v1.9.0rc3 Merge (#3742)

* cln: use default normal feerate to withdraw all

* Bugfix: bad subsititution (#3668)

Fix for error:

/home/admin/config.scripts/bonus.go.sh: line 31: ${goOSversion{}: bad substitution

* whiptail one line

* fix syntax

* lnproxy: fix api access through nginx (#3671)

* lnproxy: fix api access through nginx
* fix tor config and fit the menu
* add to the menu and provision

* merge #3682

* cln update to v23.02, backup-plugin update, add poetry (#3684)

* cln backup-plugin update, add poetry
* fix mkdir error, remove commented code, fmt #3677
* poetry and path fixes
* add terminal feedback, format #3676
* detect the full name of the plugin
* install pyln-client tqdm with pip
* git-verify: add --keyid-format LONG
to recognise if the signing key is not the main key
* cln update to v23.02
* cln-grpc: add protobuf-compiler dep
* rtl update to v0.13.6 and formatting
* C-lightningREST update to v0.10.1

* CLN FAQ update (#3666)

* improve the detection of existing cln aliases
* add the emergencyrecover instructions to  CLN FAQ
* update help entries

* Update Tallycoin to version 1.8.0 (#3693)

* add tallycoin update info to CHANGES

* Fix typo in README.md (#3699)

excepted -> accepted

* #3694 add LCD info

* #3664 att timeout 30s to ln monitor calls (#3665)

* fix setting LND_REST_ENDPOINT (#3689)

* btcpay update v1.8.2, postgres database fix (#3697)

* btcpay update v1.8.0, postgres database fix

* btcpayserver update to v1.8.2

* update lnbits to 0.10.2 and use poetry instead of venv (#3703)

* fix apt update Key error for influx repo (#3711)

Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>

* fix missing timeout value for nc cmnd (#3712)

Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>

* #3706 Update CLN v23.02.2 (#3716)

* used patched/rolledback 23.02.2 release
* check rusty sig
* fix typo
* fix default lightning setting

* #3683 Update LIT to 0.8.6 (#3717)

* update LIT to 0.8.6
* activate lnd rpcmiddleware
* CHANGES.md

* #3667 change all up/download from sftp tp scp (#3718)

* #3722 add no hostkeys available detection (#3723)

* #1186 FinTS/HBCI interface (#3704)

* #1186 FinTS install script first draft

* only start app when blitz is ready

* improve menu

* improve dit lnbits config

* preserve edit

* improve edit

* improve edit

* fix insertion

* dont use fingerprint

* now use main repo

* add port

* show local ip

* fix typo

* show port SSL

* Update bonus.lndg.sh (#3725)

* Update bonus.lndg.sh

Changes version to v1.6.0.
Fixes update menu bug.
Cleans up code a bit (removes tabs and changes to spaces to match raspiblitz formats).

* Update bonus.lndg.sh

Cleaned up code, added requirements.txt install to updates (needed for this update, may be needed in future).

* #3725 update lndg version in CHANGES

* #3692 update lnd to v0.16.0-beta (#3732)

* update SD CARD base image info

* Clenaup CHANGES info

* RTL install fix (#3739)

* c-lightning-REST update to 0.10.2, fmt
* rtl: npm insatll with --legacy-peer-deps
* purge c-lightning-REST as well with RTL

* jam update to v0.1.5 (#3736)

* 3733 CLN GRPC > JRPC (#3741)

* change exit code

* change to cln_jrpc

* deactivate the cln_grpc settings

* set v1.9.0rc3 version

---------

Co-authored-by: openoms <oms@tuta.io>
Co-authored-by: Metallicc <72348+metallicc@users.noreply.github.com>
Co-authored-by: openoms <43343391+openoms@users.noreply.github.com>
Co-authored-by: DJ Booth <djbooth007@gmail.com>
Co-authored-by: Yuck Fou <115867254+YuckFouBTC@users.noreply.github.com>
Co-authored-by: dni ⚡ <office@dnilabs.com>
Co-authored-by: PatrickScheich <50054697+PatrickScheich@users.noreply.github.com>
Co-authored-by: Patrick Scheich <patrick.scheich@syscovery.de>
Co-authored-by: allyourbankarebelongtous <100060902+allyourbankarebelongtous@users.noreply.github.com>

CHANGES.md

@@ -1,26 +1,26 @@
-# CHANGES between Releases
-
 ## What's new in Version 1.9.0 of RaspiBlitz?
 
 - New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md)
 - New: Fatpack & Minimal sd card builds [details](SECURITY.md#minimal-sd-card-build)
 - New: I2P support for Bitcoin Core (i2pacceptincoming=1) [details](https://github.com/rootzoll/raspiblitz/issues/2413)
 - New: CLN Watchtower (The Eye of Satoshi) [details](https://github.com/talaia-labs/rust-teos/tree/master/watchtower-plugin)
-- New: LNDg v1.4.0 [details](https://github.com/cryptosharks131/lndg)
+- New: LNDg v1.6.0 [details](https://github.com/cryptosharks131/lndg)
 - New: Support of X708 UPS HAT [details](https://github.com/rootzoll/raspiblitz/pull/3087)
 - New: BOS Telegram Bot Support (see OPTIONS on LND Balance of Satoshis menu entry)
 - New: LightningTipBot v0.5 [details](https://github.com/LightningTipBot/LightningTipBot)
 - New: CLI shortcut for ↬lnproxy [details](https://github.com/rootzoll/raspiblitz/pull/3333)
-- New on WebUI: Jam (JoinMarket Web UI) v0.1.4 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.4)
+- New: Homebanking Interface FinTS/HBCI (experimental) [details](https://github.com/rootzoll/raspiblitz/issues/1186)
+- New on WebUI: Jam (JoinMarket Web UI) v0.1.5 [details](https://github.com/joinmarket-webui/joinmarket-webui/releases/tag/v0.1.5)
 - Update: Bitcoin Core v24.0.1 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-24.0.1.md)
-- Update: LND v0.15.5 [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.15.5-beta)
+- Update: LND v0.16.0-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.0-beta)
-- Update: Core Lightning v22.11.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v22.11.1)
+- Update: Core Lightning v23.02 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02)
+- Update: C-lightningREST v0.10.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.2)
 - Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
-- Update: Lightning Terminal v0.8.4-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.4-alpha)
+- Update: Lightning Terminal v0.8.6-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.6-alpha)
-- Update: RTL v0.13.0 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.12.3)
+- Update: RTL v0.13.6 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.13.6)
 - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
-- Update: LNbits 0.9.6 [details](https://github.com/lnbits/lnbits-legend/releases/tag/0.9.6)
+- Update: LNbits 0.10.2 [details](https://github.com/lnbits/lnbits/releases/tag/0.10.2)
-- Update: BTCPayServer 1.7.5 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.7.5)
+- Update: BTCPayServer 1.8.2 (using postgres for new installs) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.8.2)
 - Update: ItchySats 0.7.0 [details](https://github.com/itchysats/itchysats/releases/tag/0.7.0)
 - Update: Channel Tools (chantools) v0.10.5 [details](https://github.com/guggero/chantools/releases/tag/v0.10.5)
 - Update: JoinMarket v0.9.9 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.9)
@@ -29,7 +29,7 @@
 - Update: lndmanage 0.14.2 [details](https://github.com/bitromortac/lndmanage)
 - Update: Circuitbreaker with webUI [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
 - Update: Suez - Channel Visualization for LND & CL [details](https://github.com/prusnak/suez)
-- Update: Tallycoin Connect v1.7.5 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.7.5)
+- Update: Tallycoin Connect v1.8.0 [details](https://github.com/djbooth007/tallycoin_connect/releases/tag/v1.8.0)
 - Fixed: SCB/Emergency-Backup to USB drive (now also with CLN emergency.recover file)
 - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
 - Info: IP2Tor fix fulmo shop & added new ip2tor.com shop

FAQ.cl.md

@@ -34,18 +34,19 @@
 - [Backups](#backups)
   - [Backup strategy](#backup-strategy)
   - [Seed](#seed)
-  - [How to display the hsm_secret in a human-readable format?](#how-to-display-the-hsm_secret-in-a-human-readable-format)
+  - [How to display the hsm\_secret in a human-readable format?](#how-to-display-the-hsm_secret-in-a-human-readable-format)
   - [How to test the seedwords?](#how-to-test-the-seedwords)
-  - [How to restore the hsm_secret from text?](#how-to-restore-the-hsm_secret-from-text)
+  - [How to restore the hsm\_secret from text?](#how-to-restore-the-hsm_secret-from-text)
   - [Channel database](#channel-database)
 - [Recovery](#recovery)
   - [Recover from a cl-rescue file](#recover-from-a-cl-rescue-file)
   - [Recover from a seed](#recover-from-a-seed)
+  - [Emergency recovery in case of lost channel states](#emergency-recovery-in-case-of-lost-channel-states)
   - [Restore a CLN node from the database backup on the SDcard](#restore-a-cln-node-from-the-database-backup-on-the-sdcard)
   - [Rescan the chain after restoring a used CLN wallet](#rescan-the-chain-after-restoring-a-used-cln-wallet)
   - [Guesstoremote to recover funds from force-closed channels](#guesstoremote-to-recover-funds-from-force-closed-channels)
 - [sqlite3 queries](#sqlite3-queries)
-- [Extract the private and public key from the hsm_secret file](#extract-the-private-and-public-key-from-the-hsm_secret-file)
+- [Extract the private and public key from the hsm\_secret file](#extract-the-private-and-public-key-from-the-hsm_secret-file)
 - [Update](#update)
   - [Update to a new CLN release](#update-to-a-new-cln-release)
   - [Experimental update to the latest master](#experimental-update-to-the-latest-master)
@@ -457,7 +458,7 @@ Will need to pay through a peer which supports the onion messages which means yo
     ```
 
 ## Backups
-*<> https://lightning.readthedocs.io/FAQ.html#how-to-backup-my-wallet>
+* <https://lightning.readthedocs.io/FAQ.html#how-to-backup-my-wallet>>
 * General details: <https://lightning.readthedocs.io/BACKUP.html>
 
 ### Backup strategy
@@ -479,7 +480,7 @@ Will need to pay through a peer which supports the onion messages which means yo
 * If there is no such file and you have not funded the CLN wallet yet can reset the wallet and the next wallet will be created with a seed.
 
 ### How to display the hsm_secret in a human-readable format?
-* If there is no seed available it is best to save the hsm_secret as a file with `sftp` or note down the alphanumeric characters in the two line displayed with:
+* If there is no seed available it is best to save the hsm_secret as a file with `scp` or note down the alphanumeric characters in the two line displayed with:
     ```
     sudo xxd /home/bitcoin/.lightning/bitcoin/hsm_secret
     ```
@@ -519,20 +520,98 @@ Will need to pay through a peer which supports the onion messages which means yo
 ### Channel database
 * Stored on the disk and synchronised to the SDcard with the help of the `backup` plugin.
 
-### Recovery
+## Recovery
 * https://lightning.readthedocs.io/FAQ.html#database-corruption-channel-state-lost
 * https://lightning.readthedocs.io/FAQ.html#loss
-#### Recover from a cl-rescue file
+### Recover from a cl-rescue file
 * use the `REPAIR-CL` - `FILERESTORE` option in the menu for instructions to upload
 
-#### Recover from a seed
+### Recover from a seed
 * use the `REPAIR-CL` - `SEEDRESTORE` option in the menu for instructions to paste the seedwords to restore
+* or use the manual commands
+  ```
+  # stop CLN
+  sudo systemctl stop lightningd
 
-#### Restore a CLN node from the database backup on the SDcard
+  # change to the bitcoin user
+  sudo su - bitcoin
+
+  # generate the hsm_secret in temporary directory from your CLN seed words (follow the instructions)
+   lightning-hsmtool generatehsm /dev/shm/hsm_secret
+
+  # backup your old hsm_secret and channel database
+  mkdir /home/bitcoin/.lightning/bitcoin/old_node
+  mv /home/bitcoin/.lightning/bitcoin/** /home/bitcoin/.lightning/bitcoin/old_node/
+
+  # move the new hsm_secret in place
+  mv /dev/shm/hsm_secret /home/bitcoin/.lightning/bitcoin/
+
+  # back to admin
+  exit
+
+  # start lightningd
+  sudo systemctl start lightningd
+
+  # show the logs
+  cllog
+  ```
+
+### Emergency recovery in case of lost channel states
+
+* blogpost: <https://blog.blockstream.com/core-lightning-v0-12-0/>
+* demo video: https://youtu.be/zBmEieZuS8Q
+* manpage: <https://lightning.readthedocs.io/lightning-emergencyrecover.7.html>
+   ```
+   lightning-cli help emergencyrecover
+   ```
+
+1. [Restore the hsm_secret (onchain wallet keys) from seed](#recover-from-a-seed) (or hex).
+   * There is no need to wait for the (few hours) rescan to finish, but can follow it any time with:
+    ```
+    cllog
+    ```
+1. Upload and copy the emergency.recover file in place
+
+    * upload the file with scp:
+    ```
+    scp hsm_secret emergency.recover admin@RASPIBLITZ_IP:~/
+    ```
+    * copy it from `/home/admin/`:
+    ```
+    sudo cp /home/admin/emergency.recover /home/bitcoin/.lightning/bitcoin/
+    sudo chown bitcoin:bitcoin /home/bitcoin/.lightning/bitcoin/emergency.recover
+    ```
+1. Recover
+
+    * run (as admin or bitcoin user):
+    ```
+    lightning-cli emergencyrecover
+    ```
+    * a list of channelID-s should be returned if it worked:
+    ```
+    {
+       "stubs": [
+          "................",
+       ]
+    }
+    ```
+1. See more data about the recovered funds and channels
+   ```
+   lightning-cli listfunds
+   lightning-cli listpeers
+   ```
+   * List the funding txid-s:
+   ```
+   lightning-cli listfunds | jq -r '.channels[] | .funding_txid'
+   ```
+   Can check the txid-s in a mempool explorer. If one is spent that channel is already closed.
+
+### Restore a CLN node from the database backup on the SDcard
 * https://gist.github.com/openoms/3516cd8f393d69d52f858c3d47c9e469
 
-#### Rescan the chain after restoring a used CLN wallet
+### Rescan the chain after restoring a used CLN wallet
-
+* automatically done when using `SEEDRESTORE`
+* controlled by the entry in the cln config file
 * can use the `menu` -> `REPAIR` -> `REPAIR-CL` -> `RESCAN` option
 * or follow the manual process:
   <https://lightning.readthedocs.io/FAQ.html#rescanning-the-block-chain-for-lost-utxos>
@@ -554,7 +633,7 @@ Will need to pay through a peer which supports the onion messages which means yo
     cllog
     ```
 
-#### Guesstoremote to recover funds from force-closed channels
+### Guesstoremote to recover funds from force-closed channels
 * <https://lightning.readthedocs.io/lightning-hsmtool.8.html>
     ```
     $ man lightning-hsmtool
@@ -726,7 +805,7 @@ Will need to pay through a peer which supports the onion messages which means yo
     + ./cl.install.sh -h
 
     Core Lightning install script
-    The default version is: v0.11.2
+    The default version is: v22.11.1
     mainnet / testnet / signet instances can run parallel
 
     Usage:
@@ -811,10 +890,18 @@ Will need to pay through a peer which supports the onion messages which means yo
     Usage:
     cl-plugin.summary.sh [testnet|mainnet|signet] [runonce]
 
+    + ./cl-plugin.watchtower-client.sh -h
+
+    Install the rust-teos watchtower-client plugin for CLN
+    Usage:
+    cl-plugin.watchtower-client.sh on <testnet|mainnet|signet>
+    cl-plugin.watchtower-client.sh off <testnet|mainnet|signet> <purge>
+    cl-plugin.watchtower-client.sh info
+
     + ./cl.rest.sh -h
 
-    Core Lightning-REST install script
+    Core-Lightning-REST install script
-    The default version is: v0.7.2
+    The default version is: v0.9.0
     mainnet | testnet | signet instances can run parallel
 
     Usage:
@@ -869,9 +956,10 @@ Will need to pay through a peer which supports the onion messages which means yo
     --wallet <arg>                                    Location of the wallet database.
     --large-channels|--wumbo                          Allow channels larger than 0.16777215 BTC
     --experimental-dual-fund                          experimental: Advertise dual-funding and allow peers to establish channels via v2 channel open protocol.
-    --experimental-onion-messages                     EXPERIMENTAL: enable send, receive and relay of onion messages
+    --experimental-onion-messages                     EXPERIMENTAL: enable send, receive and relay of onion messages and blinded payments
     --experimental-offers                             EXPERIMENTAL: enable send and receive of offers (also sets experimental-onion-messages)
     --experimental-shutdown-wrong-funding             EXPERIMENTAL: allow shutdown with alternate txids
+    --announce-addr-dns <arg>                         Use DNS entries in --announce-addr and --addr (not widely supported!) (default: false)
     --help|-h                                         Print this message.
     --rgb <arg>                                       RRGGBB hex color for node
     --alias <arg>                                     Up to 32-byte alias for node
@@ -897,25 +985,36 @@ Will need to pay through a peer which supports the onion messages which means yo
     --disable-ip-discovery                            Turn off announcement of discovered public IPs
     --offline                                         Start in offline-mode (do not automatically reconnect and do not accept incoming connections)
     --autolisten <arg>                                If true, listen on default port and announce if it seems to be a public interface (default: true)
+    --dev-allowdustreserve <arg>                      If true, we allow the `fundchannel` RPC command and the `openchannel` plugin hook to set a reserve that is below the dust limit.
+                                                        (default: false)
     --proxy <arg>                                     Set a socks v5 proxy IP address and port
     --tor-service-password <arg>                      Set a Tor hidden service password
-    --experimental-accept-extra-tlv-types <arg>       Comma separated list of extra TLV types to accept.
+    --accept-htlc-tlv-types <arg>                     Comma separated list of extra HTLC TLV types to accept.
     --disable-dns                                     Disable DNS lookups of peers
     --encrypted-hsm                                   Set the password to encrypt hsm_secret with. If no password is passed through command line, you will be prompted to enter it.
     --rpc-file-mode <arg>                             Set the file mode (permissions) for the JSON-RPC socket (default: "0600")
-    --force-feerates <arg>                            Set testnet/regtest feerates in sats perkw, opening/mutual_close/unlateral_close/delayed_to_us/htlc_resolution/penalty: if fewer specified, last number applies to remainder
+    --force-feerates <arg>                            Set testnet/regtest feerates in sats perkw, opening/mutual_close/unlateral_close/delayed_to_us/htlc_resolution/penalty: if fewer
-    --subdaemon <arg>                                 Arg specified as SUBDAEMON:PATH. Specifies an alternate subdaemon binary. If the supplied path is relative the subdaemon binary is found in the working directory. This option may be
+                                                        specified, last number applies to remainder
-                                                    specified multiple times. For example, --subdaemon=hsmd:remote_signer would use a hypothetical remote signing subdaemon.
+    --subdaemon <arg>                                 Arg specified as SUBDAEMON:PATH. Specifies an alternate subdaemon binary. If the supplied path is relative the subdaemon binary is
+                                                        found in the working directory. This option may be specified multiple times. For example, --subdaemon=hsmd:remote_signer would use
+                                                        a hypothetical remote signing subdaemon.
     --experimental-websocket-port <arg>               experimental: alternate port for peers to connect using WebSockets (RFC6455)
+    --database-upgrade <arg>                          Set to true to allow database upgrades even on non-final releases (WARNING: you won't be able to downgrade!)
     --log-level <arg>                                 log level (io, debug, info, unusual, broken) [:prefix] (default: info)
     --log-timestamps <arg>                            prefix log messages with timestamp (default: true)
-    --log-prefix <arg>                                log prefix (default: lightningd)
+    --log-prefix <arg>                                log prefix (default: )
-    --log-file=<file>                                 log to file instead of stdout
+    --log-file=<file>                                 Also log to file (- for stdout)
     --version|-V                                      Print version and exit
+    --fetchinvoice-noconnect                          Don't try to connect directly to fetch an invoice.
     --autocleaninvoice-cycle <arg>                    Perform cleanup of expired invoices every given seconds, or do not autoclean if 0
     --autocleaninvoice-expired-by <arg>               If expired invoice autoclean enabled, invoices that have expired for at least this given seconds are cleaned
-    --fetchinvoice-noconnect                          Don't try to connect directly to fetch an invoice.
+    --autoclean-cycle <arg>                           Perform cleanup every given seconds
-    --disable-mpp                                     Disable multi-part payments.
+    --autoclean-succeededforwards-age <arg>           How old do successful forwards have to be before deletion (0 = never)
+    --autoclean-failedforwards-age <arg>              How old do failed forwards have to be before deletion (0 = never)
+    --autoclean-succeededpays-age <arg>               How old do successful pays have to be before deletion (0 = never)
+    --autoclean-failedpays-age <arg>                  How old do failed pays have to be before deletion (0 = never)
+    --autoclean-paidinvoices-age <arg>                How old do paid invoices have to be before deletion (0 = never)
+    --autoclean-expiredinvoices-age <arg>             How old do expired invoices have to be before deletion (0 = never)
     --bitcoin-datadir <arg>                           -datadir arg for bitcoin-cli
     --bitcoin-cli <arg>                               bitcoin-cli pathname
     --bitcoin-rpcuser <arg>                           bitcoind RPC username
@@ -924,6 +1023,7 @@ Will need to pay through a peer which supports the onion messages which means yo
     --bitcoin-rpcport <arg>                           bitcoind RPC host's port
     --bitcoin-retry-timeout <arg>                     how long to keep retrying to contact bitcoind before fatally exiting
     --commit-fee <arg>                                Percentage of fee to request for their commitment
+    --disable-mpp                                     Disable multi-part payments.
     --funder-policy <arg>                             Policy to use for dual-funding requests. [match, available, fixed]
     --funder-policy-mod <arg>                         Percent to apply policy at (match/available); or amount to fund (fixed)
     --funder-min-their-funding <arg>                  Minimum funding peer must open with to activate our policy
@@ -939,5 +1039,8 @@ Will need to pay through a peer which supports the onion messages which means yo
     --lease-fee-basis <arg>                           Channel lease rates, basis charged for leased funds (per 10,000 satoshi.)
     --lease-funding-weight <arg>                      Channel lease rates, weight we'll ask opening peer to pay for in funding transaction
     --channel-fee-max-base-msat <arg>                 Channel lease rates, maximum channel fee base we'll charge for funds routed through a leased channel.
-    --channel-fee-max-proportional-thousandths <arg>  Channel lease rates, maximum proportional fee (in thousandths, or ppt) we'll charge for funds routed through a leased channel. Note: 1ppt = 1,000ppm
+    --channel-fee-max-proportional-thousandths <arg>  Channel lease rates, maximum proportional fee (in thousandths, or ppt) we'll charge for funds routed through a leased channel.
+                                                        Note: 1ppt = 1,000ppm
+    --bookkeeper-dir <arg>                            Location for bookkeeper records.
+    --bookkeeper-db <arg>                             Location of the bookkeeper database
     ```

README.md

@@ -135,6 +135,8 @@ _If the above mentioned LCD screen is sold out you can also use these different
 - kuman 3.5 Inch Touch Screen TFT Monitor 
 - Waveshare 3.5inch Display for Raspberry Pi
 
+With all LCD screen models dont use the ones that have an HDMI port/connector - what you need is a 3.5 inch LCD screen model (resolution of 480×320) that connects only thru the GPIO ports (SPI) and has an XPT2046 touch controller.
+
 _You can even pay for your RaspiBlitz Amazon Shopping with Bitcoin & Lightning through [Bitrefill](https://blog.bitrefill.com/its-here-buy-amazon-vouchers-with-bitcoin-on-bitrefill-bb2a4449724a)._
 
 [What other case options do I have?](FAQ.md#what-other-case-options-do-i-have)
@@ -1034,7 +1036,7 @@ To try out the IP2TOR tunnel choose in `MAINMENU` the extra menu point of the Se
 If you want a web service, like BTCPay Server or LNbits, to be available to the outside internet (like with IP2TOR) people expect you to offer an HTTPS address so that the communication between the client and your RaspiBlitz is encrypted.
 You could use the self-signed HTTPS certificate that RaspiBlitz is offering you, but this will give users Security Warnings in their browser and is not very user friendly.
 
-That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is excepted without warning from almost all common browsers
+That's where you can use a LetsEncrypt Subscription to get a free valid HTTPS certificate that is accepted without warning from almost all common browsers
 
 Because you also need a domain name for that you will need to open a free account, the following are presently supported, would be good to add more with the help of the community:
 [DuckDNS.org](https://www.duckdns.org)

build_sdcard.sh

@@ -2,8 +2,8 @@
 
 #########################################################################
 # Build your SD card image based on: 2022-04-04-raspios-bullseye-arm64.img.xz
-# https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2022-09-26/
+# https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2023-02-21/
-# SHA256: c42856ffca096480180b5aff66e1dad2f727fdc33359b24e0d2d49cc7676b576
+# SHA256: 4c963bcd53b9a77fa8235e2dc16785cc7d56372ec83c3090eac9073bd262833f
 # PGP fingerprint: 8738CD6B956F460C
 # PGP key: https://www.raspberrypi.org/raspberrypi_downloads.gpg.key
 # setup fresh SD card with image above - login per SSH and run this script:

home.admin/00mainMenu.sh

@@ -132,6 +132,9 @@ fi
 if [ "${bos}" == "on" ]; then
   OPTIONS+=(BOS "Balance of Satoshis")
 fi
+if [ "${lnproxy}" == "on" ]; then
+  OPTIONS+=(LNPROXY "lnproxy server")
+fi
 if [ "${pyblock}" == "on" ]; then
   OPTIONS+=(PYBLOCK "PyBlock")
 fi
@@ -172,6 +175,9 @@ fi
 if [ "${lightningtipbot}" == "on" ]; then
   OPTIONS+=(LIGHTNINGTIPBOT "Show LightningTipBot details")
 fi
+if [ "${fints}" == "on" ]; then
+  OPTIONS+=(FINTS "Show FinTS/HBCI details")
+fi
 
 # dont offer to switch to "testnet view for now" - so no wswitch back to mainnet needed
 #if [ ${chain} != "main" ]; then
@@ -307,6 +313,9 @@ case $CHOICE in
             ;;
         BOS)
             sudo /home/admin/config.scripts/bonus.bos.sh menu
+            ;;
+        LNPROXY)
+            sudo /home/admin/config.scripts/bonus.lnproxy.sh menu
             ;;
 		    PYBLOCK)
             sudo /home/admin/config.scripts/bonus.pyblock.sh menu
@@ -341,6 +350,9 @@ case $CHOICE in
         CIRCUITBREAKER)
             sudo /home/admin/config.scripts/bonus.circuitbreaker.sh menu
             ;;
+        FINTS)
+            sudo /home/admin/config.scripts/bonus.fints.sh menu
+            ;;
         TESTNETS)
             /home/admin/00parallelChainsMenu.sh
             ;;

home.admin/00settingsMenuBasics.sh

@@ -441,6 +441,7 @@ if [ "${clNode}" != "${choice}" ]; then
     fi
 
     # make sure that cln-grpc is on for the WebAPI
+    echo "# install the cln-grpc plugin"
     /home/admin/config.scripts/cl-plugin.cln-grpc.sh install
     /home/admin/config.scripts/cl-plugin.cln-grpc.sh on
 

home.admin/00settingsMenuServices.sh

@@ -19,6 +19,7 @@ if [ ${#jam} -eq 0 ]; then jam="off"; fi
 if [ ${#LNBits} -eq 0 ]; then LNBits="off"; fi
 if [ ${#mempoolExplorer} -eq 0 ]; then mempoolExplorer="off"; fi
 if [ ${#bos} -eq 0 ]; then bos="off"; fi
+if [ ${#lnproxy} -eq 0 ]; then lnproxy="off"; fi
 if [ ${#pyblock} -eq 0 ]; then pyblock="off"; fi
 if [ ${#thunderhub} -eq 0 ]; then thunderhub="off"; fi
 if [ ${#sphinxrelay} -eq 0 ]; then sphinxrelay="off"; fi
@@ -35,6 +36,7 @@ if [ ${#bitcoinminds} -eq 0 ]; then bitcoinminds="off"; fi
 if [ ${#squeaknode} -eq 0 ]; then squeaknode="off"; fi
 if [ ${#itchysats} -eq 0 ]; then itchysats="off"; fi
 if [ ${#lightningtipbot} -eq 0 ]; then lightningtipbot="off"; fi
+if [ ${#fints} -eq 0 ]; then fints="off"; fi
 
 # show select dialog
 echo "run dialog ..."
@@ -68,6 +70,7 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
   OPTIONS+=(la 'LND LIT (loop, pool, faraday)' ${lit})
   OPTIONS+=(gb 'LND LNDg (auto-rebalance, auto-fees)' ${lndg})
   OPTIONS+=(oa 'LND Balance of Satoshis' ${bos})
+  OPTIONS+=(lp 'LND lnproxy server' ${lnproxy})
   OPTIONS+=(ya 'LND PyBLOCK' ${pyblock})
   OPTIONS+=(ha 'LND ChannelTools (Fund Rescue)' ${chantools})
   OPTIONS+=(xa 'LND Sphinx-Relay' ${sphinxrelay})
@@ -84,6 +87,7 @@ if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
 fi
 
 OPTIONS+=(ma 'Homer Dashboard' ${homer})
+OPTIONS+=(fn 'FinTS/HBCI Interface (experimental)' ${fints})
 
 CHOICES=$(dialog --title ' Additional Mainnet Services ' \
           --checklist ' use spacebar to activate/de-activate ' \
@@ -339,6 +343,21 @@ else
   echo "Balance of Satoshis setting unchanged."
 fi
 
+# lnproxy process choice
+choice="off"; check=$(echo "${CHOICES}" | grep -c "lp")
+if [ ${check} -eq 1 ]; then choice="on"; fi
+if [ "${lnproxy}" != "${choice}" ]; then
+  echo "lnproxy setting changed .."
+  anychange=1
+  sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh ${choice}
+  source /mnt/hdd/raspiblitz.conf
+  if [ "${lnproxy}" =  "on" ]; then
+    sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh menu
+  fi
+else
+  echo "lnproxy setting unchanged."
+fi
+
 # PyBLOCK process choice
 choice="off"; check=$(echo "${CHOICES}" | grep -c "ya")
 if [ ${check} -eq 1 ]; then choice="on"; fi
@@ -717,6 +736,17 @@ else
   echo "ItchySats setting unchanged."
 fi
 
+# fints process choice  
+choice="off"; check=$(echo "${CHOICES}" | grep -c "fn")
+if [ ${check} -eq 1 ]; then choice="on"; fi
+if [ "${fints}" != "${choice}" ]; then
+  echo "fints setting changed .."
+  anychange=1
+  sudo -u admin /home/admin/config.scripts/bonus.fints.sh ${choice}
+else
+  echo "fints setting unchanged."
+fi
+
 if [ ${anychange} -eq 0 ]; then
      dialog --msgbox "NOTHING CHANGED!\nUse Spacebar to check/uncheck services." 8 58
      exit 0

home.admin/99clMenu.sh

@@ -94,7 +94,7 @@ case $CHOICE in
       fi
       cd /home/bitcoin/suez || exit 1
       echo
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}
+      sudo -u bitcoin poetry run ./suez --client=c-lightning --client-args=--conf=${CLCONF}
       echo
       echo "Press ENTER to return to main menu."
       read key

home.admin/99lndMenu.sh

@@ -118,7 +118,7 @@ case $CHOICE in
         /home/admin/config.scripts/bonus.suez.sh on
       fi
       cd /home/bitcoin/suez || exit 1 
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
+      sudo -u bitcoin poetry run ./suez \
         --client-args=-n=${CHAIN} \
         --client-args=--rpcserver=localhost:1${L2rpcportmod}009
       echo

home.admin/BBcashoutWallet.sh

@@ -97,7 +97,7 @@ echo "******************************"
 # execute command
 if [ ${LNTYPE} = "cl" ];then
   # withdraw destination satoshi [feerate] [minconf] [utxos]
-  command="$lightningcli_alias withdraw ${address} all slow"
+  command="$lightningcli_alias withdraw ${address} all"
 elif [ ${LNTYPE} = "lnd" ];then
   command="$lncli_alias sendcoins --sweepall --addr=${address} --conf_target=36"
 fi

home.admin/_background.scan.sh

@@ -565,7 +565,7 @@ do
     fi
     if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_QUICK} ]; then
       echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net status"
-      source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net status)
+      source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net status)
       /home/admin/_cache.sh set ln_lnd_${CHAIN}net_activated "1"
       /home/admin/_cache.sh set ln_lnd_${CHAIN}net_locked "${ln_lnd_locked}"
       /home/admin/_cache.sh set ln_lnd_${CHAIN}net_version "${ln_lnd_version}"
@@ -595,7 +595,7 @@ do
       if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_LONG} ]; then
         error=""
         echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net config"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net config)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net config)
         if [ "${error}" == "" ]; then
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_alias "${ln_lnd_alias}"
           if [ "${isDefaultLightning}" == "1" ] && [ "${isDefaultChain}" == "1" ]; then
@@ -638,7 +638,7 @@ do
       if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_MID} ]; then
         error=""
         echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net info"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net info)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net info)
         if [ "${error}" == "" ]; then
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_address "${ln_lnd_address}"
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_tor "${ln_lnd_tor}"
@@ -688,7 +688,7 @@ do
       if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_QUICK} ]; then
         error=""
         echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net wallet"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net wallet)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net wallet)
         if [ "${error}" == "" ]; then
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_wallet_onchain_balance "${ln_lnd_wallet_onchain_balance}"
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_wallet_onchain_pending "${ln_lnd_wallet_onchain_pending}"
@@ -720,7 +720,7 @@ do
       if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_LONG} ]; then
         error=""
         echo "updating: /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net fees"
-        source <(/home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net fees)
+        source <(timeout 30s /home/admin/config.scripts/lnd.monitor.sh ${CHAIN}net fees)
         if [ "${error}" == "" ]; then
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_fees_daily "${ln_lnd_fees_daily}"
           /home/admin/_cache.sh set ln_lnd_${CHAIN}net_fees_weekly "${ln_lnd_fees_weekly}"
@@ -795,7 +795,7 @@ do
     fi
     if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_QUICK} ]; then
       echo "updating: /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net status"
-      source <(/home/admin/config.scripts/cl.monitor.sh ${CHAIN}net status)
+      source <(timeout 30s /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net status)
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_activated "1"
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_version "${ln_cl_version}"
       /home/admin/_cache.sh set ln_cl_${CHAIN}net_running "${ln_cl_running}"
@@ -850,7 +850,7 @@ do
       if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_MID} ]; then
         error=""
         echo "updating: /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net info"
-        source <(/home/admin/config.scripts/cl.monitor.sh ${CHAIN}net info)
+        source <(timeout 30s /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net info)
         if [ "${error}" == "" ]; then
           /home/admin/_cache.sh set ln_cl_${CHAIN}net_alias "${ln_cl_alias}"
           /home/admin/_cache.sh set ln_cl_${CHAIN}net_address "${ln_cl_address}"
@@ -904,7 +904,7 @@ do
       if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${CYCLE_MID} ]; then
         error=""
         echo "updating: /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net wallet"
-        source <(/home/admin/config.scripts/cl.monitor.sh ${CHAIN}net wallet)
+        source <(timeout 30s /home/admin/config.scripts/cl.monitor.sh ${CHAIN}net wallet)
         if [ "${error}" == "" ]; then
           /home/admin/_cache.sh set ln_cl_${CHAIN}net_wallet_onchain_balance "${ln_cl_wallet_onchain_balance}"
           /home/admin/_cache.sh set ln_cl_${CHAIN}net_wallet_onchain_pending "${ln_cl_wallet_onchain_pending}"

home.admin/_commands.sh

@@ -570,10 +570,10 @@ function suez() {
     clear
     echo "# Showing the channels of ${lightning} ${chain}net - consider reducing the font size (press CTRL- or CMD-)"
     if [ ${lightning} = cl ]; then
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
+      sudo -u bitcoin poetry run ./suez \
       --client=c-lightning --client-args=--conf=${CLCONF}
     elif [ ${lightning} = lnd ]; then
-      sudo -u bitcoin /home/bitcoin/.local/bin/poetry run ./suez \
+      sudo -u bitcoin poetry run ./suez \
       --client-args=-n=${CHAIN} \
       --client-args=--rpcserver=localhost:1${L2rpcportmod}009
     fi

home.admin/_provision_.sh

@@ -643,6 +643,15 @@ else
   echo "Provisioning Balance of Satoshis - keep default" >> ${logFile}
 fi
 
+# LNPROXY
+if [ "${lnproxy}" = "on" ]; then
+  echo "Provisioning lnproxy - run config script" >> ${logFile}
+  /home/admin/_cache.sh set message "Setup lnproxy"
+  sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh on >> ${logFile} 2>&1
+else
+  echo "Provisioning lnproxy - keep default" >> ${logFile}
+fi
+
 # thunderhub
 if [ "${thunderhub}" = "on" ]; then
   echo "Provisioning ThunderHub - run config script" >> ${logFile}
@@ -805,6 +814,15 @@ else
   echo "Provisioning LightningTipBot - keep default" >> ${logFile}
 fi
 
+# FinTS
+if [ "${fints}" = "on" ]; then
+  echo "Provisioning FinTS - run config script" >> ${logFile}
+  /home/admin/_cache.sh set message "Setup FinTS"
+  sudo -u admin /home/admin/config.scripts/bonus.fints.sh on >> ${logFile} 2>&1
+else
+  echo "Provisioning FinTS - keep default" >> ${logFile}
+fi
+
 # custom install script from user
 customInstallAvailable=$(ls /mnt/hdd/app-data/custom-installs.sh 2>/dev/null | grep -c "custom-installs.sh")
 if [ ${customInstallAvailable} -gt 0 ]; then

home.admin/_version.info

@@ -1,3 +1,3 @@
 # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1')
-codeVersion="1.9.0rc2"
+codeVersion="1.9.0rc3"
 # keep last line with comment

home.admin/assets/nginx/sites-available/lnproxy_ssl.conf

@@ -14,7 +14,7 @@ server {
     error_log /var/log/nginx/error_lnproxy.log;
 
     location /api/ {
-        proxy_pass http://127.0.0.1:4747;
+        proxy_pass http://127.0.0.1:4747/;
 
         include /etc/nginx/snippets/ssl-proxy-params.conf;
     }

home.admin/assets/nginx/sites-available/lnproxy_tor.conf

@@ -13,7 +13,7 @@ server {
     error_log /var/log/nginx/error_lnproxy.log;
 
     location /api/ {
-        proxy_pass http://127.0.0.1:4747;
+        proxy_pass http://127.0.0.1:4747/;
 
         include /etc/nginx/snippets/ssl-proxy-params.conf;
     }

home.admin/assets/nginx/sites-available/lnproxy_tor_ssl.conf

@@ -13,7 +13,7 @@ server {
     error_log /var/log/nginx/error_lnproxy.log;
 
     location /api/ {
-        proxy_pass http://127.0.0.1:4747;
+        proxy_pass http://127.0.0.1:4747/;
 
         include /etc/nginx/snippets/ssl-proxy-params.conf;
     }

home.admin/config.scripts/blitz.debug.sh

@@ -406,6 +406,17 @@ else
   echo "- SPHINX is OFF by config"
 fi
 
+if [ "${fints}" == "on" ]; then  
+  echo
+  echo "*** LAST 20 FINTS LOGS ***"
+  echo "sudo journalctl -u fints -b --no-pager -n20"
+  sudo journalctl -u fints -b --no-pager -n20
+  echo "sudo tail -n 30 /home/fints/log/fuelifints.log"
+  sudo tail -n 30 /home/fints/log/fuelifints.log
+else
+  echo "- FINTS is OFF by config"
+fi
+
 echo
 echo "*** MOUNTED DRIVES ***"
 echo "df -T -h"

home.admin/config.scripts/blitz.git-verify.sh

@@ -30,10 +30,9 @@ PGPsigner="$1"
 PGPpubkeyLink="$2"
 PGPpubkeyFingerprint="$3"
 
-
 wget -O /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc "${PGPpubkeyLink}"
 gpg --import --import-options show-only /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc
-fingerprint=$(gpg --show-keys /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
+fingerprint=$(gpg --show-keys --keyid-format LONG /var/cache/raspiblitz/pgp_keys_${PGPsigner}.asc 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
 if [ "${fingerprint}" -lt 1 ]; then
   echo
   echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}" >&2

home.admin/config.scripts/blitz.migration.sh

@@ -26,21 +26,21 @@ defaultUploadPath="/mnt/hdd/temp/migration"
 # get local ip
 source <(/home/admin/config.scripts/internet.sh status local)
 
-# SFTP download and upload links
+# SCP download and upload links
-sftpDownloadUnix="sftp -r 'bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz' ./"
+downloadUnix="scp -r 'bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz' ./"
-sftpDownloadWin="sftp -r bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz ."
+downloadWin="scp -r bitcoin@${localip}:${defaultUploadPath}/raspiblitz-*.tar.gz ."
-sftpUploadUnix="sftp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
+uploadUnix="scp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
-sftpUploadWin="sftp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
+uploadWin="scp -r ./raspiblitz-*.tar.gz bitcoin@${localip}:${defaultUploadPath}"
 
 # output status data & exit
 if [ "$1" = "status" ]; then
   echo "# RASPIBLITZ Data Import & Export"
   echo "localip=\"${localip}\""
   echo "defaultUploadPath=\"${defaultUploadPath}\""
-  echo "sftpDownloadUnix=\"${sftpDownloadUnix}\""
+  echo "downloadUnix=\"${downloadUnix}\""
-  echo "sftpUploadUnix=\"${sftpUploadUnix}\""
+  echo "uploadUnix=\"${uploadUnix}\""
-  echo "sftpDownloadWin=\"${sftpDownloadWin}\""
+  echo "downloadWin=\"${downloadWin}\""
-  echo "sftpUploadWin=\"${sftpUploadWin}\""
+  echo "uploadWin=\"${uploadWin}\""
   exit 1
 fi
 

home.admin/config.scripts/blitz.ssh.sh

@@ -32,11 +32,23 @@ fi
 ###################
 if [ "$1" = "renew" ]; then
   echo "# *** $0 $1"
-  sudo systemctl stop sshd
+
-  sudo rm /etc/ssh/ssh_host_*
+  # stop sshd
-  sudo ssh-keygen -A
+  systemctl stop sshd
-  sudo dpkg-reconfigure openssh-server
+
-  sudo systemctl start sshd
+  # remove old keys
+  rm /etc/ssh/ssh_host_*
+
+  # generate new keys
+  ssh-keygen -A
+  dpkg-reconfigure openssh-server
+
+  # clear journalctl logs
+  journalctl --rotate
+  journalctl --vacuum-time=1s
+
+  # restart sshd
+  systemctl start sshd
   exit 0
 fi
 
@@ -70,23 +82,15 @@ if [ "$1" = "checkrepair" ]; then
   countKeyFiles=$(ls -la /etc/ssh/ssh_host_* 2>/dev/null | grep -c "/etc/ssh/ssh_host")
   echo "# countKeyFiles(${countKeyFiles})"
   if [ ${countKeyFiles} -lt 8 ]; then
-  
     echo "# DETECTED: MISSING SSHD KEYFILES --> Generating new ones"
-    systemctl stop ssh
+    /home/admin/config.scripts/blitz.ssh.sh renew
-    echo "# ssh-keygen1"
-    cd /etc/ssh
-    ssh-keygen -A
-    systemctl start sshd
-    sleep 3
-
-    countKeyFiles=$(ls -la /etc/ssh/ssh_host_* 2>/dev/null | grep -c "/etc/ssh/ssh_host")
-    echo "# countKeyFiles(${countKeyFiles})"
-    if [ ${countKeyFiles} -lt 8 ]; then
-      echo "# FAIL: Was not able to generate new sshd host keys"
-    else
-      echo "# OK: New sshd host keys generated"
   fi
 
+  # check logs for "no hostkeys available"
+  noHostKeys=$(journalctl -u sshd | grep -c "no hostkeys available")
+  if [ ${noHostKeys} -gt 0 ]; then
+    echo "# DETECTED: SSHD LOGS 'no hostkeys available' --> Generating new ones"
+    /home/admin/config.scripts/blitz.ssh.sh renew
   fi
 
   # check if SSHD service is NOT running & active

home.admin/config.scripts/blitz.upload.sh

@@ -2,7 +2,7 @@
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
- echo "# use to prepare & check sftp or web file upload to RaspiBlitz"
+ echo "# use to prepare & check scp or web file upload to RaspiBlitz"
  echo "# blitz.upload.sh prepare-upload"
  echo "# blitz.upload.sh check-upload ?[scb|lnd-rescue|migration]"
  exit 0

home.admin/config.scripts/blitz.web.api.sh

@@ -95,25 +95,26 @@ if [ "$1" = "update-config" ]; then
     elif [ "${lightning}" == "cl" ]; then
 
       echo "# CONFIG Web API Lightning --> CL"
-      sed -i "s/^ln_node=.*/ln_node=cln_grpc/g" ./.env
+      sed -i "s/^ln_node=.*/ln_node=cln_jrpc/g" ./.env
+      sed -i "s/^cln_jrpc_path=.*/cln_jrpc_path="/mnt/hdd/app-data/.lightning/bitcoin/lightning-rpc"/g" ./.env
 
       # make sure cln-grpc is on
-      sudo /home/admin/config.scripts/cl-plugin.cln-grpc.sh on mainnet
+      # sudo /home/admin/config.scripts/cl-plugin.cln-grpc.sh on mainnet
 
       # get hex values of pem files
-      hexClient=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client.pem)
+      # hexClient=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client.pem)
-      hexClientKey=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client-key.pem)
+      # hexClientKey=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/client-key.pem)
-      hexCa=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/ca.pem)
+      # hexCa=$(sudo xxd -p -c2000 /home/bitcoin/.lightning/bitcoin/ca.pem)
-      if [ "${hexClient}" == "" ]; then
+      # if [ "${hexClient}" == "" ]; then
-        echo "# FAIL /home/bitcoin/.lightning/bitcoin/*.pem files maybe missing"
+      #   echo "# FAIL /home/bitcoin/.lightning/bitcoin/*.pem files maybe missing"
-      fi
+      # fi
 
       # update config with hex values
-      sed -i "s/^cln_grpc_cert=.*/cln_grpc_cert=${hexClient}/g" ./.env
+      # sed -i "s/^cln_grpc_cert=.*/cln_grpc_cert=${hexClient}/g" ./.env
-      sed -i "s/^cln_grpc_key=.*/cln_grpc_key=${hexClientKey}/g" ./.env
+      # sed -i "s/^cln_grpc_key=.*/cln_grpc_key=${hexClientKey}/g" ./.env
-      sed -i "s/^cln_grpc_ca=.*/cln_grpc_ca=${hexCa}/g" ./.env
+      # sed -i "s/^cln_grpc_ca=.*/cln_grpc_ca=${hexCa}/g" ./.env
-      sed -i "s/^cln_grpc_ip=.*/cln_grpc_ip=127.0.0.1/g" ./.env
+      # sed -i "s/^cln_grpc_ip=.*/cln_grpc_ip=127.0.0.1/g" ./.env
-      sed -i "s/^cln_grpc_port=.*/cln_grpc_port=4772/g" ./.env
+      # sed -i "s/^cln_grpc_port=.*/cln_grpc_port=4772/g" ./.env
 
     else
       echo "# CONFIG Web API Lightning --> OFF"

home.admin/config.scripts/bonus.btcpayserver.sh

@@ -3,9 +3,9 @@
 # Based on: https://gist.github.com/normandmickey/3f10fc077d15345fb469034e3697d0d0
 
 # https://github.com/dgarage/NBXplorer/tags
-NBXplorerVersion="v2.3.59"
+NBXplorerVersion="v2.3.62"
 # https://github.com/btcpayserver/btcpayserver/releases
-BTCPayVersion="v1.7.5"
+BTCPayVersion="v1.8.2"
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@@ -31,7 +31,7 @@ function NBXplorerConfig() {
     echo "# nbxplorermainnet database already exists"
   else
     echo "# Generate the database for nbxplorer"
-    sudo -u postgres psql -c "create database nbxplorermainnet;"
+    sudo -u postgres psql -c "CREATE DATABASE nbxplorermainnet TEMPLATE template0 LC_CTYPE 'C' LC_COLLATE 'C' ENCODING 'UTF8';"
     sudo -u postgres psql -c "create user nbxplorer with encrypted password 'raspiblitz';"
     sudo -u postgres psql -c "grant all privileges on database nbxplorermainnet to nbxplorer;"
   fi
@@ -68,7 +68,7 @@ function BtcPayConfig() {
       echo "# btcpaymainnet database already exists"
     else
       echo "# Generate the database for btcpay"
-      sudo -u postgres psql -c "create database btcpaymainnet;"
+      sudo -u postgres psql -c "CREATE DATABASE btcpaymainnet TEMPLATE template0 LC_CTYPE 'C' LC_COLLATE 'C' ENCODING 'UTF8';"
       sudo -u postgres psql -c "create user btcpay with encrypted password 'raspiblitz';"
       sudo -u postgres psql -c "grant all privileges on database btcpaymainnet to btcpay;"
     fi
@@ -696,6 +696,8 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
     echo "# deleting data"
     sudo -u postgres psql -c "drop database nbxplorermainnet;"
     sudo -u postgres psql -c "drop user nbxplorer;"
+    sudo -u postgres psql -c "drop database btcpaymainnet;"
+    sudo -u postgres psql -c "drop user btcpay;"
     sudo rm -R /mnt/hdd/app-data/.btcpayserver/
   else
     echo "# keeping data"

home.admin/config.scripts/bonus.fints.sh

@@ -0,0 +1,430 @@
+#!/bin/bash
+
+APPID="fints"
+VERSION="2.23"
+
+# the git repo to get the source code from for install
+GITHUB_REPO="https://github.com/drmartinberger/FueliFinTS"
+
+# the github tag of the version of the source code to install
+# can also be a commit hash
+# if empty it will use the latest source version
+GITHUB_TAG=""
+
+# the github signature to verify the author
+# leave GITHUB_SIGN_AUTHOR empty to skip verifying
+GITHUB_SIGN_AUTHOR="" #web-flow
+GITHUB_SIGN_PUBKEYLINK="https://github.com/web-flow.gpg"
+GITHUB_SIGN_FINGERPRINT="4AEE18F83AFDEB23"
+
+# port numbers the app should run on
+# delete if not an web app
+PORT_CLEAR="3110"
+PORT_SSL="3111"
+
+# BASIC COMMANDLINE OPTIONS
+# you can add more actions or parameters if needed - for example see the bonus.rtl.sh
+# to see how you can deal with an app that installs multiple instances depending on
+# lightning implementation or testnets - but this should be OK for a start:
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
+  echo "# Github Repo: ${GITHUB_REPO}"
+  echo "# Telegram Community Support: https://t.me/LN_FinTS"
+  echo "# bonus.${APPID}.sh status    -> status information (key=value)"
+  echo "# bonus.${APPID}.sh on        -> install the app"
+  echo "# bonus.${APPID}.sh off       -> uninstall the app"
+  echo "# bonus.${APPID}.sh menu      -> SSH menu dialog"
+  echo "# bonus.${APPID}.sh prestart  -> will be called by systemd before start"
+  exit 1
+fi
+
+# echoing comments is useful for logs - but start output with # when not a key=value
+echo "# Running: 'bonus.${APPID}.sh $*'"
+
+# check & load raspiblitz config
+source /mnt/hdd/raspiblitz.conf
+
+#########################
+# INFO
+#########################
+
+# this section is always executed to gather status information that
+# all the following commands can use & execute on
+
+# check if app is already installed
+isInstalled=$(sudo ls /etc/systemd/system/${APPID}.service 2>/dev/null | grep -c "${APPID}.service")
+
+# check if service is running
+isRunning=$(systemctl status ${APPID} 2>/dev/null | grep -c 'active (running)')
+
+if [ "${isInstalled}" == "1" ]; then
+
+  # gather address info (whats needed to call the app)
+  localIP=$(hostname -I | awk '{print $1}')
+  toraddress=$(sudo cat /mnt/hdd/tor/${APPID}/hostname 2>/dev/null)
+  #fingerprint=$(openssl x509 -in /mnt/hdd/app-data/nginx/tls.cert -fingerprint -noout | cut -d"=" -f2)
+
+fi
+
+# if the action parameter `status` was called - just stop here and output all
+# status information as a key=value list
+if [ "$1" = "status" ]; then
+  echo "appID='${APPID}'"
+  echo "version='${VERSION}'"
+  echo "githubRepo='${GITHUB_REPO}'"
+  echo "githubVersion='${GITHUB_TAG}'"
+  echo "githubSignature='${GITHUB_SIGNATURE}'"
+  echo "isInstalled=${isInstalled}"
+  echo "isRunning=${isRunning}"
+  if [ "${isInstalled}" == "1" ]; then
+    echo "portCLEAR=${PORT_CLEAR}"
+    echo "portSSL=${PORT_SSL}"
+    echo "localIP='${localIP}'"
+    echo "toraddress='${toraddress}'"
+    #echo "fingerprint='${fingerprint}'"
+    echo "toraddress='${toraddress}'"
+  fi
+  exit
+fi
+
+##########################
+# MENU
+#########################
+
+# The `menu` action should give at least a SSH info dialog - when an webapp show
+# URL to call (http & https+fingerprint) otherwise some instruction how to start it.
+
+# This SSH dialog will be later called by the MAIN MENU to be available to the user
+# when app is installed.
+
+# This menu can also have some more complex structure if you want to make it easy
+# to the user to set configurations or maintenance options - example bonus.lnbits.sh
+
+# show info menu
+if [ "$1" = "menu" ]; then
+
+  # get local ip
+  localIP=$(hostname -I | awk '{print $1}')
+
+  # set the title for the dialog
+  dialogTitle=" FinTS / HBCI Interface "
+
+  # basic info text - for an web app how to call with http & self-signed https
+  dialogText="This is an very early experimental feature.\nServer-URL: ${localIP}:${PORT_SSL}\n\nSee GitHub Repo for more Details:\n${GITHUB_REPO}\n\nTelegram Community Chat & Support (say hi):\nhttps://t.me/LN_FinTS\n\nUse OPTIONS to config with LNbits & Debug.\n\n"
+
+  # add tor info (if available)
+  if [ "${toraddress}" != "" ]; then
+    dialogText="${dialogText}Hidden Service address for Tor Connection:\n${toraddress}"
+  fi
+
+  # use whiptail to show SSH dialog & exit
+  whiptail --title "${dialogTitle}" --yes-button "OK" --no-button "OPTIONS" --yesno "${dialogText}" 19 67
+  result=$?
+  if [ ${result} -eq 0 ]; then
+    exit 0
+  fi
+
+  OPTIONS=()
+  OPTIONS+=(LNBITS "Edit lnbits.properties")
+  OPTIONS+=(DEBUG "Print Logs")
+
+  WIDTH=66
+  CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
+  HEIGHT=$((CHOICE_HEIGHT+7))
+  CHOICE=$(dialog --clear \
+                --title " ${APPID} - Options" \
+                --ok-label "Select" \
+                --cancel-label "Back" \
+                --menu "Choose one of the following options:" \
+                $HEIGHT $WIDTH $CHOICE_HEIGHT \
+                "${OPTIONS[@]}" \
+                2>&1 >/dev/tty)
+  case $CHOICE in
+    DEBUG)
+      clear
+      echo "# sudo tail -n 100 /home/fints/log/fuelifints.log"
+      sudo tail -n 100 /home/fints/log/fuelifints.log
+      echo "# PRESS ENTER to continue"
+      read key
+      ;;
+    LNBITS)
+      edittemp=$(mktemp -p /dev/shm/)
+      sudo -u fints dialog --title "Editing /home/fints/config/lnbits.properties" --editbox "/home/fints/config/lnbits.properties" 200 200 2> "${edittemp}"
+      result=$?
+      clear
+      if [ "${result}" == "0" ]; then
+        echo "# saving changes to /home/fints/config/lnbits.properties"
+        sudo rm /home/fints/config/lnbits.properties
+        sudo mv ${edittemp} /home/fints/config/lnbits.properties
+        sudo chown fints:fints /home/fints/config/lnbits.properties
+      else
+        echo "# (${result}) no changes - dont save"
+      fi
+      echo "# restarting fints service"
+      sudo systemctl restart fints
+      sleep 2
+      ;;
+  esac
+
+  echo "please wait ..."
+  exit 0
+fi
+
+##########################
+# ON / INSTALL
+##########################
+
+# This section takes care of installing the app.
+# The template contains some basic steps but also look at other install scripts
+# to see how special cases are solved.
+
+if [ "$1" = "1" ] || [ "$1" = "on" ]; then
+
+  # dont run install if already installed
+  if [ ${isInstalled} -eq 1 ]; then
+    echo "# ${APPID}.service is already installed."
+    exit 1
+  fi
+
+  echo "# Installing ${APPID} ..."
+
+  # install java & build tool
+  sudo apt install -y default-jdk
+  sudo apt install -y maven
+
+  # make sure mysql/myria db is available
+  sudo apt-get install -y mariadb-server mariadb-client
+
+  # create a dedicated user for the app
+  echo "# create user"
+  sudo adduser --disabled-password --gecos "" ${APPID} || exit 1
+
+  # add user to special groups with special access rights
+  # echo "# add use to special groups"
+  # sudo /usr/sbin/usermod --append --groups lndadmin ${APPID}
+
+  # create a data directory on /mnt/hdd/app-data/ for the app
+  if ! [ -d /mnt/hdd/app-data/${APPID} ]; then
+    echo "# create app-data directory"
+    sudo mkdir /mnt/hdd/app-data/${APPID} 2>/dev/null
+    sudo chown ${APPID}:${APPID} -R /mnt/hdd/app-data/${APPID}
+  else
+    echo "# reuse existing app-directory"
+    sudo chown ${APPID}:${APPID} -R /mnt/hdd/app-data/${APPID}
+  fi
+
+  # download source code and verify
+  # BACKGROUND is that now you download the code from github, reset to a given version tag/commit,
+  # verify the author. If you app provides its source/binaries in another way, may check
+  # other install scripts to see how that implement code download & verify.
+  echo "# download the source code & verify"
+  sudo -u ${APPID} git clone ${GITHUB_REPO} /home/${APPID}/${APPID}
+  cd /home/${APPID}/${APPID}
+
+  if [ "${GITHUB_TAG}" != "" ]; then
+    sudo -u ${APPID} git reset --hard $GITHUB_TAG
+  fi
+  if [ "${GITHUB_SIGN_AUTHOR}" != "" ]; then
+    sudo -u ${APPID} /home/admin/config.scripts/blitz.git-verify.sh \
+     "${GITHUB_SIGN_AUTHOR}" "${GITHUB_SIGN_PUBKEYLINK}" "${GITHUB_SIGN_FINGERPRINT}" "${GITHUB_TAG}" || exit 1
+  fi
+
+  # compile/install the app
+  echo "# compile/install the app"
+  cd /home/${APPID}/${APPID}
+  # install dependencies from pom.xml
+  sudo -u fints mvn package
+  if ! [ $? -eq 0 ]; then
+      echo "# FAIL - mvn package did not run correctly - deleting code & exit"
+      sudo rm -r /home/${APPID}/${APPID}
+      exit 1
+  fi
+  sudo -u fints cp /home/fints/fints/target/LN-FinTS-jar-with-dependencies.jar /home/fints/fints-fat.jar
+  if ! [ $? -eq 0 ]; then 
+      echo "# FAIL - was not able to copy /home/fints/fints-fat.jar"
+      sudo rm -r /home/${APPID}/${APPID}
+      exit 1
+  fi
+
+  # init database
+  sudo mariadb -e "DROP DATABASE IF EXISTS fints;"
+  sudo mariadb -e "CREATE DATABASE fints;"
+  sudo mariadb -e "GRANT ALL PRIVILEGES ON fints.* TO 'fintsuser' IDENTIFIED BY 'fints';"
+  sudo mariadb -e "FLUSH PRIVILEGES;"
+  if [ -f "dbsetup.sql" ]; then
+    mariadb -ufintsuser -pfints fints < dbsetup.sql
+  else
+    echo "# FAIL - dbsetup.sql not found - deleting code & exit"
+    sudo rm -r /home/${APPID}/${APPID}
+    exit 1
+  fi
+
+  # open the ports in the firewall
+  echo "# updating Firewall"
+  sudo ufw allow ${PORT_CLEAR} comment "${APPID} HTTP"
+  sudo ufw allow ${PORT_SSL} comment "${APPID} HTTPS"
+
+  # every app has their own systemd service that cares about starting &
+  # running the app in the background - see the PRESTART section for adhoc config
+  echo "# create systemd service: ${APPID}.service"
+  echo "
+[Unit]
+Description=${APPID}
+Wants=bitcoind
+After=bitcoind
+
+[Service]
+WorkingDirectory=/home/${APPID}
+Environment=\"HOME_PATH=/mnt/hdd/app-data/${APPID}\"
+ExecStartPre=-/home/admin/config.scripts/bonus.${APPID}.sh prestart
+ExecStart=java -jar /home/${APPID}/fints-fat.jar
+User=${APPID}
+Restart=always
+TimeoutSec=120
+RestartSec=30
+StandardOutput=null
+StandardError=journal
+
+# Hardening measures
+PrivateTmp=true
+ProtectSystem=full
+NoNewPrivileges=true
+PrivateDevices=true
+
+[Install]
+WantedBy=multi-user.target
+" | sudo tee /etc/systemd/system/${APPID}.service
+  sudo chown root:root /etc/systemd/system/${APPID}.service
+
+  # when tor is set on also install the hidden service
+  if [ "${runBehindTor}" = "on" ]; then
+    # activating tor hidden service
+    /home/admin/config.scripts/tor.onion-service.sh ${APPID} 80 ${PORT_CLEAR} 443 ${PORT_SSL}
+  fi
+
+  # create keystore if needed
+  keystoreExists=$(sudo ls /mnt/hdd/app-data/fints/keystore.jks 2>/dev/null | grep -c 'keystore.jks')
+  if [ ${keystoreExists} -eq 0 ]; then
+    echo "# creating keystore"
+    sudo -u fints keytool -genkey -keyalg RSA -alias fints -keystore /mnt/hdd/app-data/fints/keystore.jks -storepass raspiblitz -noprompt -dname "CN=raspiblitz, OU=IT, O=raspiblitz, L=world, S=world, C=BZ"
+  else
+    echo "# keystore already exists"
+  fi
+  
+  # config app basics: lnbits.properties
+  sudo -u fints mkdir /home/fints/config
+  sudo -u fints cp /home/fints/fints/config/fuelifints.properties /home/fints/config/fuelifints.properties
+  sudo sed -i "s/^productinfo.csv.check=.*/productinfo.csv.check=false/g" /home/fints/config/fuelifints.properties
+  sudo sed -i "s/^rdh_port =.*/rdh_port = ${PORT_CLEAR}/g" /home/fints/config/fuelifints.properties
+  sudo sed -i "s/^ssl_port =.*/ssl_port = ${PORT_SSL}/g" /home/fints/config/fuelifints.properties
+  sudo sed -i "s/^keystore_location =.*/keystore_location = \/mnt\/hdd\/app-data\/fints\/keystore.jks/g" /home/fints/config/fuelifints.properties
+  sudo sed -i "s/^keystore_password =.*/keystore_password = raspiblitz/g" /home/fints/config/fuelifints.properties
+
+  # config app basics: blz.banking2.properties.example
+  sudo -u fints cp /home/fints/fints/config/blz.banking2.properties.example /home/fints/config/blz.banking2.properties
+
+  # config app basics: lnbits.properties
+  sudo -u fints cp /home/fints/fints/config/lnbits.properties.example /home/fints/config/lnbits.properties
+  # in file lnbits.properties replace the line starting with lnbitsUrl with the following line 'lnbitsUrl = http://127.0.0.1:5000'
+  sudo sed -i "s/lnbitsUrl =.*/lnbitsUrl = http:\/\/127.0.0.1:5000/g" /home/fints/config/lnbits.properties   
+
+  # mark app as installed in raspiblitz config
+  /home/admin/config.scripts/blitz.conf.sh set ${APPID} "on"
+
+  # enable app up thru systemd
+  sudo systemctl enable ${APPID}
+  echo "# OK - the ${APPID}.service is now enabled"
+
+  # start app (only when blitz is ready)
+  source <(/home/admin/_cache.sh get state)
+  if [ "${state}" == "ready" ]; then
+    sudo systemctl start ${APPID}
+    echo "# OK - the ${APPID}.service is now started"
+  fi
+
+  echo "# Monitor with: sudo journalctl -f -u ${APPID}"
+  exit 0
+
+fi
+
+##########################
+# PRESTART
+##########################
+
+# BACKGROUND is that this script will be called with `prestart` on every start & restart
+# of this apps systemd service. This has the benefit that right before the app is started
+# config parameters for this app can be updated so that it always starts with the most updated
+# values. With such an "adhoc config" it is for example possible to check right before start
+# what other apps are installed and configure connections. Even if those configs outdate later
+# while the app is running with the next restart they will then automatically update their config
+# again. If you dont need such "adhoc" config for your app - just leave it empty as it is, so
+# you maybe later on have the option to use it.
+
+if [ "$1" = "prestart" ]; then
+
+  # needs to be run as the app user - stop if not run as the app user
+  # keep in mind that in the prestart section you cannot use `sudo` command
+  if [ "$USER" != "${APPID}" ]; then
+    echo "# FAIL: run as user ${APPID}"
+    exit 1
+  fi
+
+  echo "## PRESTART CONFIG START for ${APPID} (called by systemd prestart)"
+  # at the moment no on the fly config is needed
+  echo "## PRESTART CONFIG DONE for ${APPID}"
+  exit 0
+fi
+
+###########################################
+# OFF / UNINSTALL
+# call with parameter `delete-data` to also
+# delete the persistent data directory
+###########################################
+
+# BACKGROUND is that this section removes entries in systemd, nginx, etc and then
+# deletes the user with its home directory to nuke all installed code
+
+# switch off
+if [ "$1" = "0" ] || [ "$1" = "off" ]; then
+
+  echo "# stop & remove systemd service"
+  sudo systemctl stop ${APPID} 2>/dev/null
+  sudo systemctl disable ${APPID}.service
+  sudo rm /etc/systemd/system/${APPID}.service
+
+  #echo "# remove nginx symlinks"
+  #sudo rm -f /etc/nginx/sites-enabled/${APPID}_ssl.conf 2>/dev/null
+  #sudo rm -f /etc/nginx/sites-enabled/${APPID}_tor.conf 2>/dev/null
+  #sudo rm -f /etc/nginx/sites-enabled/${APPID}_tor_ssl.conf 2>/dev/null
+  #sudo rm -f /etc/nginx/sites-available/${APPID}_ssl.conf 2>/dev/null
+  #sudo rm -f /etc/nginx/sites-available/${APPID}_tor.conf 2>/dev/null
+  #sudo rm -f /etc/nginx/sites-available/${APPID}_tor_ssl.conf 2>/dev/null
+  #sudo nginx -t
+  #sudo systemctl reload nginx
+
+  echo "# close ports on firewall"
+  sudo ufw deny "${PORT_CLEAR}"
+  sudo ufw deny "${PORT_SSL}"
+
+  echo "# delete user"
+  sudo userdel -rf ${APPID}
+
+  echo "# removing Tor hidden service (if active)"
+  /home/admin/config.scripts/tor.onion-service.sh off ${APPID}
+
+  echo "# mark app as uninstalled in raspiblitz config"
+  /home/admin/config.scripts/blitz.conf.sh set ${APPID} "off"
+
+  # only if 'delete-data' is an additional parameter then also the data directory gets deleted
+  if [ "$(echo "$@" | grep -c delete-data)" -gt 0 ]; then
+    echo "# found 'delete-data' parameter --> also deleting the app-data"
+    sudo rm -r /mnt/hdd/app-data/${APPID}
+  fi
+
+  echo "# OK - app should be uninstalled now"
+  exit 0
+
+fi
+
+# just a basic error message when unknown action parameter was given
+echo "# FAIL - Unknown Parameter $1"
+exit 1

home.admin/config.scripts/bonus.go.sh

@@ -28,7 +28,7 @@ case "$1" in
     goOSversion=$(dpkg --print-architecture)
     if [ ${goOSversion} = "armv6l" ]; then
       checksum=${armv6lChecksum}
-    elif [ ${goOSversion{} = "arm64" ]; then
+    elif [ ${goOSversion} = "arm64" ]; then
       checksum=${arm64Checksum}
     elif [ ${goOSversion} = "amd64" ]; then
       checksum=${amd64Checksum}

home.admin/config.scripts/bonus.jam.sh

@@ -2,7 +2,7 @@
 
 # https://github.com/joinmarket-webui/jam
 
-WEBUI_VERSION=0.1.4
+WEBUI_VERSION=0.1.5
 REPO=joinmarket-webui/jam
 USERNAME=jam
 HOME_DIR=/home/$USERNAME

home.admin/config.scripts/bonus.lit.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # https://github.com/lightninglabs/lightning-terminal/releases
-LITVERSION="0.8.4-alpha"
+LITVERSION="0.8.6-alpha"
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@@ -216,6 +216,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
       echo "# BUILD FAILED --> LND PGP Verify not OK / signature(${goodSignature}) verify(${correctKey})"
       exit 1
     fi
+
     ###########
     # install #
     ###########
@@ -231,6 +232,17 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
     ###########
     # config  #
     ###########
+
+    # check if lnd.conf has rpcmiddleware.enable entry under section Application Options
+    entryExists=$(sudo cat /mnt/hdd/lnd/lnd.conf | grep -c "rpcmiddleware.enable=")
+    if [ "${entryExists}" == "0" ]; then
+      echo "# add rpcmiddleware.enable=true to lnd.conf"
+      sudo sed -i "/^\[Application Options\]$/arpcmiddleware.enable=true" /mnt/hdd/lnd/lnd.conf
+    fi
+
+    # make sure lnd.conf has rpcmiddleware.enable=true
+    sudo sed -i "s/^rpcmiddleware.enable=.*/rpcmiddleware.enable=true/g" /mnt/hdd/lnd/lnd.conf
+
     if [ "${runBehindTor}" = "on" ]; then
       echo "# Connect to the Pool, Loop and Terminal server through Tor"
       LOOPPROXY="loop.server.proxy=127.0.0.1:9050"
@@ -240,7 +252,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
       LOOPPROXY=""
       POOLPROXY=""
     fi
-    PASSWORD_B=$(sudo cat /mnt/hdd/${network}/${network}.conf | grep rpcpassword | cut -c 13-)
+    PASSWORD_B=$(sudo cat /mnt/hdd/bitcoin/bitcoin.conf | grep rpcpassword | cut -c 13-)
     echo "
 # Application Options
 httpslisten=0.0.0.0:8443
@@ -251,7 +263,7 @@ remote.lit-debuglevel=debug
 
 # Remote lnd options
 remote.lnd.rpcserver=127.0.0.1:10009
-remote.lnd.macaroonpath=/home/lit/.lnd/data/chain/${network}/${chain}net/admin.macaroon
+remote.lnd.macaroonpath=/home/lit/.lnd/data/chain/bitcoin/${chain}net/admin.macaroon
 remote.lnd.tlscertpath=/home/lit/.lnd/tls.cert
 
 # Loop
@@ -347,6 +359,7 @@ alias lit-frcli=\"frcli --rpcserver=localhost:8443 \
   source <(/home/admin/_cache.sh get state)
   if [ "${state}" == "ready" ]; then
     echo "# OK - the litd.service is enabled, system is ready so starting service"
+    sudo systemctl restart lnd
     sudo systemctl start litd
   else
     echo "# OK - the litd.service is enabled, to start manually use: 'sudo systemctl start litd'"

home.admin/config.scripts/bonus.lnbits.sh

@@ -1,9 +1,9 @@
 #!/bin/bash
 
-# https://github.com/lnbits/lnbits-legend
+# https://github.com/lnbits/lnbits
 
-# https://github.com/lnbits/lnbits-legend/releases
+# https://github.com/lnbits/lnbits/releases
-tag="0.9.6"
+tag="0.10.2"
 VERSION="${tag}"
 
 # command info
@@ -502,7 +502,6 @@ if [ "$1" = "prestart" ]; then
 
     # set tls.cert path (use | as separator to avoid escaping file path slashes)
     sed -i "s|^LND_REST_CERT=.*|LND_REST_CERT=/mnt/hdd/app-data/lnd/tls.cert|g" /home/lnbits/lnbits/.env
-
     # set macaroon  path info in .env - USING HEX IMPORT
     chmod 600 /home/lnbits/lnbits/.env
     macaroonAdminHex=$(xxd -ps -u -c 1000 /mnt/hdd/app-data/lnd/data/chain/${LNBitsNetwork}/${LNBitsChain}net/admin.macaroon)
@@ -511,7 +510,8 @@ if [ "$1" = "prestart" ]; then
     sed -i "s/^LND_REST_ADMIN_MACAROON=.*/LND_REST_ADMIN_MACAROON=${macaroonAdminHex}/g" /home/lnbits/lnbits/.env
     sed -i "s/^LND_REST_INVOICE_MACAROON=.*/LND_REST_INVOICE_MACAROON=${macaroonInvoiceHex}/g" /home/lnbits/lnbits/.env
     sed -i "s/^LND_REST_READ_MACAROON=.*/LND_REST_READ_MACAROON=${macaroonReadHex}/g" /home/lnbits/lnbits/.env
-    sed -i "s/^LND_REST_ENDPOINT=.*/LND_REST_ENDPOINT=https://127.0.0.1:${portprefix}8080/g" /home/lnbits/lnbits/.env
+    # set the REST endpoint (use | as separator to avoid escaping slashes)
+    sed -i "s|^LND_REST_ENDPOINT=.*|LND_REST_ENDPOINT=https://127.0.0.1:${portprefix}8080|g" /home/lnbits/lnbits/.env
 
   elif [ "${LNBitsLightning}" == "cl" ]; then
 
@@ -579,16 +579,11 @@ if [ "$1" = "sync" ] || [ "$1" = "repo" ]; then
   # pull latest code
   sudo -u lnbits git pull
 
-  # install
+  # check if poetry in installed, if not install it
-  sudo -u lnbits python3 -m venv venv
+  sudo -u lnbits which poetry || sudo -u lnbits curl -sSL https://install.python-poetry.org | sudo -u lnbits python3 -
-  sudo -u lnbits ./venv/bin/pip install -r requirements.txt
+  # do install like this
-  sudo -u lnbits ./venv/bin/pip install pylightning
+  sudo -u lnbits poetry install
-  sudo -u lnbits ./venv/bin/pip install secp256k1
-  sudo -u lnbits ./venv/bin/pip install pyln-client
-  sudo -u lnbits ./venv/bin/pip install psycopg2 # conv.py postgres migration dependency
 
-  # build
-  sudo -u lnbits ./venv/bin/python build.py
   # restart lnbits service
   sudo systemctl restart lnbits
   echo "# server is restarting ... maybe takes some seconds until available"
@@ -627,7 +622,7 @@ if [ "$1" = "install" ]; then
   echo "# get the github code user(${githubUser}) branch(${tag})"
   sudo rm -r /home/lnbits/lnbits 2>/dev/null
   cd /home/lnbits  || exit 1
-  sudo -u lnbits git clone https://github.com/${githubUser}/lnbits-legend lnbits
+  sudo -u lnbits git clone https://github.com/${githubUser}/lnbits lnbits
   cd /home/lnbits/lnbits || exit 1
   sudo -u lnbits git checkout ${tag} || exit 1
 
@@ -635,16 +630,14 @@ if [ "$1" = "install" ]; then
   echo "# installing application dependencies"
   cd /home/lnbits/lnbits  || exit 1
 
+  # check if poetry in installed, if not install it
+  if ! sudo -u lnbits which poetry; then
+    echo "# install poetry"
+    sudo pip3 install --upgrade pip
+    sudo pip3 install poetry
+  fi
   # do install like this
-  sudo -u lnbits python3 -m venv venv
+  sudo -u lnbits poetry install
-  sudo -u lnbits ./venv/bin/pip install -r requirements.txt
-  sudo -u lnbits ./venv/bin/pip install pylightning
-  sudo -u lnbits ./venv/bin/pip install secp256k1
-  sudo -u lnbits ./venv/bin/pip install pyln-client
-  sudo -u lnbits ./venv/bin/pip install psycopg2 # conv.py postgres migration dependency
-
-  # build
-  sudo -u lnbits ./venv/bin/python build.py
 
   exit 0
 fi
@@ -739,7 +732,6 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   echo "# preparing env file"
   sudo rm /home/lnbits/lnbits/.env 2>/dev/null
   sudo -u lnbits touch /home/lnbits/lnbits/.env
-  sudo bash -c "echo 'LNBITS_FORCE_HTTPS=0' >> /home/lnbits/lnbits/.env"
 
   if [ ! -e /mnt/hdd/app-data/LNBits/database.sqlite3 ]; then
     echo "# install database: PostgreSQL"
@@ -789,7 +781,7 @@ After=bitcoind.service
 [Service]
 WorkingDirectory=/home/lnbits/lnbits
 ExecStartPre=/home/admin/config.scripts/bonus.lnbits.sh prestart
-ExecStart=/home/lnbits/lnbits/venv/bin/uvicorn lnbits.__main__:app --port 5000
+ExecStart=/bin/sh -c 'cd /home/lnbits/lnbits && poetry run lnbits --port 5000'
 User=lnbits
 Restart=always
 TimeoutSec=120
@@ -1192,7 +1184,7 @@ if [ "$1" = "migrate" ]; then
     sudo systemctl stop lnbits
 
     echo "# Start convert old SQLite to new PostgreSQL"
-    if ! sudo -u lnbits ./venv/bin/python tools/conv.py; then
+    if ! sudo -u lnbits poetry run python tools/conv.py; then
       echo "FAIL - Convert failed, revert migration process"
       revertMigration
       exit 1

home.admin/config.scripts/bonus.lndg.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
  
 # https://github.com/cryptosharks131/lndg
-VERSION="1.5.0 "
+VERSION="1.6.0 "
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@@ -449,11 +449,13 @@ if [ "$1" = "update" ]; then
   cd /home/lndg/lndg || exit 1
   sudo -u lndg git pull
   sudo -u lndg .venv/bin/pip install requests
+  sudo -u lndg .venv/bin/pip install -r requirements.txt
   sudo -u lndg .venv/bin/python manage.py migrate
   
   # reinitialize settings.py in case update requires it
   sudo rm /home/lndg/lndg/lndg/settings.py 
-  sudo /home/lndg/lndg/.venv/bin/python /home/lndg/lndg/initialize.py -wn
+  sudo /home/lndg/lndg/.venv/bin/python initialize.py -wn
+  cd /home/admin
   
   # restart services
   sudo systemctl restart nginx

home.admin/config.scripts/bonus.lnproxy.sh

@@ -38,7 +38,7 @@ To use the API:
 curl -k https://${localip}:4749/api/{invoice}?routing_msat={budget}\n
 The Tor Hidden Service address to share for using the API:
 ${torAddress}/api
-" 19 67
+" 20 70
       sudo /home/admin/config.scripts/blitz.display.sh hide
     else
       # Info without Tor
@@ -204,7 +204,6 @@ EOF
   sudo nginx -t
   sudo systemctl reload nginx
 
-  sudo ufw allow 4747 comment lnproxy-HTTP
   sudo ufw allow 4748 comment lnproxy-webui-HTTP
   sudo ufw allow 4749 comment lnproxy-HTTPS
 
@@ -214,9 +213,11 @@ EOF
   /home/admin/config.scripts/blitz.conf.sh set lnproxy "on"
 
   echo "# API:"
-  echo "curl http://${localip}:4747/{your_invoice}?routing_msat={routing_budget}"
+  echo "curl http://127.0.0.1:4747/{your_invoice}?routing_msat={routing_budget}"
+  echo "curl -k https://${localip}:4749/api/{your_invoice}?routing_msat={routing_budget}"
   echo "# WebUI:"
   echo "http://${localip}:4748"
+  echo "https://${localip}:4749"
   echo "# More info at:"
   echo "https://github.com/lnproxy/lnproxy"
 
@@ -231,15 +232,14 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
 
   # remove systemd services
   sudo systemctl disable --now lnproxy
-  /etc/systemd/system/lnproxy.service
+  sudo rm -f /etc/systemd/system/lnproxy.service
   sudo systemctl disable --now lnproxy-webui
-  /etc/systemd/system/lnproxy-webui.service
+  sudo rm -f /etc/systemd/system/lnproxy-webui.service
 
   # remove Tor service
   /home/admin/config.scripts/tor.onion-service.sh off lnproxy
 
   # close ports on firewall
-  sudo ufw delete allow 4747
   sudo ufw delete allow 4748
   sudo ufw delete allow 4749
 

home.admin/config.scripts/bonus.rtl.sh

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 # https://github.com/Ride-The-Lightning/RTL/releases
-RTLVERSION="v0.13.0"
+RTLVERSION="v0.13.6"
 
 # check and load raspiblitz config
 # to know which network is running
@@ -117,7 +117,6 @@ Activate Tor to access the web interface from outside your local network.
   exit 0
 fi
 
-
 ########################################
 # INSTALL (just user, code & compile)
 ########################################
@@ -163,7 +162,7 @@ if [ "$1" = "install" ]; then
   # install
   echo "# Running npm install ..."
   export NG_CLI_ANALYTICS=false
-  sudo -u rtl npm install --omit=dev
+  sudo -u rtl npm install --omit=dev --legacy-peer-deps
   if ! [ $? -eq 0 ]; then
     echo "# FAIL - npm install did not run correctly - deleting code and exit"
     sudo rm -r /home/rtl/RTL
@@ -252,7 +251,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   fi
 
   echo "# Updating Firewall"
-  sudo ufw allow ${RTLHTTP} comment "${systemdService} HTTP"
+  sudo ufw allow "${RTLHTTP}" comment "${systemdService} HTTP"
   sudo ufw allow $((RTLHTTP + 1)) comment "${systemdService} HTTPS"
   echo
 
@@ -455,19 +454,19 @@ if [ "$1" = "prestart" ]; then
   # LND changes of config
   if [ "${LNTYPE}" == "lnd" ]; then
     echo "# LND Config"
-    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json | \
+    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json |
-    jq ".port = \"${RTLHTTP}\"" | \
+      jq ".port = \"${RTLHTTP}\"" |
-    jq ".multiPass = \"${RPCPASSWORD}\"" | \
+      jq ".multiPass = \"${RPCPASSWORD}\"" |
-    jq ".multiPassHashed = \"\"" | \
+      jq ".multiPassHashed = \"\"" |
-    jq ".nodes[0].lnNode = \"${hostname}\"" | \
+      jq ".nodes[0].lnNode = \"${hostname}\"" |
-    jq ".nodes[0].lnImplementation = \"LND\"" | \
+      jq ".nodes[0].lnImplementation = \"LND\"" |
-    jq ".nodes[0].Authentication.macaroonPath = \"/home/rtl/.lnd/data/chain/${network}/${CHAIN}/\"" | \
+      jq ".nodes[0].Authentication.macaroonPath = \"/home/rtl/.lnd/data/chain/${network}/${CHAIN}/\"" |
-    jq ".nodes[0].Authentication.configPath = \"/home/rtl/.lnd/${netprefix}lnd.conf\"" | \
+      jq ".nodes[0].Authentication.configPath = \"/home/rtl/.lnd/${netprefix}lnd.conf\"" |
-    jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" | \
+      jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" |
-    jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" | \
+      jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" |
-    jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" | \
+      jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" |
-    jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}8080\"" | \
+      jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}8080\"" |
-    jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" | \
+      jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" |
       jq ".nodes[0].Settings.swapServerUrl = \"https://127.0.0.1:${SWAPSERVERPORT}\"" >/mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp
     mv /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json
   fi
@@ -476,19 +475,19 @@ if [ "$1" = "prestart" ]; then
   # https://github.com/Ride-The-Lightning/RTL/blob/master/docs/C-Lightning-setup.md
   if [ "${LNTYPE}" == "cl" ]; then
     echo "# CL Config"
-    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json | \
+    cat /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json |
-    jq ".port = \"${RTLHTTP}\"" | \
+      jq ".port = \"${RTLHTTP}\"" |
-    jq ".multiPass = \"${RPCPASSWORD}\"" | \
+      jq ".multiPass = \"${RPCPASSWORD}\"" |
-    jq ".multiPassHashed = \"\"" | \
+      jq ".multiPassHashed = \"\"" |
-    jq ".nodes[0].lnNode = \"${hostname}\"" | \
+      jq ".nodes[0].lnNode = \"${hostname}\"" |
-    jq ".nodes[0].lnImplementation = \"CLT\"" | \
+      jq ".nodes[0].lnImplementation = \"CLT\"" |
-    jq ".nodes[0].Authentication.macaroonPath = \"/home/bitcoin/c-lightning-REST/${CLNETWORK}/certs\"" | \
+      jq ".nodes[0].Authentication.macaroonPath = \"/home/bitcoin/c-lightning-REST/${CLNETWORK}/certs\"" |
-    jq ".nodes[0].Authentication.configPath = \"${CLCONF}\"" | \
+      jq ".nodes[0].Authentication.configPath = \"${CLCONF}\"" |
-    jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" | \
+      jq ".nodes[0].Authentication.swapMacaroonPath = \"/home/rtl/.loop/${CHAIN}/\"" |
-    jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" | \
+      jq ".nodes[0].Authentication.boltzMacaroonPath = \"/home/rtl/.boltz-lnd/macaroons/\"" |
-    jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" | \
+      jq ".nodes[0].Settings.userPersona = \"OPERATOR\"" |
-    jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}6100\"" | \
+      jq ".nodes[0].Settings.lnServerUrl = \"https://127.0.0.1:${portprefix}6100\"" |
-    jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" | \
+      jq ".nodes[0].Settings.channelBackupPath = \"/mnt/hdd/app-data/rtl/${systemdService}-SCB-backup-$hostname\"" |
       jq ".nodes[0].Settings.swapServerUrl = \"https://127.0.0.1:${SWAPSERVERPORT}\"" >/mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp
     mv /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json.tmp /mnt/hdd/app-data/rtl/${systemdService}/RTL-Config.json
   fi
@@ -547,24 +546,23 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
 
   # only if 'purge' is an additional parameter (other instances/services might need this)
   if [ "$(echo "$@" | grep -c purge)" -gt 0 ]; then
-    home/admin/config.scripts/bonus.rtl.sh uninstall
+    /home/admin/config.scripts/bonus.rtl.sh uninstall
     if [ $LNTYPE = cl ]; then
-      /home/admin/config.scripts/cl.rest.sh off ${CHAIN}
+      /home/admin/config.scripts/cl.rest.sh off ${CHAIN} purge
     fi
     echo "# Delete all configs"
     sudo rm -rf /mnt/hdd/app-data/rtl
   fi
 
   # close ports on firewall
-  sudo ufw deny "${RTLHTTP}"
+  sudo ufw delete allow "${RTLHTTP}"
-  sudo ufw deny $((RTLHTTP+1))
+  sudo ufw delete allow $((RTLHTTP + 1))
 
   # needed for API/WebUI as signal that install ran thru
   echo "result='OK'"
   exit 0
 fi
 
-
 if [ "$1" = "update" ]; then
   echo "# UPDATING RTL"
   cd /home/rtl/RTL || exit 1
@@ -591,7 +589,7 @@ if [ "$1" = "update" ]; then
       # https://github.com/Ride-The-Lightning/RTL#or-update-existing-dependencies
       echo "# Running npm install ..."
       export NG_CLI_ANALYTICS=false
-      sudo -u rtl npm install --omit=dev
+      sudo -u rtl npm install --omit=dev --legacy-peer-deps
       if ! [ $? -eq 0 ]; then
         echo "# FAIL - npm install did not run correctly - deleting code and exit"
         sudo rm -r /home/rtl/RTL
@@ -607,7 +605,7 @@ if [ "$1" = "update" ]; then
     sudo -u rtl git pull -p
     echo "# Running npm install ..."
     export NG_CLI_ANALYTICS=false
-    sudo -u rtl npm install --only=prod --logLevel warn
+    sudo -u rtl npm install --omit=dev --legacy-peer-deps
     if ! [ $? -eq 0 ]; then
       echo "# FAIL - npm install did not run correctly - deleting code and exit"
       sudo rm -r /home/rtl/RTL
@@ -616,7 +614,10 @@ if [ "$1" = "update" ]; then
       echo "# OK - RTL install looks good"
       echo
     fi
-    currentRTLcommit=$(cd /home/rtl/RTL; git describe --tags)
+    currentRTLcommit=$(
+      cd /home/rtl/RTL || exit 1
+      git describe --tags
+    )
     echo "# Updated RTL to $currentRTLcommit"
   else
     echo "# Unknown option: $updateOption"

home.admin/config.scripts/bonus.sphinxrelay.sh

@@ -107,7 +107,7 @@ iOS support is native, Android needs Orbot"
     text="${text}\n
 At the moment your Sphinx Relay Server is just available
 within the local network - without transport encryption.
-Local server for test & debug: ${publicURL}/app"#\n
+Local server for test & debug: ${publicURL}/app#\n
 To enable easy reachability from the outside consider
 adding a IP2TOR Bridge and reconnect:
 MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
@@ -132,8 +132,7 @@ MAINMENU > SUBSCRIBE > IP2TOR > SPHINX"
 BUT TO MAKE THIS WORK:\n
 It needs an additional Domain with LetsEncrypt certificate for HTTPS: Go MAINMENU > SUBSCRIBE and add LetsEncrypt HTTPS Domain\n
 (or cancel the IP2Tor & just use sphinx within local network)"
-    whiptail --title " Warning " \
+    whiptail --title " Warning " --msgbox "${text}" 15 72
-    --msgbox "${text}" 15 72
     exit 0
   fi
 

home.admin/config.scripts/bonus.suez.sh

@@ -33,9 +33,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
 
   cd /home/bitcoin || exit 1
 
-  # dependency
+  # poetry
-  sudo -u bitcoin curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py\
+  sudo pip3 install --upgrade pip
-    | sudo -u bitcoin python -
+  sudo pip3 install poetry
 
   # download source code
   sudo -u bitcoin git clone https://github.com/prusnak/suez.git
@@ -43,7 +43,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   sudo -u bitcoin git reset --hard $SUEZVERSION
   sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
+  sudo -u bitcoin poetry install
 
   # setting value in raspi blitz config
   /home/admin/config.scripts/blitz.conf.sh set suez "on"
@@ -74,8 +74,8 @@ if [ "$1" = "update" ]; then
   echo "# UPDATE SUEZ"
   cd /home/bitcoin || exit 1
   # dependency
-  sudo -u bitcoin curl -sSL https://raw.githubusercontent.com/python-poetry/poetry/master/install-poetry.py\
+  sudo pip3 install --upgrade pip
-    | sudo -u bitcoin python -
+  sudo pip3 install poetry
   # download source code
   if [ -d suez ]; then
     sudo -u bitcoin git clone https://github.com/prusnak/suez.git
@@ -84,7 +84,7 @@ if [ "$1" = "update" ]; then
   sudo -u bitcoin git pull
   sudo -u bitcoin /home/admin/config.scripts/blitz.git-verify.sh \
     "${PGPsigner}" "${PGPpubkeyLink}" "${PGPpubkeyFingerprint}" || exit 1
-  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
+  sudo -u bitcoin poetry install
   echo "# Updated to the latest in https://github.com/prusnak/suez/commits/master"
   exit 0
 fi

home.admin/config.scripts/bonus.tallycoin-connect.sh

@@ -8,7 +8,7 @@ HOME_DIR=/home/$USERNAME
 CONFIG_FILE=$APP_DATA_DIR/tallycoin_api.key
 RASPIBLITZ_INFO=/home/admin/raspiblitz.info
 SERVICE_FILE=/etc/systemd/system/tallycoin-connect.service
-TC_VERSION=1.7.5
+TC_VERSION=1.8.0
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then

home.admin/config.scripts/bonus.telegraf.sh

@@ -68,6 +68,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   # 
   # changed according suggestion from @frennkie in #1501
   echo "deb https://repos.influxdata.com/debian ${DISTRIB_ID} stable" | sudo tee -a /etc/apt/sources.list.d/influxdb.list >/dev/null
+  #
+  # as the key is untrusted, this is a dirty fix
+  sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys D8FF8E1F7DF8B07E
   sudo apt-get update
   sudo apt-get install -y telegraf
 
@@ -77,6 +80,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   #
   # enable telegraf as admin for lnd
   sudo usermod telegraf -a -G lndadmin
+  #
+  # add telegraf to sudoers (for later application with smartmontools)
+  sudo usermod telegraf -a -G sudo
 
   # stop telegraf service
   sudo systemctl stop telegraf.service
@@ -84,7 +90,7 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   echo "*** telegraf installation: copying telegraf config templates"
   # copy custom "telegraf.conf" template to the telegraf target dir
   # the telegraf inputs part goes into telegraf.d subdir
-  # this split into "telegraf.conf" and "telegraf.d/teöegraf_inputs.conf" is necessary
+  # this split into "telegraf.conf" and "telegraf.d/telegraf_inputs.conf" is necessary
   # as the the [[inputs.***]] part contains lines with the keywords
   # "urls", "database", "username" "password"
   # so the sed-replacement-part would get confused

home.admin/config.scripts/bonus.template.sh

@@ -202,7 +202,9 @@ if [ "$1" = "1" ] || [ "$1" = "on" ]; then
   echo "# download the source code & verify"
   sudo -u ${APPID} git clone ${GITHUB_REPO} /home/${APPID}/${APPID}
   cd /home/${APPID}/${APPID}
+  if [ "${GITHUB_TAG}" != "" ]; then
     sudo -u ${APPID} git reset --hard $GITHUB_TAG
+  fi
   if [ "${GITHUB_SIGN_AUTHOR}" != "" ]; then
     sudo -u ${APPID} /home/admin/config.scripts/blitz.git-verify.sh \
      "${GITHUB_SIGN_AUTHOR}" "${GITHUB_SIGN_PUBKEYLINK}" "${GITHUB_SIGN_FINGERPRINT}" "${GITHUB_TAG}" || exit 1
@@ -237,6 +239,7 @@ Wants=bitcoind
 After=bitcoind
 
 [Service]
+WorkingDirectory=/home/${APPID}
 Environment=\"HOME_PATH=/mnt/hdd/app-data/${APPID}\"
 ExecStartPre=-/home/admin/config.scripts/bonus.${APPID}.sh prestart
 ExecStart=/usr/bin/node /home/${APPID}/${APPID}/${APPID}
@@ -327,10 +330,17 @@ server {
   # mark app as installed in raspiblitz config
   /home/admin/config.scripts/blitz.conf.sh set ${APPID} "on"
 
-  # start app up thru systemd
+  # enable app up thru systemd
   sudo systemctl enable ${APPID}
+  echo "# OK - the ${APPID}.service is now enabled"
+
+  # start app (only when blitz is ready)
+  source <(/home/admin/_cache.sh get state)
+  if [ "${state}" == "ready" ]; then
     sudo systemctl start ${APPID}
-  echo "# OK - the ${APPID}.service is now enabled & started"
+    echo "# OK - the ${APPID}.service is now started"
+  fi
+
   echo "# Monitor with: sudo journalctl -f -u ${APPID}"
   exit 0
 
@@ -422,6 +432,9 @@ if [ "$1" = "0" ] || [ "$1" = "off" ]; then
   sudo ufw deny "${PORT_CLEAR}"
   sudo ufw deny "${PORT_SSL}"
 
+  echo "# delete user"
+  sudo userdel -rf ${APPID}
+
   echo "# removing Tor hidden service (if active)"
   /home/admin/config.scripts/tor.onion-service.sh off ${APPID}
 

home.admin/config.scripts/cl-plugin.backup.sh

@@ -16,8 +16,7 @@ function help(){
 }
 
 # https://github.com/lightningd/plugins/commits/master/backup
-# use the version beore the migration to poetry
+pinnedVersion="30003279e35e5931fc85d7e6211ea4de6f9554d7"
-pinnedVersion="4d3560b129b12cba0381fff0b1e30ac32ef84106"
 
 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
@@ -38,14 +37,21 @@ function install() {
   sudo -u bitcoin git pull
   sudo -u bitcoin git reset --hard ${pinnedVersion} || exit 1
 
-  if [ $($lightningcli_alias plugin list 2>/dev/null | grep -c "${plugin}") -eq 0 ];then
+  if [ $($lightningcli_alias plugin list 2>/dev/null | grep -c "/${plugin}") -eq 0 ]; then
     echo "# Checking dependencies"
-    sudo -u bitcoin pip install --user -r ${plugindir}/${plugin}/requirements.txt 1>/dev/null
+    # upgrade pip
-      if [ $(echo $PATH | grep -c "/home/bitcoin/.local/bin") -eq 0 ];then
+    sudo pip3 install --upgrade pip
-        export PATH=$PATH:/home/bitcoin/.local/bin
+
-        echo "PATH=\$PATH:/home/bitcoin/.local/bin" | sudo tee -a /etc/profile
+    # pip dependencies
-      fi
+    sudo -u bitcoin pip3 install pyln-client tqdm
+
+    # poetry
+    sudo pip3 install poetry || exit 1
+    cd ${plugindir}/backup/ || exit 1
+    sudo -u bitcoin poetry install
+
     sudo chmod +x ${plugindir}/${plugin}/${plugin}.py
+
     # symlink to the default plugin dir
     if [ ! -L /home/bitcoin/${netprefix}cl-plugins-enabled/backup.py ]; then
       sudo ln -s ${plugindir}/backup/backup.py \
@@ -72,19 +78,22 @@ if [ "$1" = on ];then
   fi
 
   # always re-init plugin
-  if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/backup.lock; then
+  if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/backup.lock 2>/dev/null; then
     sudo rm /home/bitcoin/.lightning/${CLNETWORK}/backup.lock
   fi
   # https://github.com/lightningd/plugins/tree/master/backup#setup
   echo "# Initialize the backup plugin"
-  sudo -u bitcoin ${plugindir}/backup/backup-cli init\
+  cd ${plugindir}/backup/ || exit 1
-   --lightning-dir /home/bitcoin/.lightning/${CLNETWORK} \
+  sudo -u bitcoin poetry run ./backup-cli init --lightning-dir /home/bitcoin/.lightning/${CLNETWORK} \
     file:///home/bitcoin/${netprefix}lightningd.sqlite3.backup
 
   if [ $(crontab -u admin -l | grep -c "backup-compact $CHAIN") -eq 0 ]; then
     echo "Add weekly backup-compact as a cronjob"
     cronjob="@weekly /home/admin/config.scripts/cl-plugin.backup.sh backup-compact $CHAIN"
-    (crontab -u admin -l; echo "$cronjob" ) | crontab -u admin -
+    (
+      crontab -u admin -l
+      echo "$cronjob"
+    ) | crontab -u admin -
   fi
   echo "# The crontab for admin now is:"
   crontab -u admin -l
@@ -96,8 +105,9 @@ if [ "$1" = on ];then
     echo "# Started the ${netprefix}lightningd.service"
   fi
 
-
+elif
-elif [ "$1" = off ]; then
+  [ "$1" = off ]
+then
   echo "# Removing the backup plugin"
   sudo rm -f /home/bitcoin/${netprefix}cl-plugins-enabled/backup.py
   echo "# Backup the existing old backup on the SDcard"
@@ -107,8 +117,9 @@ elif [ "$1" = off ]; then
   echo "# Removing the backup.lock file"
   sudo rm -f /home/bitcoin/.lightning/${CLNETWORK}/backup.lock
 
-
+elif
-elif [ "$1" = restore ];then
+  [ "$1" = restore ]
+then
 
   install
 
@@ -118,7 +129,7 @@ elif [ "$1" = restore ];then
     sudo systemctl stop ${netprefix}lightningd
 
     # https://github.com/lightningd/plugins/tree/master/backup#restoring-a-backup
-    # ./backup-cli restore file:///mnt/external/location ~/.lightning/bitcoin/lightningd.sqlite3
+    # poetry run ./backup-cli restore file:///mnt/external/location ~/.lightning/bitcoin/lightningd.sqlite3
 
     # make sure to not overwrite old database
     if sudo ls /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3; then
@@ -132,7 +143,8 @@ elif [ "$1" = restore ];then
     fi
 
     # restore
-    sudo -u bitcoin ${plugindir}/backup/backup-cli restore \
+    cd ${plugindir}/backup/ || exit 1
+    sudo -u bitcoin poetry run ./backup-cli restore \
       file:///home/bitcoin/${netprefix}lightningd.sqlite3.backup \
       /home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3
 
@@ -143,8 +155,9 @@ elif [ "$1" = restore ];then
     fi
   fi
 
-
+elif
-elif [ "$1" = backup-compact ];then
+  [ "$1" = backup-compact ]
+then
   # https://github.com/lightningd/plugins/tree/master/backup#performing-backup-compaction
   dbPath="/home/bitcoin/.lightning/${CLNETWORK}/lightningd.sqlite3"
   backupPath="/home/bitcoin/${netprefix}lightningd.sqlite3.backup"

home.admin/config.scripts/cl-plugin.cln-grpc.sh

@@ -35,6 +35,8 @@ function buildGRPCplugin() {
       echo "# - install Core Lightning ..."
       /home/admin/config.scripts/cl.install.sh install || exit 1
     fi
+    echo "# install dependencies"
+    sudo apt-get install protobuf-compiler -y
     echo "# rust for cln-grpc, includes rustfmt"
     sudo -u bitcoin curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sudo -u bitcoin sh -s -- -y
     cd /home/bitcoin/lightning/plugins/grpc-plugin || exit 1
@@ -61,7 +63,7 @@ function switchOn() {
     # symlink to plugin directory
     echo "# symlink cln-grpc to /home/bitcoin/${netprefix}cl-plugins-enabled/"
     # delete old symlink
-    sudo rm /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc
+    sudo rm -f /home/bitcoin/${netprefix}cl-plugins-enabled/cln-grpc
     sudo ln -s /home/bitcoin/cl-plugins-available/cln-grpc /home/bitcoin/${netprefix}cl-plugins-enabled/
 
     # blitz.conf.sh set [key] [value] [?conffile] <noquotes>

home.admin/config.scripts/cl-plugin.standard-python.sh

@@ -43,7 +43,7 @@ if [ "$1" = "on" ];then
     fi
 
   else
-    if [ $($lightningcli_alias | grep -c "${plugin}") -eq 0 ];then
+    if [ $($lightningcli_alias | grep -c "/${plugin}") -eq 0 ]; then
       echo "# Just start the ${plugin} plugin"
       sudo -u bitcoin pip install -r /home/bitcoin/cl-plugins-available/plugins/${plugin}/requirements.txt
       $lightningcli_alias plugin start /home/bitcoin/cl-plugins-available/plugins/${plugin}/${plugin}.py

home.admin/config.scripts/cl.backup.sh

@@ -188,9 +188,9 @@ if [ ${mode} = "cl-export-gui" ]; then
   echo "*******************************************"
   echo 
   echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
-  echo "sftp '${fileowner}@${localip}:${filename}' ./"
+  echo "scp '${fileowner}@${localip}:${filename}' ./"
   echo "ON WINDOWS - RUN IN CMD:"
-  echo "sftp ${fileowner}@${localip}:${filename} ."
+  echo "scp ${fileowner}@${localip}:${filename} ."
   echo
   echo "Use password A to authenticate file transfer."
   echo "Check for correct file size after transfer: ${size} byte"
@@ -291,7 +291,7 @@ if [ ${mode} = "cl-import-gui" ]; then
       echo "To make upload open a new terminal on your laptop,"
       echo "change into the directory where your cl-rescue file is and"
       echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp -r ./cl-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp -r ./cl-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
       echo
       echo "Use ${passwordInfo} to authenticate file transfer."
       echo "PRESS ENTER when upload is done"

home.admin/config.scripts/cl.install.sh

@@ -2,16 +2,20 @@
 # https://lightning.readthedocs.io/
 
 # https://github.com/ElementsProject/lightning/releases
-CLVERSION=v22.11.1
+CLVERSION=v23.02.2
 
 # install the latest master by using the last commit id
 # https://github.com/ElementsProject/lightning/commit/master
 # CLVERSION="063366ed7e3b7cc12a8d1681acc2b639cf07fa23"
 
+# PGPsigner="endothermicdev"
+# PGPpubkeyLink="https://github.com/${PGPsigner}.gpg"
+# PGPpubkeyFingerprint="8F55EE750D950E3E"
+
 # https://github.com/ElementsProject/lightning/tree/master/contrib/keys
-PGPsigner="cdecker" # rustyrussel D9200E6CD1ADB8F1 # cdecker A26D6D9FE088ED58 # niftynei BFF0F67810C1EED1
+PGPsigner="rustyrussell" # rustyrussell D9200E6CD1ADB8F1 # cdecker A26D6D9FE088ED58 # niftynei BFF0F67810C1EED1 # endothermicdev 8F55EE750D950E3E
 PGPpubkeyLink="https://raw.githubusercontent.com/ElementsProject/lightning/master/contrib/keys/${PGPsigner}.txt"
-PGPpubkeyFingerprint="A26D6D9FE088ED58"
+PGPpubkeyFingerprint="D9200E6CD1ADB8F1"
 
 # help
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
@@ -30,8 +34,7 @@ if [ $# -eq 0 ]||[ "$1" = "-h" ]||[ "$1" = "--help" ];then
   exit 1
 fi
 
-function installDependencies()
+function installDependencies() {
-{
   echo "- installDependencies()"
   # from https://lightning.readthedocs.io/INSTALL.html#to-build-on-ubuntu
   sudo apt-get install -y \
@@ -44,16 +47,15 @@ function installDependencies()
   sudo pip3 install --upgrade pip
   sudo -u bitcoin pip install mako
   # poetry
-  sudo -u bitcoin pip3 install --user poetry
+  sudo pip3 install poetry
-  if ! grep -Eq '^PATH="$HOME/.local/bin:$PATH"' /mnt/hdd/raspiblitz.conf; then
+  if ! grep -Eq '^PATH="$HOME/.local/bin:$PATH"' /home/bitcoin/.profile; then
     echo 'PATH="$HOME/.local/bin:$PATH"' | sudo tee -a /home/bitcoin/.profile
   fi
   export PATH="home/bitcoin/.local/bin:$PATH"
-  sudo -u bitcoin /home/bitcoin/.local/bin/poetry install
+  sudo -u bitcoin poetry install
 }
 
-function buildAndInstallCLbinaries()
+function buildAndInstallCLbinaries() {
-{
   echo "- Configuring EXPERIMENTAL_FEATURES enabled"
   echo
   sudo -u bitcoin ./configure --enable-experimental-features
@@ -116,68 +118,9 @@ if [ "$1" = "install" ]; then
   # check if the binary is already installed
   if [ -f /usr/local/bin/lightningd ]; then
     echo "Core Lightning binary already installed - done"
-    exit 1
+    exit 0
   fi
 
-## Download and verify zip
-#  # prepare download dir
-#  sudo rm -rf /home/bitcoin/download
-#  sudo -u bitcoin mkdir -p /home/bitcoin/download
-#  cd /home/bitcoin/download || exit 1
-#
-#  sudo -u bitcoin wget -O "pgp_keys.asc" ${PGPpubkeyLink}
-#  sudo -u bitcoin gpg --import --import-options show-only ./pgp_keys.asc
-#  fingerprint=$(gpg "pgp_keys.asc" 2>/dev/null | grep "${PGPpubkeyFingerprint}" -c)
-#  if [ ${fingerprint} -lt 1 ]; then
-#    echo
-#    echo "# WARNING --> the PGP fingerprint is not as expected for ${PGPsigner}"
-#    echo "Should contain PGP: ${PGPpubkeyFingerprint}"
-#    echo "PRESS ENTER to TAKE THE RISK if you think all is OK"
-#    read key
-#  fi
-#  sudo -u bitcoin gpg --import ./pgp_keys.asc
-#
-#  sudo -u bitcoin wget https://github.com/ElementsProject/lightning/releases/download/${CLVERSION}/SHA256SUMS
-#  sudo -u bitcoin wget https://github.com/ElementsProject/lightning/releases/download/${CLVERSION}/SHA256SUMS.asc
-#
-#  verifyResult=$(LANG=en_US.utf8; sudo -u bitcoin gpg --verify SHA256SUMS.asc 2>&1)
-#
-#  goodSignature=$(echo ${verifyResult} | grep 'Good signature' -c)
-#  echo "goodSignature(${goodSignature})"
-#  correctKey=$(echo ${verifyResult} | tr -d " \t\n\r" | grep "${PGPpubkeyFingerprint}" -c)
-#  echo "correctKey(${correctKey})"
-#  if [ ${correctKey} -lt 1 ] || [ ${goodSignature} -lt 1 ]; then
-#    echo
-#    echo "# DOWNLOAD FAILED --> PGP verification not OK / signature(${goodSignature}) verify(${correctKey})"
-#    exit 1
-#  else
-#    echo
-#    echo "****************************************************************"
-#    echo "OK --> the PGP signature of the Core Lightning SHA256SUMS is correct"
-#    echo "****************************************************************"
-#    echo
-#  fi
-#
-#  sudo -u bitcoin wget https://github.com/ElementsProject/lightning/releases/download/${CLVERSION}/clightning-${CLVERSION}.zip
-#
-#  hashCheckResult=$(sha256sum -c SHA256SUMS 2>&1)
-#  goodHash=$(echo ${hashCheckResult} | grep 'OK' -c)
-#  echo "goodHash(${goodHash})"
-#  if [ ${goodHash} -lt 1 ]; then
-#    echo
-#    echo "# BUILD FAILED --> Hash check not OK"
-#    exit 1
-#  else
-#    echo
-#    echo "********************************************************************"
-#    echo "OK --> the hash of the downloaded Core Lightning source code is correct"
-#    echo "********************************************************************"
-#    echo
-#  fi
-#
-#  sudo -u bitcoin unzip clightning-${CLVERSION}.zip
-#  cd clightning-${CLVERSION} || exit 1
-
   # download and verify the source from github
   cd /home/bitcoin || exit 1
   echo
@@ -284,8 +227,10 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
 
     installDependencies
 
-    currentCLversion=$(cd /home/bitcoin/lightning 2>/dev/null; \
+    currentCLversion=$(
-    git describe --tags 2>/dev/null)
+      cd /home/bitcoin/lightning 2>/dev/null
+      git describe --tags 2>/dev/null
+    )
     echo "# Building from source Core Lightning $currentCLversion"
 
     buildAndInstallCLbinaries
@@ -296,7 +241,7 @@ if [ "$1" = on ]||[ "$1" = update ]||[ "$1" = testPR ];then
   ##########
 
   # make sure binary is installed (will skip if already done)
-  /home/admin/config.scripts/cl.install.sh install
+  /home/admin/config.scripts/cl.install.sh install || exit 1
 
   echo "# Make sure bitcoin is in the ${TORGROUP} group"
   sudo usermod -a -G ${TORGROUP} bitcoin
@@ -364,7 +309,9 @@ always-use-proxy=true
   #############
   echo
   echo "# Set logrotate for ${netprefix}lightningd"
+  if ! sudo ls /home/bitcoin/.lightning/${CLNETWORK}/cl.log_old; then
     sudo -u bitcoin mkdir /home/bitcoin/.lightning/${CLNETWORK}/cl.log_old
+  fi
   echo "\
 /home/bitcoin/.lightning/${CLNETWORK}/cl.log
 {
@@ -376,10 +323,6 @@ always-use-proxy=true
         notifempty
         nocompress
         sharedscripts
-        # We don't need to kill as we use copytruncate
-        #postrotate
-        #        kill -HUP \`cat /run/lightningd/lightningd.pid\'
-        #endscript
         su bitcoin bitcoin
 }" | sudo tee /etc/logrotate.d/${netprefix}lightningd
   # debug:
@@ -387,7 +330,7 @@ always-use-proxy=true
 
   echo
   sudo -u admin touch /home/admin/_aliases
-  if ! grep -Eq "${netprefix}lightning-cli" /home/admin/_aliases; then
+  if ! grep -Eq "^alias ${netprefix}lightning-cli" /home/admin/_aliases; then
     echo "# Adding aliases"
     echo "\
 alias ${netprefix}lightning-cli=\"sudo -u bitcoin /usr/local/bin/lightning-cli\
@@ -396,8 +339,7 @@ alias ${netprefix}cl=\"sudo -u bitcoin /usr/local/bin/lightning-cli\
  --conf=${CLCONF}\"
 alias ${netprefix}cllog=\"sudo\
  tail -n 30 -f /home/bitcoin/.lightning/${CLNETWORK}/cl.log\"
-alias ${netprefix}clconf=\"sudo\
+alias ${netprefix}clconf=\"sudo nano ${CLCONF}\"
- nano ${CLCONF}\"
 " | sudo tee -a /home/admin/_aliases
     sudo chown admin:admin /home/admin/_aliases
   fi
@@ -432,6 +374,7 @@ alias ${netprefix}clconf=\"sudo\
   fi
 
   # if this is the first lightning mainnet turned on - make default
+  [ "${lightning}" == "none" ] && lightning=""
   if [ "${CHAIN}" == "mainnet" ] && [ "${lightning}" == "" ]; then
     echo "# CL is now the default lightning implementation"
     /home/admin/config.scripts/blitz.conf.sh set lightning cl
@@ -466,8 +409,7 @@ if [ "$1" = "display-seed" ]; then
     #echo "# seedwords6x4(${seedwords6x4})"
     if [ ${#seedwords6x4} -gt 0 ]; then
       ack=0
-      while [ ${ack} -eq 0 ]
+      while [ ${ack} -eq 0 ]; do
-      do
         whiptail --title "Core Lightning ${displayNetwork} Wallet" \
           --msgbox "This is your Core Lightning ${displayNetwork} wallet seed. Store these numbered words in a safe location:\n\n${seedwords6x4}" 13 76
         whiptail --title "Please Confirm" --yes-button "Show Again" --no-button "CONTINUE" --yesno "  Are you sure that you wrote down the word list?" 8 55

home.admin/config.scripts/cl.rest.sh

@@ -1,18 +1,18 @@
 #!/bin/bash
 
 # https://github.com/Ride-The-Lightning/c-lightning-REST/releases/
-CLRESTVERSION="v0.9.0"
+CLRESTVERSION="v0.10.2"
 
 # help
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
-  echo
   echo "Core-Lightning-REST install script"
   echo "The default version is: $CLRESTVERSION"
   echo "mainnet | testnet | signet instances can run parallel"
   echo
   echo "Usage:"
-  echo "cl.rest.sh [on|off|connect] <mainnet|testnet|signet> [?key-value]"
+  echo "cl.rest.sh on <mainnet|testnet|signet>"
-  echo
+  echo "cl.rest.sh connect <mainnet|testnet|signet> [?key-value]"
+  echo "cl.rest.sh off <mainnet|testnet|signet> <purge>"
   exit 1
 fi
 
@@ -163,7 +163,7 @@ if [ "$1" = on ]; then
     \"RPCCOMMANDS\": [\"*\"]
 }" | sudo -u bitcoin tee ./${CLNETWORK}/cl-rest-config.json
 
-  # copy clrest to a CLNETWORK subdor to make parallel networks possible
+  # copy clrest to a CLNETWORK subdir to make parallel networks possible
   sudo -u bitcoin mkdir /home/bitcoin/c-lightning-REST/${CLNETWORK}
   sudo -u bitcoin cp -r /home/bitcoin/c-lightning-REST/* \
     /home/bitcoin/c-lightning-REST/${CLNETWORK}

home.admin/config.scripts/internet.sh

@@ -134,7 +134,7 @@ if [ ${runOnline} -eq 1 ]; then
   fi
   if [ ${online} -eq 0 ]; then
     # test with netcat to avoid firewall issues with ICMP packets
-    online=$(nc -v -z -w 8.8.8.8 53 &> /dev/null && echo "1" || echo "0")
+    online=$(nc -v -z -w 3 8.8.8.8 53 &> /dev/null && echo "1" || echo "0")
   fi
   if [ ${online} -eq 0 ]; then
     # re-test with other server

home.admin/config.scripts/lnd.backup.sh

@@ -198,9 +198,9 @@ if [ ${mode} = "lnd-export-gui" ]; then
   echo "********************************"
   echo 
   echo "ON YOUR MAC & LINUX LAPTOP - RUN IN NEW TERMINAL:"
-  echo "sftp '${fileowner}@${localip}:${filename}' ./"
+  echo "scp '${fileowner}@${localip}:${filename}' ./"
   echo "ON WINDOWS - RUN IN CMD:"
-  echo "sftp ${fileowner}@${localip}:${filename} ."
+  echo "scp ${fileowner}@${localip}:${filename} ."
   echo "Use password A to authenticate file transfer."
   echo
   echo "Check for correct file size after transfer: ${size} byte"
@@ -299,7 +299,7 @@ if [ ${mode} = "lnd-import-gui" ]; then
       echo "To make upload open a new terminal on your laptop,"
       echo "change into the directory where your lnd-rescue file is and"
       echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp -r ./lnd-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp -r ./lnd-rescue-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
       echo
       echo "Use ${passwordInfo} to authenticate file transfer."
       echo "PRESS ENTER when upload is done"
@@ -413,7 +413,7 @@ if [ ${mode} = "scb-export-gui" ]; then
   echo "**************************************"
   echo 
   echo "RUN THE FOLLOWING COMMAND ON YOUR LAPTOP IN NEW TERMINAL:"
-  echo "sftp -r ${fileuser}@${localip}:${filename} ./"
+  echo "scp -r ${fileuser}@${localip}:${filename} ./"
   echo ""
   echo "Use password A to authenticate file transfer."
   echo
@@ -492,7 +492,7 @@ if [ ${mode} = "scb-import-gui" ]; then
       echo "To make upload open a new terminal and change,"
       echo "into the directory where your lnd-rescue file is and"
       echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp ./channel.backup ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp ./channel.backup ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
       echo ""
       echo "Use ${passwordInfo} to authenticate file transfer."
       echo "PRESS ENTER when upload is done."

home.admin/config.scripts/lnd.export.sh

@@ -154,10 +154,10 @@ elif [ "${exportType}" = "sftp" ]; then
   echo "The password needed during download is your Password A."
   echo ""
   echo "Macaroons:"
-  echo "sftp bitcoin@${local_ip}:/home/bitcoin/.lnd/data/chain/${network}/${chain}net/\*.macaroon ./"
+  echo "scp bitcoin@${local_ip}:/home/bitcoin/.lnd/data/chain/${network}/${chain}net/\*.macaroon ./"
   echo ""
   echo "TLS Certificate:"
-  echo "sftp bitcoin@${local_ip}:/home/bitcoin/.lnd/tls.cert ./"
+  echo "scp bitcoin@${local_ip}:/home/bitcoin/.lnd/tls.cert ./"
   echo ""
 
 ###########################

home.admin/config.scripts/lnd.install.sh

@@ -4,17 +4,17 @@
 ## based on https://raspibolt.github.io/raspibolt/raspibolt_40_lnd.html#lightning-lnd
 ## see LND releases: https://github.com/lightningnetwork/lnd/releases
 ### If you change here - make sure to also change interims version in lnd.update.sh #!
-lndVersion="0.15.5-beta"
+lndVersion="0.16.0-beta"
 
 # olaoluwa
-PGPauthor="roasbeef"
+#PGPauthor="roasbeef"
-PGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"
+#PGPpkeys="https://keybase.io/roasbeef/pgp_keys.asc"
-PGPcheck="E4D85299674B2D31FAA1892E372CBD7633C61696"
+#PGPcheck="E4D85299674B2D31FAA1892E372CBD7633C61696"
 
 # guggero
-#PGPauthor="guggero"
+PGPauthor="guggero"
-#PGPpkeys="https://keybase.io/guggero/pgp_keys.asc"
+PGPpkeys="https://keybase.io/guggero/pgp_keys.asc"
-#PGPcheck="F4FC70F07310028424EFC20A8E4256593F177720"
+PGPcheck="F4FC70F07310028424EFC20A8E4256593F177720"
 
 # bitconner
 #PGPauthor="bitconner"

home.admin/config.scripts/lndlibs/README.md

@@ -21,7 +21,7 @@ cp ./*.proto ./protobuffs
 
 Now copy the generated RPC libs per SFTP over to your Laptop and add them to the `/home/admin/config.scripts/lndlibs`.
 
-sftp -r admin@192.168.X.X:/home/admin/protobuffs ./protobuffs
+scp -r admin@192.168.X.X:/home/admin/protobuffs ./protobuffs
 
 Make sure the first lines (ignore comments) of the `lightning_pb2_grpc.py` look like the following for python3 compatibility:
 ```

home.admin/setup.scripts/dialogMigration.sh

@@ -55,7 +55,7 @@ if [ "${migrationOS}" == "raspiblitz" ]; then
       echo "ON YOUR LAPTOP open a new terminal and change into"
       echo "the directory where your migration file is and"
       echo "COPY, PASTE AND EXECUTE THE FOLLOWING COMMAND:"
-      echo "sftp -r ./raspiblitz-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
+      echo "scp -r ./raspiblitz-*.tar.gz ${defaultUploadUser}@${localip}:${defaultUploadPath}/"
       echo ""
       echo "Use password 'raspiblitz' to authenticate file transfer."
       echo "PRESS ENTER when upload is done."