mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-02-28 16:58:03 +01:00
Code Issues Projects Releases Packages Wiki Activity
raspiblitz/home.admin/config.scripts/bonus.circuitbreaker.sh
openoms 13ae51c54a
build: fix github web-flow PGPpubkeyFingerprint (#4417) 
* build: fix github web-flow PGPpubkeyFingerprint
* git-verify: use extended regular expression to check alternative key
* build: break when external scripts return with error
* git-verify: use extended regular expression to check correctKey
* ci: maximize disk space in gh action
using https://github.com/marketplace/actions/maximize-build-disk-space
2024-02-16 17:23:06 +01:00

245 lines
7.6 KiB
Bash
Executable file
Raw Blame History

#!/bin/bash
# https://github.com/lightningequipment/circuitbreaker/releases
# https://github.com/lightningequipment/circuitbreaker/commits/master
pinnedVersion="60b70d91710efe7227b253e74f0d39ccfc9702c1"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo
echo "Config script to switch the circuitbreaker on, off or update to the latest release tag or commit"
echo "bonus.circuitbreaker.sh [on|off|update|update commit|menu]"
echo
echo "Version to be installed by default: $pinnedVersion"
echo "Source: https://github.com/lightningequipment/circuitbreaker"
echo
exit 1
fi
PGPsigner="web-flow"
PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
PGPpubkeyFingerprint="(4AEE18F83AFDEB23|B5690EEEBB952194)"
# PGPsigner="joostjager"
# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
# PGPpubkeyFingerprint="B9A26449A5528325"
source /mnt/hdd/raspiblitz.conf
isInstalled=$(sudo ls /etc/systemd/system/circuitbreaker.service 2>/dev/null | grep -c 'circuitbreaker.service')
# show info menu
if [ "$1" = "menu" ]; then
# get network info
localip=$(hostname -I | awk '{print $1}')
fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
# info without Tor
whiptail --title " Circuit Breaker" --msgbox "Open in your local web browser & accept self-signed cert:
https://${localip}:9236\n
SHA1 Thumb/Fingerprint:
${fingerprint}\n
To follow the logs use the command:
sudo journalctl -fu circuitbreaker
" 14 63
echo "please wait ..."
exit 0
fi
# switch on
if [ "$1" = "menu" ]; then
if [ ${isInstalled} -eq 1 ]; then
whiptail --title " circuitbreaker " --msgbox "Circuitbreaker is to Lightning what firewalls are to the internet.\n
Its a service running in the background - use to monitor:
sudo journalctl -fu circuitbreaker\n
For more details and further information see:
https://github.com/lightningequipment/circuitbreaker/blob/master/README.md
" 13 78
clear
else
echo "# Circuit Breaker is not installed."
fi
exit 0
fi
# stop services
echo "# Making sure the service is not running"
sudo systemctl stop circuitbreaker 2>/dev/null
# switch on
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "# Installing circuitbreaker $pinnedVersion"
if [ ${isInstalled} -eq 0 ]; then
# install Go
/home/admin/config.scripts/bonus.go.sh on
# get Go vars
source /etc/profile
# create dedicated user
sudo adduser --system --group --home /home/circuitbreaker circuitbreaker
# set PATH for the user
sudo bash -c "echo 'PATH=\$PATH:/home/circuitbreaker/go/bin/' >> /home/circuitbreaker/.profile"
# make sure symlink to central app-data directory exists"
sudo rm -rf /home/circuitbreaker/.lnd # not a symlink.. delete it silently
# create symlink
sudo ln -s /mnt/hdd/app-data/lnd/ /home/circuitbreaker/.lnd
# sync all macaroons and unix groups for access
/home/admin/config.scripts/lnd.credentials.sh sync "${chain:-main}net"
# macaroons will be checked after install
# add user to group with admin access to lnd
sudo /usr/sbin/usermod --append --groups lndadmin circuitbreaker
# install from source
cd /home/circuitbreaker || exit 1
sudo -u circuitbreaker git clone https://github.com/lightningequipment/circuitbreaker.git
cd circuitbreaker || exit 1
sudo -u circuitbreaker git reset --hard $pinnedVersion
sudo -u circuitbreaker /home/admin/config.scripts/blitz.git-verify.sh \
"${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
# make systemd service
# sudo nano /etc/systemd/system/circuitbreaker.service
echo "
[Unit]
Description=circuitbreaker Service
After=lnd.service
[Service]
WorkingDirectory=/home/circuitbreaker/circuitbreaker
ExecStart=/home/circuitbreaker/go/bin/circuitbreaker --network=${chain}net
User=circuitbreaker
Group=circuitbreaker
Type=simple
TimeoutSec=60
Restart=always
RestartSec=60
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee -a /etc/systemd/system/circuitbreaker.service
sudo systemctl enable circuitbreaker
echo "# OK - the circuitbreaker.service is now enabled"
else
echo "# The circuitbreaker.service is already installed."
fi
##################
# NGINX
##################
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/circuitbreaker_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-available/circuitbreaker_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/circuitbreaker_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
isInstalled=$(sudo -u circuitbreaker /home/circuitbreaker/go/bin/circuitbreaker --version | grep -c "circuitbreakerd version")
if [ ${isInstalled} -eq 1 ]; then
echo
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# OK - the circuitbreaker.service is enabled, system is on ready so starting service"
sudo systemctl start circuitbreaker
else
echo "# OK - the circuitbreaker.service is enabled, to start manually use: sudo systemctl start circuitbreaker"
fi
echo "# Find more info at https://github.com/lightningequipment/circuitbreaker"
echo "# Monitor with: 'sudo journalctl -fu circuitbreaker'"
else
echo "# Failed to install circuitbreaker "
exit 1
fi
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set circuitbreaker "on"
sudo ufw allow 9236 comment circuitbreaker_https
exit 0
fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
echo "# Removing the user and it's home directory"
sudo userdel -rf circuitbreaker 2>/dev/null
if [ ${isInstalled} -eq 1 ]; then
echo "# Removing the circuitbreaker.service"
sudo systemctl stop circuitbreaker
sudo systemctl disable circuitbreaker
sudo rm /etc/systemd/system/circuitbreaker.service
echo "# OK, circuitbreaker.service is removed."
else
echo "# circuitbreaker.service is not installed."
fi
# setting value in raspiblitz.conf
/home/admin/config.scripts/blitz.conf.sh set circuitbreaker "off"
sudo ufw delete allow 9236
exit 0
fi
# update
if [ "$1" = "update" ]; then
echo "# Updating Circuit Breaker"
cd /home/circuitbreaker/circuitbreaker || exit 1
# from https://github.com/apotdevin/thunderhub/blob/master/scripts/updateToLatest.sh
# fetch latest master
sudo -u circuitbreaker git fetch
if [ "$2" = "commit" ]; then
echo "# Updating to the latest commit in the default branch"
TAG=$(git describe --tags)
else
TAG=$(git tag | sort -V | tail -1)
# unset $1
set --
UPSTREAM=${1:-'@{u}'}
LOCAL=$(git rev-parse @)
REMOTE=$(git rev-parse "$UPSTREAM")
if [ $LOCAL = $REMOTE ]; then
echo "# You are up-to-date on version" $TAG
echo "# Starting the circuitbreaker service ... "
sudo systemctl start circuitbreaker
exit 0
fi
fi
echo "# Pulling latest changes..."
sudo -u circuitbreaker git pull -p
sudo -u circuitbreaker git reset --hard $TAG
#TODO PGP verification on update
echo "# Installing the version: $TAG"
sudo -u circuitbreaker /usr/local/go/bin/go install ./... || exit 1
echo
echo "# Updated to version" $TAG
echo
echo "# Starting the circuitbreaker service ... "
sudo systemctl start circuitbreaker
echo "# Monitor with: 'sudo journalctl -fu circuitbreaker'"
exit 0
fi
echo "# FAIL - Unknown Parameter $1"
echo "# may need reboot to run normal again"
exit 1
Reference in a new issue View git blame Copy permalink