Redo configuration logic (#87)

.gitignore

@@ -7,10 +7,24 @@
 .ssh
 .viminfo
 
-# Files created by containers that we shouldn't accidently commit
+# Files and data directories created by services
+# that we shouldn't accidently commit
+
 *.dat
 *.log
 *.lock
 *.cookie
 *.pid
+*.env
+bitcoin/*
+lnd/*
+tor/*
+db/*
+
+# Commit these empty directories
+
+!lnd/.gitkeep
+!tor/data/.gitkeep
+!tor/run/.gitkeep
+!db/.gitkeep
 

README.md

@@ -72,9 +72,9 @@ If you're looking to run Umbrel on:
 
 Ensure that your account is [correctly permissioned to use docker](https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user).
 
-### Step 1. Run this from your home directory (if installing on dedicated hardware)
+### Step 1. Download
 
-> It will clone this repo while preserving home directory's existing structure.
+> Run this in an empty directory where you want to install Umbrel
 
 ```bash
 curl -L https://github.com/getumbrel/umbrel/archive/v0.1.6-beta.3.tar.gz | tar -xz --strip-components=1
@@ -83,17 +83,17 @@ curl -L https://github.com/getumbrel/umbrel/archive/v0.1.6-beta.3.tar.gz | tar -
 ### Step 2. Configure
 
 ```bash
-# To configure Umbrel for mainnet, run:
+# To use Umbrel on mainnet, run:
 ./scripts/configure
 
 # For testnet, run:
-TESTNET=1 ./scripts/configure
+NETWORK=testnet ./scripts/configure
 
 # For regtest, run:
-REGTEST=1 ./scripts/configure
+NETWORK=regtest ./scripts/configure
 ```
 
-### Step 3. Run Umbrel
+### Step 3. Run
 
 ```bash
 sudo ./scripts/start

contrib/partitioner/partitioner.py

@@ -175,10 +175,9 @@ def main():
                     os.system('/bin/sed -i "s/#txindex=1/txindex=1/g;" ' + str(homedirpath) + '/bitcoin/bitcoin.conf')
 
                 '''
-                Setup secrets, db, bitcoin, nginx, and lnd directory.. as a new install
+                Setup db, bitcoin, nginx, and lnd directory.. as a new install
                 '''
-                print('Setup secrets, db, bitcoin, nginx, tor and lnd directory.. as a new install')
-                os.system('/bin/cp -fr ' + homedirpath + '/secrets /mnt/data')
+                print('Setup db, bitcoin, nginx, tor and lnd directory.. as a new install')
                 os.system('/bin/cp -fr ' + homedirpath + '/db /mnt/data')
                 os.system('/bin/cp -fr ' + homedirpath + '/bitcoin /mnt/data')
                 os.system('/bin/cp -fr ' + homedirpath + '/lnd /mnt/data')
@@ -202,20 +201,15 @@ def main():
 
                 '''
                 Check other folders in partition3
-                - secrets
                 - db
                 - lnd
                 - nginx
                 - tor
                 '''
-                # Secrets folder
-                if not os.path.exists('/mnt/data/secrets'):
-                    print('secrets folder does\'nt exist!')
-                    os.system('/bin/cp -fr ' + homedirpath + '/secrets /mnt/data')
 
                 # tor folder
                 if not os.path.exists('/mnt/data/tor'):
-                    print('secrets folder does\'nt exist!')
+                    print('tor folder does\'nt exist!')
                     os.system('/bin/cp -fr ' + homedirpath + '/tor /mnt/data')                        
 
                 # db folder
@@ -267,7 +261,6 @@ def main():
         os.system('/bin/mount -a');
 
         print('Remove old folders (after copying)')
-        os.system('/bin/rm -fr ' + homedirpath + '/secrets')
         os.system('/bin/rm -fr ' + homedirpath + '/db')
         os.system('/bin/rm -fr ' + homedirpath + '/bitcoin')
         os.system('/bin/rm -fr ' + homedirpath + '/lnd')
@@ -275,7 +268,6 @@ def main():
         os.system('/bin/rm -fr ' + homedirpath + '/nginx')
         os.system('/bin/rm -fr ' + homedirpath + '/docker-compose.yml')
         print('Set up symlinks')
-        os.system('/bin/ln -s /mnt/data/secrets ' + homedirpath + '/secrets')
         os.system('/bin/ln -s /mnt/data/db ' + homedirpath + '/db')
         os.system('/bin/ln -s /mnt/data/bitcoin ' + homedirpath + '/bitcoin')
         os.system('/bin/ln -s /mnt/data/lnd ' + homedirpath + '/lnd')

docker-compose.yml

@@ -102,7 +102,7 @@ services:
                     JWT_PRIVATE_KEY_FILE: "/jwt-private-key/jwt.key"
                     JWT_EXPIRATION: "3600"
                     DOCKER_COMPOSE_DIRECTORY: $PWD
-                    DEVICE_HOST: $DEVICE_HOST
+                    DEVICE_HOST: ${DEVICE_HOST:-http://umbrel.local}
                     MIDDLEWARE_API_URL: "http://10.11.2.2"
                     UMBREL_DASHBOARD_HIDDEN_SERVICE_FILE: "/var/lib/tor/web/hostname"
                     SHUTDOWN_SIGNAL_FILE: "/signals/shutdown"
@@ -129,13 +129,13 @@ services:
                 environment:
                     PORT: "3005"
                     BITCOIN_HOST: "10.11.1.1"
-                    RPC_PORT: "RPCPORT"
-                    RPC_USER: "lncm"
-                    RPC_PASSWORD: "RPCPASS"
-                    LND_NETWORK: "mainnet"
+                    RPC_PORT: $BITCOIN_RPC_PORT
+                    RPC_USER: $BITCOIN_RPC_USER
+                    RPC_PASSWORD: $BITCOIN_RPC_PASS
+                    LND_NETWORK: $BITCOIN_NETWORK
                     LND_HOST: "10.11.1.2"
                     JWT_PUBLIC_KEY_FILE: "/jwt-public-key/jwt.pem"
-                    DEVICE_HOST: $DEVICE_HOST
+                    DEVICE_HOST: ${DEVICE_HOST:-http://umbrel.local}
                 networks:
                     net:
                         ipv4_address: 10.11.2.2
@@ -146,12 +146,12 @@ services:
                 depends_on: [ bitcoin, lnd ]
                 restart: unless-stopped
                 volumes:
-                    - "${PWD}/lnd:/lnd"
-                    - "${PWD}/secrets:/secrets"
-                    - "${PWD}/statuses:/statuses"
-                    - "/var/run/docker.sock:/var/run/docker.sock"
+                    - ${PWD}/lnd:/lnd
+                    - ${PWD}/statuses:/statuses
+                    - /var/run/docker.sock:/var/run/docker.sock
                 environment:
-                    JSONRPCURL: http://10.11.1.1:RPCPORT
+                    JSONRPCURL: "http://10.11.1.1:${BITCOIN_RPC_PORT}"
+                    RPCPASS: $BITCOIN_RPC_PASS
                     LND_CONTAINER_NAME: lnd
                     SLEEPTIME: 3600
                 networks:

scripts/configure

@@ -1,21 +1,9 @@
 #!/usr/bin/env bash
-set -e
+set -euo pipefail
 
-# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
-# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
-# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
-# IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
-# OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
-# ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
-# OTHER DEALINGS IN THE SOFTWARE.
-
-# Install the docker-compose box to the current working directory
-# Pre-requisites: wget
-
-if [ ! $(uname -s) == "Linux" ]; then
-  echo "Sorry, only linux systems are supported at this time (you may work around this but you are on your own there)"
-  exit 1
-fi
+##########################################################
+################## Check dependencies ####################
+##########################################################
 
 check_dependencies () {
   for cmd in "$@"; do
@@ -26,98 +14,182 @@ check_dependencies () {
   done
 }
 
-check_dependencies wget docker docker-compose
+if [ ! "$(uname -s)" == "Linux" ]; then
+  echo "Sorry, Umbrel only supports Linux-based systems at this point."
+  echo
+  echo "You may work around this by modifying the configuration script yourself, but it's highly experimental."
+  echo "If you get it working, we hope you consider making a PR. :)"
+  exit 1
+fi
 
-UMBREL_ROOT="$(dirname $(readlink -f "${BASH_SOURCE[0]}"))/.."
+check_dependencies docker docker-compose dirname readlink
 
+# Switch to Umbrel's root directory
+UMBREL_ROOT="$(readlink -f "$(dirname "${BASH_SOURCE[0]}")"/..)"
 if [[ ! -d "$UMBREL_ROOT" ]]; then
   echo "Root dir does not exist '$UMBREL_ROOT'"
   exit 1
 fi
-
 cd "$UMBREL_ROOT"
 
-echo "Start box configuration"
-echo "Installing RPCAuth.py and configuring secrets"
-cd bin/
-wget -q "https://raw.githubusercontent.com/bitcoin/bitcoin/master/share/rpcauth/rpcauth.py" 2>/dev/null
-chmod 755 rpcauth.py
-./rpcauth.py lncm | tee ../secrets/generated.txt | head -2 | tail -1 > ../secrets/rpcauth.txt
-tail -1 ../secrets/generated.txt > ../secrets/rpcpass.txt
-rm rpcauth.py ../secrets/generated.txt
-cd ..
-echo "Installing RPCAuth into bitcoin.conf"
-cat secrets/rpcauth.txt >> bitcoin/bitcoin.conf
-RPCPASS=`cat secrets/rpcpass.txt`
-echo "Configuring LND rpc info"
-sed -i "s/RPCPASS/${RPCPASS}/g; " lnd/lnd.conf
-echo "Configuring docker-compose file"
-sed -i "s/RPCPASS/${RPCPASS}/g; " docker-compose.yml
-# TESTNET set and REGTEST not
-if [ ! -z $TESTNET ] && [ -z $REGTEST ]; then
-    echo "Enabling testnet mode if TESTNET variable is set"
-    # Update bitcoin.conf
-    sed -i 's/\#\[test\]/\[test\]/g;' bitcoin/bitcoin.conf
-    sed -i 's/\#testnet=1/testnet=1/g' bitcoin/bitcoin.conf
-    sed -i 's/rpcport=8332/rpcport=18332/g; ' bitcoin/bitcoin.conf
-    sed -i 's/port=8332/port=18333/g; ' bitcoin/bitcoin.conf
-    echo "Setting testnet port"
-    sed -i 's/RPCPORT/18332/g; ' docker-compose.yml
-    # Update docker-compose
-    sed -i 's/mainnet/testnet/g; ' docker-compose.yml
-    # lnd.conf
-    echo "Changing LND to testnet mode"
-    sed -i 's/bitcoin.mainnet=1/bitcoin.testnet=1/g; ' lnd/lnd.conf
-    echo "Updating LND neutrino peers"
-    sed -i 's/neutrino.addpeer=bb2.breez.technology/\;neutrino.addpeer=bb2.breez.technology/g; ' lnd/lnd.conf
-    sed -i 's/neutrino.addpeer=mainnet1-btcd.zaphq.io/\;neutrino.addpeer=mainnet1-btcd.zaphq.io/g; ' lnd/lnd.conf
-    sed -i 's/neutrino.addpeer=mainnet2-btcd.zaphq.io/\;neutrino.addpeer=mainnet2-btcd.zaphq.io/g;' lnd/lnd.conf
-    sed -i 's/\;neutrino.addpeer=testnet1-btcd.zaphq.io/neutrino.addpeer=testnet1-btcd.zaphq.io/g;' lnd/lnd.conf
-    sed -i 's/\;neutrino.addpeer=testnet2-btcd.zaphq.io/neutrino.addpeer=testnet2-btcd.zaphq.io/g; ' lnd/lnd.conf
+# Configure for mainnet or testnet or regtest depending
+# upon the user-supplied value of $NETWORK
+BITCOIN_NETWORK="${NETWORK:-mainnet}"
+
+if [ "$BITCOIN_NETWORK" != "mainnet" ] && [ "$BITCOIN_NETWORK" != "testnet" ] && [ "$BITCOIN_NETWORK" != "regtest" ]; then
+  echo "Error: Umbrel can only be configured for mainnet (default), testnet or regtest"
+  exit 1
 fi
-# REGTEST set and TESTNET not
-if [ -z $TESTNET ] && [ ! -z $REGTEST ]; then
-    echo "Enabling regtest mode if REGTEST variable is set"
-    sed -i 's/\#\[regtest\]/\[regtest\]/g;' bitcoin/bitcoin.conf
-    sed -i 's/\#regtest=1/regtest=1/g' bitcoin/bitcoin.conf
-    sed -i 's/rpcport=8332/rpcport=18443/g; ' bitcoin/bitcoin.conf
-    sed -i 's/port=8333/port=18444/; ' bitcoin/bitcoin.conf
-    sed -i 's/mainnet/regtest/g; ' docker-compose.yml
-    echo "Setting regtest port"
-    sed -i 's/RPCPORT/18443/g; ' docker-compose.yml
-    # Update LND
-    echo "Changing LND to regtest mode"
-    sed -i 's/bitcoin.mainnet=1/bitcoin.regtest=1/g; ' lnd/lnd.conf
-    echo "Updating LND if regtest is set"
-    sed -i 's/bitcoin.node=neutrino/bitcoin.node=bitcoind/g; ' lnd/lnd.conf
+
+echo
+echo "Configuring Umbrel for $BITCOIN_NETWORK"
+echo 
+
+
+##########################################################
+############### Setup configuration files ###############
+##########################################################
+
+# Store paths to intermediary config files
+BITCOIN_CONF_FILE="./templates/bitcoin.conf"
+LND_CONF_FILE="./templates/lnd.conf"
+TOR_CONF_FILE="./templates/torrc"
+ENV_FILE="./templates/.env"
+
+# Remove intermediary files if they exist from any
+# previous unclean configuration run
+[[ -f "$BITCOIN_CONF_FILE" ]] && rm -f "$BITCOIN_CONF_FILE"
+[[ -f "$LND_CONF_FILE" ]] && rm -f "$LND_CONF_FILE"
+[[ -f "$TOR_CONF_FILE" ]] && rm -f "$TOR_CONF_FILE"
+[[ -f "$ENV_FILE" ]] && rm -f "$ENV_FILE"
+
+# Copy template configs to intermediary configs
+[[ -f "./templates/bitcoin-sample.conf" ]] && cp "./templates/bitcoin-sample.conf" "$BITCOIN_CONF_FILE"
+[[ -f "./templates/lnd-sample.conf" ]] && cp "./templates/lnd-sample.conf" "$LND_CONF_FILE"
+[[ -f "./templates/torrc-sample" ]] && cp "./templates/torrc-sample" "$TOR_CONF_FILE"
+[[ -f "./templates/.env-sample" ]] && cp "./templates/.env-sample" "$ENV_FILE"
+
+
+##########################################################
+############ Generate configuration variables ############
+##########################################################
+
+# Generate RPC credentials
+echo "Generating auth credentials"
+echo
+BITCOIN_RPC_USER="umbrelrpc"
+BITCOIN_RPC_DETAILS=$("./scripts/rpcauth.py" "$BITCOIN_RPC_USER")
+BITCOIN_RPC_AUTH=$(echo "$BITCOIN_RPC_DETAILS" | head -2 | tail -1)
+BITCOIN_RPC_PASS=$(echo "$BITCOIN_RPC_DETAILS" | tail -1)
+BITCOIN_RPC_PORT=8332
+BITCOIN_P2P_PORT=8333
+
+# Pull Tor image and generate Tor password
+echo "Generating Tor password"
+echo
+docker pull --quiet getumbrel/tor:v0.4.1.9
+TOR_PASS=$("./scripts/rpcauth.py" "itdoesntmatter" | tail -1)
+TOR_HASHED_PASS=$(docker run --rm getumbrel/tor:v0.4.1.9 --quiet --hash-password "$TOR_PASS")
+
+
+##########################################################
+### Update config files with configuration variables #####
+##########################################################
+
+if [ "$BITCOIN_NETWORK" == "testnet" ]; then
+  # Set testnet ports
+  BITCOIN_RPC_PORT=18332
+  BITCOIN_P2P_PORT=18333
+  # Uncomment "test" block
+  sed -i "s/\#\[test\]/\[test\]/g;" "$BITCOIN_CONF_FILE"
+  # Enable testnet
+  sed -i "s/\#testnet=1/testnet=1/g" "$BITCOIN_CONF_FILE"
+  # Switch LND to testnet
+  sed -i "s/bitcoin.mainnet=1/bitcoin.testnet=1/g;" "$LND_CONF_FILE"
+  # Comment mainnet neutrino peers
+  sed -i "s/neutrino.addpeer=bb2.breez.technology/\;neutrino.addpeer=bb2.breez.technology/g;" "$LND_CONF_FILE"
+  sed -i "s/neutrino.addpeer=mainnet1-btcd.zaphq.io/\;neutrino.addpeer=mainnet1-btcd.zaphq.io/g;" "$LND_CONF_FILE"
+  sed -i "s/neutrino.addpeer=mainnet2-btcd.zaphq.io/\;neutrino.addpeer=mainnet2-btcd.zaphq.io/g;" "$LND_CONF_FILE"
+  # Uncomment testnet neutrino peers
+  sed -i "s/\;neutrino.addpeer=testnet1-btcd.zaphq.io/neutrino.addpeer=testnet1-btcd.zaphq.io/g;" "$LND_CONF_FILE"
+  sed -i "s/\;neutrino.addpeer=testnet2-btcd.zaphq.io/neutrino.addpeer=testnet2-btcd.zaphq.io/g;" "$LND_CONF_FILE"
+
 fi
-# if neither set
-if [ -z $TESTNET ] && [ -z $REGTEST ]; then
-    echo "Setting mainnet RPC port in docker-compose"
-    sed -i 's/RPCPORT/8332/g; ' docker-compose.yml
+
+if [ "$BITCOIN_NETWORK" == "regtest" ]; then
+  # Set regtest ports
+  BITCOIN_RPC_PORT=18443
+  BITCOIN_P2P_PORT=18444
+  # Uncomment "regtest" block
+  sed -i "s/\#\[regtest\]/\[regtest\]/g;" "$BITCOIN_CONF_FILE"
+  # Enable regtest
+  sed -i "s/\#regtest=1/regtest=1/g" "$BITCOIN_CONF_FILE"
+  # Switch LND to regtest
+  sed -i "s/bitcoin.mainnet=1/bitcoin.regtest=1/g;" "$LND_CONF_FILE"
+  # Use bitcoind as the node
+  sed -i "s/bitcoin.node=neutrino/bitcoin.node=bitcoind/g;" "$LND_CONF_FILE"
 fi
 
+# Update RPC and P2P Ports
+sed -i "s/rpcport=<port>/rpcport=$BITCOIN_RPC_PORT/g;" "$BITCOIN_CONF_FILE"
+sed -i "s/port=<port>/port=$BITCOIN_P2P_PORT/g;" "$BITCOIN_CONF_FILE"
+sed -i "s/BITCOIN_RPC_PORT=<port>/BITCOIN_RPC_PORT=$BITCOIN_RPC_PORT/g;" "$ENV_FILE"
+sed -i "s/BITCOIN_P2P_PORT=<port>/BITCOIN_P2P_PORT=$BITCOIN_P2P_PORT/g;" "$ENV_FILE"
+
+# Add rpcauth to bitcoin.conf
+sed -i "s/rpcauth=<rpcauth>/$BITCOIN_RPC_AUTH/g;" "$BITCOIN_CONF_FILE"
+# Add RPC credentials to lnd.conf
+sed -i "s/bitcoind.rpcuser=<username>/bitcoind.rpcuser=$BITCOIN_RPC_USER/g;" "$LND_CONF_FILE"
+sed -i "s/bitcoind.rpcpass=<password>/bitcoind.rpcpass=$BITCOIN_RPC_PASS/g;" "$LND_CONF_FILE"
+# Add RPC credentials to env file
+sed -i "s/BITCOIN_RPC_USER=<username>/BITCOIN_RPC_USER=$BITCOIN_RPC_USER/g;" "$ENV_FILE"
+sed -i "s/BITCOIN_RPC_PASS=<password>/BITCOIN_RPC_PASS=$BITCOIN_RPC_PASS/g;" "$ENV_FILE"
+
+# Add chain to env file
+sed -i "s/BITCOIN_NETWORK=<network>/BITCOIN_NETWORK=$BITCOIN_NETWORK/g;" "$ENV_FILE"
+
+# Add Tor password
+sed -i "s/HashedControlPassword <password>/HashedControlPassword $TOR_HASHED_PASS/g;" "$TOR_CONF_FILE"
+sed -i "s/torpassword=<password>/torpassword=$TOR_PASS/g;" "$BITCOIN_CONF_FILE"
+sed -i "s/tor.password=<password>/tor.password=$TOR_PASS/g;" "$LND_CONF_FILE"
+sed -i "s/TOR_PASSWORD=<password>/TOR_PASSWORD=$TOR_PASS/g;" "$ENV_FILE"
+sed -i "s/TOR_HASHED_PASSWORD=<password>/TOR_HASHED_PASSWORD=$TOR_HASHED_PASS/g;" "$ENV_FILE"
+
+
+##########################################################
+############### Performance optimizations ################
+##########################################################
+
+echo
+echo "Making performance optimizations"
+echo
+
 echo "Setting dbcache size"
+echo
 DBCACHE_SIZE=$(awk '/MemTotal/{printf "%d\n", ($2/2^10 * 0.5) - 300}' /proc/meminfo)
-sed -i -e "s/dbcache=1000/dbcache=$DBCACHE_SIZE/g" bitcoin/bitcoin.conf
+sed -i -e "s/dbcache=<size>/dbcache=$DBCACHE_SIZE/g" "$BITCOIN_CONF_FILE"
+
+# TODO: Adjust prune size based on available disk space
+
+##########################################################
+############## Override main config files ################
+##########################################################
 
-echo "Pulling Docker images"
-docker-compose pull
+mv -f "$BITCOIN_CONF_FILE" "./bitcoin/bitcoin.conf"
+mv -f "$LND_CONF_FILE" "./lnd/lnd.conf"
+mv -f "$TOR_CONF_FILE" "./tor/torrc"
+mv -f "$ENV_FILE" "./.env"
 
-echo "Adding tor password"
-SAVE_PASSWORD=$(docker run --rm getumbrel/tor:v0.4.1.9 --quiet --hash-password "${RPCPASS}")
-# Add a new line first
-echo >> tor/torrc
-echo "HashedControlPassword ${SAVE_PASSWORD}" >> tor/torrc
 
-echo "Adding Tor password to bitcoind"
-sed -i "s/torpassword=umbrelftw/torpassword=${RPCPASS}/g;" bitcoin/bitcoin.conf
-echo "Adding Tor password to LND"
-sed -i "s/tor.password=umbrelftw/tor.password=${RPCPASS}/g; " lnd/lnd.conf
+##########################################################
+################ Configuration complete ##################
+##########################################################
 
-echo "Removing stuff we don't need"
-rm -fr .git
-rm -fr README.md
-rm -fr NETWORKING.md
+echo "Pulling Umbrel Docker images"
+echo
+docker-compose pull --quiet
 
-echo "Box Configuration complete"
+echo "Configuration successful"
+echo "You can now start Umbrel by running:"
+echo "  sudo ./scripts/start"
+echo

scripts/rpcauth.py

@@ -0,0 +1,46 @@
+#!/usr/bin/env python3
+# Copyright (c) 2015-2018 The Bitcoin Core developers
+# Distributed under the MIT software license, see the accompanying
+# file COPYING or http://www.opensource.org/licenses/mit-license.php.
+
+from argparse import ArgumentParser
+from base64 import urlsafe_b64encode
+from binascii import hexlify
+from getpass import getpass
+from os import urandom
+
+import hmac
+
+def generate_salt(size):
+    """Create size byte hex salt"""
+    return hexlify(urandom(size)).decode()
+
+def generate_password():
+    """Create 32 byte b64 password"""
+    return urlsafe_b64encode(urandom(32)).decode('utf-8')
+
+def password_to_hmac(salt, password):
+    m = hmac.new(bytearray(salt, 'utf-8'), bytearray(password, 'utf-8'), 'SHA256')
+    return m.hexdigest()
+
+def main():
+    parser = ArgumentParser(description='Create login credentials for a JSON-RPC user')
+    parser.add_argument('username', help='the username for authentication')
+    parser.add_argument('password', help='leave empty to generate a random password or specify "-" to prompt for password', nargs='?')
+    args = parser.parse_args()
+
+    if not args.password:
+        args.password = generate_password()
+    elif args.password == '-':
+        args.password = getpass()
+
+    # Create 16 byte hex salt
+    salt = generate_salt(16)
+    password_hmac = password_to_hmac(salt, args.password)
+
+    print('String to be appended to bitcoin.conf:')
+    print('rpcauth={0}:{1}${2}'.format(args.username, salt, password_hmac))
+    print('Your password:\n{0}'.format(args.password))
+
+if __name__ == '__main__':
+    main()

scripts/update/.updateignore

@@ -1,8 +1,8 @@
 .*
-bitcoin
+bitcoin/*
 db
-lnd
+lnd/*
 secrets
 statuses
-tor
-events/signals
+tor/*
+events/signals

scripts/update/.updateinclude

@@ -0,0 +1,4 @@
+.env
+bitcoin/bitcoin.conf
+lnd/lnd.conf
+tor/torrc

scripts/update/00-run.sh

@@ -33,8 +33,10 @@ chown -R 1000:1000 "$UMBREL_ROOT"/
 # Backup
 echo "Backing up existing directory tree"
 
-rsync -av "$UMBREL_ROOT"/ \
+rsync -av \
+    --include-from="$UMBREL_ROOT/.umbrel-$RELEASE/scripts/update/.updateinclude" \
     --exclude-from="$UMBREL_ROOT/.umbrel-$RELEASE/scripts/update/.updateignore" \
+    "$UMBREL_ROOT"/ \
     "$UMBREL_ROOT"/.umbrel-backup/
 
 echo "Successfully backed up to $UMBREL_ROOT/.umbrel-backup"

scripts/update/01-run.sh

@@ -19,43 +19,15 @@ EOF
 # Checkout to the new release
 cd "$UMBREL_ROOT"/.umbrel-"$RELEASE"
 
-# Update RPC Password in docker-compose.yml
-# Get gnu sed
-gnused=sed
-if [[ "$(uname)" == "Darwin" ]]; then
-  if ! command -v gsed >/dev/null 2>&1; then
-    echo "Error: This script requires gnu-sed!"
-    echo "Install it with:"
-    echo "  brew install gnu-sed"
-    exit 1
-  fi
-  gnused=gsed
-fi
-
-echo "Updating RPC Password in docker-compose.yml"
-RPCPASS=$(cat "$UMBREL_ROOT"/secrets/rpcpass.txt)
-$gnused -i "s/RPCPASS/${RPCPASS}/g;" docker-compose.yml
-
-# echo "Setting regtest"
-# $gnused -i 's/mainnet/regtest/g; ' docker-compose.yml
-# $gnused -i "s/RPCPORT/18443/g;" docker-compose.yml
-
-echo "Setting mainnet"
-$gnused -i "s/RPCPORT/8332/g;" docker-compose.yml
-
-if [[ "$HOSTNAME" != "umbrel" ]]; then
-  echo "Changing hostname to http://$HOSTNAME.local"
-  $gnused -i "s/umbrel.local/${HOSTNAME}.local/g;" docker-compose.yml
-fi
-
-
-# Pull new images
-echo "Pulling new images"
+# Configure new install
+echo "Configuring new release"
 cat <<EOF > "$UMBREL_ROOT"/statuses/update-status.json
-{"state": "installing", "progress": 40, "description": "Downloading new Docker images", "updateTo": "$RELEASE"}
+{"state": "installing", "progress": 40, "description": "Configuring new release", "updateTo": "$RELEASE"}
 EOF
-cd "$UMBREL_ROOT"/.umbrel-"$RELEASE"
-docker-compose pull
+
+BITCOIN_NETWORK="mainnet"
+[[ -f "$UMBREL_ROOT/.env" ]] && source "$UMBREL_ROOT/.env"
+NETWORK=$BITCOIN_NETWORK ./scripts/configure
 
 # Stop existing containers
 echo "Stopping existing containers"
@@ -67,8 +39,10 @@ cd "$UMBREL_ROOT"
 
 # Overlay home dir structure with new dir tree
 echo "Overlaying $UMBREL_ROOT/ with new directory tree"
-rsync -av "$UMBREL_ROOT"/.umbrel-"$RELEASE"/ \
+rsync -av \
+    --include-from="$UMBREL_ROOT/.umbrel-$RELEASE/scripts/update/.updateinclude" \
     --exclude-from="$UMBREL_ROOT/.umbrel-$RELEASE/scripts/update/.updateignore" \
+    "$UMBREL_ROOT"/.umbrel-"$RELEASE"/ \
     "$UMBREL_ROOT"/
 
 # Fix permissions

templates/.env-sample

@@ -0,0 +1,7 @@
+BITCOIN_NETWORK=<network>
+BITCOIN_P2P_PORT=<port>
+BITCOIN_RPC_PORT=<port>
+BITCOIN_RPC_USER=<username>
+BITCOIN_RPC_PASS=<password>
+TOR_PASSWORD=<password>
+TOR_HASHED_PASSWORD=<password>

bitcoin/bitcoin.conf → templates/bitcoin-sample.conf

@@ -1,7 +1,7 @@
 # Have TOR commented for initial sync
 onion=10.11.5.1:29050
 torcontrol=10.11.5.1:29051
-torpassword=umbrelftw
+torpassword=<password>
 
 server=1
 rest=1
@@ -13,7 +13,7 @@ rest=1
 # Low bandwidth/CPU optimizations
 blocksonly=1
 maxconnections=8
-dbcache=1000
+dbcache=<size>
 maxmempool=300
 maxuploadtarget=5000
 
@@ -21,12 +21,13 @@ maxuploadtarget=5000
 #[test]
 # uncomment regtest if regtest=1 is activated
 #[regtest]
-port=8333
-rpcport=8332
+port=<port>
+rpcport=<port>
 rpcbind=10.11.1.1
 rpcbind=127.0.0.1
 rpcallowip=10.11.0.0/16
 rpcallowip=127.0.0.1
+rpcauth=<rpcauth>
 
 # Prune it up first (We can uncomment this later or by script, should there be enough space)
 prune=550

lnd/lnd.conf → templates/lnd-sample.conf

@@ -24,8 +24,8 @@ routing.assumechanvalid=1
 ; Default setting currently is neutrino
 [Bitcoind]
 bitcoind.rpchost=10.11.1.1
-bitcoind.rpcuser=lncm
-bitcoind.rpcpass=RPCPASS
+bitcoind.rpcuser=<username>
+bitcoind.rpcpass=<password>
 bitcoind.zmqpubrawblock=tcp://10.11.1.1:28332
 bitcoind.zmqpubrawtx=tcp://10.11.1.1:28333
 bitcoind.estimatemode=ECONOMICAL
@@ -59,6 +59,6 @@ tor.control=10.11.5.1:29051
 tor.socks=10.11.5.1:29050
 tor.targetipaddress=10.11.1.2
 ; TOR Password placeholder for v0.10.0
-tor.password=umbrelftw
+tor.password=<password>
 tor.v3=1
 tor.dns=soa.nodes.lightning.directory:53

tor/torrc → templates/torrc-sample

@@ -6,4 +6,4 @@ ControlPort 10.11.5.1:29051
 HiddenServiceDir /var/lib/tor/web
 HiddenServicePort 80 10.11.0.2:80
 
-# Tor password will go here:
+HashedControlPassword <password>