From 5f33c94f09887f5a348510b75b6d480dee711c2e Mon Sep 17 00:00:00 2001 From: openoms <43343391+openoms@users.noreply.github.com> Date: Tue, 16 Jan 2024 10:50:40 +0100 Subject: [PATCH] clrest: preserve certs in app-data for new install (#4328) * clrest: preserve certs in app-data for new install * add symlink-to-appdata options, add config entry --- home.admin/config.scripts/cl.rest.sh | 49 ++++++++++++++++++++++++---- 1 file changed, 43 insertions(+), 6 deletions(-) diff --git a/home.admin/config.scripts/cl.rest.sh b/home.admin/config.scripts/cl.rest.sh index e7f01255..b0184485 100644 --- a/home.admin/config.scripts/cl.rest.sh +++ b/home.admin/config.scripts/cl.rest.sh @@ -14,6 +14,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ]; then echo "cl.rest.sh connect [?key-value]" echo "cl.rest.sh off " echo "cl.rest.sh update " + echo "cl.rest.sh symlink-to-appdata " exit 1 fi @@ -30,6 +31,24 @@ source <(/home/admin/config.scripts/network.aliases.sh getvars cl $2) echo "# Running 'cl.rest.sh $*'" +function symlinkToAppData() { + # symlink the certs directory to the c-lightning-REST directory + echo "# Symlinking the certs directory from app-data" + if sudo ls /mnt/hdd/app-data/c-lightning-REST/${CLNETWORK}/certs 2>/dev/null; then + # remove the symlink and recreate it if app-data exists + sudo rm -rf /home/bitcoin/c-lightning-REST/${CLNETWORK}/certs + else + # create the app-data directory and move the certs directory there + sudo mkdir -p /mnt/hdd/app-data/c-lightning-REST/${CLNETWORK}/certs 2>/dev/null + sudo mv /home/bitcoin/c-lightning-REST/${CLNETWORK}/certs \ + /mnt/hdd/app-data/c-lightning-REST/${CLNETWORK}/certs + fi + sudo ln -s /mnt/hdd/app-data/c-lightning-REST/${CLNETWORK}/certs \ + /home/bitcoin/c-lightning-REST/${CLNETWORK}/ + sudo chmod -R 700 /mnt/hdd/app-data/c-lightning-REST + sudo chown -R bitcoin:bitcoin /mnt/hdd/app-data/c-lightning-REST +} + if [ "$1" = connect ]; then if ! systemctl is-active --quiet ${netprefix}clrest; then /home/admin/config.scripts/cl.rest.sh on ${CHAIN} @@ -42,9 +61,9 @@ if [ "$1" = connect ]; then /home/admin/config.scripts/tor.onion-service.sh ${netprefix}clrest 443 ${portprefix}6100 1>/dev/null toraddress=$(sudo cat /mnt/hdd/tor/${netprefix}clrest/hostname) - hex_macaroon=$(xxd -plain /home/bitcoin/c-lightning-REST/${CLNETWORK}/certs/access.macaroon | tr -d '\n') + hex_macaroon=$(sudo -u bitcoin xxd -plain /home/bitcoin/c-lightning-REST/${CLNETWORK}/certs/access.macaroon | tr -d '\n') url="https://${localip}:${portprefix}6100/" - lndconnect="lndconnect://${toraddress}:443?macaroon=${hex_macaroon}" + # lndconnect="lndconnect://${toraddress}:443?macaroon=${hex_macaroon}" # c-lightning-rest://http://your_hidden_service.onion:your_port?&macaroon=your_macaroon_file_in_HEX&protocol=http clrestlan="c-lightning-rest://${localip}:${portprefix}6100?&macaroon=${hex_macaroon}&protocol=http" clresttor="c-lightning-rest://${toraddress}:443?&macaroon=${hex_macaroon}&protocol=http" @@ -58,6 +77,7 @@ if [ "$1" = connect ]; then fi # deactivated + # shellcheck disable=SC2317 function showStepByStepQR() { clear echo @@ -76,7 +96,7 @@ if [ "$1" = connect ]; then echo "REST Port: ${portprefix}6100" echo echo "# Press enter to continue to show the Macaroon" - read key + read -r sudo /home/admin/config.scripts/blitz.display.sh hide sudo /home/admin/config.scripts/blitz.display.sh qr "${hex_macaroon}" clear @@ -89,7 +109,7 @@ if [ "$1" = connect ]; then qrencode -t ANSIUTF8 "${hex_macaroon}" echo echo "# Press enter to hide the QRcode from the LCD" - read key + read -r sudo /home/admin/config.scripts/blitz.display.sh hide exit 0 } @@ -108,7 +128,7 @@ if [ "$1" = connect ]; then qrencode -t ANSIUTF8 "${clresttor}" echo echo "# Press enter to show the string to connect over LAN" - read key + read -r sudo /home/admin/config.scripts/blitz.display.sh hide sudo /home/admin/config.scripts/blitz.display.sh qr "${clrestlan}" clear @@ -124,7 +144,7 @@ if [ "$1" = connect ]; then qrencode -t ANSIUTF8 "${clrestlan}" echo echo "# Press enter to hide the QRcode from the LCD" - read key + read -r sudo /home/admin/config.scripts/blitz.display.sh hide exit 0 } @@ -157,6 +177,8 @@ if [ "$1" = on ]; then sudo -u bitcoin cp -r /home/bitcoin/c-lightning-REST/* \ /home/bitcoin/c-lightning-REST/${CLNETWORK} + symlinkToAppData + echo " { \"PORT\": ${portprefix}6100, @@ -202,6 +224,9 @@ WantedBy=multi-user.target else echo "# OK - the clrest.service is enabled, to start manually use: 'sudo systemctl start clrest'" fi + + /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clrest "on" + echo echo "# Monitor with:" echo "sudo journalctl -fu clrest" @@ -221,6 +246,7 @@ if [ "$1" = off ]; then echo "# Removing the source code and binaries" sudo rm -rf /home/bitcoin/c-lightning-REST fi + /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clrest "off" exit 0 fi @@ -239,6 +265,9 @@ if [ "$1" = "update" ]; then echo "# You are up-to-date on version" "$TAG" else sudo systemctl stop ${netprefix}clrest + + symlinkToAppData + echo "# Pulling latest changes..." sudo -u bitcoin git pull -p echo "# Reset to the latest release tag" @@ -258,6 +287,9 @@ if [ "$1" = "update" ]; then exit 1 fi echo "# Updated to version" "$TAG" + + /home/admin/config.scripts/blitz.conf.sh set ${netprefix}clrest "on" + echo echo "# Starting the ${netprefix}clrest service ..." sudo systemctl start ${netprefix}clrest @@ -266,5 +298,10 @@ if [ "$1" = "update" ]; then exit 0 fi +if [ "$1" = "symlink-to-appdata" ]; then + symlinkToAppData + exit 0 +fi + echo "# FAIL - Unknown Parameter $1" exit 1