mirror of
https://github.com/rootzoll/raspiblitz.git
synced 2025-03-01 17:07:18 +01:00
1a0c4fe09a
* cln: use default normal feerate to withdraw all * Bugfix: bad subsititution (#3668) Fix for error: /home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution * whiptail one line * fix syntax * lnproxy: fix api access through nginx (#3671) * lnproxy: fix api access through nginx * fix tor config and fit the menu * add to the menu and provision * merge #3682 * cln update to v23.02, backup-plugin update, add poetry (#3684) * cln backup-plugin update, add poetry * fix mkdir error, remove commented code, fmt #3677 * poetry and path fixes * add terminal feedback, format #3676 * detect the full name of the plugin * install pyln-client tqdm with pip * git-verify: add --keyid-format LONG to recognise if the signing key is not the main key * cln update to v23.02 * cln-grpc: add protobuf-compiler dep * rtl update to v0.13.6 and formatting * C-lightningREST update to v0.10.1 * CLN FAQ update (#3666) * improve the detection of existing cln aliases * add the emergencyrecover instructions to CLN FAQ * update help entries * Update Tallycoin to version 1.8.0 (#3693) * add tallycoin update info to CHANGES * Fix typo in README.md (#3699) excepted -> accepted * #3694 add LCD info * #3664 att timeout 30s to ln monitor calls (#3665) * fix setting LND_REST_ENDPOINT (#3689) * btcpay update v1.8.2, postgres database fix (#3697) * btcpay update v1.8.0, postgres database fix * btcpayserver update to v1.8.2 * update lnbits to 0.10.2 and use poetry instead of venv (#3703) * fix apt update Key error for influx repo (#3711) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * fix missing timeout value for nc cmnd (#3712) Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> * #3706 Update CLN v23.02.2 (#3716) * used patched/rolledback 23.02.2 release * check rusty sig * fix typo * fix default lightning setting * #3683 Update LIT to 0.8.6 (#3717) * update LIT to 0.8.6 * activate lnd rpcmiddleware * CHANGES.md * #3667 change all up/download from sftp tp scp (#3718) * #3722 add no hostkeys available detection (#3723) * #1186 FinTS/HBCI interface (#3704) * #1186 FinTS install script first draft * only start app when blitz is ready * improve menu * improve dit lnbits config * preserve edit * improve edit * improve edit * fix insertion * dont use fingerprint * now use main repo * add port * show local ip * fix typo * show port SSL * Update bonus.lndg.sh (#3725) * Update bonus.lndg.sh Changes version to v1.6.0. Fixes update menu bug. Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats). * Update bonus.lndg.sh Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future). * #3725 update lndg version in CHANGES * #3692 update lnd to v0.16.0-beta (#3732) * update SD CARD base image info * Clenaup CHANGES info * RTL install fix (#3739) * c-lightning-REST update to 0.10.2, fmt * rtl: npm insatll with --legacy-peer-deps * purge c-lightning-REST as well with RTL * jam update to v0.1.5 (#3736) * 3733 CLN GRPC > JRPC (#3741) * change exit code * change to cln_jrpc * deactivate the cln_grpc settings * set v1.9.0rc3 version --------- Co-authored-by: openoms <oms@tuta.io> Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com> Co-authored-by: openoms <43343391+openoms@users.noreply.github.com> Co-authored-by: DJ Booth <djbooth007@gmail.com> Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com> Co-authored-by: dni ⚡ <office@dnilabs.com> Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com> Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de> Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
382 lines
12 KiB
Bash
382 lines
12 KiB
Bash
#!/bin/bash
|
|
|
|
# https://github.com/joinmarket-webui/jam
|
|
|
|
WEBUI_VERSION=0.1.5
|
|
REPO=joinmarket-webui/jam
|
|
USERNAME=jam
|
|
HOME_DIR=/home/$USERNAME
|
|
APP_DIR=webui
|
|
RASPIBLITZ_INFO=/home/admin/raspiblitz.info
|
|
RASPIBLITZ_CONF=/mnt/hdd/raspiblitz.conf
|
|
|
|
PGPsigner="dergigi"
|
|
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
|
|
PGPpubkeyFingerprint="89C4A25E69A5DE7F"
|
|
|
|
# command info
|
|
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
|
|
echo "config script to switch Jam on or off"
|
|
echo "bonus.jam.sh [install|uninstall]"
|
|
echo "bonus.jam.sh [on|off|status|menu]"
|
|
echo "bonus.jam.sh [update|update commit|precheck]"
|
|
exit 1
|
|
fi
|
|
|
|
# check and load raspiblitz config to know which network is running
|
|
source $RASPIBLITZ_INFO
|
|
source $RASPIBLITZ_CONF 2>/dev/null
|
|
|
|
# check if already installed & active
|
|
isInstalled=$(compgen -u | grep -c ${USERNAME})
|
|
isActive=$(sudo ls /etc/systemd/system/joinmarket-api.service 2>/dev/null | grep -c 'joinmarket-api.service')
|
|
localip=$(hostname -I | awk '{print $1}')
|
|
|
|
if [ "$1" = "status" ]; then
|
|
|
|
toraddress=$(sudo cat /mnt/hdd/tor/${USERNAME}/hostname 2>/dev/null)
|
|
httpPort="3010"
|
|
httpsPort="3011"
|
|
|
|
echo "version='${WEBUI_VERSION}'"
|
|
echo "installed='${isActive}'"
|
|
echo "localIP='${localip}'"
|
|
echo "httpPort='7500'"
|
|
echo "httpsPort='7501'"
|
|
echo "httpsForced='1'"
|
|
echo "httpsSelfsigned='1'"
|
|
echo "authMethod='password_b'"
|
|
echo "toraddress='${toraddress}'"
|
|
exit 0
|
|
fi
|
|
|
|
# show info menu
|
|
if [ "$1" = "menu" ]; then
|
|
|
|
if [ ${isActive} -eq 1 ]; then
|
|
# get network info
|
|
toraddress=$(sudo cat /mnt/hdd/tor/jam/hostname 2>/dev/null)
|
|
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
|
|
|
|
if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
|
|
# Info with Tor
|
|
sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
|
|
whiptail --title " Jam (JoinMarket Web UI) " --msgbox "Open in your local web browser:
|
|
https://${localip}:7501\n
|
|
with Fingerprint:
|
|
${fingerprint}\n
|
|
Hidden Service address for Tor Browser (see LCD for QR):\n${toraddress}
|
|
" 16 67
|
|
sudo /home/admin/config.scripts/blitz.display.sh hide
|
|
else
|
|
# Info without Tor
|
|
whiptail --title " Jam (JoinMarket Web UI) " --msgbox "Open in your local web browser & accept self-signed cert:
|
|
https://${localip}:7501\n
|
|
with Fingerprint:
|
|
${fingerprint}\n
|
|
Activate Tor to access the web interface from outside your local network.
|
|
" 15 57
|
|
fi
|
|
echo "# please wait ..."
|
|
else
|
|
echo "# *** JAM NOT INSTALLED ***"
|
|
fi
|
|
exit 0
|
|
fi
|
|
|
|
|
|
# install (code & compile)
|
|
if [ "$1" = "install" ]; then
|
|
|
|
if [ "${isInstalled}" != "0" ]; then
|
|
echo "result='already installed'"
|
|
exit 0
|
|
fi
|
|
|
|
# make sure joinmarket is installed
|
|
sudo /home/admin/config.scripts/bonus.joinmarket.sh install || exit 1
|
|
|
|
echo "# *** INSTALL JAM (user & code) ***"
|
|
|
|
echo "# Creating the ${USERNAME} user"
|
|
sudo adduser --disabled-password --gecos "" ${USERNAME}
|
|
|
|
# install nodeJS
|
|
/home/admin/config.scripts/bonus.nodejs.sh on
|
|
|
|
# install
|
|
cd $HOME_DIR || exit 1
|
|
|
|
sudo -u $USERNAME git clone https://github.com/$REPO
|
|
|
|
cd jam || exit 1
|
|
sudo -u $USERNAME git reset --hard v${WEBUI_VERSION}
|
|
|
|
sudo -u $USERNAME /home/admin/config.scripts/blitz.git-verify.sh "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "v${WEBUI_VERSION}" || exit 1
|
|
|
|
cd $HOME_DIR || exit 1
|
|
sudo -u $USERNAME mv jam $APP_DIR
|
|
cd $APP_DIR || exit 1
|
|
sudo -u $USERNAME rm -rf docker
|
|
if ! sudo -u $USERNAME npm install; then
|
|
echo "# FAIL - npm install did not run correctly, aborting"
|
|
echo "result='fail - npm install did not run correctly'"
|
|
exit 1
|
|
fi
|
|
|
|
sudo -u $USERNAME npm run build
|
|
echo "# OK JAM user/codebase installed"
|
|
exit 0
|
|
fi
|
|
|
|
# remove from system
|
|
if [ "$1" = "uninstall" ]; then
|
|
|
|
# check if still active
|
|
if [ "${isActive}" != "0" ]; then
|
|
echo "result='still in use'"
|
|
exit 1
|
|
fi
|
|
|
|
echo "# *** UNINSTALL JAM ***"
|
|
|
|
# always delete user and home directory
|
|
sudo userdel -rf $USERNAME
|
|
|
|
exit 0
|
|
fi
|
|
|
|
# switch on
|
|
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
|
|
|
|
# check if already ON
|
|
echo "# isActive(${isActive})" 1>&2
|
|
if [ ${isActive} -gt 1 ]; then
|
|
echo "# JAM already installed."
|
|
echo "result='OK'"
|
|
exit 0
|
|
fi
|
|
|
|
# check if user/codebase is already installed
|
|
echo "# isInstalled(${isInstalled})" 1>&2
|
|
if [ ${isInstalled} -eq 0 ]; then
|
|
sudo /home/admin/config.scripts/bonus.jam.sh install 1>&2 || exit 1
|
|
fi
|
|
|
|
# make sure joinmarket base is also activated
|
|
sudo /home/admin/config.scripts/bonus.joinmarket.sh on 1>&2 || exit 1
|
|
|
|
echo "# *** ACTIVATING JAM ***"
|
|
|
|
##################
|
|
# NGINX
|
|
##################
|
|
# remove legacy nginx symlinks and configs
|
|
sudo rm -f /etc/nginx/sites-enabled/joinmarket_webui_* 1>&2
|
|
sudo rm -f /etc/nginx/sites-available/joinmarket_webui_* 1>&2
|
|
# setup nginx symlinks
|
|
sudo cp -f /home/admin/assets/nginx/sites-available/jam_ssl.conf /etc/nginx/sites-available/jam_ssl.conf 1>&2
|
|
sudo cp -f /home/admin/assets/nginx/sites-available/jam_tor.conf /etc/nginx/sites-available/jam_tor.conf 1>&2
|
|
sudo cp -f /home/admin/assets/nginx/sites-available/jam_tor_ssl.conf /etc/nginx/sites-available/jam_tor_ssl.conf 1>&2
|
|
sudo ln -sf /etc/nginx/sites-available/jam_ssl.conf /etc/nginx/sites-enabled/ 1>&2
|
|
sudo ln -sf /etc/nginx/sites-available/jam_tor.conf /etc/nginx/sites-enabled/ 1>&2
|
|
sudo ln -sf /etc/nginx/sites-available/jam_tor_ssl.conf /etc/nginx/sites-enabled/ 1>&2
|
|
sudo nginx -t 1>&2
|
|
sudo systemctl reload nginx 1>&2
|
|
|
|
# open the firewall
|
|
echo "# *** Updating Firewall ***" 1>&2
|
|
sudo ufw allow from any to any port 7500 comment 'allow Jam HTTP' 1>&2
|
|
sudo ufw allow from any to any port 7501 comment 'allow Jam HTTPS' 1>&2
|
|
|
|
#########################
|
|
## JOINMARKET-API SERVICE
|
|
#########################
|
|
# SSL
|
|
if [ -d /home/joinmarket/.joinmarket/ssl ]; then
|
|
sudo -u joinmarket rm -rf /home/joinmarket/.joinmarket/ssl 1>&2
|
|
fi
|
|
subj="/C=US/ST=Utah/L=Lehi/O=Your Company, Inc./OU=IT/CN=example.com"
|
|
sudo -u joinmarket mkdir -p /home/joinmarket/.joinmarket/ssl/ 1>&2 \
|
|
&& pushd "$_" 1>&2 \
|
|
&& sudo -u joinmarket openssl req -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes -out cert.pem -keyout key.pem -subj "$subj" 1>&2 \
|
|
&& popd 1>&2 || exit 1
|
|
|
|
# SYSTEMD SERVICE
|
|
echo "# Install JoinMarket API systemd" 1>&2
|
|
echo "\
|
|
# Systemd unit for JoinMarket API
|
|
|
|
[Unit]
|
|
Description=JoinMarket API daemon
|
|
|
|
[Service]
|
|
WorkingDirectory=/home/joinmarket/joinmarket-clientserver/scripts/
|
|
ExecStartPre=-/home/admin/config.scripts/bonus.jam.sh precheck
|
|
ExecStart=/bin/sh -c '. /home/joinmarket/joinmarket-clientserver/jmvenv/bin/activate && python jmwalletd.py'
|
|
User=joinmarket
|
|
Group=joinmarket
|
|
Restart=always
|
|
TimeoutSec=120
|
|
RestartSec=60
|
|
LogLevelMax=4
|
|
|
|
# Hardening measures
|
|
PrivateTmp=true
|
|
ProtectSystem=full
|
|
NoNewPrivileges=true
|
|
PrivateDevices=true
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
" | sudo tee /etc/systemd/system/joinmarket-api.service 1>&2
|
|
sudo systemctl enable joinmarket-api 1>&2
|
|
|
|
# remove legacy name
|
|
/home/admin/config.scripts/blitz.conf.sh delete joinmarketWebUI $RASPIBLITZ_CONF 1>&2
|
|
# setting value in raspiblitz config
|
|
/home/admin/config.scripts/blitz.conf.sh set jam on $RASPIBLITZ_CONF 1>&2
|
|
|
|
# Hidden Service for jam if Tor is active
|
|
if [ "${runBehindTor}" = "on" ]; then
|
|
# remove legacy
|
|
/home/admin/config.scripts/tor.onion-service.sh off joinmarket-webui 1>&2
|
|
# add jam
|
|
/home/admin/config.scripts/tor.onion-service.sh jam 80 7502 443 7503 1>&2
|
|
fi
|
|
source $RASPIBLITZ_INFO
|
|
if [ "${state}" == "ready" ]; then
|
|
echo "# OK - the joinmarket-api.service is enabled, system is ready so starting service"
|
|
sudo systemctl start joinmarket-api
|
|
else
|
|
echo "# OK - the joinmarket-api.service is enabled, to start manually use: 'sudo systemctl start joinmarket-api'"
|
|
fi
|
|
|
|
echo "# Start the joinmarket ob-watcher.service"
|
|
sudo -u joinmarket /home/joinmarket/menu.orderbook.sh startOrderBookService 1>&2
|
|
echo "# For the connection details run: /home/admin/config.scripts/bonus.jam.sh menu"
|
|
echo "result='OK'"
|
|
exit 0
|
|
fi
|
|
|
|
# precheck
|
|
if [ "$1" = "precheck" ]; then
|
|
if [ $(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf listwallets | grep -c wallet.dat) -eq 0 ];then
|
|
echo "# Create a non-descriptor wallet.dat"
|
|
/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
|
|
else
|
|
isDescriptor=$(/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -rpcwallet=wallet.dat getwalletinfo | grep -c '"descriptors": true,')
|
|
if [ "$isDescriptor" -gt 0 ]; then
|
|
# unload
|
|
/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf unloadwallet wallet.dat
|
|
echo "# Move the wallet.dat with descriptors to /mnt/hdd/bitcoin/descriptors"
|
|
mv /mnt/hdd/bitcoin/wallet.dat /mnt/hdd/bitcoin/descriptors
|
|
echo "# Create a non-descriptor wallet.dat"
|
|
/usr/local/bin/bitcoin-cli -conf=/mnt/hdd/bitcoin/bitcoin.conf -named createwallet wallet_name=wallet.dat descriptors=false
|
|
else
|
|
echo "# The non-descriptor wallet.dat is loaded in bitcoind."
|
|
fi
|
|
fi
|
|
echo "# Make sure max_cj_fee_abs and max_cj_fee_rel are set"
|
|
# max_cj_fee_abs between 5000 - 10000 sats
|
|
sed -i "s/#max_cj_fee_abs = x/max_cj_fee_abs = $(shuf -i 5000-10000 -n1)/g" /home/joinmarket/.joinmarket/joinmarket.cfg
|
|
# max_cj_fee_rel between 0.01 - 0.03%
|
|
sed -i "s/#max_cj_fee_rel = x/max_cj_fee_rel = 0.000$((RANDOM%3+1))/g" /home/joinmarket/.joinmarket/joinmarket.cfg
|
|
exit 0
|
|
fi
|
|
|
|
|
|
# update
|
|
if [ "$1" = "update" ]; then
|
|
isInstalled=$(sudo ls $HOME_DIR 2>/dev/null | grep -c "$APP_DIR")
|
|
if [ ${isInstalled} -gt 0 ]; then
|
|
echo "*** UPDATE JAM ***"
|
|
cd $HOME_DIR || exit 1
|
|
|
|
if [ "$2" = "commit" ]; then
|
|
echo "# Remove old source code"
|
|
sudo rm -rf jam
|
|
sudo rm -rf $APP_DIR
|
|
echo "# Downloading the latest commit in the default branch of $REPO"
|
|
sudo -u $USERNAME git clone https://github.com/$REPO
|
|
else
|
|
version=$(curl --header "X-GitHub-Api-Version:2022-11-28" --silent "https://api.github.com/repos/$REPO/releases/latest" | grep '"tag_name":' | sed -E 's/.*"v([^"]+)".*/\1/')
|
|
cd $APP_DIR || exit 1
|
|
current=$(node -p "require('./package.json').version")
|
|
cd ..
|
|
if [ "$current" = "$version" ]; then
|
|
echo "*** JAM IS ALREADY UPDATED TO LATEST RELEASE ***"
|
|
exit 0
|
|
fi
|
|
|
|
echo "# Remove old source code"
|
|
sudo rm -rf jam
|
|
sudo rm -rf $APP_DIR
|
|
sudo -u $USERNAME git clone https://github.com/$REPO
|
|
cd jam || exit 1
|
|
sudo -u $USERNAME git reset --hard v${version}
|
|
|
|
sudo -u $USERNAME /home/admin/config.scripts/blitz.git-verify.sh \
|
|
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" "v${version}" || exit 1
|
|
|
|
cd $HOME_DIR || exit 1
|
|
fi
|
|
|
|
sudo -u $USERNAME mv jam $APP_DIR
|
|
cd $APP_DIR || exit 1
|
|
sudo -u $USERNAME rm -rf docker
|
|
if ! sudo -u $USERNAME npm install; then
|
|
echo "FAIL - npm install did not run correctly, aborting"
|
|
exit 1
|
|
fi
|
|
|
|
sudo -u $USERNAME npm run build
|
|
echo "*** JAM UPDATED to $version ***"
|
|
else
|
|
echo "*** JAM IS NOT INSTALLED ***"
|
|
fi
|
|
|
|
exit 0
|
|
fi
|
|
|
|
|
|
# switch off
|
|
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
|
|
|
|
echo "# *** DEACTIVATE JAM ***"
|
|
|
|
echo "# Cleaning up Jam install ..."
|
|
# remove systemd service
|
|
sudo systemctl stop joinmarket-api 2>/dev/null
|
|
sudo systemctl disable joinmarket-api 2>/dev/null
|
|
sudo rm -f /etc/systemd/system/joinmarket-api.service
|
|
|
|
# close ports on firewall
|
|
sudo ufw delete allow from any to any port 7500 1>&2
|
|
sudo ufw delete allow from any to any port 7501 1>&2
|
|
|
|
# remove nginx symlinks and configs
|
|
sudo rm -f /etc/nginx/sites-enabled/jam_* 1>&2
|
|
sudo rm -f /etc/nginx/sites-available/jam_* 1>&2
|
|
sudo rm /var/log/nginx/error_jam.log 1>/dev/null 2/dev/null
|
|
sudo rm /var/log/nginx/access_jam.log 1>/dev/null 2/dev/null
|
|
sudo nginx -t 1>&2
|
|
sudo systemctl reload nginx 1>&2
|
|
|
|
# Hidden Service if Tor is active
|
|
if [ "${runBehindTor}" = "on" ]; then
|
|
/home/admin/config.scripts/tor.onion-service.sh off jam 1>&2
|
|
fi
|
|
|
|
# remove SSL
|
|
sudo rm -rf $HOME_DIR/.joinmarket/ssl 1>&2
|
|
|
|
# setting value in raspi blitz config
|
|
/home/admin/config.scripts/blitz.conf.sh delete jam $RASPIBLITZ_CONF
|
|
|
|
echo "# OK, Jam is removed"
|
|
exit 0
|
|
fi
|
|
|
|
echo "FAIL - Unknown Parameter $1"
|
|
exit 1
|