mirrors/raspiblitz
1
0
Fork 0
mirror of https://github.com/rootzoll/raspiblitz.git synced 2025-02-25 07:07:46 +01:00
Code Issues Projects Releases Packages Wiki Activity
raspiblitz/home.admin/config.scripts/bonus.lnbits.sh
/rootzoll d7d1c40866
#3505 lnbits PostgresSQl migration finalization (#3507) 
* fix missing dependencies

* LNBits SQLite to PostgreSQL migration (#3411)

* LNBits SQLite to PostgreSQL migration

New installations with PostgreSQL configuration, existent data with SQLite.

convert script needs a full start of LNBits prior migrating the old sqlite db's.

User can migrate from raspiblitz menu.

* only fix postgres if it needs to

check for symbolik link of postgres default directory or desired postgres folder

btcpayserver and lnbits could use postgresql

new script to install or uninstall postgresql

* fix typos

* silent apt remove

* fix removed function postgresConfig

call bonus.postgresql.sh to setup PostgreSQL

* Support outdated installation

old installations should upgrade to new tag first

create new data directory /mnt/hdd/app-data/LNBits/data

* Improve migration

Make it a bit more user friendly and prepare for a worst case to revert the migration if something fails unexpectedly

make use of sync method for preparation

* Rework migration workflow

Cant wait for lnbits to start when ExecStartPre is used.

We need a full start of lnbits prior migration, so make use of lsof to check for ports and wait.

dont forget to start postgres service after installation. dont forget to stop postgres after uninstall

* Dont overwrite the backup file

if we start migrate again, the sqlite backup should not be overwritten with postgres data. Keep the backup file.

* add migrate message to menu

add the hint to revert migration manually after migrate script executed

* fix install and data directory

lnbits always needs a data directory

* clean up lnbits settings for migration

even if postgresql is already running, we can extract sqlite backup and start migrate

remove migrateMsg duplicate

* preserve database for reflash

drop database only for migrate, not for regular installations

* set blitz config for LNBits

fix drop database only for migrate, not for regular installations

* Add confirmation dialog and automatic revert

User needs to confirm the process, this will eliminate missclicks

add a migrate revert function to automatically revert if something unexpected happens

let the user call the function manually

* check conv.py on success or revert

if the conversion script fails, revert automatically

* Improve revert message

Do not print the revert hint message if current database is SQLite

* fix read config LNBitsDB

* fix unpack backup

Folder LNBits should never block the restore of backup. Happened after multiple migrations and revert.

* Wait for lnbits v0.9.5

Set commit version with fix for postgresql database and BIGINT for amounts for migrate

Can be set to v0.9.5 tag or above later

* improve migrate backup handling

revert to the current backup and not to the previous backup.

No need for the failed folder state

user message with backup file path

* check psql version once

* supress expected errors

if database exists

Co-authored-by: /rootzoll <christian@geektank.de>

* fix error output on status

Co-authored-by: ChuckNorrison <2964146+ChuckNorrison@users.noreply.github.com>
2022-12-10 00:04:15 +01:00

1031 lines
34 KiB
Bash
Raw Blame History

#!/bin/bash
# https://github.com/lnbits/lnbits-legend
# https://github.com/lnbits/lnbits-legend/releases
tag="0.9.4"
# command info
if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
echo "Config script to switch LNbits on or off."
echo "Installs the version ${tag} by default."
echo "Usage:"
echo "bonus.lnbits.sh on [lnd|tlnd|slnd|cl|tcl|scl] [?GITHUBUSER] [?BRANCH|?TAG]"
echo "bonus.lnbits.sh switch [lnd|tlnd|slnd|cl|tcl|scl]"
echo "bonus.lnbits.sh off"
echo "bonus.lnbits.sh status"
echo "bonus.lnbits.sh menu"
echo "bonus.lnbits.sh prestart"
echo "bonus.lnbits.sh repo [githubuser] [branch]"
echo "bonus.lnbits.sh sync"
echo "bonus.lnbits.sh migrate"
exit 1
fi
echo "# Running: 'bonus.lnbits.sh $*'"
source /mnt/hdd/raspiblitz.conf
function postgresConfig() {
sudo /home/admin/config.scripts/bonus.postgresql.sh on || exit 1
echo "# Generate the database lnbits_db"
# migrate clean up
source <(/home/admin/_cache.sh get LNBitsMigrate)
if [ "${LNBitsMigrate}" == "on" ]; then
sudo -u postgres psql -c "drop database lnbits_db;"
sudo -u postgres psql -c "drop user lnbits_user;"
fi
# create database for new installations and keep old
sudo -u postgres psql -c "create database lnbits_db;" 2>/dev/null
sudo -u postgres psql -c "create user lnbits_user with encrypted password 'raspiblitz';" 2>/dev/null
sudo -u postgres psql -c "grant all privileges on database lnbits_db to lnbits_user;" 2>/dev/null
# check
check=$(sudo -u postgres psql -c "SELECT datname FROM pg_database;" | grep lnbits_db)
if [ "$check" = "" ]; then
echo "# postgresConfig failed -> SELECT datname FROM pg_database;"
exit 1
else
echo "# Setup PostgreSQL successful, new database found: $check"
fi
/home/admin/config.scripts/blitz.conf.sh set LNBitsDB "PostgreSQL"
}
function migrateMsg() {
source <(/home/admin/_cache.sh get LNBitsDB)
if [ "${LNBitsDB}" == "PostgreSQL" ]; then
if [ -e /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar ]; then
echo "SUCCESS - A backup file was found. The migrate progress will revert automatically on failure."
echo "For yet unknown reasons, this could be done manually with unpacking the SQLite backup file."
echo
echo "/home/admin/config.scripts/bonus.lnbits.sh migrate revert"
echo
echo "********************************************************"
echo "* *"
echo "* Revert: /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar *"
echo "* *"
echo "********************************************************"
echo
else
echo "You dont have any migration backup files!"
fi
else
echo "ABORT - Your LNBits is still running on old SQLite database."
echo "Check for errors, '.dump' and fix your database manually and try again."
fi
}
function revertMigration() {
source <(/home/admin/_cache.sh get LNBitsMigrate)
if [ "${LNBitsMigrate}" == "on" ]; then
echo "# Revert migration, restore SQLite..."
sudo systemctl stop lnbits
# check current backup
if [ -e /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar ]; then
echo "# Unpack Backup"
cd /mnt/hdd/app-data/
sudo rm -R /mnt/hdd/app-data/LNBits
sudo tar -xf /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar
sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits
else
echo "# No backup file found!"
fi
# update config
echo "# Configure config .env"
# clean up
sudo sed -i "/^LNBITS_DATABASE_URL=/d" /home/lnbits/lnbits/.env
sudo sed -i "/^LNBITS_DATA_FOLDER=/d" /home/lnbits/lnbits/.env
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env"
# start service
echo "# Start LNBits"
sudo systemctl start lnbits
# set blitz config
/home/admin/config.scripts/blitz.conf.sh set LNBitsMigrate "off"
/home/admin/config.scripts/blitz.conf.sh set LNBitsDB "SQLite"
echo "# OK revert migration done"
else
echo "# No migration started yet, nothing to do."
fi
}
# show info menu
if [ "$1" = "menu" ]; then
# get LNbits status info
echo "# collecting status info ... (please wait)"
source <(sudo /home/admin/config.scripts/bonus.lnbits.sh status)
# display possible problems with IP2TOR setup
if [ ${#ip2torWarn} -gt 0 ]; then
whiptail --title " Warning " \
--yes-button "Back" \
--no-button "Continue Anyway" \
--yesno "Your IP2TOR+LetsEncrypt may have problems:\n${ip2torWarn}\n\nCheck if locally responding: https://${localIP}:${httpsPort}\n\nCheck if service is reachable over Tor:\n${toraddress}" 14 72
if [ "$?" != "1" ]; then
exit 0
fi
fi
# add info on funding source
fundinginfo=""
if [ "${LNBitsFunding}" == "lnd" ] || [ "${LNBitsFunding}" == "tlnd" ] || [ "${LNBitsFunding}" == "slnd" ]; then
fundinginfo="on LND "
elif [ "${LNBitsFunding}" == "cl" ] || [ "${LNBitsFunding}" == "tcl" ] || [ "${LNBitsFunding}" == "scl" ]; then
fundinginfo="on CLN "
fi
text="Local Web Browser: https://${localIP}:${httpsPort}"
if [ ${#publicDomain} -gt 0 ]; then
text="${text}
Public Domain: https://${publicDomain}:${httpsPort}
port forwarding on router needs to be active & may change port"
fi
text="${text}\n
You need to accept self-signed HTTPS cert with SHA1 Fingerprint:
${sslFingerprintIP}"
if [ "${runBehindTor}" = "on" ] && [ ${#toraddress} -gt 0 ]; then
sudo /home/admin/config.scripts/blitz.display.sh qr "${toraddress}"
text="${text}\n
TOR Browser Hidden Service address (QR see LCD):
${toraddress}"
fi
if [ ${#ip2torDomain} -gt 0 ]; then
text="${text}\n
IP2TOR+LetsEncrypt: https://${ip2torDomain}:${ip2torPort}
SHA1 ${sslFingerprintTOR}\n
https://${ip2torDomain}:${ip2torPort} ready for public use"
elif [ ${#ip2torIP} -gt 0 ]; then
text="${text}\n
IP2TOR: https://${ip2torIP}:${ip2torPort}
SHA1 ${sslFingerprintTOR}\n
Consider adding a LetsEncrypt HTTPS Domain under OPTIONS."
elif [ ${#publicDomain} -eq 0 ]; then
text="${text}\n
To enable easy reachability with normal browser from the outside
Consider adding a IP2TOR Bridge under OPTIONS."
fi
whiptail --title " LNbits ${fundinginfo}" --yes-button "OK" --no-button "OPTIONS" --yesno "${text}" 18 69
result=$?
sudo /home/admin/config.scripts/blitz.display.sh hide
echo "option (${result}) - please wait ..."
# exit when user presses OK to close menu
if [ ${result} -eq 0 ]; then
exit 0
fi
# LNbits OPTIONS menu
OPTIONS=()
# IP2TOR options
if [ "${ip2torDomain}" != "" ]; then
# IP2TOR+LetsEncrypt active - offer cancel
OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
elif [ "${ip2torIP}" != "" ]; then
# just IP2TOR active - offer cancel or Lets Encrypt
OPTIONS+=(HTTPS-ON "Add free HTTPS-Certificate for LNbits")
OPTIONS+=(IP2TOR-OFF "Cancel IP2Tor Subscription for LNbits")
else
OPTIONS+=(IP2TOR-ON "Make Public with IP2Tor Subscription")
fi
# Change Funding Source options (only if available)
if [ "${LNBitsFunding}" == "lnd" ] && [ "${cl}" == "on" ]; then
OPTIONS+=(SWITCH-CL "Switch: Use CLN as funding source")
elif [ "${LNBitsFunding}" == "cl" ] && [ "${lnd}" == "on" ]; then
OPTIONS+=(SWITCH-LND "Switch: Use LND as funding source")
fi
# Migrate SQLite to PostgreSQL
if [ -e /mnt/hdd/app-data/LNBits/database.sqlite3 ]; then
OPTIONS+=(MIGRATE-DB "Migrate SQLite to PostgreSQL database")
fi
WIDTH=66
CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
HEIGHT=$((CHOICE_HEIGHT+7))
CHOICE=$(dialog --clear \
--title " LNbits - Options" \
--ok-label "Select" \
--cancel-label "Back" \
--menu "Choose one of the following options:" \
$HEIGHT $WIDTH $CHOICE_HEIGHT \
"${OPTIONS[@]}" \
2>&1 >/dev/tty)
case $CHOICE in
IP2TOR-ON)
python /home/admin/config.scripts/blitz.subscriptions.ip2tor.py create-ssh-dialog LNBITS ${toraddress} 443
exit 0
;;
IP2TOR-OFF)
clear
python /home/admin/config.scripts/blitz.subscriptions.ip2tor.py subscription-cancel ${ip2torID}
echo
echo "OK - PRESS ENTER to continue"
read key
exit 0
;;
HTTPS-ON)
python /home/admin/config.scripts/blitz.subscriptions.letsencrypt.py create-ssh-dialog
exit 0
;;
SWITCH-CL)
clear
/home/admin/config.scripts/bonus.lnbits.sh switch cl
echo "Restarting LNbits ..."
sudo systemctl restart lnbits
echo
echo "OK new funding source for LNbits active."
echo "PRESS ENTER to continue"
read key
exit 0
;;
SWITCH-LND)
clear
/home/admin/config.scripts/bonus.lnbits.sh switch lnd
echo "Restarting LNbits ..."
sudo systemctl restart lnbits
echo
echo "OK new funding source for LNbits active."
echo "PRESS ENTER to continue"
read key
exit 0
;;
MIGRATE-DB)
clear
dialog --title "MIGRATE LNBITS" --yesno "
Do you want to proceed the migration?
Try to migrate your LNBits SQLite database to PostgreSQL.
This can fail for unknown circumstances. Revert of this process is possible afterwards, a backup will be saved.
" 12 65
if [ $? -eq 0 ]; then
clear
/home/admin/config.scripts/bonus.lnbits.sh migrate
echo
migrateMsg
echo
echo "OK please test your LNBits installation."
echo "PRESS ENTER to continue"
read key
fi
exit 0
;;
*)
clear
exit 0
esac
exit 0
fi
# status
if [ "$1" = "status" ]; then
if [ "${LNBits}" = "on" ]; then
echo "installed=1"
localIP=$(hostname -I | awk '{print $1}')
echo "localIP='${localIP}'"
echo "httpPort='5000'"
echo "httpsPort='5001'"
echo "httpsForced='1'"
echo "httpsSelfsigned='1'" # TODO: change later if IP2Tor+LetsEncrypt is active
echo "authMethod='none'"
echo "publicIP='${publicIP}'"
# check funding source
if [ "${LNBitsFunding}" == "" ]; then
LNBitsFunding="lnd"
fi
echo "LNBitsFunding='${LNBitsFunding}'"
# check for LetsEnryptDomain for DynDns
error=""
source <(sudo /home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $publicIP 2>/dev/null)
if [ ${#error} -eq 0 ]; then
echo "publicDomain='${domain}'"
fi
sslFingerprintIP=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout 2>/dev/null | cut -d"=" -f2)
echo "sslFingerprintIP='${sslFingerprintIP}'"
toraddress=$(sudo cat /mnt/hdd/tor/lnbits/hostname 2>/dev/null)
echo "toraddress='${toraddress}'"
sslFingerprintTOR=$(openssl x509 -in /mnt/hdd/app-data/nginx/tor_tls.cert -fingerprint -noout 2>/dev/null | cut -d"=" -f2)
echo "sslFingerprintTOR='${sslFingerprintTOR}'"
# check for IP2TOR
error=""
source <(sudo /home/admin/config.scripts/blitz.subscriptions.ip2tor.py ip-by-tor $toraddress)
if [ ${#error} -eq 0 ]; then
echo "ip2torType='${ip2tor-v1}'"
echo "ip2torID='${id}'"
echo "ip2torIP='${ip}'"
echo "ip2torPort='${port}'"
# check for LetsEnryptDomain on IP2TOR
error=""
source <(sudo /home/admin/config.scripts/blitz.subscriptions.letsencrypt.py domain-by-ip $ip)
if [ ${#error} -eq 0 ]; then
echo "ip2torDomain='${domain}'"
domainWarning=$(sudo /home/admin/config.scripts/blitz.subscriptions.letsencrypt.py subscription-detail ${domain} ${port} | jq -r ".warning")
if [ ${#domainWarning} -gt 0 ]; then
echo "ip2torWarn='${domainWarning}'"
fi
fi
fi
# check for error
isDead=$(sudo systemctl status lnbits | grep -c 'inactive (dead)')
if [ ${isDead} -eq 1 ]; then
echo "error='Service Failed'"
exit 0
fi
else
echo "installed=0"
fi
exit 0
fi
##########################
# PRESTART
# - will be called as prestart by systemd service (as user lnbits)
#########################
if [ "$1" = "prestart" ]; then
# users need to be `lnbits` so that it can be run by systemd as prestart (no SUDO available)
if [ "$USER" != "lnbits" ]; then
echo "# FAIL: run as user lnbits"
exit 1
fi
# get if its for lnd or cl service
echo "## lnbits.service PRESTART CONFIG"
echo "# --> /home/lnbits/lnbits/.env"
# set values based in funding source in raspiblitz config
# portprefix is "" | 1 | 3
LNBitsNetwork="bitcoin"
LNBitsChain=""
LNBitsLightning=""
if [ "${LNBitsFunding}" == "" ] || [ "${LNBitsFunding}" == "lnd" ]; then
LNBitsFunding="lnd"
LNBitsLightning="lnd"
LNBitsChain="main"
portprefix=""
elif [ "${LNBitsFunding}" == "tlnd" ]; then
LNBitsLightning="lnd"
LNBitsChain="test"
portprefix="1"
elif [ "${LNBitsFunding}" == "slnd" ]; then
LNBitsLightning="lnd"
LNBitsChain="sig"
portprefix="3"
elif [ "${LNBitsFunding}" == "cl" ]; then
LNBitsLightning="cl"
LNBitsChain="main"
elif [ "${LNBitsFunding}" == "tcl" ]; then
LNBitsLightning="cl"
LNBitsChain="test"
elif [ "${LNBitsFunding}" == "scl" ]; then
LNBitsLightning="cl"
LNBitsChain="sig"
else
echo "# FAIL: Unknown LNBitsFunding=${LNBitsFunding}"
exit 1
fi
echo "# LNBitsFunding(${LNBitsFunding}) --> network(${LNBitsNetwork}) chain(${LNBitsChain}) lightning(${LNBitsLightning})"
# set lnd config
if [ "${LNBitsLightning}" == "lnd" ]; then
echo "# setting lnd config fresh ..."
# check if lnbits user has read access on lnd data files
checkReadAccess=$(cat /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon | grep -c "lnd")
if [ "${checkReadAccess}" != "1" ]; then
echo "# FAIL: missing lnd data in '/mnt/hdd/app-data/lnd' or missing access rights for lnbits user"
exit 1
fi
echo "# Updating LND TLS & macaroon data fresh for LNbits config ..."
# set tls.cert path (use | as separator to avoid escaping file path slashes)
sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/mnt/hdd/app-data/lnd/tls.cert|g" /home/lnbits/lnbits/.env
# set macaroon path info in .env - USING HEX IMPORT
chmod 600 /home/lnbits/lnbits/.env
macaroonAdminHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon)
macaroonInvoiceHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/invoice.macaroon)
macaroonReadHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/readonly.macaroon)
sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
sed -i "s/^LND_REST_ENDPOINT=.*/LND_REST_ENDPOINT=https://127.0.0.1:${portprefix}8080/g" /home/lnbits/lnbits/.env
elif [ "${LNBitsLightning}" == "cl" ]; then
isUsingCL=$(cat /home/lnbits/lnbits/.env | grep -c "LNBITS_BACKEND_WALLET_CLASS=CLightningWallet")
if [ "${isUsingCL}" != "1" ]; then
echo "# FAIL: /home/lnbits/lnbits/.env not set to CLN"
exit 1
fi
echo "# everything looks OK for lnbits config on CLN on ${LNBitsChain}net"
else
echo "# FAIL: missing or not supported LNBitsLightning=${LNBitsLightning}"
exit 1
fi
echo "# OK: prestart finished"
exit 0 # exit with clean code
fi
if [ "$1" = "repo" ]; then
# get github parameters
githubUser="$2"
if [ ${#githubUser} -eq 0 ]; then
echo "echo='missing parameter'"
exit 1
fi
githubBranch="$3"
if [ ${#githubBranch} -eq 0 ]; then
githubBranch="main"
fi
# check if repo exists
githubRepo="https://github.com/${githubUser}/lnbits"
httpcode=$(curl -s -o /dev/null -w "%{http_code}" ${githubRepo})
if [ "${httpcode}" != "200" ]; then
echo "# tested github repo: ${githubRepo}"
echo "error='repo for user does not exist'"
exit 1
fi
# fix permissions
sudo chown -R lnbits:lnbits /home/lnbits/lnbits
# change origin repo of lnbits code
echo "# changing LNbits github repo(${githubUser}) branch(${githubBranch})"
cd /home/lnbits/lnbits || exit 1
sudo -u lnbits git remote remove origin
sudo -u lnbits git remote add origin ${githubRepo}
sudo -u lnbits git fetch
sudo -u lnbits git checkout ${githubBranch}
sudo -u lnbits git branch --set-upstream-to=origin/${githubBranch} ${githubBranch}
fi
if [ "$1" = "sync" ] || [ "$1" = "repo" ]; then
echo "# pull all changes from github repo"
# fix permissions
sudo chown -R lnbits:lnbits /home/lnbits/lnbits
# output basic info
cd /home/lnbits/lnbits || exit 1
sudo -u lnbits git remote -v
sudo -u lnbits git branch -v
# pull latest code
sudo -u lnbits git pull
# install
sudo -u lnbits python3 -m venv venv
sudo -u lnbits ./venv/bin/pip install -r requirements.txt
sudo -u lnbits ./venv/bin/pip install pylightning
sudo -u lnbits ./venv/bin/pip install secp256k1
sudo -u lnbits ./venv/bin/pip install pyln-client
sudo -u lnbits ./venv/bin/pip install psycopg2 # conv.py postgres migration dependency
# build
sudo -u lnbits ./venv/bin/python build.py
# restart lnbits service
sudo systemctl restart lnbits
echo "# server is restarting ... maybe takes some seconds until available"
exit 0
fi
# stop service
sudo systemctl stop lnbits 2>/dev/null
# install
if [ "$1" = "1" ] || [ "$1" = "on" ]; then
# check if already installed
isInstalled=$(sudo ls /etc/systemd/system/lnbits.service 2>/dev/null | grep -c 'lnbits.service')
if [ "${isInstalled}" == "1" ]; then
echo "# FAIL: already installed"
exit 1
fi
# get funding source and check that its available
fundingsource="$2"
# run with default funding source if not given as parameter
if [ "${fundingsource}" == "" ]; then
echo "# running with default lightning as funing source: ${lightning}"
fundingsource="${lightning}"
fi
if [ "${fundingsource}" == "lnd" ]; then
if [ "${lnd}" != "on" ]; then
echo "# FAIL: lnd mainnet needs to be activated"
exit 1
fi
elif [ "${fundingsource}" == "tlnd" ]; then
if [ "${tlnd}" != "on" ]; then
echo "# FAIL: lnd testnet needs to be activated"
exit 1
fi
elif [ "${fundingsource}" == "slnd" ]; then
if [ "${slnd}" != "on" ]; then
echo "# FAIL: lnd signet needs to be activated"
exit 1
fi
elif [ "${fundingsource}" == "cl" ]; then
if [ "${cl}" != "on" ]; then
echo "# FAIL: CLN mainnet needs to be activated"
exit 1
fi
elif [ "${fundingsource}" == "tcl" ]; then
if [ "${tcl}" != "on" ]; then
echo "# FAIL: CLN testnet needs to be activated"
exit 1
fi
elif [ "${fundingsource}" == "scl" ]; then
if [ "${scl}" != "on" ]; then
echo "# FAIL: CLN signet needs to be activated"
exit 1
fi
else
echo "# FAIL: invalid funding source parameter"
exit 1
fi
# add lnbits user
echo "*** Add the 'lnbits' user ***"
sudo adduser --disabled-password --gecos "" lnbits
# get optional github parameter
githubUser="lnbits"
if [ "$3" != "" ]; then
githubUser="$3"
fi
if [ "$4" != "" ]; then
tag="$4"
fi
# install from GitHub
echo "# get the github code user(${githubUser}) branch(${tag})"
sudo rm -r /home/lnbits/lnbits 2>/dev/null
cd /home/lnbits || exit 1
sudo -u lnbits git clone https://github.com/${githubUser}/lnbits-legend lnbits
cd /home/lnbits/lnbits || exit 1
sudo -u lnbits git checkout ${tag} || exit 1
# prepare .env file
echo "# preparing env file"
sudo rm /home/lnbits/lnbits/.env 2>/dev/null
sudo -u lnbits touch /home/lnbits/lnbits/.env
sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env"
if [ ! -e /mnt/hdd/app-data/LNBits/database.sqlite3 ]; then
echo "# install database: PostgreSQL"
# POSTGRES
postgresConfig
# new data directory
sudo mkdir -p /mnt/hdd/app-data/LNBits/data
# config update
# example: postgres://<user>:<password>@<host>/<database>
sudo bash -c "echo 'LNBITS_DATABASE_URL=postgres://lnbits_user:raspiblitz@localhost:5432/lnbits_db' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits/data' >> /home/lnbits/lnbits/.env"
else
echo "# install database: SQLite"
/home/admin/config.scripts/blitz.conf.sh set LNBitsDB "SQLite"
# new data directory
sudo mkdir -p /mnt/hdd/app-data/LNBits
# config update
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env"
fi
sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits
# let switch command part do the detail config
/home/admin/config.scripts/bonus.lnbits.sh switch ${fundingsource}
# to the install
echo "# installing application dependencies"
cd /home/lnbits/lnbits || exit 1
# do install like this
sudo -u lnbits python3 -m venv venv
sudo -u lnbits ./venv/bin/pip install -r requirements.txt
sudo -u lnbits ./venv/bin/pip install pylightning
sudo -u lnbits ./venv/bin/pip install secp256k1
sudo -u lnbits ./venv/bin/pip install pyln-client
sudo -u lnbits ./venv/bin/pip install psycopg2 # conv.py postgres migration dependency
# build
sudo -u lnbits ./venv/bin/python build.py
# open firewall
echo
echo "*** Updating Firewall ***"
sudo ufw allow 5000 comment 'lnbits HTTP'
sudo ufw allow 5001 comment 'lnbits HTTPS'
echo
# install service
echo "*** Install systemd ***"
cat <<EOF | sudo tee /etc/systemd/system/lnbits.service >/dev/null
# systemd unit for lnbits
[Unit]
Description=lnbits
Wants=bitcoind.service
After=bitcoind.service
[Service]
WorkingDirectory=/home/lnbits/lnbits
ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart
ExecStart=/home/lnbits/lnbits/venv/bin/uvicorn lnbits.__main__:app --port 5000
User=lnbits
Restart=always
TimeoutSec=120
RestartSec=30
StandardOutput=journal
StandardError=journal
# Hardening measures
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
[Install]
WantedBy=multi-user.target
EOF
sudo systemctl enable lnbits
source <(/home/admin/_cache.sh get state)
if [ "${state}" == "ready" ]; then
echo "# OK - lnbits service is enabled, system is on ready so starting lnbits service"
sudo systemctl start lnbits
else
echo "# OK - lnbits service is enabled, but needs reboot or manual starting: sudo systemctl start lnbits"
fi
# setup nginx symlinks
if ! [ -f /etc/nginx/sites-available/lnbits_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/lnbits_ssl.conf /etc/nginx/sites-available/lnbits_ssl.conf
fi
if ! [ -f /etc/nginx/sites-available/lnbits_tor.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/lnbits_tor.conf /etc/nginx/sites-available/lnbits_tor.conf
fi
if ! [ -f /etc/nginx/sites-available/lnbits_tor_ssl.conf ]; then
sudo cp /home/admin/assets/nginx/sites-available/lnbits_tor_ssl.conf /etc/nginx/sites-available/lnbits_tor_ssl.conf
fi
sudo ln -sf /etc/nginx/sites-available/lnbits_ssl.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/lnbits_tor.conf /etc/nginx/sites-enabled/
sudo ln -sf /etc/nginx/sites-available/lnbits_tor_ssl.conf /etc/nginx/sites-enabled/
sudo nginx -t
sudo systemctl reload nginx
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set LNBits "on"
# Hidden Service if Tor is active
source /mnt/hdd/raspiblitz.conf
if [ "${runBehindTor}" = "on" ]; then
# make sure to keep in sync with tor.network.sh script
/home/admin/config.scripts/tor.onion-service.sh lnbits 80 5002 443 5003
fi
echo "# OK install done ... might need to restart or call: sudo systemctl start lnbits"
# needed for API/WebUI as signal that install ran thru
echo "result='OK'"
exit 0
fi
# config for a special funding source (e.g lnd or CLN as backend)
if [ "$1" = "switch" ]; then
echo "## bonus.lnbits.sh switch $2"
# get funding source and check that its available
fundingsource="$2"
clrpcsubdir=""
if [ "${fundingsource}" == "lnd" ]; then
if [ "${lnd}" != "on" ]; then
echo "#FAIL: lnd mainnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "tlnd" ]; then
if [ "${tlnd}" != "on" ]; then
echo "# FAIL: lnd testnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "slnd" ]; then
if [ "${slnd}" != "on" ]; then
echo "# FAIL: lnd signet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "cl" ]; then
if [ "${cl}" != "on" ]; then
echo "# FAIL: CLN mainnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "tcl" ]; then
clrpcsubdir="/testnet"
if [ "${tcl}" != "on" ]; then
echo "# FAIL: CLN testnet not installed or running"
exit 1
fi
elif [ "${fundingsource}" == "scl" ]; then
clrpcsubdir="/signet"
if [ "${scl}" != "on" ]; then
echo "# FAIL: CLN signet not installed or running"
exit 1
fi
else
echo "# FAIL: unvalid fundig source parameter"
exit 1
fi
echo "##############"
echo "# NOTE: If you switch the funding source of a running LNbits instance all sub account will keep balance."
echo "# Make sure that the new funding source has enough sats to cover the LNbits bookeeping of sub accounts."
echo "##############"
# remove all old possible settings for former funding source (clean state)
sudo sed -i "/^LNBITS_BACKEND_WALLET_CLASS=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_ENDPOINT=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_CERT=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_ADMIN_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_INVOICE_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LND_REST_READ_MACAROON=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo /usr/sbin/usermod -G lnbits lnbits
sudo sed -i "/^CLIGHTNING_RPC=/d" /home/lnbits/lnbits/.env 2>/dev/null
# LND CONFIG
if [ "${fundingsource}" == "lnd" ] || [ "${fundingsource}" == "tlnd" ] || [ "${fundingsource}" == "slnd" ]; then
# make sure lnbits user can access LND credentials
echo "# adding lnbits user is member of lndreadonly, lndinvoice, lndadmin"
sudo /usr/sbin/usermod --append --groups lndinvoice lnbits
sudo /usr/sbin/usermod --append --groups lndreadonly lnbits
sudo /usr/sbin/usermod --append --groups lndadmin lnbits
# prepare config entries in lnbits config for lnd
echo "# preparing lnbits config for lnd"
sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=LndRestWallet' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_ENDPOINT=https://127.0.0.1:8080' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_CERT=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_ADMIN_MACAROON=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_INVOICE_MACAROON=' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'LND_REST_READ_MACAROON=' >> /home/lnbits/lnbits/.env"
fi
if [ "${fundingsource}" == "cl" ] || [ "${fundingsource}" == "tcl" ] || [ "${fundingsource}" == "scl" ]; then
echo "# add the 'lnbits' user to the 'bitcoin' group"
sudo /usr/sbin/usermod --append --groups bitcoin lnbits
echo "# check user"
id lnbits
echo "# allowing lnbits user as part of the bitcoin group to RW RPC hook"
sudo chmod 770 /home/bitcoin/.lightning/bitcoin${clrpcsubdir}
sudo chmod 660 /home/bitcoin/.lightning/bitcoin${clrpcsubdir}/lightning-rpc
if [ "${fundingsource}" == "cl" ]; then
CLCONF="/home/bitcoin/.lightning/config"
else
CLCONF="/home/bitcoin/.lightning${clrpcsubdir}/config"
fi
# https://github.com/rootzoll/raspiblitz/issues/3007
if [ "$(sudo cat ${CLCONF} | grep -c "^rpc-file-mode=0660")" -eq 0 ]; then
echo "rpc-file-mode=0660" | sudo tee -a ${CLCONF}
fi
echo "# preparing lnbits config for CLN"
sudo bash -c "echo 'LNBITS_BACKEND_WALLET_CLASS=CLightningWallet' >> /home/lnbits/lnbits/.env"
sudo bash -c "echo 'CLIGHTNING_RPC=/home/bitcoin/.lightning/bitcoin${clrpcsubdir}/lightning-rpc' >> /home/lnbits/lnbits/.env"
fi
# set raspiblitz config value for funding
/home/admin/config.scripts/blitz.conf.sh set LNBitsFunding "${fundingsource}"
echo "##############"
echo "# OK new funding source set - does need restart or call: sudo systemctl restart lnbits"
echo "##############"
exit 0
fi
# switch off
if [ "$1" = "0" ] || [ "$1" = "off" ]; then
# check for second parameter: should data be deleted?
deleteData=0
if [ "$2" = "--delete-data" ]; then
deleteData=1
elif [ "$2" = "--keep-data" ]; then
deleteData=0
else
if (whiptail --title " DELETE DATA? " --yesno "Do you want to delete\nthe LNbits Server Data?" 8 30); then
deleteData=1
else
deleteData=0
fi
fi
echo "# deleteData(${deleteData})"
echo "*** REMOVING LNbits ***"
isInstalled=$(sudo ls /etc/systemd/system/lnbits.service 2>/dev/null | grep -c 'lnbits.service')
if [ ${isInstalled} -eq 1 ] || [ "${LNBits}" == "on" ]; then
sudo systemctl stop lnbits
sudo systemctl disable lnbits
sudo rm /etc/systemd/system/lnbits.service
echo "OK lnbits.service removed."
else
echo "lnbits.service is not installed."
fi
echo "Cleaning up LNbits install ..."
sudo ufw delete allow 5000
sudo ufw delete allow 5001
# remove nginx symlinks
sudo rm -f /etc/nginx/sites-enabled/lnbits_ssl.conf
sudo rm -f /etc/nginx/sites-enabled/lnbits_tor.conf
sudo rm -f /etc/nginx/sites-enabled/lnbits_tor_ssl.conf
sudo rm -f /etc/nginx/sites-available/lnbits_ssl.conf
sudo rm -f /etc/nginx/sites-available/lnbits_tor.conf
sudo rm -f /etc/nginx/sites-available/lnbits_tor_ssl.conf
sudo nginx -t
sudo systemctl reload nginx
# Hidden Service if Tor is active
if [ "${runBehindTor}" = "on" ]; then
/home/admin/config.scripts/tor.onion-service.sh off lnbits
fi
# always clean
sudo userdel -rf lnbits
if [ ${deleteData} -eq 1 ]; then
echo "# deleting data"
sudo -u postgres psql -c "drop database lnbits_db;"
sudo -u postgres psql -c "drop user lnbits_user;"
sudo rm -R /mnt/hdd/app-data/LNBits
else
echo "# keeping data"
fi
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set LNBits "off"
# needed for API/WebUI as signal that install ran thru
echo "result='OK'"
exit 0
fi
if [ "$1" = "migrate" ] && [ "$2" = "revert" ]; then
/home/admin/config.scripts/blitz.conf.sh set LNBitsMigrate "on"
revertMigration
exit 0
fi
if [ "$1" = "migrate" ]; then
if [ -e /mnt/hdd/app-data/LNBits/database.sqlite3 ]; then
echo "# Backup SQLite database"
# backup current database, but dont overwrite last backup
if [ -e /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar ]; then
if [ -e /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar.old ]; then
echo "# Remove old backup file"
sudo rm -f /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar.old
fi
# keep the last backup as old backup
sudo mv /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar.old
fi
# create new backup
sudo tar -cf /mnt/hdd/app-data/LNBits_sqlitedb_backup.tar -C /mnt/hdd/app-data LNBits/
# update to expected tag
cd /home/lnbits/lnbits || exit 1
# remove existent config for database
sudo sed -i "/^LNBITS_DATABASE_URL=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo sed -i "/^LNBITS_DATA_FOLDER=/d" /home/lnbits/lnbits/.env 2>/dev/null
# restore sqlite database config
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits' >> /home/lnbits/lnbits/.env"
#sudo -u lnbits git checkout ${tag}
sudo -u lnbits git reset --hard f3b720b690c533b4b28793209f5a71fd01b9af6e # good tested after BIGINT fix (#1030)
/home/admin/config.scripts/bonus.lnbits.sh sync || exit 1
# stop after sync was done
sudo systemctl stop lnbits
/home/admin/config.scripts/blitz.conf.sh set LNBitsMigrate "on"
# POSTGRES
postgresConfig
# example: postgres://<user>:<password>@<host>/<database>
# add new postgres config
sudo bash -c "echo 'LNBITS_DATABASE_URL=postgres://lnbits_user:raspiblitz@localhost:5432/lnbits_db' >> /home/lnbits/lnbits/.env"
# clean start on new postgres db prior migration
echo "# LNBits first start with clean PostgreSQL"
sudo systemctl start lnbits
# execStartPre is not enough, wait for lnbits is finally running
count=0
count_max=30
while ! nc -zv 127.0.0.1 5000 2>/dev/null;
do
count=`expr $count + 1`
echo "wait for LNBIts to start (${count}s/${count_max}s)"
sleep 1
if [ $count = $count_max ]; then
sudo systemctl status lnbits
echo "# FAIL - LNBits service was not able to start"
revertMigration
exit 1
fi
done
# wait a sec for "✔ All migrations done." (TODO make it pretty)
sleep 5
echo "# LNBits service looks good"
sudo systemctl stop lnbits
echo "# Start convert old SQLite to new PostgreSQL"
if ! sudo -u lnbits ./venv/bin/python tools/conv.py; then
echo "FAIL - Convert failed, revert migration process"
revertMigration
exit 1
else
echo "# Convert successful"
fi
# cleanup old sqlite data directory
echo "# Cleanup old data directory"
sudo rm -R /mnt/hdd/app-data/LNBits/
# new data directory
sudo mkdir -p /mnt/hdd/app-data/LNBits/data
sudo chown lnbits:lnbits -R /mnt/hdd/app-data/LNBits/
echo "# Configure .env"
sudo sed -i "/^LNBITS_DATA_FOLDER=/d" /home/lnbits/lnbits/.env 2>/dev/null
sudo bash -c "echo 'LNBITS_DATA_FOLDER=/mnt/hdd/app-data/LNBits/data' >> /home/lnbits/lnbits/.env"
# setting value in raspi blitz config
/home/admin/config.scripts/blitz.conf.sh set LNBitsMigrate "off"
echo "# OK migration done"
else
echo "# No SQLite data found to migrate from"
fi
sudo systemctl start lnbits
exit 0
fi
echo "FAIL - Unknown Parameter $1"
exit 1
Reference in a new issue View git blame Copy permalink