mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-03-01 09:00:15 +01:00
1a0c4fe09a
* cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
224 lines
7.5 KiB
Bash
224 lines
7.5 KiB
Bash
#!/bin/bash
|
|
|
|
# https://github.com/Ride-The-Lightning/c-lightning-REST/releases/
|
|
CLRESTVERSION="v0.10.2"
|
|
|
|
# help
|
|
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
|
|
echo "Core-Lightning-REST install script"
|
|
echo "The default version is: $CLRESTVERSION"
|
|
echo "mainnet | testnet | signet instances can run parallel"
|
|
echo
|
|
echo "Usage:"
|
|
echo "cl.rest.sh on <mainnet|testnet|signet>"
|
|
echo "cl.rest.sh connect <mainnet|testnet|signet> [?key-value]"
|
|
echo "cl.rest.sh off <mainnet|testnet|signet> <purge>"
|
|
exit 1
|
|
fi
|
|
|
|
# Example for commits created on GitHub:
|
|
#PGPsigner="web-flow"
|
|
#PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
#PGPpubkeyFingerprint="4AEE18F83AFDEB23"
|
|
|
|
PGPsigner="saubyk"
|
|
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
PGPpubkeyFingerprint="00C9E2BC2E45666F"
|
|
|
|
source <(/home/admin/config.scripts/network.aliases.sh getvars cl $2)
|
|
|
|
echo "# Running 'cl.rest.sh $*'"
|
|
|
|
if [ "$1" = connect ]; then
|
|
if ! systemctl is-active --quiet ${netprefix}clrest; then
|
|
/home/admin/config.scripts/cl.rest.sh on ${CHAIN}
|
|
fi
|
|
|
|
echo "# Allowing port ${portprefix}6100 through the firewall"
|
|
sudo ufw allow "${portprefix}6100" comment "${netprefix}clrest" 1>/dev/null
|
|
localip=$(hostname -I | awk '{print $1}')
|
|
# hidden service to https://xx.onion
|
|
/home/admin/config.scripts/tor.onion-service.sh ${netprefix}clrest 443 ${portprefix}6100 1>/dev/null
|
|
|
|
toraddress=$(sudo cat /mnt/hdd/tor/${netprefix}clrest/hostname)
|
|
hex_macaroon=$(xxd -plain /home/bitcoin/c-lightning-REST/${CLNETWORK}/certs//access.macaroon | tr -d '\n')
|
|
url="https://${localip}:${portprefix}6100/"
|
|
lndconnect="lndconnect://${toraddress}:443?macaroon=${hex_macaroon}"
|
|
# c-lightning-rest://http://your_hidden_service.onion:your_port?&macaroon=your_macaroon_file_in_HEX&protocol=http
|
|
clrestlan="c-lightning-rest://${localip}:${portprefix}6100?&macaroon=${hex_macaroon}&protocol=http"
|
|
clresttor="c-lightning-rest://${toraddress}:443?&macaroon=${hex_macaroon}&protocol=http"
|
|
|
|
if [ "$3" == "key-value" ]; then
|
|
echo "toraddress='${toraddress}:443'"
|
|
echo "local='${url}'"
|
|
echo "macaroon='${hex_macaroon}'"
|
|
echo "connectstring='${clresttor}'"
|
|
exit 0
|
|
fi
|
|
|
|
# deactivated
|
|
function showStepByStepQR() {
|
|
clear
|
|
echo
|
|
sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
|
|
echo "The Tor address is shown as a QRcode below and on the LCD"
|
|
echo "Scan it to your phone with a QR scanner app and paste it to: 'Host'"
|
|
echo
|
|
echo "Host: ${toraddress}"
|
|
echo "REST Port: 443"
|
|
echo
|
|
qrencode -t ANSIUTF8 "${toraddress}"
|
|
echo
|
|
echo
|
|
echo "Alternatively to connect through the LAN the address is:"
|
|
echo "https://${localip}"
|
|
echo "REST Port: ${portprefix}6100"
|
|
echo
|
|
echo "# Press enter to continue to show the Macaroon"
|
|
read key
|
|
sudo /home/admin/config.scripts/blitz.display.sh hide
|
|
sudo /home/admin/config.scripts/blitz.display.sh qr "${hex_macaroon}"
|
|
clear
|
|
echo
|
|
echo "The Macaroon is shown as a QRcode below and on the LCD"
|
|
echo "Scan it to your phone with a QR scanner app and paste it to: 'Macaroon (Hex format)'"
|
|
echo
|
|
echo "Macaroon: ${hex_macaroon}"
|
|
echo
|
|
qrencode -t ANSIUTF8 "${hex_macaroon}"
|
|
echo
|
|
echo "# Press enter to hide the QRcode from the LCD"
|
|
read key
|
|
sudo /home/admin/config.scripts/blitz.display.sh hide
|
|
exit 0
|
|
}
|
|
|
|
function showClRestQr() {
|
|
# c-lightning-rest://http://your_hidden_service.onion:your_port?&macaroon=your_macaroon_file_in_HEX&protocol=http
|
|
clear
|
|
echo
|
|
sudo /home/admin/config.scripts/blitz.display.sh qr "${clresttor}"
|
|
echo "The string to connect over Tor is shown as a QRcode below and on the LCD"
|
|
echo "Scan it to Zeus using the c-lightning-REST option"
|
|
echo
|
|
echo "c-lightning-REST connection string:"
|
|
echo "${clresttor}"
|
|
echo
|
|
qrencode -t ANSIUTF8 "${clresttor}"
|
|
echo
|
|
echo "# Press enter to show the string to connect over LAN"
|
|
read key
|
|
sudo /home/admin/config.scripts/blitz.display.sh hide
|
|
sudo /home/admin/config.scripts/blitz.display.sh qr "${clrestlan}"
|
|
clear
|
|
echo
|
|
echo "The string to connect over the local the network is shown as a QRcode below and on the LCD"
|
|
echo "Scan it to Zeus using the c-lightning-REST option"
|
|
echo "This will only work if your node si connected to the same network"
|
|
echo "To connect reemotely consider using a VPN like ZeroTier or Tailscale"
|
|
echo
|
|
echo "c-lightning-REST connection string:"
|
|
echo "${clrestlan}"
|
|
echo
|
|
qrencode -t ANSIUTF8 "${clrestlan}"
|
|
echo
|
|
echo "# Press enter to hide the QRcode from the LCD"
|
|
read key
|
|
sudo /home/admin/config.scripts/blitz.display.sh hide
|
|
exit 0
|
|
}
|
|
|
|
showClRestQr
|
|
|
|
fi
|
|
|
|
if [ "$1" = on ]; then
|
|
echo "# Setting up c-lightning-REST for $CHAIN"
|
|
|
|
sudo systemctl stop ${netprefix}clrest
|
|
sudo systemctl disable ${netprefix}clrest
|
|
|
|
if [ ! -f /home/bitcoin/c-lightning-REST/cl-rest.js ]; then
|
|
cd /home/bitcoin || exit 1
|
|
sudo -u bitcoin git clone https://github.com/saubyk/c-lightning-REST
|
|
cd c-lightning-REST || exit 1
|
|
sudo -u bitcoin git reset --hard $CLRESTVERSION
|
|
|
|
sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
|
|
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "${CLRESTVERSION}" || exit 1
|
|
|
|
sudo -u bitcoin npm install
|
|
fi
|
|
|
|
# config
|
|
cd /home/bitcoin/c-lightning-REST || exit 1
|
|
sudo -u bitcoin mkdir ${CLNETWORK}
|
|
echo "
|
|
{
|
|
\"PORT\": ${portprefix}6100,
|
|
\"DOCPORT\": ${portprefix}4001,
|
|
\"PROTOCOL\": \"https\",
|
|
\"EXECMODE\": \"production\",
|
|
\"LNRPCPATH\": \"/home/bitcoin/.lightning/${CLNETWORK}/lightning-rpc\",
|
|
\"RPCCOMMANDS\": [\"*\"]
|
|
}" | sudo -u bitcoin tee ./${CLNETWORK}/cl-rest-config.json
|
|
|
|
# copy clrest to a CLNETWORK subdir to make parallel networks possible
|
|
sudo -u bitcoin mkdir /home/bitcoin/c-lightning-REST/${CLNETWORK}
|
|
sudo -u bitcoin cp -r /home/bitcoin/c-lightning-REST/* \
|
|
/home/bitcoin/c-lightning-REST/${CLNETWORK}
|
|
|
|
echo "
|
|
# systemd unit for c-lightning-REST for ${CHAIN}
|
|
# /etc/systemd/system/${netprefix}clrest.service
|
|
[Unit]
|
|
Description=c-lightning-REST daemon for ${CHAIN}
|
|
Wants=${netprefix}lightningd.service
|
|
After=${netprefix}lightningd.service
|
|
|
|
[Service]
|
|
ExecStart=/usr/bin/node /home/bitcoin/c-lightning-REST/${CLNETWORK}/cl-rest.js
|
|
User=bitcoin
|
|
Restart=always
|
|
TimeoutSec=120
|
|
RestartSec=30
|
|
|
|
# Hardening measures
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
StandardOutput=null
|
|
StandardError=journal
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
" | sudo tee /etc/systemd/system/${netprefix}clrest.service
|
|
|
|
sudo systemctl enable ${netprefix}clrest
|
|
source <(/home/admin/_cache.sh get state)
|
|
if [ "${state}" == "ready" ]; then
|
|
echo "# OK - the clrest.service is enabled, system is ready so starting service"
|
|
sudo systemctl start ${netprefix}clrest
|
|
else
|
|
echo "# OK - the clrest.service is enabled, to start manually use: 'sudo systemctl start clrest'"
|
|
fi
|
|
echo
|
|
echo "# Monitor with:"
|
|
echo "sudo journalctl -f -u clrest"
|
|
echo
|
|
fi
|
|
|
|
if [ "$1" = off ]; then
|
|
echo "# Removing c-lightning-REST for ${CHAIN}"
|
|
sudo systemctl stop ${netprefix}clrest
|
|
sudo systemctl disable ${netprefix}clrest
|
|
sudo rm -rf /home/bitcoin/c-lightning-REST/${CLNETWORK}
|
|
echo "# Deny port ${portprefix}6100 through the firewall"
|
|
sudo ufw deny "${portprefix}6100"
|
|
/home/admin/config.scripts/tor.onion-service.sh off ${netprefix}clrest
|
|
if [ "$(echo "$@" | grep -c purge)" -gt 0 ]; then
|
|
echo "# Removing the source code and binaries"
|
|
sudo rm -rf /home/bitcoin/c-lightning-REST
|
|
fi
|
|
fi
|