mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-03-01 09:00:15 +01:00
Code Issues Projects Releases Packages Wiki Activity
raspiblitz/home.admin/config.scripts/bonus.lit.sh
/rootzoll 1a0c4fe09a
v1.9.0rc3 Merge (#3742) 
* cln: use default normal feerate to withdraw all

* Bugfix: bad subsititution (#3668)

Fix for error:

/home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution

* whiptail one line

* fix syntax

* lnproxy: fix api access through nginx (#3671)

* lnproxy: fix api access through nginx
* fix tor config and fit the menu
* add to the menu and provision

* merge #3682

* cln update to v23.02, backup-plugin update, add poetry (#3684)

* cln backup-plugin update, add poetry
* fix mkdir error, remove commented code, fmt #3677
* poetry and path fixes
* add terminal feedback, format #3676
* detect the full name of the plugin
* install pyln-client tqdm with pip
* git-verify: add --keyid-format LONG
to recognise if the signing key is not the main key
* cln update to v23.02
* cln-grpc: add protobuf-compiler dep
* rtl update to v0.13.6 and formatting
* C-lightningREST update to v0.10.1

* CLN FAQ update (#3666)

* improve the detection of existing cln aliases
* add the emergencyrecover instructions to  CLN FAQ
* update help entries

* Update Tallycoin to version 1.8.0 (#3693)

* add tallycoin update info to CHANGES

* Fix typo in README.md (#3699)

excepted -> accepted

* #3694 add LCD info

* #3664 att timeout 30s to ln monitor calls (#3665)

* fix setting LND_REST_ENDPOINT (#3689)

* btcpay update v1.8.2, postgres database fix (#3697)

* btcpay update v1.8.0, postgres database fix

* btcpayserver update to v1.8.2

* update lnbits to 0.10.2 and use poetry instead of venv (#3703)

* fix apt update Key error for influx repo (#3711)

Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>

* fix missing timeout value for nc cmnd (#3712)

Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>

* #3706 Update CLN v23.02.2 (#3716)

* used patched/rolledback 23.02.2 release
* check rusty sig
* fix typo
* fix default lightning setting

* #3683 Update LIT to 0.8.6 (#3717)

* update LIT to 0.8.6
* activate lnd rpcmiddleware
* CHANGES.md

* #3667 change all up/download from sftp tp scp (#3718)

* #3722 add no hostkeys available detection (#3723)

* #1186 FinTS/HBCI interface (#3704)

* #1186 FinTS install script first draft

* only start app when blitz is ready

* improve menu

* improve dit lnbits config

* preserve edit

* improve edit

* improve edit

* fix insertion

* dont use fingerprint

* now use main repo

* add port

* show local ip

* fix typo

* show port SSL

* Update bonus.lndg.sh (#3725)

* Update bonus.lndg.sh

Changes version to v1.6.0.
Fixes update menu bug.
Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats).

* Update bonus.lndg.sh

Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future).

* #3725 update lndg version in CHANGES

* #3692 update lnd to v0.16.0-beta (#3732)

* update SD CARD base image info

* Clenaup CHANGES info

* RTL install fix (#3739)

* c-lightning-REST update to 0.10.2, fmt
* rtl: npm insatll with --legacy-peer-deps
* purge c-lightning-REST as well with RTL

* jam update to v0.1.5 (#3736)

* 3733 CLN GRPC > JRPC (#3741)

* change exit code

* change to cln_jrpc

* deactivate the cln_grpc settings

* set v1.9.0rc3 version

---------

Co-authored-by: openoms <oms@tuta.io>
Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com>
Co-authored-by: openoms <43343391+openoms@users.noreply.github.com>
Co-authored-by: DJ Booth <djbooth007@gmail.com>
Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com>
Co-authored-by: dni  <office@dnilabs.com>
Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com>
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>
2023-04-08 23:10:01 +02:00

408 lines
14 KiB
Bash
Raw Blame History

#!/bin/bash
# https://github.com/lightninglabs/lightning-terminal/releases
LITVERSION="0.8.6-alpha"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "config script to switch the Lightning Terminal Service on or off"
echo "installs the version $LITVERSION"
echo "bonus.lit.sh [on|off|menu]"
exit 1
fi
# check who signed the release in https://github.com/lightninglabs/lightning-terminal/releases
PGPsigner="ellemouton"
if [ $PGPsigner = ellemouton ];then
PGPpkeys="https://github.com/${PGPsigner}.gpg"
PGPcheck="D7D916376026F177"
elif [ $PGPsigner = guggero ];then
PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc"
PGPcheck="03DB6322267C373B"
elif [ $PGPsigner = roasbeef ];then
PGPpkeys="https://keybase.io/${PGPsigner}/pgp_keys.asc "
PGPcheck="3BBD59E99B280306"
fi
source /mnt/hdd/raspiblitz.conf
# show info menu
if [ "$1" = "menu" ]; then
# get network info
localip=$(hostname -I | awk '{print $1}')
toraddress=$(sudo cat /mnt/hdd/tor/lit/hostname 2>/dev/null)
fingerprint=$(sudo openssl x509 -in /home/lit/.lit/tls.cert -fingerprint -noout | cut -d"=" -f2)
if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
# Info with TOR
sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
whiptail --title " Lightning Terminal " --msgbox "Open in your local web browser & accept self-signed cert:
https://${localip}:8443\n
SHA1 Thumb/Fingerprint:
${fingerprint}\n
Use your Password B to login.\n
Hidden Service address for the Tor Browser (see LCD for QR):
https://${toraddress}\n
For the command line switch to 'lit' user with: 'sudo su - lit'
use the commands: 'lncli', 'lit-loop', 'lit-pool' and 'lit-frcli'.
" 19 74
sudo /home/admin/config.scripts/blitz.display.sh hide
else
# Info without TOR
whiptail --title " Lightning Terminal " --msgbox "Open in your local web browser & accept self-signed cert:
https://${localip}:8443\n
SHA1 Thumb/Fingerprint:
${fingerprint}\n
Use your Password B to login.\n
Activate TOR to access the web interface from outside your local network.\n
For the command line switch to 'lit' user with: 'sudo su - lit'
use the commands: 'lncli', 'lit-loop', 'lit-pool' and 'lit-frcli'.
" 19 63
fi
echo "please wait ..."
exit 0
fi
# stop services
echo "making sure the lit service is not running"
sudo systemctl stop litd 2>/dev/null
# switch on
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
echo "# INSTALL LIGHTNING TERMINAL"
# switching off single installs of pool, loop or faraday if installed
if [ "${loop}" = "on" ]; then
echo "# Replacing single install of: LOOP"
/home/admin/config.scripts/bonus.loop.sh off
fi
if [ "${pool}" = "on" ]; then
echo "# Replacing single install of: POOL"
/home/admin/config.scripts/bonus.pool.sh off
fi
if [ "${faraday}" = "on" ]; then
echo "# Replacing single install of: FARADAY"
/home/admin/config.scripts/bonus.faraday.sh off
fi
isInstalled=$(sudo ls /etc/systemd/system/litd.service 2>/dev/null | grep -c 'litd.service')
if [ ${isInstalled} -eq 0 ]; then
# create dedicated user
sudo adduser --disabled-password --gecos "" lit
# make sure symlink to central app-data directory exists
sudo rm -rf /home/lit/.lnd # not a symlink.. delete it silently
# create symlink
sudo ln -s "/mnt/hdd/app-data/lnd/" "/home/lit/.lnd"
# sync all macaroons and unix groups for access
/home/admin/config.scripts/lnd.credentials.sh sync "${chain:-main}net"
# macaroons will be checked after install
# add user to group with admin access to lnd
sudo /usr/sbin/usermod --append --groups lndadmin lit
# add user to group with readonly access on lnd
sudo /usr/sbin/usermod --append --groups lndreadonly lit
# add user to group with invoice access on lnd
sudo /usr/sbin/usermod --append --groups lndinvoice lit
# add user to groups with all macaroons
sudo /usr/sbin/usermod --append --groups lndinvoices lit
sudo /usr/sbin/usermod --append --groups lndchainnotifier lit
sudo /usr/sbin/usermod --append --groups lndsigner lit
sudo /usr/sbin/usermod --append --groups lndwalletkit lit
sudo /usr/sbin/usermod --append --groups lndrouter lit
echo "# persist settings in app-data"
# move old data if present
sudo mv /home/lit/.lit /mnt/hdd/app-data/ 2>/dev/null
echo "# make sure the data directory exists"
sudo mkdir -p /mnt/hdd/app-data/.lit
echo "# symlink"
sudo rm -rf /home/lit/.lit # not a symlink.. delete it silently
sudo ln -s /mnt/hdd/app-data/.lit/ /home/lit/.lit
sudo chown lit:lit -R /mnt/hdd/app-data/.lit
echo "# move the standalone Loop and Pool data to LiT"
echo "# Loop"
# move old data if present
sudo mv /home/loop/.loop /mnt/hdd/app-data/ 2>/dev/null
echo "# remove so can't be used parallel with LiT"
config.scripts/bonus.loop.sh off
echo "# make sure the data directory exists"
sudo mkdir -p /mnt/hdd/app-data/.loop
echo "# symlink"
sudo rm -rf /home/lit/.loop # not a symlink.. delete it silently
sudo ln -s /mnt/hdd/app-data/.loop/ /home/lit/.loop
sudo chown lit:lit -R /mnt/hdd/app-data/.loop
echo "# Pool"
echo "# remove so can't be used parallel with LiT"
config.scripts/bonus.pool.sh off
echo "# make sure the data directory exists"
sudo mkdir -p /mnt/hdd/app-data/.pool
echo "# symlink"
sudo rm -rf /home/lit/.pool # not a symlink.. delete it silently
sudo ln -s /mnt/hdd/app-data/.pool/ /home/lit/.pool
sudo chown lit:lit -R /mnt/hdd/app-data/.pool
echo "Detect CPU architecture ..."
isARM=$(uname -m | grep -c 'arm')
isAARCH64=$(uname -m | grep -c 'aarch64')
isX86_64=$(uname -m | grep -c 'x86_64')
if [ ${isARM} -eq 0 ] && [ ${isAARCH64} -eq 0 ] && [ ${isX86_64} -eq 0 ]; then
echo "# FAIL #"
echo "Can only build on ARM, aarch64, x86_64 or i386 not on:"
uname -m
exit 1
else
echo "OK running on $(uname -m) architecture."
fi
downloadDir="/home/admin/download/lit" # edit your download directory
rm -rf "${downloadDir}"
mkdir -p "${downloadDir}"
cd "${downloadDir}" || exit 1
# extract the SHA256 hash from the manifest file for the corresponding platform
wget -N https://github.com/lightninglabs/lightning-terminal/releases/download/v${LITVERSION}/manifest-v${LITVERSION}.txt
if [ ${isARM} -eq 1 ] ; then
OSversion="armv7"
elif [ ${isAARCH64} -eq 1 ] ; then
OSversion="arm64"
elif [ ${isX86_64} -eq 1 ] ; then
OSversion="amd64"
fi
SHA256=$(grep -i "linux-$OSversion" manifest-v$LITVERSION.txt | cut -d " " -f1)
echo
echo "# LiT v${LITVERSION} for ${OSversion}"
echo "# SHA256 hash: $SHA256"
echo
echo "# get LiT binary"
binaryName="lightning-terminal-linux-${OSversion}-v${LITVERSION}.tar.gz"
wget -N https://github.com/lightninglabs/lightning-terminal/releases/download/v${LITVERSION}/${binaryName}
echo "# check binary was not manipulated (checksum test)"
wget -N https://github.com/lightninglabs/lightning-terminal/releases/download/v${LITVERSION}/manifest-v${LITVERSION}.sig
wget --no-check-certificate -O ./pgp_keys.asc ${PGPpkeys}
binaryChecksum=$(sha256sum ${binaryName} | cut -d " " -f1)
if [ "${binaryChecksum}" != "${SHA256}" ]; then
echo "# FAIL # Downloaded LiT BINARY not matching SHA256 checksum: ${SHA256}"
exit 1
fi
echo "# check gpg finger print"
gpg --show-keys --keyid-format LONG ./pgp_keys.asc
fingerprint=$(gpg --show-keys --keyid-format LONG "./pgp_keys.asc" 2>/dev/null \
| grep "${PGPcheck}" -c)
if [ ${fingerprint} -lt 1 ]; then
echo ""
echo "# BUILD WARNING --> LiT PGP author not as expected"
echo "Should contain PGP: ${PGPcheck}"
echo "PRESS ENTER to TAKE THE RISK if you think all is OK"
read key
fi
gpg --import ./pgp_keys.asc
sleep 3
verifyResult=$(LANG=en_US.utf8; gpg --verify manifest-v${LITVERSION}.sig manifest-v${LITVERSION}.txt 2>&1)
goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
echo "goodSignature(${goodSignature})"
correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${GPGcheck}" -c)
echo "correctKey(${correctKey})"
if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
echo ""
echo "# BUILD FAILED --> LND PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
exit 1
fi
###########
# install #
###########
tar -xzf ${binaryName}
cd lightning-terminal-linux-${OSversion}-v${LITVERSION} || exit 1
# do not overwrite lncli
sudo install -m 0755 -o root -g root -t /usr/local/bin frcli
sudo install -m 0755 -o root -g root -t /usr/local/bin litcli
sudo install -m 0755 -o root -g root -t /usr/local/bin litd
sudo install -m 0755 -o root -g root -t /usr/local/bin loop
sudo install -m 0755 -o root -g root -t /usr/local/bin pool
###########
# config #
###########
# check if lnd.conf has rpcmiddleware.enable entry under section Application Options
entryExists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c "rpcmiddleware.enable=")
if [ "${entryExists}" == "0" ]; then
echo "# add rpcmiddleware.enable=true to lnd.conf"
sudo sed -i "/^\[Application Options\]$/arpcmiddleware.enable=true" /mnt/hdd/lnd/lnd.conf
fi
# make sure lnd.conf has rpcmiddleware.enable=true
sudo sed -i "s/^rpcmiddleware.enable=.*/rpcmiddleware.enable=true/g" /mnt/hdd/lnd/lnd.conf
if [ "${runBehindTor}" = "on" ]; then
echo "# Connect to the Pool, Loop and Terminal server through Tor"
LOOPPROXY="loop.server.proxy=127.0.0.1:9050"
POOLPROXY="pool.proxy=127.0.0.1:9050"
else
echo "# Connect to Pool, Loop and Terminal server through clearnet"
LOOPPROXY=""
POOLPROXY=""
fi
PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
echo "
# Application Options
httpslisten=0.0.0.0:8443
uipassword=$PASSWORD_B
# Remote options
remote.lit-debuglevel=debug
# Remote lnd options
remote.lnd.rpcserver=127.0.0.1:10009
remote.lnd.macaroonpath=/home/lit/.lnd/data/chain/bitcoin/${chain}net/admin.macaroon
remote.lnd.tlscertpath=/home/lit/.lnd/tls.cert
# Loop
loop.loopoutmaxparts=5
$LOOPPROXY
# Pool
pool.newnodesonly=true
$POOLPROXY
# Faraday
faraday.min_monitored=48h
# Faraday - bitcoin
faraday.connect_bitcoin=true
faraday.bitcoin.host=localhost
faraday.bitcoin.user=raspibolt
faraday.bitcoin.password=$PASSWORD_B
" | sudo tee /mnt/hdd/app-data/.lit/lit.conf
# secure
sudo chown lit:lit /mnt/hdd/app-data/.lit/lit.conf
sudo chmod 600 /mnt/hdd/app-data/.lit/lit.conf || exit 1
############
# service #
############
# sudo nano /etc/systemd/system/litd.service
echo "
[Unit]
Description=litd Service
After=lnd.service
[Service]
ExecStart=/usr/local/bin/litd
User=lit
Group=lit
Type=simple
TimeoutSec=60
Restart=on-failure
RestartSec=60
StandardOutput=journal
StandardError=journal
LogLevelMax=4
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
" | sudo tee -a /etc/systemd/system/litd.service
sudo systemctl enable litd
echo "OK - the Lightning lit service is now enabled"
else
echo "# The Lightning Terminal is already installed."
fi
# aliases
echo "
alias lit-loop=\"loop --rpcserver=localhost:8443 \
--tlscertpath=/home/lit/.lit/tls.cert \
--macaroonpath=/home/lit/.loop/${chain}net/loop.macaroon\"
alias lit-pool=\"pool --rpcserver=localhost:8443 \
--tlscertpath=/home/lit/.lit/tls.cert \
--macaroonpath=/home/lit/.pool/${chain}net/pool.macaroon\"
alias lit-frcli=\"frcli --rpcserver=localhost:8443 \
--tlscertpath=/home/lit/.lit/tls.cert \
--macaroonpath=/home/lit/.faraday/${chain}net/faraday.macaroon\"
" | sudo tee -a /home/lit/.bashrc
# open ports on firewall
sudo ufw allow 8443 comment "Lightning Terminal"
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set lit "on"
# Hidden Service if Tor is active
if [ "${runBehindTor}" = "on" ]; then
# make sure to keep in sync with tor.network.sh script
/home/admin/config.scripts/tor.onion-service.sh lit 443 8443
fi
# in case RTL is installed - check to connect
if [ -d /home/rtl ]; then
sudo /home/admin/config.scripts/bonus.rtl.sh connect-services
sudo systemctl restart RTL 2>/dev/null
fi
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# OK - the litd.service is enabled, system is ready so starting service"
sudo systemctl restart lnd
sudo systemctl start litd
else
echo "# OK - the litd.service is enabled, to start manually use: 'sudo systemctl start litd'"
fi
exit 0
fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
isInstalled=$(sudo ls /etc/systemd/system/litd.service 2>/dev/null | grep -c 'litd.service')
if [ ${isInstalled} -eq 1 ]; then
echo "*** REMOVING LIT ***"
# remove the systemd service
sudo systemctl stop litd
sudo systemctl disable litd
sudo rm /etc/systemd/system/litd.service
# close ports on firewall
sudo ufw deny 8443
# delete Go package
sudo rm /usr/local/bin/litd
echo "# OK, the lit.service is removed."
# Hidden Service if Tor is active
if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/tor.onion-service.sh off lit
fi
else
echo "# LiT is not installed."
fi
# clean up anyway
# delete user
sudo userdel -rf lit
# delete group
sudo groupdel lit
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set lit "off"
exit 0
fi
echo "FAIL - Unknown Parameter $1"
echo "may need reboot to run normal again"
exit 1
Reference in a new issue View git blame Copy permalink