mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-02-24 14:51:03 +01:00
074c9d8549
* fix copychain returns * typo in sync loop * stop services on inconsistent state * calling correct provisioning * apply bitcoin and lncli aliases in all scripts * network.aliases: add CLNETWORK * make cln default plugin dir: cln-plugins-enabled similar to the nginx model make 2 directories for plugins: cln-plugins-enabled - symlinked to ~/.lightning/plugins plugins from here are loaded automatically on cln start cln-plugins-available: plugins are downloaded here to be run until the next cln restart (or stopped with runonce) note the disk is mounted with noexec so plugins can't run from there discuss in: https://github.com/rootzoll/raspiblitz/issues/2295 * move shutdown script * change all place where shutdown script is used * change notify & release * moved shutdown script * moved shutdown scripts * add more debug info * moving github script * remove chain in sync * no longer needed chain in sync * move debug script * patch patch command * make sure setup file is sourced * remove debug output * make sure lnd is put behind tor * change indent * get fresh sync progress * avoid scrolling in menus * use new selfsignedcert if no lnd tls.cert present * sparko: add info and connect menu with own cert https://github.com/rootzoll/raspiblitz/issues/2295 * cln.rest: add connect option for Zeus https://github.com/rootzoll/raspiblitz/issues/2295 * cln: add the backup plugin + options Usage options: cln-plugin.backup.sh [on] [testnet|mainnet|signet] cln-plugin.backup.sh [restore] [testnet|mainnet|signet] [force] cln-plugin.backup.sh [backup-compact] [testnet|mainnet|signet] https://github.com/lightningd/plugins/tree/master/backup Discussed in: https://github.com/rootzoll/raspiblitz/issues/2295 * cln: add cln-plugin.standard.python.sh Install and show the output of the chosen plugin for C-lightning Usage: cln-plugin.standard-python.sh on [plugin-name] [testnet|mainnet|signet] [runonce] tested plugins: summary | helpme | feeadjuster find more at: https://github.com/lightningd/plugins discussed in: https://github.com/rootzoll/raspiblitz/issues/2295 * shellcheck: change all `egrep` to `grep -E` https://github.com/koalaman/shellcheck/wiki/SC2196 * do not resolve aliases, use as variables * lnd: fix lnd.conf for parallel networks discussed in: https://github.com/rootzoll/raspiblitz/issues/2290 * lnd: add LND option for parallel networks * deprecate Testnet in SETTINGS keysend and autopilot only for mainnet due to: https://github.com/rootzoll/raspiblitz/issues/2290 * lnd: autopilot and autounlock for testnet * fix comments * add the SYSTEM menu for parallel chains * RTL update to v0.11.0 make chain specific directory for the config: /home/rtl/${netprefix}RTL/ use ${netprefix}lnd.conf in config override Environmen tvaribales for cln in the systemd service: /etc/systemd/system/${netprefix}${typeprefix}RTL.service discussed in: https://github.com/rootzoll/raspiblitz/issues/2384 * lnd.setname.sh for testnet * display ${CHAIN} in the SYSTEM menu options * keep _aliases file when live patches are applied * all lncli_aliases to be used as variables * default to KIllMode=control-group in services https://www.man7.org/linux/man-pages/man5/systemd.kill.5.html discussed in: https://github.com/rootzoll/raspiblitz/issues/1901 * add cln.hsmtool.sh for hsm_secret handling encrypt | decrypt | autounlock the hsm_secret for C-lightning usage: cln.hsmtool.sh [unlock] [testnet|mainnet|signet] cln.hsmtool.sh [encrypt|decrypt] [testnet|mainnet|signet] cln.hsmtool.sh [autounlock-on|autounlock-off] [testnet|mainnet|signet] discussed in: https://github.com/rootzoll/raspiblitz/issues/2295 * add cln.install-service.sh to set up cln with systemd script to set up or update the CLN systemd service checks for hsm_secret encryption, autounlock and the sparko plugin usage: /home/admin/config.scripts/cln.install-service.sh $CHAIN discussed in: https://github.com/rootzoll/raspiblitz/issues/2295 * use symlink to cln-plugins-enabled for all plugins * keep lnd autopilot and autounlock mainnet only mainnet only settings: lnd autopilot lnd keysend circuibreaker lnd autounlock StaticChannelBackup to DropBox and USB * cln FUNDING fix parsing address * cln.hsmtool: add change-password and lock options * always set password A * cached peer info * fix printing cache * fix check for existing files * handle bitcoind not running * result with newline * test line break * test new line * test new line * two vars on output * #2388 improve online check (less pinging) * used cached peer status * move chache * cach file permissions * allow sudo call * fix cache * remove double scan info * add conf info to sync screen * reorder info * add space * add space * order info * internet suppress error messages * order info * fix offering Blockchain copy * fix hostname * final ready state info * lnd unlock after provision * remove debug exit * harmonize ready state * add status to lnd unlock * update lnd unlock script * edit the unlock * remove debug echo * add debug * add debug * fix if statement * debug output * switch position of source setupdata * #1126 preparing new setup with new c-lightning (#2396) * move debug script * patch patch command * make sure setup file is sourced * remove debug output * make sure lnd is put behind tor * change indent * get fresh sync progress * always set password A * cached peer info * fix printing cache * fix check for existing files * handle bitcoind not running * result with newline * test line break * test new line * test new line * two vars on output * #2388 improve online check (less pinging) * used cached peer status * move chache * cach file permissions * allow sudo call * fix cache * remove double scan info * add conf info to sync screen * reorder info * add space * add space * order info * internet suppress error messages * order info * fix offering Blockchain copy * fix hostname * final ready state info * lnd unlock after provision * remove debug exit * harmonize ready state * add status to lnd unlock * update lnd unlock script * edit the unlock * remove debug echo * add debug * add debug * fix if statement * debug output * switch position of source setupdata * lnd.unlock: fix typo * netwok.monitor.sh debug * cln-plugin.summary: fix paths * rtl: fix permission of config on copy * CASHOUT: use aliases for lnd * rtl: install correctly for paralell chains * use CHAIN in CLN and LND menu * cln: add CASHOUT option * CLOSEALL and CASHOUT: Improve labels and comments Explaining CASHOUT in the label as discussed in: https://github.com/rootzoll/raspiblitz/issues/2358 * cln.install: fix tor config * cln: installthe latest master until the next release * _commands: source _aliases only if exists * network aliases: fall back to 'main' for 'chain' * new setup: keep testnet3 blocks and chainstate * new setup: improve capitalization in menu * improve help and comments * cln: install Sparko if configured, but not present * cln: add new wallet and import seed options * fix peernum * make sure that aliases get created on lnd setup * no error if aliases not yet exist * debug state * fix network alias when not set * fix syntax error * add debug error info * mute unlocking echos * add debug wait * add debug wait * make sure info is uptodate * make alias info as defaults * rename option * update sync info for no lightning * add action string * update sync info * move name dialog * wait for sync progress info * wait for syncprogress info * fix syntax * get fresh data * make sure to disable lnd * add c-lightning to debug * add setup logs to debug output * fix syntax error * add new-force wallet * try fix call hsmtool * hsm output tool * fix output * add seed-force * refactor blitz.mnemonic.py * test seed * debug info * dump object * try check * correct putput * fix syntax * check lnd for valid seed * fix gui * add Suez install script discussed in: https://github.com/rootzoll/raspiblitz/issues/2366 * cln rescue file export * get correct version * add cln export gui * cln.backup.sh cln-import * correct bytesize * generate cln wallet with passwordc * fix syntax * fix syntax * mute not needed error msg * PEERING: correct message on success * cln.install-service: fix sparko check * add Suez to menu for CLN and LND needs to be installed with the bitcoin user to be able to interact with CLN related: https://github.com/rootzoll/raspiblitz/issues/2366 * debug _provison.setup.sh stop bitcoind and restart with new config to avoid rpc password error disable and enable service instead of daemon-reload CLN: don't use passwordC as seedPassword * add cln.setname.sh make lnd.setname.sh work with parallel wallets * improve comments * SYSTEM: add CLNLOG and CLNCONF options * SYSTEM menu fixes * cln: add more aliases cln, clnlog, clnconf * cln: activate the backup plugin on every install * SERVICES menu: fix chantools/CLN switch * cln: load plugins from ${netprefix}cln-plugins-enabled changed the config paths to $lightning-dir/config or /networkname/config plugins are downloaded to the SDcard: /home/bitcoin/cln-plugins-available/ symlinked and loaded automatically from: /home/bitcoin/${netprefix}cln-plugins-enabled Related: #2295 * sparko: don't show logs after install * #2425 Adding experimental Blitz WebUI & API (#2426) * no password C & D when cln * add debug echos * set defaults before * #2228 wider grep to detect nvms (#2427) * cln.hsmtool: init backup with the new wallet * cln.install: fix access to raspiblitz.conf * cln-plugin.backup: fix path to backup-cli * cln: hide unhelpful warnings during setup * remove old jinja template rendering * fix lnd unlock detection * cln: look for files in .lightning dir with sudo * cln: correct lightning name in FInalDialog + typo * cln: make sure .lightning/bitcoin dir exists * FinalDialog: make the 24 words fit * cln.install.sh: create cln config if not present * Simplify localIP detection and improve compatibility (#2432) * show tail info on provision * only show lnd options when activated * fix syntax * only show main lightning impl options for RC1 * cln: always start the lightnind.service * cln: clear before showing summary * start cln on the end of provisioning * exit 0 on cln menu * press key after single actions * remove key press on cln actions * change to none * detect cln running * fix syntax * fix lightniing info * add TODO for CLN * add clnblockheight * zty with user bitcoin * check synced to chain for cln * fix increment * try scanprogress * use cln sync detection and progress * replace LNTYPE * next line * fix spaces * fix spaces * Update README.md (#2456) Fix 404 * Fix FAQ links (#2441) * Fix invalid URL ( (#2440) * support channels (#2382) * use #2370 height optimization * adjust exit codes in menu scripts * adjust password menu exit codes * adapt shutdown for cln * settings adapt to running lightning impl * fix syntax * debug info * add debug * better height * add default values * add config entry if not there yet * change default value * Added exit info for cln * make sure to load config file if available * add sparko to menu * add default for sparko * replace default sparko entry * show sparko installed or not * add more description to sparko option * RTL for clightnign in service menu * main menu item rtl * add RTL description * debug in RTL install * install sparko on recovery * update menu with cln * rework menu options Co-authored-by: openoms <oms@tuta.io> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: rek79 <rek79@users.noreply.github.com> Co-authored-by: Bitpaint <67663265+bitpaint@users.noreply.github.com> Co-authored-by: João Thallis <joaothallis@icloud.com> Co-authored-by: Peter Flock <78184669+peterflock@users.noreply.github.com> Co-authored-by: nyxnor <nyxnor@protonmail.com>
588 lines
21 KiB
Bash
Executable file
588 lines
21 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# https://github.com/stakwork/sphinx-relay
|
|
|
|
# command info
|
|
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
|
echo "config script to switch Sphinx-Relay on,off or update"
|
|
echo "bonus.sphinxrelay.sh on [?GITHUBUSER] [?BRANCH]"
|
|
echo "bonus.sphinxrelay.sh [off|status|menu|write-environment|update]"
|
|
echo "# DEVELOPMENT: TO SYNC WITH YOUR FORKED GITHUB-REPO"
|
|
echo "bonus.sphinxrelay.sh github sync"
|
|
exit 1
|
|
fi
|
|
|
|
source /mnt/hdd/raspiblitz.conf
|
|
|
|
# show info menu
|
|
if [ "$1" = "menu" ]; then
|
|
|
|
# get status info
|
|
echo "# collecting status info ... (please wait - can take a while)"
|
|
source <(sudo /home/admin/config.scripts/bonus.sphinxrelay.sh status)
|
|
|
|
# display possible problems with IP2TOR setup
|
|
if [ "${connectionTest}" != "OK" ]; then
|
|
whiptail --title " Warning " \
|
|
--yes-button "Back" \
|
|
--no-button "Continue Anyway" \
|
|
--yesno "Your SPHINX SERVER may have problems (retry if just restarted).\n\nCheck if locally responding: http://${localIP}:${httpPort}/app\n(You should see 'INDEX' in your browser)\n\nCheck if service is reachable over Tor:\n${toraddress}/app\n\nIf you use IP2TOR may cancel & renew subscription & LetsEncrypt.\nAlso check logs with 'debug' on terminal." 17 72
|
|
if [ "$?" != "1" ]; then
|
|
exit 0
|
|
fi
|
|
elif [ ${#ip2torWarn} -gt 0 ]; then
|
|
whiptail --title " Warning " \
|
|
--yes-button "Back" \
|
|
--no-button "Continue Anyway" \
|
|
--yesno "Problem detected:\n${ip2torWarn}\n\nCheck if service is reachable over Tor:\n${toraddress}/app" 14 72
|
|
if [ "$?" != "1" ]; then
|
|
exit 0
|
|
fi
|
|
fi
|
|
|
|
extraPairInfo=""
|
|
text="Go to https://sphinx.chat and download the Sphinx Chat app."
|
|
|
|
# When IP2TOR AND LETS ENCRYPT
|
|
if [ ${connection} = "ip2tor&letsencrypt" ]; then
|
|
text="${text}\n
|
|
IP2TOR+LetsEncrypt: ${publicURL}
|
|
SHA1 ${sslFingerprintTOR}\n
|
|
If you connect your app with this setup you should be able to
|
|
use it securely from everywhere.
|
|
"
|
|
|
|
# When DynDNS & LETSENCRYPT
|
|
elif [ ${connection} = "dns&letsencrypt" ]; then
|
|
text="${text}\n
|
|
Public Domain: ${publicURL}
|
|
port forwarding on router needs to be active & may change port"
|
|
|
|
# When just IP2TOR
|
|
elif [ ${connection} = "ip2tor&selfsigned" ]; then
|
|
text="${text}\n
|
|
IP2TOR+self-signed-HTTPS: ${publicURL}\n
|
|
IMPORTANT: For this connection to work & be secure it needs a
|
|
additional Domain with LetsEncrypt certificate for HTTPS:
|
|
MAINMENU > SUBSCRIBE & add LetsEncrypt HTTPS Domain"
|
|
|
|
# When DynDNS
|
|
elif [ ${connection} = "dns&selfsigned" ]; then
|
|
text="${text}\n
|
|
Public Domain: ${publicURL}
|
|
port forwarding on router needs to be active & may change port"
|
|
|
|
# When nothing advise
|
|
elif [ ${connection} = "localnetwork" ]; then
|
|
text="${text}\n
|
|
At the moment your Sphinx Relay Server is just available
|
|
within the local network - without transport encryption.
|
|
Local server for test & debug: ${publicURL}/app\n
|
|
To enable easy reachability from the outside consider
|
|
adding a IP2TOR Bridge and reconnect:
|
|
MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
|
|
extraPairInfo="You need to be on the same local network to make this work."
|
|
|
|
else
|
|
text="${text}\nUnknown Connection!"
|
|
fi
|
|
|
|
text="${text}\n\nUse 'Connect App' to pair Sphinx App with RaspiBlitz."
|
|
|
|
whiptail --title " SPHINX RELAY " --yes-button "Connect App" --no-button "Back" --yesno "${text}" 15 69
|
|
response=$?
|
|
if [ "${response}" == "1" ]; then
|
|
echo "please wait ..."
|
|
exit 0
|
|
fi
|
|
|
|
# check that IP2TOR has also a LetsEncrypt Cert
|
|
if [ "${connection}" = "ip2tor&selfsigned" ]; then
|
|
text="OK you now have an IP2Tor connection running - thats great!\n
|
|
BUT TO MAKE THIS WORK:\n
|
|
It needs an additional Domain with LetsEncrypt certificate for HTTPS: Go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain\n
|
|
(or cancel the IP2Tor & just use sphinx within local network)"
|
|
whiptail --title " Warning " \
|
|
--msgbox "${text}" 15 72
|
|
exit 0
|
|
fi
|
|
|
|
# check that not more than one app is connected
|
|
if [ "${connectionApp}" != "0" ]; then
|
|
text="There is already one app connected to the Sphinx-Relay.
|
|
There CANNOT BE MORE THAN ONE APP connected at the same time.\n
|
|
To switch devices within the Sphnix app: see PROFILE & export keys or
|
|
you have to deinstall the Sphinx-Relay with DELETE DATA & reinstall.\n
|
|
If you just upgraded from local network to IP2Tor + HTTPS -->
|
|
open the app > PROFILE & under ADVANCED change the SERVER URL to:
|
|
${publicURL}"
|
|
whiptail --title " Warning " \
|
|
--msgbox "${text}" 15 76
|
|
exit 0
|
|
fi
|
|
|
|
# check that at least one channel is open
|
|
openChannels=$(sudo -u bitcoin lncli listchannels | grep -c "channel_point")
|
|
if [ "${openChannels}" == "0" ]; then
|
|
whiptail --title " Warning " --msgbox "You need at least one open channel to the lightning network for sphinx to work." 10 32
|
|
exit 0
|
|
fi
|
|
|
|
if [ ${#extraPairInfo} -eq 0 ]; then
|
|
extraPairInfo="The base64 decoded connection string (for debug):\n${connectionCodeClear}"
|
|
fi
|
|
|
|
# show qr code on LCD & console
|
|
/home/admin/config.scripts/blitz.display.sh qr "${connectionCode}"
|
|
whiptail --title " Connect App with Sphinx Relay " \
|
|
--yes-button "Done" \
|
|
--no-button "Show QR Code" \
|
|
--yesno "Open the Sphinx Chat app & scan the QR code displayed on the LCD. If you dont have a RaspiBlitz with LCD choose 'Show QR Code'.\n
|
|
The connection string can also be copied if needed: ${connectionCode}\n
|
|
${extraPairInfo}" 16 70
|
|
if [ $? -eq 1 ]; then
|
|
clear
|
|
qrencode -t ANSI256 "${connectionCode}"
|
|
echo "--> Scan this code with your Sphinx Chat App"
|
|
echo "To shrink QR code: macOS press CMD- / LINUX press CTRL-"
|
|
echo "Press ENTER when finished."
|
|
read key
|
|
fi
|
|
|
|
/home/admin/config.scripts/blitz.display.sh hide
|
|
exit 0
|
|
fi
|
|
|
|
# add default value to raspi config if needed
|
|
if ! grep -Eq "^sphinxrelay=" /mnt/hdd/raspiblitz.conf; then
|
|
echo "sphinxrelay=off" >> /mnt/hdd/raspiblitz.conf
|
|
fi
|
|
|
|
# write environment configs fresh before every start
|
|
# IMPORTANT: all this needs to work without sudo because will run from systemd as sphinxrelay user
|
|
if [ "$1" = "write-environment" ]; then
|
|
|
|
# !! all this needs to run (be called as) user: sphinxrelay
|
|
|
|
# get basic data from status
|
|
source <(/home/admin/config.scripts/bonus.sphinxrelay.sh status)
|
|
|
|
# database config
|
|
cat /home/sphinxrelay/sphinx-relay/config/config.json | \
|
|
jq ".production.storage = \"/mnt/hdd/app-data/sphinxrelay/sphinx.db\"" > /home/sphinxrelay/sphinx-relay/config/config.json.tmp
|
|
mv /home/sphinxrelay/sphinx-relay/config/config.json.tmp /home/sphinxrelay/sphinx-relay/config/config.json
|
|
|
|
# update node ip in config
|
|
cat /home/sphinxrelay/sphinx-relay/config/app.json | \
|
|
jq ".production.tls_location = \"/mnt/hdd/app-data/lnd/tls.cert\"" | \
|
|
jq ".production.macaroon_location = \"/mnt/hdd/app-data/lnd/data/chain/${network}/${chain}net/admin.macaroon\"" | \
|
|
jq ".production.lnd_log_location = \"/mnt/hdd/lnd/logs/${network}/${chain}net/lnd.log\"" | \
|
|
jq ".production.node_http_port = \"3300\"" | \
|
|
jq ".production.public_url = \"${publicURL}\"" > /home/sphinxrelay/sphinx-relay/config/app.json.tmp
|
|
mv /home/sphinxrelay/sphinx-relay/config/app.json.tmp /home/sphinxrelay/sphinx-relay/config/app.json
|
|
|
|
# prepare production configs (loaded by nodejs app)
|
|
cp /home/sphinxrelay/sphinx-relay/config/app.json /home/sphinxrelay/sphinx-relay/dist/config/app.json
|
|
cp /home/sphinxrelay/sphinx-relay/config/config.json /home/sphinxrelay/sphinx-relay/dist/config/config.json
|
|
echo "# ok - copied fresh config.json & app.json into dist directory"
|
|
|
|
exit 0
|
|
fi
|
|
|
|
# status
|
|
# IMPORTANT: make sure it can run as sphinxrelay user without sudo
|
|
if [ "$1" = "status" ]; then
|
|
|
|
if [ "${sphinxrelay}" = "on" ]; then
|
|
echo "installed=1"
|
|
else
|
|
echo "installed=0"
|
|
fi
|
|
|
|
localIP=$(hostname -I | awk '{print $1}')
|
|
echo "localIP='${localIP}'"
|
|
echo "httpsPort='3301'"
|
|
echo "httpPort='3300'"
|
|
echo "publicIP='${publicIP}'"
|
|
|
|
# get connection string from file
|
|
connectionCode=$(cat /home/sphinxrelay/sphinx-relay/connection_string.txt 2>/dev/null)
|
|
if [ -f "/home/sphinxrelay/sphinx-relay/connection_string.txt" ] && [ "${connectionCode}" = "" ]; then
|
|
# try again with sodu
|
|
connectionCode=$(sudo cat /home/sphinxrelay/sphinx-relay/connection_string.txt)
|
|
fi
|
|
echo "connectionCode='${connectionCode}'"
|
|
|
|
# decode with base64 for debug
|
|
connectionCodeClear=$(echo -n "${connectionCode}" | base64 --decode)
|
|
echo "connectionCodeClear='${connectionCodeClear}'"
|
|
|
|
# check for LetsEnryptDomain for DynDns
|
|
error=""
|
|
source <(/home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $publicIP)
|
|
publicDomain="${domain}"
|
|
if [ ${#error} -eq 0 ]; then
|
|
echo "publicDomain='${publicDomain}'"
|
|
else
|
|
echo "publicDomain=''"
|
|
fi
|
|
|
|
sslFingerprintIP=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout 2>/dev/null | cut -d"=" -f2)
|
|
echo "sslFingerprintIP='${sslFingerprintIP}'"
|
|
|
|
toraddress=$(cat /home/sphinxrelay/sphinx-relay/dist/toraddress.txt 2>/dev/null)
|
|
echo "toraddress='${toraddress}'"
|
|
|
|
sslFingerprintTOR=$(openssl x509 -in /mnt/hdd/app-data/nginx/tor_tls.cert -fingerprint -noout 2>/dev/null | cut -d"=" -f2)
|
|
echo "sslFingerprintTOR='${sslFingerprintTOR}'"
|
|
|
|
# check for IP2TOR
|
|
error=""
|
|
ip2torIP=""
|
|
ip2torPort=""
|
|
source <(/home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $toraddress)
|
|
if [ ${#error} -eq 0 ]; then
|
|
ip2torIP="${ip}"
|
|
ip2torPort="${port}"
|
|
echo "ip2torType='${ip2tor-v1}'"
|
|
echo "ip2torID='${id}'"
|
|
echo "ip2torIP='${ip}'"
|
|
echo "ip2torPort='${port}'"
|
|
# check for LetsEnryptDomain on IP2TOR
|
|
ip2torDomain=""
|
|
error=""
|
|
source <(/home/admin/config.scripts/blitz.subscriptions.letsencrypt.py domain-by-ip $ip)
|
|
if [ ${#error} -eq 0 ]; then
|
|
ip2torDomain="${domain}"
|
|
echo "ip2torDomain='${ip2torDomain}'"
|
|
# by default the relay gives a 404 .. so just test of no HTTP code at all comes back
|
|
httpcode=$(/home/admin/config.scripts/blitz.subscriptions.letsencrypt.py subscription-detail ${domain} ${port} | jq -r ".https_response")
|
|
if [ "${httpcode}" = "0" ]; then
|
|
echo "ip2torWarn='Not able to get HTTPS response.'"
|
|
fi
|
|
fi
|
|
fi
|
|
|
|
# determnine the public url for the pairing code based on best setup
|
|
connection=""
|
|
publicURL=""
|
|
|
|
# 1) IP2TOR & LETS ENCRYPT HTTPS
|
|
if [ "${ip2torDomain}" != "" ]; then
|
|
connection="ip2tor&letsencrypt"
|
|
publicURL="https://${ip2torDomain}:${ip2torPort}"
|
|
|
|
# 2) DYNDNS & LETS ENCRYPT HTTPS (forwarding same port)
|
|
elif [ "${publicDomain}" != "" ]; then
|
|
connection="dns&letsencrypt"
|
|
publicURL="https://${publicDomain}:3301"
|
|
|
|
# 3) IP2TOR & SELFSIGNED HTTPS
|
|
elif [ "${ip2torIP}" != "" ]; then
|
|
connection="ip2tor&selfsigned"
|
|
publicURL="https://${ip2torIP}:${ip2torPort}"
|
|
|
|
# 4) DYNDOMAIN & SELFSIGNED HTTPS (forwarding same port)
|
|
elif [ "${dynDomain}" != "" ]; then
|
|
connection="dns&selfsigned"
|
|
publicURL="https://${dynDomain}:3301"
|
|
|
|
# 5) LOCAL NETWORK (just HTTP)
|
|
else
|
|
connection="localnetwork"
|
|
publicURL="http://${localIP}:3300"
|
|
|
|
fi
|
|
echo "connection='${connection}'"
|
|
echo "publicURL='${publicURL}'"
|
|
|
|
connectionCodeContainsPublicUrl=$( echo "${connectionCodeClear}" | grep -c "${publicURL}" )
|
|
if [ ${connectionCodeContainsPublicUrl} -eq 0 ]; then
|
|
echo "ip2torWarn='Connection String not updated yet. Try again a bit later or check for errors.'"
|
|
fi
|
|
|
|
# test connection (accept self-signed certs here) ... calling the url /app should return INDEX
|
|
connectionTest="n/a"
|
|
connectionResponse=$(wget --no-check-certificate -qO- ${publicURL}/app 2>/dev/null)
|
|
if [ "${connectionResponse}" == "INDEX" ]; then
|
|
connectionTest="OK"
|
|
else
|
|
connectionTest="fail"
|
|
fi
|
|
echo "connectionTest='${connectionTest}'"
|
|
|
|
# check if already an app was connected to relay (after that a second connection will not work)
|
|
connectionApp=$(sqlite3 /mnt/hdd/app-data/sphinxrelay/sphinx.db "SELECT * FROM sphinx_contacts WHERE auth_token IS NOT NULL;" 2>/dev/null | grep -c "1||")
|
|
echo "connectionApp=${connectionApp}"
|
|
|
|
exit 0
|
|
fi
|
|
|
|
if [ "$1" = "sync" ]; then
|
|
echo "# pull all changes from github repo"
|
|
# output basic info
|
|
cd /home/sphinxrelay/sphinx-relay
|
|
sudo git remote -v
|
|
sudo git branch -v
|
|
# pull latest code
|
|
sudo git pull
|
|
# update npm installs
|
|
npm install
|
|
# write environment
|
|
sudo -u sphinxrelay /home/admin/config.scripts/bonus.sphinxrelay.sh write-environment
|
|
# restart service
|
|
sudo systemctl restart sphinxrelay
|
|
echo "# server is restarting ... maybe takes some seconds until available"
|
|
exit 0
|
|
fi
|
|
|
|
# stop service
|
|
echo "# making sure services are not running"
|
|
sudo systemctl stop sphinxrelay 2>/dev/null
|
|
|
|
# switch on
|
|
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
|
echo "*** INSTALL SPHINX-RELAY ***"
|
|
|
|
isInstalled=$(sudo ls /etc/systemd/system/sphinxrelay.service 2>/dev/null | grep -c 'sphinxrelay.service')
|
|
if [ ${isInstalled} -eq 0 ]; then
|
|
|
|
# check and install NodeJS
|
|
/home/admin/config.scripts/bonus.nodejs.sh on
|
|
|
|
# make sure keysend is on
|
|
/home/admin/config.scripts/lnd.keysend.sh on
|
|
|
|
echo "*** Add the 'sphinxrelay' user ***"
|
|
sudo adduser --disabled-password --gecos "" sphinxrelay
|
|
sudo /usr/sbin/usermod --append --groups lndadmin sphinxrelay
|
|
sudo /usr/sbin/usermod --append --groups lndsigner sphinxrelay
|
|
sudo /usr/sbin/usermod --append --groups lndrouter sphinxrelay
|
|
|
|
# install needed install packages
|
|
sudo apt install -y sqlite3
|
|
|
|
# get optional github parameter
|
|
githubUser="stakwork"
|
|
if [ "$2" != "" ]; then
|
|
githubUser="$2"
|
|
fi
|
|
githubBranch="master"
|
|
if [ "$3" != "" ]; then
|
|
githubBranch="$3"
|
|
fi
|
|
TAG=""
|
|
if [ "$4" != "" ]; then
|
|
TAG="$3"
|
|
fi
|
|
|
|
# install from GitHub
|
|
echo "# get the github code user(${githubUser}) branch(${githubBranch})"
|
|
sudo rm -r /home/sphinxrelay/sphinx-relay 2>/dev/null
|
|
cd /home/sphinxrelay
|
|
sudo -u sphinxrelay git clone https://github.com/${githubUser}/sphinx-relay.git
|
|
cd /home/sphinxrelay/sphinx-relay
|
|
|
|
# set to latest release tag
|
|
sudo -u sphinxrelay git checkout ${githubBranch} || exit 1
|
|
sudo -u sphinxrelay git pull || exit 1
|
|
if [ "${TAG}" == "" ]; then
|
|
TAG=$(git tag | sort -V | tail -1)
|
|
fi
|
|
if [ "${TAG}" != "ignore" ]; then
|
|
echo "# Reset to the latest release tag --> ${TAG}"
|
|
sudo -u sphinxrelay git reset --hard $TAG || exit 1
|
|
else
|
|
echo "# IGNORING release tag .. running latest code of branch ${githubBranch}"
|
|
fi
|
|
|
|
echo "# NPM install dependencies ..."
|
|
sudo -u sphinxrelay npm install
|
|
|
|
# open firewall
|
|
echo
|
|
echo "*** Updating Firewall ***"
|
|
sudo ufw allow 3300 comment 'sphinxrelay HTTP'
|
|
sudo ufw allow 3301 comment 'sphinxrelay HTTPS'
|
|
echo ""
|
|
|
|
# Hidden Service if Tor is active
|
|
source /mnt/hdd/raspiblitz.conf
|
|
if [ "${runBehindTor}" = "on" ]; then
|
|
# make sure to keep in sync with internet.tor.sh script
|
|
/home/admin/config.scripts/internet.hiddenservice.sh sphinxrelay 80 3302 443 3303
|
|
# get TOR address and store it readable for sphixrelay user
|
|
toraddress=$(sudo cat /mnt/hdd/tor/sphinxrelay/hostname 2>/dev/null)
|
|
sudo -u sphinxrelay bash -c "echo '${toraddress}' > /home/sphinxrelay/sphinx-relay/dist/toraddress.txt"
|
|
fi
|
|
|
|
# set database path to HDD data so that its survives updates and migrations
|
|
sudo mkdir /mnt/hdd/app-data/sphinxrelay 2>/dev/null
|
|
sudo chown sphinxrelay:sphinxrelay -R /mnt/hdd/app-data/sphinxrelay
|
|
|
|
# write environment (do after possible tor activation)
|
|
sudo -u sphinxrelay /home/admin/config.scripts/bonus.sphinxrelay.sh write-environment
|
|
|
|
# install service
|
|
echo "*** Install systemd ***"
|
|
cat > /home/admin/sphinxrelay.service <<EOF
|
|
[Unit]
|
|
Description=SphinxRelay
|
|
Wants=lnd.service
|
|
After=lnd.service
|
|
|
|
[Service]
|
|
WorkingDirectory=/home/sphinxrelay/sphinx-relay
|
|
ExecStartPre=/home/admin/config.scripts/bonus.sphinxrelay.sh write-environment
|
|
ExecStart=env NODE_ENV=production /usr/bin/node dist/app.js
|
|
User=sphinxrelay
|
|
Restart=always
|
|
TimeoutSec=120
|
|
RestartSec=30
|
|
StandardOutput=journal
|
|
StandardError=journal
|
|
|
|
# Hardening measures
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOF
|
|
sudo mv /home/admin/sphinxrelay.service /etc/systemd/system/sphinxrelay.service
|
|
sudo chown root:root /etc/systemd/system/sphinxrelay.service
|
|
|
|
sudo systemctl enable sphinxrelay
|
|
|
|
source /home/admin/raspiblitz.info
|
|
if [ "${state}" == "ready" ]; then
|
|
echo "# OK - sphinxrelay service is enabled, system is on ready so starting service"
|
|
sudo systemctl start sphinxrelay
|
|
else
|
|
echo "# OK - sphinxrelay service is enabled, but needs reboot or manual starting: sudo systemctl start sphinxrelay"
|
|
fi
|
|
|
|
else
|
|
echo "# sphinxrelay already installed."
|
|
fi
|
|
|
|
# setup nginx symlinks
|
|
if ! [ -f /etc/nginx/sites-available/sphinxrelay_ssl.conf ]; then
|
|
sudo cp /home/admin/assets/nginx/sites-available/sphinxrelay_ssl.conf /etc/nginx/sites-available/sphinxrelay_ssl.conf
|
|
fi
|
|
if ! [ -f /etc/nginx/sites-available/sphinxrelay_tor.conf ]; then
|
|
sudo cp /home/admin/assets/nginx/sites-available/sphinxrelay_tor.conf /etc/nginx/sites-available/sphinxrelay_tor.conf
|
|
fi
|
|
if ! [ -f /etc/nginx/sites-available/sphinxrelay_tor_ssl.conf ]; then
|
|
sudo cp /home/admin/assets/nginx/sites-available/sphinxrelay_tor_ssl.conf /etc/nginx/sites-available/sphinxrelay_tor_ssl.conf
|
|
fi
|
|
sudo ln -sf /etc/nginx/sites-available/sphinxrelay_ssl.conf /etc/nginx/sites-enabled/
|
|
sudo ln -sf /etc/nginx/sites-available/sphinxrelay_tor.conf /etc/nginx/sites-enabled/
|
|
sudo ln -sf /etc/nginx/sites-available/sphinxrelay_tor_ssl.conf /etc/nginx/sites-enabled/
|
|
sudo nginx -t
|
|
sudo systemctl reload nginx
|
|
|
|
# setting value in raspi blitz config
|
|
sudo sed -i "s/^sphinxrelay=.*/sphinxrelay=on/g" /mnt/hdd/raspiblitz.conf
|
|
|
|
exit 0
|
|
fi
|
|
|
|
# update
|
|
if [ "$1" = "update" ]; then
|
|
echo "# Updating Sphinx-Relay"
|
|
|
|
# deinstall without deleting data
|
|
/home/admin/config.scripts/bonus.sphinxrelay.sh off --keep-data
|
|
|
|
# reinstall to work with same data
|
|
/home/admin/config.scripts/bonus.sphinxrelay.sh on
|
|
|
|
#cd /home/sphinxrelay/sphinx-relay/
|
|
## https://github.com/stakwork/sphinx-relay/blob/master/docs/raspiblitz_deployment.md#fast-method
|
|
#echo "# Stashing the config"
|
|
#if [ $(sudo -u sphinxrelay git stash 2>&1 | grep -c "Please tell me who you are") -gt 0 ]; then
|
|
# sudo -u sphinxrelay git config user.email "you@example.com"
|
|
# sudo -u sphinxrelay git config user.name "Your Name"
|
|
#fi
|
|
#sudo -u sphinxrelay git stash
|
|
#echo "# Pulling latest changes..."
|
|
#sudo -u sphinxrelay git checkout master || exit 1
|
|
#sudo -u sphinxrelay git pull || exit 1
|
|
#echo "# Reset to the latest release tag"
|
|
#TAG=$(git tag | sort -V | tail -1)
|
|
#sudo -u sphinxrelay git reset --hard $TAG || exit 1
|
|
#echo "# Reapplying the config"
|
|
#sudo -u sphinxrelay git stash pop
|
|
#echo "# Installing NPM dependencies"
|
|
#sudo -u sphinxrelay npm install
|
|
#echo "# Updated to version" $TAG
|
|
#echo
|
|
#echo "# Starting the sphinxrelay.service ... "
|
|
#sudo systemctl start sphinxrelay
|
|
|
|
exit 0
|
|
fi
|
|
|
|
# switch off
|
|
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
|
|
|
# check for second parameter: should data be deleted?
|
|
deleteData=0
|
|
if [ "$2" = "--delete-data" ]; then
|
|
deleteData=1
|
|
elif [ "$2" = "--keep-data" ]; then
|
|
deleteData=0
|
|
else
|
|
if (whiptail --title " DELETE DATA? " --yesno "Do you want to delete\nthe SphinxRelay Data?" 8 30); then
|
|
deleteData=1
|
|
else
|
|
deleteData=0
|
|
fi
|
|
fi
|
|
echo "# deleteData(${deleteData})"
|
|
|
|
# setting value in raspi blitz config
|
|
sudo sed -i "s/^sphinxrelay=.*/sphinxrelay=off/g" /mnt/hdd/raspiblitz.conf
|
|
|
|
# remove nginx symlinks
|
|
sudo rm -f /etc/nginx/sites-enabled/sphinxrelay_ssl.conf
|
|
sudo rm -f /etc/nginx/sites-enabled/sphinxrelay_tor.conf
|
|
sudo rm -f /etc/nginx/sites-enabled/sphinxrelay_tor_ssl.conf
|
|
sudo rm -f /etc/nginx/sites-available/sphinxrelay_ssl.conf
|
|
sudo rm -f /etc/nginx/sites-available/sphinxrelay_tor.conf
|
|
sudo rm -f /etc/nginx/sites-available/sphinxrelay_tor_ssl.conf
|
|
sudo nginx -t
|
|
sudo systemctl reload nginx
|
|
|
|
# Hidden Service if Tor is active
|
|
if [ "${runBehindTor}" = "on" ]; then
|
|
/home/admin/config.scripts/internet.hiddenservice.sh off sphinxrelay
|
|
fi
|
|
|
|
isInstalled=$(sudo ls /etc/systemd/system/sphinxrelay.service 2>/dev/null | grep -c 'sphinxrelay.service')
|
|
if [ ${isInstalled} -eq 1 ] || [ "${sphinxrelay}" == "on" ]; then
|
|
echo "*** REMOVING SPHINXRELAY ***"
|
|
sudo systemctl stop sphinxrelay
|
|
sudo systemctl disable sphinxrelay
|
|
sudo rm /etc/systemd/system/sphinxrelay.service
|
|
sudo userdel -rf sphinxrelay
|
|
|
|
if [ ${deleteData} -eq 1 ]; then
|
|
echo "# deleting data"
|
|
sudo rm -R /mnt/hdd/app-data/sphinxrelay
|
|
else
|
|
echo "# keeping data"
|
|
fi
|
|
|
|
echo "OK sphinxrelay removed."
|
|
else
|
|
echo "sphinxrelay is not installed."
|
|
fi
|
|
exit 0
|
|
fi
|
|
|
|
echo "FAIL - Unknown Parameter $1"
|
|
exit 1
|