 request_id = 1;
    /*
    The raw bytes of the complete macaroon as sent by the gRPC client in the
    original request. This might be empty for a request that doesn't require
    macaroons such as the wallet unlocker RPCs.
    */
    bytes raw_macaroon = 2;
    /*
    The parsed condition of the macaroon's custom caveat for convenient access.
    This field only contains the value of the custom caveat that the handling
    middleware has registered itself for. The condition _must_ be validated for
    messages of intercept_type stream_auth and request!
    */
    string custom_caveat_condition = 3;
    /*
    There are three types of messages that will be sent to the middleware for
    inspection and approval: Stream authentication, request and response
    interception. The first two can only be accepted (=forward to main RPC
    server) or denied (=return error to client). Intercepted responses can also
    be replaced/overwritten.
    */
    oneof intercept_type {
        /*
        Intercept stream authentication: each new streaming RPC call that is
        initiated against lnd and contains the middleware's custom macaroon
        caveat can be approved or denied based upon the macaroon in the stream
        header. This message will only be sent for streaming RPCs, unary RPCs
        must handle the macaroon authentication in the request interception to
        avoid an additional message round trip between lnd and the middleware.
        */
        StreamAuth stream_auth = 4;
        /*
        Intercept incoming gRPC client request message: all incoming messages,
        both on streaming and unary RPCs, are forwarded to the middleware for
        inspection. For unary RPC messages the middleware is also expected to
        validate the custom macaroon caveat of the request.
        */
        RPCMessage request = 5;
        /*
        Intercept outgoing gRPC response message: all outgoing messages, both on
        streaming and unary RPCs, are forwarded to the middleware for inspection
        and amendment. The response in this message is the original response as
        it was generated by the main RPC server. It can either be accepted
        (=forwarded to the client), replaced/overwritten with a new message of
        the same type, or replaced by an error message.
        */
        RPCMessage response = 6;
    }
    /*
    The unique message ID of this middleware intercept message. There can be
    multiple middleware intercept messages per single gRPC request (one for the
    incoming request and one for the outgoing response) or gRPC stream (one for
    each incoming message and one for each outgoing response). This message ID
    must be referenced when responding (accepting/rejecting/modifying) to an
    intercept message.
    */
    uint64 msg_id = 7;
 }
 message StreamAuth {
    /*
    The full URI (in the format /<rpcpackage>.<ServiceName>/MethodName, for
    example /lnrpc.Lightning/GetInfo) of the streaming RPC method that was just
    established.
    */
    string method_full_uri = 1;
 }
 message RPCMessage {
    /*
    The full URI (in the format /<rpcpackage>.<ServiceName>/MethodName, for
    example /lnrpc.Lightning/GetInfo) of the RPC method the message was sent
    to/from.
    */
    string method_full_uri = 1;
    /*
    Indicates whether the message was sent over a streaming RPC method or not.
    */
    bool stream_rpc = 2;
    /*
    The full canonical gRPC name of the message type (in the format
    <rpcpackage>.TypeName, for example lnrpc.GetInfoRequest).
    */
    string type_name = 3;
    /*
    The full content of the gRPC message, serialized in the binary protobuf
    format.
    */
    bytes serialized = 4;
 }
 message RPCMiddlewareResponse {
    /*
    The request message ID this response refers to. Must always be set when
    giving feedback to an intercept but is ignored for the initial registration
    message.
    */
    uint64 ref_msg_id = 1;
    /*
    The middleware can only send two types of messages to lnd: The initial
    registration message that identifies the middleware and after that only
    feedback messages to requests sent to the middleware.
    */
    oneof middleware_message {
        /*
        The registration message identifies the middleware that's being
        registered in lnd. The registration message must be sent immediately
        after initiating the RegisterRpcMiddleware stream, otherwise lnd will
        time out the attempt and terminate the request. NOTE: The middleware
        will only receive interception messages for requests that contain a
        macaroon with the custom caveat that the middleware declares it is
        responsible for handling in the registration message! As a security
        measure, _no_ middleware can intercept requests made with _unencumbered_
        macaroons!
        */
        MiddlewareRegistration register = 2;
        /*
        The middleware received an interception request and gives feedback to
        it. The request_id indicates what message the feedback refers to.
        */
        InterceptFeedback feedback = 3;
    }
 }
 message MiddlewareRegistration {
    /*
    The name of the middleware to register. The name should be as informative
    as possible and is logged on registration.
    */
    string middleware_name = 1;
    /*
    The name of the custom macaroon caveat that this middleware is responsible
    for. Only requests/responses that contain a macaroon with the registered
    custom caveat are forwarded for interception to the middleware. The
    exception being the read-only mode: All requests/responses are forwarded to
    a middleware that requests read-only access but such a middleware won't be
    allowed to _alter_ responses. As a security measure, _no_ middleware can
    change responses to requests made with _unencumbered_ macaroons!
    NOTE: Cannot be used at the same time as read_only_mode.
    */
    string custom_macaroon_caveat_name = 2;
    /*
    Instead of defining a custom macaroon caveat name a middleware can register
    itself for read-only access only. In that mode all requests/responses are
    forwarded to the middleware but the middleware isn't allowed to alter any of
    the responses.
    NOTE: Cannot be used at the same time as custom_macaroon_caveat_name.
    */
    bool read_only_mode = 3;
 }
 message InterceptFeedback {
    /*
    The error to return to the user. If this is non-empty, the incoming gRPC
    stream/request is aborted and the error is returned to the gRPC client. If
    this value is empty, it means the middleware accepts the stream/request/
    response and the processing of it can continue.
    */
    string error = 1;
    /*
    A boolean indicating that the gRPC response should be replaced/overwritten.
    As its name suggests, this can only be used as a feedback to an intercepted
    response RPC message and is ignored for feedback on any other message. This
    boolean is needed because in protobuf an empty message is serialized as a
    0-length or nil byte slice and we wouldn't be able to distinguish between
    an empty replacement message and the "don't replace anything" case.
    */
    bool replace_response = 2;
    /*
    If the replace_response field is set to true, this field must contain the
    binary serialized gRPC response message in the protobuf format.
    */
    bytes replacement_serialized = 3;
 }
--- a/home.admin/config.scripts/lndlibs/lightning_pb2.py
+++ b/home.admin/config.scripts/lndlibs/lightning_pb2.py
--- a/home.admin/config.scripts/lndlibs/lightning_pb2_grpc.py
+++ b/home.admin/config.scripts/lndlibs/lightning_pb2_grpc.py
--- a/home.admin/config.scripts/lndlibs/walletunlocker.proto
+++ b/home.admin/config.scripts/lndlibs/walletunlocker.proto
@ -1,6 +1,6 @@
 syntax = "proto3";
-import "rpc.proto";
+import "lightning.proto";
 package lnrpc;
@ -149,6 +149,42 @@ message InitWalletRequest {
    RPC as otherwise all access to the daemon will be lost!
    */
    bool stateless_init = 6;
    /*
    extended_master_key is an alternative to specifying cipher_seed_mnemonic and
    aezeed_passphrase. Instead of deriving the master root key from the entropy
    of an aezeed cipher seed, the given extended master root key is used
    directly as the wallet's master key. This allows users to import/use a
    master key from another wallet. When doing so, lnd still uses its default
    SegWit only (BIP49/84) derivation paths and funds from custom/non-default
    derivation paths will not automatically appear in the on-chain wallet. Using
    an 'xprv' instead of an aezeed also has the disadvantage that the wallet's
    birthday is not known as that is an information that's only encoded in the
    aezeed, not the xprv. Therefore a birthday needs to be specified in
    extended_master_key_birthday_timestamp or a "safe" default value will be
    used.
    */
    string extended_master_key = 7;
    /*
    extended_master_key_birthday_timestamp is the optional unix timestamp in
    seconds to use as the wallet's birthday when using an extended master key
    to restore the wallet. lnd will only start scanning for funds in blocks that
    are after the birthday which can speed up the process significantly. If the
    birthday is not known, this should be left at its default value of 0 in
    which case lnd will start scanning from the first SegWit block (481824 on
    mainnet).
    */
    uint64 extended_master_key_birthday_timestamp = 8;
    /*
    watch_only is the third option of initializing a wallet: by importing
    account xpubs only and therefore creating a watch-only wallet that does not
    contain any private keys. That means the wallet won't be able to sign for
    any of the keys and _needs_ to be run with a remote signer that has the
    corresponding private keys and can serve signing RPC requests.
    */
    WatchOnly watch_only = 9;
 }
 message InitWalletResponse {
    /*
@ -161,6 +197,63 @@ message InitWalletResponse {
    bytes admin_macaroon = 1;
 }
 message WatchOnly {
    /*
    The unix timestamp in seconds of when the master key was created. lnd will
    only start scanning for funds in blocks that are after the birthday which
    can speed up the process significantly. If the birthday is not known, this
    should be left at its default value of 0 in which case lnd will start
    scanning from the first SegWit block (481824 on mainnet).
    */
    uint64 master_key_birthday_timestamp = 1;
    /*
    The fingerprint of the root key (also known as the key with derivation path
    m/) from which the account public keys were derived from. This may be
    required by some hardware wallets for proper identification and signing. The
    bytes must be in big-endian order.
    */
    bytes master_key_fingerprint = 2;
    /*
    The list of accounts to import. There _must_ be an account for all of lnd's
    main key scopes: BIP49/BIP84 (m/49'/0'/0', m/84'/0'/0', note that the
    coin type is always 0, even for testnet/regtest) and lnd's internal key
    scope (m/1017'/<coin_type>'/<account>'), where account is the key family as
    defined in `keychain/derivation.go` (currently indices 0 to 9).
     */
    repeated WatchOnlyAccount accounts = 3;
 }
 message WatchOnlyAccount {
    /*
    Purpose is the first number in the derivation path, must be either 49, 84
    or 1017.
    */
    uint32 purpose = 1;
    /*
    Coin type is the second number in the derivation path, this is _always_ 0
    for purposes 49 and 84. It only needs to be set to 1 for purpose 1017 on
    testnet or regtest.
    */
    uint32 coin_type = 2;
    /*
    Account is the third number in the derivation path. For purposes 49 and 84
    at least the default account (index 0) needs to be created but optional
    additional accounts are allowed. For purpose 1017 there needs to be exactly
    one account for each of the key families defined in `keychain/derivation.go`
    (currently indices 0 to 9)
    */
    uint32 account = 3;
    /*
    The extended public key at depth 3 for the given account.
    */
    string xpub = 4;
 }
 message UnlockWalletRequest {
    /*
    wallet_password should be the current valid passphrase for the daemon. This
--- a/home.admin/config.scripts/lndlibs/walletunlocker_pb2.py
+++ b/home.admin/config.scripts/lndlibs/walletunlocker_pb2.py
@ -11,7 +11,7 @@ from google.protobuf import symbol_database as _symbol_database
 _sym_db = _symbol_database.Default()
-from . import rpc_pb2 as rpc__pb2
+from . import lightning_pb2 as lightning__pb2
 DESCRIPTOR = _descriptor.FileDescriptor(
@ -20,9 +20,9 @@ DESCRIPTOR = _descriptor.FileDescriptor(
  syntax='proto3',
  serialized_options=b'Z%github.com/lightningnetwork/lnd/lnrpc',
  create_key=_descriptor._internal_create_key,
-  serialized_pb=b'\n\x14walletunlocker.proto\x12\x05lnrpc\x1a\trpc.proto\"A\n\x0eGenSeedRequest\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x01 \x01(\x0c\x12\x14\n\x0cseed_entropy\x18\x02 \x01(\x0c\"H\n\x0fGenSeedResponse\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x01 \x03(\t\x12\x17\n\x0f\x65nciphered_seed\x18\x02 \x01(\x0c\"\xca\x01\n\x11InitWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x02 \x03(\t\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x03 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x04 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x05 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x06 \x01(\x08\",\n\x12InitWalletResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\"\x93\x01\n\x13UnlockWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x02 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x03 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x04 \x01(\x08\"\x16\n\x14UnlockWalletResponse\"~\n\x15\x43hangePasswordRequest\x12\x18\n\x10\x63urrent_password\x18\x01 \x01(\x0c\x12\x14\n\x0cnew_password\x18\x02 \x01(\x0c\x12\x16\n\x0estateless_init\x18\x03 \x01(\x08\x12\x1d\n\x15new_macaroon_root_key\x18\x04 \x01(\x08\"0\n\x16\x43hangePasswordResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\x32\xa5\x02\n\x0eWalletUnlocker\x12\x38\n\x07GenSeed\x12\x15.lnrpc.GenSeedRequest\x1a\x16.lnrpc.GenSeedResponse\x12\x41\n\nInitWallet\x12\x18.lnrpc.InitWalletRequest\x1a\x19.lnrpc.InitWalletResponse\x12G\n\x0cUnlockWallet\x12\x1a.lnrpc.UnlockWalletRequest\x1a\x1b.lnrpc.UnlockWalletResponse\x12M\n\x0e\x43hangePassword\x12\x1c.lnrpc.ChangePasswordRequest\x1a\x1d.lnrpc.ChangePasswordResponseB\'Z%github.com/lightningnetwork/lnd/lnrpcb\x06proto3'
+  serialized_pb=b'\n\x14walletunlocker.proto\x12\x05lnrpc\x1a\x0flightning.proto\"A\n\x0eGenSeedRequest\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x01 \x01(\x0c\x12\x14\n\x0cseed_entropy\x18\x02 \x01(\x0c\"H\n\x0fGenSeedResponse\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x01 \x03(\t\x12\x17\n\x0f\x65nciphered_seed\x18\x02 \x01(\x0c\"\xbd\x02\n\x11InitWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x1c\n\x14\x63ipher_seed_mnemonic\x18\x02 \x03(\t\x12\x19\n\x11\x61\x65zeed_passphrase\x18\x03 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x04 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x05 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x06 \x01(\x08\x12\x1b\n\x13\x65xtended_master_key\x18\x07 \x01(\t\x12.\n&extended_master_key_birthday_timestamp\x18\x08 \x01(\x04\x12$\n\nwatch_only\x18\t \x01(\x0b\x32\x10.lnrpc.WatchOnly\",\n\x12InitWalletResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\"}\n\tWatchOnly\x12%\n\x1dmaster_key_birthday_timestamp\x18\x01 \x01(\x04\x12\x1e\n\x16master_key_fingerprint\x18\x02 \x01(\x0c\x12)\n\x08\x61\x63\x63ounts\x18\x03 \x03(\x0b\x32\x17.lnrpc.WatchOnlyAccount\"U\n\x10WatchOnlyAccount\x12\x0f\n\x07purpose\x18\x01 \x01(\r\x12\x11\n\tcoin_type\x18\x02 \x01(\r\x12\x0f\n\x07\x61\x63\x63ount\x18\x03 \x01(\r\x12\x0c\n\x04xpub\x18\x04 \x01(\t\"\x93\x01\n\x13UnlockWalletRequest\x12\x17\n\x0fwallet_password\x18\x01 \x01(\x0c\x12\x17\n\x0frecovery_window\x18\x02 \x01(\x05\x12\x32\n\x0f\x63hannel_backups\x18\x03 \x01(\x0b\x32\x19.lnrpc.ChanBackupSnapshot\x12\x16\n\x0estateless_init\x18\x04 \x01(\x08\"\x16\n\x14UnlockWalletResponse\"~\n\x15\x43hangePasswordRequest\x12\x18\n\x10\x63urrent_password\x18\x01 \x01(\x0c\x12\x14\n\x0cnew_password\x18\x02 \x01(\x0c\x12\x16\n\x0estateless_init\x18\x03 \x01(\x08\x12\x1d\n\x15new_macaroon_root_key\x18\x04 \x01(\x08\"0\n\x16\x43hangePasswordResponse\x12\x16\n\x0e\x61\x64min_macaroon\x18\x01 \x01(\x0c\x32\xa5\x02\n\x0eWalletUnlocker\x12\x38\n\x07GenSeed\x12\x15.lnrpc.GenSeedRequest\x1a\x16.lnrpc.GenSeedResponse\x12\x41\n\nInitWallet\x12\x18.lnrpc.InitWalletRequest\x1a\x19.lnrpc.InitWalletResponse\x12G\n\x0cUnlockWallet\x12\x1a.lnrpc.UnlockWalletRequest\x1a\x1b.lnrpc.UnlockWalletResponse\x12M\n\x0e\x43hangePassword\x12\x1c.lnrpc.ChangePasswordRequest\x1a\x1d.lnrpc.ChangePasswordResponseB\'Z%github.com/lightningnetwork/lnd/lnrpcb\x06proto3'
  ,
-  dependencies=[rpc__pb2.DESCRIPTOR,])
+  dependencies=[lightning__pb2.DESCRIPTOR,])
@ -61,8 +61,8 @@ _GENSEEDREQUEST = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=42,
+  serialized_start=48,
-  serialized_end=107,
+  serialized_end=113,
 )
@ -100,8 +100,8 @@ _GENSEEDRESPONSE = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=109,
+  serialized_start=115,
-  serialized_end=181,
+  serialized_end=187,
 )
@ -155,6 +155,27 @@ _INITWALLETREQUEST = _descriptor.Descriptor(
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='extended_master_key', full_name='lnrpc.InitWalletRequest.extended_master_key', index=6,
      number=7, type=9, cpp_type=9, label=1,
      has_default_value=False, default_value=b"".decode('utf-8'),
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='extended_master_key_birthday_timestamp', full_name='lnrpc.InitWalletRequest.extended_master_key_birthday_timestamp', index=7,
      number=8, type=4, cpp_type=4, label=1,
      has_default_value=False, default_value=0,
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='watch_only', full_name='lnrpc.InitWalletRequest.watch_only', index=8,
      number=9, type=11, cpp_type=10, label=1,
      has_default_value=False, default_value=None,
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
  ],
  extensions=[
  ],
@ -167,8 +188,8 @@ _INITWALLETREQUEST = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=184,
+  serialized_start=190,
-  serialized_end=386,
+  serialized_end=507,
 )
@ -199,8 +220,107 @@ _INITWALLETRESPONSE = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=388,
+  serialized_start=509,
-  serialized_end=432,
+  serialized_end=553,
 )
 _WATCHONLY = _descriptor.Descriptor(
  name='WatchOnly',
  full_name='lnrpc.WatchOnly',
  filename=None,
  file=DESCRIPTOR,
  containing_type=None,
  create_key=_descriptor._internal_create_key,
  fields=[
    _descriptor.FieldDescriptor(
      name='master_key_birthday_timestamp', full_name='lnrpc.WatchOnly.master_key_birthday_timestamp', index=0,
      number=1, type=4, cpp_type=4, label=1,
      has_default_value=False, default_value=0,
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='master_key_fingerprint', full_name='lnrpc.WatchOnly.master_key_fingerprint', index=1,
      number=2, type=12, cpp_type=9, label=1,
      has_default_value=False, default_value=b"",
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='accounts', full_name='lnrpc.WatchOnly.accounts', index=2,
      number=3, type=11, cpp_type=10, label=3,
      has_default_value=False, default_value=[],
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
  ],
  extensions=[
  ],
  nested_types=[],
  enum_types=[
  ],
  serialized_options=None,
  is_extendable=False,
  syntax='proto3',
  extension_ranges=[],
  oneofs=[
  ],
  serialized_start=555,
  serialized_end=680,
 )
 _WATCHONLYACCOUNT = _descriptor.Descriptor(
  name='WatchOnlyAccount',
  full_name='lnrpc.WatchOnlyAccount',
  filename=None,
  file=DESCRIPTOR,
  containing_type=None,
  create_key=_descriptor._internal_create_key,
  fields=[
    _descriptor.FieldDescriptor(
      name='purpose', full_name='lnrpc.WatchOnlyAccount.purpose', index=0,
      number=1, type=13, cpp_type=3, label=1,
      has_default_value=False, default_value=0,
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='coin_type', full_name='lnrpc.WatchOnlyAccount.coin_type', index=1,
      number=2, type=13, cpp_type=3, label=1,
      has_default_value=False, default_value=0,
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='account', full_name='lnrpc.WatchOnlyAccount.account', index=2,
      number=3, type=13, cpp_type=3, label=1,
      has_default_value=False, default_value=0,
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
    _descriptor.FieldDescriptor(
      name='xpub', full_name='lnrpc.WatchOnlyAccount.xpub', index=3,
      number=4, type=9, cpp_type=9, label=1,
      has_default_value=False, default_value=b"".decode('utf-8'),
      message_type=None, enum_type=None, containing_type=None,
      is_extension=False, extension_scope=None,
      serialized_options=None, file=DESCRIPTOR,  create_key=_descriptor._internal_create_key),
  ],
  extensions=[
  ],
  nested_types=[],
  enum_types=[
  ],
  serialized_options=None,
  is_extendable=False,
  syntax='proto3',
  extension_ranges=[],
  oneofs=[
  ],
  serialized_start=682,
  serialized_end=767,
 )
@ -252,8 +372,8 @@ _UNLOCKWALLETREQUEST = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=435,
+  serialized_start=770,
-  serialized_end=582,
+  serialized_end=917,
 )
@ -277,8 +397,8 @@ _UNLOCKWALLETRESPONSE = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=584,
+  serialized_start=919,
-  serialized_end=606,
+  serialized_end=941,
 )
@ -330,8 +450,8 @@ _CHANGEPASSWORDREQUEST = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=608,
+  serialized_start=943,
-  serialized_end=734,
+  serialized_end=1069,
 )
@ -362,16 +482,20 @@ _CHANGEPASSWORDRESPONSE = _descriptor.Descriptor(
  extension_ranges=[],
  oneofs=[
  ],
-  serialized_start=736,
+  serialized_start=1071,
-  serialized_end=784,
+  serialized_end=1119,
 )
-_INITWALLETREQUEST.fields_by_name['channel_backups'].message_type = rpc__pb2._CHANBACKUPSNAPSHOT
+_INITWALLETREQUEST.fields_by_name['channel_backups'].message_type = lightning__pb2._CHANBACKUPSNAPSHOT
-_UNLOCKWALLETREQUEST.fields_by_name['channel_backups'].message_type = rpc__pb2._CHANBACKUPSNAPSHOT
+_INITWALLETREQUEST.fields_by_name['watch_only'].message_type = _WATCHONLY
 _WATCHONLY.fields_by_name['accounts'].message_type = _WATCHONLYACCOUNT
 _UNLOCKWALLETREQUEST.fields_by_name['channel_backups'].message_type = lightning__pb2._CHANBACKUPSNAPSHOT
 DESCRIPTOR.message_types_by_name['GenSeedRequest'] = _GENSEEDREQUEST
 DESCRIPTOR.message_types_by_name['GenSeedResponse'] = _GENSEEDRESPONSE
 DESCRIPTOR.message_types_by_name['InitWalletRequest'] = _INITWALLETREQUEST
 DESCRIPTOR.message_types_by_name['InitWalletResponse'] = _INITWALLETRESPONSE
 DESCRIPTOR.message_types_by_name['WatchOnly'] = _WATCHONLY
 DESCRIPTOR.message_types_by_name['WatchOnlyAccount'] = _WATCHONLYACCOUNT
 DESCRIPTOR.message_types_by_name['UnlockWalletRequest'] = _UNLOCKWALLETREQUEST
 DESCRIPTOR.message_types_by_name['UnlockWalletResponse'] = _UNLOCKWALLETRESPONSE
 DESCRIPTOR.message_types_by_name['ChangePasswordRequest'] = _CHANGEPASSWORDREQUEST
@ -406,6 +530,20 @@ InitWalletResponse = _reflection.GeneratedProtocolMessageType('InitWalletRespons
  })
 _sym_db.RegisterMessage(InitWalletResponse)
 WatchOnly = _reflection.GeneratedProtocolMessageType('WatchOnly', (_message.Message,), {
  'DESCRIPTOR' : _WATCHONLY,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.WatchOnly)
  })
 _sym_db.RegisterMessage(WatchOnly)
 WatchOnlyAccount = _reflection.GeneratedProtocolMessageType('WatchOnlyAccount', (_message.Message,), {
  'DESCRIPTOR' : _WATCHONLYACCOUNT,
  '__module__' : 'walletunlocker_pb2'
  # @@protoc_insertion_point(class_scope:lnrpc.WatchOnlyAccount)
  })
 _sym_db.RegisterMessage(WatchOnlyAccount)
 UnlockWalletRequest = _reflection.GeneratedProtocolMessageType('UnlockWalletRequest', (_message.Message,), {
  'DESCRIPTOR' : _UNLOCKWALLETREQUEST,
  '__module__' : 'walletunlocker_pb2'
@ -444,8 +582,8 @@ _WALLETUNLOCKER = _descriptor.ServiceDescriptor(
  index=0,
  serialized_options=None,
  create_key=_descriptor._internal_create_key,
-  serialized_start=787,
+  serialized_start=1122,
-  serialized_end=1080,
+  serialized_end=1415,
  methods=[
  _descriptor.MethodDescriptor(
    name='GenSeed',
--- a/home.admin/setup.scripts/dialogLightningWallet-lnd.sh
+++ b/home.admin/setup.scripts/dialogLightningWallet-lnd.sh
@ -178,6 +178,6 @@ if [ ${uploadSCB} -eq 1 ]; then
  sudo sed -i '/^staticchannelbackup=/d' $SETUPFILE
  # write the filename into the setup state
-  echo "staticchannelbackup='${staticchannelbackup}'" >> $SETUPFILE
+  echo "staticchannelbackup='/home/admin/channel.backup'" >> $SETUPFILE
 fi