#2074 remove docker install

updated torrent v1.11.1-fat
#4643 get codeversion directly from file (#4674 )
2025-05-12 19:20:48 +02:00 · 2024-08-06 20:01:15 +02:00 · 2024-08-05 18:09:00 +02:00 · 2024-07-31 16:39:55 +02:00 · 2024-07-31 15:29:57 +02:00 · 2024-07-29 20:22:02 +02:00
312 changed files with 259537 additions and 238777 deletions
--- a/.github/ISSUE_TEMPLATE/bug_report.md
+++ b/.github/ISSUE_TEMPLATE/bug_report.md
@ -0,0 +1,17 @@
+---
+name: Bug report
+about: Create a bug report to help us improve
+title: ''
+labels: 'bug - unconfirmed'
+assignees: ''
+---
+
+**Describe the bug**
+A clear and concise description about the issue you encounter.
+
+**To Reproduce**
+Steps to reproduce the behavior.
+
+**Debug file**
+
+If possible, please add a debug report. To do that, drag a text file with the debug report in here.
--- a/.github/ISSUE_TEMPLATE/config.yml
+++ b/.github/ISSUE_TEMPLATE/config.yml
@ -0,0 +1,4 @@
+contact_links:
+  - name: Have an idea for a new app in the RaspiBlitz? Make a suggestion in the app ideas section
+    url: https://github.com/raspiblitz/raspiblitz/discussions/categories/feature-app-ideas
+    about: Feature and app ideas
--- a/.github/ISSUE_TEMPLATE/documentation_improvement.md
+++ b/.github/ISSUE_TEMPLATE/documentation_improvement.md
@ -0,0 +1,7 @@
+---
+name: Documentation Improvement
+about: Improvement suggestions for the documentation
+title: ''
+labels: 'documentation'
+assignees: ''
+---
--- a/.github/ISSUE_TEMPLATE/feature_request.md
+++ b/.github/ISSUE_TEMPLATE/feature_request.md
@ -0,0 +1,7 @@
+---
+name: Feature Request
+about: Enhancement suggestions for the RaspiBlitz
+title: ''
+labels: 'enhancement'
+assignees: ''
+---
--- a/.github/workflows/amd64-fatpack-image.yml
+++ b/.github/workflows/amd64-fatpack-image.yml
@ -1,9 +1,13 @@
 name: amd64-fatpack-image-build

+concurrency:
+  group: amd64-fatpack-image-build-${{ github.head_ref }}
+  cancel-in-progress: true
+
 on:
  workflow_dispatch:
  #push:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
+  #  branches: ["dev", "v1.10"]
  #  paths:
  #    - 'build_sdcard.sh'
  #    - 'home.admin/bitcoin.install.sh'
@ -24,7 +28,7 @@ on:
  #    - 'home.admin/blitz.display.sh'
  #    - 'ci/amd64/**'
  #pull_request:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
+  #  branches: ["dev", "v1.10"]
  #  paths:
  #    - 'build_sdcard.sh'
  #    - 'home.admin/bitcoin.install.sh'
@ -49,20 +53,32 @@ jobs:
  amd64-image-build:
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
+          if [ -z "$GITHUB_HEAD_REF" ]; then
+            echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+          else
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "GITHUB_USER=${{github.event.pull_request.head.repo.owner.login}}" >> $GITHUB_OUTPUT
+          else
+            echo "GITHUB_USER=$(echo ${{github.repository}} | cut -d'/' -f1)" >> $GITHUB_OUTPUT
+          fi

-      - name: Hello RaspiBlitz
-        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}} at "
+      - name: Display the build name
+        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"

      - name: Run the build script
        run: |
+          echo "Using the variables: --pack fatpack --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop none"
          cd ci/amd64
-          bash packer.build.amd64-debian.sh fatpack $GITHUB_ACTOR $GITHUB_HEAD_REF
+          bash packer.build.amd64-debian.sh --pack fatpack --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop none

      - name: Compute checksum of the raw image
        run: |
@ -80,7 +96,7 @@ jobs:
          sha256sum raspiblitz-amd64-debian-fatpack.qcow2.gz > raspiblitz-amd64-debian-fatpack.qcow2.gz.sha256

      - name: Upload the image and checksums
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: raspiblitz-amd64-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}
          path: |
--- a/.github/workflows/amd64-lean-image.yml
+++ b/.github/workflows/amd64-lean-image.yml
@ -1,9 +1,13 @@
 name: amd64-lean-image-build

+concurrency:
+  group: amd64-lean-image-build-${{ github.head_ref }}
+  cancel-in-progress: true
+
 on:
  workflow_dispatch:
  push:
-    branches: [ "dev", "v1.8", "v1.9" ]
+    branches: ['dev', 'v1.10']
    paths:
      - 'build_sdcard.sh'
      - 'home.admin/bitcoin.install.sh'
@ -13,7 +17,7 @@ on:
      - 'home.admin/blitz.display.sh'
      - 'ci/amd64/**'
  pull_request:
-    branches: [ "dev", "v1.8", "v1.9" ]
+    branches: ['dev', 'v1.10']
    paths:
      - 'build_sdcard.sh'
      - 'home.admin/bitcoin.install.sh'
@ -27,20 +31,38 @@ jobs:
  amd64-image-build:
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/checkout@v3
+      - name: Maximize build space
+        uses: easimon/maximize-build-space@master
+        with:
+          root-reserve-mb: 12288
+          temp-reserve-mb: 12288
+
+      - uses: actions/checkout@v4

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
+          if [ -z "$GITHUB_HEAD_REF" ]; then
+            echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+          else
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "GITHUB_USER=${{github.event.pull_request.head.repo.owner.login}}" >> $GITHUB_OUTPUT
+          else
+            echo "GITHUB_USER=$(echo ${{github.repository}} | cut -d'/' -f1)" >> $GITHUB_OUTPUT
+          fi

-      - name: Hello RaspiBlitz
+      - name: Display the build name
        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"

      - name: Run the build script
        run: |
+          echo "Using the variables: --pack lean --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop gnome"
          cd ci/amd64
-          bash packer.build.amd64-debian.sh lean $GITHUB_ACTOR $GITHUB_HEAD_REF
+          bash packer.build.amd64-debian.sh	--pack lean --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot uefi --desktop gnome

      - name: Compute checksum of the raw image
        run: |
@ -58,7 +80,7 @@ jobs:
          sha256sum raspiblitz-amd64-debian-lean.qcow2.gz > raspiblitz-amd64-debian-lean.qcow2.gz.sha256

      - name: Upload the image and checksums
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: raspiblitz-amd64-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}
          path: |
--- a/.github/workflows/amd64-lean-legacyboot-image.yml
+++ b/.github/workflows/amd64-lean-legacyboot-image.yml
@ -0,0 +1,83 @@
+name: amd64-lean-legacyboot-image-build
+
+concurrency:
+  group: amd64-lean-legacyboot-image-build-${{ github.head_ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ['dev', 'v1.10']
+    paths:
+      - 'build_sdcard.sh'
+      - 'home.admin/bitcoin.install.sh'
+      - 'home.admin/tor.install.sh'
+      - 'home.admin/blitz.i2pd.sh'
+      - 'home.admin/blitz.web.sh'
+      - 'home.admin/blitz.display.sh'
+      - 'ci/amd64/**'
+  pull_request:
+    branches: ['dev', 'v1.10']
+    paths:
+      - 'build_sdcard.sh'
+      - 'home.admin/bitcoin.install.sh'
+      - 'home.admin/tor.install.sh'
+      - 'home.admin/blitz.i2pd.sh'
+      - 'home.admin/blitz.web.sh'
+      - 'home.admin/blitz.display.sh'
+      - 'ci/amd64/**'
+
+jobs:
+  amd64-image-build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set values
+        id: set_values
+        run: |
+          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
+          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
+          if [ -z "$GITHUB_HEAD_REF" ]; then
+            echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+          else
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "GITHUB_USER=${{github.event.pull_request.head.repo.owner.login}}" >> $GITHUB_OUTPUT
+          else
+            echo "GITHUB_USER=$(echo ${{github.repository}} | cut -d'/' -f1)" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Display the build name
+        run: echo "Building the raspiblitz-amd64-debian-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}"
+
+      - name: Run the build script
+        run: |
+          echo "Using the variables: --pack lean --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot bios --desktop none"
+          cd ci/amd64
+          bash packer.build.amd64-debian.sh	--pack lean --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --preseed_file preseed.cfg --boot bios --desktop none
+
+      - name: Compute checksum of the raw image
+        run: |
+          cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu
+          sha256sum raspiblitz-amd64-debian-lean.qcow2 > raspiblitz-amd64-debian-lean.qcow2.sha256
+
+      - name: Compress image
+        run: |
+          cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu
+          gzip -v9 raspiblitz-amd64-debian-lean.qcow2
+
+      - name: Compute checksum of the compressed image
+        run: |
+          cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu
+          sha256sum raspiblitz-amd64-debian-lean.qcow2.gz > raspiblitz-amd64-debian-lean.qcow2.gz.sha256
+
+      - name: Upload the image and checksums
+        uses: actions/upload-artifact@v4
+        with:
+          name: raspiblitz-amd64-image-${{env.BUILD_DATE}}-${{env.BUILD_VERSION}}
+          path: |
+            ${{github.workspace}}/ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2.sha256
+            ${{github.workspace}}/ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2.gz
+            ${{github.workspace}}/ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2.gz.sha256
--- a/.github/workflows/arm64-rpi-base-image.yml
+++ b/.github/workflows/arm64-rpi-base-image.yml
@ -0,0 +1,93 @@
+name: arm64-rpi-base-image-build
+
+concurrency:
+  group: arm64-rpi-base-image-build-${{ github.head_ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ['dev', 'v1.10', 'v1.11']
+    paths:
+      - 'build_sdcard.sh'
+      - 'home.admin/config.scripts/bitcoin.install.sh'
+      - 'home.admin/config.scripts/tor.install.sh'
+      - 'home.admin/config.scripts/blitz.i2pd.sh'
+      - 'home.admin/config.scripts/blitz.web.sh'
+      - 'home.admin/config.scripts/blitz.display.sh'
+      - 'ci/arm64-rpi/**'
+      - 'home.admin/config.scripts/bonus.btc-rpc-explorer.sh'
+      - 'home.admin/config.scripts/bonus.btcpayserver.sh'
+      - 'home.admin/config.scripts/bonus.jam.sh'
+      - 'home.admin/config.scripts/bonus.joinmarket.sh'
+      - 'home.admin/config.scripts/bonus.lnbits.sh'
+      - 'home.admin/config.scripts/bonus.mempool.sh'
+      - 'home.admin/config.scripts/bonus.nodejs.sh'
+      - 'home.admin/config.scripts/bonus.rtl.sh'
+      - 'home.admin/config.scripts/bonus.thunderhub.sh'
+      - 'home.admin/config.scripts/blitz.web.api.sh'
+      - 'home.admin/config.scripts/blitz.web.ui'
+  pull_request:
+    branches: ['dev', 'v1.10', 'v1.11']
+    paths:
+      - 'build_sdcard.sh'
+      - 'home.admin/config.scripts/bitcoin.install.sh'
+      - 'home.admin/config.scripts/tor.install.sh'
+      - 'home.admin/config.scripts/blitz.i2pd.sh'
+      - 'home.admin/config.scripts/blitz.web.sh'
+      - 'home.admin/config.scripts/blitz.display.sh'
+      - 'ci/arm64-rpi/**'
+      - 'home.admin/config.scripts/bonus.btc-rpc-explorer.sh'
+      - 'home.admin/config.scripts/bonus.btcpayserver.sh'
+      - 'home.admin/config.scripts/bonus.jam.sh'
+      - 'home.admin/config.scripts/bonus.joinmarket.sh'
+      - 'home.admin/config.scripts/bonus.lnbits.sh'
+      - 'home.admin/config.scripts/bonus.mempool.sh'
+      - 'home.admin/config.scripts/bonus.nodejs.sh'
+      - 'home.admin/config.scripts/bonus.rtl.sh'
+      - 'home.admin/config.scripts/bonus.thunderhub.sh'
+      - 'home.admin/config.scripts/blitz.web.api.sh'
+      - 'home.admin/config.scripts/blitz.web.ui'
+
+jobs:
+  arm64-rpi-base-image-build:
+    runs-on: ubuntu-22.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set values
+        id: set_values
+        run: |
+          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
+          if [ -z "$GITHUB_HEAD_REF" ]; then
+            echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+          else
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "GITHUB_USER=${{github.event.pull_request.head.repo.owner.login}}" >> $GITHUB_OUTPUT
+          else
+            echo "GITHUB_USER=$(echo ${{github.repository}} | cut -d'/' -f1)" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Display the build name
+        run: echo "Building the raspiblitz-arm64-rpi-base-image"
+
+      - name: Run the build script
+        run: |
+          echo "Using the variables: --pack base --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --image_size 18G"
+          cd ci/arm64-rpi
+          bash packer.build.arm64-rpi.sh --pack base --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}} --image_size 18G
+
+      - name: Calculate the checksum of the raw image
+        run: |
+          cd ci/arm64-rpi
+          sha256sum raspiblitz-arm64-rpi-base.img > raspiblitz-arm64-rpi-base.img.sha256
+
+      - name: Upload the base image and checksum
+        uses: actions/upload-artifact@v4
+        with:
+          name: raspiblitz-arm64-rpi-base-image-${{ env.BUILD_VERSION }}
+          path: |
+            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-base.img.sha256
+            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-base.img
--- a/.github/workflows/arm64-rpi-fatpack-image.yml
+++ b/.github/workflows/arm64-rpi-fatpack-image.yml
@ -1,89 +0,0 @@
-name: arm64-rpi-fatpack-image-build
-
-on:
-  workflow_dispatch:
-  #push:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
-  #  paths:
-  #    - 'build_sdcard.sh'
-  #    - 'home.admin/bitcoin.install.sh'
-  #    - 'home.admin/lnd.install.sh'
-  #    - 'home.admin/cl.install.sh'
-  #    - 'home.admin/cl-plugin.cln-grpc.sh'
-  #    - 'home.admin/tor.install.sh'
-  #    - 'home.admin/blitz.i2pd.sh'
-  #    - 'home.admin/blitz.web.sh'
-  #    - 'home.admin/bonus.nodejs.sh'
-  #    - 'home.admin/bonus.rtl.sh'
-  #    - 'home.admin/bonus.btcpayserver.sh'
-  #    - 'home.admin/bonus.thunderhub.sh'
-  #    - 'home.admin/bonus.jam.sh install'
-  #    - 'home.admin/bonus.mempool.sh'
-  #    - 'home.admin/blitz.web.api.sh'
-  #    - 'home.admin/blitz.web.ui.sh'
-  #    - 'home.admin/blitz.display.sh'
-  #    - 'ci/arm64-rpi/**'
-  #pull_request:
-  #  branches: [ "dev", "v1.8", "v1.9" ]
-  #  paths:
-  #    - 'build_sdcard.sh'
-  #    - 'home.admin/bitcoin.install.sh'
-  #    - 'home.admin/lnd.install.sh'
-  #    - 'home.admin/cl.install.sh'
-  #    - 'home.admin/cl-plugin.cln-grpc.sh'
-  #    - 'home.admin/tor.install.sh'
-  #    - 'home.admin/blitz.i2pd.sh'
-  #    - 'home.admin/blitz.web.sh'
-  #    - 'home.admin/bonus.nodejs.sh'
-  #    - 'home.admin/bonus.rtl.sh'
-  #    - 'home.admin/bonus.btcpayserver.sh'
-  #    - 'home.admin/bonus.thunderhub.sh'
-  #    - 'home.admin/bonus.jam.sh install'
-  #    - 'home.admin/bonus.mempool.sh'
-  #    - 'home.admin/blitz.web.api.sh'
-  #    - 'home.admin/blitz.web.ui.sh'
-  #    - 'home.admin/blitz.display.sh'
-  #    - 'ci/arm64-rpi/**'
-
-jobs:
-  arm64-rpi-image-build:
-    runs-on: ubuntu-22.04
-    steps:
-      - uses: actions/checkout@v3
-
-      - name: Set values
-        run: |
-          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
-          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
-
-      - name: Hello Raspiblitz
-        run: echo "Building the raspiblitz-arm64-rpi-fatpack-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}"
-
-      - name: Run the build script
-        run: |
-          cd ci/arm64-rpi
-          bash packer.build.arm64-rpi.sh fatpack $GITHUB_ACTOR $GITHUB_HEAD_REF
-
-      - name: Compute checksum of the raw image
-        run: |
-          cd ci/arm64-rpi
-          sha256sum raspiblitz-arm64-rpi-fatpack.img > raspiblitz-arm64-rpi-fatpack.img.sha256
-
-      - name: Compress image
-        run: |
-          cd ci/arm64-rpi
-          gzip -v9 raspiblitz-arm64-rpi-fatpack.img
-
-      - name: Compute checksum of the compressed image
-        run: |
-          cd ci/arm64-rpi
-          sha256sum raspiblitz-arm64-rpi-fatpack.img.gz > raspiblitz-arm64-rpi-fatpack.img.gz.sha256
-
-      - name: Upload the image and checksums
-        uses: actions/upload-artifact@v3
-        with:
-          name: raspiblitz-arm64-fatpack-rpi-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}
-          path: |
-            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-fatpack.img.sha256
-            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-fatpack.img.gz
-            ${{ github.workspace }}/ci/arm64-rpi/raspiblitz-arm64-rpi-fatpack.img.gz.sha256
--- a/.github/workflows/arm64-rpi-lean-image.yml
+++ b/.github/workflows/arm64-rpi-lean-image.yml
@ -1,9 +1,13 @@
 name: arm64-rpi-lean-image-build

+concurrency:
+  group: arm64-rpi-lean-image-build-${{ github.head_ref }}
+  cancel-in-progress: true
+
 on:
  workflow_dispatch:
  push:
-    branches: [ "dev", "v1.8", "v1.9" ]
+    branches: ['dev', 'v1.10']
    paths:
      - 'build_sdcard.sh'
      - 'home.admin/bitcoin.install.sh'
@ -13,7 +17,7 @@ on:
      - 'home.admin/blitz.display.sh'
      - 'ci/arm64-rpi/**'
  pull_request:
-    branches: [ "dev", "v1.8", "v1.9" ]
+    branches: ['dev', 'v1.10']
    paths:
      - 'build_sdcard.sh'
      - 'home.admin/bitcoin.install.sh'
@ -27,20 +31,32 @@ jobs:
  arm64-rpi-image-build:
    runs-on: ubuntu-22.04
    steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

      - name: Set values
+        id: set_values
        run: |
          echo "BUILD_DATE=$(date +"%Y-%m-%d")" >> $GITHUB_ENV
          echo "BUILD_VERSION=$(git describe --always --tags)" >> $GITHUB_ENV
+          if [ -z "$GITHUB_HEAD_REF" ]; then
+            echo "BRANCH_NAME=$(echo ${GITHUB_REF#refs/heads/})" >> $GITHUB_ENV
+          else
+            echo "BRANCH_NAME=${GITHUB_HEAD_REF}" >> $GITHUB_ENV
+          fi
+          if [[ "${{github.event_name}}" == "pull_request" ]]; then
+            echo "GITHUB_USER=${{github.event.pull_request.head.repo.owner.login}}" >> $GITHUB_OUTPUT
+          else
+            echo "GITHUB_USER=$(echo ${{github.repository}} | cut -d'/' -f1)" >> $GITHUB_OUTPUT
+          fi

-      - name: Hello Raspiblitz
+      - name: Display the build name
        run: echo "Building the raspiblitz-arm64-rpi-lean-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}"

      - name: Run the build script
        run: |
+          echo "Using the variables: --pack lean --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}}"
          cd ci/arm64-rpi
-          bash packer.build.arm64-rpi.sh lean $GITHUB_ACTOR $GITHUB_HEAD_REF
+          bash packer.build.arm64-rpi.sh --pack lean --github_user ${{steps.set_values.outputs.GITHUB_USER}} --branch ${{env.BRANCH_NAME}}

      - name: Compute checksum of the raw image
        run: |
@ -58,7 +74,7 @@ jobs:
          sha256sum raspiblitz-arm64-rpi-lean.img.gz > raspiblitz-arm64-rpi-lean.img.gz.sha256

      - name: Upload the image and checksums
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
        with:
          name: raspiblitz-arm64-rpi-image-${{ env.BUILD_DATE }}-${{ env.BUILD_VERSION }}
          path: |
--- a/.github/workflows/spelling.yml
+++ b/.github/workflows/spelling.yml
@ -0,0 +1,20 @@
+name: Spelling
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ['dev', 'v1.10', 'v1.11']
+  pull_request:
+    branches: ['dev', 'v1.10', 'v1.11']
+
+jobs:
+  spelling:
+    name: Spell Check with Typos
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout Actions Repository
+        uses: actions/checkout@v4
+      - name: Spell Check Repo
+        uses: crate-ci/typos@master
+        with:
+          config: typos.toml
--- a/.github/workflows/test-bats.yml
+++ b/.github/workflows/test-bats.yml
@ -0,0 +1,38 @@
+name: Test bats
+
+concurrency:
+  group: test-bats-${{ github.head_ref }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+  push:
+    branches: ["dev"]
+    paths:
+      - "home.admin/config.scripts/bonus.postgresql.sh"
+  pull_request:
+    branches: ["dev"]
+    paths:
+      - "home.admin/config.scripts/bonus.postgresql.sh"
+
+jobs:
+  run-bats-tests:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Install bats
+        run: |
+          sudo apt update &>/dev/null
+          sudo apt install -y bats
+
+      - name: Run the bats tests with postgresql 15
+        run: |
+          cd test
+          sudo bats ./bonus.postgresql-15.bats
+
+      - name: Run the bats tests with postgresql 13
+        run: |
+          cd test
+          sudo bats ./bonus.postgresql-13.bats
--- a/CHANGES.md
+++ b/CHANGES.md
@ -1,3 +1,89 @@
+## What's new in Version 1.11.1 of RaspiBlitz?
+
+- New: Set Timezone SSHMENU > SYSTEM > TIME [details](https://github.com/raspiblitz/raspiblitz/issues/1712)
+- New: Labelbase 2.2.1 [details](https://x.com/labelbase_space)
+- New: Redesign WebUI Setup & Recovery
+- Update: amd64 base image: debian-12.6.0-amd64-netinst.iso
+- Update: LNbits 0.12.8 [details](https://github.com/lnbits/lnbits/releases/tag/0.12.8)
+- Update: Specter Desktop 2.0.4 with reactivated UPDATE option [details](https://github.com/cryptoadvance/specter-desktop/releases/tag/v2.0.4)
+- Update: BTCPayServer 1.13.0 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.13.0)
+- Update: acme.sh 3.0.7 (repair duckdns.org dyndns)
+- Update: show progress of electrs building index on LCD
+- Update: lndmanage 0.16.0 [details](https://github.com/bitromortac/lndmanage)
+- Update: Lightning Terminal v0.12.5-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.12.5-alpha)
+- Update: PyBlock 2.7.2 [details](https://github.com/curly60e/pyblock/blob/master/README.md)
+- Update: Bitcoin Core 27.1 (as tested update) [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-27.1.md)
+- Experimental: charge-lnd install script [details](https://github.com/raspiblitz/raspiblitz/discussions/3955)
+- Experimental: config.scripts/lnd.signaddress.sh to easy sign messages on addresses on LND [details](https://github.com/raspiblitz/raspiblitz/issues/4540)
+- Experimental: config.scripts/bonus.elements.sh install elements blockchain platform [details](https://github.com/ElementsProject/elements)
+- Deprecated: Sphinx-Relay [details](https://github.com/raspiblitz/raspiblitz/issues/2558)
+- Remove: AutoPilot & Keysend from SSH menus [details](https://github.com/raspiblitz/raspiblitz/issues/1953#issuecomment-1811553602)
+- Remove: Tallycoin-Connect [see service shutdown](https://x.com/djbooth007/status/1784409117563720082)
+- Remove: IP2Tor Shoplist [details](https://github.com/raspiblitz/raspiblitz/issues/4589)
+- Remove: CopyStation Script [details](https://github.com/raspiblitz/raspiblitz/issues/4538)
+
+## What's new in Version 1.11.0 of RaspiBlitz?
+
+- New: RaspberryPi5 tested & enabling NVMe PCIe Hats
+- New: BTCPay Server PostgreSQL database backup and restore options [details](https://github.com/raspiblitz/raspiblitz/pull/4409)
+- New: Reset option for the self-signed TLS certificate [details](https://github.com/raspiblitz/raspiblitz/pull/4412)
+- New on WebUI: Electrum Connect Screen
+- Update: RaspberryOS arm64 base image 2024-03-15 (Debian 12 Bookworm) [details](https://downloads.raspberrypi.com/raspios_full_arm64/release_notes.txt)
+- Update: amd64 base image: debian-12.5.0-amd64-netinst.iso
+- Update: Bitcoin Core v26.0 [details](https://bitcoincore.org/en/releases/26.0/)
+- Update: LND v0.17.3-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.17.3-beta)
+- Update: Core Lightning v24.02.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v24.02.1)
+- Update: C-lightningREST v0.10.7 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.7)
+- Update: Electrum Server in Rust (electrs) v0.10.4 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0104-mar-15-2024)
+- Update: Fulcrum Electrum server v1.10.0 (CLI install script) [details](https://github.com/cculianu/Fulcrum/releases/tag/v1.10.0)
+- Update: BTC-RPC-Explorer v3.4.0 [details](https://github.com/janoside/btc-rpc-explorer/blob/master/CHANGELOG.md#v340)
+- Update: JoinMarket v0.9.11 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.11)
+- Update: Jam (JoinMarket Web UI) v0.2.0 [details](https://github.com/joinmarket-webui/jam/releases/tag/v0.2.0)
+- Update: JoininBox v0.8.3 [details](https://github.com/openoms/joininbox/releases/tag/v0.8.3)
+- Update: RTL v0.14.1 [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.14.1)
+- Update: Thunderhub v0.13.30 [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.30)
+- Update: CLBOSS 0.13+ (latest master 0673c50) [details](https://github.com/ZmnSCPxj/clboss/releases/tag/v0.13)
+- Update: BTCPayServer v1.12.5 [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.12.5)
+- Update: Channel Tools (chantools) v0.12.0 [details](https://github.com/lightninglabs/chantools/releases/tag/v0.12.0)
+- Update: LNbits 0.11.3 [details](https://github.com/lnbits/lnbits/releases/tag/0.11.3)
+- Update: Circuitbreaker v0.5.1 [details](https://github.com/lightningequipment/circuitbreaker/blob/master/README.md)
+- Update: LNDg v1.8.0 [details](https://github.com/cryptosharks131/lndg/releases/tag/v1.8.0)
+- Update: Balance of Satoshis v17.9.1 [details](https://www.npmjs.com/package/balanceofsatoshis/v/17.9.1)
+- Experimental: LNDK (runs on top of LND to help forward onion messages (BOLT 12)) [details](https://github.com/lndk-org/lndk)
+- Fix: PyBlock 2.2.3 [details](https://github.com/curly60e/pyblock/blob/master/README.md)
+- Refactor: Wifi config with file on sd card
+- Deactivated for Repair: lnproxy [details](https://github.com/raspiblitz/raspiblitz/issues/4122)
+- Deprecated: Homer Dashboard (remove from SSH menus, config script will stay with possible future removal)
+- Deprecated: Bitcoinminds (remove from SSH menus, config script will stay with possible future removal)
+- Remove: ItchySats (unmaintained project / in consent with dev)
+
+## What's new in Version 1.10.0 of RaspiBlitz?
+
+- Update: RaspiOS base image from 2023-05-03
+- Update: Bitcoin Core v25.0.0 [details](https://github.com/bitcoin/bitcoin/blob/master/doc/release-notes/release-notes-25.0.md)
+- Update: LND v0.16.4-beta [details](https://github.com/lightningnetwork/lnd/releases/tag/v0.16.4-beta)
+- Update: Core Lightning v23.08.1 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.08.1)
+- Update: Suez - Channel Visualization for LND & CLN [details](https://github.com/prusnak/suez)
+- Update: Electrum Server in Rust (electrs) v0.10.0 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0100-jul-22-2023)
+- Update: C-lightningREST v0.10.5 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.5)
+- Update: RTL v0.14.0 [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.14.0)
+- Update: Lightning Terminal v0.10.1-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.10.1-alpha)
+- Update: Channel Tools (chantools) v0.11.3 [details](https://github.com/guggero/chantools/releases/tag/v0.11.3)
+- Update: LNDg v1.7.0 [details](https://github.com/cryptosharks131/lndg)
+- Update: Thunderhub v0.13.19 [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.19)
+- Update: LNbits 0.10.10 [details](https://github.com/lnbits/lnbits/releases/tag/0.10.10)
+- Update: BTCPayServer 1.10.3 (postgres by default with sqlite migration) [details](https://github.com/btcpayserver/btcpayserver/releases/tag/v1.10.3)
+- Update: Specter Desktop 1.13.1 [details](https://github.com/cryptoadvance/specter-desktop/releases/tag/v1.13.1)
+- Update: Kindle-Display 0.5.1 [details](https://github.com/dennisreimann/kindle-display/)
+- Update: JoinMarket v0.9.10 [details](https://github.com/JoinMarket-Org/joinmarket-clientserver/releases/tag/v0.9.10)
+- Update: JoininBox v0.8.1 [details](https://github.com/openoms/joininbox/releases/tag/v0.8.1)
+- Update: Balance of Satoshis 15.11.0 (bos) [details](https://github.com/alexbosworth/balanceofsatoshis/blob/master/CHANGELOG.md#15110)
+- Fix: Homebanking Interface FinTS/HBCI (experimental) [details](https://github.com/rootzoll/raspiblitz/issues/1186)
+- Remove: Spark Wallet and Sparko CLN plugin (not maintained anymore)
+- Remove: Faraday, Loop, Pool single installs - used in the LiT package instead
+- Remove: deactivate LNproxy in the menu and in provision
+- Info: the users not intended to be logged in will not be available to change into (manage them from admin with sudo)
+
 ## What's new in Version 1.9.0 of RaspiBlitz?

 - New: Automated disk image build for amd64 (VM, laptop, desktop, server) and arm64-rpi (Raspberry Pi) [details](https://github.com/rootzoll/raspiblitz/tree/dev/ci/README.md)
@ -17,7 +103,7 @@
 - Update: Core Lightning v23.02.2 [details](https://github.com/ElementsProject/lightning/releases/tag/v23.02.2)
 - Update: C-lightningREST v0.10.2 [details](https://github.com/Ride-The-Lightning/c-lightning-REST/releases/tag/v0.10.2)
 - Update: Electrum Server in Rust (electrs) v0.9.11 [details](https://github.com/romanz/electrs/blob/master/RELEASE-NOTES.md#0911-jan-5-2023)
- Update: Lightning Terminal v0.9.2-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.9.2-alpha)
+- Update: Lightning Terminal v0.8.6-alpha [details](https://github.com/lightninglabs/lightning-terminal/releases/tag/v0.8.6-alpha)
 - Update: RTL v0.13.6 with update option [details](https://github.com/Ride-The-Lightning/RTL/releases/tag/v0.13.6)
 - Update: Thunderhub v0.13.16 with balance sharing disabled [details](https://github.com/apotdevin/thunderhub/releases/tag/v0.13.16)
 - Update: LNbits 0.10.6 [details](https://github.com/lnbits/lnbits/releases/tag/0.10.6)
@ -36,7 +122,7 @@
 - Info: Run RaspiBlitz on Proxmox [details](https://github.com/rootzoll/raspiblitz/tree/dev/alternative.platforms/Proxmox)
 - Info: IP2Tor fix fulmo shop & added new ip2tor.com shop
 - Info: 32GB sdcard is now enforced (after being recommended since v1.5)
- Info: 'Reindex Blockchain' is not part of 'repair' menu
+- Info: 'Reindex Blockchain' is now part of 'repair' menu

 ## What's new in Version 1.8.0c of RaspiBlitz?

@ -229,7 +315,7 @@ There was a small patch-update with raspiblitz-v1.7.1-2021-10-28.img.gz to fix a
 - New: Circuit Breaker (config-script) [details](https://github.com/rootzoll/raspiblitz/issues/1581)
 - New: PyBlock (Python Util & Fun Scripts) [details](https://github.com/curly60e/pyblock/blob/master/README.md)
 - New: Mempool Explorer [details](https://github.com/mempool/mempool)
- New: dynu.com as alternative option for LetsEncrpyt FreeDNS provider
+- New: dynu.com as alternative option for LetsEncrypt FreeDNS provider
 - New: Experimental running RaspiBlitz as VM (vagrant & docker)

 For ALL small bug fixes & improvements see: https://github.com/rootzoll/raspiblitz/milestone/11
@ -399,4 +485,3 @@ Version 1.1 packs some first fixes and enhancements to make the RaspiBlitz more
 - Removed: FTP download option for blockchain

 For full details see issue list of [Release 1.1 Milestone](https://github.com/rootzoll/raspiblitz/milestone/3?closed=1).
-
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -1,35 +1,42 @@
 # Community development
+
 Everybody is welcome to join, improve, and extend the RaspiBlitz - it's a work in progress. Check the issues if you wanna help out or add new ideas. You can find the scripts used for RaspiBlitz interactions on the device at /home/admin or in this Git repo's subfolder home.admin.

 ## Understanding Blitz project
-RaspiBlitz is insipired by the [RaspiBolt guide](https://raspibolt.github.io/raspibolt/). Tutorial on how to build a lightning node on the RaspberryPi. So much thx to Stadicus :)
+
+RaspiBlitz is inspired by the [RaspiBolt guide](https://raspibolt.github.io/raspibolt/). Tutorial on how to build a lightning node on the RaspberryPi. So much thx to Stadicus :)
 To start your Deep Dive into the RaspiBlitz project, watch [this video](https://www.youtube.com/watch?v=QXUGg45CWLo).

 ### Blitz philosophy

-* DIY community development, if you are unhappy with the code, fork and pull request, this will make you you DYOR instead of depending on the developers.
+* DIY community development, if you are unhappy with the code, fork and pull request, this will make you DYOR instead of depending on the developers.
 * If you ask when the next release will be available, we don't know, but if you contribute, it might be faster.
 * Be sure to contribute back, every little help is wanted.

 ## Getting started
+
 Get all details on "How to contribute to RaspiBlitz Development" on [this video](https://www.youtube.com/watch?v=ZVtZepV3OfM).

 ### Levels
+
 All levels are important. Even advanced users help on basic levels for other Blitzers. Every help is welcome.
 Not all enhancements needs to go through all levels, these are levels of difficulty, scalability depends on your skills.

 #### Basic
+
 1. **Reporting user side** --> Open an issue to indicate a problem or make a feature request.
 1. **Community support** --> Solve other people issues.
 1. **Good first issue** --> The purpose of the good first issue label is to highlight which issues are suitable for a new contributor without a deep understanding of the codebase.

 #### Medium
+
 1. **Sovereignty** --> Fork the repo to have the changes controlled by you.
 1. **Experiment** --> Try things out on your RaspiBlitz.
 1. **Executable** --> Turn your experiment into a basic shell script.

 #### Advanced
-1. **Config script** --> Integrate your executable into the RaspiBlitz enviroment.
+
+1. **Config script** --> Integrate your executable into the RaspiBlitz environment.
 1. **SSH-GUI** --> Make it easier for others to use your config script.
 1. **WEB-GUI** --> Turn your feature into customer ready

@ -49,7 +56,7 @@ and is also an effective way to request assistance if and when you need it.
 1. Make sure it is compatible with Blitz philosophy.
 1. Fork the repo
 1. Commit changes on the new branch
-1. Open a pull request (PR are made to the `dev` branch unless indicated otherwise by a collaborator.
+1. Open a pull request (PRs are made to the `dev` branch unless indicated otherwise by a collaborator.

 #### Review

@ -70,7 +77,7 @@ NACKs without accompanying reasoning may be disregarded.
 After conceptual agreement on the change, code review can be provided. A review begins with the urgent necessity of the changes.
 Start from urgent to less important:
 1. Security risk.
-1. Code that breaks the enviroment.
+1. Code that breaks the environment.
 1. Enhancing current services functionality.
 1. Solving a common issue.
 1. Adding new applications.
@ -82,5 +89,5 @@ Reviewers that have demonstrated a deeper commitment and understanding of the pr
 The project leader is the release manager for each RaspiBlitz release.

 ## Copyright
-By contributing to this repository, you agree to license your work under the [MIT license](https://github.com/rootzoll/raspiblitz/blob/master/LICENSE).
+By contributing to this repository, you agree to license your work under the [MIT license](https://github.com/raspiblitz/raspiblitz/blob/master/LICENSE).
 Any work contributed where you are not the original author must contain its license header with the original author(s) and source.
--- a/FAQ.cl.md
+++ b/FAQ.cl.md
--- a/FAQ.dev.md
+++ b/FAQ.dev.md
@ -1,246 +0,0 @@
-## FAQ Development
-
-### What is the process of creating a new SD card image release?
-
-Checklist before making a SD card image release:
-
-* "Versioning" number is upfates in your RaspiBlitz Source Code (_version.info)
-* Latest code is merged in release branch
-
-Creating the base minimal sd card:
-
-* Start [`Ubuntu LIVE`](http://releases.ubuntu.com/18.04.3/ubuntu-18.04.3-desktop-amd64.iso) from USB stick
-* Under Settings: best to set correct keyboard language & power settings to prevent monitor turn off
-* Connect to a secure WiFi (hardware switch on) or LAN
-* Download the latest RaspiOS-64bit (zip/xz & sig file) namend in the [build_sdcard.sh](./build_sdcard.sh) and note the SHA256 checksum
-* From the browser `Show All Downloads` and from the context menu select `Open Containing Folder`
-* On that file manager open context (right click) on the white-space and select `Open in Terminal`
-* Compare the checksum with the one you just made note of, using `shasum -a 256 *.zip`
-* Check signature: `wget https://www.raspberrypi.org/raspberrypi_downloads.gpg.key && gpg --import ./raspberrypi_downloads.gpg.key && gpg --verify *.sig`
-* The result should say "correct signature" and the fingerprint should end with `8738 CD6B 956F 460C`
-* Insert an NTFS formatted USB stick and use the file manager to move all files to the USB
-* If image is an ZIP file use in file manager context on NTFS USB stick `extract here` to unzip
-* Download script for later with `curl https://raw.githubusercontent.com/Drewsif/PiShrink/master/pishrink.sh > pishrink.sh`
-* Connect SD card reader with a SD card (16GB recommended)
-* In the file manager open context on the .img-file, select `Open With Disk Image Writer` and write the image to the SD card
-* In the file manager open context on `boot` drive free space `open in terminal`
-* Run the commands `touch ssh`
-* Run the command: `echo "pi:\$6\$TE7HmruYY9EaNiKP\$Vz0inJ6gaoJgJvQrC5z/HMDRMTN2jKhiEnG83tc1Jsw7lli5MYdeA83g3NOVCsBaTVW4mUBiT/1ZRWYdofVQX0" > userconf` and `exit`
-* Eject the `boot` and the `NTFS` volume
-* Connect a RaspiBlitz (without HDD) to network, insert sd card and power up
-* Find the IP of the RaspiBlitz (arp -a or check router)
-* In terminal `ssh pi@[IP-OF-RASPIBLITZ]`
-* Password is `raspberry`
-* Run the following command BUT REPLACE `[BRANCH]` with the branch-string of your latest version
-* To run the minimal pack: `wget --no-cache https://raw.githubusercontent.com/rootzoll/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh -u rootzoll -b [BRANCH] -f 0 -d headless`
-* Monitor/Check outputs for warnings/errors
-* Login new with `ssh admin@[IP-OF-RASPIBLITZ]` (pw: raspiblitz) and run `release`
-* Disconnect WiFi/LAN on build laptop (hardware switch off) and shutdown
-* Remove `Ubuntu LIVE` USB stick and cut power from the RaspberryPi
-
-Creating the image of sd card:
-
-* Connect USB stick with latest `TAILS` (make it stay offline)
-* Boot Tails with extra setting of Admin-Passwort and remember (use later for sudo)
-* Menu > Systemtools > Settings > Energy -> best to set monitor to never turn off
-* Connect USB stick with GPG signing keys - decrypt drive if needed
-* Open Terminal and cd into directory of USB Stick under `/media/amnesia`
-* Run `gpg --import ./sub.key`, check and `exit`
-* Disconnect USB stick with GPG keys
-* Take the SD card from the RaspberryPi and connect with an external SD card reader to the laptop
-* Click on `boot` volume once in the file manger
-* Connect the NTFS USB stick, open in file manager and delete old files
-* To make a raw image from sd card - second way (UI with progress): 
-  * Search "Laufwerke" or "Drives" on Tails Apps
-  * Create image named `raspiblitz.img` to USB storage
-* Open Terminal and cd into directory of NTFS USB stick under `/media/amnesia`
-* `shasum -a 256 ./pishrink.sh` should be `e46e1e1e3c6e3555f9fff5435e2305e99b98aaa8dc28db1814cf861fbb472a69`
-* `chmod +x ./pishrink.sh | sudo ./pishrink.sh ./raspiblitz.img`
-* `gzip -c ./raspiblitz.img > ./raspiblitz-min/fat-vX.X.X-YEAR-MONTH-DAY.img.gz`
-* `shasum -a 256 ./raspiblitz-min/fat-vX.X.X-YEAR-MONTH-DAY.img.gz > ./raspiblitz-min/fat-vX.X.X-YEAR-MONTH-DAY.img.gz.sha`
-* make analog copy/note of checksum 
-* Sign with `gpg --output raspiblitz-min/fat-vX.X.X-YEAR-MONTH-DAY.img.gz.sig --detach-sign raspiblitz-min/fat-vX.X.X-YEAR-MONTH-DAY.img.gz`
-
-Prepare template for subversion update later:
-
-* `mv ./raspiblitz.img ./raspiblitz-min-vX.X.X.img`
-* `shasum -a 256 ./raspiblitz-min-vX.X.img > ./raspiblitz-min-vX.X.X.img.sha`
-* make analog copy/note of checksum
-
-Creating a fatpack sd card from the minimal image:
-
-* Start TAILS live image
-* On NTFS USB Stick (Open in Terminal) check hash of raspiblitz-min-vX.X.X.img wit analog note:
-* `shasum -a 256 ./raspiblitz-min-vX.X.X.img`
-* Right-Click the file and write to a min 32GB sd card
-* On `bootfs` in FileManger (Open in Terminal):
-* `touch stop` & `exit` terminal
-* Shutdown TAILS & eject sd card
-* Bootup UBUNTU LIVE
-* Connect a RaspiBlitz (without HDD) to network, insert sd card and power up
-* Find the IP of the RaspiBlitz (arp -a or check router)
-* In terminal `ssh admin@[IP-OF-RASPIBLITZ]`
-* Update to latest code with `patch code`
-* the following only if its a `fatpack`:
-  * run command `fatpack`
-  * if it reboot, ssh in again & again run command `fatpack`
-  * check that script ended without errors
-* do the creation & signing of the image file like in chapter above
-
-Publishing the images:
-
-* Connect the NTFS USB stick to MacOS (it is just read-only)
-* Run tests on the new image
-* Upload the new image to the Download Server - put sig-file next to it
-* Copy SHA256-String into GitHub README and update the download link
-* Create Torrent file from image (for example with Transmission) and place in in the `home.admin/assets` folder & link on README
-
-This is a recommended tracker list to be used with the torrent:
-```
-udp://tracker.coppersurfer.tk:6969/announce
-http://tracker.yoshi210.com:6969/announce
-http://open.acgtracker.com:1096/announce
-http://tracker.skyts.net:6969/announce
-udp://9.rarbg.me:2780/announce
-http://tracker2.itzmx.com:6961/announce
-udp://exodus.desync.com:6969/announce
-http://pow7.com:80/announce
-udp://tracker.leechers-paradise.org:6969
-```
-
-### Versioning
-
-* Major Updates: 1.0.0, 2.0.0, 3.0.0, ... are epic updates signaling that the software reached a new era.
-* Main Updates: 1.1.0, 1.2.0, 1.3.0, ... are release updates - the reflashing of the sd ard is mandatory.
-* Minor Updates: 1.3.0, 1.3.1, 1.3.2, ... are patch updates - can be done by 'patching' the scripts & code, but new sd card reflash is still advised.
-
-Every release has its own branch: `v1.9`, `v1.10`, `v1.11` .. this way hot patches can be merged into the release branch and people update with the `patch code` command
-
-### How can I customize my RaspiBlitz or add other software?
-
-The RaspiBlitz is your computer to experiment with. Feel free to add your own scripts, edit the system or install further software from the command line. Just keep in mind that after an update/recovery the RaspiBlitz starts with a fresh and clean operating system again. So all your editings and installs might be gone. To prevent this you should do the following:
-
- place your own scripts and data that should survive an update/recovery into the `/mnt/hdd/app-data` directory
- put all install commands & modification of the system into the script `/mnt/hdd/app-data/custom-installs.sh` which will be started automatically on a recovery/update.
-
-### GitHub Workflow
-
- Development is done on the 'dev' branch, new features should be done on single feature branches and merged into 'dev' once ready.
- When a release of a new main-update (see above) comes closer, a new release branch gets created from 'dev' with the first release candidate - the RCs and the final release sd card will be build from this branch.
- All minor-releases will basically all work with the same 'build_sdcard.sh' script so that the code could be updated by just calling 'patch'. Emergency updates on lnd & bitcoin may break this guideline, but basic structure & packaging should stay mostly consistent over a main-update version.
- Once a release is ready, that release branch will be set as the "default" branch on GitHub (so its shown as main page)
- Hot fixes & new features for minor verisons will be created as single branches from the release branch, and once ready will be merged back into that release branch as a Pull Request using 'Squash-Merge' AND then, this 'Squash-Merge' (one single commit) will get cherry-picked into the  'dev' branch ('git cherry-pick COMMITHASH' - may call 'git fetch' & 'git pull' before to make a clean cherry-pick into dev).
-
-### Can I run RaspiBlitz on other computers than RaspberryPi?
-
-There is an experimental section in this GitHub that tries to build for other SingleBoardComputers. Feel free to try it out and share your experience: [alternative.platforms/README.md](alternative.platforms/README.md)
-
-### How can I build an SD card from another branch?
-
-There might be new, but not released features in development that are not yet in the default version branch - but you want to try them out.
-
-To build a SD card image from another branch than master, you follow the [Build the SD Card Image](README.md#build-the-sd-card-image) from the README, but execute the build script from the other branch and add the name of that branch as a parameter to the build script.
-
-For example if you want to make a build from the 'dev' branch you execute the following command:
-
-`wget --no-cache https://raw.githubusercontent.com/rootzoll/raspiblitz/dev/build_sdcard.sh && sudo bash build_sdcard.sh -b dev`
-
-If you want to see all the optional parameters for building your sd card, just answere `no` on first question and call `sudo bash build_sdcard.sh --help`.
-
-### How can I build an SD card from my forked GitHub Repo?
-
-If you fork the RaspiBlitz repo (much welcome) and you want to run that code on your RaspiBlitz, there are two ways to do that:
-
-* The quick way: For small changes in a single script, go to `/home/admin` on your running RaspiBlitz, delete the old git with `sudo rm -r raspiblitz` then replace it with your code `git clone [YOURREPO]` and `patch`
-
-* The long way: If you like to install/remove/change services and system configurations you need to build a SD card from your own code. Prepare like in [Build the SD Card Image](README.md#build-the-sd-card-image) from the README but in the end run the command:
-
-`wget --no-cache https://raw.githubusercontent.com/[GITHUB-USERNAME]/raspiblitz/[BRANCH]/build_sdcard.sh && sudo bash build_sdcard.sh -b [BRANCH]`
-
-If you are then working in your forked repo and want to update the scripts on your RaspiBlitz with your latest repo changes, run `patch` - That's OK as long as you don't make changes to the SD card build script - for that you would need to build a fresh SD card again from your repo.
-
-### How can I checkout a new branch from the RaspiBlitz repo to my forked repo?
-
-You need to have your forked repo checked-out on your laptop. There your should see your forked repo as `origin` when you run `git remote -v`. If you don't see an additional `upstream` remote yet, then create it with the following command: `git remote add upstream https://github.com/rootzoll/raspiblitz.git`.
-
-So, first checkout the new branch named `BRANCH` from the original RaspBlitz repo to your local computer with: `git fetch upstream` and then `git checkout -b BRANCH upstream/BRANCH`.
-
-Now push the new branch to your forked GitHub repo with `git push -u origin BRANCH`.
-
-Once the branch is available and synced between the RaspiBlitz GitHub repo, your forked GitHub repo and your local computer git repo, you can start developing.
-
-### How can I sync a branch of my forked GitHub with my local RaspiBlitz?
-
-Since v1.5 of RaspiBlitz there has been an easy way thru the SSH menus: Under `MAIN MENU > UPDATE > PATCH` you have the option to change the GitHub repository and and branch to sync with. You change the GitHub Reposity by setting the GitHub username where you forked the Repo.
-
-So for example: If you forked the RaspiBlitz project (rootzoll/raspiblitz) on GitHub and your GitHub project page is now called: https://github.com/raumi75/raspiblitz ... then just change the repo to sync/patch with to your username `raumi75`.
-
-Now you can use the `Patch/Sync RaspiBlitz with GitHub Repo` to easily keep your RaspiBlitz in sync with your forked repository and develop your own customizations and features.
-
-Background info and doing it manually:
-
-There is a git copy of the original RaspiBlitz GitHub repo on your physical RaspiBlitz in the folder `/home/admin/raspiblitz`. If you change into that folder and run `git remote -v` you can see the set origin repo.
-
-You need to change that origin repo to your forked repo. You do that with:
-```
-git remote set-url origin [THE-URL-OF-YOUR-FORKED-REPO]
-```
-
-Now to sync your branch namend BRANCH on your forked repo with your RaspiBlitz, you always just run:
-```
-/home/admin/config.scripts/blitz.github.sh BRANCH
-```
-
-So your workflow can go like this: You write code on your local computer. Commit to your local repo, push it to your forked repo and use the sync-script above to get the code to your RaspiBlitz.
-
-### How to add an app to the RaspiBlitz?
-
-To add your app you can fork the raspiblitz repo, follow the `/home.admin/config.scripts/bonus.template.sh` script [see code](https://github.com/rootzoll/raspiblitz/blob/dev/home.admin/config.scripts/bonus.template.sh), copy/adapt it, test it on your RaspiBlitz and make a PR back to the main repo.
-
-### How contribute a feature/change from my forked branch back to the RaspiBlitz repo?
-
-In the same way as described above, you can build a new feature or test a change. Once you have something ready that you want to contribute back, you make sure it's pushed to your forked GitHub repo, and then start a pull request from your forked repo to the RaspiBlitz repo.
-
-See more info: https://yangsu.github.io/pull-request-tutorial/
-
-### How can I help testing a Pull Request?
-
-Make sure to have the correct base image.
-Then go to the command line and create a branch for the PR:
-
-```
-cd /home/admin/raspiblitz
-git fetch origin pull/[PRNUMBER]/head:pr[PRNUMBER]
-git checkout pr[PRNUMBER]
-cd /home/admin
-/home/admin/config.scripts/blitz.github.sh -justinstall
-```
-
-Now you have the code of the PR active - depending on what scripts are changed you might need to reboot.
-
-To change back to the code:
-```
-/home/admin/config.scripts/blitz.github.sh master
-```
-
-### How can I push changes to an existing Pull Request?
-
-See article: https://tech.sycamore.garden/add-commit-push-contributor-branch-git-github .. only works if your a contributer on raspiblitz repo.
-
-### How to cherry-pick with branch protections & CODEOWNERS file?
-
-Chery-picking patch PRs from dev to a release-branch like 'v1.8' (for example) is now a bit more complicated. Either an admin switches temorarly the branch protection "require a pull request before merging" setting off for the `git cherry-pick` OR we create a `p1.8` branch from `v1.8`, cherry-pick the squashed patch PR into that unprotected `p1.8` and then open a PR back to `v1.8`.
-
-But what we gain is that better branch protection and we can add more contributers to the project that are allowed to manage issues - like adding lables or closing.
-
-### How to run the automatic amd64 build on a VM on OSX?
-
-just notes so far:
-
-https://brew.sh
-brew install qemu
-https://github.com/rootzoll/raspiblitz/actions --> download amd64-lean image
-double unzip until `qcow2` file 
-convert `qcow2` to `vdi:
-qemu-img convert -f qcow2 raspiblitz-amd64-debian-lean.qcow2 -O vdi raspiblitz-amd64-debian-lean.vdi
-https://www.virtualbox.org/wiki/Downloads
--- a/FAQ.md
+++ b/FAQ.md
@ -1,827 +0,0 @@
-<!-- omit in toc -->
-# FAQ - Frequently Asked Questions
-
---
-Table of Contents
---
- [Table of Contents](#table-of-contents)
- [Upgrade](#upgrade)
-  - [How to verify the SD card image after download?](#how-to-verify-the-sd-card-image-after-download)
-  - [What changed on every upgrade?](#what-changed-on-every-upgrade)
-  - [How do I upgrade my RaspiBlitz?](#how-do-i-upgrade-my-raspiblitz)
-  - [Why do I need to re-burn my SD card for an update?](#why-do-i-need-to-re-burn-my-sd-card-for-an-update)
-  - [How can I update LND or bitcoind even before the next RaspiBlitz update?](#how-can-i-update-lnd-or-bitcoind-even-before-the-next-raspiblitz-update)
- [SSH](#ssh)
-  - [What to do when on SSH I see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"](#what-to-do-when-on-ssh-i-see-warning-remote-host-identification-has-changed)
-  - [How do I unplug/shutdown safely without SSH](#how-do-i-unplugshutdown-safely-without-ssh)
-  - [I cannot connect via SSH to my RaspiBlitz. What do I do?](#i-cannot-connect-via-ssh-to-my-raspiblitz-what-do-i-do)
-  - [How to SSH over Tor?](#how-to-ssh-over-tor)
-  - [How to setup port-forwarding with a SSH tunnel?](#how-to-setup-port-forwarding-with-a-ssh-tunnel)
-  - [How do I setup just a port-forwarding user on my public server?](#how-do-i-setup-just-a-port-forwarding-user-on-my-public-server)
-  - [How to reset the ssh config and keys?](#how-to-reset-the-ssh-config-and-keys)
- [Display](#display)
-  - [Can I flip the screen?](#can-i-flip-the-screen)
-  - [How to fix my upside down LCD after update?](#how-to-fix-my-upside-down-lcd-after-update)
-  - [Can I run the RaspiBlitz without a display/LCD?](#can-i-run-the-raspiblitz-without-a-displaylcd)
-  - [How do I find the IP address when running without a display?](#how-do-i-find-the-ip-address-when-running-without-a-display)
- [Debug](#debug)
-  - [I have the full blockchain on another storage. How do I copy it to the RaspiBlitz?](#i-have-the-full-blockchain-on-another-storage-how-do-i-copy-it-to-the-raspiblitz)
-  - [How do I generate a Debug Report?](#how-do-i-generate-a-debug-report)
-  - [Why is my "final sync" taking so long?](#why-is-my-final-sync-taking-so-long)
-  - [How do I backup my Lightning Node?](#how-do-i-backup-my-lightning-node)
-    - [1) Securing your On-Chain- and Channel-Funds during Operation](#1-securing-your-on-chain--and-channel-funds-during-operation)
-    - [2) Making a complete LND data backup](#2-making-a-complete-lnd-data-backup)
-  - [How can I recover my coins from a failing RaspiBlitz?](#how-can-i-recover-my-coins-from-a-failing-raspiblitz)
-    - [1) Recover LND data](#1-recover-lnd-data)
-    - [2) Recover from Wallet Seed](#2-recover-from-wallet-seed)
-  - [How do I move funds \& channels from RaspiBlitz to LND Lightning Desktop App?](#how-do-i-move-funds--channels-from-raspiblitz-to-lnd-lightning-desktop-app)
-  - [How do I change the Name/Alias of my lightning node](#how-do-i-change-the-namealias-of-my-lightning-node)
-  - [How do I change the public port LND/Lightning node is running on?](#how-do-i-change-the-public-port-lndlightning-node-is-running-on)
-  - [How do I solve a "signature mismatch after caveat verification" error?](#how-do-i-solve-a-signature-mismatch-after-caveat-verification-error)
-  - [Why is my node not routing?](#why-is-my-node-not-routing)
-  - [When using Auto-Unlock, how much security do I lose?](#when-using-auto-unlock-how-much-security-do-i-lose)
-  - [I connected my HDD but it still says 'Connect HDD' on the display?](#i-connected-my-hdd-but-it-still-says-connect-hdd-on-the-display)
-  - [How do I shrink the QR code for connecting my Shango/Zap/Zeus mobile phone?](#how-do-i-shrink-the-qr-code-for-connecting-my-shangozapzeus-mobile-phone)
-  - [Why is my bitcoin IP on the display red?](#why-is-my-bitcoin-ip-on-the-display-red)
-  - [Why is my node address on the display red?](#why-is-my-node-address-on-the-display-red)
-  - [Why is my node address on the display yellow (not green)?](#why-is-my-node-address-on-the-display-yellow-not-green)
-  - [How can I set a fixed IP?](#how-can-i-set-a-fixed-ip)
-  - [How do I fix a displayed Error in my Config?](#how-do-i-fix-a-displayed-error-in-my-config)
-  - [Can I run the RaspiBlitz as Backend for BTCPayServer?](#can-i-run-the-raspiblitz-as-backend-for-btcpayserver)
-  - [I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?](#i-dont-have-a-lan-port-on-my-laptop---how-do-i-connect-to-my-raspiblitz)
-  - [Is it possible to connect the Blitz over Wifi instead of using a LAN cable?](#is-it-possible-to-connect-the-blitz-over-wifi-instead-of-using-a-lan-cable)
-  - [Can I directly connect the RaspiBlitz to my laptop?](#can-i-directly-connect-the-raspiblitz-to-my-laptop)
-  - [How to attach the RaspberryPi to the HDD?](#how-to-attach-the-raspberrypi-to-the-hdd)
-  - [What other case options do I have?](#what-other-case-options-do-i-have)
-  - [Are those "Under-Voltage detected" warnings a problem?](#are-those-under-voltage-detected-warnings-a-problem)
-  - [How do I return to the menu after exiting to the command line](#how-do-i-return-to-the-menu-after-exiting-to-the-command-line)
-  - [How do I setup fresh/clean/reset and without going into recovery mode?](#how-do-i-setup-freshcleanreset-and-without-going-into-recovery-mode)
-  - [My blockchain data is corrupted - what can I do?](#my-blockchain-data-is-corrupted---what-can-i-do)
-  - [I have two RaspiBlitz in my network - can they both be public?](#i-have-two-raspiblitz-in-my-network---can-they-both-be-public)
-  - [How can I enforce UASP mode for my SSD controller?](#how-can-i-enforce-uasp-mode-for-my-ssd-controller)
-  - [I am facing maintenance/emergency mode on boot. How do I fix it?](#i-am-facing-maintenanceemergency-mode-on-boot-how-do-i-fix-it)
- [Extras](#extras)
-  - [How do I connect a UPS to the RaspiBlitz?](#how-do-i-connect-a-ups-to-the-raspiblitz)
-  - [Can I run my RaspiBlitz on Solar Energy?](#can-i-run-my-raspiblitz-on-solar-energy)
-  - [How to use the Let's Encrypt client](#how-to-use-the-lets-encrypt-client)
-    - [Let's Encrypt - HTTP-01](#lets-encrypt---http-01)
-    - [Let's Encrypt - DNS-01](#lets-encrypt---dns-01)
-    - [Let's Encrypt - eMail Address](#lets-encrypt---email-address)
-    - [Let's Encrypt - Installation details](#lets-encrypt---installation-details)
-  - [What is this mnemonic seed word list?](#what-is-this-mnemonic-seed-word-list)
-  - [How do I set up VNC?](#how-do-i-set-up-vnc)
-  - [Why use BTRFS on RaspiBlitz?](#why-use-btrfs-on-raspiblitz)
-    - [Storing your important Data in RAID1 with a USB Thumb Drive](#storing-your-important-data-in-raid1-with-a-usb-thumb-drive)
-    - [Snapshotting the Blockchain](#snapshotting-the-blockchain)
-    - [How do I use BTRFS on RaspiBlitz?](#how-do-i-use-btrfs-on-raspiblitz)
-    - [How to recover a BTRFS partition?](#how-to-recover-a-btrfs-partition)
---
-
-## Upgrade
-
-### How to verify the SD card image after download?
-
-There are two methods, verify the hash (proves integrity) or the signature (proves integrity and authenticity)
-
-You can do a quick check to verify that the sha256 hash of the file you downloaded is the same as the sha256 hash mentioned below the download link, or use the torrent download which will also check the file for a checksum after download.
-
-To verify the shasum:
-
-```
-shasum -a 256 [DOWNLOADED-FILE-TO-CHECK]
-```
-
-But verifying the shasum does not prove to you that the SD card image was actually built by the lead developer of the RaspiBlitz project.
-
-To verify that the download was actually signed by [rootzoll](https://keybase.io/rootzoll) you need to use GPG and import the following public key:
-
-```
-curl --tlsv1.2 --proto '=https' https://keybase.io/rootzoll/pgp_keys.asc | gpg --import
-```
-
-Next, download the "signature file" for the SD card image. It's the same download link as for the image file - just added a `.sig` at the end. You should also always find the download link for the signature file in the README right next to the image download link.
-
-If you now have all the three elements needed - the imported public key, the image signature and the image file itself - you can verify the download with:
-
-```
-gpg --verify [SIGNATURE-FILE] [IMAGE-FILE]
-```
-
-As a result you should see a "good signature" message with a main fingerprint the same as you can find on the [keybase.io/rootzoll](https://keybase.io/rootzoll) that is ending on `1C73 060C 7C17 6461`. You should also see the sub-key fingerprint ending on `AA9D D1B5 CC56 47DA`, that is used at the moment to sign the sd card image. If those fingerprints shown correctly, the SD card image you downloaded is an original RaspiBlitz release.
-
-*You can ignore any warning about the key being 'not a trusted signature' or untrusted .. as long you see "good signature" and the correct main & sub fingerprints the download is valid.*
-
-### What changed on every upgrade?
-
-See the [CHANGES.md](CHANGES.md) file for details.
-
-### How do I upgrade my RaspiBlitz?
-
-The upgrade should be quite simple - you don't need to close any channels:
-
- It would be best to get a second 16GB or 32GB SD card - but you can also reuse your old one
- In the SSH main menu of you RaspiBlitz choose `UPDATE` & follow the dialogs until shutdown
- Download the new RaspiBlitz image file from the [GitHub README](https://github.com/rootzoll/raspiblitz/blob/dev/README.md#installing-the-software)
- Write the new image to the (new) SD card with a tool like [balena etcher](https://www.balena.io/etcher/)
- RaspiBlitz with new SD card image - it now goes through a recover/update phase - this may take some time.
- Once that's done, login once via SSH and use the password raspiblitz and set a new password A (can be your old one or a new one).
-
-After the final reboot your RaspiBlitz should be ready, running the new RaspiBlitz version.
-
-### Why do I need to re-burn my SD card for an update?
-
-I know it would be nicer to run just an update script and be ready to go. But then the scripts would need to be written in a much more complex way to be able to work with any versions of LND and Bitcoind (they are already complex enough with all the edge cases) and testing would become even more time consuming than it is now. That's not something that a single developer can deliver.
-
-For some, it might be a pain point to make an update by re-burning a new SD card - especially if you added your own scripts or made changes to the system - but that's by design. It's a way to enforce a "clean state" with every update - the same state that I tested and developed the scripts with. The reason for that pain: I simply cannot write and support scripts that run on every modified system forever - that's simply too much work.
-
-With the SD card update mechanism I reduce complexity, I deliver a "clean state" OS, LND/Bitcoind and the scripts tightly bundled together exactly in the dependency/combination like I tested them and it's much easier to reproduce bug reports and give support that way.
-
-Of course, people should modify the system, add own scripts, etc ... but if you want to also have the benefit of the updates of the RaspiBlitz, you have two ways to do it:
-
-1. Contribute your changes back to the main project as pull requests so that they become part of the next update - the next SD card release.
-
-2. Make your changes so that they survive an SD card update easily - put all your scripts and extra data onto the HDD, AND document for yourself how to activate them again after an update. The file `/mnt/hdd/app-data/custom-installs.sh` runs with sudo rights after an update/recovery from a fresh SD card. This is the place to put all the install commands, cronjobs or editing of system configs for your personal modifications of RaspiBlitz.
-
-*BTW there is a beneficial side effect when updating with a new SD card: You also get rid of any malware or system bloat that happened in the past. You start with a fresh system :)*
-
-### How can I update LND or bitcoind even before the next RaspiBlitz update?
-
-Try updating before a official RaspiBlitz at your own risk - you can find some info about that here:
-https://raspibolt.org/bonus/raspberry-pi/odroid-setup.html#bitcoin-core-upgrade
-
-
-
-## SSH
-
-### What to do when on SSH I see "WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!"
-
-This means that he public SSH key of the RaspiBlitz has changed to the one you logged in with the last time under that IP.
-
-It's OK when happening during an update - when you changed the SD card image. If it's really happening out of the blue - check your local network setup for a problem. Maybe the local IP of your RaspiBlitz changed? Is there a second RaspiBlitz connected? It's a security warning, so at least take some time to check if anything is strange. But also don't immediately panic - when it's in your local network, normally it's some network thing - not an intruder.
-
-To fix this and to be able to login with SSH again, you have to remove the old public key for that IP from your local client computer. Just run the following command (with the replaced IP of your RaspiBlitz): `ssh-keygen -R IP-OF-YOUR-RASPIBLITZ` or remove the line for this IP manually from the known_hosts file (see the path to the file in the warning message).
-
-After that, you should be able to login with SSH again.
-
-### How do I unplug/shutdown safely without SSH
-
-Just removing power from the RaspiBlitz can lead to data corruption if the HDD is right in the middle of a writing process. The safest way is always to SSH into the RaspiBlitz and use the "POWER OFF" option in the main menu.
-
-But if cannot login with SSH and you need to power off at least remove the LAN cable (network connection)first for sometime (around 10-30 secs - until you can see no more blinking lights on the HDD) and then remove the power cable. This should minimize the risk if data corruption in this situations.
-
-### I cannot connect via SSH to my RaspiBlitz. What do I do?
-
- Check the command again with how it shows on the display  - do you have it typed in correctly?
- Replace `ssh` with `sudo ssh` and try it (laptop admin password might be required).
-
-If that doesn't work, try to ping the IP of the RaspiBlitz with `ping [IP-of-RaspiBlitz]`. If you get no response on the ping requests and the device is not reachable, try this check list:
-
- Make sure that your RaspiBlitz and your laptop are really on the same local network
- Check if you have a VPN running on your laptop - some VPNs block local network
- Some Routers have `IP Isolation` switched on - not allowing two devices to connect
-
-If you've checked those and SSH is still not working: Join the conversation on [GitHub Issue #420](https://github.com/rootzoll/raspiblitz/issues/420).
-
-### How to SSH over Tor?
-
-SSH is already encrypted, why would I want to use it with Tor?
-* Remote access when away from LAN.
-* Anonymized access - Someone sniffing the traffic don't know where the server you are establishing a connection is, not the server side knows where the client is.
-
-Create Hidden Service:
-`bash /home/admin/config.scripts/tor.onion-service.sh ssh 22 22`
-
-SSH over Tor:
-`torsocks ssh admin@HiddenServiceAddress.onion`
-
-Get the address:
-`sudo cat /mnt/hdd/tor/ssh/hostname`
-
-### How to setup port-forwarding with a SSH tunnel?
-
-To use a public server for port-forwarding thru a SSH tunnel you can use the following experimental script on the RaspiBlitz (since v1.2):
-
-`/home/admin/config.scripts/internet.sshtunnel.py`
-
-But first you need to make sure that the public server you are using is supporting SSH reverse-tunneling and authentication by public authorized key. Check the `/etc/ssh/sshd_config` on the public server. It should contain the following settings:
-
-```
-RSAAuthentication yes
-PubkeyAuthentication yes
-GatewayPorts yes
-AllowTcpForwarding yes
-ClientAliveInterval 60
-ClientAliveCountMax 2
-```
-
-*Last two parameters were added as used in the ssh tunnel demo at #GPN19 https://media.ccc.de/v/gpn19-76-einen-server-daheim-ohne-ffentliche-ipv4-adresse#t=911*
-
-You can add those at the end of the file, save and reboot.
-
-On the RaspiBlitz you can then setup for example to forward the gRPC port 10009 (internal port) to the port 20009 on the public server (external port) with the user = `test` and server address = `raspiblitz.com` with the following command:
-
-`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com "10009<20009"`
-
-You can even set multiple port forwardings like with:
-
-`/home/admin/config.scripts/internet.sshtunnel.py on test@raspiblitz.com "10009<20009" "8080<9090"`
-
-Please be aware that after you set such a port forwarding you will need to set the domain of the public server as a `DynamicDNS` name (leave update url empty) and then connect mobile wallets fresh, or export the macaroons/certs again. When connecting the mobile wallets you may need to adjust ports manually after QR code scan. And if you SSH tunnel the LND node port `9735` you may also need to set the custom LND port script and maybe also a manual set of the domain in the LND service would be needed. This all is very experimental at the moment ... better integration will come in the future.
-
-To switch this SSH tunneling off again use:
-
-`/home/admin/config.scripts/internet.sshtunnel.py off` and also deactivate the DynamicDNS again.
-
-To check if a tunnel is running on the tunneling server check: `netstat -tulpn`
-
-### How do I setup just a port-forwarding user on my public server?
-
-Make sure the `/etc/ssh/sshd_config` has the following lines at the end:
-
-```
-RSAAuthentication yes
-PubkeyAuthentication yes
-GatewayPorts yes
-AllowTcpForwarding yes
-AuthorizedKeysFile  /etc/ssh/authorized_keys/%u
-```
-
-The last one stores all authorized_keys in one directory with a file per user. See https://serverfault.com/questions/313465/is-a-central-location-for-authorized-keys-a-good-idea#424659 To prepare this run:
-```
-mkdir /etc/ssh/authorized_keys
-groupadd forwardings
-```
-
-To add a forwarding user run:
-```
-useradd -g forwardings -d /home [USERNAME]
-echo 'command="date" [CONTENT-OF-RASPIBLITZ-ROOT-SSH-PUBKEY]' > /etc/ssh/authorized_keys/[USERNAME]
-```
-
-### How to reset the ssh config and keys?
-
- shutdown the RaspiBlitz - if you dont have touchscreen activated, disconnect LAN cable, wait until HDD/SSD activity slows down (no constant blinking) and then cut the power
- take out the SD card and connect it to your laptop - it should appear as a `boot` drive
- in the root directory of that `boot` drive create a file called `ssh.reset`
- that file can be empty or just copy another file on that drive and rename it ()
- eject the drive from your laptop safely
- put SD card back into the RaspiBlitz (also make sure LAN cable is connected again)
- power up - the RaspiBlitz should boot up & reboot again
- then try again to SSH login
-
-If you see a "REMOTE HOST IDENTIFICATION HAS CHANGED!" warning on login, that's what we wanted - the SSH cert of your RaspiBlitz changed - thats good. We just need to remove the old one from our laptop first - on OSX you can use `rm ~/.ssh/known_hosts` (deletes all cached server certs) or remove the line with your RaspiBlitz IP manually from the `~/.ssh/known_hosts` file with a text editor.
-
-## Display
-
-### Can I flip the screen?
-
-There is now an option under `SETTINGS` to rotate the screen.
-
-To do it manually: For the default 3.5" LCD you need to edit the /boot/config.txt. Run `sudo nano /boot/config.txt`
-Look for the line `dtoverlay=tft35a:rotate=270` towards the end. To flip the screen with 180 degrees change the line to `dtoverlay=tft35a:rotate=90` and reboot with `sudo reboot`. Reference: https://github.com/goodtft/LCD-show/issues/34
-
-### How to fix my upside down LCD after update?
-
-Some displays have a different orientation. To fix this activate/deactivate the LCD-ROTATION option in the MAINMENU > SERVICES and let it reboot. You might need to do this up to 3 times until your display works correctly.
-
-### Can I run the RaspiBlitz without a display/LCD?
-
-The display is one of the nice features of the RaspiBlitz but it can run without it. Maybe not all the add-on features can be used to the full extent, but you can get started without the LCD and if you wish, plug it on later.
-
-If you want to use the HDMI output you can place a file called `hdmi` on the `boot` section of the RaspiBlitz sd card ... just connect the sd card to your laptop, create that file and then boot it up in the RaspberryPi.
-
-If you are already logged in you can use on the console the commands:
-
- `hdmi` --> switch to HDMI
- `lcd` --> switch to LCD
-
-### How do I find the IP address when running without a display?
-
-If you can login into your local internet router it should show you the IP address assigned to the RaspberryPi.
-
-Another way is to use [Angry IP Scanner](https://angryip.org/) to find the IP address.
-
-You can also put an empty file just called `hdmi` (without any ending) onto the sd card when connected to your laptop and then start it up on the RaspberryPi. This will activate the HDMI port and if you connect a HDMI monitor to the RaspberryPi it will show you the RaspiBlitz status screen containing the local IP address.
-
-## Debug
-
-### How do I generate a Debug Report?
-
-If your RaspiBlitz is not working correctly and you like to get help from the community, it's good to provide more debug information, so others can better diagnose your problem.
-
-When you use the WebUI in the browser than you can follow the steps:
-
- Login  into the WebUI and enter the Dashboard (needs to be fully snyced)
- In the left navigation bar - choose "Settings"
- Under "Generate Debug Report" click "Generate"
- This might take some minutes, but then a Text-File will be offered for download
-
- You can also get a debug report thru the SSH menus:
-
- SSH into your raspiblitz as admin user with your password A
- If you see the menu - use CTRL+C to get to the terminal
- To generate debug report run: `debug`, optionally create a link with `debug -l`
- Then copy all output beginning with `*** RASPIBLITZ LOGS ***` and share this
-
-*PLEASE NOTICE: Most private information (like IPs, node IDs, ...) will filtered from debug logs, but this might not catch all sensitive information - so recheck content yourself before you share publicly.*
-
-### I have the full blockchain on another storage. How do I copy it to the RaspiBlitz?
-
-Copying a already synced blockchain from another storage (e.g. your Laptop or external hard drive) can be a quick way to get the RaspiBlitz started or replacing a corrupted blockchain with a fresh one. Also that way you have synced and verified the blockchain yourself, and are not trusting the RaspiBlitz Torrent downloads (Don't trust, verify).
-
-One requirement is that the blockchain is from another bitcoin-core client with version greater or equal to 0.17.1.
-
-But we don't copy the data via USB to the device, because the HDD needs to be formatted in EXT4 and that is usually not read/writable by Windows or Mac computers. So I will explain a way to copy the data through your local network. This should work from Windows, Mac, Linux and even from another already synced RaspiBlitz.
-
-Both computers (your RaspberryPi and the other computer with the full blockchain) need to be connected to the same local network. Make sure that bitcoind/bitcoin-qt is stopped on the computer containing the blockchain.
-If your blockchain source is another RaspiBlitz v1.5 or higher - go to `REPAIR` > `COPY-SOURCE`.
-If your RaspiBlitz is below v1.5 then on the terminal `sudo systemctl stop bitcoind` and then go to the directory where the blockchain data is with `cd /mnt/hdd/bitcoin` - when the copy/transfer is done later reboot a RaspiBlitz source with `sudo shutdown -r now`.
-
-If everything described above is in order, start the setup of the new RaspiBlitz with a fresh SD card (like explained in the README) - it's OK that there is no blockchain data on your HDD yet - just follow the setup. When you get to the setup-point `Getting the Blockchain` choose the COPY option. Starting from version 1.0 of the RaspiBlitz this will give you further detailed instructions how to transfer the blockchain data onto your RaspiBlitz. In short: On your computer with the blockchain data source you will execute SCP commands that will copy the data over your local network to your RaspiBlitz.
-
-Once you finished all the transfers, the Raspiblitz will make a quick-check on the data - but that will not guarantee that everything in detail was OK with the transfer. Check further FAQ answers if you get stuck or see a final sync with a value below 90%.
-
-### Bitcoind tells me to reindex - how can I do this?
-
- To find/access information fast in large data sets like the Bitcoin blockhain indexes are needed. Those indexes can get corrupted on your HDD/SSD and to repair them they need to be rebuild - re-indexed. Bitcoind has two different options to do this - a fast way called "reindex-chainstate" (which just rebuilds the UTXO set from the blocks as you have them) and the slow but complete way called just "reindex" that would even recheck all your block data - see for details here: https://bitcoin.stackexchange.com/questions/60709/when-should-i-use-reindex-chainstate-and-when-reindex 
- 
- So if you read in your debug logs of bitcoind that you should "reindex" you can try first just to do a fast "reindex-chainstate" and if that didnt worked a slow and full "reindex".
-
-See the raspiblitz script `./config.scripts/network.reindex.sh` or the REAPIR menu to start these processes.
-
-### Why is my "final sync" taking so long?
-
-First of all if you see a final sync over 90% and you can see from time to time small increase - you should be OK ... this can take a looong time to catch up with the network. Only in the case that you actively choose the `SYNC` option in the `Getting the Blockchain` is a final sync under 90% OK. If you did a torrent or a copy from another computer and you are seeing under 90% something went wrong, and the setup process is ignoring your prepared Blockchain and doing a full sync - which can almost take forever on a raspberryPi.
-
-If something is wrong (like mentioned above) then try again from the beginning. You need to reset your HDD for a fresh start: SSH in as admin user. Abort the final sync info with CTRL+c to get to the terminal. Then run `sudo /home/admin/XXcleanHDD.sh -all` and follow the script to delete all data in HDD. When finished power down with `sudo shutdown now`. Then make a fresh SD card from image and this time try another option to get the blockchain. If you run into trouble the second time, please report an issue on GitHub.
-
-
-### How do I backup my Lightning Node?
-
-There are two ways of performing a Backup:
-
-#### 1) Securing your On-Chain- and Channel-Funds during Operation
-
-This is best done by auto backing-up the 'channel.backup' file to a remote location. But it just secures the funds you have in your on-chain wallet or in your channels. On recovery the channels will get closed. For details on how to setup see the README:
-https://github.com/rootzoll/raspiblitz/blob/v1.2/README.md#backup-for-on-chain---channel-funds
-
-#### 2) Making a complete LND data backup
-
-This backups all your LND data - including all open channels. But it's just intended to use when you move your LND data between computers, during update situations, or in rescue recoveries, because replaying out-dated backups can lead to the loss of all channel funds.
-
-To backup LND data in a rescue situation see next question "How can I recover my coins from a failing RaspiBlitz?".
-
-### How can I recover my coins from a failing RaspiBlitz?
-
-On a RaspiBlitz you have coins in your on-chain wallet (bitcoin wallet) and also coins in lightning channels. First we will try to recover all of them while trying to keep your channels open with "Recover LND data". If that is not possible you can fall back to the second option "Recover from Wallet Seed".
-
-#### 1) Recover LND data
-
-The best chance to recover all your LND data/channels is when you still can SSH into the RaspiBlitz and the HDD is still usable/reachable (mounted) - even if it shows some errors. If this is not possible anymore you should skip to the second option "Recover from Wallet Seed" or try to recover the LND data from the HDD (directory `lnd`) from another computer.
-
-If you still can SSH in and HDD is readable, we can try to rescue/export your LND data (funds and channels) from a RaspiBlitz to then be able to restore it back to a fresh one. For this you can use the following procedure ...
-
-To rescue/export your Lightning data from a RaspiBlitz (since v1.1):
-
-* SSH into your RaspiBlitz and EXIT to terminal from the menu.
-* then run: `/home/admin/config.scripts/lnd.backup.sh lnd-export-gui`
-* follow the instructions of the script.
-
-This will create a lnd-rescue file (ends on gz.tar) that contains all the data from the LND. The script offers you a command to transfer the lnd-rescue file to your laptop. If the transfer was successful you can now setup a fresh RaspiBlitz. Do all the setup until you have a clean new Lightning node running - just without any funding or channels.
-
-Then to restore your old LND data and to recover your funds and channels:
-
-* SSH into your new RaspiBlitz and EXIT to terminal from the menu.
-* then run: `/home/admin/config.scripts/lnd.backup.sh lnd-import-gui`
-* follow the instructions of the script.
-
-This script will offer you a way to transfer the lnd-rescue file from your laptop to the new RaspiBlitz and will restore the old data. LND then gets restarted for you, and after some time it should show you the status screen again with your old funds and channels.
-
-**Be aware that if backup is some hours old, channels could have been closed by the other party and it may take some time until you see funds back on-chain. If backup is somewhat older then 1 day also the channel counter-parties may have used your offline time to cheat you with an old state. And if your backup was not the latest state it could also be happening that you are posting an old channel state (seen as cheating) and funds of that channel get forfeited as punishment. So again .. this backup method can be risky, use with caution. While it's recommended to try in recover and rescue situations - it's not for regular backups.**
-
-#### 2) Recover from Wallet Seed
-
-Remember those 24 words you were writing down during the setup? That's your "cipher seed" - These words are very important for recovering your wallet. If you don't have them anymore: go back to option "Recover LND data" (see above) and check all possible ways to recover data from the HDD. If you still have the word seed: good, but read the following carefully:
-
-With the word seed you can recover the on-chain funds that LND was managing for you - but it does not contain all the details about the channels you have open - it's mostly the key to your funding wallet. If you were able to close all channels or never opened any, then you should be safe: The best results to recover on-chain funds from wallet seeds have been reported from people installing the Lightning Labs App on laptop and then using the wallet seed (and same wallet passwords): https://github.com/lightninglabs/lightning-app/releases. Other people were succesful in this process using the Zap Desktop wallet (OSX, Win, Linux): https://zap.jackmallers.com/download
-
-If you had open channels it would be best to check if you have also the `channel.backup` file (Static-Channel-Backup feature) that is available since LND 0.6 (RaspiBlitz v1.2) and use it in the process below ... for more details on the `channel.backup` file see [README.md on backups](README.md#backup-for-on-chain---channel-funds).
-
- SetUp a fresh RaspiBlitz (fresh SD-Card image and clean HDD).
- During the new SetUp, when you get to the point of creating the LND wallet (see image below).
- Choose `OLD - I had an old Node I want to recover/restore`  option and then
- Choose `SEED+SCB - Seed & channel.backup file` option
- and follow the instructions to upload your `channel.backup` file and enter your seed
-
-Then give LND some time to re-scan the blockchain. In the end you will have restored your funding wallet. You maybe need to wait for your old channel counterparts to force close the old channels until you see the coins displayed again.
-
-If you don't have the `channel.backup` file but only the seed words there is a last hope - read this article:
-https://medium.com/@guggero/did-you-lose-funds-on-the-lightning-network-because-of-a-disk-crash-8971b6a92494
-
-*Important: If you see a zero balance for on-chain funds after restoring from seed ... see details discussed [here](https://github.com/rootzoll/raspiblitz/issues/278) - you might try setup fresh this time with bigger look-ahead number.*
-
-
-### How do I move funds & channels from RaspiBlitz to LND Lightning Desktop App?
-
-Before you start - download a LND-data-rescue file from your RaspiBlitz to your laptop `main menu -> UPDATE -> Update Anyway -> Start Update -> Download Backup -> FOLLOW INSTRUCTIONS and press Enter when ready with download -> START UPDATE`. Now your RaspiBlitz will power down.
-
-Now install the LND Lightning Desktop App for your OS: https://github.com/lightninglabs/lightning-app/releases
-
-Then start the App and create a new wallet - it's a throw-away wallet (will be deleted afterwards with no funds) - so you don't need to keep seeds safe. To get easily through the setup just make a photo of the seed with your mobile. If you get asked for funding - just click "done" until you reach the basic wallet screen. Then close the LND Desktop App.
-
-Now find out the path where LND stores the wallet data on your computer.
-
-Linux: [USER-DIRECTORY]/.config/lightning-app/lnd
-OSX: [USER-DIRECTORY]/Library/Application Support/lightning-app/lnd
-Windows: %USERPROFILE%\AppData\Roaming\lightning-app\lnd
-
-Then open that directory on your local file manager and delete all data in the `lnd` directory.
-
-Now unpack the lnd-rescue you made before and copy all the data from the `mnt/hdd/lnd` directory (including sub directories) into the LND-Path lnd directory. Delete the "lnd.conf" file.
-
-Now start the Lightning App again. Your wallet password should now be your RaspIBlitz Password C.
-
-**If it's working and you have access to your funds/channels on the Desktop App ... don't start the RaspiBlitz anymore. Delete SD card and HDD.**
-
-### How do I change the Name/Alias of my lightning node
-
-Use the "Change Name/Alias of Node" option in the Lightning - LND Wallet Options menu. The RaspiBlitz will automatically reboot after this.
-
-
-### How do I change the public port LND/Lightning node is running on?
-
-There is a experimental script you can call from the terminal that will make all changes for you ... see details here: https://github.com/rootzoll/raspiblitz/issues/100#issuecomment-466722712
-
-### How do I solve a "signature mismatch after caveat verification" error?
-
-If you get this error by LND it means that something is wrong with the macaroons being used to communicate with LND .. see: https://github.com/lightningnetwork/lnd/blob/master/docs/macaroons.md
-
-Fixing this depends on where you get this error:
-
-* If you get it in a mobile wallet, then redo the connection with the RaspiBlitz to get fresh macaroons.
-* If you get this from RTL or from the scripts of the SSH menus of the RaspiBlitz, then go to "EXPORT Macacroons and TLS.cert" in SSH main menu and choose the the "RESET Macaroons & TLS" option.
-
-Also make sure to check again on your power supply - it needs to deliver equal or more then 3A and should deliver a stable current. If you think your HDD is degrading - maybe this is a good time to replace it. See for details the FAQ question: [How can I recover my coins from a failing RaspiBlitz?](FAQ.md#how-can-i-recover-my-coins-from-a-failing-raspiblitz)
-
-### Why is my node not routing?
-
-1. You don't have inbound liquidity
-2. Low uptime
-3. Capital is committed to competitive destinations
-4. Capital committed to destinations no one wants to send to
-5. Fees are too high
-6. Your inbound liquidity doesn't have good inbound liquidity itself
-
-### When using Auto-Unlock, how much security do I lose?
-
-The idea of the "wallet lock" in general, is that your private key / seed / wallet is stored in a encrypted way on your HDD. On every restart, you have to input the password once manually (unlock your wallet), so that the LND can read and write to the encrypted wallet again. This improves your security if your RaspiBlitz gets stolen or taken away - it loses power and then your wallet is safe - the attacker cannot access your wallet.
-
-When you activate the "Auto-Unlock" feature of the RaspiBlitz, the password of the wallet gets stored on the RaspiBlitz. So if an attacker steals the RaspiBlitz physically, it's now possible for them to find the password and unlock the wallet.
-
-
-### I connected my HDD but it still says 'Connect HDD' on the display?
-
-Your HDD may have no partitions yet. SSH into the RaspiBlitz as admin (see command and password on display) and you should be offered the option to create a partition. If this is not the case:
-
-Check/Exchange the USB cable. Connect the HDD to another computer and check if it shows up at all.
-
-OSX: https://www.howtogeek.com/212836/how-to-use-your-macs-disk-utility-to-partition-wipe-repair-restore-and-copy-drives/
-
-Windows: https://www.lifewire.com/how-to-open-disk-management-2626080
-
-Linux/Ubuntu (desktop): https://askubuntu.com/questions/86724/how-do-i-open-the-disk-utility-in-unity
-
-Linux/Raspbian (command line): https://www.addictivetips.com/ubuntu-linux-tips/manually-partition-a-hard-drive-command-line-linux/
-
-### How do I shrink the QR code for connecting my Shango/Zap/Zeus mobile phone?
-
-Make the fonts smaller until the QR code fits into your (fullscreen) terminal. In OSX use `CMD` + `-` key. In LINUX use `CTRL`+ `-` key. On WINDOWS Putty go into the settings and change the font size: https://globedrill.com/change-font-size-putty
-
-### Why is my bitcoin IP on the display red?
-
-The bitcoin IP is red when the RaspiBlitz detects that it cannot reach the port of bitcoin node from the outside. This means the bitcoin node can peer with other bitcoin nodes, but other bitcoin nodes cannot initiate a peering with you. Don't worry, you don't need a publicly reachable bitcoin node to run a (public) lightning node. If you want to change this however, you need to forward port 8333 on your router to the RaspiBlitz. How to do this is different on every router.
-
-Some routers support a feature called UPnP where devices can automatically request a forwarding to be publicly reachable. By turning on `BTC UPnP` in the main menu `SERVICES` section, you can try if your router supports this feature.
-
-On details how to set port forwarding manually on your router model see: https://portforward.com
-
-### Why is my node address on the display red?
-
-The node address is red when the RaspiBlitz detects that it cannot reach the port of the LND node from the outside - when the device is behind a NAT or firewall of the router. Your node is not publicly reachable. This means you can peer+openChannel with other public nodes, but other nodes cannot peer+openChannel with you. To change this you need to forward port 9735 on your router to the RaspiBlitz. How to do this is different on every router.
-
-Some routers support a feature called UPnP where devices can automatically request a forwarding to be publicly reachable. By turning on `LND UPnP` in the main menu `SERVICES` section, you can try if your router supports this feature.
-
-On details how to set port forwarding manually on your router model see: https://portforward.com
-
-Also the self-testing of the RaspiBlitz to see if the port is forwarded or not might not work if your router is not supporting [Hairpinning](https://en.wikipedia.org/wiki/Hairpinning).
-
-### Why is my node address on the display yellow (not green)?
-
-Yellow is OK. The RaspiBlitz can detect that it can reach a service on the port 9735 of your public IP - this is in most cases the LND of your RaspiBlitz. But the RaspiBlitz cannot 100% for sure detect that this is its own LND service on that port - that's why it's just yellow, not green.
-
-For details on how to set port forwarding on your router model see: https://portforward.com
-
-### How can I set a fixed IP?
-
-Add an entry called `staticIP` in `raspiblitz.conf` to prevent external IP detection and force a fixed IP for your node.
-
-### How do I fix a displayed Error in my Config?
-
-When the LCD display is telling you to do a config check:
- go to the RaspiBlitz terminal (X on main menu) and run 'patch'
- start reboot with command: 'restart'
- go to the RaspiBlitz terminal run the command: 'check'
- now edit the RaspiBlitz config and get rid of the errors: 'nano /mnt/hdd/raspiblitz.conf'
- save config with: CTRL+o
- exit nano editor with: CTRL+x
- start reboot with command: 'restart'
-
-### Can I run the RaspiBlitz as Backend for BTCPayServer?
-
-BTCPay Server is a solution to be your own payment processor to accept Lightning Payments for your online store: https://github.com/btcpayserver/btcpayserver
-
-You can find setup instructions for a experimental setup here: https://goo.gl/KnTzLu
-
-Thanks to @RobEdb (ask on twitter for more details) for running his demo store with RaspiBlitz: https://store.edberg.eu - buy a picture of [him and Andreas](https://store.edberg.eu/produkt/jag-andreas/) :)
-
-### I don't have a LAN port on my Laptop - how do I connect to my RaspiBlitz?
-
-You don't need a LAN port on your laptop as long as you can connect over WLAN to the same LAN router/switch the RaspiBlitz is connected to .. and you are on the same local network.
-
-### Is it possible to connect the Blitz over Wifi instead of using a LAN cable?
-
-A LAN cable is recommended because it reduces a possible source of error on the network connection side. But how to setup WLAN when you don't have a LAN-Router/Switch available see here:
-
-Using [Raspberry Pi Imager: ](https://www.raspberrypi.com/software/)
-https://raspibolt.org/guide/raspberry-pi/operating-system.html#configure-boot-options
-
-Manually
-https://github.com/raspibolt/raspibolt/blob/a21788c0518618d17093e3f447f68a53e4efa6e7/raspibolt/raspibolt_20_pi.md#prepare-wifi
-
-### Can I directly connect the RaspiBlitz to my laptop?
-
-If you have a LAN port on your laptop - or you have a USB-LAN adapter, you can connect the RaspiBlitz directly (without a router/switch) to your laptop and share the WIFI internet connection. You can follow this [guide for OSX](https://medium.com/@tzhenghao/how-to-ssh-into-your-raspberry-pi-with-a-mac-and-ethernet-cable-636a197d055) and this [guide for Windows](https://www.tomshardware.com/how-to/share-internet-connection-windows-ethernet-wi-fi).
-
-In short for OSX:
-
-* make sure all VPNs are off (can interfere with local LAN)
-* connect with LAN directly
-* Settings > Sharing/Freigaben > activate "internet sharing" from WLAN to Ethernet
-* Settings > Network > Ethernet-Adapter > set to DHCP
-* in terminal > `ifconfig` there you should see the IP of the bridge100
-* in terminal > `arp -a` and check for an IP of a client to the bridge
-* in terminal > ssh admin@[clientIP]
-
-In short for Windows:
-
-* make sure all VPNs are off (can interfere with local LAN)
-* connect Raspiblitz with laptop LAN/ethernet directly
-* Control Panel > Network and Internet > Network and Sharing Centre 
-* Click on your active internet connection highlighted in blue
-* Properties > Sharing
-* Check the box titled "Allow other network users to connect through this computer's Internet connection
-* Select LAN/Ethernet from the "Home networking connection:" dropdown menu
-* Click OK
-* Restart the Raspiblitz
-
-If anyone has experience on doing this in Linux please share.
-
-### How to attach the RaspberryPi to the HDD?
-
-Try a rubber band.
-
-### What other case options do I have?
-
-You can put the heatsink-case (top-part mentioned in the shopping lists) into a customized 3D printed case for the RaspiBlitz called "Lightning Shell" - great work by @CryptoCloaks
-
-https://www.cryptocloaks.com/product/lightningshell/ (Delivery from USA)
-
-![LightningShell](pictures/lightningshell.jpeg)
-
-![LightningShell](pictures/lightningshell2.jpeg)
-
-Also there is the ZKDS metal case available that also needs some extra hardware (SATA-USB expansion board and USB bridge).
-
-https://diynodes.com (delivery from UK)
-
-![ZKDSMetalCase](pictures/metalcase.png)
-
-
-### Are those "Under-Voltage detected" warnings a problem?
-
-When your USB power adapter for the RaspiBlitz delivers too low of a power level, those messages with "Under-Voltage detected" (under-voltage) are shown on the display. This can lead to data loss/corruption on the HDD. If you see this just one or two times it's not OK, but can be in a tolerant window. Nevertheless it is important to make sure that your USB power adapter can deliver at least 3A (big and stable is good). If you still see those warnings maybe get a second USB Power adapter just for the HDD, and power the HDD through a Y-Cable - see https://en.wikipedia.org/wiki/Y-cable#USB or put a USB Hub with extra power between the Raspberry and the HDD.
-
-
-### How do I return to the menu after exiting to the command line
-
-Type the command `raspiblitz` to return to the main menu if you exited to the command line.
-
-### How do I setup fresh/clean/reset and without going into recovery mode?
-
-When you put in a SD card with a new/clean RaspiBlitz image the RaspiBlitz will go into recovery mode because it detects the old data on your HDD and assumes you just want to continue to work with this data.
-
-But there might be cases where you want to start a totally fresh/clean RaspiBlitz from the beginning. To do so you need to delete the old data from the HDD. Choose the option `RESET-ALL` under `REPAIR` to delete all data and start fresh.
-
-When the HDD is clean, then flash a new RaspiBlitz sd card and your setup should start fresh.
-
-### My blockchain data is corrupted - what can I do?
-
-You could try to re-index, but that can take a very long time - multiple days or even weeks. But there are other options:
-
-1. Get new Blockchain
-
-Use `REPAIR` in the SSH main menu and then choose `RESET-CHAIN`. Then you get offered multiple options to get new blockchain data.
-
-2. Backup LND Data, make fresh Blitz, Replay LND Data
-
-You can backup your channel and wallet data, make a complete fresh RaspiBlitz and after that is setup, you replace the LND data with your old data. Also make sure to check again on your power supply - it needs to deliver equal or more then 3A, and should deliver a stable current. If you think your HDD or SD card is degrading - maybe this is a good time to replace it. See for details the FAQ question: [How can I recover my coins from a failing RaspiBlitz?](FAQ.md#how-can-i-recover-my-coins-from-a-failing-raspiblitz)*
-
-### I have two RaspiBlitz in my network - can they both be public?
-
-Yes but you need to change the port number (for example to 9736) on at least one of your RaspiBlitzes - see how to change a port below. Then you can forward both ports from your home internet router to the matching RaspiBlitzes.
-
-### How can I enforce UASP mode for my SSD controller?
-
-By default just tested & selected SSD encasings/controller are running enabled with UASP in RaspiBlitz. UASP brings a speed up for the SSD but also if not well supported by the SSD encasing/controller can lead to system halts. If you know for sure that your SSD encasing/controller is supporting UASP fully you can place a file called `uasp.force` on the sd card boot section after flashing the image with your laptop. See details or report errors on issue [#2488](https://github.com/rootzoll/raspiblitz/issues/2488)
-
-### I am facing maintenance/emergency mode on boot. How do I fix it?
-
-This behavior is caused by either the software that flashes the RaspiBlitz image onto the sd card, or by a faulty sd-card. The only solution is to try switching the software/computer you use for flashing and/or trying another sd card.
-
-See issues #3039, #1053 & #782
-
-## Extras
-
-### How do I connect a UPS to the RaspiBlitz?
-
-A UPS (Uninterruptible Power Supply) is used to protect the RaspiBlitz against power outages. Normally you put it just between your normal power outlet and your RaspiBlitz and you are set. But some UPS offer a way to communicate with devices. This can be very useful for example if on a longer power outage the battery of the UPS runs low the RaspiBlitz could detect this and power down in a clean way - instead of a sudden stop that risks data loss or corruption.
-
- - There is an experimental script to connect the RaspiBlitz to a UPS over USB cable build by APC - the Model tested with was [APC Back-UPS BX - BX700U-GR](https://www.amazon.de/APC-Back-UPS-Unterbrechungsfreie-Stromversorgung-BX700U-GR/dp/B00T7BYRCK) but it should work with every APC model offering a USB port. \
-To turn it on run from terminal: `/home/admin/config.scripts/blitz.ups.sh on apcusb`
-
- There is also a script dealing with Geekworm/Suptronics [X708 UPS HAT](https://www.amazon.com/Geekworm-Raspberry-Management-Detection-Shutdown/dp/B08DNRYM4Y/). The tested model was x708v1.2. \
-To turn it on run from terminal: `/home/admin/config.scripts/blitz.ups.sh on x708`
-
-If you have other UPS models or ways to connect ... feel free to extend this script.
-
-### Can I run my RaspiBlitz on Solar Energy?
-
-Yes - take a look at the project of [Chimezie Chuta](https://twitter.com/mezie16/status/1264513274080636928?s=20)
-
-![RaspiSolar](pictures/raspisolar.jpg)
-
-More details in his book ["A-Z of Building your own Full Bitcoin Lightning Node: A hand Book for Enthusiasts"](https://blockspace.shop/products/a-z-of-building-your-own-full-bitcoin-lightning-node-a-hand-book-for-enthusiasts)
-
-### How to use the Let's Encrypt client
-
-The [Let's Encrypt](https://letsencrypt.org/) client software [acme.sh](https://github.com/acmesh-official/acme.sh) is
-included (since v1.6) and can be used to create TLS certificates that are signed by the Certificate Authority (*Root
-CA*) **Let's Encrypt** and which are therefore trusted on all modern platforms.
-
-In order to successfully get a signed certificate you need to **verify ownership** over a **DNS domain** or a **full
-qualified domain name** (**FQDN**). Currently Let's Encrypt **doesn't** issue certificates for IP addresses. The two
-most common standards for verification of control are `HTTP-01` and `DNS-01`.
-
-The **acme.sh** client supports both modes and has a large number of DNS services (more than 50) it can interact with.
-More details can be found on the [acme.sh wiki](https://github.com/acmesh-official/acme.sh/wiki).
-
-#### Let's Encrypt - HTTP-01
-
-To use `HTTP-01` your RaspiBlitz needs to be accessible directly from the Internet on a **public IP address** on **port
-80**. If you don't have a public IPv4/IPv6 IP on either `eth0` or `wlan0` then it might be possible to use **NAT port
-forwarding** or an **autossh-tunnel** to fulfill this requirement.
-
-If everything (this includes creating a `DNS A` or `DNS CNAME` record that points to a static or dynamic IP address) is
-set up so that the Let's Encrypt servers can reach your RaspiBlitz on port 80 then the following command will perform
-the initial creation of a signed certificate and will also store the configuration data needed to regularly refresh it.
-Just run this once and then lean back and forget about it. :-D
-
-```
-~/.acme.sh/acme.sh --keylength ec-256 --issue -d hostname.example.com -w /var/www/letsencrypt/
-```
-
-#### Let's Encrypt - DNS-01
-
-The `DNS-01` standard **proves ownership** by creating `DNS TXT` records on the domain or subdomain you want to use.
-This requires interaction with and access to a dns server but comes with the benefit that `wildcard certificates`
-can be issued.
-
-It is beyond the scope of this FAQ entry to explain all details of this - please refer to the official documentation.
-Assuming you are using the [DuckDNS](https://www.duckdns.org/) dynamic DNS service then the following command will
-get a certificate (including a wildcard subject alternative name (**SAN**) listing). It will also take care of continuous
-renewals.
-
-```
-export DuckDNS_Token="abcdefgh-0123-56ij-78kl-abcd9012efgh"
-~/.acme.sh/acme.sh --issue --keylength ec-256 --dns dns_duckdns -d hostname.duckdns.org -d *.hostname.duckdns.org
-```
-
-As mentioned, more that 50 other services (including self-hosted options like e.g. `nsupdate` or `PowerDNS`) are supported.
-
-#### Let's Encrypt - eMail Address
-
-The installation process of the `acme.sh` client includes a prompt for an eMail address. The data entered there is
-stored in the `accounts.conf` file as `ACCOUNT_EMAIL`. This address is used by Let's Encrypt to notify you about
-the expiry of certificates (which is not really needed as renewals are automated) and also about changes to their
-**Terms of Service**. For more details please check their [privacy policy](https://letsencrypt.org/privacy/).
-
-It is currently considered completely fine to leave this field empty and not provide an eMail address.
-
-#### Let's Encrypt - Installation details
-
-The `acme.sh` script is installed in `/home/admin/.acme.sh/` - the configuration and the certificates are stored on the
-external hard disk in `/mnt/hdd/app-data/letsencrypt`.
-
-### What is this mnemonic seed word list?
-
-With the 24 word list given you by LND upon wallet creation you can recover your private key. You should write it down and store it at a safe place. Bear in mind that *this 24 word mnemonic seed is not based on the BIP 39* and therefore cannot be recovered using a Bitcoin wallet.
-
-For more background on the LND mnemonic seed [read this article](https://github.com/lightningnetwork/lnd/blob/master/docs/recovery.md#recovering-funds-from-lnd-funds-are-safu).
-
-### How do I set up VNC?
-
-Enter the Console/Terminal by selecting the last option from the Raspiblitz menu.
-![Raspiblitz menu](pictures/vnc-go-to-console.png)
-
-Enable the VNC server using raspi-config:
-
-`sudo raspi-config`
-
-In the menu, go to
-*Interfacing Options > VNC > Enable*
-![Raspi-config menu](pictures/vnc-raspi-config-menu.png)
-
-After that reboot the Raspiblitz. You can do this easily from the Raspiblitz menu.
-In the command line, type:
-`menu`
-The Raspiblitz menu has a reboot option if you scroll down. Select it and reboot.
-
-![Raspi-config menu](pictures/vnc-reboot-from-menu.png)
-
-
-After the Raspiblitz is rebooted, set a password for the VNC Server:
-`sudo vncpasswd -service`
-
-Set the Authentication parameter:
-`sudo echo "Authentication=VncAuth" > /etc/vnc/config.d/common.custom`
-
-Restart the VNC Server for settings to take effect:
-`sudo systemctl restart vncserver-x11-serviced`
-
-Open the relevant port in the firewall (ufw):
-`sudo ufw allow vnc`
-
-Start the VNC server from the Raspiblitz:
-`vncserver`
-This will run by default in the display number '1'. If you want to specify another number, run this (change  *\<display-number\>* to whatever you prefer):
-`vncserver :<display-number>`
-
-![VNC server started](pictures/vnc-server-started.png)
-
-From the VNC client (e.g. your PC, laptop), connect to the IP that the previous command has displayed in the screen (I covered it in pink in the screenshot). If everything is alright, you can see the display from the VNC client now.
-
-In order to stop broadcasting your display, stop the server from the Raspiblitz with this:
-`vncserver -kill :<display-number>`
-
-For example:
-`vncserver -kill :1`
-
-
-**Note**: You may have to set the resolution through raspi-config in certain situations:
-`sudo raspi-config`
- *Advanced Options > Resolution*
-
-**Hint**: From macOS, there is a built in VNC client hidden away at: /System/Library/CoreServices/Applications/Screen\ Sharing.app
-
-**Hint 2**: Find more info about VNC in Raspberry [here](https://www.raspberrypi.org/documentation/remote-access/vnc/).
-
-
-### Why use BTRFS on RaspiBlitz?
-
-The file system [BTRFS](https://de.wikipedia.org/wiki/Btrfs) for your HDD/SSD provides two new features to make the data storage more resilient:
-
-#### Storing your important Data in RAID1 with a USB Thumb Drive
-
-BTRFS comes with build in RAID features - that means that data can be stored on two physical drives at the same time and if one is failing the other one can be used to heal the other one or its replacement.
-
-For the Raspiblitz this means that you can connect an additional 32GB USB3 Thumb Drive (under 10 USD) and have it running in a RAID with your HDD/SSD - keeping your LND channel data and all other important data of your RaspiBlitz double-safe.
-
-#### Snapshotting the Blockchain
-
-BTRFS comes with a build in snapshot feature - that means that your RaspiBlitz can make every day a backup of the blockchain data and if a blockchain corruption occurs (exmaple thru a power outage) there is no need to sync the complete chain again. Just switch back to the last backup state and quickly sync up from there. On BTRFS such backups can be done as snapshots that dont need much more space on the drive and are quickly done - no need to buy a bigger SSD or wait for copying over 200GB.
-
-#### How do I use BTRFS on RaspiBlitz?
-
-Because the BTRFS is still experimental it's a bit hidden. There are two ways to activate:
-
- When you start a fresh setup just connect a 32GB Thumb Drive on the second USB3 port from the beginning and you should be asked during HDD setup if you want to try out BTRFS and gave the Thumb Drive as RAID1.
-
- If you have a existing RaspiBlitz and you want to switch to BTRFS then you need to export a Migration File (MAINMENU > REPAIR > MIGRATION) an then format your HDD/SSD clean. When you import a Migration File during a fresh Setup (see above) you will get the option to format the HDD/SSD with BTRFS.
-
-Once the Blitz is running on BTRFS you can use the '/home/admin/config.scripts/blitz.datadrive.sh' script to add a RAID drive or make a snapshot.
-
-#### How to recover a BTRFS partition?
-
-This articles goes thru the usual options:
-https://ownyourbits.com/2019/03/03/how-to-recover-a-btrfs-partition/
-https://seravo.fi/2015/using-raid-btrfs-recovering-broken-disks
--- a/56
+++ b/56
@ -2,10 +2,16 @@ SHELL = /bin/bash
 GITHUB_ACTOR = $(shell git remote -v | grep origin | head -1 | cut -d/ -f4)
 GITHUB_HEAD_REF = $(shell git rev-parse --abbrev-ref HEAD)

-amd64-lean-image:
+amd64-lean-desktop-uefi-image:
 	# Run the build script
 	cd ci/amd64 && \
-	bash packer.build.amd64-debian.sh lean $(GITHUB_ACTOR) $(GITHUB_HEAD_REF) 0
+	sudo bash packer.build.amd64-debian.sh \
+	  --pack lean \
+	  --github_user $(GITHUB_ACTOR) \
+	  --branch $(GITHUB_HEAD_REF) \
+	  --preseed_file preseed.cfg \
+	  --boot uefi \
+	  --desktop gnome

 	# Compute the checksum of the qemu image
 	cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu && \
@ -22,10 +28,42 @@ amd64-lean-image:
 	# List the generated files
 	ls -lah ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2.*

-amd64-fatpack-image:
+amd64-lean-server-legacyboot-image:
 	# Run the build script
 	cd ci/amd64 && \
-	bash packer.build.amd64-debian.sh fatpack $(GITHUB_ACTOR) $(GITHUB_HEAD_REF)
+	sudo bash packer.build.amd64-debian.sh \
+	  --pack lean \
+	  --github_user $(GITHUB_ACTOR) \
+	  --branch $(GITHUB_HEAD_REF) \
+	  --preseed_file preseed.cfg \
+	  --boot bios-256k.bin \
+	  --desktop none
+
+	# Compute the checksum of the qemu image
+	cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu && \
+	sha256sum raspiblitz-amd64-debian-lean.qcow2 > raspiblitz-amd64-debian-lean.qcow2.sha256
+
+	# Compress the image
+	cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu && \
+	gzip -v9 raspiblitz-amd64-debian-lean.qcow2
+
+	# Compute the checksum of the compressed image
+	cd ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu && \
+	sha256sum raspiblitz-amd64-debian-lean.qcow2.gz > raspiblitz-amd64-debian-lean.qcow2.gz.sha256
+
+	# List the generated files
+	ls -lah ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2.*
+
+amd64-fatpack-desktop-uefi-image:
+	# Run the build script
+	cd ci/amd64 && \
+	sudo bash packer.build.amd64-debian.sh \
+	--pack fatpack \
+	--github_user $(GITHUB_ACTOR) \
+	--branch $(GITHUB_HEAD_REF) \
+	--preseed_file preseed.cfg \
+	--boot uefi \
+	--desktop gnome

 	# Compute the checksum of the qemu image
 	cd ci/amd64/builds/raspiblitz-amd64-debian-fatpack-qemu && \
@ -45,7 +83,10 @@ amd64-fatpack-image:
 arm64-rpi-lean-image:
 	# Run the build script
 	cd ci/arm64-rpi && \
-	bash packer.build.arm64-rpi.local.sh lean $(GITHUB_ACTOR) $(GITHUB_HEAD_REF)
+	sudo bash packer.build.arm64-rpi.local.sh \
+	--pack lean \
+	--github_user $(GITHUB_ACTOR) \
+	--branch $(GITHUB_HEAD_REF)

 	# Compute the checksum of the raw image
 	cd ci/arm64-rpi/packer-builder-arm && \
@ -65,7 +106,10 @@ arm64-rpi-lean-image:
 arm64-rpi-fatpack-image:
 	# Run the build script
 	cd ci/arm64-rpi && \
-	bash packer.build.arm64-rpi.local.sh fatpack $(GITHUB_ACTOR) $(GITHUB_HEAD_REF)
+	bash packer.build.arm64-rpi.local.sh \
+	--pack fatpack \
+	--github_user $(GITHUB_ACTOR) \
+	--branch $(GITHUB_HEAD_REF)

 	# Compute the checksum of the raw image
 	cd ci/arm64-rpi/packer-builder-arm  && \
--- a/README.md
+++ b/README.md
--- a/SECURITY.md
+++ b/SECURITY.md
@ -1,91 +0,0 @@
-# Security Policy
-
-*NOTE: This document is just a first draft and still under construction.*
-
-Only use this software with funds you could afford to lose. Especially a lightning wallet that is a hot wallet, which has constant connection to the internet and can be target of exploitation.
-
-Just because the software is OpenSource does not mean its free of errors. Especially if you run additional apps, the RaspiBlitz team cannot review all the code of those external projects.
-
-The software is provided "AS IS", without warranty of any kind. In no event shall the authors or copyright holders be liable for any claim, damages or other
-liability. [details on legal license](LICENSE.md)
-
-## Minimal SD Card Build
-
-To improve the UX for beginners & casual users we decided to preinstall & activate lots of features like LCD, API & WebUI of RaspiBlitz from the beginning and even preinstall/compile a selection of additional apps in the default `fatpack` sd card image. This creates a bigger attack surface and more trusted dependencies on the security side. For more advanced users we also provide a `minimal` sd card image in the download section - which aims to install just the basics and every else will be just installed/compiled on-demand - this is recommended for users (especially on updates) that already know what features they want/need from their RaspiBlitz to run it with the reduced attack surface. To create a minimal sd card yourself run the `build_sdcard.sh` script with the options `-f 0` (fatpack off) & `-d headless` (to not preinstall external LCD drivers).
-
-## Supported Versions
-
-Updates are made only for the latest version.
-
-Security patches can be done with `MAINMENU > UPDATE > PATCH` for the current branch in the case of a high risk issue before next release.
-
-The latest version always have the `latest` tag. To make sure you are using the latest version, run:
-```
-curl -s https://api.github.com/repos/rootzoll/raspiblitz/releases/latest|grep tag_name|head -1|cut -d '"' -f4
-```
-
-## Reporting a Vulnerability
-
-To report security issues send an email to christian@rotzoll.de (not for support).
-
-The following keys may be used to communicate sensitive information to developers:
-
-| Name | Fingerprint | 64-bit |
-|------|-------------|--------|
-|Rootzoll|92A7 46AE 33A3 C186 D014 BF5C 1C73 060C 7C17 6461|1C73 060C 7C17 6461|
-|Openoms|13C6 88DB 5B9C 745D E4D2 E454 5BFB 7760 9B08 1B65|5BFB 7760 9B08 1B65|
-
-You can import a key by running the following command with that individual’s fingerprint:
-```
-curl https://keybase.io/rootzoll/pgp_keys.asc | gpg --import
-curl https://keybase.io/oms/pgp_keys.asc | gpg --import
-```
-Ensure that you put quotes around fingerprints containing spaces if importing with other methods.
-
-# Privacy Protection
-
-When you call `debug` on the command line you get basic system & services logs that can be used if you need to report details for support by other users. There is already a basic redaction of private data (nodeids, IPv4s, .onion-adresses, balances) for that debug report BUT always check the data you post in DMs or public before sending. If you find further private data that needs redaction, please report as an issue on the github repo.  
-
-# Network Security
-
-* Limit attack surface: Wi-fi and Bluetooth is disabled by default in the build script.
-* Firewall: UFW is active and only specific ports are open, closing ports and removing hidden services when services are uninstalled.
-* Password brute forcing protection: Fail-2-Ban is protecting the SSH login against brute-force-attacks.
-
-# Software security
-
-* The `admin` (and the `joinmarket` [optional]) users have passwordless sudo access to be able to perform installations and read password without much user interaction.
-
-* Downloaded binaries and source code is verified with the authors' PGP keys by either:
-    * signed shasum files and checking the hash of each downloaded binary
-    * verfying the signature on the source code changes utilising the `git verify-commit` or `git verify-tag` commands
-
-# Physical Security
-
-* The lightning wallet and user interfaces are password protected by default so this has more privacy implications (in the case of physical theft) than security.
-* Basic hardening measures are applied to all non-root systemd services
-* Optional log in through SSH using a hardware wallet.
-* LUKS encryption would be welcome in the future.
-
-# On-chain Funds
-
-Please keep in mind that there can be two different on-chain wallets on the RaspiBlitz:
-
-## Lightning Wallet (default)
-
-The default is the on-chain lightning wallet - that's the wallet where you normally send your funds before opening a channel & where your funds return to when you close a channel. With the initial word seed you get during RaspiBlitz setup, you can get access again to this on-chain wallet. Keep the seed words secure in a off-line location.
-
-## Bitcoin Core Wallet (deactivated by default)
-
-Beside lightning you have a Bitcoin core installed. Normally, Bitcoin core acts just as a blockchain informational service to the lightning wallet and its internal separate on-chain wallet is deactivated. 
-
-Some apps (like Fully Noded or JoinMarket) activate the Bitcoin core wallet and use it for their own needs. This on-chain balance will not be reflected in the rest of the RaspiBlitz software and is NOT backed up by the seed words from the RaspiBlitz setup. If you make use of the Bitcoin core wallet please take care of these funds. 
-
-# Off-chain Funds (Lightning Channels)
-
-Please note that there is no perfect backup concept for the funds in your lightning channels yet. We strongly recommend using the `Static Channel Backup` provided by LND and consider off-line location backup of that file to have the best chances to recover Lightning funds in a case of recovering from a disaster.
-
-The C-ligthning lightning.sqlite3 is replicated on the SDcard from the disk in real time. See more details in the [Core Lightning FAQ](FAQ.cl.md#backups)
-
-
-For more practical information on this topic see: [Backup Channel Funds](README.md#backup-for-on-chain---channel-funds)
--- a/WORKSHOP.md
+++ b/WORKSHOP.md
@ -1,228 +0,0 @@
-# RaspiBlitz Workshop Tutorial
-
-One goal of the RaspiBlitz project is to provide an open DIY platform for workshops - to setup your own lightning node and learn to manage it. This tutorial is collecting best practices on how to organise a RaspiBlitz workshop.
-
-<br/>
-
-# Time Planning
-
-First thing on planning a RaspiBlitz workshop is to calculate the time needed correctly. For example, the setup from scratch with no further support is still a weekend project - mostly because downloading and syncing the blockchain takes a lot of time.
-
-
-So the time required for the workshop all depends on the preparation you as a workshop organizer are interested to provide ahead of the workshop. This document outlines three starting configurations... going from most preparation required to least.
-
-Note that the time estimates below are about getting a node to a "clean setup". They do not include the funding & setting up channels process - which is adding an additional 30 min to 1 hour to the calculation.
-
-
-Also, if your group is lager then 5 participants, calculate some extra time for individual support. You can compensate for that if you let two participants work together on one RaspiBlitz setup; this way you limit individual support and let them help each other.
-
-
-## Workshop Scenario A) Provide a Ready-2-Go RaspiBlitz
-
-_Estimated Duration: 2 Hours_
-
-Sure, one part of the fun for participants is to assemble the hardware themselves. But if you aim for the shortest workshop possible, then this is the way to go (around 2 hours length). If you have the RaspiBlitz already assembled to be operational at the workshop you should already set them up with a basic setup, maybe even transfer a small amount of coins onto them. This way you can give the workshop participants the A.B.C.D passwords on a sheet of paper and let them jump right into learning how to manage a node. While waiting for confirmations on the first channel opening you can use the time to explain how to build a RaspiBlitz from scratch and some Lightning basics.
-
-These are the following steps you need to prepare (follow links for details):
-
- [Buy all the Hardware](WORKSHOP.md#buy-all-the-hardware)
- [Assemble all the Hardware](WORKSHOP.md#assemble-all-the-hardware)
- [Prepare HDDs with Blockchain Data](WORKSHOP.md#prepare-hdds-with-blockchain-data)
- [Prepare SD cards with latest RaspiBlitz image](WORKSHOP.md#prepare-sd-cards-with-latest-raspiblitz-image)
- Run Basic Node Setup
- [Setup Workshop Environment](WORKSHOP.md#setup-workshop-environment)
-
-_NOTE: Make sure that the blockchain of the RaspiBlitzes are synced before the workshop begins._
-
-## Workshop Scenario B) Provide a RaspiBlitz Hardware-Kit
-
-_Estimated Duration: 3 Hours_
-
-
-In this workshop scenario you buy all the hardware but let participants assemble the RaspiBlitz themselves - that's half the fun and people get a feel for the gear. But to keep the blockchain sync time short and be able to keep in a 3 hour timeframe you need to prepare the HDDs with blockchain data not much older than one day. Start ordering the parts at least one week before the workshop (budget as needed) and plan the day before completely for copying blockchain data to all those HDDs.
-
-
-These are the following steps you need to prepare (follow links for details):
-
- [Buy all the Hardware](WORKSHOP.md#buy-all-the-hardware)
- [Prepare HDDs with Blockchain Data](WORKSHOP.md#prepare-hdds-with-blockchain-data)
- [Prepare SD cards with latest RaspiBlitz image](WORKSHOP.md#prepare-sd-cards-with-latest-raspiblitz-image)
- [Setup Workshop Environment](WORKSHOP.md#setup-workshop-environment)
-
-Variation: If you don't have a big bugdet to prefinance the parts or people have already hardware they want to bring you can just buy the HDDs and SD cards and prepare them to run this scenario.
-
-
-## Workshop Scenario C) Bring your own Hardware
-
-
-_Estimated Duration: 4–6 Hours_
-
-This scenario is advised only for small groups, or you'll need to bring multiple blockchain copy stations - see details on "Prepare HDDs with Blockchain Data". Otherwise it needs the least prepartion time and prefinance and can be announced to participants about 5 days beforehand, so that they have time to order all the parts online.
-
-
- [Instruct Participants to bring Hardware](WORKSHOP.md#instruct-participants-to-bring-hardware)
- [Prepare Blockchain Copy Station](WORKSHOP.md#prepare-blockchain-copy-station)
- [Setup Workshop Environment](WORKSHOP.md#setup-workshop-environment)
-
-
-As soon as the participants arrive at the workhop, make sure to check their hardware list. We also suggest taking their HDDs and starting the blockchain copy process before official starting time.
-
-
-<br/>
-
-
-# Checklist for Running a Workshop
-
-Make sure you have the following hardware and infrastructure ready for the workshop:
-
- Lots of 'multiple power outlets/extensions' (min. 2 per participants - RaspiBlitz + Laptop)
- Network-Switch with enough ports (min. 1 per RaspiBlitz)
- Enough LAN network cables (short ones to connect the RaspiBlitzes)
- Good internet connection at location with LAN port (or a WLAN to LAN adapter)
- Extra WLAN Router (if you are not sure if LAN & WLAN is not on the same network at location)
- One or two USB SD card adapters
- One or two USB-C to USB-A adapters
- Some Tape, Markers & Pens always come in handy (also for participants to wirte down seeds & passwords)
- Potentially some bitcoin funds (if people dont have their own to start funding channels)
-
-Participants need to bring at least their laptops.
-
-<br/>
-
-# Running of the Workshop
-
-_The basic structure of the workshop is set by the RaspiBlitz setup process. Simply follow that. The following parts should share some experiences and suggestions on how you can optimize the time and mentoring during this process. Feel free to share your experience here._
-
-## Welcome and Intro
-
-In the beginning, it's great to give a small introduction to the Lightning Network and show the RaspiBlitz GitHub page to let everybody know where to find the basic info. But try to keep it around 10 min, in order to not waste time.
-
-
-Also, even before the intro, take care of the blockchain preparation. If people bring clean HDDs, hook them up to your blockchain copy station as soon as possible. If you have to copy on location, plan to spend time for some deeper educational intro while the HDDs get prepared.
-
-## Assembling
-
-If you hand out hardware kits or people bring their own hardware, it's time to put it together. If you are in a ready-2-go scenario, of course skip this and just hand them out.
-
-## Basic Setup
-
-
-Connect everybody's laptop to the same local network the RaspiBlitzes are connected to. Be prepared to explain how to open a terminal - Windows' users especially need some help here (see README on this).
-
-
-Then everybody is SSHing into the RaspiBlitz and is following the setup dialog. Hand out paper and pens for people to write down their passwords and wallet seeds.
-
-## Waiting Time
-
-After the lightning wallet setup comes the longest waiting time during the workshop - around 30 min. When you have a presynced ready-2-go or up to 1 hour for the other scenarios. It's the time when the node is syncing up the blockchain and LND is scanning. If you see someone's blockchain progress under 97%, something is wrong - possibly the HDD was not correctly prepared or the blockchain data is way too old to finish during workshop time if you work with old RaspberryPi3. The new RaspberryPi4 with SSD can catch up much faster.
-
-
-Use this time for a more in-depth educational segment on lightning in general. This time can also be used to demo with one RaspiBlitz that is already on clean-setup (you prepared before the workshop) how the funding, setting up channels and the other features of the RaspiBlitz work. That way people see what are the next steps once their node is ready and even if your workshop time is over by then they can know the next steps to do at home.
-
-Also this time is good for troubleshooting in individual sessions. If someone is not able to finish the sync on location in time shutdown the Raspiblitz from SSH terminal with CTRL+C and then `shutdown now`. If the device gets connected back up at home it should pickup the sync/scan process (let people know about the wallet unlock).
-
-
-## Finalizing Setup
-
-Once the RaspiBlitz is ready (LCD shows status screen) and people can SSH into the main menu, let them go into the `SERVICES` section and activate the `RTL WebUI`. It's the best interface to then continue with the peering, funding and channel opening.
-
-## Funding, Channels, API
-
-Check how much time is left to go thru the next steps of connecting to peers, funding and opening channels. While you wait on funding or channel opening confirmations, its a good moment to try to connect users mobile wallets with the device. But just so that on the local network for demo - dynamicDNS is something people then can try at home with port forwarding on their routers.
-
-Its also nice to add casual social open-end segment to the end of the workshop. So people can already go into personal conversations, music and beverages while some last nodes sync up, confirmations come in and people sending their first satoshis on some lightning chess or from node to node.
-
-Here are some videos that show what else is possible with the RaspiBlitz:
-
- [Lightning Network LND API - Buying Stickers using Commandline](https://youtu.be/tocJFPU8sAc) 24min
-
-<br/>
-
-# Organisation Tasks
-
-
-*Which of the following organisation tasks are relevant for you depends on which starting scenario you choose (see above). Here is the complete possible list with details:*
-
-
-## Buy all the Hardware
-
-See the shopping list on the RaspiBlitz Github README. You need to buy all of those, and every participant also needs a short (about 1m) network cable.
-
-
-From experience start ordering two weeks before the workshop (if you need to assemble) and minimum one week if you're handing out hardware kits - even if you have Amazon Prime. There is always a shipment coming late, and it's a lot of packages.
-
-
-If you like to support the RaspiBlitz project you can order a ready-2-go RaspiBlitz or a all-you-need-hardwareset for your RaspiBlitz workshop from [raspiblitz.com](https://raspiblitz.com)
-
-## Instruct Participants to Bring Hardware
-
-This is for the scenario where people bring their own hardware. Make sure to let them know at least a week before the event so that there is enough time for online ordering. Also make sure that especially the power supply needs to provide 3A and a stable current (big fat with a thick cable is good) because that's the most often error source if people just reuse some old weak power supply.
-
-In all scenarios make sure people bring their laptops.
-
-## Assemble all the Hardware
-
-
-Basically you follow the assembly instructions on the RaspiBlitz GitHUb README. Think of a safe way to transport the assembled devices to the workshop location - HDDs like it soft.
-
-
-## Prepare HDDs with Blockchain Data
-
-This is the most time consuming part of the preparation. Try it once to get a feel for how much time you need to prepare one HDD. If you prepare more than one HDD check out the "Copystation" script below.
-
-A prepared HDD is formatted in EXT4 and named "BLOCKCHAIN". In a folder called `bitcoin` it contains a copy of the following data folders from a running Bitcoin core client (same version on RaspiBlitz).
-
-```
-/bitcoin/blocks
-/bitcoin/chainstate
-```
-
-The bitcoin core client (0.17.1 or higher) needs to be stopped while the data is copied to the HDD.
-
-The easiest way to get a "template" of such HDD is to setup a fresh RaspiBlitz (without channel and fundings) and then run the script `/home/admin/XXcleanHDD.sh` and manually delete all rest data from the HDD and just leave those folders.
-
-
-Once you have that "template" you can make an image from that and write that image to the other HDDs. 
-
-
-
-## Prepare Blockchain Copy Station
-
-In the RaspiBlitz GitHub repo and also on every RaspiBlitz (since v1.3) you can find the script:
-`/home/admin/XXcopyStation.sh`
-
-This can be used to prepare and keep multiple HDDs in snyc with blockchain data in preparation of a workshop. You can start it directly on a RaspiBlitz and turn it into "Copy Station Mode" by executing on the command line:
-
-`sudo /home/admin/XXcopyStation.sh`
-
-_Beware that it will not run as a Lightning Node during that time (LND is stopped). And to reset it back into normal mode you need to stop the script with `CTLR+c` and the reboot with `sudo shutdown -r now`._
-
-
-In "Copy Station Mode" the RaspiBlitz will just run the bitcoind (so it needs network connection), copy fresh blockchain data over to a template folder on the HDD called `/mnt/hdd/templateHDD` and from there sync it to further HDDs that get connected to it.
-
-If you run it in a setup like on this photo with an extra powered USB hub, you can connect up to 10 HDDs at once to be synced with an almost up-to-date blockchain.
-
-At the moment the "Blockchain Copy Station" is just a computer (laptop - not a RaspberryPi) having an image of a "template" HDD (see above) and you can attach (with a USB3.0 Hub) multiple fresh HHDs to it and start writing in the template image to that.
-
-To update the "template" HDD for the next workshop use it for a fresh clean RaspiBllitz setup just days before, sync the blockchain to 100% and repeat the process above.
-
-_This version is not tested, but seems like the easiest to setup so far. Images can have the problem of being too large when some 1TB HDDs are just some bytes smaller. So for the template HDD it would be best to find the smallest 1TB HDD possible or just writing the image to HDDs of the same brand & model._
-
-Copying the blockchain between RaspberryPis during the workshop is not an option, because the network and its USB2 is too slow and will take 3 to 4 hours.
-
-For former workshops I had a laptop just with the data and had a script that was formatting and rsyning that data over to a fresh HDD. That took around 1,5 hours per HDD.
-
-_If someone has a better idea for a 'Blockchain Copy Station', please feel free to contribute._
-
-## Prepare SD Cards with Latest RaspiBlitz Image
-
-Download the latest RaspiBlitz SD card image from the README page. `Balena Etcher` is the best image writing software for this use case because if you have multiple sd card adapters, you can write multiple cards at once,cutting down your preparation time.
-
-## Setup Workshop Environment
-
-See hardware checklist for what to bring to the workshop in the earlier chapter.
-
-Setup power outlets for everybody. Its always good to be way early at the workshop location for setup, especially if you run the "pre-sync" of the ready-2-go scenario.
-
-Most important is the network setup. Every RaspiBlitz needs a LAN port in the switch and that switch needs to be on the same local network as the WLAN so that participants laptop can SSH into the RaspiBlitz. If that is not the case or you cannot confirm that before the event its best to bring an additional WLAN router. Then you give the WLAN router internet uplink thru the available LAN cable and you put the network switch for the Raspiblitzes behind that router and open an additional WLAN on that WLAN router for everybody to connect to. It's OK to be behind a NAT; it's just important for everybody to be behind the same NAT.
-
--- a/alternative.platforms/README.md
+++ b/alternative.platforms/README.md
@ -78,23 +78,26 @@ Tested with:
 These not need installation, password: `osboxes.org`

 ### Building the Raspiblitz scripts
-* Run the build script in the terminal of the guest OS (with sudo access):
+* Run the build script in the terminal of the base OS (with sudo access):

-    ```bash
-    # download the build script
-    wget https://raw.githubusercontent.com/rootzoll/raspiblitz/dev/build_sdcard.sh
-    # run
-    sudo bash build_sdcard.sh -f true -b dev -d headless -t false -w off
-    # Options:
-    #   -h, --help                               this help info
-    #   -i, --interaction [0|1]                  interaction before proceeding with exection (default: 1)
-    #   -f, --fatpack [0|1]                      fatpack mode (default: 1)
-    #   -u, --github-user [rootzoll|other]       github user to be checked from the repo (default: rootzoll)
-    #   -b, --branch [v1.7|v1.8]                 branch to be built on (default: v1.7)
-    #   -d, --display [lcd|hdmi|headless]        display class (default: lcd)
-    #   -t, --tweak-boot-drive [0|1]             tweak boot drives (default: 1)
-    #   -w, --wifi-region [off|US|GB|other]      wifi iso code (default: US) or 'off'
-    ```
+  ```bash
+  # download the build script
+  wget https://raw.githubusercontent.com/rootzoll/raspiblitz/dev/build_sdcard.sh
+  # run
+  sudo bash build_sdcard.sh -f false -b dev -d headless -t false -w off
+  ```
+  ```
+  Options:
+    -EXPORT                                  just print build parameters & exit'
+    -h, --help                               this help info
+    -i, --interaction [0|1]                  interaction before proceeding with execution (default: 1)
+    -f, --fatpack [0|1]                      fatpack mode (default: 1)
+    -u, --github-user [raspiblitz|other]       github user to be checked from the repo (default: raspiblitz)
+    -b, --branch [v1.7|v1.8]                 branch to be built on (default: v1.10)
+    -d, --display [lcd|hdmi|headless]        display class (default: lcd)
+    -t, --tweak-boot-drive [0|1]             tweak boot drives (default: 1)
+    -w, --wifi-region [off|US|GB|other]      wifi iso code (default: US) or 'off'
+  ```

 * Switch off when ready
 * Attach an other disk (can be even small if you prune or [stop bitcoind](https://github.com/rootzoll/raspiblitz/issues/1500#issuecomment-982779830) manually.
@ -274,7 +277,7 @@ Work notes partially based on: https://github.com/rootzoll/raspiblitz/blob/v1.7/
      * All files in one partition
      * Can remove the `Swap` partition - a swap file will be created on the Data disk later
 * At the `Software selection` choose:
-    * Debian dekstop environment
+    * Debian desktop environment
    * GNOME (could be other as preferred)
    * SSH server
    * standard system utilities
@ -310,7 +313,7 @@ Work notes partially based on: https://github.com/rootzoll/raspiblitz/blob/v1.7/
 * Remove the `Installation medium` and the `Ubuntu Live` USB stick and the LAN cable
 #### Start Tails
 * Connect the `Tails USB Stick` (make it stay offline)
-* Boot Tails and set and Admin password in Additioanl Settings (will need it to work with the disk)
+* Boot Tails and set and Admin password in Additional Settings (will need it to work with the disk)
 * Set the screen to not switch off: Settings > Power -> Blank screen - Never
 #### Import the signing keys
 * Connect USB stick with GPG signing keys - decrypt drive if needed
--- a/alternative.platforms/amd64/packer/raspiblitz.json
+++ b/alternative.platforms/amd64/packer/raspiblitz.json
@ -21,18 +21,8 @@
      "ssh_username": "vagrant",
      "type": "virtualbox-iso",
      "vboxmanage": [
-        [
-          "modifyvm",
-          "{{.Name}}",
-          "--memory",
-          "1024"
-        ],
-        [
-          "modifyvm",
-          "{{.Name}}",
-          "--cpus",
-          "1"
-        ]
+        ["modifyvm", "{{.Name}}", "--memory", "1024"],
+        ["modifyvm", "{{.Name}}", "--cpus", "1"]
      ],
      "vm_name": "raspiblitz-amd64"
    }
@ -63,10 +53,9 @@
  ],
  "variables": {
    "branch": "dev",
-    "github_user": "rootzoll",
-    "iso_checksum": "2af8f43d4a7ab852151a7f630ba596572213e17d3579400b5648eba4cc974ed0",
+    "github_user": "raspiblitz",
+    "iso_checksum": "23ab444503069d9ef681e3028016250289a33cc7bab079259b73100daee0af66",
    "iso_checksum_type": "sha256",
-    "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-10.6.0-amd64-netinst.iso"
+    "iso_url": "https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.2.0-amd64-netinst.iso"
  }
 }
-
--- a/build_sdcard.sh
+++ b/build_sdcard.sh
@ -1,21 +1,22 @@
 #!/usr/bin/env bash

 #########################################################################
-# Build your SD card image based on: 2022-04-04-raspios-bullseye-arm64.img.xz
-# https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2023-02-21/
-# SHA256: 4c963bcd53b9a77fa8235e2dc16785cc7d56372ec83c3090eac9073bd262833f
-# PGP fingerprint: 8738CD6B956F460C
-# PGP key: https://www.raspberrypi.org/raspberrypi_downloads.gpg.key
-# setup fresh SD card with image above - login per SSH and run this script:
+# Build your SD card image based on: 2023-12-05-raspios-bookworm-arm64.img.xz
+# https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2024-03-15/
+# SHA256: 7e53a46aab92051d523d7283c080532bebb52ce86758629bf1951be9b4b0560f
+# also change in: raspiblitz/ci/arm64-rpi/build.arm64-rpi.pkr.hcl
+# PGP fingerprint: 8738CD6B956F460C - to check signature:
+# curl -O https://www.raspberrypi.org/raspberrypi_downloads.gpg.key && gpg --import ./raspberrypi_downloads.gpg.key && gpg --verify *.sig
+# setup fresh SD card with image above - login via SSH and run this script:
 ##########################################################################

-defaultRepo="rootzoll"
-defaultBranch="v1.9"
+defaultRepo="raspiblitz" # user that hosts a `raspiblitz` repo
+defaultBranch="v1.11" # latest version branch

 defaultAPIuser="fusion44"
 defaultAPIrepo="blitz_api"

-defaultWEBUIuser="cstenglein"
+defaultWEBUIuser="raspiblitz"
 defaultWEBUIrepo="raspiblitz-web"

 me="${0##/*}"
@ -30,9 +31,9 @@ usage(){
 Options:
  -EXPORT                                  just print build parameters & exit'
  -h, --help                               this help info
-  -i, --interaction [0|1]                  interaction before proceeding with exection (default: 1)
+  -i, --interaction [0|1]                  interaction before proceeding with execution (default: 1)
  -f, --fatpack [0|1]                      fatpack mode (default: 1)
-  -u, --github-user [rootzoll|other]       github user to be checked from the repo (default: ${defaultRepo})
+  -u, --github-user [raspiblitz|other]     github user to be checked from the repo (default: ${defaultRepo})
  -b, --branch [v1.7|v1.8]                 branch to be built on (default: ${defaultBranch})
  -d, --display [lcd|hdmi|headless]        display class (default: lcd)
  -t, --tweak-boot-drive [0|1]             tweak boot drives (default: 1)
@ -49,14 +50,14 @@ if [ "$1" = "-h" ] || [ "$1" = "--help" ]; then
 fi

 # check if started with sudo
-if [ "$EUID" -ne 0 ]; then 
+if [ "$EUID" -ne 0 ]; then
  echo "error='run as root / may use sudo'"
  exit 1
 fi

 if [ "$1" = "-EXPORT" ] || [ "$1" = "EXPORT" ]; then
-  cd /home/admin/raspiblitz 2>/dev/null
-  activeBranch=$(git rev-parse --abbrev-ref HEAD 2>/dev/null)
+  activeBranch=$(git -C /home/admin/raspiblitz branch --show-current 2>/dev/null)
+  echo "activeBranch='${activeBranch}'"
  if [ "${activeBranch}" == "" ]; then
    activeBranch="${defaultBranch}"
  fi
@ -106,7 +107,7 @@ get_arg(){
 }

 ## hacky getopts
-## 1. if the option requires argument, and the option is preceeded by single or double dash and it
+## 1. if the option requires an argument, and the option is preceeded by single or double dash and it
 ##    can be it can be specified with '-s=ssh' or '-s ssh' or '--service=ssh' or '--service ssh'
 ##    use: get_arg variable_name "${opt}" "${arg}"
 ## 2. if a bunch of options that does different things are to be assigned to the same variable
@ -148,24 +149,25 @@ range_argument(){
  fi
 }

-apt_install(){
-    apt install -y ${@}
+apt_install() {
+  for package in "$@"; do
+    apt-get install -y -q "$package"
    if [ $? -eq 100 ]; then
-        echo "FAIL! apt failed to install needed packages!"
-        echo ${@}
-        exit 1
+      echo "FAIL! apt-get failed to install package: $package"
+      exit 1
    fi
+  done
 }

 general_utils="curl"
-## loop all general_utils to see if program is installed (placed on PATH) and if not, add to the list of commands to be installed
+## loop through all general_utils to see if program is installed (placed on PATH) and if not, add to the list of commands to be installed
 for prog in ${general_utils}; do
  ! command -v ${prog} >/dev/null && general_utils_install="${general_utils_install} ${prog}"
 done
 ## if any of the required programs are not installed, update and if successfull, install packages
 if [ -n "${general_utils_install}" ]; then
  echo -e "\n*** SOFTWARE UPDATE ***"
-  apt update -y || exit 1
+  apt-get update -y || exit 1
  apt_install ${general_utils_install}
 fi

@ -236,10 +238,14 @@ done
 # AUTO-DETECTION: CPU-ARCHITECTURE
 # ---------------------------------------
 cpu="$(uname -m)" && echo "cpu=${cpu}"
-architecture="$(dpkg --print-architecture 2>/dev/null)" && echo "architecture=${architecture}"
 case "${cpu}" in
-  arm*|aarch64|x86_64|amd64);;
-  *) echo -e "# FAIL #\nCan only build on ARM, aarch64, x86_64 not on: cpu=${cpu}"; exit 1;;
+  aarch64|x86_64);;
+  *) echo -e "# FAIL #\nCan only build on aarch64 or x86_64 not on: cpu=${cpu}"; exit 1;;
+esac
+architecture="$(dpkg --print-architecture 2>/dev/null)" && echo "architecture=${architecture}"
+case "${architecture}" in
+  arm*|amd64);;
+  *) echo -e "# FAIL #\nCan only build on arm* or amd64 not on: architecture=${cpu}"; exit 1;;
 esac

 # AUTO-DETECTION: OPERATINGSYSTEM
@ -248,18 +254,14 @@ if [ $(cat /etc/os-release 2>/dev/null | grep -c 'Debian') -gt 0 ]; then
  if [ -f /etc/apt/sources.list.d/raspi.list ] && [ "${cpu}" = aarch64 ]; then
    # default image for RaspberryPi
    baseimage="raspios_arm64"
-  elif [ $(uname -n | grep -c 'rpi') -gt 0 ] && [ "${cpu}" = aarch64 ]; then
-    # experimental: a clean alternative image of debian for RaspberryPi
-    baseimage="debian_rpi64"
-  elif [ "${cpu}" = "arm" ] || [ "${cpu}" = "aarch64" ]; then
-    # experimental: fallback for all debian on arm
-    baseimage="armbian"
  else
-    # experimental: fallback for all debian on other CPUs
+    # experimental: fallback for all to debian
    baseimage="debian"
  fi
 elif [ $(cat /etc/os-release 2>/dev/null | grep -c 'Ubuntu') -gt 0 ]; then
  baseimage="ubuntu"
+elif [ $(cat /etc/os-release 2>/dev/null | grep -c 'Armbian') -gt 0 ]; then
+  baseimage="armbian"
 else
  echo "\n# FAIL: Base Image cannot be detected or is not supported."
  cat /etc/os-release 2>/dev/null
@ -268,6 +270,17 @@ else
 fi
 echo "baseimage=${baseimage}"

+# AUTO-DETECTION: CONFIGFILES
+# ---------------------------------------
+raspi_configfile="/boot/config.txt"
+raspi_commandfile="/boot/cmdline.txt"
+if [ -d /boot/firmware ];then
+  raspi_configfile="/boot/firmware/config.txt" 
+  raspi_commandfile="/boot/firmware/cmdline.txt"
+fi
+echo "raspi_configfile=${raspi_configfile}"
+echo "raspi_commandfile=${raspi_commandfile}"
+
 # USER-CONFIRMATION
 if [ "${interaction}" = "true" ]; then
  echo -n "# Do you agree with all parameters above? (yes/no) "
@ -292,16 +305,25 @@ echo "[Login]
 HandleLidSwitch=ignore
 HandleLidSwitchDocked=ignore" | tee /etc/systemd/logind.conf.d/nosuspend.conf

+# check if /etc/hosts already has debian entry
+# prevent "unable to resolve host debian" error
+isDebianInHosts=$(grep -c "debian" /etc/hosts)
+if [ ${isDebianInHosts} -eq 0 ]; then
+  echo "# Adding debian to /etc/hosts"
+  echo "127.0.1.1       debian" | tee -a /etc/hosts > /dev/null
+  systemctl restart networking
+fi
+
 # FIXING LOCALES
 # https://github.com/rootzoll/raspiblitz/issues/138
 # https://daker.me/2014/10/how-to-fix-perl-warning-setting-locale-failed-in-raspbian.html
 # https://stackoverflow.com/questions/38188762/generate-all-locales-in-a-docker-image
-if [ "${baseimage}" = "raspios_arm64" ]||[ "${baseimage}" = "debian_rpi64" ]||[ "${baseimage}" = "armbian" ]; then
+if [ "${cpu}" = "aarch64" ] && { [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian" ]; }; then
  echo -e "\n*** FIXING LOCALES FOR BUILD ***"
-
  sed -i "s/^# en_US.UTF-8 UTF-8.*/en_US.UTF-8 UTF-8/g" /etc/locale.gen
  sed -i "s/^# en_US ISO-8859-1.*/en_US ISO-8859-1/g" /etc/locale.gen
  locale-gen
+  export LC_ALL=C
  export LANGUAGE=en_US.UTF-8
  export LANG=en_US.UTF-8
  if [ ! -f /etc/apt/sources.list.d/raspi.list ]; then
@ -311,19 +333,27 @@ if [ "${baseimage}" = "raspios_arm64" ]||[ "${baseimage}" = "debian_rpi64" ]||[
 fi

 echo "*** Remove unnecessary packages ***"
-apt remove --purge -y libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi plymouth python2 vlc* cups
-apt clean -y
-apt autoremove -y
+unnecessary_packages=(libreoffice* oracle-java* chromium-browser nuscratch scratch sonic-pi plymouth python2 vlc* cups)
+for pkg in "${unnecessary_packages[@]}"; do
+  if dpkg-query -W -f='${Status}' $pkg 2>/dev/null | grep -q "ok installed"; then
+    echo "Removing $pkg..."
+    apt-get remove --purge -y $pkg
+  else
+    echo "$pkg is not installed."
+  fi
+done
+apt-get clean -y
+apt-get autoremove -y

 echo -e "\n*** UPDATE Debian***"
-apt update -y
-apt upgrade -f -y
+apt-get update -y
+apt-get upgrade -f -y

 echo -e "\n*** SOFTWARE UPDATE ***"
 # based on https://raspibolt.org/system-configuration.html#system-update
 # htop git curl bash-completion vim jq dphys-swapfile bsdmainutils -> helpers
 # autossh telnet vnstat -> network tools bandwidth monitoring for future statistics
-# parted dosfstolls -> prepare for format data drive
+# parted dosfstools -> prepare for format data drive
 # btrfs-progs -> prepare for BTRFS data drive raid
 # fbi -> prepare for display graphics mode. https://github.com/rootzoll/raspiblitz/pull/334
 # sysbench -> prepare for powertest
@ -332,36 +362,45 @@ echo -e "\n*** SOFTWARE UPDATE ***"
 # rsync -> is needed to copy from HDD
 # net-tools -> ifconfig
 # xxd -> display hex codes
-# netcat -> for proxy
+# netcat-openbsd -> for proxy
 # openssh-client openssh-sftp-server sshpass -> install OpenSSH client + server
 # psmisc -> install killall, fuser
 # ufw -> firewall
 # sqlite3 -> database
 # fdisk -> create partitions
 # lsb-release -> needed to know which distro version we're running to add APT sources
-general_utils="policykit-1 htop git curl bash-completion vim jq dphys-swapfile bsdmainutils autossh telnet vnstat parted dosfstools btrfs-progs fbi sysbench build-essential dialog bc python3-dialog unzip whois fdisk lsb-release smartmontools"
-
+general_utils="sudo policykit-1 htop git curl bash-completion vim jq dphys-swapfile bsdmainutils autossh telnet vnstat parted dosfstools fbi sysbench build-essential dialog bc python3-dialog unzip whois fdisk lsb-release smartmontools rsyslog resolvconf"
+# add btrfs-progs if not bookworm on aarch64
+[ "${architecture}" = "aarch64" ] && ! grep "12 (bookworm)" < /etc/os-release && general_utils="${general_utils} btrfs-progs"
 # python3-mako --> https://github.com/rootzoll/raspiblitz/issues/3441
 python_dependencies="python3-venv python3-dev python3-wheel python3-jinja2 python3-pip python3-mako"
-server_utils="rsync net-tools xxd netcat openssh-client openssh-sftp-server sshpass psmisc ufw sqlite3"
+server_utils="rsync net-tools xxd netcat-openbsd openssh-client openssh-sftp-server sshpass psmisc ufw sqlite3"
 [ "${baseimage}" = "armbian" ] && armbian_dependencies="armbian-config" # add armbian-config
 [ "${architecture}" = "amd64" ] && amd64_dependencies="network-manager" # add amd64 dependency

-apt_install ${general_utils} ${python_dependencies} ${server_utils} ${armbian_dependencies} ${amd64_dependencies}
-apt clean -y
-apt autoremove -y
+apt_install ${general_utils} ${python_dependencies} ${server_utils} ${amd64_dependencies} ${armbian_dependencies}
+apt-get clean -y
+apt-get autoremove -y

 echo -e "\n*** Python DEFAULT libs & dependencies ***"

-if [ -f "/usr/bin/python3.9" ]; then
-  # use python 3.9 if available
-  update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
-  echo "python calls python3.9"
+if [ -f "/usr/bin/python3.11" ]; then
+  # use python 3.11 if available
+  update-alternatives --install /usr/bin/python python /usr/bin/python3.11 1
+  # keep python backwards compatible
+  ln -s /usr/bin/python3.11 /usr/bin/python3.9
+  ln -s /usr/bin/python3.11 /usr/bin/python3.10
+  echo "python calls python3.11"
 elif [ -f "/usr/bin/python3.10" ]; then
  # use python 3.10 if available
  update-alternatives --install /usr/bin/python python /usr/bin/python3.10 1
+  # keep python backwards compatible
  ln -s /usr/bin/python3.10 /usr/bin/python3.9
  echo "python calls python3.10"
+elif [ -f "/usr/bin/python3.9" ]; then
+  # use python 3.9 if available
+  update-alternatives --install /usr/bin/python python /usr/bin/python3.9 1
+  echo "python calls python3.9"
 elif [ -f "/usr/bin/python3.8" ]; then
  # use python 3.8 if available
  update-alternatives --install /usr/bin/python python /usr/bin/python3.8 1
@ -372,51 +411,75 @@ else
  exit 1
 fi

+# don't protect system packages from pip install
+# tracking issue: https://github.com/raspiblitz/raspiblitz/issues/4170
+for PYTHONDIR in /usr/lib/python3.*; do
+  if [ -f "$PYTHONDIR/EXTERNALLY-MANAGED" ]; then
+    rm "$PYTHONDIR/EXTERNALLY-MANAGED"
+  fi
+done
+
 # make sure /usr/bin/pip exists (and calls pip3 in Debian Buster)
 update-alternatives --install /usr/bin/pip pip /usr/bin/pip3 1
 # 1. libs (for global python scripts)
-# grpcio==1.42.0 googleapis-common-protos==1.53.0 toml==0.10.2 j2cli==0.3.10 requests[socks]==2.21.0
+# grpcio==1.59.3 googleapis-common-protos==1.61.0 toml==0.10.2 j2cli==0.3.10 requests[socks]==2.21.0 protobuf==4.25.1 pathlib2==2.3.7.post1
 # 2. For TorBox bridges python scripts (pip3) https://github.com/radio24/TorBox/blob/master/requirements.txt
 # pytesseract mechanize PySocks urwid Pillow requests
 # 3. Nyx
 # setuptools
 sudo -H python3 -m pip install --upgrade pip
-sudo -H python3 -m pip install grpcio==1.42.0 googleapis-common-protos==1.53.0 toml==0.10.2 j2cli==0.3.10 requests[socks]==2.21.0 protobuf==3.20.1 pathlib2==2.3.7.post1
+sudo -H python3 -m pip install grpcio==1.59.3 googleapis-common-protos==1.61.0 toml==0.10.2 j2cli==0.3.10 requests[socks]==2.21.0 protobuf==4.25.1 pathlib2==2.3.7.post1
 sudo -H python3 -m pip install pytesseract mechanize PySocks urwid Pillow requests setuptools

 echo -e "\n*** PREPARE ${baseimage} ***"

 # make sure the pi user is present
-if [ "$(compgen -u | grep -c pi)" -eq 0 ];then
+if ! compgen -u pi; then
  echo "# Adding the user pi"
-  adduser --disabled-password --gecos "" pi
+  adduser --system --group --shell /bin/bash --home /home/pi pi
+  # copy the skeleton files for login
+  sudo -u pi cp -r /etc/skel/. /home/pi/
  adduser pi sudo
 fi

-# special prepare when Raspbian
-if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ]; then
+# activate watchdog if ls /dev/watchdog exists - see #4534
+if [ -e /dev/watchdog ]; then
+  echo "Activating watchdog ..."
+  if [ "${baseimage}" = "raspios_arm64" ]; then
+    echo "dtparam=watchdog=on" | tee -a $raspi_configfile
+  fi
+  sed -i "s/^#RuntimeWatchdogSec=.*/RuntimeWatchdogSec=600s/g" /etc/systemd/system.conf
+  sed -i "s/^#RebootWatchdogSec=.*/RebootWatchdogSec=3min/g" /etc/systemd/system.conf
+  sed -i "s/^#WatchdogDevice=.*/WatchdogDevice=\/dev\/watchdog/g" /etc/systemd/system.conf
+else
+  echo "No watchdog device /dev/watchdog found - keep watchdog like default"
+fi
+
+# special prepare when RaspberryPi OS
+if [ "${baseimage}" = "raspios_arm64" ]; then

  echo -e "\n*** PREPARE RASPBERRY OS VARIANTS ***"
  apt_install raspi-config
-  # do memory split (16MB)
-  raspi-config nonint do_memory_split 16
-  # set to wait until network is available on boot (0 seems to yes)
-  raspi-config nonint do_boot_wait 0
  # set WIFI country so boot does not block
  # this will undo the softblock of rfkill on RaspiOS
  [ "${wifi_region}" != "off" ] && raspi-config nonint do_wifi_country $wifi_region
  # see https://github.com/rootzoll/raspiblitz/issues/428#issuecomment-472822840

-  configFile="/boot/config.txt"
-  max_usb_current="max_usb_current=1"
-  max_usb_currentDone=$(grep -c "$max_usb_current" $configFile)
-
-  if [ ${max_usb_currentDone} -eq 0 ]; then
-    echo | tee -a $configFile
-    echo "# Raspiblitz" | tee -a $configFile
-    echo "$max_usb_current" | tee -a $configFile
+  if ! grep "Raspiblitz" $raspi_configfile; then
+    echo "# Adding Raspiblitz Edits to $raspi_configfile"
+    echo | tee -a $raspi_configfile
+    echo "# Raspiblitz" | tee -a $raspi_configfile
+    # ensure that kernel8.img is used to set PAGE_SIZE to 4K
+    # https://github.com/raspiblitz/raspiblitz/issues/4346
+    if [ -f /boot/kernel8.img ] || [ -f /boot/firmware/kernel8.img ]; then
+      echo 'kernel=kernel8.img' | tee -a $raspi_configfile
+    fi
+    echo "max_usb_current=1" | tee -a $raspi_configfile
+    echo "dtparam=nvme" | tee -a $raspi_configfile
+    echo 'dtoverlay=pi3-disable-bt' | tee -a $raspi_configfile
+    echo 'dtoverlay=disable-bt' | tee -a $raspi_configfile
  else
-    echo "$max_usb_current already in $configFile"
+    echo "# Raspiblitz Edits are already in $raspi_configfile"
  fi

  # run fsck on sd root partition on every startup to prevent "maintenance login" screen
@ -431,24 +494,34 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ];
  fi

  # edit kernel parameters
-  kernelOptionsFile=/boot/cmdline.txt
  fsOption1="fsck.mode=force"
  fsOption2="fsck.repair=yes"
-  fsOption1InFile=$(grep -c ${fsOption1} ${kernelOptionsFile})
-  fsOption2InFile=$(grep -c ${fsOption2} ${kernelOptionsFile})
+  fsOption1InFile=$(grep -c ${fsOption1} ${raspi_commandfile})
+  fsOption2InFile=$(grep -c ${fsOption2} ${raspi_commandfile})

  if [ ${fsOption1InFile} -eq 0 ]; then
-    sed -i "s/^/$fsOption1 /g" "$kernelOptionsFile"
-    echo "$fsOption1 added to $kernelOptionsFile"
+    sed -i "s/^/$fsOption1 /g" "${raspi_commandfile}"
+    echo "$fsOption1 added to ${raspi_commandfile}"
  else
-    echo "$fsOption1 already in $kernelOptionsFile"
+    echo "$fsOption1 already in ${raspi_commandfile}"
  fi
  if [ ${fsOption2InFile} -eq 0 ]; then
-    sed -i "s/^/$fsOption2 /g" "$kernelOptionsFile"
-    echo "$fsOption2 added to $kernelOptionsFile"
+    sed -i "s/^/$fsOption2 /g" "${raspi_commandfile}"
+    echo "$fsOption2 added to ${raspi_commandfile}"
  else
-    echo "$fsOption2 already in $kernelOptionsFile"
+    echo "$fsOption2 already in ${raspi_commandfile}"
  fi
+
+  # *** SAFE SHUTDOWN ***
+  # logind
+  echo "[Login]" | tee /etc/systemd/logind.conf.d/safeshutdown.conf
+  echo "HandlePowerKey=ignore" | tee -a /etc/systemd/logind.conf.d/safeshutdown.conf
+  # sudoers
+  echo 'nobody ALL=(ALL) NOPASSWD: /home/admin/config.scripts/blitz.shutdown.sh' |
+    tee -a /etc/sudoers
+  # triggerhappy
+  echo 'KEY_POWER    1    sudo /home/admin/config.scripts/blitz.shutdown.sh' |
+    tee /etc/triggerhappy/triggers.d/powerbutton.conf
 fi

 # special prepare when Nvidia Jetson Nano
@ -457,6 +530,10 @@ if [ $(uname -a | grep -c 'tegra') -gt 0 ] ; then
  systemctl set-default multi-user.target
 fi

+# remove rpi-first-boot-wizard
+apt purge piwiz -y
+userdel -r rpi-first-boot-wizard
+
 echo -e "\n*** CONFIG ***"
 # based on https://raspibolt.github.io/raspibolt/raspibolt_20_pi.html#raspi-config

@ -465,8 +542,7 @@ echo "root:raspiblitz" | chpasswd
 echo "pi:raspiblitz" | chpasswd

 # prepare auto-start of 00infoLCD.sh script on pi user login (just kicks in if auto-login of pi is activated in HDMI or LCD mode)
-if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ] || \
-   [ "${baseimage}" = "armbian" ] || [ "${baseimage}" = "ubuntu" ]; then
+if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian" ] || [ "${baseimage}" = "ubuntu" ]; then
  homeFile=/home/pi/.bashrc
  autostartDone=$(grep -c "automatic start the LCD" $homeFile)
  if [ ${autostartDone} -eq 0 ]; then
@ -474,7 +550,7 @@ if [ "${baseimage}" = "raspios_arm64" ] || [ "${baseimage}" = "debian_rpi64" ] |
    # run as exec to dont allow easy physical access by keyboard
    # see https://github.com/rootzoll/raspiblitz/issues/54
    bash -c 'echo "# automatic start the LCD info loop" >> /home/pi/.bashrc'
-    bash -c 'echo "SCRIPT=/home/admin/00infoLCD.sh" >> /home/pi/.bashrc'
+    bash -c 'echo "SCRIPT=\"sudo /home/admin/00infoLCD.sh\"" >> /home/pi/.bashrc'
    bash -c 'echo "# replace shell with script => logout when exiting script" >> /home/pi/.bashrc'
    bash -c 'echo "exec \$SCRIPT" >> /home/pi/.bashrc'
    echo "autostart LCD added to $homeFile"
@ -489,55 +565,28 @@ fi
 sed -i "s/^#SystemMaxUse=.*/SystemMaxUse=250M/g" /etc/systemd/journald.conf
 sed -i "s/^#SystemMaxFileSize=.*/SystemMaxFileSize=50M/g" /etc/systemd/journald.conf

-# change log rotates
-# see https://github.com/rootzoll/raspiblitz/issues/394#issuecomment-471535483
+## LOG ROTATION
+
+# GLOBAL for all logs: /etc/logrotate.conf
+echo "# Optimizing log files: rotate daily max 100M, keep 4 days & compress old"
+sed -i "s/^weekly/daily size 100M/g" /etc/logrotate.conf
+sed -i "s/^#compress/compress/g" /etc/logrotate.conf
+
+# add the option "copytruncate" to /etc/logrotate.conf below the line staring with "# global options do"
+sed -i '/# global options do/a \copytruncate' /etc/logrotate.conf
+
+# SPECIAL FOR SYSLOG: /etc/logrotate.d/rsyslog
+# to test config run: sudo logrotate -v /etc/logrotate.d/rsyslog
+rm /etc/logrotate.d/rsyslog 2>/dev/null
 echo "
 /var/log/syslog
-{
-  rotate 7
-  daily
-  missingok
-  notifempty
-  delaycompress
-  compress
-  postrotate
-    invoke-rc.d rsyslog rotate > /dev/null
-  endscript
-}
-
 /var/log/mail.info
 /var/log/mail.warn
 /var/log/mail.err
 /var/log/mail.log
 /var/log/daemon.log
-{
-  rotate 4
-  size=100M
-  missingok
-  notifempty
-  compress
-  delaycompress
-  sharedscripts
-  postrotate
-    invoke-rc.d rsyslog rotate > /dev/null
-  endscript
-}
-
 /var/log/kern.log
 /var/log/auth.log
-{
-  rotate 4
-  size=100M
-  missingok
-  notifempty
-  compress
-  delaycompress
-  sharedscripts
-  postrotate
-    invoke-rc.d rsyslog rotate > /dev/null
-  endscript
-}
-
 /var/log/user.log
 /var/log/lpr.log
 /var/log/cron.log
@ -545,25 +594,28 @@ echo "
 /var/log/messages
 {
  rotate 4
-  weekly
+  size 100M
  missingok
-  notifempty
  compress
  delaycompress
+  copytruncate
  sharedscripts
  postrotate
-    invoke-rc.d rsyslog rotate > /dev/null
+    service logrotate restart
  endscript
 }
 " | tee ./rsyslog
 mv ./rsyslog /etc/logrotate.d/rsyslog
 chown root:root /etc/logrotate.d/rsyslog
+service logrotate restart
 service rsyslog restart

 echo -e "\n*** ADDING MAIN USER admin ***"
 # based on https://raspibolt.org/system-configuration.html#add-users
 # using the default password 'raspiblitz'
 adduser --disabled-password --gecos "" admin
+# make the home folder world readable
+chmod 0755 /home/admin
 echo "admin:raspiblitz" | chpasswd
 adduser admin sudo
 chsh admin -s /bin/bash
@ -581,7 +633,9 @@ fi
 echo -e "\n*** ADDING SERVICE USER bitcoin"
 # based on https://raspibolt.org/guide/raspberry-pi/system-configuration.html
 # create user and set default password for user
-adduser --disabled-password --gecos "" bitcoin
+adduser --system --group --shell /bin/bash --home /home/bitcoin bitcoin
+# copy the skeleton files for login
+sudo -u bitcoin cp -r /etc/skel/. /home/bitcoin/
 echo "bitcoin:raspiblitz" | chpasswd
 # make home directory readable
 chmod 755 /home/bitcoin
@ -610,18 +664,19 @@ echo -e "\n*** ADDING GROUPS FOR CREDENTIALS STORE ***"
 echo -e "\n*** SHELL SCRIPTS & ASSETS ***"
 # copy raspiblitz repo from github
 cd /home/admin/ || exit 1
-sudo -u admin git config --global user.name "${github_user}"
-sudo -u admin git config --global user.email "johndoe@example.com"
+sudo -u admin git config --global user.name "${github_user}" || exit 1
+sudo -u admin git config --global user.email "johndoe@example.com" || exit 1
+sudo -u admin git config --global http.postBuffer 524288000 || exit 1
 sudo -u admin rm -rf /home/admin/raspiblitz
-sudo -u admin git clone -b "${branch}" https://github.com/${github_user}/raspiblitz.git
-sudo -u admin cp -r /home/admin/raspiblitz/home.admin/*.* /home/admin
-sudo -u admin cp /home/admin/raspiblitz/home.admin/.tmux.conf /home/admin
-sudo -u admin cp -r /home/admin/raspiblitz/home.admin/assets /home/admin/
-sudo -u admin chmod +x *.sh
-sudo -u admin cp -r /home/admin/raspiblitz/home.admin/config.scripts /home/admin/
-sudo -u admin chmod +x /home/admin/config.scripts/*.sh
-sudo -u admin cp -r /home/admin/raspiblitz/home.admin/setup.scripts /home/admin/
-sudo -u admin chmod +x /home/admin/setup.scripts/*.sh
+sudo -u admin git clone -b "${branch}" https://github.com/${github_user}/raspiblitz.git || exit 1
+sudo -u admin cp -r /home/admin/raspiblitz/home.admin/*.* /home/admin || exit 1
+sudo -u admin cp /home/admin/raspiblitz/home.admin/.tmux.conf /home/admin || exit 1
+sudo -u admin cp -r /home/admin/raspiblitz/home.admin/assets /home/admin/ || exit 1
+sudo -u admin chmod +x *.sh || exit 1
+sudo -u admin cp -r /home/admin/raspiblitz/home.admin/config.scripts /home/admin/ || exit 1
+sudo -u admin chmod +x /home/admin/config.scripts/*.sh || exit 1
+sudo -u admin cp -r /home/admin/raspiblitz/home.admin/setup.scripts /home/admin/ || exit 1
+sudo -u admin chmod +x /home/admin/setup.scripts/*.sh || exit 1

 # install newest version of BlitzPy
 blitzpy_wheel=$(ls -tR /home/admin/raspiblitz/home.admin/BlitzPy/dist | grep -E "any.whl" | tail -n 1)
@ -705,21 +760,31 @@ bash -c "echo '# End of file' >> /etc/security/limits.conf"
 sed --in-place -i "23s/.*/session required pam_limits.so/" /etc/pam.d/common-session
 sed --in-place -i "25s/.*/session required pam_limits.so/" /etc/pam.d/common-session-noninteractive
 bash -c "echo '# end of pam-auth-update config' >> /etc/pam.d/common-session-noninteractive"
-# increase the possible number of running processes from 128
-bash -c "echo 'fs.inotify.max_user_instances=4096' >> /etc/sysctl.conf"
+
+# Increase maximum number of inotify instances
+bash -c "echo '# RaspiBlitz Edit: Set maximum number of inotify instances (8192 recommended for min 2GB RAM)' >> /etc/sysctl.conf"
+bash -c "echo 'fs.inotify.max_user_instances=8192' >> /etc/sysctl.conf"
+
+# Activate overcommit_memory
+bash -c "echo '# RaspiBlitz Edit: Use overcommit to prevent system crashes' >> /etc/sysctl.conf"
+bash -c "echo 'vm.overcommit_memory=1' >> /etc/sysctl.conf"

 # *** fail2ban ***
 # based on https://raspibolt.org/security.html#fail2ban
 echo "*** HARDENING ***"
 apt_install --no-install-recommends python3-systemd fail2ban
+# https://github.com/raspiblitz/raspiblitz/issues/4044
+if [ ! -f /var/log/auth.log ]; then
+  touch /var/log/auth.log
+fi

 # *** CACHE DISK IN RAM & KEYVALUE-STORE***
 echo "Activating CACHE RAM DISK ... "
-/home/admin/_cache.sh ramdisk on
-/home/admin/_cache.sh keyvalue on
+/home/admin/_cache.sh ramdisk on || exit 1
+/home/admin/_cache.sh keyvalue on || exit 1

 # *** Wifi, Bluetooth & other RaspberryPi configs ***
-if [ "${baseimage}" = "raspios_arm64"  ] || [ "${baseimage}" = "debian_rpi64" ]; then
+if [ "${baseimage}" = "raspios_arm64"  ] || [ "${baseimage}" = "debian" ]; then

  if [ "${wifi_region}" == "off" ]; then
    echo -e "\n*** DISABLE WIFI ***"
@ -727,40 +792,25 @@ if [ "${baseimage}" = "raspios_arm64"  ] || [ "${baseimage}" = "debian_rpi64" ];
    ifconfig wlan0 down
  fi

-  echo -e "\n*** DISABLE BLUETOOTH ***"
-  configFile="/boot/config.txt"
-  disableBT="dtoverlay=disable-bt"
-  disableBTDone=$(grep -c "$disableBT" $configFile)
-
-  if [ "${disableBTDone}" -eq 0 ]; then
-    # disable bluetooth module
-    echo "" | tee -a $configFile
-    echo "# Raspiblitz" | tee -a $configFile
-    echo 'dtoverlay=pi3-disable-bt' | tee -a $configFile
-    echo 'dtoverlay=disable-bt' | tee -a $configFile
-  else
-    echo "disable BT already in $configFile"
-  fi
-
  # remove bluetooth services
  systemctl disable bluetooth.service
  systemctl disable hciuart.service

  # remove bluetooth packages
-  apt remove -y --purge pi-bluetooth bluez bluez-firmware
+  apt-get remove -y --purge pi-bluetooth bluez bluez-firmware

  # disable audio
  echo -e "\n*** DISABLE AUDIO (snd_bcm2835) ***"
-  sed -i "s/^dtparam=audio=on/# dtparam=audio=on/g" /boot/config.txt
+  sed -i "s/^dtparam=audio=on/# dtparam=audio=on/g" ${raspi_configfile}

  # disable DRM VC4 V3D
  echo -e "\n*** DISABLE DRM VC4 V3D driver ***"
  dtoverlay=vc4-fkms-v3d
-  sed -i "s/^dtoverlay=${dtoverlay}/# dtoverlay=${dtoverlay}/g" /boot/config.txt
+  sed -i "s/^dtoverlay=${dtoverlay}/# dtoverlay=${dtoverlay}/g" ${raspi_configfile}

  # I2C fix (make sure dtparam=i2c_arm is not on)
  # see: https://github.com/rootzoll/raspiblitz/issues/1058#issuecomment-739517713
-  sed -i "s/^dtparam=i2c_arm=.*//g" /boot/config.txt
+  sed -i "s/^dtparam=i2c_arm=.*//g" ${raspi_configfile}
 fi

 # *** BOOTSTRAP ***
@ -776,7 +826,7 @@ cp /home/admin/assets/background.service /etc/systemd/system/background.service
 systemctl enable background

 # *** BACKGROUND SCAN ***
-/home/admin/_background.scan.sh install
+/home/admin/_background.scan.sh install || exit 1

 #######
 # TOR #
@ -809,6 +859,8 @@ else
 fi

 # check fallback list bitnodes
+# update on releases manually in asset folder with:
+# curl -H "Accept: application/json; indent=4" https://bitnodes.io/api/v1/snapshots/latest/ -o ./fallback.bitnodes.nodes
 byteSizeList=$(sudo -u admin stat -c %s /home/admin/fallback.bitnodes.nodes)
 if [ ${#byteSizeList} -eq 0 ] || [ ${byteSizeList} -lt 10240 ]; then
  echo "Using fallback list from repo: bitnodes"
@ -818,6 +870,8 @@ fi
 chown admin:admin /home/admin/fallback.bitnodes.nodes

 # check fallback list bitcoin core
+# update on releases manually in asset folder with:
+# curl https://raw.githubusercontent.com/bitcoin/bitcoin/master/contrib/seeds/nodes_main.txt -o ./fallback.bitcoin.nodes
 byteSizeList=$(sudo -u admin stat -c %s /home/admin/fallback.bitcoin.nodes)
 if [ ${#byteSizeList} -eq 0 ] || [ ${byteSizeList} -lt 10240 ]; then
  echo "Using fallback list from repo: bitcoin core"
@ -835,19 +889,19 @@ echo -e "\n**********************************************"
 echo "BASIC SD CARD BUILD DONE"
 echo -e "**********************************************\n"
 echo "Your SD Card Image for RaspiBlitz is ready (might still do display config)."
-echo "Take the chance & look thru the output above if you can spot any errors or warnings."
-echo -e "\nIMPORTANT IF WANT TO MAKE A RELEASE IMAGE FROM THIS BUILD:"
+echo "Take the chance & look through the output above if you can spot any errors or warnings."
+echo -e "\nIMPORTANT IF YOU WANT TO MAKE A RELEASE IMAGE FROM THIS BUILD:"
 echo "1. login fresh --> user:admin password:raspiblitz"
 echo -e "2. run --> release\n"

 # make sure that at least the code is available (also if no internet)
-/home/admin/config.scripts/blitz.display.sh prepare-install
-# (do last - because might trigger reboot)
+/home/admin/config.scripts/blitz.display.sh prepare-install || exit 1
+# (do last - because it might trigger reboot)
 if [ "${display}" != "headless" ] || [ "${baseimage}" = "raspios_arm64" ]; then
  echo "*** ADDITIONAL DISPLAY OPTIONS ***"
  echo "- calling: blitz.display.sh set-display ${display}"
-  /home/admin/config.scripts/blitz.display.sh set-display ${display}
-  /home/admin/config.scripts/blitz.display.sh rotate 1
+  /home/admin/config.scripts/blitz.display.sh set-display ${display} || exit 1
+  /home/admin/config.scripts/blitz.display.sh rotate 1 || exit 1
 fi

 echo "# BUILD DONE - see above"
--- a/case.3dprint/standard/RaspiBlitz_Standard_Bottom.stl
+++ b/case.3dprint/standard/RaspiBlitz_Standard_Bottom.stl
--- a/case.3dprint/standard/RaspiBlitz_Standard_Top.stl
+++ b/case.3dprint/standard/RaspiBlitz_Standard_Top.stl
--- a/case.3dprint/standard/Raspiblitz_standard.stl
+++ b/case.3dprint/standard/Raspiblitz_standard.stl
--- a/case.3dprint/standard/raspiBplusCase_top_differentCutout_extraTall.stl
+++ b/case.3dprint/standard/raspiBplusCase_top_differentCutout_extraTall.stl
--- a/case.3dprint/standard/raspiBplusCase_top_wo_display.stl
+++ b/case.3dprint/standard/raspiBplusCase_top_wo_display.stl
--- a/case.3dprint/standard/readme.md
+++ b/case.3dprint/standard/readme.md
@ -1,9 +0,0 @@
-# Raspiblitz Case: Standard
-
-This is a raspiblitz case prototype. The standard file (Raspiblitz_standard.stl) should be modified to fit your HDD. 
-
-#### To Do
-
-* Update the HDD container to fit the standard HDD model from the raspiblitz amazon buylist. (Toshiba HDTB420EK3AA 2TB Canvio Basics 2.5-Inch USB 3.0 Portable External Hard Drive - Black)
-
-* Add a cool lightning bolt to improve the design.
--- a/ci/README.md
+++ b/ci/README.md
@ -1,29 +1,151 @@
 <!-- omit in toc -->
 # Automated builds
-* The images are built using the dev branch.
-* The lean image has no Gnome desktop or WebUI installed.
-* Issue: https://github.com/rootzoll/raspiblitz/issues/3053
-* The templates are made using: https://github.com/chef/bento

+<details>
+<summary>Table of Contents</summary>
+
+- [Ready made images for arm64-rpi](#ready-made-images-for-arm64-rpi)
+- [Ready made images for amd64 (x86)](#ready-made-images-for-amd64-x86)
+  - [Write the image to a disk connected with USB](#write-the-image-to-a-disk-connected-with-usb)
+    - [Prepare the disk](#prepare-the-disk)
+    - [Option 1 - rite the .qcow2 file directly to disk with `qemu-image dd`](#option-1---rite-the-qcow2-file-directly-to-disk-with-qemu-image-dd)
+    - [Option 2 - convert the .qcow2 volume to a raw disk image](#option-2---convert-the-qcow2-volume-to-a-raw-disk-image)
+  - [The first boot](#the-first-boot)
+    - [Lean image with Gnome desktop (default image)](#lean-image-with-gnome-desktop-default-image)
+    - [Extend the root partition (optional - recommended)](#extend-the-root-partition-optional---recommended)
+    - [Add wifi driver (optional)](#add-wifi-driver-optional)
 - [Local build](#local-build)
  - [Generate an arm64-rpi image](#generate-an-arm64-rpi-image)
  - [Generate an amd64 image](#generate-an-amd64-image)
- [Images generated in github actions](#images-generated-in-github-actions)
- [Write the image to a disk connected with USB](#write-the-image-to-a-disk-connected-with-usb)
-  - [Convert the qcow2 volume to a raw disk image](#convert-the-qcow2-volume-to-a-raw-disk-image)
-  - [Write to a disk connected with USB with Balena Etcher or `dd`](#write-to-a-disk-connected-with-usb-with-balena-etcher-or-dd)
-  - [Extend the partition on the new disk (optional)](#extend-the-partition-on-the-new-disk-optional)
- [The first boot](#the-first-boot)
-  - [fatpack image](#fatpack-image)
-  - [lean image](#lean-image)
-    - [Add Gnome desktop (optional)](#add-gnome-desktop-optional)
-  - [Add wifi (optional)](#add-wifi-optional)
-  - [Add wifi driver (optional)](#add-wifi-driver-optional)
+    - [amd64-lean-desktop-uefi-image](#amd64-lean-desktop-uefi-image)
+    - [amd64-lean-server-legacyboot-image](#amd64-lean-server-legacyboot-image)
+- [Notes for the lean server image without Gnome desktop](#notes-for-the-lean-server-image-without-gnome-desktop)
+  - [After the boot](#after-the-boot)
+  - [Connect to wifi from the command line (optional)](#connect-to-wifi-from-the-command-line-optional)
+    - [Add Gnome desktop to the server image (optional)](#add-gnome-desktop-to-the-server-image-optional)
+- [Fatpack images](#fatpack-images)
 - [Workflow notes](#workflow-notes)
-  - [Packer .json settings:](#packer-json-settings)
  - [VNC](#vnc)
+  - [Packer settings](#packer-settings)
  - [Flashing](#flashing)

+</details>
+
+## Ready made images for arm64-rpi
+* The images are built in GitHub actions
+* To see the downloadable artifacts will need to log in to GitHub
+* Find the latest successful build of the default amd64 image:
+https://github.com/raspiblitz/raspiblitz/actions/workflows/arm64-rpi-lean-image.yml?query=workflow%3Aarm64-rpi-lean-image-build+is%3Asuccess+branch%3Adev
+* unpack the artifact to the same directory
+  ```
+  unzip ./raspiblitz-arm64-rpi-image-*.zip
+  ```
+* The resulting `raspiblitz-arm64-rpi-lean.img.gz` can be written to an SDcard directly with Balena Etcher
+
+
+## Ready made images for amd64 (x86)
+* The images are built in GitHub actions
+* To see the downloadable artifacts will need to log in to GitHub
+* Find the latest successful build of the default amd64 image:
+https://github.com/rootzoll/raspiblitz/actions/workflows/amd64-lean-image.yml?query=workflow%3Aamd64-lean-image-build+branch%3Adev+is%3Asuccess++
+  ```
+  # unpack the artifact to the same directory
+  unzip ./raspiblitz-amd64-image-*.zip
+  # unpack the image
+  gzip -dkv raspiblitz-amd64-debian-lean.qcow2.gz
+  # install qemu-utils
+  sudo apt install -y qemu-utils
+  ```
+###  Write the image to a disk connected with USB
+
+#### Prepare the disk
+* identify the connected disk with `lsblk` e.g., `/dev/sdk`
+* set the disk variable
+  ```
+  # identify the USB connected disk
+  lsblk
+  # set the disk variable
+  disk=/dev/sdk
+  ```
+* clean the existing partitions:
+  ```
+  # unmount all partitions
+  sudo umount ${disk}*
+  # wipe the partition table
+  sudo wipefs --all ${disk}
+  ```
+
+#### Option 1 - rite the .qcow2 file directly to disk with `qemu-image dd`
+* requires less disk space - the .qcow2 volume is 8.1 GB
+  ```
+  sudo qemu-img dd if=./raspiblitz-amd64-debian-lean.qcow2 of=${disk} bs=4M
+  ```
+
+#### Option 2 - convert the .qcow2 volume to a raw disk image
+* the raw .img is 30GB
+  ```
+  # convert
+  qemu-img convert ./raspiblitz-amd64-debian-lean.qcow2 ./raspiblitz-amd64-debian-lean.img
+  ```
+* identify the connected disk with `lsblk` e.g., `/dev/sdk`
+* use [Balena Etcher](https://www.balena.io/etcher/)
+* or `dd` to write the .img to disk
+  ```
+  sudo dd if=./raspiblitz-amd64-debian-lean.img of=${disk} bs=4M status=progress
+  ```
+
+### The first boot
+#### Lean image with Gnome desktop (default image)
+* log in on screen:
+  * username: `admin`
+  * password: `raspiblitz`
+* start a terminal for guidance
+* alternatively connect with ssh over the LAN with the same username and password
+
+#### Extend the root partition (optional - recommended)
+* The default image is 30GB. The partition can be extended to the full size of the disk.
+* The lvm partition can be extended while mounted so this step can be done later as well while the system is running.
+* CLI (recommended)
+  ```
+  # identify the USB connected disk
+  lsblk
+  df -h
+  # select the disk carefully
+  disk="/dev/sde"
+  # resize the extended partition to the full size of the disk
+  sudo parted ${disk} -- resizepart 2 100%
+  # resize the lvm partition to the full size of the disk
+  sudo parted ${disk} -- resizepart 5 100%
+  # extend the physical volume to size of the lvm partition
+  sudo pvresize ${disk}5
+  # extend the root lvm to the full free space and resize the filesystem
+  sudo lvextend -r -l +100%FREE /dev/mapper/raspiblitz--amd64--vg-root
+  ```
+* GUI with GParted
+  ```
+  # install
+  sudo apt install gparted
+  # start the gparted GUI
+  sudo gparted
+  # resize the extended partition to the full size of the disk
+  # extend the lvm to the full free space and resize the filesystem (extends the swap space by default)
+  # in CLI: extend the root lvm
+  sudo lvextend -r -l +100%FREE /dev/mapper/raspiblitz--amd64--vg-root
+  ```
+
+#### Add wifi driver (optional)
+* as in https://wiki.debian.org/iwlwifi
+* add the component `non-free` after `deb http://deb.debian.org/debian bullseye main` in `/etc/apt/sources.list`
+* install the wifi driver for the mentioned cards:
+  ```
+  sudo apt update && sudo apt install firmware-iwlwifi
+  ```
+* alternatively download the deb package from: http://ftp.debian.org/debian/pool/non-free-firmware/f/firmware-nonfree/firmware-iwlwifi_20230210-5_all.deb
+* install with:
+  ```
+  sudo dpkg -i firmware-iwlwifi_20230210-5_all.deb
+  ```
+
 ## Local build
 with the [Makefile](https://github.com/rootzoll/raspiblitz/blob/dev/Makefile)
 * needs ~20 GB free space
@ -33,7 +155,7 @@ with the [Makefile](https://github.com/rootzoll/raspiblitz/blob/dev/Makefile)
 * Preparation:
  ```
  # change to a mountpoint with sufficient space (check with 'df -h')
-  cd /var/log
+  cd $HOME/
  # switch to root
  sudo su
  # install git and make
@ -48,114 +170,60 @@ with the [Makefile](https://github.com/rootzoll/raspiblitz/blob/dev/Makefile)
 ### Generate an arm64-rpi image
 * The workflow locally and in github actions generates a .img raw format image for the Raspberry Pi.
  ```
-  make arm-rpi-lean-image
+  make arm64-rpi-lean-image
  ```
-* find the image and sh256 hashes in the `ci/arm64-rpi/packer-builder-arm` directory
+* find the image and sha256 hashes in the `ci/arm64-rpi/packer-builder-arm` directory
 * the .img.gz file can be written to an SDcard directly with Balena Etcher

 ### Generate an amd64 image
-The workflow locally and in github actions generates a .qcow2 format amd64 image.
+* The workflow locally and in github actions generates a .qcow2 format amd64 image.
+* When finished find the compressed .qcow2 image and sha256 hashes in the `ci/amd64/builds` directory
+
+#### amd64-lean-desktop-uefi-image
+* lean image, Gnome desktop, UEFI boot
+* Tested with
+  * written to disk and booted with UEFI
+  ```
+  make amd64-lean-desktop-uefi-image
+  ```
+
+#### amd64-lean-server-legacyboot-image
+* lean image, no desktop (cli only), legacy boot for old computers
 * Tested with
  * libvirt / virsh / virt-manager (https://virt-manager.org/)
-  * written to disk and booted with legacy boot (non-UEFI)
+  * written to disk and booted with legacy boot (non-UEFI / CSM mode)
  ```
-  make amd64-lean-image
-  ```
-* find the compressed .qcow2 image and sh256 hashes in the `ci/amd64/builds` directory
-
-## Images generated in github actions
-* To see the downloadable artifacts will need to log in to GitHub
-* Find the latest successful builds for amd64 using the dev branch at:  
-https://github.com/rootzoll/raspiblitz/actions/workflows/amd64-lean-image.yml?query=workflow%3Aamd64-lean-image-build+branch%3Adev+is%3Asuccess++
-  ```
-  # unzip to the same directory
-  unzip raspiblitz-amd64-image-YEAR-MM-DD-COMMITHASH.zip
-  ```
-## Write the image to a disk connected with USB
-* identify the connected disk with `lsblk` eg `/dev/sdd`
-
-### Convert the qcow2 volume to a raw disk image
-* the raw image is 33.5 GB
-  ```
-  # unzip
-  gzip -dkv raspiblitz-amd64-debian-11.5-lean.qcow2.gz
-  # convert
-  qemu-img convert raspiblitz-amd64-debian-11.5-lean.qcow2 raspiblitz-amd64-debian-11.5-lean.img
+  make amd64-lean-server-legacyboot-image
  ```

-### Write to a disk connected with USB with Balena Etcher or `dd`
-* [Balena Etcher](https://www.balena.io/etcher/) to write the .img to disk
-* dd to write the .img to disk
-  ```
-  # identify partitions
-  lsblk
-  # write to disk
-  sudo dd if=./raspiblitz-amd64-debian-11.5-lean.img of=/dev/sde bs=4M status=progress
-  ```
-
-* qemu-image dd to write the .qcow2 directly to disk
-  ```
-  sudo apt install -y qemu-utils
-  sudo qemu-img dd if=./raspiblitz-amd64-debian-11.5-lean.qcow2 of=/dev/sde bs=4M
-  ```
-### Extend the partition on the new disk (optional)
-* Use Disks to resize the Extended Partition to the full size of the disk
-* To extend the LVM:
-  ```
-  # identify the USB connected disk
-  lsblk
-  df -h
-  # extend the lvm to the full free space and resize the filesystem
-  sudo lvextend -r -l +100%FREE /dev/mapper/raspiblitz--amd74--debian--11--vg-root
-
-  # alternatively download the script
-  git clone https://git.scs.carleton.ca/git/extend-lvm.git
-  # run with the disk as the parameter (sde for example)
-  sudo bash extend-lvm/extend-lvm.sh /dev/sde
-  ```
-
-## The first boot
-### fatpack image
-* log in on screen:
-  * username: `admin`
-  * password: `raspiblitz`
-
-* start a terminal for guidance
-
-* alternatively open a browser and go to:
-  * http://localhost
-* can also open the WebUI on another computer
-  * Find the the RaspiBlitz_IP in your router dashboard, in the terminal prompt or with `hostname -I`
-  * open: http://RaspiBlitz_IP
-
-### lean image
+## Notes for the lean server image without Gnome desktop
+### After the boot
 * press any key to get to a login prompt after the splash screen
  * username: `admin`
  * password: `raspiblitz`

-#### Add Gnome desktop (optional)
+### Connect to wifi from the command line (optional)
+* if the wifi driver is included in the FOSS Debian distro
+* in the command line run the network manager interface to connect:
+  ```
+  sudo nmtui
+  ```
+
+#### Add Gnome desktop to the server image (optional)
 * Connect to the internet (easiest to plug in a LAN cable - use a USB - LAN adapter if have no port)
  ```
  apt install gnome
  systemctl start gdm
  ```

-### Add wifi (optional)
-* if the wifi driver is included in the FOSS Debian distro
-* in the command line run the network manager interface to connect:
-  ```
-  sudo nmtui
-  ```
-### Add wifi driver (optional)
-* as in https://wiki.debian.org/iwlwifi
-* add the component `non-free` after `deb http://deb.debian.org/debian bullseye main` in `/etc/apt/sources.list`
-* install the wifi driver for the mentioned cards:
-  ```
-  sudo apt update && sudo apt install firmware-iwlwifi
-  ```
+## Fatpack images
+* can open a browser and go to:
+  * http://localhost
+* can also open the WebUI on another computer
+  * Find the the RaspiBlitz_IP in your router dashboard, in the terminal prompt or with `hostname -I`
+  * open: http://RaspiBlitz_IP

 ## Workflow notes
-
 The github workflow files are the equivalent of the Makefile commands run locally.
 The local repo owner (`GITHUB_ACTOR`) and branch (`GITHUB_HEAD_REF`) is picked up.
 The build_sdcard.sh is downloaded from the source branch and built with the options pack=[lean|fatpack] to set fatpack=[0|1].
@ -163,12 +231,12 @@ The build_sdcard.sh is downloaded from the source branch and built with the opti
 The github workflow is running the job in an ubuntu-22.04 image.

 The amd64 image is built with running a qemu VM
-* installs the base OS (Debian 11.5)
+* installs the base OS (Debian)
 * connects with ssh and runs the scripts including the build_sdcard.sh

-The arm64-rpi image genenaration runs in Docker in github actions and without Docker locally.
-* the base image (RasberryOS) is started in the qemu VM
-* packer runs the build_sdcard.sh directly in the VM
+The arm64-rpi image generation runs in Docker in github actions and without Docker locally.
+* the base image (RaspberryOS) is started in the qemu VM
+* Packer runs the build_sdcard.sh directly in the VM

 After the image is built (and there is no exit with errors) the next steps are:
 * compute checksum of the qemu/raw image
@ -176,8 +244,11 @@ After the image is built (and there is no exit with errors) the next steps are:
 * compute checksum of the compressed image
 * (in github actions: upload the artifacts in one .zip file)

-### Packer .json settings:
-* `disk_size` - the size op the raw image. The .qcow2 file is compressed.
+### VNC
+* can follow the setup locally in VNC with the port stated in the first part of the logs eg: `Found available VNC port: 5900 on IP: 127.0.0.1`
+
+### Packer settings
+* `disk_size` / `image_size` - the size op the raw image. The .qcow2 file is compressed.
 * `template`  - image filename
 * `output_directory` - directory under builds where the image will be placed
 * the `pi` user is given passwordless sudo access and used for the image setup
@ -197,7 +268,5 @@ After the image is built (and there is no exit with errors) the next steps are:

  cat 2022-09-22-raspios-bullseye-arm64.img.xz.sha256
  ```
-### VNC
-* can follow the setup locally in VNC with the port stated in the first part of the logs eg: `Found available VNC port: 5952 on IP: 127.0.0.1`
 ### Flashing
-* using `qemu-img dd bs=4M if=raspiblitz-amd64-debian-11.5-lean.qcow2 of=/dev/sdd` changed the UUID so it won't boot without editing GRUB
+* using `qemu-img dd bs=4M if=raspiblitz-amd64-debian-lean.qcow2 of=/dev/sdd` changed the UUID so it won't boot without editing GRUB
--- a/ci/amd64/_common/env.sh
+++ b/ci/amd64/_common/env.sh
@ -0,0 +1,4 @@
+#!/bin/sh
+
+echo "# Display the environment variables"
+env
--- a/ci/amd64/debian/amd64-debian.json
+++ b/ci/amd64/debian/amd64-debian.json
@ -1,81 +0,0 @@
-{
-  "variables": {
-  "box_basename": "debian",
-  "build_directory": "../builds",
-  "build_timestamp": "{{isotime \"20060102150405\"}}",
-  "pack": "{{user `pack`}}",
-  "cpus": "4",
-  "disk_size": "30000",
-  "git_revision": "__unknown_git_revision__",
-  "guest_additions_url": "",
-  "headless": "false",
-  "http_directory": "{{template_dir}}/http",
-  "http_proxy": "{{env `http_proxy`}}",
-  "https_proxy": "{{env `https_proxy`}}",
-  "iso_checksum": "eb3f96fd607e4b67e80f4fc15670feb7d9db5be50f4ca8d0bf07008cb025766b",
-  "iso_name": "debian-11.7.0-amd64-netinst.iso",
-  "memory": "4096",
-  "mirror": "http://cdimage.debian.org/cdimage/release",
-  "mirror_directory": "current/amd64/iso-cd",
-  "name": "debian",
-  "no_proxy": "{{env `no_proxy`}}",
-  "preseed_path": "debian-9/preseed.cfg",
-  "qemu_display": "none",
-  "qemu_bios": "bios-256k.bin",
-  "template": "raspiblitz-amd64-debian-{{user `pack`}}",
-  "boot_command": "<esc><wait>install <wait> preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/{{user `preseed_path`}} <wait>debian-installer=en_US.UTF-8 <wait>auto <wait>locale=en_US.UTF-8 <wait>kbd-chooser/method=us <wait>keyboard-configuration/xkb-keymap=us <wait>netcfg/get_hostname={{ .Name }} <wait>netcfg/get_domain=vagrantup.com <wait>fb=false <wait>debconf/frontend=noninteractive <wait>console-setup/ask_detect=false <wait>console-keymaps-at/keymap=us <wait>grub-installer/bootdev=default <wait><enter><wait>",
-  "version": "TIMESTAMP"
-},
-  "builders": [
-    {
-      "boot_command": "{{user `boot_command`}}",
-      "boot_wait": "5s",
-      "cpus": "{{ user `cpus` }}",
-      "disk_size": "{{user `disk_size`}}",
-      "headless": "{{ user `headless` }}",
-      "http_directory": "{{user `http_directory`}}",
-      "iso_checksum": "{{user `iso_checksum`}}",
-      "iso_url": "{{user `mirror`}}/{{user `mirror_directory`}}/{{user `iso_name`}}",
-      "memory": "{{ user `memory` }}",
-      "output_directory": "{{ user `build_directory` }}/{{user `template`}}-qemu",
-      "shutdown_command": "echo 'raspiblitz' | sudo /sbin/shutdown -hP now",
-      "ssh_password": "raspiblitz",
-      "ssh_port": 22,
-      "ssh_timeout": "10000s",
-      "ssh_username": "pi",
-      "type": "qemu",
-      "format": "qcow2",
-      "vm_name": "{{ user `template` }}.qcow2",
-      "qemuargs": [
-        [ "-m", "{{ user `memory` }}" ],
-        [ "-bios", "{{ user `qemu_bios` }}" ],
-        [ "-display", "{{ user `qemu_display` }}" ]
-      ]
-    }
-  ],
-  "provisioners": [
-    {
-      "type": "shell",
-      "environment_vars": [
-        "HOME_DIR=/home/pi",
-        "http_proxy={{user `http_proxy`}}",
-        "https_proxy={{user `https_proxy`}}",
-        "no_proxy={{user `no_proxy`}}",
-        "github_user={{user `github_user`}}",
-        "branch={{user `branch`}}",
-        "pack={{user `pack`}}"
-      ],
-      "execute_command": "echo 'raspiblitz' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'",
-      "expect_disconnect": true,
-      "scripts": [
-        "{{template_dir}}/scripts/update.sh",
-        "{{template_dir}}/../_common/sshd.sh",
-        "{{template_dir}}/scripts/networking.sh",
-        "{{template_dir}}/scripts/sudoers.sh",
-        "{{template_dir}}/scripts/systemd.sh",
-        "{{template_dir}}/scripts/raspiblitz.sh",
-        "{{template_dir}}/scripts/cleanup.sh"
-      ]
-    }
-  ]
-}
--- a/ci/amd64/debian/build.amd64-debian.pkr.hcl
+++ b/ci/amd64/debian/build.amd64-debian.pkr.hcl
@ -0,0 +1,115 @@
+variable "iso_name" { default = "debian-12.6.0-amd64-netinst.iso" }
+variable "iso_checksum" { default = "ade3a4acc465f59ca2496344aab72455945f3277a52afc5a2cae88cdc370fa12" }
+
+variable "pack" { default = "lean" }
+variable "github_user" { default = "raspiblitz" }
+variable "branch" { default = "dev" }
+variable "desktop" { default = "none" }
+
+variable "boot" { default = "uefi" }
+variable "preseed_file" { default = "preseed.cfg" }
+variable "hostname" { default = "raspiblitz-amd64" }
+
+variable "disk_size" { default = "30000" }
+variable "memory" { default = "4096" }
+variable "cpus" { default = "4" }
+
+locals {
+  name_template = "${var.hostname}-debian-${var.pack}"
+  bios_file     = var.boot == "uefi" ? "OVMF.fd" : "bios-256k.bin"
+  boot_command = var.boot == "uefi" ? [
+    "<wait><wait><wait>c<wait><wait><wait>",
+    "linux /install.amd/vmlinuz ",
+    "auto=true ",
+    "url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/${var.preseed_file} ",
+    "hostname=${var.hostname} ",
+    "domain=${var.hostname}.local ",
+    "interface=auto ",
+    "vga=788 noprompt quiet --<enter>",
+    "initrd /install.amd/initrd.gz<enter>",
+    "boot<enter>"
+    ] : [
+    "<esc><wait>install <wait>",
+    "<wait><wait><wait><wait><wait><wait><wait><wait><wait><wait><wait><wait><wait><wait><wait><wait> preseed/url=http://{{ .HTTPIP }}:{{ .HTTPPort }}/${var.preseed_file} <wait>",
+    "debian-installer=en_US.UTF-8 <wait>",
+    "auto <wait>",
+    "locale=en_US.UTF-8 <wait>",
+    "kbd-chooser/method=us <wait>",
+    "keyboard-configuration/xkb-keymap=us <wait>",
+    "netcfg/get_hostname=${var.hostname} <wait>",
+    "netcfg/get_domain=${var.hostname}.local <wait>",
+    "fb=false <wait>",
+    "debconf/frontend=noninteractive <wait>",
+    "console-setup/ask_detect=false <wait>",
+    "console-keymaps-at/keymap=us <wait>",
+    "grub-installer/bootdev=default <wait>",
+    "<enter><wait>"
+  ]
+}
+
+source "qemu" "debian" {
+  boot_command     = local.boot_command
+  boot_wait        = "5s"
+  cpus             = var.cpus
+  disk_size        = var.disk_size
+  http_directory   = "./http"
+  iso_checksum     = var.iso_checksum
+  iso_url          = "https://cdimage.debian.org/cdimage/release/current/amd64/iso-cd/${var.iso_name}"
+  memory           = var.memory
+  output_directory = "../builds/${local.name_template}-qemu"
+  shutdown_command = "echo 'raspiblitz' | sudo /sbin/shutdown -hP now"
+  ssh_password     = "raspiblitz"
+  ssh_port         = 22
+  ssh_timeout      = "10000s"
+  ssh_username     = "pi"
+  format           = "qcow2"
+  vm_name          = "${local.name_template}.qcow2"
+  headless         = false
+  vnc_bind_address = "127.0.0.1"
+  vnc_port_max     = 5900
+  vnc_port_min     = 5900
+  qemuargs = [
+    ["-m", var.memory],
+    ["-bios", local.bios_file],
+    ["-display", "none"]
+  ]
+}
+
+build {
+  description = "Can't use variables here yet!"
+  sources     = ["source.qemu.debian"]
+
+  provisioner "shell" {
+    environment_vars = [
+      "HOME_DIR=/home/pi",
+      "github_user=${var.github_user}",
+      "branch=${var.branch}",
+      "pack=${var.pack}",
+      "desktop=${var.desktop}"
+    ]
+
+    execute_command   = "echo 'raspiblitz' | {{.Vars}} sudo -S -E sh -eux '{{.Path}}'"
+    expect_disconnect = true
+    scripts = [
+      "./../_common/env.sh",
+      "./scripts/update.sh",
+      "./../_common/sshd.sh",
+      "./scripts/networking.sh",
+      "./scripts/sudoers.sh",
+      "./scripts/systemd.sh",
+      "./scripts/build.raspiblitz.sh",
+      "./scripts/cleanup.sh"
+    ]
+  }
+}
+
+packer {
+  required_version = ">= 1.7.0, < 2.0.0"
+
+  required_plugins {
+    qemu = {
+      source  = "github.com/hashicorp/qemu"
+      version = ">= 1.0.0, < 2.0.0"
+    }
+  }
+}
--- a/ci/amd64/debian/http/debian-9/preseed.cfg
+++ b/ci/amd64/debian/http/debian-9/preseed.cfg
@ -1,47 +0,0 @@
-choose-mirror-bin mirror/http/proxy string
-d-i apt-setup/use_mirror boolean true
-d-i base-installer/kernel/override-image string linux-server
-d-i clock-setup/utc boolean true
-d-i clock-setup/utc-auto boolean true
-d-i finish-install/reboot_in_progress note
-d-i grub-installer/only_debian boolean true
-d-i grub-installer/with_other_os boolean true
-d-i keymap select us
-d-i mirror/country string manual
-d-i mirror/http/directory string /debian
-d-i mirror/http/hostname string httpredir.debian.org
-d-i mirror/http/proxy string
-d-i partman-auto-lvm/guided_size string max
-d-i partman-auto/choose_recipe select atomic
-d-i partman-auto/method string lvm
-d-i partman-lvm/confirm boolean true
-d-i partman-lvm/confirm_nooverwrite boolean true
-d-i partman-lvm/device_remove_lvm boolean true
-d-i partman/choose_partition select finish
-d-i partman/confirm boolean true
-d-i partman/confirm_nooverwrite boolean true
-d-i partman/confirm_write_new_label boolean true
-d-i passwd/root-login boolean false
-d-i passwd/root-password-again password raspiblitz
-d-i passwd/root-password password raspiblitz
-d-i passwd/user-fullname string pi
-d-i passwd/user-uid string 1000
-d-i passwd/user-password password raspiblitz
-d-i passwd/user-password-again password raspiblitz
-d-i passwd/username string pi
-d-i pkgsel/include string sudo bzip2 acpid cryptsetup zlib1g-dev wget curl dkms fuse make nfs-common net-tools cifs-utils rsync
-d-i pkgsel/install-language-support boolean false
-d-i pkgsel/update-policy select none
-d-i pkgsel/upgrade select full-upgrade
-# Prevent packaged version of VirtualBox Guest Additions being installed:
-d-i preseed/early_command string sed -i \
-  '/in-target/idiscover(){/sbin/discover|grep -v VirtualBox;}' \
-  /usr/lib/pre-pkgsel.d/20install-hwpackages
-d-i time/zone string UTC
-d-i user-setup/allow-password-weak boolean true
-d-i user-setup/encrypt-home boolean false
-d-i preseed/late_command string sed -i '/^deb cdrom:/s/^/#/' /target/etc/apt/sources.list
-apt-cdrom-setup apt-setup/cdrom/set-first boolean false
-apt-mirror-setup apt-setup/use_mirror boolean true
-popularity-contest popularity-contest/participate boolean false
-tasksel tasksel/first multiselect standard, ssh-server
--- a/ci/amd64/debian/http/preseed.cfg
+++ b/ci/amd64/debian/http/preseed.cfg
@ -0,0 +1,72 @@
+# https://github.com/chef/bento/blob/main/packer_templates/http/debian/preseed.cfg
+# https://www.debian.org/releases/stable/example-preseed.txt
+# https://github.com/tylert/packer-build/blob/master/source/debian/12_bookworm/base-uefi.preseed
+# variables: https://github.com/tylert/packer-build/blob/master/source/debian/12_bookworm/base-uefi.pkr.hcl
+
+# Locale Setup
+d-i debian-installer/language string en
+d-i debian-installer/country string US
+d-i debian-installer/locale string en_US.UTF-8
+# d-i localechooser/supported-locales multiselect en_CA.UTF-8 fr_CA.UTF-8 zh_CN.UTF-8
+# d-i pkgsel/install-language-support boolean true
+
+# Keyboard Setup
+d-i keyboard-configuration/xkb-keymap select us
+
+# Clock Setup
+# d-i time/zone string Canada/Eastern
+d-i time/zone string UTC
+d-i clock-setup/utc boolean true
+# set above to false if making a bootable USB to run on same system as Windows
+
+# Network Setup
+d-i netcfg/get_hostname string raspiblitz-amd64
+d-i netcfg/get_domain string
+# https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/713385
+d-i netcfg/choose_interface select auto
+# make sure you also add "interface=auto" to your boot command too
+# https://bugs.launchpad.net/ubuntu/+source/netcfg/+bug/713385
+
+# User Setup
+d-i passwd/root-login boolean false
+d-i passwd/root-password-again password raspiblitz
+d-i passwd/root-password password raspiblitz
+d-i passwd/user-fullname string pi
+d-i passwd/user-uid string 1000
+d-i passwd/user-password password raspiblitz
+d-i passwd/user-password-again password raspiblitz
+d-i passwd/username string pi
+
+# Package Setup
+d-i hw-detect/load_firmware boolean false
+d-i hw-detect/load_media boolean false
+apt-cdrom-setup apt-setup/cdrom/set-first boolean false
+d-i mirror/country string manual
+d-i mirror/http/hostname string httpredir.debian.org
+d-i mirror/http/directory string /debian
+d-i mirror/http/proxy string
+d-i apt-setup/contrib boolean true
+d-i apt-setup/non-free boolean true
+
+tasksel tasksel/first multiselect ssh-server, standard
+d-i pkgsel/include string sudo bzip2 acpid cryptsetup zlib1g-dev wget curl dkms fuse make nfs-common net-tools cifs-utils rsync
+d-i pkgsel/install-language-support boolean false
+d-i pkgsel/update-policy select none
+d-i pkgsel/upgrade select full-upgrade
+
+popularity-contest popularity-contest/participate boolean false
+
+# Drive setup
+d-i partman-auto-lvm/guided_size string max
+d-i partman-auto/choose_recipe select atomic
+d-i partman-auto/method string lvm
+d-i partman-lvm/confirm boolean true
+d-i partman-lvm/confirm_nooverwrite boolean true
+d-i partman-lvm/device_remove_lvm boolean true
+d-i partman/choose_partition select finish
+d-i partman/confirm boolean true
+d-i partman/confirm_nooverwrite boolean true
+d-i partman/confirm_write_new_label boolean true
+
+# Final Setup
+d-i finish-install/reboot_in_progress note
--- a/ci/amd64/debian/scripts/build.raspiblitz.sh
+++ b/ci/amd64/debian/scripts/build.raspiblitz.sh
@ -9,7 +9,7 @@ else
  fatpack="0"
 fi

-if [ "${fatpack}" = "1" ]; then
+if [ "${desktop}" = "gnome" ]; then
  echo 'Add Gnome desktop'
  export DEBIAN_FRONTEND=none
  sudo apt install gnome -y
--- a/ci/amd64/debian/scripts/networking.sh
+++ b/ci/amd64/debian/scripts/networking.sh
@ -1,9 +1,14 @@
 #!/bin/sh -eux

 # Disable Predictable Network Interface names and use eth0
-sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces;
-sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 \1"/g' /etc/default/grub;
-update-grub;
+sed -i 's/en[[:alnum:]]*/eth0/g' /etc/network/interfaces
+sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="net.ifnames=0 biosdevname=0 \1"/g' /etc/default/grub
+update-grub

 # Adding a 2 sec delay to the interface up, to make the dhclient happy
-echo "pre-up sleep 2" >> /etc/network/interfaces
+echo "pre-up sleep 2" >>/etc/network/interfaces
+
+# needed for resolvconf installed in build_sdcard.sh
+apt-get install resolvconf -y
+echo 'nameserver 1.1.1.1' >/etc/resolv.conf
+echo 'nameserver 8.8.8.8' >>/etc/resolv.conf
--- a/ci/amd64/packer.build.amd64-debian.sh
+++ b/ci/amd64/packer.build.amd64-debian.sh
@ -1,37 +1,33 @@
 #!/bin/bash -e

-# Install packer
-curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
-sudo apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
 sudo apt-get update
-echo -e "\nInstalling packer..."
-sudo apt-get install -y packer

-# Install qemu
-echo -e "\nInstalling qemu..."
+# install packer
+if ! packer version 2>/dev/null; then
+  curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
+  sudo apt-add-repository -y "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
+  sudo apt-get update
+  echo -e "\nInstalling packer..."
+  sudo apt-get install -y packer
+else
+  echo "# Packer is installed"
+fi
+
+# install qemu
+echo "# Install qemu ..."
+sudo apt-get update
 sudo apt-get install -y qemu-system

-if [ $# -gt 0 ]; then
-  pack=$1
-else
-  pack=lean
-fi
-
-if [ $# -gt 1 ]; then
-  github_user=$2
-else
-  github_user=rootzoll
-fi
-
-if [ $# -gt 2 ]; then
-  branch=$3
-else
-  branch=dev
-fi
+# set vars
+echo "# Setting the variables: $*"
+source ../set_variables.sh
+set_variables "$@"

 # Build the image
-echo -e "\nBuilding image..."
+echo "# Build the image ..."
 cd debian
-PACKER_LOG=1 packer build \
- --var pack=${pack} --var github_user=${github_user} --var branch=${branch}  \
- -only=qemu amd64-debian.json
+packer init -upgrade .
+command="PACKER_LOG=1 packer build ${vars} -only=qemu packer.build.amd64-debian.hcl"
+echo "# Running: $command"
+if [ ${#vars} -eq 0 ];then exit 1;fi
+PACKER_LOG=1 packer build ${vars} -only=qemu.debian build.amd64-debian.pkr.hcl || exit 1
--- a/ci/arm64-rpi/build.arm64-rpi.pkr.hcl
+++ b/ci/arm64-rpi/build.arm64-rpi.pkr.hcl
@ -1,13 +1,16 @@
-variable "pack" {}
-variable "github_user" {}
-variable "branch" {}
+variable "pack" { default = "lean" }
+variable "github_user" { default = "raspiblitz" }
+variable "branch" { default = "dev" }
+variable "image_link" { default = "https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2024-03-15/2024-03-15-raspios-bookworm-arm64.img.xz" }
+variable "image_checksum" { default = "7e53a46aab92051d523d7283c080532bebb52ce86758629bf1951be9b4b0560f" }
+variable "image_size" { default = "20G" }

 source "arm" "raspiblitz-arm64-rpi" {
  file_checksum_type    = "sha256"
-  file_checksum         = "c42856ffca096480180b5aff66e1dad2f727fdc33359b24e0d2d49cc7676b576"
+  file_checksum         = var.image_checksum
  file_target_extension = "xz"
  file_unarchive_cmd    = ["xz", "--decompress", "$ARCHIVE_PATH"]
-  file_urls             = ["https://downloads.raspberrypi.org/raspios_arm64/images/raspios_arm64-2022-09-26/2022-09-22-raspios-bullseye-arm64.img.xz"]
+  file_urls             = [var.image_link]
  image_build_method    = "resize"
  image_chroot_env      = ["PATH=/usr/local/bin:/usr/local/sbin:/usr/bin:/usr/sbin:/bin:/sbin"]
  image_partitions {
@ -27,7 +30,7 @@ source "arm" "raspiblitz-arm64-rpi" {
    type         = "83"
  }
  image_path                   = "raspiblitz-arm64-rpi-${var.pack}.img"
-  image_size                   = "28G"
+  image_size                   = var.image_size
  image_type                   = "dos"
  qemu_binary_destination_path = "/usr/bin/qemu-arm-static"
  qemu_binary_source_path      = "/usr/bin/qemu-arm-static"
@ -41,19 +44,22 @@ build {
      "echo 'nameserver 1.1.1.1' > /etc/resolv.conf",
      "echo 'nameserver 8.8.8.8' >> /etc/resolv.conf",
      "echo 'debconf debconf/frontend select Noninteractive' | debconf-set-selections",
+      "apt-get update",
      "apt-get install -y sudo wget",
      "apt-get -y autoremove",
      "apt-get -y clean",
+      "touch /boot/ssh",
+      "echo 'pi:$6$TE7HmruYY9EaNiKP$Vz0inJ6gaoJgJvQrC5z/HMDRMTN2jKhiEnG83tc1Jsw7lli5MYdeA83g3NOVCsBaTVW4mUBiT/1ZRWYdofVQX0' > /boot/userconf"
    ]
  }

  provisioner "shell" {
-    environment_vars =  [
+    environment_vars = [
      "github_user=${var.github_user}",
      "branch=${var.branch}",
      "pack=${var.pack}"
    ]
-    script = "./raspiblitz.sh"
+    script = "./build.raspiblitz.sh"
  }

  provisioner "shell" {
@ -63,4 +69,10 @@ build {
      "echo 'OK'",
    ]
  }
+
+  provisioner "shell" {
+    inline = [
+      "if [ \"${var.pack}\" = \"base\" ]; then echo 'Adding stop file to /boot/'; touch /boot/stop; fi"
+    ]
+  }
 }
--- a/ci/arm64-rpi/build.raspiblitz.sh
+++ b/ci/arm64-rpi/build.raspiblitz.sh
@ -5,11 +5,14 @@ wget https://raw.githubusercontent.com/${github_user}/raspiblitz/${branch}/build

 if [ "${pack}" = "fatpack" ]; then
  fatpack="1"
-  # make /dev/shm world writable for qemu
-  sudo chmod 777 /dev/shm
+  display="lcd"
 else
  fatpack="0"
+  display="headless"
 fi

+# make /dev/shm world writable for qemu
+sudo chmod 777 /dev/shm
+
 echo 'Build RaspiBlitz ...'
-bash build_sdcard.sh -f ${fatpack} -u ${github_user} -b ${branch} -d headless -t false -w off -i false
+bash build_sdcard.sh -f ${fatpack} -u ${github_user} -b ${branch} -t false -w off -i false -d ${display}
--- a/ci/arm64-rpi/packer.build.arm64-rpi.local.sh
+++ b/ci/arm64-rpi/packer.build.arm64-rpi.local.sh
@ -1,6 +1,6 @@
 #!/bin/bash -e

-echo "\n# Install dependencies with apt"
+echo -e "\n# Install dependencies with apt"
 if [ "$(uname -n)" = "ubuntu" ]; then
  sudo add-apt-repository -y universe
 fi
@ -36,44 +36,37 @@ fi

 echo -e "\n# Install Go"
 export PATH=$PATH:/usr/local/go/bin
-if ! go version 2>/dev/null | grep "1.18.9"; then
-  wget --progress=bar:force https://go.dev/dl/go1.18.9.linux-amd64.tar.gz
-  echo "015692d2a48e3496f1da3328cf33337c727c595011883f6fc74f9b5a9c86ffa8 go1.18.9.linux-amd64.tar.gz" | sha256sum -c - || exit 1
-  sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go1.18.9.linux-amd64.tar.gz
-  sudo rm -rf go1.18.9.linux-amd64.tar.gz
+# https://go.dev/dl/
+GOVERSION="1.20.6"
+GOHASH="b945ae2bb5db01a0fb4786afde64e6fbab50b67f6fa0eb6cfa4924f16a7ff1eb"
+if ! go version 2>/dev/null | grep "${GOVERSION}"; then
+  wget --progress=bar:force https://go.dev/dl/go${GOVERSION}.linux-amd64.tar.gz
+  echo "${GOHASH} go${GOVERSION}.linux-amd64.tar.gz" | sha256sum -c - || exit 1
+  sudo rm -rf /usr/local/go && sudo tar -C /usr/local -xzf go${GOVERSION}.linux-amd64.tar.gz
+  sudo rm -rf go${GOVERSION}.linux-amd64.tar.gz
 else
-  echo "# Go 1.18.9 is installed"
+  echo "# Go ${GOVERSION} is installed"
 fi

 echo -e "\n# Download the packer-builder-arm plugin"
 git clone https://github.com/mkaczanowski/packer-builder-arm
 cd packer-builder-arm
-# pin to commit hash https://github.com/mkaczanowski/packer-builder-arm/commits/master
-git reset --hard 6636c687ece53f7d1f5f2b35aa41f0e6132949c4
+# https://github.com/mkaczanowski/packer-builder-arm/releases
+git reset --hard "v1.0.7"
 echo -e "\n# Build the packer-builder-arm plugin"
 go mod download
 go build || exit 1

-if [ $# -gt 0 ]; then
-  pack=$1
-else
-  pack=lean
-fi
+# set vars
+echo "# Setting the variables: $*"
+# running from the ci/arm64-rpi/packer-builder-arm directory
+source ../../set_variables.sh
+set_variables "$@"

-if [ $# -gt 1 ]; then
-  github_user=$2
-else
-  github_user=rootzoll
-fi
-
-if [ $# -gt 2 ]; then
-  branch=$3
-else
-  branch=dev
-fi
-
-cp ../arm64-rpi.pkr.hcl ./
-cp ../raspiblitz.sh ./
+cp ../build.arm64-rpi.pkr.hcl ./
+cp ../build.raspiblitz.sh ./

 echo -e "\n# Build the image"
-packer build -var github_user=${github_user} -var branch=${branch} -var pack=${pack} arm64-rpi.pkr.hcl
+command="packer build ${vars} build.arm64-rpi.pkr.hcl"
+echo "# Running: $command"
+$command || exit 1
--- a/ci/arm64-rpi/packer.build.arm64-rpi.sh
+++ b/ci/arm64-rpi/packer.build.arm64-rpi.sh
@ -1,26 +1,15 @@
 #!/bin/bash -e

-if [ $# -gt 0 ]; then
-  pack=$1
-else
-  pack=lean
-fi
+# set vars
+echo "# Setting the variables: $*"
+source ../set_variables.sh
+set_variables "$@"

-if [ $# -gt 1 ]; then
-  github_user=$2
-else
-  github_user=rootzoll
-fi
-
-if [ $# -gt 2 ]; then
-  branch=$3
-else
-  branch=dev
-fi
-
-# Build the image in docker
-echo -e "\nBuild Packer image..."
+# build the image in docker
+echo -e "\nBuild the image..."
 # from https://hub.docker.com/r/mkaczanowski/packer-builder-arm/tags
-docker run --rm --privileged -v /dev:/dev -v ${PWD}:/build \
- mkaczanowski/packer-builder-arm:1.0.5@sha256:a6371a3230b94c308e9a8cd55da1ae0d23bd670b7e558b39683c24f489d03e53 \
- build -var github_user=${github_user} -var branch=${branch} -var pack=${pack} arm64-rpi.pkr.hcl
+command="docker run --rm --privileged -v /dev:/dev -v ${PWD}:/build \
+  mkaczanowski/packer-builder-arm@sha256:0ff8ce0cf33e37be6c351c8bcb2643835c7f3525b7f591808b91c04238d45695 \
+  build ${vars} build.arm64-rpi.pkr.hcl"
+echo "# Running: $command"
+$command || exit 1
--- a/ci/packer.sh
+++ b/ci/packer.sh
@ -0,0 +1,300 @@
+#!/usr/bin/env bash
+
+#########################################################################
+# script to trigger packer image build on a debian LIVE system
+# see FAQ.dev.md for instructions
+##########################################################################
+
+# YOUR REPO (REPLACE WITH YOUR OWN FORK IF NEEDED)
+REPO="https://github.com/raspiblitz/raspiblitz"
+
+# folders to store the build results
+BUILDFOLDER="images"
+
+# check if started with sudo
+if [ "$EUID" -ne 0 ]; then
+  echo "error='run as root / may use sudo'"
+  exit 1
+fi
+
+# usage info
+echo "packer.sh [BRANCH] [arm|x86] [min|fat] [?lastcommithash]"
+echo "Build RaspiBlitz install images on a Debian LIVE system"
+echo "From repo (change in script is needed):"
+echo $REPO
+echo "Results will be stored in:"
+echo $BUILDFOLDER
+echo "Start this script in the root of an writable 128GB NTFS formatted USB drive."
+
+# check if internet is available
+if ping -c 1 "1.1.1.1" &> /dev/null; then
+  echo "# checking internet"
+else
+  echo "error='script needs internet connection to run'"
+  exit 1
+fi
+
+# get parameters
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
+
+  # by input
+  read -p "Press ENTER to continue or CTRL+C to exit"
+  read -p "Enter the branch to build: " BRANCH
+  read -p "Enter the architecture to build (arm|x86): " ARCH
+  read -p "Enter the type to build (min|fat): " TYPE
+  read -p "Enter the last commit hash to check (optional): " COMMITHASH
+
+else
+
+  # by command line
+  BRANCH=$1
+  ARCH=$2
+  TYPE=$3
+  COMMITHASH=$4
+  
+fi
+
+# check if branch is set
+if [ ${#BRANCH} -eq 0 ]; then
+  echo "error='branch not set'"
+  exit 1
+fi
+
+# check if arch is set
+if [ ${#ARCH} -eq 0 ]; then
+  echo "error='ARCH not set'"
+  exit 1
+fi
+if [ "$ARCH" != "arm" ] && [ "$ARCH" != "x86" ]; then
+  echo "error='ARCH not supported'"
+  exit 1
+fi
+
+# check if type is set
+if [ ${#TYPE} -eq 0 ]; then
+  echo "error='TYPE not set'"
+  exit 1
+fi
+if [ "$TYPE" != "min" ] && [ "$TYPE" != "fat" ]; then
+  echo "error='TYPE not supported'"
+  exit 1
+fi
+
+# install git and make
+apt update && apt install -y git make
+
+# clean old repo
+rm -rf raspiblitz 2>/dev/null
+
+# download the repo
+git clone $REPO
+if [ $? -gt 0 ]; then
+  echo "# REPO: ${REPO}"
+  echo "error='git clone failed'"
+  exit 1
+fi
+
+cd raspiblitz
+
+# checkout the desired branch
+git checkout $BRANCH
+if [ $? -gt 0 ]; then
+  cd ..
+  rm -rf raspiblitz 2>/dev/null
+  echo "# BRANCH: ${BRANCH}"
+  echo "error='git checkout BRANCH failed'"
+  exit 1
+fi
+
+# check commit hash if set
+if [ ${#COMMITHASH} -gt 0 ]; then
+  echo "# CHECKING COMMITHASH"
+  actualCOMMITHASH=$(git log -1 --format=%H)
+  echo "# actual(${actualCOMMITHASH}) ?= wanted(${COMMITHASH})"
+  matches=$(echo "${actualCOMMITHASH}" | grep -c "${COMMITHASH}")
+  if [ ${matches} -eq 0 ]; then
+    cd ..
+    rm -rf raspiblitz 2>/dev/null
+    echo "error='COMMITHASH of branch does not match'"
+    exit 1
+  fi
+  echo "# COMMITHASH CHECK OK"
+else
+  echo "# NO COMMITHASH CHECK"
+fi
+
+# make sure make build runs thru
+safedir=$(realpath ./ci/arm64-rpi/packer-builder-arm)
+echo "# Setting safe.directory to: ${safedir}"
+git config --global --add safe.directory "${safedir}"
+
+# get code version
+codeVersion=$(cat ./home.admin/_version.info | grep 'codeVersion="' | cut -d'"' -f2)
+if [ ${#codeVersion} -eq 0 ]; then
+  echo "error='codeVersion not found'"
+  exit 1
+fi
+echo "# RaspiBlitz Version: ${codeVersion}"
+
+# get date as string formatted like YEAR-MONTH-DAY
+dateString=$(date +%Y-%m-%d)
+echo "# Date: ${dateString}"
+
+if [ "${ARCH}" == "arm" ] && [ "${TYPE}" == "min" ]; then
+  PACKERTARGET="arm64-rpi-lean-image"
+  PACKERBUILDPATH="./raspiblitz/ci/arm64-rpi/packer-builder-arm/raspiblitz-arm64-rpi-lean.img"
+  PACKERFINALFILE="raspiblitz-min-v${codeVersion}-${dateString}.img"
+elif [ "${ARCH}" == "arm" ] && [ "${TYPE}" == "fat" ]; then
+  PACKERTARGET="arm64-rpi-fatpack-image" 
+  PACKERBUILDPATH="./raspiblitz/ci/arm64-rpi/packer-builder-arm/TODO" #TODO
+  PACKERFINALFILE="raspiblitz-fat-v${codeVersion}-${dateString}.img"
+elif [ "${ARCH}" == "x86" ] && [ "${TYPE}" == "min" ]; then
+  PACKERTARGET="amd64-lean-server-legacyboot-image"
+  PACKERBUILDPATH="./raspiblitz/ci/amd64/builds/raspiblitz-amd64-debian-lean-qemu/raspiblitz-amd64-debian-lean.qcow2"
+  PACKERFINALFILE="raspiblitz-amd64-min-v${codeVersion}-${dateString}.qcow2"
+else
+  echo "error='$ARCH-$TYPE not supported'"
+  exit 1
+fi
+
+echo "# PACKER TARGET: ${PACKERTARGET}"
+echo "# PACKER BUILD PATH: ${PACKERBUILDPATH}"
+echo "# PACKER FINAL FILE: ${PACKERFINALFILE}"
+
+# check if file already exists
+if [ -f "./${BUILDFOLDER}/${PACKERFINALFILE}.img.gz" ]; then
+  echo "error='image already exists'"
+  echo "# delete ./${BUILDFOLDER}/${PACKERFINALFILE}.img.gz (and all .sha256 & .sig) before trying again"
+  exit 1
+fi
+
+# prevent monitor to go to sleep during long non-interactive build
+xset s off
+gsettings set org.gnome.desktop.screensaver idle-activation-enabled false
+
+echo "# BUILDING '${PACKERTARGET}' ###########################################"
+make $PACKERTARGET
+
+# check if build was successful
+if [ $? -gt 0 ]; then
+  echo "# BUILDING FAILED ###########################################"
+  echo "# Check the output above for errors."
+  exit 1
+fi
+
+echo "# BUILDING SUCCESS ###########################################"
+
+echo "# moving build to timestamped folder ./${BUILDFOLDER}"
+cd ..
+mkdir "${BUILDFOLDER}" 2>/dev/null
+
+#check that Build folder exists
+if [ ! -d "./${BUILDFOLDER}" ]; then
+  echo "# FAILED CREATING BUILD FOLDER: ./${BUILDFOLDER}"
+  exit 1
+fi
+
+# move .gz file to build folder
+mv "${PACKERBUILDPATH}.gz" "./${BUILDFOLDER}/${PACKERFINALFILE}.gz"
+if [ $? -gt 0 ]; then
+  echo "# FAILED MOVING .gz"
+  exit 1
+fi
+
+# move gz.sha256 file to build folder
+mv "${PACKERBUILDPATH}.gz.sha256" "./${BUILDFOLDER}/${PACKERFINALFILE}.gz.sha256"
+if [ $? -gt 0 ]; then
+  echo "# FAILED MOVING .gz.sha256"
+  exit 1
+fi
+
+# move sha256 file to build folder
+mv "${PACKERBUILDPATH}.sha256" "./${BUILDFOLDER}/${PACKERFINALFILE}.sha256"
+if [ $? -gt 0 ]; then
+  echo "# FAILED MOVING .sha256"
+  exit 1
+fi
+
+# special handling for qcow2
+if [ "${ARCH}" == "x86" ]; then
+  echo "# decompressing qcow2"
+  gunzip "./${BUILDFOLDER}/${PACKERFINALFILE}.gz"
+  echo "# converting qcow2 to raw"
+  qemu-img convert -f qcow2 -O raw "./${BUILDFOLDER}/${PACKERFINALFILE}.qcow2" "./${BUILDFOLDER}/${PACKERFINALFILE}.img"
+  if [ $? -gt 0 ]; then
+    echo "# FAILED CONVERTING qcow2 to raw"
+    exit 1
+  fi
+  echo "# compressing raw"
+  gzip -9 "./${BUILDFOLDER}/${PACKERFINALFILE}.img"
+  if [ $? -gt 0 ]; then
+    echo "# FAILED COMPRESSING raw"
+    exit 1
+  fi
+  echo "# removing raw"
+  rm "./${BUILDFOLDER}/${PACKERFINALFILE}.img"
+  if [ $? -gt 0 ]; then
+    echo "# FAILED REMOVING raw"
+    exit 1
+  fi
+fi
+
+
+echo "# clean up"
+rm -rf ./../raspiblitz 2>/dev/null
+
+echo "# SIGN & SECURE IMAGE ###########################################"
+echo
+
+# security check that internet is cut
+echo "# MANUAL ACTION NEEDED:"
+echo "# Cut the connection to the internet before signing the image."
+echo
+echo "# Press RETURN to continue..."
+read -r -p "" key
+if ping -c 1 "1.1.1.1" &> /dev/null; then
+    echo "# FAIL - Internet connection is up - EXITING SCRIPT"
+    exit 1
+else
+    echo "# OK - Internet connection is cut"
+fi
+echo
+
+# Note down the SHA256 checksum of the image
+echo "# MANUAL ACTION NEEDED:"
+echo "# Note down the SHA256 checksum of the image:"
+echo
+cat ./${BUILDFOLDER}/${PACKERFINALFILE}.gz.sha256
+echo 
+echo "# Press RETURN to continue..."
+read -r -p "" key
+
+# import the signer keys
+echo "# MANUAL ACTION NEEDED:"
+echo "# Keep this terminal open and the 128GB stick connected."
+echo "# Additionalley connect and unlock the USB device with the signer keys."
+echo "# Open in Filemanager and use right-click 'Open in Termonal' and run:"
+echo "# sudo gpg --import ./sub.key"
+echo "# Close that second terminal and remove USB device with signer keys."
+echo 
+echo "# Press RETURN to continue..."
+read -r -p "" key
+
+# signing instructions
+echo "# MANUAL ACTION NEEDED:"
+echo "# Please wait infront of the screen until the signing process is asks you for the password."
+echo
+cd "${BUILDFOLDER}"
+gpg --output ${PACKERFINALFILE}.gz.sig --detach-sign ${PACKERFINALFILE}.gz
+if [ $? -gt 0 ]; then
+  echo "# !!!!!!! SIGNING FAILED - redo manual before closing this terminbal !!!!!!!"
+  echo "gpg --output ${PACKERFINALFILE}.gz.sig --detach-sign ${PACKERFINALFILE}.gz"
+else
+  echo "# OK Signing successful."
+fi
+
+# last notes
+echo
+echo "Close this terminal and eject your 128GB usb device."
+echo "Have fun with your build image on it under:"
+echo "${BUILDFOLDER}/${PACKERFINALFILE}.gz"
--- a/ci/set_variables.sh
+++ b/ci/set_variables.sh
@ -0,0 +1,75 @@
+#!/bin/bash
+
+function set_variables() {
+
+  declare -A params
+  while (("$#")); do
+    case "$1" in
+    --pack)
+      params[pack]="$2"
+      shift 2
+      ;;
+    --github_user)
+      params[github_user]="$2"
+      shift 2
+      ;;
+    --branch)
+      params[branch]="$2"
+      shift 2
+      ;;
+    # arm64-rpi
+    --image_link)
+      params[image_link]="$2"
+      shift 2
+      ;;
+    # arm64-rpi
+    --image_checksum)
+      params[image_checksum]="$2"
+      shift 2
+      ;;
+    # amd64
+    # preseed.cfg
+    --preseed_file)
+      params[preseed_file]="$2"
+      shift 2
+      ;;
+    # amd64
+    # uefi | bios
+    --boot)
+      params[boot]="$2"
+      shift 2
+      ;;
+    # amd64
+    # none | gnome
+    --desktop)
+      params[desktop]="$2"
+      shift 2
+      ;;
+    --image_size)
+      params[image_size]="$2"
+      shift 2
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Error: Invalid argument"
+      exit 1
+      ;;
+    esac
+  done
+
+  # Reset the global vars string
+  vars=""
+  # Iterate over all keys in the params array
+  for key in "${!params[@]}"; do
+    # If the value for this key is not empty, add it to vars
+    if [ -n "${params[$key]}" ]; then
+      vars="$vars -var $key=${params[$key]}"
+    fi
+  done
+
+  export vars
+
+}
--- a/home.admin/00infoBlitz.sh
+++ b/home.admin/00infoBlitz.sh
@ -19,6 +19,7 @@ source <(/home/admin/_cache.sh get \
  system_ups_status \
  system_ups_battery \
  system_cpu_load \
+  system_up_text \
  system_temp_celsius \
  system_temp_fahrenheit \
  runBehindTor \
@ -311,7 +312,8 @@ if [ "${blitzapi}" == "on" ]; then
 webuiinfo="Web Admin --> http://${internet_localip}"
 fi

-datetime=$(date -R)
+datetime=$(date +"%d %b %T %z")
+datetime="${datetime} up ${system_up_text}"

 stty sane
 sleep 1
@ -326,7 +328,7 @@ ${color_yellow}               ${color_gray}${network^} Fullnode${LNinfo} ${torIn
 ${color_yellow}        ,/     ${color_yellow}%s
 ${color_yellow}      ,'/      ${color_gray}%s
 ${color_yellow}    ,' /       ${color_gray}%s, temp %s°C %s°F
-${color_yellow}  ,'  /_____   ${color_gray}Free Mem ${color_ram}${ram} ${color_gray} HDDuse ${color_hdd}%s${color_gray}
+${color_yellow}  ,'  /_____   ${color_gray}Free Mem ${color_ram}${ram} ${color_gray} HDD ${color_hdd}%s${color_gray}
 ${color_yellow},'_____    ,'  ${color_gray}SSH admin@${internet_localip}${color_gray} d${internet_rx} u${internet_tx}
 ${color_yellow}      /  ,'    ${color_gray}${webuiinfo} 
 ${color_yellow}     / ,'      ${color_gray}${network} ${color_green}${networkVersion}${color_gray}${chain}net ${networkConnectionsInfo}
@ -353,14 +355,25 @@ else
  appInfoLine=""

  # Electrum Server - electrs
-  if [ "${ElectRS}" == "on" ]; then
+  fileFlagExists=$(sudo ls /mnt/hdd/app-storage/electrs/initial-sync.done 2>/dev/null | grep -c 'initial-sync.done')
+  if [ "${ElectRS}" == "on" ] && [ $fileFlagExists -eq 0 ]; then
    error=""
-    source <(sudo /home/admin/config.scripts/bonus.electrs.sh status-sync 2>/dev/null)
+    source <(/home/admin/config.scripts/bonus.electrs.sh status-sync 2>/dev/null)
    if [ ${#infoSync} -gt 0 ]; then
      appInfoLine="Electrum: ${infoSync}"
    fi
  fi

+  # Electrum Server - fulcrum
+  fileFlagExists=$(sudo ls /mnt/hdd/app-storage/fulcrum/initial-sync.done 2>/dev/null | grep -c 'initial-sync.done')
+  if [ "${fulcrum}" == "on" ] && [ $fileFlagExists -eq 0 ]; then
+    error=""
+    source <(/home/admin/config.scripts/bonus.fulcrum.sh status-sync 2>/dev/null)
+    if [ ${#infoSync} -gt 0 ]; then
+      appInfoLine="Fulcrum: ${infoSync}"
+    fi
+  fi
+
  # Transaction Index
  source <(/home/admin/config.scripts/network.txindex.sh status)
  if [ "${txindex}" == "1" ] && [ "${isIndexed}" != "1" ]; then
--- a/home.admin/00infoLCD.sh
+++ b/home.admin/00infoLCD.sh
@ -64,8 +64,8 @@ configFile="/mnt/hdd/raspiblitz.conf"
 infoFile="/home/admin/raspiblitz.info"

 # check that user is pi
-if [ "$USER" != "pi" ]; then
-  echo "plz run as user pi --> su pi"
+if [ "$USER" != "pi" ] && [ "$USER" != "root" ]; then
+  echo "plz run as user pi or with sudo"
  exit 1
 fi

@ -86,7 +86,6 @@ while :

    # get config info if already available (with state value)
    source ${infoFile}
-    source <(/home/admin/_cache.sh get state message)

    configExists=$(ls "${configFile}" 2>/dev/null | grep -c '.conf')
    if [ ${configExists} -eq 1 ]; then
@ -94,9 +93,12 @@ while :
      source <(/home/admin/config.scripts/network.aliases.sh getvars)
    fi

-    if [ "${setupPhase}" != "done" ] || [ "${state}" == "reboot" ] || [ "${state}" == "shutdown" ] || [ "${state}" == "copytarget" ] || [ "${state}" == "copysource" ] || [ "${state}" == "copystation" ]; then
+    if [ "${setupPhase}" != "done" ] || [ "${state}" == "reboot" ] || [ "${state}" == "shutdown" ] || [ "${state}" == "copytarget" ] || [ "${state}" == "copysource" ]; then

      # show status info during boot & setup & repair on LCD
+      if [ "${state}" == "" ]; then
+        state="nostate"
+      fi
      /home/admin/setup.scripts/eventInfoWait.sh "${state}" "${message}" lcd
      sleep 1
      continue
--- a/home.admin/00mainMenu.sh
+++ b/home.admin/00mainMenu.sh
@ -89,15 +89,12 @@ fi
 if [ "${lndg}" == "on" ]; then
  OPTIONS+=(LNDG "LNDg (auto-rebalance, auto-fees)")
 fi
-if [ "${sparko}" == "on" ]; then
-  OPTIONS+=(SPARKO "Sparko Webwallet")
-fi
-if [ "${spark}" == "on" ]; then
-  OPTIONS+=(SPARK "Spark Wallet")
-fi
 if [ "${ElectRS}" == "on" ]; then
  OPTIONS+=(ELECTRS "Electrum Rust Server")
 fi
+if [ "${fulcrum}" == "on" ]; then
+  OPTIONS+=(FULCRUM "Fulcrum Electrum Server")
+fi
 if [ "${BTCRPCexplorer}" == "on" ]; then
  OPTIONS+=(EXPLORE "BTC RPC Explorer")
 fi
@ -114,6 +111,9 @@ fi
 if [ "${loop}" == "on" ]; then
  OPTIONS+=(LOOP "Loop In/Out Service")
 fi
+if [ "${lndk}" == "on" ]; then
+  OPTIONS+=(LNDK "LND BOLT 12 privacy")
+fi
 if [ "${mempoolExplorer}" == "on" ]; then
  OPTIONS+=(MEMPOOL "Mempool Space")
 fi
@ -132,9 +132,9 @@ fi
 if [ "${bos}" == "on" ]; then
  OPTIONS+=(BOS "Balance of Satoshis")
 fi
-if [ "${lnproxy}" == "on" ]; then
-  OPTIONS+=(LNPROXY "lnproxy server")
-fi
+#if [ "${lnproxy}" == "on" ]; then
+#  OPTIONS+=(LNPROXY "lnproxy server")
+#fi
 if [ "${pyblock}" == "on" ]; then
  OPTIONS+=(PYBLOCK "PyBlock")
 fi
@ -156,28 +156,21 @@ fi
 if [ "${chantools}" == "on" ]; then
  OPTIONS+=(CHANTOOLS "ChannelTools (Fund Rescue)")
 fi
-if [ "${homer}" == "on" ]; then
-  OPTIONS+=(HOMER "Homer Dashboard")
-  CHOICE_HEIGHT=$((CHOICE_HEIGHT+1))
-fi
 if [ "${circuitbreaker}" == "on" ]; then
  OPTIONS+=(CIRCUITBREAKER "Circuitbreaker (LND firewall)")
 fi
-if [ "${tallycoinConnect}" == "on" ]; then
-  OPTIONS+=(TALLY "Tallycoin Connect")
-fi
 if [ "${squeaknode}" == "on" ]; then
  OPTIONS+=(SQUEAKNODE "Squeaknode")
 fi
-if [ "${itchysats}" == "on" ]; then
-  OPTIONS+=(ITCHYSATS "Show ItchySats details")
-fi
 if [ "${lightningtipbot}" == "on" ]; then
  OPTIONS+=(LIGHTNINGTIPBOT "Show LightningTipBot details")
 fi
 if [ "${fints}" == "on" ]; then
  OPTIONS+=(FINTS "Show FinTS/HBCI details")
 fi
+if [ "${labelbase}" == "on" ]; then
+  OPTIONS+=(LABELBASE "Labelbase (UTXO labeling)")
+fi

 # dont offer to switch to "testnet view for now" - so no wswitch back to mainnet needed
 #if [ ${chain} != "main" ]; then
@ -272,30 +265,27 @@ case $CHOICE in
        ELECTRS)
            /home/admin/config.scripts/bonus.electrs.sh menu
            ;;
+        FULCRUM)
+            /home/admin/config.scripts/bonus.fulcrum.sh menu
+            ;;
        LIT)
            /home/admin/config.scripts/bonus.lit.sh menu
            ;;
        LNDG)
            /home/admin/config.scripts/bonus.lndg.sh menu
            ;;
-        SPARKO)
-            /home/admin/config.scripts/cl-plugin.sparko.sh menu mainnet
-            ;;
-        SPARK)
-            /home/admin/config.scripts/cl.spark.sh menu mainnet
-            ;;
        LNBITS)
            /home/admin/config.scripts/bonus.lnbits.sh menu
            ;;
        LNDMANAGE)
            /home/admin/config.scripts/bonus.lndmanage.sh menu
            ;;
+        LNDK)
+            /home/admin/config.scripts/bonus.lndk.sh menu
+            ;;
        LIGHTNINGTIPBOT)
            /home/admin/config.scripts/bonus.lightningtipbot.sh menu
            ;;
-        LOOP)
-            /home/admin/config.scripts/bonus.loop.sh menu
-            ;;
        MEMPOOL)
            /home/admin/config.scripts/bonus.mempool.sh menu
            ;;
@ -308,9 +298,6 @@ case $CHOICE in
        JAM)
            /home/admin/config.scripts/bonus.jam.sh menu
            ;;
-        FARADAY)
-            sudo /home/admin/config.scripts/bonus.faraday.sh menu
-            ;;
        BOS)
            sudo /home/admin/config.scripts/bonus.bos.sh menu
            ;;
@ -323,15 +310,9 @@ case $CHOICE in
        THUB)
            sudo /home/admin/config.scripts/bonus.thunderhub.sh menu
            ;;
-        TALLY)
-            sudo /home/admin/config.scripts/bonus.tallycoin-connect.sh menu
-            ;;
        ZEROTIER)
            sudo /home/admin/config.scripts/bonus.zerotier.sh menu
            ;;
-        POOL)
-            sudo /home/admin/config.scripts/bonus.pool.sh menu
-            ;;
        SPHINX)
            sudo /home/admin/config.scripts/bonus.sphinxrelay.sh menu
            ;;
@ -350,6 +331,9 @@ case $CHOICE in
        CIRCUITBREAKER)
            sudo /home/admin/config.scripts/bonus.circuitbreaker.sh menu
            ;;
+        LABELBASE)
+            sudo /home/admin/config.scripts/bonus.labelbase.sh menu
+            ;;
        FINTS)
            sudo /home/admin/config.scripts/bonus.fints.sh menu
            ;;
@ -359,9 +343,6 @@ case $CHOICE in
        SUBSCRIBE)
            /home/admin/config.scripts/blitz.subscriptions.py
            ;;
-        HOMER)
-            sudo /home/admin/config.scripts/bonus.homer.sh menu
-            ;;
        SERVICES)
            /home/admin/00settingsMenuServices.sh
            ;;
--- a/home.admin/00parallelMainnetServices.sh
+++ b/home.admin/00parallelMainnetServices.sh
@ -13,8 +13,6 @@ if [ ${#rtlWebinterface} -eq 0 ]; then rtlWebinterface="off"; fi
 if [ ${#lnd} -eq 0 ]; then lnd="off"; fi
 if [ ${#cl} -eq 0 ]; then cl="off"; fi
 if [ ${#crtlWebinterface} -eq 0 ]; then crtlWebinterface="off"; fi
-if [ ${#sparko} -eq 0 ]; then sparko="off"; fi
-if [ ${#spark} -eq 0 ]; then spark="off"; fi

 # show select dialog
 echo "run dialog ..."
@ -24,8 +22,6 @@ OPTIONS+=(l "LND on $CHAIN" ${lnd})
 OPTIONS+=(r "RTL for LND $CHAIN" ${rtlWebinterface})
 OPTIONS+=(c "Core Lightning on $CHAIN" ${cl})
 OPTIONS+=(t "RTL for CL on $CHAIN" ${crtlWebinterface})
-OPTIONS+=(s "Sparko for CL on $CHAIN" ${sparko})
-OPTIONS+=(m "Spark for CL on $CHAIN" ${spark})

 CHOICES=$(dialog --title ' Additional Services ' \
          --checklist ' use spacebar to activate/de-activate ' \
@ -145,50 +141,6 @@ else
  echo "RTL for CL $CHAIN Setting unchanged."
 fi

-# sparko process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "s")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${sparko}" != "${choice}" ]; then
-  echo "# Sparko on $CHAIN Setting changed .."
-  anychange=1
-  /home/admin/config.scripts/cl-plugin.sparko.sh ${choice} $CHAIN
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    if [ ${errorOnInstall} -eq 0 ]; then
-      /home/admin/config.scripts/cl-plugin.sparko.sh menu $CHAIN
-    else
-      l1="# FAIL on Sparko on $CHAIN install #"
-      l2="# Try manual install on terminal after reboot with:"
-      l3="/home/admin/config.scripts/cl-plugin.sparko.sh on $CHAIN"
-      dialog --title 'FAIL' --msgbox "${l1}\n${l2}\n${l3}" 7 65
-    fi
-  fi
-else
-  echo "# Sparko on $CHAIN Setting unchanged."
-fi
-
-# spark process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "m")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${spark}" != "${choice}" ]; then
-  echo "# Spark Wallet on $CHAIN Setting changed .."
-  anychange=1
-  /home/admin/config.scripts/cl.spark.sh ${choice} $CHAIN
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    if [ ${errorOnInstall} -eq 0 ]; then
-      /home/admin/config.scripts/cl.spark.sh menu $CHAIN
-    else
-      l1="# FAIL on Spark Wallet on $CHAIN install #"
-      l2="# Try manual install on terminal after reboot with:"
-      l3="/home/admin/config.scripts/cl.spark.sh on $CHAIN"
-      dialog --title 'FAIL' --msgbox "${l1}\n${l2}\n${l3}" 7 65
-    fi
-  fi
-else
-  echo "# Spark Wallet on $CHAIN Setting unchanged."
-fi
-
 if [ ${anychange} -eq 0 ]; then
     dialog --msgbox "NOTHING CHANGED!\nUse Spacebar to check/uncheck services." 8 58
     exit 0
--- a/home.admin/00parallelTestnetServices.sh
+++ b/home.admin/00parallelTestnetServices.sh
@ -13,8 +13,6 @@ if [ ${#trtlWebinterface} -eq 0 ]; then trtlWebinterface="off"; fi
 if [ ${#tlnd} -eq 0 ]; then tlnd="off"; fi
 if [ ${#tcrtlWebinterface} -eq 0 ]; then tcrtlWebinterface="off"; fi
 if [ ${#tcl} -eq 0 ]; then tcl="off"; fi
-if [ ${#tsparko} -eq 0 ]; then tsparko="off"; fi
-if [ ${#tspark} -eq 0 ]; then tspark="off"; fi

 # show select dialog
 echo "run dialog ..."
@ -24,8 +22,6 @@ OPTIONS+=(l "LND on $CHAIN" ${tlnd})
 OPTIONS+=(r "RTL for LND $CHAIN" ${trtlWebinterface})
 OPTIONS+=(c "Core Lightning on $CHAIN" ${tcl})
 OPTIONS+=(t "RTL for CL on $CHAIN" ${tcrtlWebinterface})
-OPTIONS+=(s "Sparko for CL on $CHAIN" ${tsparko})
-OPTIONS+=(m "Spark Wallet fro CL on $CHAIN" ${tspark})

 CHOICES=$(dialog --title ' Additional Services ' \
          --checklist ' use spacebar to activate/de-activate ' \
@ -142,50 +138,6 @@ else
  echo "RTL for CL $CHAIN Setting unchanged."
 fi

-# tsparko process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "s")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${tsparko}" != "${choice}" ]; then
-  echo "# Sparko on $CHAIN Setting changed .."
-  anychange=1
-  /home/admin/config.scripts/cl-plugin.sparko.sh ${choice} $CHAIN
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    if [ ${errorOnInstall} -eq 0 ]; then
-      /home/admin/config.scripts/cl-plugin.sparko.sh menu $CHAIN
-    else
-      l1="# FAIL on Sparko on $CHAIN install #"
-      l2="# Try manual install on terminal after reboot with:"
-      l3="/home/admin/config.scripts/cl-plugin.sparko.sh on $CHAIN"
-      dialog --title 'FAIL' --msgbox "${l1}\n${l2}\n${l3}" 7 65
-    fi
-  fi
-else
-  echo "# Sparko on $CHAIN Setting unchanged."
-fi
-
-# tspark process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "m")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${tspark}" != "${choice}" ]; then
-  echo "# Spark Wallet on $CHAIN Setting changed .."
-  anychange=1
-  /home/admin/config.scripts/cl.spark.sh ${choice} $CHAIN
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    if [ ${errorOnInstall} -eq 0 ]; then
-      /home/admin/config.scripts/cl.spark.sh menu $CHAIN
-    else
-      l1="# FAIL on Spark Wallet on $CHAIN install #"
-      l2="# Try manual install on terminal after reboot with:"
-      l3="/home/admin/config.scripts/cl.spark.sh on $CHAIN"
-      dialog --title 'FAIL' --msgbox "${l1}\n${l2}\n${l3}" 7 65
-    fi
-  fi
-else
-  echo "# Spark Wallet on $CHAIN Setting unchanged."
-fi
-
 if [ ${anychange} -eq 0 ]; then
     dialog --msgbox "NOTHING CHANGED!\nUse Spacebar to check/uncheck services." 8 58
     exit 0
--- a/home.admin/00raspiblitz.sh
+++ b/home.admin/00raspiblitz.sh
@ -13,7 +13,6 @@ source /mnt/hdd/raspiblitz.conf 2>/dev/null
 # INFOFILE - state data from bootstrap
 infoFile="/home/admin/raspiblitz.info"
 source ${infoFile}
-source <(/home/admin/_cache.sh get state message)

 # check that basic system phase/state information is available
 if [ "${setupPhase}" == "" ] || [ "${state}" == "" ]; then
@ -48,14 +47,6 @@ if [ "${copyInProgress}" = "1" ]; then
  exit
 fi

-# special state: copystation
-if [ "${state}" = "copystation" ]; then
-  echo "Copy Station is Running ..."
-  echo "reboot to return to normal"
-  sudo /home/admin/XXcopyStation.sh
-  exit
-fi
-
 #####################################
 # SSH MENU LOOP
 # this loop runs until user exits or
@ -99,8 +90,7 @@ do
    network \
    chain \
    lightning \
-    internet_localip \
-    system_vm_vagrant \
+    internet_localip
  )

  # background.scan is not ready yet
@ -187,11 +177,17 @@ do
        sleep 3
        continue
      fi
-    else
+    elif [ "${lightning}" = "lnd" ]; then
      if [ "${btc_default_synced}" != "1" ] || [ "${ln_default_ready}" == "0" ] || [ "${ln_default_sync_chain}" == "0" ] || [ "${ln_default_sync_initial_done}" == "0" ]; then
        /home/admin/setup.scripts/eventBlockchainSync.sh ssh
        sleep 3
        continue
+      fi  
+    else
+      if [ "${btc_default_synced}" != "1" ]; then
+        /home/admin/setup.scripts/eventBlockchainSync.sh ssh
+        sleep 3
+        continue
      fi
    fi
  fi
@ -282,25 +278,6 @@ MAINMENU > REPAIR > REPAIR-LND > RETRYSCB

    #echo "# DURING SETUP: Handle System State (${state})"

-    # when no HDD on Vagrant - just print info & exit (admin info & exit)
-    if [ "${state}" == "noHDD" ] && [ ${system_vm_vagrant} != "0" ]; then
-      echo "***********************************************************"
-      echo "VAGRANT INFO"
-      echo "***********************************************************"
-      echo "To connect a HDD data disk to your VagrantVM:"
-      echo "- shutdown VM with command: off"
-      echo "- open your VirtualBox GUI and select RaspiBlitzVM"
-      echo "- change the 'mass storage' settings"
-      echo "- add a second 'Primary Slave' drive to the already existing controller"
-      echo "- close VirtualBox GUI and run: vagrant up & vagrant ssh"
-      echo "***********************************************************"
-      echo "You can either create a new dynamic VDI with around 900GB or download"
-      echo "a VDI with a presynced blockchain to speed up setup. If you dont have 900GB"
-      echo "space on your laptop you can store the VDI file on an external drive."
-      echo "***********************************************************"
-      exit 1
-    fi
-
    # for all critical errors (admin info & exit)
    if [ "${state}" == "error" ] || [ "${state}" == "errorHDD" ]; then
      clear
@ -324,6 +301,8 @@ MAINMENU > REPAIR > REPAIR-LND > RETRYSCB
      echo "https://github.com/rootzoll/raspiblitz#support"
      echo "command to shutdown --> off"
      exit 1
+    elif [ "${state}" == "" ]; then
+      echo "state(${state}) message(${message})"
    else
        # every other state just push as event to SSH frontend
        /home/admin/setup.scripts/eventInfoWait.sh "${state}" "${message}"
--- a/home.admin/00settingsMenuBasics.sh
+++ b/home.admin/00settingsMenuBasics.sh
@ -6,7 +6,6 @@ source /home/admin/raspiblitz.info
 source /mnt/hdd/raspiblitz.conf

 echo "services default values"
-if [ ${#autoPilot} -eq 0 ]; then autoPilot="off"; fi
 if [ ${#autoUnlock} -eq 0 ]; then autoUnlock="off"; fi
 if [ ${#runBehindTor} -eq 0 ]; then runBehindTor="off"; fi
 if [ ${#networkUPnP} -eq 0 ]; then networkUPnP="off"; fi
@ -70,14 +69,6 @@ if [ ${touchscreen} -gt 0 ]; then
  touchscreenMenu='on'
 fi

-echo "# map autopilot to on/off"
-lndAutoPilotOn=$(sudo cat /mnt/hdd/lnd/lnd.conf 2>/dev/null | grep -c 'autopilot.active=1')
-if [ ${lndAutoPilotOn} -eq 1 ]; then
-  autoPilot="on"
-else
-  autoPilot="off"
-fi
-
 echo "# map clboss to on/off"
 clbossMenu='off'
 if [ "${clboss}" == "on" ]; then
@ -102,13 +93,6 @@ if [ "${clWatchtowerClient}" == "on" ]; then
  clWatchtowerClientMenu='on'
 fi

-echo "# map keysend to on/off (may take time)"
-keysend="on"
-source <(sudo /home/admin/config.scripts/lnd.keysend.sh status)
-if [ ${keysendOn} -eq 0 ]; then
-  keysend="off"
-fi
-
 # show select dialog
 echo "run dialog ..."

@ -119,7 +103,7 @@ OPTIONS+=(A 'Blitz API + WebUI' ${blitzapi})

 # LCD options (only when running with LCD screen)
 if [ "${displayClass}" == "lcd" ]; then
-  OPTIONS+=(s 'Touchscreen (experimental)' ${touchscreenMenu})
+  # OPTIONS+=(s 'Touchscreen (experimental)' ${touchscreenMenu})
  OPTIONS+=(r 'LCD Rotate' ${lcdrotateMenu})
 fi

@ -143,8 +127,6 @@ fi
 # LND & options (only when running LND)
 OPTIONS+=(m 'LND LIGHTNING LABS NODE' ${lndNode})
 if [ "${lndNode}" == "on" ]; then
-  OPTIONS+=(a '-LND Channel Autopilot' ${autoPilot})
-  OPTIONS+=(k '-LND Accept Keysend' ${keysend})
  OPTIONS+=(c '-LND Circuitbreaker (firewall)' ${circuitbreaker})
  OPTIONS+=(u '-LND Auto-Unlock' ${autoUnlock})
 fi
@ -198,18 +180,6 @@ else
  echo "Blitz API + webUI Setting unchanged."
 fi

-# LND AUTOPILOT process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "a")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${autoPilot}" != "${choice}" ] && [ "${lndNode}" == "on" ]; then
-  echo "Autopilot Setting changed .."
-  anychange=1
-  sudo /home/admin/config.scripts/lnd.autopilot.sh ${choice}
-  needsReboot=1
-else
-  echo "Autopilot Setting unchanged."
-fi
-
 # Dynamic Domain
 choice="off"; check=$(echo "${CHOICES}" | grep -c "y")
 if [ ${check} -eq 1 ]; then choice="on"; fi
@ -355,20 +325,6 @@ else
  echo "BackupdDevice setting unchanged."
 fi

-# LND Keysend process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "k")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${keysend}" != "${choice}" ] && [ "${lndNode}" == "on" ]; then
-  echo "keysend setting changed .."
-  anychange=1
-  sudo -u admin /home/admin/config.scripts/lnd.keysend.sh ${choice}
-  sudo systemctl restart lnd
-  dialog --msgbox "Accept Keysend on LND mainnet is now ${choice}.\n\nLND restarted - you might need to unlock wallet." 7 52
-  sudo -u admin /home/admin/config.scripts/lnd.unlock.sh
-else
-  echo "keysend setting unchanged."
-fi
-
 # ZeroTier process choice
 choice="off"; check=$(echo "${CHOICES}" | grep -c "z")
 if [ ${check} -eq 1 ]; then choice="on"; fi
@ -376,16 +332,8 @@ if [ "${zerotierSwitch}" != "${choice}" ]; then
  echo "zerotier setting changed .."
  anychange=1
  error=""
-  source <(sudo -u admin /home/admin/config.scripts/bonus.zerotier.sh ${choice})
-  if [ "${choice}" == "on" ]; then
-    if [ ${#error} -eq 0 ]; then
-      dialog --msgbox "Your RaspiBlitz joined the ZeroTier network." 6 46
-    else
-      if [ "${error}" != "cancel" ]; then
-        dialog --msgbox "ZeroTier Error:\n${error}" 8 46
-      fi
-    fi
-  else
+  sudo -u admin /home/admin/config.scripts/bonus.zerotier.sh ${choice}
+  if [ "${choice}" != "on" ]; then
    dialog --msgbox "ZeroTier is now OFF." 5 46
  fi

@ -427,16 +375,18 @@ if [ "${clNode}" != "${choice}" ]; then
  echo "# Core Lightning NODE Setting changed .."
  if [ "${choice}" = "on" ]; then
    echo "# turning ON"
-
    /home/admin/config.scripts/cl.install.sh on mainnet
    # generate wallet from seedwords or just display (write to dev/null to not write seed words to logs)
-    /home/admin/config.scripts/cl.hsmtool.sh new mainnet 1>/dev/null
+    echo "Generating CL wallet seedwords .."
+    /home/admin/config.scripts/cl.hsmtool.sh new mainnet noninteractive
    if [ "${testnet}" == "on" ]; then
      # no seed for testnet
+      echo "Turn on CL testnet .."
      /home/admin/config.scripts/cl.install.sh on testnet
    fi
    if [ "${signet}" == "on" ]; then
      # no seed for signet
+      echo "Turn on CL signet .."
      /home/admin/config.scripts/cl.install.sh on signet
    fi

--- a/home.admin/00settingsMenuServices.sh
+++ b/home.admin/00settingsMenuServices.sh
@ -19,7 +19,6 @@ if [ ${#jam} -eq 0 ]; then jam="off"; fi
 if [ ${#LNBits} -eq 0 ]; then LNBits="off"; fi
 if [ ${#mempoolExplorer} -eq 0 ]; then mempoolExplorer="off"; fi
 if [ ${#bos} -eq 0 ]; then bos="off"; fi
-if [ ${#lnproxy} -eq 0 ]; then lnproxy="off"; fi
 if [ ${#pyblock} -eq 0 ]; then pyblock="off"; fi
 if [ ${#thunderhub} -eq 0 ]; then thunderhub="off"; fi
 if [ ${#sphinxrelay} -eq 0 ]; then sphinxrelay="off"; fi
@ -27,16 +26,11 @@ if [ ${#lit} -eq 0 ]; then lit="off"; fi
 if [ ${#lndg} -eq 0 ]; then lndg="off"; fi
 if [ ${#whitepaper} -eq 0 ]; then whitepaper="off"; fi
 if [ ${#chantools} -eq 0 ]; then chantools="off"; fi
-if [ ${#homer} -eq 0 ]; then homer="off"; fi
-if [ ${#sparko} -eq 0 ]; then sparko="off"; fi
-if [ ${#spark} -eq 0 ]; then spark="off"; fi
-if [ ${#tallycoinConnect} -eq 0 ]; then tallycoinConnect="off"; fi
 if [ ${#helipad} -eq 0 ]; then helipad="off"; fi
-if [ ${#bitcoinminds} -eq 0 ]; then bitcoinminds="off"; fi
-if [ ${#squeaknode} -eq 0 ]; then squeaknode="off"; fi
-if [ ${#itchysats} -eq 0 ]; then itchysats="off"; fi
 if [ ${#lightningtipbot} -eq 0 ]; then lightningtipbot="off"; fi
 if [ ${#fints} -eq 0 ]; then fints="off"; fi
+if [ ${#lndk} -eq 0 ]; then lndk="off"; fi
+if [ ${#labelbase} -eq 0 ]; then labelbase="off"; fi

 # show select dialog
 echo "run dialog ..."
@ -53,8 +47,7 @@ if [ "${network}" == "bitcoin" ]; then
  OPTIONS+=(ja 'BTC JoinMarket+JoininBox menu' ${joinmarket})
  OPTIONS+=(za 'BTC Jam (JoinMarket WebUI)' ${jam})
  OPTIONS+=(wa 'BTC Download Bitcoin Whitepaper' ${whitepaper})
-  OPTIONS+=(va 'BTC Install BitcoinMinds.org' ${bitcoinminds})
-  OPTIONS+=(ua 'BTC Install ItchySats' ${itchysats})
+  OPTIONS+=(ls 'BTC Labelbase' ${labelbase})
 fi

 # available for both LND & c-lightning
@ -70,23 +63,17 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
  OPTIONS+=(la 'LND LIT (loop, pool, faraday)' ${lit})
  OPTIONS+=(gb 'LND LNDg (auto-rebalance, auto-fees)' ${lndg})
  OPTIONS+=(oa 'LND Balance of Satoshis' ${bos})
-  OPTIONS+=(lp 'LND lnproxy server' ${lnproxy})
  OPTIONS+=(ya 'LND PyBLOCK' ${pyblock})
  OPTIONS+=(ha 'LND ChannelTools (Fund Rescue)' ${chantools})
-  OPTIONS+=(xa 'LND Sphinx-Relay' ${sphinxrelay})
  OPTIONS+=(fa 'LND Helipad Boostagram reader' ${helipad})
-  OPTIONS+=(da 'LND Tallycoin Connect' ${tallycoinConnect})
-  #OPTIONS+=(qa 'LND Squeaknode' ${squeaknode})
+  OPTIONS+=(lb 'LND LNDK (experimental BOLT 12)' ${lndk})
 fi

 # just available for CL
 if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
  OPTIONS+=(ca 'Core Lightning RTL Webinterface' ${crtlWebinterface})
-  OPTIONS+=(ka 'Core Lightning Sparko WebWallet' ${sparko})
-  OPTIONS+=(na 'Core Lightning Spark Wallet' ${spark})
 fi

-OPTIONS+=(ma 'Homer Dashboard' ${homer})
 OPTIONS+=(fn 'FinTS/HBCI Interface (experimental)' ${fints})

 CHOICES=$(dialog --title ' Additional Mainnet Services ' \
@ -343,21 +330,6 @@ else
  echo "Balance of Satoshis setting unchanged."
 fi

-# lnproxy process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "lp")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${lnproxy}" != "${choice}" ]; then
-  echo "lnproxy setting changed .."
-  anychange=1
-  sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh ${choice}
-  source /mnt/hdd/raspiblitz.conf
-  if [ "${lnproxy}" =  "on" ]; then
-    sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh menu
-  fi
-else
-  echo "lnproxy setting unchanged."
-fi
-
 # PyBLOCK process choice
 choice="off"; check=$(echo "${CHOICES}" | grep -c "ya")
 if [ ${check} -eq 1 ]; then choice="on"; fi
@ -478,25 +450,6 @@ else
  echo "LNDg unchanged."
 fi

-# Sphinx Relay
-choice="off"; check=$(echo "${CHOICES}" | grep -c "xa")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${sphinxrelay}" != "${choice}" ]; then
-  echo "Sphinx-Relay Setting changed .."
-  anychange=1
-  sudo -u admin /home/admin/config.scripts/bonus.sphinxrelay.sh ${choice}
-  if [ "${choice}" =  "on" ]; then
-    echo "Giving service 1 minute to start up ... (please wait) ..."
-    sleep 60
-    whiptail --title " Installed Sphinx Server" --msgbox "\
-Sphinx Server was installed.\n
-Use the new 'SPHINX' entry in Main Menu for more info.\n
-" 10 35
-  fi
-else
-  echo "Sphinx Relay unchanged."
-fi
-
 # Helipad
 choice="off"; check=$(echo "${CHOICES}" | grep -c "fa")
 if [ ${check} -eq 1 ]; then choice="on"; fi
@ -512,21 +465,20 @@ else
  echo "Helipad setting unchanged."
 fi

-# Tallycoin
-choice="off"; check=$(echo "${CHOICES}" | grep -c "da")
+# LNDK
+choice="off"; check=$(echo "${CHOICES}" | grep -c "lb")
 if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${tallycoinConnect}" != "${choice}" ]; then
-  echo "Tallycoin Setting changed .."
+if [ "${lndk}" != "${choice}" ]; then
+  echo "LNDK Setting changed .."
  anychange=1
-  sudo -u admin /home/admin/config.scripts/bonus.tallycoin-connect.sh ${choice}
+  sudo -u admin /home/admin/config.scripts/bonus.lndk.sh ${choice}
  if [ "${choice}" =  "on" ]; then
-    whiptail --title " Installed Tallycoin-Connect" --msgbox "\
-Tallycoin-Connect was installed.\n
-Use the new 'TALLY' entry in Main Menu for more info.\n
+    whiptail --title " Installed LNDK" --msgbox "\
+LNDK was installed.\n
 " 10 45
  fi
 else
-  echo "Tallycoin Setting unchanged."
+  echo "LNDK Setting unchanged."
 fi

 # JoinMarket process choice
@ -629,111 +581,19 @@ else
  echo "Whitepaper setting unchanged."
 fi

-# Homer process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "ma")
+# labelbase process choice
+choice="off"; check=$(echo "${CHOICES}" | grep -c "ls")
 if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${homer}" != "${choice}" ]; then
-  echo "Homer settings changed .."
+if [ "${labelbase}" != "${choice}" ]; then
+  echo "Labelbase setting changed .."
  anychange=1
-  /home/admin/config.scripts/bonus.homer.sh ${choice}
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    whiptail --title " Installed Homer" --msgbox "\
-Homer was installed.\n
-Use the new 'Homer' entry in Main Menu for more info.\n
-" 10 35
-  fi
-else
-  echo "Homer Setting unchanged."
-fi
-
-# BitcoinMinds process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "va")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${bitcoinminds}" != "${choice}" ]; then
-  echo "BitcoinMinds setting changed."
-  anychange=1
-  sudo -u admin /home/admin/config.scripts/bonus.bitcoinminds.sh ${choice}
+  sudo -u admin /home/admin/config.scripts/bonus.labelbase.sh ${choice}
  source /mnt/hdd/raspiblitz.conf
-  if [ "${bitcoinminds}" =  "on" ]; then
-    sudo -u admin /home/admin/config.scripts/bonus.bitcoinminds.sh menu
+  if [ "${labelbase}" =  "on" ]; then
+    sudo -u admin /home/admin/config.scripts/bonus.labelbase.sh menu
  fi
 else
-  echo "BitcoinMinds setting unchanged."
-fi
-
-# sparko process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "ka")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${sparko}" != "${choice}" ]; then
-  echo "# Sparko on mainnet Setting changed .."
-  anychange=1
-  /home/admin/config.scripts/cl-plugin.sparko.sh ${choice} mainnet
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    if [ ${errorOnInstall} -eq 0 ]; then
-      /home/admin/config.scripts/cl-plugin.sparko.sh menu mainnet
-    else
-      l1="# FAIL on Sparko on mainnet install #"
-      l2="# Try manual install on terminal after reboot with:"
-      l3="/home/admin/config.scripts/cl-plugin.sparko.sh on mainnet"
-      dialog --title 'FAIL' --msgbox "${l1}\n${l2}\n${l3}" 7 65
-    fi
-  fi
-else
-  echo "# Sparko on mainnet Setting unchanged."
-fi
-
-# spark wallet process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "na")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${spark}" != "${choice}" ]; then
-  echo "# Spark Wallet on mainnet Setting changed .."
-  anychange=1
-  /home/admin/config.scripts/cl.spark.sh ${choice} mainnet
-  errorOnInstall=$?
-  if [ "${choice}" =  "on" ]; then
-    if [ ${errorOnInstall} -eq 0 ]; then
-      /home/admin/config.scripts/cl.spark.sh menu mainnet
-    else
-      l1="# FAIL on Spark Wallet on mainnet install #"
-      l2="# Try manual install on terminal after reboot with:"
-      l3="/home/admin/config.scripts/cl.spark.sh on mainnet"
-      dialog --title 'FAIL' --msgbox "${l1}\n${l2}\n${l3}" 7 65
-    fi
-  fi
-else
-  echo "# Spark Wallet on mainnet Setting unchanged."
-fi
-
-# squeaknode process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "qa")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${squeaknode}" != "${choice}" ]; then
-  echo "squeaknode Setting changed .."
-  anychange=1
-  sudo -u admin /home/admin/config.scripts/bonus.squeaknode.sh ${choice}
-  if [ "${choice}" =  "on" ]; then
-    sudo systemctl start squeaknode
-    sudo -u admin /home/admin/config.scripts/bonus.squeaknode.sh menu
-  fi
-else
-  echo "squeaknode setting unchanged."
-fi
-
-# ItchySats process choice
-choice="off"; check=$(echo "${CHOICES}" | grep -c "ua")
-if [ ${check} -eq 1 ]; then choice="on"; fi
-if [ "${itchysats}" != "${choice}" ]; then
-  echo "ItchySats setting changed .."
-  anychange=1
-  sudo -u admin /home/admin/config.scripts/bonus.itchysats.sh ${choice} --download
-  if [ "${choice}" =  "on" ]; then
-    sudo systemctl start itchysats
-    sudo -u admin /home/admin/config.scripts/bonus.itchysats.sh menu
-  fi
-else
-  echo "ItchySats setting unchanged."
+  echo "Labelbase setting unchanged."
 fi

 # fints process choice  
--- a/home.admin/97addMobileWallet.sh
+++ b/home.admin/97addMobileWallet.sh
@ -81,8 +81,6 @@ fi

 if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ]; then
 	OPTIONS+=(ZEUS_CLREST "Zeus to Core LightningREST (Android or iOS)")
-	OPTIONS+=(ZEUS_SPARK "Zeus to Sparko (Android or iOS)")
-	OPTIONS+=(SPARK "Spark Wallet to Sparko (Android - EXPERIMENTAL)" )
 	OPTIONS+=(FULLYNODED_CL "Fully Noded to CL REST (iOS+Tor)")
 fi

@ -149,12 +147,12 @@ Or scan the qr code on the LCD with your mobile phone.
  SENDMANY_ANDROID)

      # check if keysend is activated first
-	  source <(/home/admin/config.scripts/lnd.keysend.sh status)
+	  keysendOn=$(cat /mnt/hdd/lnd/lnd.conf | grep -c '^accept-keysend=1')
 	  if [ "${keysendOn}" == "0" ]; then
-	    whiptail --title " KEYSEND NEEDED " --msgbox "
+	    whiptail --title " LND KEYSEND NEEDED " --msgbox "
 To use the chat feature of the SendMany app, you need to activate the Keysend feature first.

-Please go to MAINMENU > SERVICES and activate KEYSEND first.
+Please go to MAINMENU > SYSTEM > LNDCONF and set accept-keysend=1 first.
 " 12 65
 	    exit 0
 	  fi
@ -283,37 +281,4 @@ ZEUS_CLREST)
  	  /home/admin/config.scripts/cl.rest.sh connect
  	  exit 0;
 	;;
-ZEUS_SPARK)
-      sudo /home/admin/config.scripts/blitz.display.sh image /home/admin/raspiblitz/pictures/app_zeus.png
-	  whiptail --title "Install Zeus on your Android or iOS Phone" \
-		--yes-button "Continue" \
-		--no-button "Cancel" \
-		--yesno "Open the https://zeusln.app/ on your mobile phone to find the App Store link or binary for your phone.\n\nWhen the app is installed and started --> Continue." 12 65
-	  if [ $? -eq 1 ]; then
-		exit 0
-	  fi
-	  sudo /home/admin/config.scripts/blitz.display.sh hide
-  	  /home/admin/config.scripts/cl-plugin.sparko.sh connect
-  	  exit 0;
-	;;
-SPARK)
-      appstoreLink="https://github.com/shesek/spark-wallet#mobile-app"
-      sudo /home/admin/config.scripts/blitz.display.sh image /home/admin/raspiblitz/pictures/app_zeus.png
-	  whiptail --title "Install Zeus on your Android Phone" \
-		--yes-button "Continue" \
-		--no-button "GitHub link" \
-		--yesno "Open the ${appstoreLink} on Android to find the App Store link or binary for your phone.\n\nWhen the app is installed and started --> Continue." 12 65
-	  if [ $? -eq 1 ]; then
-		sudo /home/admin/config.scripts/blitz.display.sh qr ${appstoreLink}
-		whiptail --title " GitHub link " --msgbox "\
-To install app open the following link:\n
-${appstoreLink}\n
-Or scan the QR code on the LCD with your mobile phone.
-" 11 70
-	  fi
-	  sudo /home/admin/config.scripts/blitz.display.sh hide
-  	  /home/admin/config.scripts/cl-plugin.sparko.sh connect
-  	  exit 0;
-;;
-
 esac
--- a/home.admin/98repairMenu.sh
+++ b/home.admin/98repairMenu.sh
@ -66,7 +66,7 @@ RaspiBlitz image to your SD card.
 }

 # get status of txindex
-source <(/home/admin/config.scripts/network.txindex.sh status)
+source <(sudo /home/admin/config.scripts/network.txindex.sh status)

 OPTIONS=()
 #OPTIONS+=(HARDWARE "Run Hardwaretest")
--- a/home.admin/99clMenu.sh
+++ b/home.admin/99clMenu.sh
@ -56,7 +56,7 @@ CHOICE=$(dialog --clear \
 case $CHOICE in
  SUMMARY)
      clear
-      /home/admin/config.scripts/cl-plugin.summary.sh $CHAIN
+      /home/admin/config.scripts/cl-plugin.summars.sh $CHAIN
      echo "Press ENTER to return to main menu."
      read key
      ;;
--- a/home.admin/99clRepairMenu.sh
+++ b/home.admin/99clRepairMenu.sh
@ -204,7 +204,7 @@ Save this password as it will be needed to restore the backup (same as the Passw
    source $_temp
    /home/admin/config.scripts/cl.hsmtool.sh seed-force "$CHAIN" "${seedWords}"
    sudo rm $_temp 2>/dev/null
-    if ! sudo ls /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret; then
+    if ! sudo ls /home/bitcoin/.lightning/${CLNETWORK}/hsm_secret 2>/dev/null; then
      echo "# There was no hsm_secret created - exiting"
      exit 15
    fi
--- a/home.admin/99connectMenu.sh
+++ b/home.admin/99connectMenu.sh
@ -34,6 +34,9 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
  OPTIONS+=(RESET "Recreate LND Macaroons & tls.cert")
  OPTIONS+=(SYNC "Sync Macaroons & tls.cert with Apps/Users")
 fi
+if [ -f /mnt/hdd/app-data/selfsignedcert/selfsigned.cert ]; then
+  OPTIONS+=(RESET-TLS "Reset the self-signed TLS certificate")
+fi

 CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
 HEIGHT=$((CHOICE_HEIGHT+6))
@ -75,7 +78,9 @@ case $CHOICE in
  EXPORT)
    sudo /home/admin/config.scripts/lnd.export.sh
    exit 0;;
-
+  RESET-TLS)
+    sudo /home/admin/config.scripts/internetselfsignedcert.sh reset
+    exit 0;;
  ALBY)
    /home/admin/config.scripts/bonus.alby.sh
    exit 0;
--- a/home.admin/99lndRepairMenu.sh
+++ b/home.admin/99lndRepairMenu.sh
@ -9,8 +9,6 @@ source <(/home/admin/config.scripts/network.aliases.sh getvars lnd $1)

 sudo mkdir /var/cache/raspiblitz/temp 2>/dev/null

-if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi
-
 askLNDbackupCopy()
 {
  whiptail --title "LND Data Backup" --yes-button "Backup" --no-button "Skip" --yesno "
@ -348,7 +346,7 @@ case $CHOICE in
    echo
    echo "Press ENTER when your backup download is done to shutdown."
    read key
-    /home/admin/config.scripts/blitz.shutdown.sh
+    sudo /home/admin/config.scripts/blitz.shutdown.sh
    ;;
  RESET-LND)
    askLNDbackupCopy
--- a/home.admin/99systemMenu.sh
+++ b/home.admin/99systemMenu.sh
@ -15,6 +15,9 @@ TITLE=" ${CHAIN} System Options "
 MENU=""    # adds lines to HEIGHT
 OPTIONS=() # adds lines to HEIGHt + CHOICE_HEIGHT

+OPTIONS+=(BTOP "Monitor system resources with btop")
+OPTIONS+=(TIME "Set Timezone")
+
 OPTIONS+=(${network}LOG "Monitor the debug.log for ${CHAIN}")
 OPTIONS+=(${network}CONF "Edit the bitcoin.conf")

@ -49,6 +52,16 @@ CHOICE=$(dialog --clear \
                2>&1 >/dev/tty)

 case $CHOICE in
+  BTOP)
+    if ! btop -v; then
+      sudo apt install -y btop
+    fi
+    # run as root to allow signal sending to any process
+    sudo btop
+    ;;
+  TIME)
+    sudo /home/admin/config.scripts/blitz.time.sh choose-timezone
+    ;;
  ${network}LOG)
    if [ ${CHAIN} = signet ]; then
      bitcoinlogpath="/mnt/hdd/bitcoin/signet/debug.log"
--- a/home.admin/99updateMenu.sh
+++ b/home.admin/99updateMenu.sh
@ -80,7 +80,7 @@ Once the LCD is white and no LEDs are blinking anymore:
 - Remove the Power from RaspiBlitz
 - Exchange the old with the new SD card
 - Connect Power back to the RaspiBlitz
- Follow the instructions on the LCD
+- Login again per SSH or WebUI

 Do you have the SD card with the new version image ready
 and do you WANT TO START UPDATE NOW?
@ -160,7 +160,7 @@ patch()
      if [ $? -eq 0 ]; then
        clear
        echo "REBOOT .."
-        /home/admin/config.scripts/blitz.shutdown.sh reboot
+        sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
        sleep 8
        exit 1
      else
@ -269,11 +269,28 @@ Do you really want to update LND now?
      if [ ${#error} -gt 0 ]; then
        whiptail --title "ERROR" --msgbox "${error}" 8 30
      else
-        # if loop was installed before reinstall
-        if [ "${loop}" == "on" ]; then
-          sudo -u admin /home/admin/config.scripts/bonus.loop.sh on
+        whiptail \
+         --title " LND update " \
+         --yes-button "Reboot" \
+         --no-button "Skip Reboot" \
+         --yesno \
+"OK LND update is done.
+
+By default a reboot is advised to sync macaroons and the TLS certificate.
+Consider rebooting later manually if encountering any problems.
+      " 12 50
+        if [ $? -eq 0 ]; then
+          clear
+          echo "# REBOOT .."
+          sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
+          sleep 8
+          exit 1
+        else
+          echo "# SKIP REBOOT"
+          echo "# starting the lnd.service .."
+          sudo systemctl start lnd
+          exit 0
        fi
-        /home/admin/config.scripts/blitz.shutdown.sh reboot
        sleep 8
      fi
      ;;
@ -297,7 +314,28 @@ Do you really want to update LND now?
      if [ ${#error} -gt 0 ]; then
        whiptail --title "ERROR" --msgbox "${error}" 8 30
      else
-        /home/admin/config.scripts/blitz.shutdown.sh reboot
+        whiptail \
+         --title " LND update " \
+         --yes-button "Reboot" \
+         --no-button "Skip Reboot" \
+         --yesno \
+"OK LND update is done.
+
+By default a reboot is advised to sync macaroons and the TLS certificate.
+Consider rebooting later manually if encountering any problems.
+      " 12 50
+        if [ $? -eq 0 ]; then
+          clear
+          echo "# REBOOT .."
+          sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
+          sleep 8
+          exit 1
+        else
+          echo "# SKIP REBOOT"
+          echo "# starting the lnd.service .."
+          sudo systemctl start lnd
+          exit 0
+        fi
        sleep 8
      fi
      ;;
@ -422,7 +460,28 @@ Do you really want to update Bitcoin Core now?
      error=""
      warn=""
      sudo -u admin /home/admin/config.scripts/bitcoin.update.sh tested
-      /home/admin/config.scripts/blitz.shutdown.sh reboot
+      whiptail \
+        --title " Bitcoin Core update " \
+        --yes-button "Reboot" \
+        --no-button "Skip Reboot" \
+        --yesno \
+"OK Bitcoin Core update is done.
+
+By default a reboot is advised.
+      " 9 40
+      if [ $? -eq 0 ]; then
+        clear
+        echo "# REBOOT .."
+        sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
+        sleep 8
+        exit 1
+      else
+        echo "# SKIP REBOOT"
+        echo "# starting the bitcoind.service .."
+        sudo systemctl start bitcoind
+        exit 0
+      fi
+      sleep 8
      ;;
    RECKLESS)
      whiptail --title "UNTESTED Bitcoin Core update to ${bitcoinLatestVersion}" --yes-button "Cancel" \
@ -443,11 +502,53 @@ Do you really want to update Bitcoin Core now?
      if [ ${#error} -gt 0 ]; then
        whiptail --title "ERROR" --msgbox "${error}" 8 30
      fi
-      /home/admin/config.scripts/blitz.shutdown.sh reboot
+      whiptail \
+        --title " Bitcoin Core update " \
+        --yes-button "Reboot" \
+        --no-button "Skip Reboot" \
+        --yesno \
+"OK Bitcoin Core update is done.
+
+By default a reboot is advised.
+      " 9 40
+      if [ $? -eq 0 ]; then
+        clear
+        echo "REBOOT .."
+        sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
+        sleep 8
+        exit 1
+      else
+        echo "# SKIP REBOOT"
+        echo "# starting the bitcoind.service .."
+        sudo systemctl start bitcoind
+        exit 0
+      fi
+      sleep 8
      ;;
    CUSTOM)
      sudo -u admin /home/admin/config.scripts/bitcoin.update.sh custom
-      /home/admin/config.scripts/blitz.shutdown.sh reboot
+      whiptail \
+        --title " Bitcoin Core update " \
+        --yes-button "Reboot" \
+        --no-button "Skip Reboot" \
+        --yesno \
+"OK Bitcoin Core update is done.
+
+By default a reboot is advised.
+      " 9 40
+      if [ $? -eq 0 ]; then
+        clear
+        echo "# REBOOT .."
+        sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
+        sleep 8
+        exit 1
+      else
+        echo "# SKIP REBOOT"
+        echo "# starting the bitcoind.service .."
+        sudo systemctl start bitcoind
+        exit 0
+      fi
+      sleep 8
      ;;
  esac
 }
@ -494,9 +595,9 @@ if [ "${lndg}" == "on" ]; then
 fi

 ## Disabled for now until the base image has Python 3.10
-#if [ "${specter}" == "on" ]; then
-#  OPTIONS+=(SPECTER "Update Specter Desktop")
-#fi
+if [ "${specter}" == "on" ]; then
+  OPTIONS+=(SPECTER "Update Specter Desktop")
+fi

 if [ "${BTCPayServer}" == "on" ]; then
  OPTIONS+=(BTCPAY "Update BTCPayServer")
@ -506,10 +607,6 @@ if [ "${sphinxrelay}" == "on" ]; then
  OPTIONS+=(SPHINX "Update Sphinx Server Relay")
 fi

-if [ "${homer}" == "on" ]; then
-  OPTIONS+=(HOMER "Update Homer")
-fi
-
 if [ "${mempoolExplorer}" == "on" ]; then
  OPTIONS+=(MEMPOOL "Update Mempool Explorer")
 fi
@ -522,10 +619,6 @@ if [ "${runBehindTor}" == "on" ]; then
  OPTIONS+=(TOR "Update Tor from the Torproject repo")
 fi

-if [ "${itchysats}" == "on" ]; then
-  OPTIONS+=(ITCHYSATS "Update ItchySats")
-fi
-
 CHOICE_HEIGHT=$(("${#OPTIONS[@]}/2+1"))
 HEIGHT=$((CHOICE_HEIGHT+6))
 CHOICE=$(dialog --clear \
@ -581,16 +674,10 @@ case $CHOICE in
  TOR)
    sudo /home/admin/config.scripts/tor.network.sh update
    ;;
-  HOMER)
-    /home/admin/config.scripts/bonus.homer.sh update
-    ;;
  MEMPOOL)
    /home/admin/config.scripts/bonus.mempool.sh update
    ;;
  JAM)
    /home/admin/config.scripts/bonus.jam.sh update
    ;;
-  ITCHYSATS)
-    /home/admin/config.scripts/bonus.itchysats.sh update
-    ;;
 esac
--- a/home.admin/BlitzTUI/blitztui/memo.py
+++ b/home.admin/BlitzTUI/blitztui/memo.py
@ -682,7 +682,7 @@ adjectives = [
    "picky",
    "pied",
    "piggy",
-    "pilar",
+    "pillar",
    "pink",
    "plain",
    "plane",
--- a/home.admin/BlitzTUI/data/Wordlist-Adjectives-Common-Audited-Len-3-6.txt
+++ b/home.admin/BlitzTUI/data/Wordlist-Adjectives-Common-Audited-Len-3-6.txt
@ -648,7 +648,7 @@ piano
 picky
 pied
 piggy
-pilar
+pillar
 pink
 plain
 plane
--- a/home.admin/BlitzTUI/docs/README.md
+++ b/home.admin/BlitzTUI/docs/README.md
@ -39,7 +39,7 @@ Have a look at the [Mini-Tutorial](tutorial.md)
 ## Release workflow

 * `make build-ui` - in case there were any changes to the *.ui or *.qrc files
-* make sure you have all changes added and commited (consider re-basing)
+* make sure you have all changes added and committed (consider re-basing)
 * update the version in `blitztui/version.py`
 * update the `CHANGELOG.md` file (reflect the new version!)
 * `git add CHANGELOG.md blitztui/version.py`
--- a/home.admin/XXcopyStation.sh
+++ b/home.admin/XXcopyStation.sh
@ -1,296 +0,0 @@
-#!/bin/bash
-
-# command info
-if [ "$1" = "-h" ] || [ "$1" = "-help" ]; then
- echo "# Turns the RaspiBlitz into HDD CopyStation Mode"
- echo "# lightning is deactivated during CopyStationMode"
- echo "# reboot RaspiBlitz to set back to normal mode"
- exit 1
-fi
-
-####### CONFIG #############
-
-# where to find the BITCOIN data directory (no trailing /)
-pathBitcoinBlockchain="/mnt/hdd/bitcoin"
-
-# where to find the RaspiBlitz HDD template directory (no trailing /)
-pathTemplateHDD="/mnt/hdd/app-storage/templateHDD"
-
-####### SCRIPT #############
-
-# check sudo
-if [ "$EUID" -ne 0 ]; then
-  echo "Please run as root (with sudo)"
-  exit 1
-fi
-
-# get HDD info
-source <(sudo /home/admin/config.scripts/blitz.datadrive.sh status)
-
-# check if HDD is mounted
-if [ ${isMounted} -eq 0 ]; then
-  echo "error='HDD is not mounted'"
-  exit 1
-fi
-
-# check if HDD is big enough
-if [ ${hddGigaBytes} -lt 800 ]; then
-  echo "# To run copy station (+/- 1TB needed)"
-  echo "error='HDD is too small'"
-  exit 1
-fi
-
-# check that path information is valid
-if [ -d "$pathBitcoinBlockchain" ]; then
-  echo "# OK found $pathBitcoinBlockchain"
-else
-  echo "# FAIL path of 'pathBitcoinBlockchain' does not exists: ${pathBitcoinBlockchain}"
-  echo "error='pathBitcoinBlockchain not found'"
-  exit 1
-fi
-
-# make sure that its running in screen
-# call with '-foreground' to prevent running in screen
-if [ "$1" != "-foreground" ]; then 
-  screenPID=$(screen -ls | grep "copystation" | cut -d "." -f1 | xargs)
-  if [ ${#screenPID} -eq 0 ]; then
-    # start copystation in screen 
-    echo "# starting copystation screen session"
-    screen -S copystation -dm /home/admin/XXcopyStation.sh -foreground
-    screen -d -r
-    exit 0
-  else
-    echo "# changing into running copystation screen session"
-    screen -d -r
-    exit 0
-  fi
-fi
-
-clear
-echo "# ******************************"
-echo "# RASPIBLITZ COPYSTATION SCRIPT"
-echo "# ******************************"
-echo
-echo "Make sure that no target HDD/SSDs are not connected yet .."
-echo
-sudo sed -i "s/^state=.*/state=copystation/g" /home/admin/raspiblitz.info 2>/dev/null
-sleep 10
-
-echo "*** CHECKING CONFIG"
-
-# check that path information is valid
-if [ -d "$pathTemplateHDD" ]; then
-  echo "# OK found $pathTemplateHDD"
-else
-  echo "# Creating: ${pathTemplateHDD}"
-  mkdir ${pathTemplateHDD}
-  chmod 777 ${pathTemplateHDD}
-fi
-
-# make sure that lnd is stopped (if running)
-systemctl stop lnd 2>/dev/null
-systemctl stop background 2>/dev/null
-
-# finding system drives (the drives that should not be synced to)
-echo "# OK - the following drives detected as the system drive: $datadisk"
-echo
-
-# BASIC IDEA:
-# 1. get fresh data from bitcoind --> template data
-# 2. detect HDDs
-# 3. sync HDDs with template data
-# repeat
-
-echo 
-echo "*** RUNNING ***"
-lastBlockchainUpdateTimestamp=1
-firstLoop=1
-
-while :
-do
-
-  # reset external data stores (needed because local vars dont work in deeper while loops)
-  echo "" > /var/cache/raspiblitz/copystationHddsInfoString.tmp
-  rm /var/cache/raspiblitz/copystationFoundTargets.flag
-  
-  ################################################
-  # 1. get fresh data from bitcoind for template data (skip on first loop)
-
-  # only execute every 30min
-  nowTimestamp=$(date +%s)
-  secondsDiff=$(echo "${nowTimestamp}-${lastBlockchainUpdateTimestamp}" | bc)
-  echo "# seconds since last update from bitcoind: ${secondsDiff}"
-  echo
-
-  if [ ${secondsDiff} -gt 3000 ]; then
-  
-    echo "******************************"
-    echo "Bitcoin Blockchain Update"
-    echo "******************************"
-
-    # stop blockchains
-    echo "# Stopping Blockchain ..."
-    systemctl stop bitcoind 2>/dev/null
-    sleep 10
-
-    # sync bitcoin
-    echo "# Syncing Bitcoin to template folder ..."
-    /home/admin/_cache.sh set message "Updating Template: Bitcoin"
-
-    # make sure the bitcoin directory in template folder exists
-    if [ ! -d "$pathTemplateHDD/bitcoin" ]; then
-      echo "# creating the bitcoin subfolder in the template folder"
-      mkdir ${pathTemplateHDD}/bitcoin
-      chmod 777 ${pathTemplateHDD}/bitcoin
-    fi
-
-    # do the sync to the template folder for BITCOIN
-    rsync -a --info=progress2 --delete ${pathBitcoinBlockchain}/chainstate ${pathBitcoinBlockchain}/blocks ${pathTemplateHDD}/bitcoin
-
-    # restart bitcoind (to let further setup while syncing HDDs)
-    echo "# Restarting Blockchain ..."
-    systemctl start bitcoind 2>/dev/null
-
-    # update timer
-    lastBlockchainUpdateTimestamp=$(date +%s)
-  fi
-
-  ################################################
-  # 2. detect connected HDDs and loop thru them
-
-  echo
-  echo "**************************************"
-  echo "SYNCING TEMPLATE -> CONNECTED HDD/SSDs"
-  echo "**************************************"
-  sleep 2
-  lsblk -o NAME | grep "^[s|v]d" | while read -r detectedDrive ; do
-    isSystemDrive=$(echo "${datadisk}" | grep -c "${detectedDrive}")
-    if [ ${isSystemDrive} -eq 0 ]; then
-
-      # remember that disks were found
-      touch /var/cache/raspiblitz/copystationFoundTargets.flag
-
-      # check if drives 1st partition is named BLOCKCHAIN & in EXT4 format
-      isNamedBlockchain=$(lsblk -o NAME,FSTYPE,LABEL | grep "${detectedDrive}" | grep -c "BLOCKCHAIN")
-      isFormatExt4=$(lsblk -o NAME,FSTYPE,LABEL | grep "${detectedDrive}" | grep -c "ext4")
-      
-      # init a fresh device
-      if [ ${isNamedBlockchain} -eq 0 ] || [ ${isFormatExt4} -eq 0 ]; then
-
-        echo
-        echo "**************************************************************"
-        echo "*** NEW EMPTY HDD FOUND ---> ${detectedDrive}"
-        echo "isNamedBlockchain: ${isNamedBlockchain}"
-        echo "isFormatExt4:" ${isFormatExt4}
-
-        # check if size is OK
-        size=$(lsblk -o NAME,SIZE -b | grep "^${detectedDrive}" | awk '$1=$1' | cut -d " " -f 2)
-        echo "size: ${size}"
-        if [ ${size} -lt 900000000000 ]; then
-            echo "# THE HDD/SSD IS TOO SMALL <900GB - use at least 1TB"
-            /home/admin/_cache.sh set message "HDD smaller than 1TB: ${detectedDrive}"
-            echo
-            sleep 10
-        else
-
-          choice=0
-          /home/admin/_cache.sh set message "Formatting new HDD: ${detectedDrive}"
-
-          # format the HDD
-          echo "Starting Formatting of device ${detectedDrive} ..."
-          /home/admin/config.scripts/blitz.datadrive.sh format ext4 ${detectedDrive}
-          sleep 4
-
-        fi
-
-      else
-        echo
-        echo "*** ALREADY ACTIVE HDD FOUND ---> ${detectedDrive}"
-        sleep 1
-      fi
-
-      ################################################
-      # 3. sync HDD with template data (skip on first loop)
-
-      partition=$(lsblk -o NAME,FSTYPE,LABEL | grep "${detectedDrive}" | grep "BLOCKCHAIN" | cut -d ' ' -f 1 | tr -cd "[:alnum:]")
-      if [ "${firstLoop}" != "1" ] && [ ${#partition} -gt 0 ]; then
-
-        # temp mount device
-        echo "mounting: ${partition}"
-        mkdir /mnt/hdd2 2>/dev/null
-        mount -t ext4 /dev/${partition} /mnt/hdd2
-
-        # rsync device
-        mountOK=$(lsblk -o NAME,MOUNTPOINT | grep "${detectedDrive}" | grep -c "/mnt/hdd2")
-        if [ ${mountOK} -eq 1 ]; then
-          hddsInfoString=$(cat /var/cache/raspiblitz/copystationHddsInfoString.tmp | tr '\n' ' ')
-          /home/admin/_cache.sh set message "${hddsInfoString} ${partition}>SYNC"
-          rsync -a --info=progress2 --delete ${pathTemplateHDD}/* /mnt/hdd2
-          chmod -R 777 /mnt/hdd2
-          rm -r /mnt/hdd2/lost+found 2>/dev/null
-          echo "${partition}>OK" >> /var/cache/raspiblitz/copystationHddsInfoString.tmp
-        else
-          echo "# FAIL: was not able to mount --> ${partition}"
-        fi
-        
-        # unmount device
-        umount -l /mnt/hdd2
-        
-      fi
-
-    fi
-  done
-
-  # check for flag
-  foundTargets=$(ls /var/cache/raspiblitz/copystationFoundTargets.flag 2>/dev/null | grep -c "copystationFoundTargets.flag")
-  hddsInfoString=$(cat /var/cache/raspiblitz/copystationHddsInfoString.tmp | tr '\n' ' ')
-
-  clear
-  if [ "${foundTargets}" == "1" ] && [ "${firstLoop}" == "1" ]; then
-
-    # after script found discs and did formatting ... go into full loop
-    echo "OK first loop done ..."
-    firstLoop=0
-    sleep 1
-
-  elif [ "${foundTargets}" == "0" ]; then
-
-    echo "**** NO TARGET HDD/SSDs CONNECTED ****"
-    echo
-    echo "Best way to start a new batch:"
-    echo "- Disconnect powered USB-Hub (best unplug USB cable at USB-Hub)"
-    echo "- Connect all HDD/SSDs to the disconnected USB-Hub"
-    echo "- Connect powered USB-Hub to Blitz (plug USB cable in)"
-    echo "- During formatting remember names of physical HDD/SSDs"
-    echo "- As soon as you see an OK for that HDD/SSD name you can remove it"
-    echo
-    echo "Next round starts in 30 seconds ..."
-    echo "To stop copystation script: CTRL+c and then 'restart'"
-    echo "You can close SSH terminal and script will run in background can can be re-entered."
-
-    /home/admin/_cache.sh set message "No target HDDs connected - connect USB Hub"
-    firstLoop=1
-    sleep 30
-
-  else
-
-    echo "**** SYNC LOOP DONE ****"
-    echo "HDDs ready synced:"
-    cat /var/cache/raspiblitz/copystationHddsInfoString.tmp
-    echo
-    echo "*************************"
-    echo
-    echo "Next round starts in 25 seconds ..."
-    echo "To stop copystation script: CTRL+c and then 'restart'"
-    echo "You can close SSH terminal and script will run in background can can be re-entered."
-
-    /home/admin/_cache.sh set message "Ready HDDs: ${hddsInfoString}"
-    sleep 25
-
-  fi 
-
-  clear
-  echo "starting new sync loop"
-  sleep 5
-  
-done
--- a/home.admin/_background.scan.sh
+++ b/home.admin/_background.scan.sh
@ -13,7 +13,7 @@ if [ "$1" == "only-one-loop" ]; then
 fi
 # start with parameter "install" (to setup service as systemd background running)
 if [ "$1" == "install" ]; then
-  
+
  # write systemd service
  cat > /etc/systemd/system/background.scan.service <<EOF
 # Monitor the RaspiBlitz State
@ -56,7 +56,7 @@ configFile="/mnt/hdd/raspiblitz.conf"
 # INFOFILE - persited state data
 infoFile="/home/admin/raspiblitz.info"

-# better readbale seconds (slightly off to reduce same time window trigger)
+# better readable seconds (slightly off to reduce same time window trigger)
 MINUTE=60
 MINUTE2=115
 MINUTE5=290
@ -74,21 +74,21 @@ YEAR=31536000
 usermod -G bitcoin root

 ####################################################################
-# INIT 
+# INIT
 ####################################################################

 # init values
-/home/admin/_cache.sh set system_temp_celsius "0"
-/home/admin/_cache.sh set system_temp_fahrenheit "0"
-/home/admin/_cache.sh set system_count_longscan "0"
-/home/admin/_cache.sh set system_count_undervoltage "0"
-/home/admin/_cache.sh set system_count_start_blockchain "0"
-/home/admin/_cache.sh set system_count_start_lightning "0"
-/home/admin/_cache.sh set system_count_start_tui "0"
-/home/admin/_cache.sh set btc_default_peers "0"
-/home/admin/_cache.sh set btc_default_sync_percentage "0"
-/home/admin/_cache.sh set btc_default_address ""
-/home/admin/_cache.sh set btc_default_port ""
+/home/admin/_cache.sh init system_temp_celsius "0"
+/home/admin/_cache.sh init system_temp_fahrenheit "0"
+/home/admin/_cache.sh init system_count_longscan "0"
+/home/admin/_cache.sh init system_count_undervoltage "0"
+/home/admin/_cache.sh init system_count_start_blockchain "0"
+/home/admin/_cache.sh init system_count_start_lightning "0"
+/home/admin/_cache.sh init system_count_start_tui "0"
+/home/admin/_cache.sh init btc_default_peers "0"
+/home/admin/_cache.sh init btc_default_sync_percentage "0"
+/home/admin/_cache.sh init btc_default_address ""
+/home/admin/_cache.sh init btc_default_port ""

 # import all base values from raspiblitz.info
 echo "importing: ${infoFile}"
@ -105,41 +105,31 @@ fi
 echo "importing: _version.info"
 /home/admin/_cache.sh import /home/admin/_version.info

-# basic hardware info (will not change)
-source <(/home/admin/_cache.sh valid \
-  system_board \
-  system_ram_mb \
-  system_ram_gb \
-)
-if [ "${stillvalid}" == "0" ]; then
-  source <(/home/admin/config.scripts/blitz.hardware.sh status)
-  /home/admin/_cache.sh set system_board "${board}"
-  /home/admin/_cache.sh set system_ram_mb "${ramMB}"
-  /home/admin/_cache.sh set system_ram_gb "${ramGB}"
-fi
-
-# VM detect vagrant
-source <(/home/admin/_cache.sh valid system_vm_vagrant)
-if [ "${stillvalid}" == "0" ]; then
-  vagrant=$(df | grep -c "/vagrant")
-  /home/admin/_cache.sh set system_vm_vagrant "${vagrant}"
-fi
+# get hardware info
+source <(/home/admin/config.scripts/blitz.hardware.sh status)
+/home/admin/_cache.sh set system_board "${board}"
+/home/admin/_cache.sh set system_ram_mb "${ramMB}"
+/home/admin/_cache.sh set system_ram_gb "${ramGB}"

 # flag that init was done (will be checked on each loop)
 /home/admin/_cache.sh set system_init_time "$(date +%s)"

+# add info about start to raspiblitz.log
+echo "INFO: _bootstrap.scan.sh loop started > sudo journalctl -f -u background.scan" >> /home/admin/raspiblitz.log
+
 while [ 1 ]
 do

  ####################################################################
-  # LOOP DATA (BASIC SYSTEM) 
-  # data that is always available 
+  # LOOP DATA (BASIC SYSTEM)
+  # data that is always available
  ####################################################################

  # check that redis contains init data (detect possible restart of redis)
  source <(/home/admin/_cache.sh get system_init_time)
  if [ "${system_init_time}" == "" ]; then
    echo "FAIL: CACHE IS MISSING INIT DATA ... exiting to let systemd restart"
+    echo "INFO: _bootstrap.scan.sh -> cache not running - exiting" >> /home/admin/raspiblitz.log
    exit 1
  fi

@ -147,11 +137,13 @@ do
  startTime=$(date +%s)

  #################
-  # BASIC SYSTEM 
+  # BASIC SYSTEM

  # uptime just do on every run
  system_up=$(cat /proc/uptime | grep -o '^[0-9]\+')
+  system_up_text=$(uptime -p | cut -d ' ' -f 2- | cut -d ',' -f 1 | awk '{print $1 substr($2, 1, 1)}')
  /home/admin/_cache.sh set system_up "${system_up}"
+  /home/admin/_cache.sh set system_up_text "${system_up_text}"

  # cpu load
  cpu_load=$(w | head -n 1 | cut -d 'v' -f2 | cut -d ':' -f2)
@ -167,9 +159,7 @@ do
  fi

  # ram
-  ram=$(free -m | grep Mem | awk '{ print $2 }')
-  ram_avail=$(free -m | grep Mem | awk '{ print $7 }')
-  /home/admin/_cache.sh set system_ram_mb "${ram}"
+  ram_avail=$(free -m | grep -E 'Mem|Speicher' | awk '{ print $7 }')
  /home/admin/_cache.sh set system_ram_available_mb "${ram_avail}"

  # undervoltage
@ -268,6 +258,29 @@ do
    /home/admin/_cache.sh set internet_online "${online}"
  fi

+  ###################
+  # HARDDRIVE
+
+  # info on storage medium
+  source <(/home/admin/_cache.sh valid hdd_mounted)
+  if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${MINUTE2} ]; then
+    echo "updating: /home/admin/config.scripts/blitz.datadrive.sh status"
+    source <(/home/admin/config.scripts/blitz.datadrive.sh status)
+    /home/admin/_cache.sh set hdd_mounted "${isMounted}"
+    /home/admin/_cache.sh set hdd_ssd "${isSSD}"
+    /home/admin/_cache.sh set hdd_btrfs "${isBTRFS}"
+    /home/admin/_cache.sh set hdd_raid "${isRaid}"
+    /home/admin/_cache.sh set hdd_uasp "${hddAdapterUSAP}"
+    /home/admin/_cache.sh set hdd_capacity_bytes "${hddBytes}"
+    /home/admin/_cache.sh set hdd_capacity_gb "${hddGigaBytes}"
+    /home/admin/_cache.sh set hdd_free_bytes "${hddDataFreeBytes}"
+    /home/admin/_cache.sh set hdd_free_gb "${hddDataFreeGB}"
+    /home/admin/_cache.sh set hdd_used_info "${hddUsedInfo}"
+    /home/admin/_cache.sh set hddTemperature "${hddTemperature}"
+    /home/admin/_cache.sh set hddTBSize "${hddTBSize}"
+    
+  fi
+
  # exit if still setup or higher system stopped
  source <(/home/admin/_cache.sh get setupPhase state)
  if [ "${setupPhase}" != "done" ] ||
@ -296,25 +309,6 @@ do
  # read/update config values
  source /mnt/hdd/raspiblitz.conf

-  ###################
-  # HARDDRIVE
-
-  if [ "${stillvalid}" == "0" ] || [ ${age} -gt ${MINUTE2} ]; then
-    echo "updating: /home/admin/config.scripts/blitz.datadrive.sh status"
-    source <(/home/admin/config.scripts/blitz.datadrive.sh status)
-    /home/admin/_cache.sh set hdd_mounted "${isMounted}"
-    /home/admin/_cache.sh set hdd_ssd "${isSSD}"
-    /home/admin/_cache.sh set hdd_btrfs "${isBTRFS}"
-    /home/admin/_cache.sh set hdd_raid "${isRaid}"
-    /home/admin/_cache.sh set hdd_uasp "${hddAdapterUSAP}"
-    /home/admin/_cache.sh set hdd_capacity_bytes "${hddBytes}"
-    /home/admin/_cache.sh set hdd_capacity_gb "${hddGigaBytes}"
-    /home/admin/_cache.sh set hdd_free_bytes "${hddDataFreeBytes}"
-    /home/admin/_cache.sh set hdd_free_gb "${hddDataFreeGB}"
-    /home/admin/_cache.sh set hdd_used_info "${hddUsedInfo}"
-    /home/admin/_cache.sh set hdd_blockchain_data "${hddBlocksBitcoin}"
-  fi
-
  ###################
  # BITCOIN

@ -396,7 +390,7 @@ do

      # update detail infos only when ready (get as value from cache)
      source <(/home/admin/_cache.sh meta btc_${CHAIN}net_ready)
-      if [ "${value}" == "1" ]; then 
+      if [ "${value}" == "1" ]; then

        # check if network needs update
        source <(/home/admin/_cache.sh valid \
@ -432,7 +426,7 @@ do
            /home/admin/_cache.sh set btc_${CHAIN}net_sync_progress "${btc_sync_progress}"
            /home/admin/_cache.sh set btc_${CHAIN}net_sync_percentage "${btc_sync_percentage}"
            /home/admin/_cache.sh set btc_${CHAIN}net_sync_initialblockdownload "${btc_sync_initialblockdownload}"
-            
+
            if [ "${isDefaultChain}" == "1" ]; then
              /home/admin/_cache.sh set btc_default_synced "${btc_synced}"
              /home/admin/_cache.sh set btc_default_blocks_headers "${btc_blocks_headers}"
@ -1044,7 +1038,7 @@ do
  # if was started with special parameter
  if [ "${ONLY_ONE_LOOP}" == "1" ]; then
    echo "Exiting because ONLY_ONE_LOOP==1"
-    exit 0 
+    exit 0
  fi

 done
--- a/home.admin/_background.sh
+++ b/home.admin/_background.sh
@ -13,11 +13,21 @@ configFile="/mnt/hdd/raspiblitz.conf"
 # LOGS see: sudo journalctl -f -u background

 echo "_background.sh STARTED"
+echo "INFO: _background.sh loop started - sudo journalctl -f -u background" >> /home/admin/raspiblitz.log

 # global vars
 blitzTUIHeartBeatLine=""
 /home/admin/_cache.sh set blitzTUIRestarts "0"

+# determine correct raspberrypi boot drive path (that easy to access when sd card is insert into laptop)
+raspi_bootdir=""
+if [ -d /boot/firmware ]; then
+  raspi_bootdir="/boot/firmware"
+elif [ -d /boot ]; then
+  raspi_bootdir="/boot"
+fi
+echo "# raspi_bootdir(${raspi_bootdir})"
+
 counter=0
 while [ 1 ]
 do
@ -42,7 +52,6 @@ do
  # source info & config file fresh on every loop
  source ${infoFile} 2>/dev/null
  source ${configFile} 2>/dev/null
-  source <(/home/admin/_cache.sh get state setupPhase)

  ####################################################
  # SKIP BACKGROUND TASK LOOP ON CERTAIN SYSTEM STATES
@ -104,8 +113,7 @@ do

    # detect a missing DHCP config
    if [ "${localip:0:4}" = "169." ]; then
-      echo "Missing DHCP detected ... trying emergency reboot"
-      /home/admin/config.scripts/blitz.shutdown.sh reboot
+      echo "Missing DHCP detected ..."
    else
      echo "DHCP OK"
    fi
@ -250,6 +258,32 @@ do
    fi
  fi

+  ###############################
+  # SYSTEM LOG FILE SIZES
+  ###############################
+
+  # check every 15min
+  recheckSync=$(($counter % 900))
+  if [ ${recheckSync} -eq 1 ]; then
+    echo "*** CHECK LOG FILE SIZES ***"
+    # check if log file is getting too big
+    logsMegaByte=$(sudo du -c -m /var/log | grep "total" | awk '{print $1;}')
+    if [ ${logsMegaByte} -gt 5000 ]; then
+      echo "WARN # Logs /var/log in are bigger then 5GB .. starting repair"
+      debuginfo=$(ls -la /var/log/ 2>/dev/null)
+      # dont delete directories - can make services crash
+      sudo rm /var/log/*
+      sudo touch /var/log/auth.log
+      sudo chown root:adm /var/log/auth.log
+      sudo service rsyslog restart
+      /home/admin/config.scripts/blitz.error.sh _background.sh "log-delete" "REPAIR: /var/log/ >5GB" "Logs in /var/log in were bigger then 5GB and got emergency delete to prevent fillup." "${debuginfo}"
+      sleep 10
+    else
+      echo "OK - logs are at ${logsMegaByte} MB - within safety limit"
+    fi
+    echo ""
+  fi
+
  ####################################################
  # MONITOR Initial Syncing of Bitcoin & Lightning
  # - turn off recovery mode
@ -456,11 +490,35 @@ do
        echo "--> Channel Backup File changed"

        # make copy to sd card (as local basic backup)
-        mkdir -p /home/admin/backups/scb/ 2>/dev/null
+        mkdir -p ${localBackupDir} 2>/dev/null
        cp $scbPath $localBackupPath
+        if [ $? -eq 0 ]; then
+          echo "OK channel.backup copied to '${localBackupPath}'"
+        else
+          logger -p daemon.err "_background.sh FAIL channel.backup copy to '${localBackupPath}'"
+          echo "FAIL channel.backup copy to '${localBackupPath}'"
+        fi
+
        cp $scbPath $localTimestampedPath
-        cp $scbPath /boot/channel.backup
-        echo "OK channel.backup copied to '${localBackupPath}' and '${localTimestampedPath}' and '/boot/channel.backup'"
+        if [ $? -eq 0 ]; then
+          echo "OK channel.backup copied to '${localTimestampedPath}'"
+        else
+          logger -p daemon.err "_background.sh FAIL channel.backup copy to '${localTimestampedPath}'"
+          echo "FAIL channel.backup copy to '${localTimestampedPath}'"
+        fi
+
+        # copy to boot drive (for easy recovery)
+        if [ "${raspi_bootdir}" != "" ]; then
+          cp $scbPath ${raspi_bootdir}/channel.backup
+          if [ $? -eq 0 ]; then
+            echo "OK channel.backup copied to '${raspi_bootdir}/channel.backup'"
+          else
+            logger -p daemon.err "_background.sh FAIL channel.backup copy to '${raspi_bootdir}/channel.backup'"
+            echo "FAIL channel.backup copy to '${raspi_bootdir}/channel.backup'"
+          fi
+        else
+          echo "No boot drive found - skip copy to boot"
+        fi

        # check if a additional local backup target is set
        # see ./config.scripts/blitz.backupdevice.sh
@ -487,27 +545,27 @@ do
          fi
        fi

-        # check if a SFTP backup target is set
+        # check if a SCP backup target is set
        # parameter in raspiblitz.conf:
-        # sftpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'
-        # optionally a custom option string for the sftp command can be set with
-        # sftpBackupOptions='[YOUR-CUSTOM-OPTIONS]'
+        # scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'
+        # optionally a custom option string for the scp command can be set with
+        # scpBackupOptions='[YOUR-CUSTOM-OPTIONS]'
        # On target server add the public key of your RaspiBlitz to the authorized_keys for the user
        # https://www.linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/
-        if [ ${#sftpBackupTarget} -gt 0 ]; then
+        if [ ${#scpBackupTarget} -gt 0 ]; then
          echo "--> Offsite-Backup SFTP Server"
-          if [ "${sftpBackupOptions}" == "" ]; then
-            sftpBackupOptions="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+          if [ "${scpBackupOptions}" == "" ]; then
+            scpBackupOptions="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
          fi
          # its ok to ignore known host, because data is encrypted (worst case of MiM would be: no offsite channel backup)
          # but its more likely that without ignoring known host, script might not run thru and that way: no offsite channel backup
-          sftp ${sftpBackupOptions} ${localBackupPath} ${sftpBackupTarget}/
-          sftp ${sftpBackupOptions} ${localTimestampedPath} ${sftpBackupTarget}/
+          scp ${scpBackupOptions} ${localBackupPath} ${scpBackupTarget}/
+          scp ${scpBackupOptions} ${localTimestampedPath} ${scpBackupTarget}/
          result=$?
          if [ ${result} -eq 0 ]; then
-            echo "OK - SFTP Backup exited with 0"
+            echo "OK - SCP Backup exited with 0"
          else
-            echo "FAIL - SFTP Backup exited with ${result}"
+            echo "FAIL - SCP Backup exited with ${result}"
          fi
        fi

@ -565,8 +623,8 @@ do
        mkdir -p /home/admin/backups/er/ 2>/dev/null
        cp $erPath $localBackupPath
        cp $erPath $localTimestampedPath
-        cp $erPath /boot/${netprefix}emergency.recover
-        echo "OK emergency.recover copied to '${localBackupPath}' and '${localTimestampedPath}' and '/boot/${netprefix}emergency.recover'"
+        cp $erPath ${raspi_bootdir}/${netprefix}emergency.recover
+        echo "OK emergency.recover copied to '${localBackupPath}' and '${localTimestampedPath}' and '${raspi_bootdir}/${netprefix}emergency.recover'"

        # check if a additional local backup target is set
        # see ./config.scripts/blitz.backupdevice.sh
@ -593,27 +651,27 @@ do
          fi
        fi

-        # check if a SFTP backup target is set
+        # check if a SCP backup target is set
        # parameter in raspiblitz.conf:
-        # sftpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'
-        # optionally a custom option string for the sftp command can be set with
-        # sftpBackupOptions='[YOUR-CUSTOM-OPTIONS]'
+        # scpBackupTarget='[USER]@[SERVER]:[DIRPATH-WITHOUT-ENDING-/]'
+        # optionally a custom option string for the scp command can be set with
+        # scpBackupOptions='[YOUR-CUSTOM-OPTIONS]'
        # On target server add the public key of your RaspiBlitz to the authorized_keys for the user
        # https://www.linode.com/docs/security/authentication/use-public-key-authentication-with-ssh/
-        if [ ${#sftpBackupTarget} -gt 0 ]; then
+        if [ ${#scpBackupTarget} -gt 0 ]; then
          echo "--> Offsite-Backup SFTP Server"
-          if [ "${sftpBackupOptions}" == "" ]; then
-            sftpBackupOptions="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
+          if [ "${scpBackupOptions}" == "" ]; then
+            scpBackupOptions="-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null"
          fi
          # its ok to ignore known host, because data is encrypted (worst case of MiM would be: no offsite channel backup)
          # but its more likely that without ignoring known host, script might not run thru and that way: no offsite channel backup
-          sftp ${sftpBackupOptions} ${localBackupPath} ${sftpBackupTarget}/
-          sftp ${sftpBackupOptions} ${localTimestampedPath} ${sftpBackupTarget}/
+          scp ${scpBackupOptions} ${localBackupPath} ${scpBackupTarget}/
+          scp ${scpBackupOptions} ${localTimestampedPath} ${scpBackupTarget}/
          result=$?
          if [ ${result} -eq 0 ]; then
-            echo "OK - SFTP Backup exited with 0"
+            echo "OK - SCP Backup exited with 0"
          else
-            echo "FAIL - SFTP Backup exited with ${result}"
+            echo "FAIL - SCP Backup exited with ${result}"
          fi
        fi

@ -659,6 +717,7 @@ do
  if [ ${recheckRAID} -eq 1 ]; then

    # check if BTRTFS raid is active & scrub
+    logger -p info "background.sh - RAID data check"
    source <(/home/admin/config.scripts/blitz.datadrive.sh status)
    if [ "${isBTRFS}" == "1" ] && [ "${isRaid}" == "1" ]; then
      echo "STARTING BTRFS RAID DATA CHECK ..."
--- a/home.admin/_bootstrap.sh
+++ b/home.admin/_bootstrap.sh
@ -3,6 +3,8 @@
 # This script runs on every start called by boostrap.service
 # see logs with --> tail -n 100 /home/admin/raspiblitz.log

+# NOTE: this boostrap script runs as root user (bootstrap.service) - so no sudo needed
+
 ################################
 # BASIC SETTINGS
 ################################
@ -27,22 +29,36 @@ infoFile="/home/admin/raspiblitz.info"
 # this key/value file contains the state during the setup process
 setupFile="/var/cache/raspiblitz/temp/raspiblitz.setup"

+# Backup last log file if available
+cp ${logFile} /home/admin/raspiblitz.last.log 2>/dev/null
+
 # Init boostrap log file
 echo "Writing logs to: ${logFile}"
 echo "" > $logFile
-sudo chmod 640 ${logFile}
-sudo chown root:sudo ${logFile}
+chmod 640 ${logFile}
+chown root:sudo ${logFile}
 echo "***********************************************" >> $logFile
 echo "Running RaspiBlitz Bootstrap ${codeVersion}" >> $logFile
 date >> $logFile
 echo "***********************************************" >> $logFile

-# make sure SSH server is configured & running
-sudo /home/admin/config.scripts/blitz.ssh.sh checkrepair >> ${logFile}
+# list all running systemd services for future debug
+systemctl list-units --type=service --state=running >> $logFile
+
+# check if the file /etc/ssh/sshd_init_keys exists --> initial boot of fresh sd card image
+if [ -f "/etc/ssh/sshd_init_keys" ]; then
+  echo "# init SSH KEYS fresh for new user" >> $logFile
+  /home/admin/config.scripts/blitz.ssh.sh init >> $logFile
+else
+  echo "# make sure SSH server is configured & running" >> $logFile
+  /home/admin/config.scripts/blitz.ssh.sh checkrepair >> $logFile
+fi
+
+echo "## prepare raspiblitz temp" >> $logFile

 # make sure /var/cache/raspiblitz/temp exists
-sudo mkdir -p /var/cache/raspiblitz/temp
-sudo chmod 777 /var/cache/raspiblitz/temp
+mkdir -p /var/cache/raspiblitz/temp
+chmod 777 /var/cache/raspiblitz/temp

 ################################
 # INIT raspiblitz.info
@ -74,15 +90,16 @@ ln_cl_signet_sync_initial_done=0
 source ${infoFile} 2>/dev/null

 # write fresh raspiblitz.info file
-echo "baseimage=${baseimage}" > $infoFile
+echo "state=starting" > $infoFile
+echo "message=starting" >> $infoFile
+echo "setupPhase=${setupPhase}" >> $infoFile
+echo "setupStep=${setupStep}" >> $infoFile
+echo "baseimage=${baseimage}" >> $infoFile
 echo "cpu=${cpu}" >> $infoFile
 echo "blitzapi=${blitzapi}" >> $infoFile
 echo "displayClass=${displayClass}" >> $infoFile
 echo "displayType=${displayType}" >> $infoFile
-echo "setupPhase=${setupPhase}" >> $infoFile
-echo "setupStep=${setupStep}" >> $infoFile
 echo "fsexpanded=${fsexpanded}" >> $infoFile
-echo "state=starting" >> $infoFile
 echo "btc_mainnet_sync_initial_done=${btc_mainnet_sync_initial_done}" >> $infoFile
 echo "btc_testnet_sync_initial_done=${btc_testnet_sync_initial_done}" >> $infoFile
 echo "btc_signet_sync_initial_done=${btc_signet_sync_initial_done}" >> $infoFile
@ -93,15 +110,52 @@ echo "ln_cl_mainnet_sync_initial_done=${ln_cl_mainnet_sync_initial_done}" >> $in
 echo "ln_cl_testnet_sync_initial_done=${ln_cl_testnet_sync_initial_done}" >> $infoFile
 echo "ln_cl_signet_sync_initial_done=${ln_cl_signet_sync_initial_done}" >> $infoFile

-sudo chmod 664 ${infoFile}
+chmod 664 ${infoFile}

 # write content of raspiblitz.info to logs
 cat $infoFile >> $logFile

+# determine correct raspberrypi boot drive path (that easy to access when sd card is insert into laptop)
+raspi_bootdir=""
+if [ -d /boot/firmware ]; then
+  raspi_bootdir="/boot/firmware"
+elif [ -d /boot ]; then
+  raspi_bootdir="/boot"
+fi
+echo "# raspi_bootdir(${raspi_bootdir})" >> $logFile
+
+######################################
+# STOP file flag - for manual provision
+
+# when a file 'stop' is on the sd card bootfs partition root - stop for manual provision
+flagExists=$(ls ${raspi_bootdir}/stop 2>/dev/null | grep -c 'stop')
+if [ "${flagExists}" == "1" ]; then
+  # set state info
+  /home/admin/_cache.sh set state "stop"
+  /home/admin/_cache.sh set message "stopped for manual provision"
+  systemctl stop background.service
+  systemctl stop background.scan.service
+  # log info
+  echo "INFO: 'bootstrap stopped - run command release after manual provison to remove stop flag" >> ${logFile}
+  exit 0
+fi
+
 #########################
 # INIT RaspiBlitz Cache
 #########################

+# make sure that redis service is enabled (disabled on fresh sd card image)
+redisEnabled=$(systemctl is-enabled redis-server | grep -c "enabled")
+echo "## redisEnabled(${redisEnabled})" >> $logFile
+if [ ${redisEnabled} -eq 0 ]; then
+  echo "# make sure redis is running" >> $logFile
+  sleep 6
+  systemctl status redis-server >> $logFile
+  systemctl enable redis-server >> $logFile
+  systemctl start redis-server >> $logFile
+  systemctl status redis-server >> $logFile
+fi
+
 echo "## INIT RaspiBlitz Cache ... wait background.scan.service to finish first scan loop" >> $logFile
 systemscan_runtime=""
 while [ "${systemscan_runtime}" == "" ]
@ -127,23 +181,59 @@ source ${configFile} 2>/dev/null
 ######################################
 # CHECK SD CARD STATE

-# when a file 'stop' is on the sd card boot partition - stop for manual provision
-flagExists=$(sudo ls /boot/stop | grep -c 'stop')
-if [ "${flagExists}" == "1" ]; then
-  # remove flag
-  sudo rm /boot/stop
-  # set state info
-  /home/admin/_cache.sh set state "stop"
-  /home/admin/_cache.sh set message "stopped for manual provision"
-  # log info
-  echo "INFO: 'bootstrap stopped - run release after manual provison'" >> ${logFile}
-  exit 0
+# wifi config by file on sd card
+wifiFileExists=$(ls ${raspi_bootdir}/wifi 2>/dev/null | grep -c 'wifi')
+wpaFileExists=$(ls ${raspi_bootdir}/wpa_supplicant.conf 2>/dev/null | grep -c 'wpa_supplicant.conf')
+if [ "${wifiFileExists}" == "1" ] || [ "${wpaFileExists}" == "1" ]; then
+
+  # set info
+  echo "Setting Wifi by file on sd card ..." >> ${logFile}
+  /home/admin/_cache.sh set message "setting wifi"
+
+  # File: wifi
+  # get first line as string from wifi file (NAME OF WIFI)
+  # get second line as string from wifi file (PASSWORD OF WIFI)
+  if [ "${wifiFileExists}" == "1" ]; then
+    echo "Getting data from file: ${raspi_bootdir}/wifi" >> ${logFile}
+    ssid=$(sed -n '1p' ${raspi_bootdir}/wifi | tr -d '[:space:]')
+    password=$(sed -n '2p' ${raspi_bootdir}/wifi | tr -d '[:space:]')
+  fi
+
+  # File: wpa_supplicant.conf (legacy way to set wifi)
+  # see: https://github.com/raspibolt/raspibolt/blob/a21788c0518618d17093e3f447f68a53e4efa6e7/raspibolt/raspibolt_20_pi.md#prepare-wifi
+  if [ "${wpaFileExists}" == "1" ]; then  
+    echo "Getting data from file: ${raspi_bootdir}/wpa_supplicant.conf" >> ${logFile}
+    ssid=$(grep ssid "${raspi_bootdir}/wpa_supplicant.conf" | awk -F'=' '{print $2}' | tr -d '"')
+    password=$(grep psk "${raspi_bootdir}/wpa_supplicant.conf" | awk -F'=' '{print $2}' | tr -d '"')
+  fi
+
+  # set wifi
+  err=""
+  echo "Setting Wifi SSID(${ssid}) Password(${password})" >> ${logFile}
+  source <(/home/admin/config.scripts/internet.wifi.sh on ${ssid} ${password})
+  if [ "${err}" != "" ]; then
+    echo "Setting Wifi failed - edit or remove file ${raspi_bootdir}/wifi" >> ${logFile}
+    echo "error(${err})" >> ${logFile}
+    echo "Will shutdown in 1min ..." >> ${logFile}
+    /home/admin/_cache.sh set state "errorWIFI"
+    /home/admin/_cache.sh set message "${err}"
+    sleep 60
+    shutdown now
+    exit 1
+  fi
+
+  # remove file
+  echo "Setting Wifi worked - removing file" >> ${logFile}
+  rm ${raspi_bootdir}/wifi 2>/dev/null
+  rm ${raspi_bootdir}/wpa_supplicant.conf 2>/dev/null
+else
+  echo "No Wifi config by file on sd card." >> ${logFile}
 fi

 # when the provision did not ran thru without error (ask user for fresh sd card)
-provisionFlagExists=$(sudo ls /home/admin/provision.flag | grep -c 'provision.flag')
+provisionFlagExists=$(ls /home/admin/provision.flag | grep -c 'provision.flag')
 if [ "${provisionFlagExists}" == "1" ]; then
-  sudo systemctl stop ${network}d 2>/dev/null
+  systemctl stop ${network}d 2>/dev/null
  /home/admin/_cache.sh set state "inconsistentsystem"
  /home/admin/_cache.sh set message "provision did not ran thru"
  echo "FAIL: 'provision did not ran thru' - need fresh sd card!" >> ${logFile}
@ -170,14 +260,15 @@ sleep 5
 # Emergency cleaning logs when over 1GB (to prevent SD card filling up)
 # see https://github.com/rootzoll/raspiblitz/issues/418#issuecomment-472180944
 echo "*** Checking Log Size ***"
-logsMegaByte=$(sudo du -c -m /var/log | grep "total" | awk '{print $1;}')
+logsMegaByte=$(du -c -m /var/log | grep "total" | awk '{print $1;}')
 if [ ${logsMegaByte} -gt 1000 ]; then
  echo "WARN # Logs /var/log in are bigger then 1GB" >> $logFile
  # dont delete directories - can make services crash
-  sudo rm /var/log/*
-  sudo service rsyslog restart
+  rm /var/log/*
+  service rsyslog restart
  /home/admin/_cache.sh set message "WARNING: /var/log/ >1GB"
  echo "WARN # Logs in /var/log in were bigger then 1GB and got emergency delete to prevent fillup." >> $logFile
+  ls -la /var/log >> $logFile
  echo "If you see this in the logs please report to the GitHub issues, so LOG config needs to be optimized." >> $logFile
  sleep 10
 else
@ -186,19 +277,19 @@ fi
 echo ""

 # get the state of data drive
-source <(sudo /home/admin/config.scripts/blitz.datadrive.sh status)
+source <(/home/admin/config.scripts/blitz.datadrive.sh status)

 ################################
 # WAIT LOOP: HDD CONNECTED
 ################################

 echo "Waiting for HDD/SSD ..." >> $logFile
-sudo ls -la /etc/ssh >> $logFile 
+ls -la /etc/ssh >> $logFile 
 until [ ${isMounted} -eq 1 ] || [ ${#hddCandidate} -gt 0 ]
 do

  # recheck HDD/SSD
-  source <(sudo /home/admin/config.scripts/blitz.datadrive.sh status)
+  source <(/home/admin/config.scripts/blitz.datadrive.sh status)
  echo "isMounted: $isMounted" >> $logFile
  echo "hddCandidate: $hddCandidate" >> $logFile

@ -229,33 +320,61 @@ systemInitReboot=0
 ################################
 # FORCED SWITCH TO HDMI
 # if a file called 'hdmi' gets
-# placed onto the boot part of
+# placed onto the bootfs part of
 # the sd card - switch to hdmi
 ################################

-forceHDMIoutput=$(sudo ls /boot/hdmi* 2>/dev/null | grep -c hdmi)
+forceHDMIoutput=$(ls ${raspi_bootdir}/hdmi* 2>/dev/null | grep -c hdmi)
 if [ ${forceHDMIoutput} -eq 1 ]; then
  # delete that file (to prevent loop)
-  sudo rm /boot/hdmi*
+  rm ${raspi_bootdir}/hdmi*
  # switch to HDMI what will trigger reboot
  echo "HDMI switch found ... activating HDMI display output & reboot" >> $logFile
-  sudo /home/admin/config.scripts/blitz.display.sh set-display hdmi >> $logFile
+  /home/admin/config.scripts/blitz.display.sh set-display hdmi >> $logFile
  systemInitReboot=1
  /home/admin/_cache.sh set message "HDMI"
 else
  echo "No HDMI switch found. " >> $logFile
 fi

+################################
+# GPT integrity check
+################################
+
+check_and_fix_gpt() {
+  local device=$1
+  output=$(sudo gdisk -l $device 2>&1)
+  if echo "$output" | grep -q "PMBR size mismatch"; then
+    echo "GPT PMBR size mismatch detected on $device. Fixing..." >> $logFile
+    sgdisk -e $device
+    echo "Fixed GPT PMBR size mismatch on $device." >> $logFile
+  elif echo "$output" | grep -q "The backup GPT table is not on the end of the device"; then
+    echo "Backup GPT table is not at the end of $device. Fixing..." >> $logFile
+    sgdisk -e $device
+    echo "Fixed backup GPT table location on $device." >> $logFile
+  else
+    echo "No GPT issues detected on $device." >> $logFile
+  fi
+}
+
+# List all block devices
+devices=$(lsblk -dno NAME | grep -E '^sd|^nvme|^vd|^mmcblk')
+
+# Check and fix each device
+for dev in $devices; do
+  check_and_fix_gpt /dev/$dev
+done
+
 ################################
 # FS EXPAND
 # extend sd card to maximum capacity
 ################################

-source <(sudo /home/admin/config.scripts/blitz.bootdrive.sh status)
+source <(/home/admin/config.scripts/blitz.bootdrive.sh status)
 if [ "${needsExpansion}" == "1" ] && [ "${fsexpanded}" == "0" ]; then
  echo "FSEXPAND needed ... starting process" >> $logFile
-  sudo /home/admin/config.scripts/blitz.bootdrive.sh status >> $logFile
-  sudo /home/admin/config.scripts/blitz.bootdrive.sh fsexpand >> $logFile
+  /home/admin/config.scripts/blitz.bootdrive.sh status >> $logFile
+  /home/admin/config.scripts/blitz.bootdrive.sh fsexpand >> $logFile
  systemInitReboot=1
  /home/admin/_cache.sh set message "FSEXPAND"
 elif [ "${tooSmall}" == "1" ]; then
@ -265,7 +384,7 @@ elif [ "${tooSmall}" == "1" ]; then
  /home/admin/_cache.sh set state "sdtoosmall"
  echo "System stopped. Please cut power." >> $logFile
  sleep 6000
-  sudo shutdown -r now
+  shutdown -r now
  slepp 100
  exit 1
 else
@ -282,7 +401,7 @@ fi
 ####################################

 # check if there is a WIFI configuration to backup or restore
-if [ -f "/var/cache/raspiblitz/hdd-inspect/wpa_supplicant.conf" ]; then
+if [ -d "/var/cache/raspiblitz/hdd-inspect/wifi" ]; then
  echo "WIFI RESTORE from /var/cache/raspiblitz/hdd-inspect/wpa_supplicant.conf" >> $logFile
  /home/admin/config.scripts/internet.wifi.sh backup-restore >> $logFile
 else
@ -309,10 +428,10 @@ fi
 # the sd card - delete old ssh data
 ################################

-sshReset=$(sudo ls /boot/ssh.reset* 2>/dev/null | grep -c reset)
+sshReset=$(ls ${raspi_bootdir}/ssh.reset* 2>/dev/null | grep -c reset)
 if [ ${sshReset} -eq 1 ]; then
  # delete that file (to prevent loop)
-  rm /boot/ssh.reset* >> $logFile
+  rm ${raspi_bootdir}/ssh.reset* >> $logFile
  # delete ssh certs
  echo "SSHRESET switch found ... stopping SSH and deleting old certs" >> $logFile
  /home/admin/config.scripts/blitz.ssh.sh renew >> $logFile
@ -357,7 +476,7 @@ fi
 # UASP FIX
 ################################
 /home/admin/_cache.sh set message "checking HDD"
-source <(sudo /home/admin/config.scripts/blitz.datadrive.sh uasp-fix)
+source <(/home/admin/config.scripts/blitz.datadrive.sh uasp-fix)
 if [ "${neededReboot}" == "1" ]; then
  echo "UASP FIX applied ... reboot needed." >> $logFile
  systemInitReboot=1
@ -370,10 +489,11 @@ fi
 # from actions above

 if [ "${systemInitReboot}" == "1" ]; then
-  sudo cp ${logFile} /home/admin/raspiblitz.systeminit.log
+  echo "Reboot" >> $logFile
+  cp ${logFile} /home/admin/raspiblitz.systeminit.log
  /home/admin/_cache.sh set state "reboot"
  sleep 8
-  sudo shutdown -r now
+  shutdown -r now
  sleep 100
  exit 0
 fi
@ -386,6 +506,8 @@ gotLocalIP=0
 until [ ${gotLocalIP} -eq 1 ]
 do

+  echo "gotLocalIP(${gotLocalIP})" >> $logFile
+
  # get latest network info directly
  source <(/home/admin/config.scripts/internet.sh status online)

@ -414,12 +536,41 @@ do
  sleep 1
 done

+################################
+# RaspberryPi 5 - Firmware Update (needs internet)
+# https://github.com/raspiblitz/raspiblitz/issues/4359
+################################
+
+echo "checking Firmware" >> $logFile
+/home/admin/_cache.sh set message "checking Firmware"
+if [ "${baseimage}" == "raspios_arm64" ]; then
+  echo "getting data" >> $logFile
+  isRaspberryPi5=$(cat /proc/device-tree/model 2>/dev/null | grep -c "Raspberry Pi 5")
+  firmwareBuildNumber=$(rpi-eeprom-update | grep "CURRENT" | cut -d "(" -f2 | sed 's/[^0-9]*//g')
+  echo "checking Firmware: isRaspberryPi5(${isRaspberryPi5}) firmwareBuildNumber(${firmwareBuildNumber})" >> $logFile
+  if [ ${isRaspberryPi5} -gt 0 ] && [ ${firmwareBuildNumber} -lt 1708097321 ]; then # Fri 16 Feb 15:28:41 UTC 2024 (1708097321)
+    echo "updating Firmware" >> $logFile
+    echo "RaspberryPi 5 detected with old firmware (${firmwareBuildNumber}) ... do update." >> $logFile
+    apt-get update -y
+    apt-get upgrade -y
+    apt-get install -y rpi-eeprom
+    rpi-eeprom-update -a
+    echo "Restarting ..." >> $logFile
+    sleep 3
+    reboot
+  else
+    echo "RaspberryPi Firmware not in th need of update." >> $logFile
+  fi
+else
+  echo "Not a RaspberryPi .. no firmware update needed." >> $logFile
+fi
+
 # write info for LCD
 /home/admin/_cache.sh set state "inspect-hdd"
 /home/admin/_cache.sh set message "please wait"

 # get fresh info about data drive to continue
-source <(sudo /home/admin/config.scripts/blitz.datadrive.sh status)
+source <(/home/admin/config.scripts/blitz.datadrive.sh status)

 echo "isMounted: $isMounted" >> $logFile

@ -505,11 +656,11 @@ if [ ${isMounted} -eq 0 ]; then
  do

    # get fresh info about data drive (in case the hdd gets disconnected)
-    source <(sudo /home/admin/config.scripts/blitz.datadrive.sh status)
+    source <(/home/admin/config.scripts/blitz.datadrive.sh status)
    if [ "${hddCandidate}" == "" ]; then
      /home/admin/config.scripts/blitz.error.sh _bootstrap.sh "lost-hdd" "Lost HDD connection .. triggering reboot." "happened during WAIT LOOP: USER SETUP/UPDATE/MIGRATION" ${logFile}
      sleep 8
-      sudo shutdown -r now
+      shutdown -r now
      sleep 100
      exit 0
    fi
@ -520,7 +671,7 @@ if [ ${isMounted} -eq 0 ]; then
    if [ "${localip}" == "" ]; then
      sed -i "s/^state=.*/state=errorNetwork/g" ${infoFile}
      sleep 8
-      sudo shutdown now
+      shutdown now
      sleep 100
      exit 0
    fi
@ -545,7 +696,7 @@ if [ ${isMounted} -eq 0 ]; then
  echo "the provision process was started but did not finish yet" > /home/admin/provision.flag

  # get fresh data from setup file & data drive
-  source <(sudo /home/admin/config.scripts/blitz.datadrive.sh status)
+  source <(/home/admin/config.scripts/blitz.datadrive.sh status)
  source ${setupFile}

  # special setup tasks (triggered by api/webui thru setupfile)
@ -556,7 +707,7 @@ if [ ${isMounted} -eq 0 ]; then
      
    # check if there is a flag set on sd card boot section to format as btrfs (experimental)
    filesystem="ext4"
-    flagBTRFS=$(sudo ls /boot/btrfs* 2>/dev/null | grep -c btrfs)
+    flagBTRFS=$(ls ${raspi_bootdir}/btrfs* 2>/dev/null | grep -c btrfs)
    if [ "${flagBTRFS}" != "0" ]; then
      echo "Found BTRFS flag ---> formatting with experimental BTRFS filesystem" >> ${logFile}
      filesystem="btrfs"
@ -565,8 +716,8 @@ if [ ${isMounted} -eq 0 ]; then
    # run formatting
    error=""
    /home/admin/_cache.sh set state "formathdd"
-    echo "Running Format: (${filesystem}) (${hddCandidate})" >> ${logFile}
-    source <(sudo /home/admin/config.scripts/blitz.datadrive.sh format ${filesystem} ${hddCandidate})
+    echo "Running Format: filesystem(${filesystem}) hddCandidate(${hddCandidate})" >> ${logFile}
+    source <(/home/admin/config.scripts/blitz.datadrive.sh format ${filesystem} ${hddCandidate})
    if [ "${error}" != "" ]; then
      echo "FAIL ON FORMATTING THE DRIVE:" >> ${logFile}
      echo "${error}" >> ${logFile}
@ -586,7 +737,7 @@ if [ ${isMounted} -eq 0 ]; then
    if [ "${hddGotMigrationData}" != "" ]; then
        clear
        echo "Migrating Blockchain of ${hddGotMigrationData}'" >> ${logFile}
-        source <(sudo /home/admin/config.scripts/blitz.migration.sh migration-${hddGotMigrationData})
+        source <(/home/admin/config.scripts/blitz.migration.sh migration-${hddGotMigrationData})
        if [ "${error}" != "0" ]; then
          echo "MIGRATION OF BLOCKHAIN FAILED: ${err}" >> ${logFile}
          echo "Format data disk on laptop & recover funds with fresh sd card using seed words + static channel backup." >> ${logFile}
@ -598,8 +749,8 @@ if [ ${isMounted} -eq 0 ]; then

    # delete everything but blockchain
    echo "Deleting everything on HDD/SSD while keeping blockchain ..." >> ${logFile}
-    sudo /home/admin/config.scripts/blitz.datadrive.sh tempmount 1>/dev/null 2>/dev/null
-    sudo /home/admin/config.scripts/blitz.datadrive.sh clean all -keepblockchain >> ${logFile}
+    /home/admin/config.scripts/blitz.datadrive.sh tempmount 1>/dev/null 2>/dev/null
+    /home/admin/config.scripts/blitz.datadrive.sh clean all -keepblockchain >> ${logFile}
    if [ "${error}" != "" ]; then
       echo "CLEANING HDD FAILED:" >> ${logFile}
      echo "${error}" >> ${logFile}
@ -608,7 +759,7 @@ if [ ${isMounted} -eq 0 ]; then
      /home/admin/_cache.sh set message "Fail Cleaning HDD"
      exit 1
    fi
-    sudo /home/admin/config.scripts/blitz.datadrive.sh unmount >> ${logFile}
+    /home/admin/config.scripts/blitz.datadrive.sh unmount >> ${logFile}
    /home/admin/_cache.sh set setupPhase "setup"

    sleep 2
@ -633,10 +784,10 @@ if [ ${isMounted} -eq 0 ]; then
    # will first be created and in cache drive
    # and some lines below copied to hdd when mounted
    TEMPCONFIGFILE="/var/cache/raspiblitz/temp/raspiblitz.conf"
-    sudo rm $TEMPCONFIGFILE 2>/dev/null
-    sudo touch $TEMPCONFIGFILE
-    sudo chown admin:admin $TEMPCONFIGFILE
-    sudo chmod 777 $TEMPCONFIGFILE
+    rm $TEMPCONFIGFILE 2>/dev/null
+    touch $TEMPCONFIGFILE
+    chown admin:admin $TEMPCONFIGFILE
+    chmod 777 $TEMPCONFIGFILE
    echo "# RASPIBLITZ CONFIG FILE" > $TEMPCONFIGFILE
    echo "raspiBlitzVersion='${codeVersion}'" >> $TEMPCONFIGFILE
    echo "lcdrotate='1'" >> $TEMPCONFIGFILE
@ -650,7 +801,7 @@ if [ ${isMounted} -eq 0 ]; then
  # make sure HDD is mounted (could be freshly formatted by user on last loop)
  source <(/home/admin/config.scripts/blitz.datadrive.sh status)
  echo "Temp mounting (2) data drive (hddFormat='${hddFormat}')" >> ${logFile}
-  source <(sudo /home/admin/config.scripts/blitz.datadrive.sh tempmount)
+  source <(/home/admin/config.scripts/blitz.datadrive.sh tempmount)
  echo "Temp mounting (2) result: ${isMounted}" >> ${logFile}

  # check that HDD was temp mounted
@ -662,16 +813,16 @@ if [ ${isMounted} -eq 0 ]; then

  # make sure all links between directories/drives are correct
  echo "Refreshing links between directories/drives .." >> ${logFile}
-  sudo /home/admin/config.scripts/blitz.datadrive.sh link
+  /home/admin/config.scripts/blitz.datadrive.sh link

  # copy over the raspiblitz.conf created from setup to HDD
  configExists=$(ls /mnt/hdd/raspiblitz.conf 2>/dev/null | grep -c "raspiblitz.conf")
  if [ "${configExists}" != "1" ]; then
-    sudo cp /var/cache/raspiblitz/temp/raspiblitz.conf ${configFile}
+    cp /var/cache/raspiblitz/temp/raspiblitz.conf ${configFile}
  fi

  # enable tor service
-  sudo /home/admin/config.scripts/tor.install.sh enable >> ${logFile}
+  /home/admin/config.scripts/tor.install.sh enable >> ${logFile}

  # kick-off provision process
  /home/admin/_cache.sh set state "provision"
@ -739,7 +890,31 @@ if [ ${isMounted} -eq 0 ]; then
  fi

  echo "# setting PASSWORD A" >> ${logFile}
-  sudo /home/admin/config.scripts/blitz.passwords.sh set a "${passwordA}" >> ${logFile}
+  /home/admin/config.scripts/blitz.passwords.sh set a "${passwordA}" >> ${logFile}
+
+  # Bitcoin Mainnet
+  if [ "${mainnet}" == "on" ] || [ "${chain}" == "main" ]; then
+    echo "Provisioning ${network} Mainnet - run config script" >> ${logFile}
+    /home/admin/config.scripts/bitcoin.install.sh on mainnet >> ${logFile} 2>&1
+  else
+    echo "Provisioning ${network} Mainnet - not active" >> ${logFile}
+  fi
+
+  # Bitcoin Testnet
+  if [ "${testnet}" == "on" ]; then
+    echo "Provisioning ${network} Testnet - run config script" >> ${logFile}
+    /home/admin/config.scripts/bitcoin.install.sh on testnet >> ${logFile} 2>&1
+  else
+    echo "Provisioning ${network} Testnet - not active" >> ${logFile}
+  fi
+
+  # Bitcoin Signet
+  if [ "${signet}" == "on" ]; then
+    echo "Provisioning ${network} Signet - run config script" >> ${logFile}
+    /home/admin/config.scripts/bitcoin.install.sh on signet >> ${logFile} 2>&1
+  else
+    echo "Provisioning ${network} Signet - not active" >> ${logFile}
+  fi

  # if setup - run provision setup first
  if [ "${setupPhase}" == "setup" ]; then
@ -748,7 +923,7 @@ if [ ${isMounted} -eq 0 ]; then
    /home/admin/_cache.sh set message "Provision Setup"
    /home/admin/_provision.setup.sh
    errorState=$?
-    sudo cat /home/admin/raspiblitz.provision-setup.log
+    cat /home/admin/raspiblitz.provision-setup.log
    if [ "$errorState" != "0" ]; then
      # only trigger an error message if the script hasnt itself triggered an error message already
      source <(/home/admin/_cache.sh get state)
@ -872,8 +1047,10 @@ else
  ################################
  # LND and Blockchain Errors will be still in systemd journals

-  # /mnt/hdd/bitcoin/debug.log
-  rm /mnt/hdd/${network}/debug.log 2>/dev/null
+  # limit debug.log to 10MB on start - see #3872
+  if [ $(grep -c "shrinkdebugfile=" < /mnt/hdd/bitcoin/bitcoin.conf) -eq 0 ];then
+    echo "shrinkdebugfile=1" | tee -a /mnt/hdd/bitcoin/bitcoin.conf
+  fi
  # /mnt/hdd/lnd/logs/bitcoin/mainnet/lnd.log
  rm /mnt/hdd/lnd/logs/${network}/${chain}net/lnd.log 2>/dev/null
  # https://github.com/rootzoll/raspiblitz/issues/1700
@ -937,7 +1114,7 @@ fi
 # CLEAN HDD TEMP
 #####################################
 echo "CLEANING TEMP DRIVE/FOLDER" >> $logFile
-source <(sudo /home/admin/config.scripts/blitz.datadrive.sh clean temp)
+source <(/home/admin/config.scripts/blitz.datadrive.sh clean temp)
 if [ ${#error} -gt 0 ]; then
  echo "FAIL: ${error}" >> $logFile
 else
@ -960,8 +1137,9 @@ fi
 # FORCE UASP FLAG
 ####################
 # if uasp.force flag was set on sd card - now move into raspiblitz.conf
-if [ -f "/boot/uasp.force" ]; then
+if [ -f "${raspi_bootdir}/uasp.force" ]; then
  /home/admin/config.scripts/blitz.conf.sh set forceUasp "on"
+  rm ${raspi_bootdir}/uasp.force* >> $logFile
  echo "DONE forceUasp=on recorded in raspiblitz.conf" >> $logFile
 fi

@ -971,7 +1149,7 @@ fi

 if [ -d "/mnt/hdd/app-data/subscriptions" ]; then
  echo "OK: subscription data directory exists"
-  sudo chown admin:admin /mnt/hdd/app-data/subscriptions
+  chown admin:admin /mnt/hdd/app-data/subscriptions
 else
  echo "CREATE: subscription data directory"
  mkdir /mnt/hdd/app-data/subscriptions
@ -979,7 +1157,7 @@ else
 fi

 # make sure that bitcoin service is active
-sudo systemctl enable ${network}d
+systemctl enable ${network}d

 # make sure setup/provision is marked as done
 /home/admin/_cache.sh set setupPhase "done"
@ -996,6 +1174,9 @@ if [ "${btc_default_sync_initialblockdownload}" == "1" ]; then
  /home/admin/_cache.sh focus btc_default_sync_progress 0
 fi

+# backup wifi settings
+/home/admin/config.scripts/internet.wifi.sh backup-restore
+
 # notify about (re)start if activated
 source <(/home/admin/_cache.sh get hostname)
 /home/admin/config.scripts/blitz.notify.sh send "RaspiBlitz '${hostname}' (re)started" >> $logFile
--- a/home.admin/_cache.sh
+++ b/home.admin/_cache.sh
@ -5,7 +5,7 @@
 # 2) KEY-VALUE STORE for system state infos (REDIS)

 # SECURITY NOTE: The files on the RAMDISK can be set with unix file permissions and so restrict certain users access.
-# But all data stored in the KEY-VALUE STORE has to be asumed as system-wide public information.
+# But all data stored in the KEY-VALUE STORE has to be assumed as system-wide public information.

 # command info
 if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
@ -14,28 +14,29 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ];
  echo "_cache.sh ramdisk [on|off]"
  echo "_cache.sh keyvalue [on|off]"
  echo
+  echo "_cache.sh init [key] [value] (only sets value if not exists)"
  echo "_cache.sh set [key] [value] [?expire-seconds]"
  echo "_cache.sh get [key1] [?key2] [?key3] ..."
-  echo 
+  echo
  echo "_cache.sh increment [key1]"
  echo
  echo "_cache.sh focus [key] [update-seconds] [?duration-seconds]"
  echo "# set in how many seconds value is marked to be rescanned"
-  echo "# -1 = slowest default update cycle"  
+  echo "# -1 = slowest default update cycle"
  echo "# 0  = update on every cycle"
  echo "# set a 'duration-seconds' after defaults to -1 (optional)"
-  echo 
+  echo
  echo "_cache.sh meta [key] [?default]"
  echo "# get single key with additional metadata:"
  echo "# updateseconds= see above"
  echo "# stillvalid=0/1 if value is still valid or outdated"
  echo "# lasttouch= last update timestamp in unix seconds"
-  echo 
+  echo
  echo "_cache.sh valid [key1] [?key2] [?key3] ..."
  echo "# check multiple keys if all are still not outdated"
  echo "# use for example to check if a complex call needs"
  echo "# to be made that covers multiple single data points"
-  echo 
+  echo
  echo "_cache.sh import [bash-keyvalue-file]"
  echo "# import a bash style key-value file into store"
  echo
@ -46,7 +47,7 @@ if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ];
  exit 1
 fi

-# BACKGROUND: we need to build outdated meta info manually, 
+# BACKGROUND: we need to build outdated meta info manually,
 # because there is nothing as "AGE" in redis: https://github.com/redis/redis/issues/1147
 # only feature that can be used uis the EXPIRE feature to determine if a value is still valid

@ -55,7 +56,7 @@ META_OUTDATED_SECONDS=":out"
 META_LASTTOUCH_TS=":ts"
 META_VALID_FLAG=":val"

-# path of the raspiblitz.info file (persiting cache values)
+# path of the raspiblitz.info file (persisting cache values)
 infoFile="/home/admin/raspiblitz.info"

 ###################
@ -110,15 +111,16 @@ elif [ "$1" = "keyvalue" ] && [ "$2" = "on" ]; then
  sudo apt install -y redis-server

  # edit config: dont save to disk
-  sudo sed -i "/^save .*/d" /etc/redis/redis.conf
+  # echo "# edit config"
+  sudo cp /etc/redis/redis.conf /etc/redis/redis.conf.backup
+  sudo sed -i "s/^# save \"\"/save \"\"/g" /etc/redis/redis.conf
+  sudo sed -i "s/^appendonly yes/appendonly no/g" /etc/redis/redis.conf
+  sudo sed -i "s/^stop-writes-on-bgsave-error yes/stop-writes-on-bgsave-error no/g" /etc/redis/redis.conf

+  echo "# restart and remove db dump file"
  # restart with new config
  if ! ischroot; then sudo systemctl restart redis-server; fi
-
-  # clean old databases if exist
  sudo rm /var/lib/redis/dump.rdb 2>/dev/null
-
-  # restart again this time there is no old data dump to load
  if ! ischroot; then sudo systemctl restart redis-server; fi

 # uninstall
@ -133,44 +135,67 @@ elif [ "$1" = "keyvalue" ] && [ "$2" = "off" ]; then
 ###################

 # set
-elif [ "$1" = "set" ]; then
+elif [ "$1" = "set" ] || [ "$1" = "init" ]; then

  # get parameters
  keystr=$2
  valuestr=$3
  expire=$4

-  # check that key & value are given
+  # check that key & value are provided
  if [ "${keystr}" == "" ]; then
    echo "# Fail: missing parameter"
    exit 1
  fi

+  # update certain values also in raspiblitz.info
+  if [ "${keystr}" = "state" ]; then
+    # change value in raspiblitz.info
+    sudo sed -i "s/^state=.*/state='${valuestr}'/g" ${infoFile}
+  fi
+  if [ "${keystr}" = "message" ]; then
+    # change value in raspiblitz.info
+    sudo sed -i "s/^message=.*/message='${valuestr}'/g" ${infoFile}
+  fi
+  if [ "${keystr}" = "setupPhase" ]; then
+    # change value in raspiblitz.info
+    sudo sed -i "s/^setupPhase=.*/setupPhase='${valuestr}'/g" ${infoFile}
+  fi
+  if [ "${keystr}" = "setupStep" ]; then
+    # change value in raspiblitz.info
+    sudo sed -i "s/^setupStep=.*/setupStep='${valuestr}'/g" ${infoFile}
+  fi 
+
+  NX=""
+  if [ "$1" = "init" ]; then
+    NX="NX "
+  fi
+
  # filter from expire just numbers
  expire="${expire//[^0-9.]/}"

-  # add an expire flag if given
  additionalParams=""
+  # add an expire flag if given
  if [ "${expire}" != "" ]; then
    additionalParams="EX ${expire}"
  fi

  # set in redis key value cache
-  redis-cli set ${keystr} "${valuestr}" ${additionalParams} 1>/dev/null
+  redis-cli set ${NX} ${keystr} "${valuestr}" ${additionalParams} 1>/dev/null

  # set in redis the timestamp
  timestamp=$(date +%s)
-  redis-cli set ${keystr}${META_LASTTOUCH_TS} "${timestamp}" ${additionalParams} 1>/dev/null
+  redis-cli set ${NX}${keystr}${META_LASTTOUCH_TS} "${timestamp}" ${additionalParams} 1>/dev/null
  #echo "# lasttouch(${timestamp})"

  # check if the value has a outdate policy
  outdatesecs=$(redis-cli get ${keystr}${META_OUTDATED_SECONDS})
  if [ "${outdatesecs}" == "" ]; then
    outdatesecs="-1"
-  fi 
+  fi
  #echo "# outdatesecs(${outdatesecs})"
  if [ "${outdatesecs}" != "-1" ]; then
-    # set exipire valid flag (if its gone - value is considered as outdated)
+    # set expire valid flag (if its gone - value is considered as outdated)
    redis-cli set ${keystr}${META_VALID_FLAG} "1" EX ${outdatesecs} 1>/dev/null
  fi

@ -186,7 +211,7 @@ elif [ "$1" = "get" ]; then
  position=0
  for keystr in $@
  do
-    
+
    # skip first parameter
    ((position++))
    if [ $position -eq 1 ]; then
@ -243,7 +268,7 @@ elif [ "$1" = "export" ]; then
  # get parameter
  keyfilter="${2}*"

-  # go thru all keys by keyfilter
+  # go through all keys by keyfilter
  keylist=$(redis-cli KEYS "${keyfilter}")
  readarray -t arr <<< "${keylist}"
  for key in "${arr[@]}";do
@ -266,7 +291,7 @@ elif [ "$1" = "export" ]; then

 ##################################
 # COUNT
-# count value up
+# increment value
 ##################################

 # set
@ -309,7 +334,7 @@ elif [ "$1" = "focus" ]; then
    for key in "${arr[@]}";do
      if [ "${key}" == "" ]; then
        continue
-      fi 
+      fi
      keyClean=$(echo $key | cut -d ":" -f1)
      value=$(redis-cli get "${key}")
      echo "${keyClean}=${value}"
@ -324,7 +349,7 @@ elif [ "$1" = "focus" ]; then
    exit
  fi

-  # sanatize parameters (if not -1)
+  # sanitize parameters (if not -1)
  outdatesecs="${outdatesecs//[^0-9.]/}"

  # check that key & value are given
@ -333,7 +358,7 @@ elif [ "$1" = "focus" ]; then
    exit 1
  fi

-    # add an expire flag if given
+  # add an expire flag if given
  additionalParams=""
  if [ "${durationsecs//[^0-9.]/}" != "" ]; then
    additionalParams="EX ${durationsecs//[^0-9.]/}"
@ -358,13 +383,13 @@ elif [ "$1" = "meta" ]; then
  keystr=$2
  default=$3

-  # check that key & value are given
+  # check that key & value are provided
  if [ "${keystr}" == "" ]; then
    echo "# Fail: missing parameter"
    exit 1
  fi
-  
-  # get redis basic value 
+
+  # get redis basic value
  valuestr=$(redis-cli get ${keystr})
  echo "value=\"${valuestr}\""

@ -380,7 +405,7 @@ elif [ "$1" = "meta" ]; then
  # get META_OUTDATED_SECONDS
  outdatesecs=$(redis-cli get ${keystr}${META_OUTDATED_SECONDS})
  if [ "${outdatesecs}" == "" ]; then
-    # default is -1 --> never outdate 
+    # default is -1 --> never outdate
    outdatesecs="-1"
  fi
  echo "outdatesecs=\"${outdatesecs}\""
@ -406,7 +431,7 @@ elif [ "$1" = "valid" ]; then
  lasttouch_overall=""
  for keystr in $@
  do
-    
+
    # skip first parameter from script - thats the action string
    ((position++))
    if [ $position -eq 1 ]; then
@ -436,7 +461,7 @@ elif [ "$1" = "valid" ]; then
    # get outdate police of value (outdated = not valid anymore)
    outdatesecs=$(redis-cli get ${keystr}${META_OUTDATED_SECONDS})
    #echo "# ${keystr}${META_OUTDATED_SECONDS}=\"${outdatesecs}\""
-    
+
    # if outdate policy is default or -1 ==> never outdated
    if [ "${outdatesecs}" == "" ] || [ "${outdatesecs}" == "-1" ]; then
      continue
@ -453,7 +478,7 @@ elif [ "$1" = "valid" ]; then

    # so valid flag does not exists anymore
    # ==> this means value is outdated
-    # break loop and 
+    # break loop and
    echo "stillvalid=\"0\""
    exit 0

--- a/home.admin/_commands.sh
+++ b/home.admin/_commands.sh
@ -55,6 +55,11 @@ function blitzhelp() {
  echo "  cache        check on chache system state"
  echo "  github       jumping directly into the options to change branch/repo/pr"
  echo
+  echo "Development with VM:"
+  echo "  sync         sync all repos from shared folder"
+  echo "  sync code    sync only main raspiblitz repo from shared folder"
+  echo "  sync api     sync only blitz api repo from shared folder"
+  echo  
  echo "Power:"
  echo "  restart      restart the node"
  echo "  off          shutdown the node"
@ -81,7 +86,7 @@ function blitzhelp() {
  echo "  whitepaper   download the whitepaper from the blockchain to /home/admin/bitcoin.pdf"
  echo "  notifyme     wrapper for blitz.notify.sh that will send a notification using the configured method and settings"
  echo "  suez         visualize channels (for the default ln implementation and chain when installed)"
-  exho "  lnproxy      wrap invoices with lnproxy"
+  echo "  lnproxy      wrap invoices with lnproxy"
  echo
  echo "LND:"
  echo "  lncli        LND commandline interface (when installed)"
@ -120,7 +125,7 @@ function restart() {
  echo "Command to restart your RaspiBlitz"
  confirmMsg restart
  if [ $confirm -eq 1 ]; then
-    /home/admin/config.scripts/blitz.shutdown.sh reboot
+    sudo /home/admin/config.scripts/blitz.shutdown.sh reboot
  fi
 }

@ -172,7 +177,7 @@ function debug() {
  if [ "$1" = "-l" ]||[ "$1" = "--link" ]; then
    proxy="-X 5 -x localhost:9050"
    if [ "$2" = "-n" ]||[ "$2" = "--no-tor" ]; then proxy=""; fi
-    cat /var/cache/raspiblitz/debug.log | nc ${proxy} termbin.com 9999 | sed "s/termbin.com/l.termbin.com/"
+    cat /var/cache/raspiblitz/debug.log | nc ${proxy} termbin.com 9999
  else
    cat /var/cache/raspiblitz/debug.log
  fi
@ -215,12 +220,19 @@ function patch() {
  echo
 }

+# command: sync
+# sync VM with shared folder
+function sync() {
+  sudo /home/admin/config.scripts/blitz.vm.sh sync ${1}
+  echo
+}
+
 # command: off
 function off() {
  echo "Command to power off your RaspiBlitz"
  confirmMsg off
  if [ $confirm -eq 1 ]; then
-    /home/admin/config.scripts/blitz.shutdown.sh
+    sudo /home/admin/config.scripts/blitz.shutdown.sh
  fi
 }

@ -345,8 +357,8 @@ function bos() {
 # switch to the pyblock user for PyBLOCK
 function pyblock() {
  if [ $(grep -c "pyblock=on" < /mnt/hdd/raspiblitz.conf) -eq 1 ]; then
-    cd /home/pyblock
-    sudo -u pyblock /home/pyblock/.local/bin/pyblock
+    cd /home/pyblock/pyblock
+    sudo -u pyblock poetry run python -m pybitblock.console
  else
    echo "PyBlock is not installed - to install run:"
    echo "/home/admin/config.scripts/bonus.pyblock.sh on"
--- a/home.admin/_provision.migration.sh
+++ b/home.admin/_provision.migration.sh
@ -55,6 +55,8 @@ fi
 # make sure for the rest of the setup info is set correctly
 /home/admin/config.scripts/blitz.conf.sh set network "bitcoin"
 /home/admin/config.scripts/blitz.conf.sh set chain "main"
+echo "Provisioning ${network} Mainnet - run config script" >> ${logFile}
+/home/admin/config.scripts/bitcoin.install.sh on mainnet >> ${logFile} 2>&1

 # set Password B
 echo "## SETTING PASSWORD B" >> ${logFile}
--- a/home.admin/_provision.setup.sh
+++ b/home.admin/_provision.setup.sh
@ -39,6 +39,11 @@ if [ "${confExists}" != "1" ]; then
    exit 6
 fi

+# make sure raspiblitz.conf has an blitzapi entry when setup thru fatpack image (blitzapi=on in raspiblitz.info)
+if [ "${blitzapi}" == "on" ]; then
+  /home/admin/config.scripts/blitz.conf.sh set blitzapi on >> ${logFile}
+fi
+
 ###################################
 # Preserve SSH keys
 # just copy dont link anymore
@ -93,8 +98,12 @@ if [ "${network}" == "bitcoin" ]; then
  kbSizeRAM=$(cat /proc/meminfo | grep "MemTotal" | sed 's/[^0-9]*//g')
  echo "kbSizeRAM(${kbSizeRAM})" >> ${logFile}
  echo "dont forget to reduce dbcache once IBD is done" > "/mnt/hdd/${network}/blocks/selfsync.flag"
+  # RP4 8GB
+  if [ ${kbSizeRAM} -gt 7500000 ]; then
+    echo "Detected RAM >=8GB --> optimizing ${network}.conf" >> ${logFile}
+    sed -i "s/^dbcache=.*/dbcache=4096/g" /mnt/hdd/${network}/${network}.conf
  # RP4 4GB
-  if [ ${kbSizeRAM} -gt 3500000 ]; then
+  elif [ ${kbSizeRAM} -gt 3500000 ]; then
    echo "Detected RAM >=4GB --> optimizing ${network}.conf" >> ${logFile}
    sed -i "s/^dbcache=.*/dbcache=2560/g" /mnt/hdd/${network}/${network}.conf
  # RP4 2GB
@ -113,7 +122,7 @@ echo ""
 echo "*** Start ${network} (SETUP) ***" >> ${logFile}
 /home/admin/_cache.sh set message "Blockchain Testrun"
 echo "- This can take a while .." >> ${logFile}
-cp /home/admin/assets/${network}d.service /etc/systemd/system/${network}d.service
+systemctl daemon-reload >> ${logFile}
 systemctl enable ${network}d.service
 systemctl start ${network}d.service

@ -258,7 +267,6 @@ if [ "${lightning}" == "lnd" ]; then

    echo "WALLET --> SEED" >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet (SEED)"
-    if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi
    source <(/home/admin/config.scripts/lnd.initwallet.py seed mainnet "${passwordC}" "${seedWords}" "${seedPassword}")
    if [ "${err}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-wallet-seed" "lnd.initwallet.py seed returned error" "/home/admin/config.scripts/lnd.initwallet.py seed mainnet ... --> ${err} + ${errMore}" ${logFile}
@ -275,7 +283,6 @@ if [ "${lightning}" == "lnd" ]; then

    echo "# WALLET --> NEW" >> ${logFile}
    /home/admin/_cache.sh set message "LND Wallet (NEW)"
-    if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi
    source <(/home/admin/config.scripts/lnd.initwallet.py new mainnet "${passwordC}")
    if [ "${err}" != "" ]; then
      /home/admin/config.scripts/blitz.error.sh _provision.setup.sh "lnd-wallet-new" "lnd.initwallet.py new returned error" "/home/admin/config.scripts/lnd.initwallet.py new mainnet ... --> ${err} + ${errMore}" ${logFile}
--- a/home.admin/_provision.update.sh
+++ b/home.admin/_provision.update.sh
@ -46,7 +46,13 @@ fi
 # load old or init raspiblitz config
 source ${configFile}

-# check if config files contains basic: hostname
+# if hostname missing - set default
+if [ ${#hostname} -eq 0 ]; then
+  /home/admin/config.scripts/blitz.conf.sh set hostname "raspiblitz"
+  source ${configFile}
+fi
+
+# re-check if config files contains hostname value
 if [ ${#hostname} -eq 0 ]; then
  /home/admin/config.scripts/blitz.error.sh _provision.update.sh "missing-hostname" "${setupFile} or ${configFile} contains no hostname" "" ${logFile}
  exit 1
@ -167,7 +173,6 @@ echo "*** Start ${network} (UPDATE) ***" >> ${logFile}
 /home/admin/_cache.sh set message "Blockchain Testrun"
 echo "- This can take a while .." >> ${logFile}
 chown -R bitcoin:bitcoin /mnt/hdd/${network} >>${logFile} 2>&1
-cp /home/admin/assets/${network}d.service /etc/systemd/system/${network}d.service
 systemctl daemon-reload >> ${logFile}
 systemctl enable ${network}d.service >> ${logFile}
 systemctl start ${network}d.service >> ${logFile}
@ -178,13 +183,6 @@ if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
  # prepare lnd service
  cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile} 2>&1

-  # convert old keysend by lndExtraParameter to raspiblitz.conf setting (will be enforced by lnd.check.sh prestart) since 1.7.1
-  if [ "${lndExtraParameter}" == "--accept-keysend" ]; then
-    echo "# MIGRATION KEYSEND from lndExtraParameter --> raspiblitz.conf" >> ${logFile}
-    /home/admin/config.scripts/blitz.conf.sh set lndKeysend "on"
-    /home/admin/config.scripts/blitz.conf.sh delete lndExtraParameter
-  fi
-
  # if old lnd.conf exists ...
  configExists=$(sudo ls /mnt/hdd/lnd/lnd.conf | grep -c '.conf')
  if [ ${configExists} -eq 1 ]; then
--- a/home.admin/_provision.xfinal.sh
+++ b/home.admin/_provision.xfinal.sh
@ -35,6 +35,6 @@ sudo rm /var/cache/raspiblitz/temp/raspiblitz.setup
 sudo cp /home/admin/raspiblitz.log /home/admin/raspiblitz.setup.log
 sudo chmod 640 /home/admin/raspiblitz.setup.log
 sudo chown root:sudo /home/admin/raspiblitz.setup.log
-timeout 120 /home/admin/config.scripts/blitz.shutdown.sh reboot finalsetup
+timeout 120 sudo /home/admin/config.scripts/blitz.shutdown.sh reboot finalsetup
 # if system has not rebooted yet - force reboot directly
-sudo shutdown -r now
+sudo shutdown -r now
--- a/home.admin/_provision_.sh
+++ b/home.admin/_provision_.sh
@ -1,14 +1,14 @@
 #!/bin/bash

 # check if run by root user
-if [ "$EUID" -ne 0 ]; then 
+if [ "$EUID" -ne 0 ]; then
  echo "error='run as root'"
  exit 1
 fi
- 
+
 # This script gets called from a fresh SD card
-# starting up that has an config file on HDD
-# from old RaspiBlitz or manufacturer to
+# starting up that has a config file on HDD
+# from old RaspiBlitz or manufacturer
 # to install and config services

 # LOGFILE - store debug logs of bootstrap
@ -40,6 +40,7 @@ if [ ${configExists} -eq 0 ]; then
 fi

 # import config values
+source ${infoFile}
 source ${configFile}

 ##########################
@ -52,12 +53,6 @@ echo "### BASIC SYSTEM SETTINGS ###" >> ${logFile}
 echo "# Make sure the user bitcoin is in the debian-tor group"
 usermod -a -G debian-tor bitcoin

-echo "# Optimizing log files: rotate daily, keep 1 week & compress old days " >> ${logFile}
-sed -i "s/^weekly/daily/g" /etc/logrotate.conf >> ${logFile} 2>&1
-sed -i "s/^rotate 4/rotate 7/g" /etc/logrotate.conf >> ${logFile} 2>&1
-sed -i "s/^#compress/compress/g" /etc/logrotate.conf >> ${logFile} 2>&1
-systemctl restart logrotate
-
 # make sure to have bitcoin core >=22 is backwards comp
 # see https://github.com/rootzoll/raspiblitz/issues/2546
 sed -i '/^deprecatedrpc=.*/d' /mnt/hdd/bitcoin/bitcoin.conf 2>/dev/null
@ -66,6 +61,9 @@ echo "deprecatedrpc=addresses" >> /mnt/hdd/bitcoin/bitcoin.conf 2>/dev/null
 # backup SSH PubKeys
 /home/admin/config.scripts/blitz.ssh.sh backup

+# set timezone
+/home/admin/config.scripts/blitz.time.sh set-by-config >> ${logFile}
+
 # optimize mempool if RAM >1GB
 kbSizeRAM=$(cat /proc/meminfo | grep "MemTotal" | sed 's/[^0-9]*//g')
 if [ ${kbSizeRAM} -gt 1500000 ]; then
@ -78,25 +76,23 @@ if [ ${kbSizeRAM} -gt 3500000 ]; then
 fi

 # zram on for all devices
-/home/admin/config.scripts/blitz.zram.sh on
+/home/admin/config.scripts/blitz.zram.sh on >> ${logFile}

 # link and copy HDD content into new OS on sd card
 echo "Copy HDD content for user admin" >> ${logFile}
-mkdir /home/admin/.${network} >> ${logFile} 2>&1
+mkdir /home/admin/.${network} >> ${logFile}
 cp /mnt/hdd/${network}/${network}.conf /home/admin/.${network}/${network}.conf >> ${logFile} 2>&1
-mkdir /home/admin/.lnd >> ${logFile} 2>&1
-cp /mnt/hdd/lnd/lnd.conf /home/admin/.lnd/lnd.conf >> ${logFile} 2>&1
-cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert >> ${logFile} 2>&1
-mkdir /home/admin/.lnd/data >> ${logFile} 2>&1
+mkdir /home/admin/.lnd >> ${logFile}
+cp /mnt/hdd/lnd/lnd.conf /home/admin/.lnd/lnd.conf >> ${logFile}
+cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert >> ${logFile}
+mkdir /home/admin/.lnd/data >> ${logFile}
 cp -r /mnt/hdd/lnd/data/chain /home/admin/.lnd/data/chain >> ${logFile} 2>&1
 chown -R admin:admin /home/admin/.${network} >> ${logFile} 2>&1
 chown -R admin:admin /home/admin/.lnd >> ${logFile} 2>&1
-cp /home/admin/assets/${network}d.service /etc/systemd/system/${network}d.service >> ${logFile} 2>&1
 cp /home/admin/assets/tmux.conf.local /mnt/hdd/.tmux.conf.local >> ${logFile} 2>&1
 chown admin:admin /mnt/hdd/.tmux.conf.local >> ${logFile} 2>&1
 ln -s -f /mnt/hdd/.tmux.conf.local /home/admin/.tmux.conf.local >> ${logFile} 2>&1

-
 # PREPARE LND (if activated)
 if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ]; then
  # backup LND TLS certs
@ -190,17 +186,43 @@ sed -i "s/^setupStep=.*/setupStep=100/g" /home/admin/raspiblitz.info
 ##########################
 # PROVISIONING SERVICES
 ##########################
-/home/admin/_cache.sh set message "Installing Services"
+
+echo "### CHECKING BLITZ-API/FRONT STATUS ###" >> ${logFile}
+blitzApiInstalled=$(systemctl status blitzapi | grep -c "loaded")
+echo "# blitzapi(${blitzapi}) blitzApiInstalled(${blitzApiInstalled})"
+if [ "${blitzapi}" != "on" ] && [ ${blitzApiInstalled} -gt 0 ]; then
+  /home/admin/_cache.sh set message "Deactivated API/WebUI (as in your config) - please use SSH for further setup"
+  sleep 10
+else
+  /home/admin/_cache.sh set message "Installing Services"
+fi

 # BLITZ WEB SERVICE
 echo "Provisioning BLITZ WEB SERVICE - run config script" >> ${logFile}
 /home/admin/config.scripts/blitz.web.sh https-on >> ${logFile} 2>&1

+# deinstall when not explizit 'on' when blitzapi is installed by fatpack
+# https://github.com/raspiblitz/raspiblitz/issues/4171#issuecomment-1728302628
+if [ "${blitzapi}" != "on" ] && [ ${blitzApiInstalled} -gt 0 ]; then
+  echo "blitz_api directory exists & blitzapi is not 'on' - deactivating blitz-api" >> ${logFile}
+  /home/admin/config.scripts/blitz.web.api.sh off >> ${logFile} 2>&1
+  /home/admin/config.scripts/blitz.web.ui.sh off >> ${logFile} 2>&1
+fi
+# WebAPI & UI (in case image was not fatpack - but webapi was switchen on)
+if [ "${blitzapi}" == "on" ] && [ $blitzApiInstalled -eq 0 ]; then
+    echo "Provisioning BlitzAPI - run config script" >> ${logFile}
+    /home/admin/_cache.sh set message "Setup BlitzAPI (takes time)"
+    /home/admin/config.scripts/blitz.web.api.sh on DEFAULT >> ${logFile} 2>&1
+    /home/admin/config.scripts/blitz.web.ui.sh on DEFAULT >> ${logFile} 2>&1
+else
+    echo "Provisioning BlitzAPI - keep default" >> ${logFile}
+fi
+
 echo "### RUNNING PROVISIONING SERVICES ###" >> ${logFile}

 # BITCOIN INTERIMS UPDATE
 if [ ${#bitcoinInterimsUpdate} -gt 0 ]; then
-  /home/admin/_cache.sh set message "Provisioning Bitcoin Core update"
+  /home/admin/_cache.sh set message "Bitcoin Core update"
  if [ "${bitcoinInterimsUpdate}" == "reckless" ]; then
    # recklessly update Bitcoin Core to latest release on GitHub
    echo "Provisioning Bitcoin Core reckless interims update" >> ${logFile}
@ -216,11 +238,6 @@ else
  echo "Provisioning Bitcoin Core interims update - keep default" >> ${logFile}
 fi

-# I2P
-echo "Start i2pd" >> ${logFile}
-/home/admin/_cache.sh set message "i2pd setup"
-/home/admin/config.scripts/blitz.i2pd.sh on >> ${logFile}
-
 # LND INTERIMS UPDATE
 if [ ${#lndInterimsUpdate} -gt 0 ]; then
  /home/admin/_cache.sh set message "Provisioning LND update"
@ -271,27 +288,9 @@ else
  echo "Provisioning CL interims update - keep default" >> ${logFile}
 fi

-# Bitcoin Testnet
-if [ "${testnet}" == "on" ]; then
-    echo "Provisioning ${network} Testnet - run config script" >> ${logFile}
-    /home/admin/config.scripts/bitcoin.install.sh on testnet >> ${logFile} 2>&1
-    systemctl start tbitcoind >> ${logFile} 2>&1
-else
-    echo "Provisioning ${network} Testnet - not active" >> ${logFile}
-fi
-
-# Bitcoin Signet
-if [ "${signet}" == "on" ]; then
-    echo "Provisioning ${network} Signet - run config script" >> ${logFile}
-    /home/admin/config.scripts/bitcoin.install.sh on signet >> ${logFile} 2>&1
-    systemctl start sbitcoind >> ${logFile} 2>&1
-else
-    echo "Provisioning ${network} Signet - not active" >> ${logFile}
-fi
-
 # LND binary install
 if [ "${lightning}" == "lnd" ] || [ "${lnd}" == "on" ] || [ "${tlnd}" == "on" ] || [ "${slnd}" == "on" ]; then
-  # if already installed by fatpack will skip 
+  # if already installed by fatpack will skip
  echo "Provisioning LND Binary - run config script" >> ${logFile}
  /home/admin/config.scripts/lnd.install.sh install >> ${logFile} 2>&1
 else
@ -326,7 +325,7 @@ fi

 # CORE LIGHTNING binary install
 if [ "${lightning}" == "cl" ] || [ "${cl}" == "on" ] || [ "${tcl}" == "on" ] || [ "${scl}" == "on" ]; then
-  # if already installed by fatpack will skip 
+  # if already installed by fatpack will skip
  echo "Provisioning Core Lightning Binary - run config script" >> ${logFile}
  /home/admin/config.scripts/cl.install.sh install >> ${logFile} 2>&1
 else
@ -367,26 +366,6 @@ else
    echo "Provisioning Tor - keep default" >> ${logFile}
 fi

-# WebAPI & UI (in case image was not fatpack - but webapi was switchen on)
-blitzApiInstalled=$(systemctl status blitzapi | grep -c "loaded")
-if [ "${blitzapi}" == "on" ] && [ $blitzApiInstalled -eq 0 ]; then
-    echo "Provisioning BlitzAPI - run config script" >> ${logFile}
-    /home/admin/_cache.sh set message "Setup BlitzAPI (takes time)"
-    /home/admin/config.scripts/blitz.web.api.sh on DEFAULT >> ${logFile} 2>&1    
-    /home/admin/config.scripts/blitz.web.ui.sh on DEFAULT >> ${logFile} 2>&1   
-else
-    echo "Provisioning BlitzAPI - keep default" >> ${logFile}
-fi
-
-# AUTO PILOT
-if [ "${autoPilot}" = "on" ]; then
-    echo "Provisioning AUTO PILOT - run config script" >> ${logFile}
-    /home/admin/_cache.sh set message "Setup AutoPilot"
-    /home/admin/config.scripts/lnd.autopilot.sh on >> ${logFile} 2>&1
-else
-    echo "Provisioning AUTO PILOT - keep default" >> ${logFile}
-fi
-
 # NETWORK UPNP
 if [ "${networkUPnP}" = "on" ]; then
    echo "Provisioning NETWORK UPnP - run config script" >> ${logFile}
@ -423,15 +402,6 @@ else
    echo "Provisioning RTL CL - keep default" >> ${logFile}
 fi

-# SPARKO
-if [ "${sparko}" = "on" ]; then
-    echo "Provisioning Sparko - run config script" >> ${logFile}
-    /home/admin/_cache.sh set message "Setup SPARKO"
-    sudo -u admin /home/admin/config.scripts/cl-plugin.sparko.sh on mainnet >> ${logFile} 2>&1
-else
-    echo "Provisioning Sparko - keep default" >> ${logFile}
-fi
-
 # clHTTPplugin
 if [ "${clHTTPplugin}" = "on" ]; then
    echo "Provisioning clHTTPplugin - run config script" >> ${logFile}
@ -459,24 +429,6 @@ else
    echo "Provisioning clWatchtowerClient - keep default" >> ${logFile}
 fi

-# SPARK
-if [ "${spark}" = "on" ]; then
-    echo "Provisioning Spark Wallet - run config script" >> ${logFile}
-    /home/admin/_cache.sh set message "Setup SPARK WALLET"
-    sudo -u admin /home/admin/config.scripts/cl.spark.sh on mainnet >> ${logFile} 2>&1
-else
-    echo "Provisioning Spark Wallet - keep default" >> ${logFile}
-fi
-
-#LOOP - install only if LiT won't be installed
-if [ "${loop}" = "on" ] && [ "${lit}" != "on" ]; then
-  echo "Provisioning Lightning Loop - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup Lightning Loop"
-  sudo -u admin /home/admin/config.scripts/bonus.loop.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning Lightning Loop - keep default" >> ${logFile}
-fi
-
 #BTC RPC EXPLORER
 if [ "${BTCRPCexplorer}" = "on" ]; then
  echo "Provisioning BTCRPCexplorer - run config script" >> ${logFile}
@ -495,6 +447,15 @@ else
  echo "Provisioning ElectRS - keep default" >> ${logFile}
 fi

+#FULCRUM
+if [ "${fulcrum}" = "on" ]; then
+  echo "Provisioning Fulcrum - run config script" >> ${logFile}
+  /home/admin/_cache.sh set message "Setup Fulcrum"
+  sudo -u admin /home/admin/config.scripts/bonus.fulcrum.sh on >> ${logFile} 2>&1
+else
+  echo "Provisioning Fulcrum - keep default" >> ${logFile}
+fi
+
 # BTCPAYSERVER
 if [ "${BTCPayServer}" = "on" ]; then

@ -506,16 +467,6 @@ else
  echo "Provisioning BTCPayServer - keep default" >> ${logFile}
 fi

-# deprecated - see: #2031
-# LNDMANAGE
-#if [ "${lndmanage}" = "on" ]; then
-#  echo "Provisioning lndmanage - run config script" >> ${logFile}
-#  /home/admin/_cache.sh set message "Setup lndmanage"
-#  sudo -u admin /home/admin/config.scripts/bonus.lndmanage.sh on >> ${logFile} 2>&1
-#else
-#  echo "Provisioning lndmanage - not active" >> ${logFile}
-#fi
-
 # CUSTOM PORT
 echo "Provisioning LND Port" >> ${logFile}
 if [ ${#lndPort} -eq 0 ]; then
@ -580,14 +531,14 @@ else
  echo "Provisioning LCD rotate - not needed, keep default rotate on" >> ${logFile}
 fi

-# TOUCHSCREEN
-if [ "${#touchscreen}" -gt 0 ]; then
-    echo "Provisioning Touchscreen - run config script" >> ${logFile}
-    /home/admin/_cache.sh set message "Setup Touchscreen"
-    /home/admin/config.scripts/blitz.touchscreen.sh ${touchscreen} >> ${logFile} 2>&1
-else
-    echo "Provisioning Touchscreen - not active" >> ${logFile}
-fi
+# TOUCHSCREEN - deactivated see https://github.com/raspiblitz/raspiblitz/pull/4609#issuecomment-2144406124
+# if [ "${#touchscreen}" -gt 0 ]; then
+#     echo "Provisioning Touchscreen - run config script" >> ${logFile}
+#     /home/admin/_cache.sh set message "Setup Touchscreen"
+#     /home/admin/config.scripts/blitz.touchscreen.sh ${touchscreen} >> ${logFile} 2>&1
+# else
+#     echo "Provisioning Touchscreen - not active" >> ${logFile}
+# fi

 # UPS
 if [ "${#ups}" -gt 0 ]; then
@ -637,15 +588,6 @@ else
  echo "Provisioning Specter - keep default" >> ${logFile}
 fi

-# Faraday
-if [ "${faraday}" = "on" ]; then
-  echo "Provisioning Faraday - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup Faraday"
-  sudo -u admin /home/admin/config.scripts/bonus.faraday.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning Faraday - keep default" >> ${logFile}
-fi
-
 # BOS
 if [ "${bos}" = "on" ]; then
  echo "Provisioning Balance of Satoshis - run config script" >> ${logFile}
@ -655,15 +597,6 @@ else
  echo "Provisioning Balance of Satoshis - keep default" >> ${logFile}
 fi

-# LNPROXY
-if [ "${lnproxy}" = "on" ]; then
-  echo "Provisioning lnproxy - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup lnproxy"
-  sudo -u admin /home/admin/config.scripts/bonus.lnproxy.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning lnproxy - keep default" >> ${logFile}
-fi
-
 # thunderhub
 if [ "${thunderhub}" = "on" ]; then
  echo "Provisioning ThunderHub - run config script" >> ${logFile}
@ -718,15 +651,6 @@ else
  echo "Provisioning Stacking Sats Kraken - keep default" >> ${logFile}
 fi

-# Pool - install only if LiT won't be installed
-if [ "${pool}" = "on" ] && [ "${lit}" != "on" ]; then
-  echo "Provisioning Pool - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup Pool"
-  sudo -u admin /home/admin/config.scripts/bonus.pool.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning Pool - keep default" >> ${logFile}
-fi
-
 # lit (make sure to be installed after RTL)
 if [ "${lit}" = "on" ]; then
  echo "Provisioning LIT - run config script" >> ${logFile}
@ -736,6 +660,15 @@ else
  echo "Provisioning LIT - keep default" >> ${logFile}
 fi

+# labelbase
+if [ "${labelbase}" = "on" ]; then
+  echo "Provisioning Labelbase - run config script" >> ${logFile}
+  /home/admin/_cache.sh set message "Setup Labelbase"
+  sudo -u admin /home/admin/config.scripts/bonus.labelbase.sh on >> ${logFile} 2>&1
+else
+  echo "Provisioning Labelbase - keep default" >> ${logFile}
+fi
+
 # lndg
 if [ "${lndg}" = "on" ]; then
  echo "Provisioning LNDg - run config script" >> ${logFile}
@ -745,15 +678,6 @@ else
  echo "Provisioning LNDg - keep default" >> ${logFile}
 fi

-# sphinxrelay
-if [ "${sphinxrelay}" = "on" ]; then
-  echo "Sphinx-Relay - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup Sphinx-Relay"
-  sudo -u admin /home/admin/config.scripts/bonus.sphinxrelay.sh on >> ${logFile} 2>&1
-else
-  echo "Sphinx-Relay - keep default" >> ${logFile}
-fi
-
 # helipad
 if [ "${helipad}" = "on" ]; then
  echo "Helipad - run config script" >> ${logFile}
@ -772,51 +696,15 @@ else
  echo "Provisioning CircuitBreaker - keep default" >> ${logFile}
 fi

-# homer
-if [ "${homer}" = "on" ]; then
-  echo "Provisioning Homer - run config script" >> ${logFile}
-  sudo sed -i "s/^message=.*/message='Setup Homer'/g" ${infoFile}
-  sudo -u admin /home/admin/config.scripts/bonus.homer.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning Homer - keep default" >> ${logFile}
-fi
-
-# tallycoin_connect
-if [ "${tallycoinConnect}" = "on" ]; then
-  echo "Provisioning Tallycoin Connect - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup Tallycoin Connect"
-  sudo -u admin /home/admin/config.scripts/bonus.tallycoin-connect.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning Tallycoin Connect - keep default" >> ${logFile}
-fi
-
-# bitcoinminds.org
-if [ "${bitcoinminds}" = "on" ]; then
-  echo "Provisioning bitcoinminds.org - run config script" >> ${logFile}
-  /home/admin/_cache.sh set message "Setup Bitcoinminds.org"
-  sudo -u admin /home/admin/config.scripts/bonus.bitcoinminds.sh on >> ${logFile} 2>&1
-else
-  echo "Provisioning bitcoinminds.org - keep default" >> ${logFile}
-fi
-
 # squeaknode
 if [ "${squeaknode}" = "on" ]; then
  echo "Provisioning Squeaknode - run config script" >> ${logFile}
-  sudo sed -i "s/^message=.*/message='Setup Squeaknode '/g" ${infoFile}
+  /home/admin/_cache.sh set message "Setup Squeaknode"
  sudo -u admin /home/admin/config.scripts/bonus.squeaknode.sh on >> ${logFile} 2>&1
 else
  echo "Provisioning Squeaknode - keep default" >> ${logFile}
 fi

-# itchysats
-if [ "${itchysats}" = "on" ]; then
-  echo "Provisioning ItchySats - run config script" >> ${logFile}
-  sudo sed -i "s/^message=.*/message='Setup ItchySats'/g" ${infoFile}
-  sudo -u admin /home/admin/config.scripts/bonus.itchysats.sh on --download >> ${logFile} 2>&1
-else
-  echo "ItchySats - keep default" >> ${logFile}
-fi
-
 # LightningTipBot
 if [ "${lightningtipbot}" = "on" ]; then
  echo "Provisioning LightningTipBot - run config script" >> ${logFile}
@ -863,7 +751,7 @@ if [ -d "/var/cache/raspiblitz/tls_backup" ]; then
  cp /var/cache/raspiblitz/tls_backup/tls.cert /mnt/hdd/lnd/tls.cert >> ${logFile} 2>&1
  cp /var/cache/raspiblitz/tls_backup/tls.key /mnt/hdd/lnd/tls.key >> ${logFile} 2>&1
  chown -R bitcoin:bitcoin /mnt/hdd/lnd >> ${logFile} 2>&1
-  echo "On next final restart admin creds will be updated by _boostrap.sh" >> ${logFile}
+  echo "On next final restart admin creds will be updated by _bootstrap.sh" >> ${logFile}

  echo "DONE" >> ${logFile}
 else
@ -880,6 +768,15 @@ if [ ${confExists} -eq 0 ]; then
  chown bitcoin:bitcoin /mnt/hdd/bitcoin/bitcoin.conf
 fi

+# I2P
+echo "Start i2pd" >> ${logFile}
+/home/admin/_cache.sh set message "i2pd setup"
+/home/admin/config.scripts/blitz.i2pd.sh on >> ${logFile}
+
+# clean up raspiblitz config from old settings
+sed -i '/^autoPilot=/d' /mnt/hdd/raspiblitz.conf
+sed -i '/^lndKeysend=/d' /mnt/hdd/raspiblitz.conf
+
 # signal setup done
 /home/admin/_cache.sh set message "Setup Done"

@ -927,12 +824,12 @@ echo "Make sure main services are running .." >> ${logFile}
 systemctl start ${network}d
 if [ "${lightning}" == "lnd" ];then
  systemctl start lnd
+  sleep 10
  # set password c if given in flag from migration prep
  passwordFlagExists=$(ls /mnt/hdd/passwordc.flag | grep -c "passwordc.flag")
  if [ "${passwordFlagExists}" == "1" ]; then
    echo "Found /mnt/hdd/passwordc.flag .. changing password" >> ${logFile}
    oldPasswordC=$(cat /mnt/hdd/passwordc.flag)
-    if ! pip list | grep grpc; then sudo -H python3 -m pip install grpcio==1.38.1; fi
    /home/admin/config.scripts/lnd.initwallet.py change-password mainnet "${oldPasswordC}" "${passwordC}" >> ${logFile}
    shred -u /mnt/hdd/passwordc.flag
  else
--- a/home.admin/_version.info
+++ b/home.admin/_version.info
@ -1,3 +1,3 @@
 # RaspiBlitz Version - always [major].[main].[sub] (sub can be a string like '2rc1')
-codeVersion="1.9.0"
-# keep last line with comment
+codeVersion="1.11.1"
+# keep last line with comment ---> IF YOU HAVE A NEW VERSION BRANCH > EDIT ALSO build_sdcard.sh
--- a/home.admin/assets/bitcoin.conf
+++ b/home.admin/assets/bitcoin.conf
@ -11,6 +11,9 @@ txindex=0
 disablewallet=1
 peerbloomfilters=1
 datadir=/mnt/hdd/bitcoin
+main.debuglogfile=/mnt/hdd/bitcoin/debug.log
+test.debuglogfile=/mnt/hdd/bitcoin/testnet3/debug.log
+signet.debuglogfile=/mnt/hdd/bitcoin/signet/debug.log

 # Connection settings
 rpcuser=raspibolt
--- a/home.admin/assets/bitcoind.service
+++ b/home.admin/assets/bitcoind.service
@ -1,58 +0,0 @@
-# RaspiBlitz: systemd unit for bitcoind
-# based  on https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service
-[Unit]
-Description=Bitcoin daemon
-
-After=network-online.target
-Wants=network-online.target
-
-# for use with sendmail alert
-#OnFailure=systemd-sendmail@%n
-
-[Service]
-Environment='MALLOC_ARENA_MAX=1'
-ExecStartPre=-/home/admin/config.scripts/blitz.systemd.sh log blockchain STARTED
-ExecStart=/usr/local/bin/bitcoind -daemonwait \
-                                  -conf=/mnt/hdd/bitcoin/bitcoin.conf \
-                                  -datadir=/mnt/hdd/bitcoin \
-                                  -debuglogfile=/mnt/hdd/bitcoin/debug.log
-
-# Make sure the config directory is readable by the service user
-PermissionsStartOnly=true
-ExecStartPre=/bin/chgrp bitcoin /mnt/hdd/bitcoin
-
-# Process management
-####################
-Type=forking
-Restart=on-failure
-TimeoutStartSec=infinity
-TimeoutStopSec=600
-
-# Directory creation and permissions
-####################################
-# Run as bitcoin:bitcoin
-User=bitcoin
-Group=bitcoin
-
-StandardOutput=null
-StandardError=journal
-
-# Hardening measures
-####################
-# Provide a private /tmp and /var/tmp.
-PrivateTmp=true
-# Mount /usr, /boot/ and /etc read-only for the process.
-ProtectSystem=full
-# Deny access to /home, /root and /run/user
-ProtectHome=true
-# Disallow the process and all of its children to gain
-# new privileges through execve().
-NoNewPrivileges=true
-# Use a new /dev namespace only populated with API pseudo devices
-# such as /dev/null, /dev/zero and /dev/random.
-PrivateDevices=true
-# Deny the creation of writable and executable memory mappings.
-MemoryDenyWriteExecute=true
-
-[Install]
-WantedBy=multi-user.target
--- a/home.admin/assets/bootstrap.service
+++ b/home.admin/assets/bootstrap.service
@ -1,4 +1,4 @@
-# Boostrap the RaspiBlitz
+# Bootstrap the RaspiBlitz
 # /etc/systemd/system/bootstrap.service

 [Unit]
--- a/home.admin/assets/fallback.bitcoin.nodes
+++ b/home.admin/assets/fallback.bitcoin.nodes
--- a/home.admin/assets/fallback.bitnodes.nodes
+++ b/home.admin/assets/fallback.bitnodes.nodes
--- a/home.admin/assets/lnd.bitcoin.conf
+++ b/home.admin/assets/lnd.bitcoin.conf
@ -1,7 +1,7 @@
 # lnd configuration - some values might be overruled directly systemd-service exec call parameters

 [Application Options]
-debuglevel=debug
+debuglevel=info
 maxpendingchannels=5
 alias=raspiblitz
 color=#68F442
@ -37,3 +37,9 @@ autopilot.allocation=0.6
 [bolt]
 db.bolt.auto-compact=true
 db.bolt.auto-compact-min-age=672h
+
+# Allow for longer latency, especially useful for <8GB RAM Pi and congested mempool
+[healthcheck] 
+healthcheck.chainbackend.attempts=3
+healthcheck.chainbackend.timeout=2m0s 
+healthcheck.chainbackend.interval=1m30s
--- a/home.admin/assets/lnd.service
+++ b/home.admin/assets/lnd.service
@ -22,7 +22,7 @@ User=bitcoin
 Group=bitcoin

 # Try restarting lnd if it stops due to a failure
-Restart=on-failure
+Restart=always
 RestartSec=60

 # Type=notify is required for lnd to notify systemd when it is ready
--- a/home.admin/assets/nginx/sites-available/helipad_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/helipad_tor_ssl.conf
@ -11,7 +11,7 @@ server {
    error_log /var/log/nginx/error_helipad.log;

    location / {
-        proxy_pass http://127.0.0.1:3010;
+        proxy_pass http://127.0.0.1:2112;

        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/assets/nginx/sites-available/jam_tor.conf
+++ b/home.admin/assets/nginx/sites-available/jam_tor.conf
@ -2,7 +2,7 @@

 server {
    listen 7502;
-    listen [::1]:7502;
+    listen [::]:7502;
    server_name _;

    access_log /var/log/nginx/access_jam.log;
@ -12,7 +12,6 @@ server {
    gzip_vary on;
    gzip_proxied any;
    gzip_types *;
-    gzip_types application/javascript application/json text/css image/svg+xml;

    root /home/jam/webui/build;
    index index.html;
--- a/home.admin/assets/nginx/sites-available/jam_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/jam_tor_ssl.conf
@ -2,7 +2,7 @@

 server {
    listen 7503 ssl http2;
-    listen [::1]:7503 ssl http2;
+    listen [::]:7503 ssl http2;
    server_name _;

    include /etc/nginx/snippets/ssl-params.conf;
@ -15,7 +15,6 @@ server {
    gzip_vary on;
    gzip_proxied any;
    gzip_types *;
-    gzip_types application/javascript application/json text/css image/svg+xml;

    root /home/jam/webui/build;
    index index.html;
--- a/home.admin/assets/nginx/sites-available/lnbits_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnbits_ssl.conf
@ -19,6 +19,11 @@ server {

    location / {
        proxy_pass http://127.0.0.1:5000;
+        
+        # needed for websocket connections
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";

        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }
--- a/home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/lnbits_tor_ssl.conf
@ -19,6 +19,11 @@ server {
    location / {
        proxy_pass https://127.0.0.1:5001;

+        # needed for websocket connections
+        proxy_http_version 1.1;
+        proxy_set_header Upgrade $http_upgrade;
+        proxy_set_header Connection "upgrade";
+
        include /etc/nginx/snippets/ssl-proxy-params.conf;
    }

--- a/home.admin/assets/nginx/sites-available/public.conf
+++ b/home.admin/assets/nginx/sites-available/public.conf
@ -32,6 +32,13 @@ server {
 		root /var/www/letsencrypt;
 	}

+	location = /index.html {
+		# internal means that it can't be called from outside
+		internal;
+		# add no-store to prevent caching of index.html
+		add_header Cache-Control 'no-store';
+	}
+
 	location / {
 		# make sure to have https link to exact same host that was called
 		sub_filter '<a href="https://HOST_SET_BY_NGINX/' '<a href="https://$host/';
@ -39,7 +46,7 @@ server {
 		# First attempt to serve request as file, then
 		# as directory, then fall back to displaying a 404.
 		try_files $uri $uri/ /index.html =404;
-
+		add_header Cache-Control "no-cache, must-revalidate";
 	}

 }
--- a/home.admin/assets/nginx/sites-available/public.httponly.conf
+++ b/home.admin/assets/nginx/sites-available/public.httponly.conf
@ -23,6 +23,13 @@ server {
 		root /var/www/letsencrypt;
 	}

+	location = /index.html {
+		# internal means that it can't be called from outside
+		internal;
+		# add no-store to prevent caching of index.html
+		add_header Cache-Control 'no-store';
+	}
+
 	location / {
 		# make sure to have https link to exact same host that was called
 		sub_filter '<a href="https://HOST_SET_BY_NGINX/' '<a href="https://$host/';
@ -30,7 +37,7 @@ server {
 		# First attempt to serve request as file, then
 		# as directory, then fall back to displaying a 404.
 		try_files $uri $uri/ /index.html =404;
-
+		add_header Cache-Control "no-cache, must-revalidate";
 	}

 }
--- a/home.admin/assets/nginx/sites-available/tallycoin_connect_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/tallycoin_connect_ssl.conf
@ -1,21 +0,0 @@
-## tallycoin_connect_ssl.conf
-
-server {
-    listen 8124 ssl http2;
-    listen [::]:8124 ssl http2;
-    server_name _;
-
-    include /etc/nginx/snippets/ssl-params.conf;
-    include /etc/nginx/snippets/ssl-certificate-app-data.conf;
-
-    include /etc/nginx/snippets/gzip-params.conf;
-
-    access_log /var/log/nginx/access_tallycoin_connect.log;
-    error_log /var/log/nginx/error_tallycoin_connect.log;
-
-    location / {
-        proxy_pass http://127.0.0.1:8123;
-
-        include /etc/nginx/snippets/ssl-proxy-params.conf;
-    }
-}
--- a/home.admin/assets/nginx/sites-available/tallycoin_connect_tor.conf
+++ b/home.admin/assets/nginx/sites-available/tallycoin_connect_tor.conf
@ -1,18 +0,0 @@
-## tallycoin_connect_tor.conf
-
-server {
-    listen 8125;
-    listen [::]:8125;
-    server_name _;
-
-    include /etc/nginx/snippets/gzip-params.conf;
-
-    access_log /var/log/nginx/access_tallycoin_connect.log;
-    error_log /var/log/nginx/error_tallycoin_connect.log;
-
-    location / {
-        proxy_pass http://127.0.0.1:8123;
-
-        include /etc/nginx/snippets/ssl-proxy-params.conf;
-    }
-}
--- a/home.admin/assets/nginx/sites-available/tallycoin_connect_tor_ssl.conf
+++ b/home.admin/assets/nginx/sites-available/tallycoin_connect_tor_ssl.conf
@ -1,21 +0,0 @@
-## tallycoin_connect_tor_ssl.conf
-
-server {
-    listen 8126 ssl http2;
-    listen [::]:8126 ssl http2;
-    server_name _;
-
-    include /etc/nginx/snippets/ssl-params.conf;
-    include /etc/nginx/snippets/ssl-certificate-app-data-tor.conf;
-
-    include /etc/nginx/snippets/gzip-params.conf;
-
-    access_log /var/log/nginx/access_tallycoin_connect.log;
-    error_log /var/log/nginx/error_tallycoin_connect.log;
-
-    location / {
-        proxy_pass http://127.0.0.1:8123;
-
-        include /etc/nginx/snippets/ssl-proxy-params.conf;
-    }
-}
--- a/home.admin/assets/raspiblitz-fat-v1.10.0-2023-09-22.img.gz.torrent
+++ b/home.admin/assets/raspiblitz-fat-v1.10.0-2023-09-22.img.gz.torrent
--- a/home.admin/assets/raspiblitz-fat-v1.11.0-2024-04-16.img.gz.torrent
+++ b/home.admin/assets/raspiblitz-fat-v1.11.0-2024-04-16.img.gz.torrent
--- a/home.admin/assets/raspiblitz-fat-v1.11.1-2024-07-31.img.gz.torrent
+++ b/home.admin/assets/raspiblitz-fat-v1.11.1-2024-07-31.img.gz.torrent
--- a/home.admin/assets/raspiblitz-min-v1.10.0-2023-09-22.img.gz.torrent
+++ b/home.admin/assets/raspiblitz-min-v1.10.0-2023-09-22.img.gz.torrent
--- a/home.admin/assets/raspiblitz-min-v1.11.0-2024-04-16.img.gz.torrent
+++ b/home.admin/assets/raspiblitz-min-v1.11.0-2024-04-16.img.gz.torrent
--- a/home.admin/assets/telegraf/etc-telegraf/telegraf.d/telegraf_inputs.conf
+++ b/home.admin/assets/telegraf/etc-telegraf/telegraf.d/telegraf_inputs.conf
@ -63,7 +63,7 @@
 ####  basic information about the blockchain
 ####  --> https://developer.bitcoin.org/reference/rpc/getblockchaininfo.html
 ##
-##    Most usefull fields...
+##    Most useful fields...
 ##      *   blocks
 ##      *   headers
 ##      *   verificationprogress
@ -79,7 +79,7 @@
 ####  basic information about the mempool
 ####  --> https://developer.bitcoin.org/reference/rpc/getmempoolinfo.html
 ##
-##    Most usefull fields...
+##    Most useful fields...
 ##      *   loaded            (boolean) True if the mempool is fully loaded
 ##      *   size              (numeric) Current tx count
 ##      *   usage             (numeric) Total memory usage for the mempool
@ -95,7 +95,7 @@
 ####  information about network traffic, including bytes in, bytes out, and current time window
 ####  --> https://developer.bitcoin.org/reference/rpc/getnettotals.html
 ##
-##    Most usefull fields...
+##    Most useful fields...
 ##      *   totalbytesrecv
 ##      *   totalbytessent
 ##
@ -136,7 +136,7 @@
 ####  basic information about the LN node
 ####  --> https://api.lightning.community/#getinfo
 ##
-##    Most usefull fields...
+##    Most useful fields...
 ##      *   block_height
 ##      *   num_peers
 ##      *   num_active_channels
@ -160,7 +160,7 @@
 ##
 ##      *   publicIP from /mnt/hdd/raspiblitz.conf
 ##      *   bitcoind node ip address via:   bitcoin-cli getnetworkinfo  =>  "localaddresses"
-##      *   lnd ip addess via:              lncli getinfo               =>  "uris"
+##      *   lnd ip address via:              lncli getinfo               =>  "uris"
 ##      *   IPv6 global from eth0/wlan0
 ##      *   IPv4 local network address from eth0/wlan0
 ##
--- a/home.admin/config.scripts/bitcoin.check.sh
+++ b/home.admin/config.scripts/bitcoin.check.sh
@ -0,0 +1,88 @@
+#!/bin/bash
+
+# command info
+if [ $# -eq 0 ] || [ "$1" = "-h" ] || [ "$1" = "--help" ] || [ "$1" = "-help" ]; then
+  echo "# bitcoin.check.sh prestart [mainnet|testnet|signet]"
+  exit 1
+fi
+
+######################################################################
+# PRESTART
+# is executed by systemd bitcoind services everytime before bitcoin is started
+# so it tries to make sure the config is in valid shape
+######################################################################
+
+# check/repair lnd config before starting
+if [ "$1" == "prestart" ]; then
+
+  echo "### RUNNING bitcoin.check.sh prestart"
+
+  # check correct user
+  if [ "$USER" != "bitcoin" ]; then
+    echo "# FAIL: run as user 'bitcoin'"
+    exit 1
+  fi
+
+  # check correct parameter
+  if [ "$2" != "mainnet" ] && [ "$2" != "testnet" ] && [ "$2" != "signet" ]; then
+    echo "# FAIL: missing/wrong parameter"
+    exit 1
+  fi
+
+  CHAIN="$2"
+
+  ##### DIRECTORY PERMISSIONS #####
+
+  /bin/chgrp bitcoin /mnt/hdd/bitcoin
+
+  ##### CLEAN UP #####
+
+  # all lines with just spaces to empty lines
+  sed -i 's/^[[:space:]]*$//g' /mnt/hdd/bitcoin/bitcoin.conf
+  # all double empty lines to single empty lines
+  sed -i '/^$/N;/^\n$/D' /mnt/hdd/bitcoin/bitcoin.conf
+
+  ##### CHECK/SET CONFIG VALUES #####
+
+  # correct debug log path
+  if [ "${CHAIN}" == "mainnet" ]; then
+    bitcoinlog_entry="main.debuglogfile"
+    bitcoinlog_path="/mnt/hdd/bitcoin/debug.log"
+  elif [ "${CHAIN}" == "testnet" ]; then
+    bitcoinlog_entry="test.debuglogfile"
+    bitcoinlog_path="/mnt/hdd/bitcoin/testnet3/debug.log"
+  elif [ "${CHAIN}" == "signet" ]; then
+    bitcoinlog_entry="signet.debuglogfile"
+    bitcoinlog_path="/mnt/hdd/bitcoin/signet/debug.log"
+  fi
+
+  # make sure entry exists
+  echo "# make sure entry(${bitcoinlog_entry}) exists"
+  extryExists=$(grep -c "^${bitcoinlog_entry}=" /mnt/hdd/bitcoin/bitcoin.conf)
+  if [ "${extryExists}" == "0" ]; then
+    echo "${bitcoinlog_entry}=${bitcoinlog_path}" >> /mnt/hdd/bitcoin/bitcoin.conf
+  fi
+
+  # make sure entry has the correct value
+  echo "# make sure entry(${bitcoinlog_entry}) has the correct value(${bitcoinlog_path})"
+  sed -i "s|^${bitcoinlog_entry}=.*|${bitcoinlog_entry}=${bitcoinlog_path}|g" /mnt/hdd/bitcoin/bitcoin.conf
+
+  # make sure bitcoin debug file exists
+  echo "# make sure bitcoin debug file exists"
+  touch ${bitcoinlog_path}
+  chown bitcoin:bitcoin ${bitcoinlog_path}
+  chmod 600 ${bitcoinlog_path} 
+
+  ##### STATISTICS #####
+
+  # count startings
+  if [ "${CHAIN}" == "mainnet" ]; then
+    /home/admin/config.scripts/blitz.systemd.sh log blockchain STARTED
+  fi
+
+  echo "# OK PRESTART DONE"
+
+else
+  echo "# FAIL: parameter not known - run with -h for help"
+  exit 1
+fi
--- a/Show More
+++ b/Show More