btcpayserver/lnd
btcpayserver/lnd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adding BtcPayServer related files and resources

Browse Source
This commit is contained in:
rockstardev 2019-11-21 22:21:25 -06:00 committed by rockstardev
parent 59a86b3b54
commit a68e65aa14
No known key found for this signature in database
GPG Key ID: 4F224698945A6EE7
9 changed files with 589 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

107
.circleci/config.yml Normal file
View File

@ -0,0 +1,107 @@
version: 2
jobs:
# publish jobs require $DOCKERHUB_REPO, $DOCKERHUB_USER, $DOCKERHUB_PASS defined
amd64:
machine:
enabled: true
steps:
- checkout
- run:
command: |
LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
#
sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-amd64 -f linuxamd64.Dockerfile .
sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-amd64
arm32:
machine:
enabled: true
steps:
- checkout
- run:
command: |
LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
#
# Make sure the builder is copy the arm emulator
sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset
sudo apt update
sudo apt install -y qemu qemu-user-static qemu-user binfmt-support
sudo cp /usr/bin/qemu-arm-static "qemu-arm-static"
sed -i -e 's/#EnableQEMU //g' "linuxarm32v7.Dockerfile"
sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 -f linuxarm32v7.Dockerfile .
sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-arm32v7
arm64:
machine:
enabled: true
steps:
- checkout
- run:
command: |
LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
#
# Make sure the builder is copy the arm emulator
sudo docker run --rm --privileged multiarch/qemu-user-static:register --reset
sudo apt update
sudo apt install -y qemu qemu-user-static qemu-user binfmt-support
sudo cp /usr/bin/qemu-aarch64-static "qemu-aarch64-static"
sed -i -e 's/#EnableQEMU //g' "linuxarm64v8.Dockerfile"
sudo docker build --pull -t $DOCKERHUB_REPO:$LATEST_TAG-arm64v8 -f linuxarm64v8.Dockerfile .
sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
sudo docker push $DOCKERHUB_REPO:$LATEST_TAG-arm64v8
multiarch:
machine:
enabled: true
image: default
steps:
- run:
command: |
#
sudo docker login --username=$DOCKERHUB_USER --password=$DOCKERHUB_PASS
#
LATEST_TAG=${CIRCLE_TAG:8} #trim "basedon-" from tag
sudo docker manifest create --amend $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-amd64 $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 $DOCKERHUB_REPO:$LATEST_TAG-arm64v8
sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-amd64 --os linux --arch amd64
sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-arm32v7 --os linux --arch arm --variant v7
sudo docker manifest annotate $DOCKERHUB_REPO:$LATEST_TAG $DOCKERHUB_REPO:$LATEST_TAG-arm64v8 --os linux --arch arm64 --variant v8
sudo docker manifest push $DOCKERHUB_REPO:$LATEST_TAG -p
workflows:
version: 2
publish:
jobs:
- amd64:
filters:
# ignore any commit on any branch by default
branches:
ignore: /.*/
# only act on version tags
tags:
only: /basedon-.+/
- arm32:
filters:
branches:
ignore: /.*/
tags:
only: /basedon-.+/
- arm64:
filters:
branches:
ignore: /.*/
tags:
only: /basedon-.+/
- multiarch:
requires:
- amd64
- arm32
- arm64
filters:
branches:
ignore: /.*/
tags:
only: /basedon-.+/

4
.dockerignore Normal file
View File

@ -0,0 +1,4 @@
Dockerfile
linuxamd64.Dockerfile
linuxarm32v7.Dockerfile
.circleci/

4
.gitattributes vendored Normal file
View File

@ -0,0 +1,4 @@
# Declare files that will always have CRLF line endings on checkout.
*.sh text eol=lf
*.go text eol=lf
Makefile text eol=lf

3
Makefile
View File

@ -21,6 +21,9 @@ ANDROID_BUILD := $(ANDROID_BUILD_DIR)/Lndmobile.aar
COMMIT := $(shell git describe --tags --dirty)
COMMIT := $(subst -dirty,-fresh-btcpay,$(COMMIT))
LDFLAGS := -ldflags "-X $(PKG)/build.Commit=$(COMMIT)"
# Determine the minor version of the active Go installation.
ACTIVE_GO_VERSION := $(shell $(GOCC) version | sed -nre 's/^[^0-9]*(([0-9]+\.)*[0-9]+).*/\1/p')
ACTIVE_GO_VERSION_MINOR := $(shell echo $(ACTIVE_GO_VERSION) | cut -d. -f2)

100
docker-entrypoint.sh Executable file
View File

@ -0,0 +1,100 @@
#!/bin/bash
set -e
if [[ "$1" == "lnd" || "$1" == "lncli" ]]; then
mkdir -p "$LND_DATA"
# removing noseedbackup=1 flag, adding it below if needed for legacy
LND_EXTRA_ARGS=${LND_EXTRA_ARGS/noseedbackup=1/}
cat <<-EOF > "$LND_DATA/lnd.conf"
${LND_EXTRA_ARGS}
listen=0.0.0.0:${LND_PORT}
EOF
if [[ "${LND_EXTERNALIP}" ]]; then
echo "externalip=$LND_EXTERNALIP:${LND_PORT}" >> "$LND_DATA/lnd.conf"
fi
if [[ "${LND_ALIAS}" ]]; then
# This allow to strip this parameter if LND_ALIAS is empty or null, and truncate it
LND_ALIAS="$(echo "$LND_ALIAS" | cut -c -32)"
echo "alias=$LND_ALIAS" >> "$LND_DATA/lnd.conf"
echo "alias=$LND_ALIAS added to $LND_DATA/lnd.conf"
fi
if [[ $LND_CHAIN && $LND_ENVIRONMENT ]]; then
echo "LND_CHAIN=$LND_CHAIN"
echo "LND_ENVIRONMENT=$LND_ENVIRONMENT"
NETWORK=""
shopt -s nocasematch
if [[ $LND_CHAIN == "btc" ]]; then
NETWORK="bitcoin"
elif [[ $LND_CHAIN == "ltc" ]]; then
NETWORK="litecoin"
else
echo "Unknown value for LND_CHAIN, expected btc or ltc"
fi
ENV=""
# Make sure we use correct casing for LND_Environment
if [[ $LND_ENVIRONMENT == "mainnet" ]]; then
ENV="mainnet"
elif [[ $LND_ENVIRONMENT == "testnet" ]]; then
ENV="testnet"
elif [[ $LND_ENVIRONMENT == "signet" ]]; then
ENV="signet"
elif [[ $LND_ENVIRONMENT == "regtest" ]]; then
ENV="regtest"
else
echo "Unknown value for LND_ENVIRONMENT, expected mainnet, testnet, signet or regtest"
fi
shopt -u nocasematch
if [[ $ENV && $NETWORK ]]; then
echo "
$NETWORK.active=1
$NETWORK.$ENV=1
" >> "$LND_DATA/lnd.conf"
echo "Added $NETWORK.active and $NETWORK.$ENV to config file $LND_DATA/lnd.conf"
else
echo "LND_CHAIN or LND_ENVIRONMENT is not set correctly"
fi
fi
if [[ "${LND_READY_FILE}" ]]; then
echo "Waiting $LND_READY_FILE to be created..."
while [ ! -f "$LND_READY_FILE" ]; do sleep 1; done
echo "The chain is fully synched"
fi
if [[ "${LND_HIDDENSERVICE_HOSTNAME_FILE}" ]]; then
echo "Waiting $LND_HIDDENSERVICE_HOSTNAME_FILE to be created by tor..."
while [ ! -f "$LND_HIDDENSERVICE_HOSTNAME_FILE" ]; do sleep 1; done
HIDDENSERVICE_ONION="$(head -n 1 "$LND_HIDDENSERVICE_HOSTNAME_FILE"):${LND_PORT}"
echo "externalip=$HIDDENSERVICE_ONION" >> "$LND_DATA/lnd.conf"
echo "externalip=$HIDDENSERVICE_ONION added to $LND_DATA/lnd.conf"
fi
# if it is legacy installation, then trigger warning and add noseedbackup=1 to config if needed
WALLET_FILE="$LND_DATA/data/chain/$NETWORK/$ENV/wallet.db"
LNDUNLOCK_FILE=${WALLET_FILE/wallet.db/walletunlock.json}
if [ -f "$WALLET_FILE" -a ! -f "$LNDUNLOCK_FILE" ]; then
echo "[lnd_unlock_entrypoint] WARNING: UNLOCK FILE DOESN'T EXIST! MIGRATE LEGACY INSTALLATION TO NEW VERSION ASAP"
echo "noseedbackup=1" >> "$LND_DATA/lnd.conf"
fi
# hit up the auto initializer and unlocker on separate process to do it's work
./docker-initunlocklnd.sh $NETWORK $ENV &
ln -sfn "$LND_DATA" /root/.lnd
ln -sfn "$LND_BITCOIND" /root/.bitcoin
ln -sfn "$LND_LITECOIND" /root/.litecoin
ln -sfn "$LND_BTCD" /root/.btcd
exec "$@"
else
exec "$@"
fi

128
docker-initunlocklnd.sh Executable file
View File

@ -0,0 +1,128 @@
#!/bin/bash
set -e
echo "[initunlocklnd] Waiting 2 seconds for lnd..."
sleep 2
# ensure that lnd is up and running before proceeding
while
CA_CERT="$LND_DATA/tls.cert"
LND_WALLET_DIR="$LND_DATA/data/chain/$1/$2/"
MACAROON_FILE="$LND_DATA/admin.macaroon"
MACAROON_HEADER="r0ckstar:dev"
if [ -f "$MACAROON_FILE" ]; then
MACAROON_HEADER="Grpc-Metadata-macaroon:$(xxd -p -c 10000 "$MACAROON_FILE" | tr -d ' ')"
fi
STATUS_CODE=$(curl -s --cacert "$CA_CERT" -H $MACAROON_HEADER -o /dev/null -w "%{http_code}" $LND_REST_LISTEN_HOST/v1/getinfo)
# if lnd is running it'll either return 200 if unlocked (noseedbackup=1) or 404 if it needs initialization/unlock
if [ "$STATUS_CODE" == "200" ] || [ "$STATUS_CODE" == "404" ] ; then
break
# or 500 from version 0.13.1 onwards because it breaks with `wallet not created, create one to enable full RPC access` error
elif [ "$STATUS_CODE" == "500" ] ; then
STATUS_CODE=$(curl -s --cacert "$CA_CERT" -H $MACAROON_HEADER $LND_REST_LISTEN_HOST/v1/state)
if [ "$STATUS_CODE" == "{\"state\":\"NON_EXISTING\"}" ] || [ "$STATUS_CODE" == "{\"state\":\"LOCKED\"}" ] ; then
break # wallet ready to be either created or unlocked
fi
# for {\"state\":\"UNLOCKED\"}" we will depend on that previous condition with STATUS_CODE 200 or 404
# because even though wallet is unlocked, /v1/getinfo will still keep returning 500 until it's ready
echo "[initunlocklnd] Still waiting on LND, got response for wallet status: $STATUS_CODE ... waiting another 2 seconds..."
sleep 2
else
echo "[initunlocklnd] LND still didn't start, got $STATUS_CODE status code back... waiting another 2 seconds..."
sleep 2
fi
do true; done
# read variables after we ensured that lnd is up
CA_CERT="$LND_DATA/tls.cert"
LND_WALLET_DIR="$LND_DATA/data/chain/$1/$2/"
MACAROON_FILE="$LND_DATA/admin.macaroon"
MACAROON_HEADER="r0ckstar:dev"
if [ -f "$MACAROON_FILE" ]; then
MACAROON_HEADER="Grpc-Metadata-macaroon:$(xxd -p -c 10000 "$MACAROON_FILE" | tr -d ' ')"
fi
WALLET_FILE="$LND_WALLET_DIR/wallet.db"
LNDUNLOCK_FILE=${WALLET_FILE/wallet.db/walletunlock.json}
if [ -f "$WALLET_FILE" ]; then
if [ ! -f "$LNDUNLOCK_FILE" ]; then
echo "[initunlocklnd] WARNING: UNLOCK FILE DOESN'T EXIST! MIGRATE LEGACY INSTALLATION TO NEW VERSION ASAP"
else
echo "[initunlocklnd] Wallet and Unlock files are present... parsing wallet password and unlocking lnd"
# parse wallet password from unlock file
WALLETPASS=$(jq -c -r '.wallet_password' $LNDUNLOCK_FILE)
# Nicolas deleted default password in some wallet unlock files, so we initializing default if password is empty
[ "$WALLETPASS" == "" ] && WALLETPASS="hellorockstar"
# Corrected password (removing newlines before encoding).
# previous versions will have a default wallet password including a line feed at the end "hellorockstar\n"
# line feed hex code 0x0A. So we first try the password without the line feed if it fails we try it with
# the older version.
WALLETPASS_BASE64=$(echo $WALLETPASS | tr -d '\n\r' | base64)
response=$(curl -s --cacert "$CA_CERT" -X POST -H "$MACAROON_HEADER" \
-d '{ "wallet_password":"'$WALLETPASS_BASE64'" }' $LND_REST_LISTEN_HOST/v1/unlockwallet)
# Check for failure (e.g., incorrect password)
if [[ "$response" == *"invalid"* ]]; then
# If it fails, try the original password with linefeed
WALLETPASS_BASE64_CURRENT=$(echo $WALLETPASS | base64)
# Now we change the password so that the line feed is removed.
# The correct password is already written to the unlock file so we don't need
# to change that. Moreover the changepassword call will change + unlock the wallet
# there is no need to call unlockwallet after this call.
change_password_response=$(curl -s --cacert "$CA_CERT" -X POST -H "$MACAROON_HEADER" \
-d '{ "current_password":"'$WALLETPASS_BASE64_CURRENT'", "new_password":"'$WALLETPASS_BASE64'" }' \
$LND_REST_LISTEN_HOST/v1/changepassword)
# make sure the log end with a newline.
echo -n "[initunlocklnd] Changed wallet password removing the \"line feed\" character at the end. "
echo "The password can be found in $LNDUNLOCK_FILE"
else
echo "[initunlocklnd] Wallet unlocking failed, lnd returned: $response"
exit 1
fi
fi
else
echo "[initunlocklnd] Wallet file doesn't exist. Initializing LND instance with new autogenerated password and seed"
# generate seed mnemonic
GENSEED_RESP=$(curl -s --cacert "$CA_CERT" -X GET -H $MACAROON_HEADER $LND_REST_LISTEN_HOST/v1/genseed)
CIPHER_ARRAY_EXTRACTED=$(echo $GENSEED_RESP | jq -c -r '.cipher_seed_mnemonic')
# using static default password per feedback, randomly generated password would still be stored in cleartext
WALLETPASS="hellorockstar"
# save all the the data to unlock file we'll use for future unlocks
RESULTJSON='{"wallet_password":"'$WALLETPASS'", "cipher_seed_mnemonic":'$CIPHER_ARRAY_EXTRACTED'}'
mkdir -p $LND_WALLET_DIR
echo $RESULTJSON > $LNDUNLOCK_FILE
# previous versions will have a default wallet password including a line feed at the end "hellorockstar\n"
# line feed hex code 0x0A.
WALLETPASS_BASE64=$(echo $WALLETPASS | tr -d '\n\r' | base64)
INITWALLET_REQ='{"wallet_password":"'$WALLETPASS_BASE64'", "cipher_seed_mnemonic":'$CIPHER_ARRAY_EXTRACTED'}'
# execute initwallet call
curl -s --cacert "$CA_CERT" -X POST -H "$MACAROON_HEADER" -d "$INITWALLET_REQ" $LND_REST_LISTEN_HOST/v1/initwallet
fi
# LND unlocked, now run Loop
if [ ! -z "$LND_HOST_FOR_LOOP" ]; then
echo "[initunlocklnd] Preparing to start Loop"
if [ $LND_ENVIRONMENT == "regtest" ] || [ $LND_ENVIRONMENT == "signet" ]; then
echo "[initunlocklnd] Loop can't be started for regtest and signet"
elif [ -f "$MACAROON_FILE" ]; then
sleep 10
echo "[initunlocklnd] Starting Loop"
./bin/loopd --network=$2 --lnd.macaroonpath=$MACAROON_FILE --lnd.host=$LND_HOST_FOR_LOOP --restlisten=0.0.0.0:8081 &
else
echo "[initunlocklnd] Loop can't be started without MACAROON"
fi
fi

81
linuxamd64.Dockerfile Normal file
View File

@ -0,0 +1,81 @@
FROM golang:1.23.9-alpine as builder
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
# queries required to connect to linked containers succeed.
ENV GODEBUG netdns=cgo
# Install dependencies and build the binaries.
RUN apk add --no-cache --update alpine-sdk \
git \
make \
gcc
WORKDIR /go/src/github.com/lightningnetwork/lnd
COPY . .
RUN make \
&& make install tags="signrpc walletrpc chainrpc invoicesrpc routerrpc watchtowerrpc"
# Build loop binary
RUN git clone --depth 1 --branch v0.29.0-beta https://github.com/lightninglabs/loop.git /go/src/github.com/lightninglabs/loop
WORKDIR /go/src/github.com/lightninglabs/loop/cmd
RUN go install ./...
# eof
# Start a new, final image.
FROM alpine:3.17.3 as final
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
# queries required to connect to linked containers succeed.
ENV GODEBUG netdns=cgo
# Add bash and ca-certs, for quality of life and SSL-related reasons.
RUN apk --no-cache add \
bash \
tini \
ca-certificates
ENV LND_DATA /data
ENV LND_BITCOIND /deps/.bitcoin
ENV LND_LITECOIND /deps/.litecoin
ENV LND_BTCD /deps/.btcd
ENV LND_PORT 9735
RUN mkdir "$LND_DATA" && \
mkdir "/deps" && \
mkdir "$LND_BITCOIND" && \
mkdir "$LND_LITECOIND" && \
mkdir "$LND_BTCD" && \
ln -sfn "$LND_DATA" /root/.lnd && \
ln -sfn "$LND_BITCOIND" /root/.bitcoin && \
ln -sfn "$LND_LITECOIND" /root/.litecoin && \
ln -sfn "$LND_BTCD" /root/.btcd
# Define a root volume for data persistence.
VOLUME /data
# Copy the binaries from the builder image.
# lnd
COPY --from=builder /go/bin/lncli /bin/
COPY --from=builder /go/bin/lnd /bin/
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/verify-install.sh /
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/keys/* /keys/
# loop
COPY --from=builder /go/bin/loopd /bin/
COPY --from=builder /go/bin/loop /bin/
COPY docker-entrypoint.sh /docker-entrypoint.sh
# Copy script for automatic init and unlock of lnd, need jq for parsing JSON and curl for LND Rest
RUN apk --no-cache add jq curl
COPY docker-initunlocklnd.sh /docker-initunlocklnd.sh
# Specify the start command and entrypoint as the lnd daemon.
EXPOSE 9735
ENTRYPOINT [ "/sbin/tini", "-g", "--", "/docker-entrypoint.sh" ]
CMD [ "lnd" ]

81
linuxarm32v7.Dockerfile Normal file
View File

@ -0,0 +1,81 @@
FROM golang:1.23.9-bullseye as builder
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
# queries required to connect to linked containers succeed.
ENV GODEBUG netdns=cgo
# Install dependencies and build the binaries.
RUN apt-get -y update && apt-get -y install git make wget \
&& apt-get install -qq --no-install-recommends qemu qemu-user-static qemu-user binfmt-support
RUN wget -qO /opt/tini "https://github.com/krallin/tini/releases/download/v0.18.0/tini-armhf" \
&& echo "01b54b934d5f5deb32aa4eb4b0f71d0e76324f4f0237cc262d59376bf2bdc269 /opt/tini" | sha256sum -c - \
&& chmod +x /opt/tini
ENV GOARM=7 GOARCH=arm
WORKDIR /go/src/github.com/lightningnetwork/lnd
COPY . .
RUN make \
&& make install tags="signrpc walletrpc chainrpc invoicesrpc routerrpc watchtowerrpc"
# Build loop binary
RUN git clone --depth 1 --branch v0.29.0-beta https://github.com/lightninglabs/loop.git /go/src/github.com/lightninglabs/loop
WORKDIR /go/src/github.com/lightninglabs/loop/cmd
RUN go install ./...
# eof
# Force the builder machine to take make an arm runtime image. This is fine as long as the builder does not run any program
FROM --platform=linux/arm/v7 arm32v7/debian:bullseye-slim as final
COPY --from=builder /opt/tini /usr/bin/tini
COPY --from=builder /usr/bin/qemu-arm-static /usr/bin/qemu-arm-static
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
# queries required to connect to linked containers succeed.
ENV GODEBUG netdns=cgo
# Add bash and ca-certs, for quality of life and SSL-related reasons.
RUN apt-get -y update && apt-get install -y bash ca-certificates && rm -rf /var/lib/apt/lists/*
ENV LND_DATA /data
ENV LND_BITCOIND /deps/.bitcoin
ENV LND_LITECOIND /deps/.litecoin
ENV LND_BTCD /deps/.btcd
ENV LND_PORT 9735
RUN mkdir "$LND_DATA" && \
mkdir "/deps" && \
mkdir "$LND_BITCOIND" && \
mkdir "$LND_LITECOIND" && \
mkdir "$LND_BTCD" && \
ln -sfn "$LND_DATA" /root/.lnd && \
ln -sfn "$LND_BITCOIND" /root/.bitcoin && \
ln -sfn "$LND_LITECOIND" /root/.litecoin && \
ln -sfn "$LND_BTCD" /root/.btcd
# Define a root volume for data persistence.
VOLUME /data
# Copy the binaries from the builder image.
# lnd
COPY --from=builder /go/bin/linux_arm/lncli /bin/
COPY --from=builder /go/bin/linux_arm/lnd /bin/
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/verify-install.sh /
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/keys/* /keys/
# loop
COPY --from=builder /go/bin/linux_arm/loopd /bin/
COPY --from=builder /go/bin/linux_arm/loop /bin/
COPY docker-entrypoint.sh /docker-entrypoint.sh
# Copy script for automatic init and unlock of lnd, need jq for parsing JSON and curl for LND Rest
RUN apt-get -y update && apt-get -y install jq curl xxd && rm -rf /var/lib/apt/lists/*
COPY docker-initunlocklnd.sh /docker-initunlocklnd.sh
# Specify the start command and entrypoint as the lnd daemon.
EXPOSE 9735
ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/docker-entrypoint.sh" ]
CMD [ "lnd" ]

81
linuxarm64v8.Dockerfile Normal file
View File

@ -0,0 +1,81 @@
FROM golang:1.23.9-bullseye as builder
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
# queries required to connect to linked containers succeed.
ENV GODEBUG netdns=cgo
# Install dependencies and build the binaries.
RUN apt-get -y update && apt-get -y install git make wget \
&& apt-get install -qq --no-install-recommends qemu qemu-user-static qemu-user binfmt-support
RUN wget -qO /opt/tini "https://github.com/krallin/tini/releases/download/v0.18.0/tini-arm64" \
&& echo "7c5463f55393985ee22357d976758aaaecd08defb3c5294d353732018169b019 /opt/tini" | sha256sum -c - \
&& chmod +x /opt/tini
ENV GOARCH=arm64
WORKDIR /go/src/github.com/lightningnetwork/lnd
COPY . .
RUN make -d \
&& make install tags="signrpc walletrpc chainrpc invoicesrpc routerrpc watchtowerrpc"
# Build loop binary
RUN git clone --depth 1 --branch v0.29.0-beta https://github.com/lightninglabs/loop.git /go/src/github.com/lightninglabs/loop
WORKDIR /go/src/github.com/lightninglabs/loop/cmd
RUN go install ./...
# eof
# Force the builder machine to take make an arm runtime image. This is fine as long as the builder does not run any program
FROM --platform=linux/arm64 arm64v8/debian:bullseye-slim as final
COPY --from=builder /opt/tini /usr/bin/tini
COPY --from=builder /usr/bin/qemu-aarch64-static /usr/bin/qemu-aarch64-static
# Force Go to use the cgo based DNS resolver. This is required to ensure DNS
# queries required to connect to linked containers succeed.
ENV GODEBUG netdns=cgo
# Add bash and ca-certs, for quality of life and SSL-related reasons.
RUN apt-get -y update && apt-get install -y bash ca-certificates && rm -rf /var/lib/apt/lists/*
ENV LND_DATA /data
ENV LND_BITCOIND /deps/.bitcoin
ENV LND_LITECOIND /deps/.litecoin
ENV LND_BTCD /deps/.btcd
ENV LND_PORT 9735
RUN mkdir "$LND_DATA" && \
mkdir "/deps" && \
mkdir "$LND_BITCOIND" && \
mkdir "$LND_LITECOIND" && \
mkdir "$LND_BTCD" && \
ln -sfn "$LND_DATA" /root/.lnd && \
ln -sfn "$LND_BITCOIND" /root/.bitcoin && \
ln -sfn "$LND_LITECOIND" /root/.litecoin && \
ln -sfn "$LND_BTCD" /root/.btcd
# Define a root volume for data persistence.
VOLUME /data
# Copy the binaries from the builder image.
# lnd
COPY --from=builder /go/bin/linux_arm64/lncli /bin/
COPY --from=builder /go/bin/linux_arm64/lnd /bin/
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/verify-install.sh /
COPY --from=builder /go/src/github.com/lightningnetwork/lnd/scripts/keys/* /keys/
# loop
COPY --from=builder /go/bin/linux_arm64/loopd /bin/
COPY --from=builder /go/bin/linux_arm64/loop /bin/
COPY docker-entrypoint.sh /docker-entrypoint.sh
# Copy script for automatic init and unlock of lnd, need jq for parsing JSON and curl for LND Rest
RUN apt-get -y update && apt-get -y install jq curl xxd && rm -rf /var/lib/apt/lists/*
COPY docker-initunlocklnd.sh /docker-initunlocklnd.sh
# Specify the start command and entrypoint as the lnd daemon.
EXPOSE 9735
ENTRYPOINT [ "/usr/bin/tini", "-g", "--", "/docker-entrypoint.sh" ]
CMD [ "lnd" ]