lukechilds
/
umbrel
mirror of https://github.com/lukechilds/umbrel.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Merge pull request #12 from mayankchhabra/auth 

Auth, wallet unlock separation, container updates
patch-1
Mayank Chhabra 5 years ago
committed by GitHub
parent
7e7954e451 a2da21245c
commit
8aa86ba8b5
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
7 changed files with 44 additions and 100 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 5
      README.md
  2. 11
      build/lnd-unlock/Dockerfile
  3. 57
      build/lnd-unlock/unlock.sh
  4. 0
      db/jwt-private-key/.gitkeep
  5. 0
      db/jwt-public-key/.gitkeep
  6. 42
      docker-compose.yml
  7. 29
      nginx/conf.d/default.conf

5
README.md
View File

@ -2,7 +2,7 @@
## Abstract ## Abstract
This is a basic framework for orchestration of the box services for running a full lightning and bitcoin node. This is a basic framework for orchestration of the services required to run an Umbrel bitcoin and lightning node.
## How to use ## How to use
@ -57,9 +57,6 @@ wget -qO- "https://raw.githubusercontent.com/getumbrel/umbrel-compose/master/con
docker-compose up -d --build docker-compose up -d --build
# verify the containers # verify the containers
docker ps -a docker ps -a
# Additional node: You should have a way of creating a wallet. Currently this container does not have a create wallet container.
# For the unlock script to work, put the unlock password in secrets/lnd-password.txt
``` ```

11
build/lnd-unlock/Dockerfile
View File

@ -1,11 +0,0 @@
FROM alpine:3.10
RUN apk add --no-cache curl jq
RUN mkdir /lnd/
COPY unlock.sh /bin/unlock
RUN chmod +x /bin/unlock
ENTRYPOINT ["unlock"]

57
build/lnd-unlock/unlock.sh
View File

@ -1,57 +0,0 @@
#!/bin/sh
HOST=localhost:8080
TLS_CERT=/lnd/tls.cert
LNDPASSWORD_PATH=/secrets/lnd-password.txt
MACAROON_PATH=/lnd/data/chain/bitcoin/mainnet/admin.macaroon
lncurl() {
MACAROON="$(xxd -p /lnd/data/chain/bitcoin/mainnet/admin.macaroon | tr -d '\n')"
url_path=$1
data=$2
curl --fail --silent --show-error \
--cacert "${TLS_CERT}" \
--header "Grpc-Metadata-macaroon: ${MACAROON}" \
--data "${data}" \
"https://${HOST}/v1/${url_path}"
}
while true; do
# First make sure that port is open
while ! nc -z localhost 8080; do
>&2 echo "Waiting for ${HOST} port to open…"
sleep 3
done
>&2 echo "Port ${HOST} is open"
# Wait a bit more in case the port was just opened
sleep 1
if [[ -f $LNDPASSWORD_PATH ]]; then
if [[ -f $MACAROON_PATH ]]; then
>&2 echo "Password and macaroon file file exists"
PASS="$(cat /secrets/lnd-password.txt | tr -d '\n' | base64 | tr -d '\n')"
UNLOCK_PAYLOAD="$(jq -nc --arg wallet_password ${PASS} '{$wallet_password}')"
# Try getinfo then unlock
>&2 echo "Trying ${HOST}/getinfo…"
INFO=$(lncurl getinfo)
if [ "$?" = "0" ]; then
>&2 echo "Response: ${INFO}"
alias="$(echo "${INFO}" | jq '.alias')"
>&2 echo "Wallet for ${alias} unlocked!"
exit 0
fi
>&2 echo "${HOST}/getinfo FAILED, out=${INFO}"
>&2 echo "Trying ${HOST}/unlockwallet…"
RESULT=$(lncurl unlockwallet "${UNLOCK_PAYLOAD}")
>&2 echo "${HOST}/unlockwallet completed with: exit-code=$?, out=${RESULT}"
else
>&2 echo "macaroon file doesn't exist"
fi
else
>&2 echo "password file doesn't exist"
fi
sleep 30
done

0
db/jwt-private-key/.gitkeep
View File

0
db/jwt-public-key/.gitkeep
View File

42
docker-compose.yml
View File

@ -10,7 +10,7 @@ x-utility: &default-utility
network_mode: host network_mode: host
services: services:
web: nginx:
image: nginx:1.17.8 image: nginx:1.17.8
logging: *default-logging logging: *default-logging
volumes: volumes:
@ -37,30 +37,42 @@ services:
- /var/lib/tor:/var/lib/tor - /var/lib/tor:/var/lib/tor
- /run/tor:/run/tor/ - /run/tor:/run/tor/
restart: on-failure restart: on-failure
depends_on: [ bitcoin, web ]
network_mode: host network_mode: host
stop_grace_period: 1m30s stop_grace_period: 1m30s
dashboard:
image: getumbrel/dashboard:v0.2.0
logging: *default-logging
restart: always
network_mode: host
manager:
image: getumbrel/manager:v0.1.0
logging: *default-logging
restart: unless-stopped
network_mode: host
volumes:
- "${HOME}/db:/db"
environment:
PORT: "3006"
USER_PASSWORD_FILE: "/db/user.json"
JWT_PUBLIC_KEY_FILE: "/db/jwt-public-key/jwt.pem"
JWT_PRIVATE_KEY_FILE: "/db/jwt-private-key/jwt.key"
JWT_EXPIRATION: "3600"
middleware: middleware:
image: getumbrel/middleware:v0.0.5 image: getumbrel/middleware:v0.1.0
depends_on: [ bitcoin, lnd ] command: ["./wait-for-node-manager.sh", "localhost", "npm", "start"]
logging: *default-logging logging: *default-logging
restart: on-failure restart: unless-stopped
network_mode: host network_mode: host
depends_on: [ manager ]
volumes: volumes:
- "${HOME}/lnd:/lnd" - "${HOME}/lnd:/lnd"
- "${HOME}/db/jwt-public-key:/jwt-public-key"
environment: environment:
PORT: "3005"
BITCOIN_HOST: "0.0.0.0" BITCOIN_HOST: "0.0.0.0"
RPC_PORT: "8332" RPC_PORT: "8332"
RPC_USER: "" RPC_USER: ""
RPC_PASSWORD: "" RPC_PASSWORD: ""
LND_NETWORK: "mainnet" LND_NETWORK: "mainnet"
LND_HOST: "127.0.0.1" LND_HOST: "127.0.0.1"
lnd-unlock: JWT_PUBLIC_KEY_FILE: "/jwt-public-key/jwt.pem"
build: ${HOME}/build/lnd-unlock/
depends_on: [ lnd ]
logging: *default-logging
restart: always
volumes:
- "${HOME}/lnd:/lnd"
- "${HOME}/secrets:/secrets"
network_mode: host

29
nginx/conf.d/default.conf
View File

@ -1,17 +1,20 @@
server { server {
listen 80 default_server; listen 80 default_server;
listen [::]:80 default_server; listen [::]:80 default_server;
server_name _; server_name _;
root /etc/nginx/www;
index index.html;
location / {
index index.html;
try_files $uri $uri/ /index.html;
}
location /api/ { location /api/ {
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS'; add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
proxy_pass http://localhost:3005/; proxy_pass http://localhost:3005/;
} }
}
location /manager-api/ {
add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS, PUT, DELETE';
proxy_pass http://localhost:3006/;
}
location / {
add_header Access-Control-Allow-Origin *;
proxy_pass http://localhost:3004/;
}
}
Write Preview
Loading…
Cancel
Save