|
|
|
@ -35,8 +35,22 @@ list_installed_apps() { |
|
|
|
cat "${USER_FILE}" 2> /dev/null | jq -r 'if has("installedApps") then .installedApps else [] end | join("\n")' || true |
|
|
|
} |
|
|
|
|
|
|
|
# Deterministically derives 128 bits of cryptographically secure entropy |
|
|
|
derive_entropy () { |
|
|
|
identifier="${1}" |
|
|
|
umbrel_seed=$(cat "${UMBREL_ROOT}/db/umbrel-seed/seed") || true |
|
|
|
|
|
|
|
if [[ -z "$umbrel_seed" ]] || [[ -z "$identifier" ]]; then |
|
|
|
>&2 echo "Missing derivation parameter, this is unsafe, exiting." |
|
|
|
exit 1 |
|
|
|
fi |
|
|
|
|
|
|
|
# We need `sed 's/^.* //'` to trim the "(stdin)= " prefix from some versions of openssl |
|
|
|
printf "%s" "${identifier}" | openssl dgst -sha256 -hmac "${umbrel_seed}" | sed 's/^.* //' |
|
|
|
} |
|
|
|
|
|
|
|
# Check dependencies |
|
|
|
check_dependencies docker-compose jq |
|
|
|
check_dependencies docker-compose jq openssl |
|
|
|
|
|
|
|
if [ -z ${1+x} ]; then |
|
|
|
command="" |
|
|
|
@ -85,11 +99,13 @@ compose() { |
|
|
|
local app_base_compose_file="${UMBREL_ROOT}/apps/docker-compose.common.yml" |
|
|
|
local app_compose_file="${app_dir}/docker-compose.yml" |
|
|
|
local app_hidden_servive_file="${UMBREL_ROOT}/tor/data/app-${app}/hostname" |
|
|
|
local app_entropy_identifier="app-${app}-seed" |
|
|
|
|
|
|
|
export BITCOIN_DATA_DIR="${UMBREL_ROOT}/bitcoin" |
|
|
|
export LND_DATA_DIR="${UMBREL_ROOT}/lnd" |
|
|
|
export APP_DATA_DIR="${app_data_dir}" |
|
|
|
export APP_HIDDEN_SERVICE="$(cat "${app_hidden_servive_file}" 2>/dev/null || echo "notyetset.onion")" |
|
|
|
export APP_SEED=$(derive_entropy "${app_entropy_identifier}") |
|
|
|
docker-compose \ |
|
|
|
--env-file "${env_file}" \ |
|
|
|
--project-name "${app}" \ |
|
|
|
|
GitHub