Closed openoms closed 1 year ago
Since I installed ord according to your beautiful instructions, my LND stopped working. Which is fine with me - I'm not using Ligthning. I would actually like to turn LND off so it stops asking me to regularly type in my password (which it does quite frequently). Is that possible?
For anybody wanting to turn off Lightning on their RB:
nano /mnt/hdd/raspiblitz.conf
add or edit to: lightning=off
Configure apps to use the rpc cookie
basic notes to be followed command by command
the cookie file reverts to only user permission 600 on restart. Proposed solution to be added to the bitcoind.service: https://github.com/bitcoin/bitcoin/issues/25270#issuecomment-1150049416 used in raspibolt: https://github.com/raspibolt/raspibolt/pull/846 Adds:
Working example:
Click to expand/collapse
``` # /etc/systemd/system/bitcoind.service # RaspiBlitz: systemd unit for bitcoind # based on https://github.com/bitcoin/bitcoin/blob/master/contrib/init/bitcoind.service [Unit] Description=Bitcoin daemon After=bootstrap.service Wants=bootstrap.service # for use with sendmail alert #OnFailure=systemd-sendmail@%n [Service] ExecStartPre=-/home/admin/config.scripts/blitz.systemd.sh log blockchain STARTED ExecStart=/usr/local/bin/bitcoind -daemonwait \ -conf=/mnt/hdd/bitcoin/bitcoin.conf \ -datadir=/mnt/hdd/bitcoin \ -debuglogfile=/mnt/hdd/bitcoin/debug.log \ -startupnotify="chmod g+r /mnt/hdd/bitcoin/.cookie" # Make sure the config directory is readable by the service user PermissionsStartOnly=true ExecStartPre=/bin/chgrp bitcoin /mnt/hdd/bitcoin # Process management #################### Type=forking # PIDFile=/mnt/hdd/bitcoin/bitcoind.pid Restart=on-failure TimeoutStartSec=infinity TimeoutStopSec=600 # Directory creation and permissions #################################### User=bitcoin UMask=0027 StandardOutput=null StandardError=journal # Hardening measures #################### # Provide a private /tmp and /var/tmp. PrivateTmp=true # Mount /usr, /boot/ and /etc read-only for the process. ProtectSystem=full # Deny access to /home, /root and /run/user ProtectHome=true # Disallow the process and all of its children to gain # new privileges through execve(). NoNewPrivileges=true # Use a new /dev namespace only populated with API pseudo devices # such as /dev/null, /dev/zero and /dev/random. PrivateDevices=true # Deny the creation of writable and executable memory mappings. MemoryDenyWriteExecute=true [Install] WantedBy=multi-user.target ```btc-rpc-proxy
An alternative solution is to avoid reconfiguring all apps is to run btc-rpc-proxy. Change bitcoind to serve on 8331 with cookie auth Configure btc-rpc-proxy to serve on 8332 with the previous username and password.
Config to achieve this:
Click to expand/collapse
``` verbose = 4 bitcoind_port = 8330 # change this in bitcoin.conf from 8332 cookie_file = "/mnt/hdd/bitcoin/.cookie" bind_address = "127.0.0.1" bind_port = 8332 [user.raspibolt] password = "PASSWORD_B" allowed_calls = [ "getinfo", "getblock", "getblockchaininfo", "getbestblockhash", "getblockcount", "getblockhash", "getblockheader", "getchaintips", "getdifficulty", "getnetworkinfo", "getmempoolinfo", "getrawmempool", "gettxout", "gettxoutproof", "gettxoutsetinfo", "verifytxoutproof", "createrawtransaction", "decoderawtransaction", "decodescript", "getrawtransaction", "sendrawtransaction", "estimatefee", "estimatepriority", "estimatesmartfee", "estimatesmartpriority" ] ```In case of using btc-rpc-proxy.there is no need to touch the other apps.
Configuring apps to use rpc cookie auth
CLN works ok
LND
lnd on signet is not working with cookie auth, getting (see https://github.com/lightningnetwork/lnd/issues/6613#issuecomment-1445148829):
Mempool
Fulcrum
Electrs
Specter