From 324420a163de0937bb6809bc17b1576cb90be401 Mon Sep 17 00:00:00 2001
From: Christian Rotzoll <christian@geektank.de>
Date: Tue, 2 Apr 2019 21:00:39 +0100
Subject: [PATCH] #324 & #485

---
 home.admin/_bootstrap.provision.sh            | 53 +++++++++++++++++++
 .../config.scripts/internet.sshtunnel.py      | 14 ++++-
 2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/home.admin/_bootstrap.provision.sh b/home.admin/_bootstrap.provision.sh
index 77a344e..946530f 100644
--- a/home.admin/_bootstrap.provision.sh
+++ b/home.admin/_bootstrap.provision.sh
@@ -82,6 +82,21 @@ sed -i "6s/.*/After=${network}d.service/" /home/admin/assets/lnd.service >> ${lo
 sudo cp /home/admin/assets/lnd.service /etc/systemd/system/lnd.service >> ${logFile} 2>&1
 sudo chmod +x /etc/systemd/system/lnd.service >> ${logFile} 2>&1
 
+# backup LND dir (especially for macaroons and tlscerts)
+# https://github.com/rootzoll/raspiblitz/issues/324
+echo "*** Make backup of LND directory" >> ${logFile}
+sudo rm -r  /mnt/hdd/backup_lnd 
+sudo cp -r /mnt/hdd/lnd /mnt/hdd/backup_lnd >> ${logFile} 2>&1
+numOfDiffers=$(sudo diff -arq /mnt/hdd/lnd /mnt/hdd/backup_lnd | grep -c "differ")
+if [ ${numOfDiffers} -gt 0 ]; then
+  echo "FAIL: Backup was not successfull" >> ${logFile}
+  sudo diff -arq /mnt/hdd/lnd /mnt/hdd/backup_lnd >> ${logFile} 2>&1
+  echo "removing backup dir to prevent false override" >> ${logFile}
+else
+  echo "OK Backup is valid." >> ${logFile}
+fi
+echo "" >> ${logFile}
+
 # finish setup (SWAP, Benus, Firewall, Update, ..)
 sudo sed -i "s/^message=.*/message='Setup System ..'/g" ${infoFile}
 /home/admin/90finishSetup.sh >> ${logFile} 2>&1
@@ -170,6 +185,44 @@ else
   echo "Was not able to get LND port from config." >> ${logFile}
 fi
 
+# SSH TUNNEL
+if [ "${#sshtunnel}" -gt 0 ]; then
+    echo "Provisioning SSH Tunnel - run config script" >> ${logFile}
+    sudo sed -i "s/^message=.*/message='Setup SSH Tunnel'/g" ${infoFile}
+    sudo /home/admin/config.scripts/internet.sshtunnel.py restore ${sshtunnel} >> ${logFile} 2>&1
+else 
+    echo "Provisioning SSH Tunnel - keep default" >> ${logFile}
+fi
+
+# ROOT SSH KEYS
+# check if a backup on HDD exists and when retsore back
+backupRootSSH=$(sudo ls /mnt/hdd/ssh/root_backup 2>/dev/null | grep -c "id_rsa")
+if [ ${backupRootSSH} -gt 0 ]; then
+    echo "Provisioning Root SSH Keys - RESTORING from HDD" >> ${logFile}
+    sudo cp -r /mnt/hdd/ssh/root_backup /root/.ssh
+    sudo chown -R root:root /root/.ssh
+else
+    echo "Provisioning Root SSH Keys - keep default" >> ${logFile}
+fi
+
+# replay backup LND dir (especially for macaroons and tlscerts)
+# https://github.com/rootzoll/raspiblitz/issues/324
+echo "" >> ${logFile}
+echo "*** Replay backup of LND directory" >> ${logFile}
+if [ -d "/mnt/hdd/backup_lnd" ]; then
+  echo "Copying ..." >> ${logFile}
+  sudo cp -r /mnt/hdd/backup_lnd /mnt/hdd/lnd >> ${logFile} 2>&1
+  echo "Updating user admin creds ..." >> ${logFile}
+  sudo cp /mnt/hdd/lnd/lnd.conf /home/admin/.lnd/lnd.conf >> ${logFile} 2>&1
+  sudo cp /mnt/hdd/lnd/tls.cert /home/admin/.lnd/tls.cert >> ${logFile} 2>&1
+  sudo cp -r /mnt/hdd/lnd/data/chain /home/admin/.lnd/data/chain >> ${logFile} 2>&1
+  sudo chown -R admin:admin /home/admin/.lnd >> ${logFile} 2>&1
+  echo "DONE" >> ${logFile}
+else
+  echo "No BackupDir so skipping that step." >> ${logFile}
+fi
+echo "" >> ${logFile}
+
 sudo sed -i "s/^message=.*/message='Setup Done'/g" ${infoFile}
 
 echo "DONE - Give raspi some cool off time after hard building .... 20 secs sleep" >> ${logFile}
diff --git a/home.admin/config.scripts/internet.sshtunnel.py b/home.admin/config.scripts/internet.sshtunnel.py
index aad7d86..f3968cc 100755
--- a/home.admin/config.scripts/internet.sshtunnel.py
+++ b/home.admin/config.scripts/internet.sshtunnel.py
@@ -6,13 +6,14 @@ from pathlib import Path
 # display config script info
 if len(sys.argv) <= 1 or sys.argv[1] == "-h" or sys.argv[1] == "help":
     print("forward ports from another server to raspiblitz with reverse SSH tunnel")
-    print("internet.sshtunnel.py [on|off] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]")
+    print("internet.sshtunnel.py [on|off|restore] [USER]@[SERVER] [INTERNAL-PORT]:[EXTERNAL-PORT]")
     print("note that [INTERNAL-PORT]:[EXTERNAL-PORT] can one or multiple forwardings")
     sys.exit(1)
 
 #
 # CONSTANTS
 # sudo journalctl -f -u autossh-tunnel
+#
 
 SERVICENAME="autossh-tunnel.service"
 SERVICEFILE="/etc/systemd/system/"+SERVICENAME
@@ -32,6 +33,17 @@ StandardOutput=journal
 WantedBy=multi-user.target
 """
 
+#
+# RESTORE = SWITCHING ON with restore flag on
+# on restore other external scripts dont need calling
+#
+
+restoringOnUpdate = False
+if sys.argv[1] == "restore":
+    print("internet.sshtunnel.py -> running with restore flag")
+    sys.argv[1] = "on"
+    restoringOnUpdate = True
+
 #
 # SWITCHING ON
 #