cleanup sudo, chmod secrets, dont overwrite units

2025-08-29 14:46:45 -04:00 · 2025-08-29 14:46:45 -04:00 · 5845e8ff61
commit 5845e8ff61
parent d896c56b8e
6 changed files with 39 additions and 83 deletions
--- a/scripts/extract_nprofile.sh
+++ b/scripts/extract_nprofile.sh
@ -1,13 +1,8 @@
 #!/bin/bash

 get_log_info() {
-  if [ "$EUID" -eq 0 ]; then
-    USER_HOME=$(getent passwd ${SUDO_USER} | cut -d: -f6)
-    USER_NAME=$SUDO_USER
-  else
  USER_HOME=$HOME
  USER_NAME=$(whoami)
-  fi

  LOG_DIR="$USER_HOME/lightning_pub/logs"
  DATA_DIR="$USER_HOME/lightning_pub/"
@ -44,6 +39,7 @@ get_log_info() {
    exit 1
  fi

+  # TODO: This wallet status polling is temporary; move to querying via the management port eventually.
  # Now that we have the correct log file, wait for the wallet status message
  START_TIME=$(date +%s)
  while [ $(($(date +%s) - START_TIME)) -lt $MAX_WAIT_TIME ]; do
--- a/scripts/install.sh
+++ b/scripts/install.sh
@ -34,10 +34,10 @@ log_error() {

 modules=(
  "utils"
-  "check_homebrew"
-  "install_rsync_mac"
-  "create_launchd_plist"
-  "start_services_mac"
+  "check_homebrew"  # NOTE: Used for macOS, which is untested/unsupported
+  "install_rsync_mac"  # NOTE: Used for macOS, which is untested/unsupported
+  "create_launchd_plist"  # NOTE: Used for macOS, which is untested/unsupported
+  "start_services_mac"  # NOTE: Used for macOS, which is untested/unsupported
  "install_lnd"
  "install_nodejs"
  "install_lightning_pub"
--- a/scripts/install_lightning_pub.sh
+++ b/scripts/install_lightning_pub.sh
@ -9,13 +9,8 @@ install_lightning_pub() {
    return 1
  fi

-  if [ "$EUID" -eq 0 ]; then
-    USER_HOME=$(getent passwd ${SUDO_USER} | cut -d: -f6)
-    USER_NAME=$SUDO_USER
-  else
  USER_HOME=$HOME
  USER_NAME=$(whoami)
-  fi
  
  wget -q $REPO_URL -O $USER_HOME/lightning_pub.tar.gz > /dev/null 2>&1 || {
    log "${PRIMARY_COLOR}Failed to download Lightning.Pub.${RESET_COLOR}"
@ -77,6 +72,8 @@ install_lightning_pub() {
    log "Restoring user data..."
    if [ -n "$(ls -A "$BACKUP_DIR" 2>/dev/null)" ]; then
      cp -r "$BACKUP_DIR"/* "$USER_HOME/lightning_pub/"
+      chmod 600 "$USER_HOME/lightning_pub/.jwt_secret" 2>/dev/null || true
+      chmod 600 "$USER_HOME/lightning_pub/.wallet_secret" 2>/dev/null || true
    fi
    rm -rf "$BACKUP_DIR"

@ -118,7 +115,11 @@ install_lightning_pub() {
  # Store the commit hash for future update checks
  # Note: LATEST_COMMIT will be empty on a fresh install, which is fine.
  # The file will be created, and the next run will be an upgrade.
+  if [ -n "$LATEST_COMMIT" ]; then
    echo "$LATEST_COMMIT" > "$USER_HOME/lightning_pub/.installed_commit"
+  else
+    touch "$USER_HOME/lightning_pub/.installed_commit"
+  fi
  
  return $upgrade_status 
 }
--- a/scripts/install_lnd.sh
+++ b/scripts/install_lnd.sh
@ -5,13 +5,8 @@ install_lnd() {

  log "Starting LND installation/check process..."

-  if [ "$EUID" -eq 0 ]; then
-    USER_HOME=$(getent passwd ${SUDO_USER} | cut -d: -f6)
-    USER_NAME=$SUDO_USER
-  else
  USER_HOME=$HOME
  USER_NAME=$(whoami)
-  fi

  log "Checking latest LND version..."
  LND_VERSION=$(wget -qO- https://api.github.com/repos/lightningnetwork/lnd/releases/latest | grep -oP '"tag_name": "\K(.*)(?=")')
@ -104,6 +99,7 @@ bitcoin.node=neutrino
 neutrino.addpeer=neutrino.shock.network
 fee.url=https://nodes.lightning.computer/fees/v1/btc-fee-estimates.json
 EOF
+      chmod 600 $USER_HOME/.lnd/lnd.conf
    fi

    log "${SECONDARY_COLOR}LND${RESET_COLOR} installation and configuration completed."
--- a/scripts/install_nodejs.sh
+++ b/scripts/install_nodejs.sh
@ -1,13 +1,8 @@
 #!/bin/bash

 install_nodejs() {
-  if [ "$EUID" -eq 0 ] && [ -n "$SUDO_USER" ]; then
-    USER_HOME=$(getent passwd ${SUDO_USER} | cut -d: -f6)
-    USER_NAME=${SUDO_USER}
-  else
  USER_HOME=$HOME
  USER_NAME=$(whoami)
-  fi

  export NVM_DIR="$USER_HOME/.nvm"
  log "${PRIMARY_COLOR}Checking${RESET_COLOR} for Node.js..."
--- a/scripts/start_services.sh
+++ b/scripts/start_services.sh
@ -4,13 +4,8 @@ start_services() {
  LND_STATUS=$1
  PUB_UPGRADE=$2

-  if [ "$EUID" -eq 0 ]; then
-    USER_HOME=$(getent passwd ${SUDO_USER} | cut -d: -f6)
-    USER_NAME=$SUDO_USER
-  else
  USER_HOME=$HOME
  USER_NAME=$(whoami)
-  fi

  # Ensure NVM_DIR is set
  if [ -z "$NVM_DIR" ]; then
@ -20,34 +15,23 @@ start_services() {
  if [ "$OS" = "Linux" ]; then
    if [ "$SYSTEMCTL_AVAILABLE" = true ]; then
      mkdir -p "$USER_HOME/.config/systemd/user"
-      cat > "$USER_HOME/.config/systemd/user/lnd.service" <<EOF
-[Unit]
-Description=LND Service
-After=network.target
-
-[Service]
-ExecStart=${USER_HOME}/lnd/lnd
-Restart=always
-
-[Install]
-WantedBy=default.target
-EOF
-
-      cat > "$USER_HOME/.config/systemd/user/lightning_pub.service" <<EOF
-[Unit]
-Description=Lightning.Pub Service
-After=network.target
-
-[Service]
-ExecStart=/bin/bash -c 'source ${NVM_DIR}/nvm.sh && npm start'
-WorkingDirectory=${USER_HOME}/lightning_pub
-Restart=always
-
-[Install]
-WantedBy=default.target
-EOF

+      # Check and create lnd.service if needed
+      LND_UNIT="$USER_HOME/.config/systemd/user/lnd.service"
+      NEW_LND_CONTENT="[Unit]\nDescription=LND Service\nAfter=network.target\n\n[Service]\nExecStart=${USER_HOME}/lnd/lnd\nRestart=always\n\n[Install]\nWantedBy=default.target"
+      if [ ! -f "$LND_UNIT" ] || [ "$(cat "$LND_UNIT")" != "$NEW_LND_CONTENT" ]; then
+        echo -e "$NEW_LND_CONTENT" > "$LND_UNIT"
        systemctl --user daemon-reload
+      fi
+
+      # Check and create lightning_pub.service if needed
+      PUB_UNIT="$USER_HOME/.config/systemd/user/lightning_pub.service"
+      NEW_PUB_CONTENT="[Unit]\nDescription=Lightning.Pub Service\nAfter=network.target\n\n[Service]\nExecStart=/bin/bash -c 'source ${NVM_DIR}/nvm.sh && npm start'\nWorkingDirectory=${USER_HOME}/lightning_pub\nRestart=always\n\n[Install]\nWantedBy=default.target"
+      if [ ! -f "$PUB_UNIT" ] || [ "$(cat "$PUB_UNIT")" != "$NEW_PUB_CONTENT" ]; then
+        echo -e "$NEW_PUB_CONTENT" > "$PUB_UNIT"
+        systemctl --user daemon-reload
+      fi
+
      systemctl --user enable lnd >/dev/null 2>&1
      systemctl --user enable lightning_pub >/dev/null 2>&1

@ -90,30 +74,14 @@ EOF
      fi

    else
-      create_start_script
-      log "systemctl not available. Created start.sh. Please use this script to start the services manually."
+      log "systemctl not available. Please start the services manually (e.g., run lnd and npm start in separate terminals)."
    fi
  elif [ "$OS" = "Mac" ]; then
+    # NOTE: macOS support is untested and unsupported. Use at your own risk.
    log "macOS detected. Please configure launchd manually to start ${SECONDARY_COLOR}LND${RESET_COLOR} and ${SECONDARY_COLOR}Lightning.Pub${RESET_COLOR} at startup."
-    create_start_script
  elif [ "$OS" = "Cygwin" ] || [ "$OS" = "MinGw" ]; then
    log "Windows detected. Please configure your startup scripts manually to start ${SECONDARY_COLOR}LND${RESET_COLOR} and ${SECONDARY_COLOR}Lightning.Pub${RESET_COLOR} at startup."
-    create_start_script
  else
    log "Unsupported OS detected. Please configure your startup scripts manually."
-    create_start_script
  fi
 }
-
-create_start_script() {
-  cat <<EOF > start.sh
-#!/bin/bash
-${USER_HOME}/lnd/lnd &
-LND_PID=\$!
-sleep 10
-npm start &
-NODE_PID=\$!
-wait \$LND_PID \$NODE_PID
-EOF
-  chmod +x start.sh
-}