From b6e0e5ac4d34f973c09fa0fdf0337bc86137fdba Mon Sep 17 00:00:00 2001
From: Derek Smith <derek@farscapian.com>
Date: Thu, 2 Mar 2023 09:46:17 -0500
Subject: [PATCH] Working on Dockerd

---
 defaults.sh                                  |  6 +-
 deployment/btcpayserver/.gitignore           |  1 +
 deployment/btcpayserver/backup_btcpay.sh     |  2 +-
 deployment/btcpayserver/go.sh                | 12 +++-
 deployment/btcpayserver/stub_btcpay_setup.sh | 21 +++++-
 deployment/cluster.sh                        | 30 +++-----
 deployment/cluster_env.sh                    | 13 +++-
 deployment/deploy.sh                         | 50 ++++++--------
 deployment/deploy_vms.sh                     | 13 +---
 deployment/destroy.sh                        | 10 ++-
 deployment/reset.sh                          | 72 +++++++++-----------
 deployment/stub_lxc_profile.sh               |  7 +-
 deployment/www/deploy_clams.sh               | 23 +++++++
 deployment/www/go.sh                         |  2 +-
 deployment/www/stub/nginx_config.sh          |  2 +-
 install.sh                                   | 19 +++---
 manage.sh                                    |  5 +-
 management/bashrc                            |  2 +-
 temp/core-lightning/Dockerfile               |  3 +
 uninstall.sh                                 | 53 ++++++++------
 20 files changed, 201 insertions(+), 145 deletions(-)
 create mode 100644 deployment/btcpayserver/.gitignore
 create mode 100755 deployment/www/deploy_clams.sh
 create mode 100644 temp/core-lightning/Dockerfile

diff --git a/defaults.sh b/defaults.sh
index 296d448..f6ddc3a 100755
--- a/defaults.sh
+++ b/defaults.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -ex
+set -e
 
 export DEPLOY_WWW_SERVER=false
 export DEPLOY_GHOST=false
@@ -89,7 +89,7 @@ export UBUNTU_BASE_IMAGE_NAME="ss-ubuntu-${LXD_UBUNTU_BASE_VERSION//./-}"
 export DEPLOY_MGMT_REGISTRY=false
 export OTHER_SITES_LIST=
 export BTCPAY_ALT_NAMES=
-
+export BITCOIN_CHAIN=regtest
 export REMOTE_HOME="/home/ubuntu"
 
 export BTCPAY_SERVER_APPPATH="$REMOTE_HOME/btcpayserver-docker"
@@ -98,4 +98,4 @@ export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
 # this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
 export ROOT_DISK_SIZE_GB=20
 export REGISTRY_URL="https://index.docker.io/v1/"
-export PRIMARY_DOMAIN=
\ No newline at end of file
+export PRIMARY_DOMAIN=
diff --git a/deployment/btcpayserver/.gitignore b/deployment/btcpayserver/.gitignore
new file mode 100644
index 0000000..26e8e7b
--- /dev/null
+++ b/deployment/btcpayserver/.gitignore
@@ -0,0 +1 @@
+core-lightning
\ No newline at end of file
diff --git a/deployment/btcpayserver/backup_btcpay.sh b/deployment/btcpayserver/backup_btcpay.sh
index 342a519..a4cf276 100755
--- a/deployment/btcpayserver/backup_btcpay.sh
+++ b/deployment/btcpayserver/backup_btcpay.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -e
+set -ex
 cd "$(dirname "$0")"
 
 # take the services down, create a backup archive, then pull it down.
diff --git a/deployment/btcpayserver/go.sh b/deployment/btcpayserver/go.sh
index f4a2051..e027189 100755
--- a/deployment/btcpayserver/go.sh
+++ b/deployment/btcpayserver/go.sh
@@ -5,6 +5,15 @@ cd "$(dirname "$0")"
 
 export DOCKER_HOST="ssh://ubuntu@$BTCPAY_FQDN"
 
+docker pull btcpayserver/lightning:v22.11.1
+docker build -t clightning:latest ./core-lightning
+
+# run the btcpay setup script if it hasn't been done before.
+if [ "$(ssh "$BTCPAY_FQDN" [[ ! -f "$REMOTE_HOME/btcpay.complete" ]]; echo $?)" -eq 0 ]; then
+    ./stub_btcpay_setup.sh
+    BACKUP_BTCPAY=false
+fi
+
 RUN_SERVICES=true
 
 # we will re-run the btcpayserver provisioning scripts if directed to do so.
@@ -34,6 +43,7 @@ elif [ "$RECONFIGURE_BTCPAY_SERVER" == true ]; then
     ./stub_btcpay_setup.sh
 
     RUN_SERVICES=true
+    BACKUP_BTCPAY=false
 fi
 
 # if the script gets this far, then we grab a regular backup.
@@ -48,4 +58,4 @@ if [ "$RUN_SERVICES" = true ] && [ "$STOP_SERVICES" = false ]; then
     ssh "$FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-up.sh"
 fi
 
-echo "FINISHED btcpayserver/go.sh"
\ No newline at end of file
+echo "FINISHED btcpayserver/go.sh"
diff --git a/deployment/btcpayserver/stub_btcpay_setup.sh b/deployment/btcpayserver/stub_btcpay_setup.sh
index 0adcefb..acf1105 100755
--- a/deployment/btcpayserver/stub_btcpay_setup.sh
+++ b/deployment/btcpayserver/stub_btcpay_setup.sh
@@ -3,12 +3,26 @@
 set -e
 cd "$(dirname "$0")"
 
+# default is for regtest
+CLIGHTNING_WEBSOCKET_PORT=9736
+if [ "$BITCOIN_CHAIN" = testnet ]; then
+    CLIGHTNING_WEBSOCKET_PORT=9737
+elif [ "$BITCOIN_CHAIN" = mainnet ]; then
+    CLIGHTNING_WEBSOCKET_PORT=9738
+fi
+
+export CLIGHTNING_WEBSOCKET_PORT="$CLIGHTNING_WEBSOCKET_PORT"
+
 # export BTCPAY_FASTSYNC_ARCHIVE_FILENAME="utxo-snapshot-bitcoin-testnet-1445586.tar"
 # BTCPAY_REMOTE_RESTORE_PATH="/var/lib/docker/volumes/generated_bitcoin_datadir/_data"
 
 # This is the config for a basic proxy to the listening port 127.0.0.1:2368
 # It also supports modern TLS, so SSL certs must be available.
 #opt-add-nostr-relay;
+
+export BTCPAYSERVER_GITREPO="https://github.com/farscapian/btcpayserver-docker"
+#https://github.com/btcpayserver/btcpayserver-docker
+
 cat > "$SITE_PATH/btcpay.sh" <<EOL
 #!/bin/bash
 
@@ -22,7 +36,7 @@ done
 
 if [ ! -d "btcpayserver-docker" ]; then 
     echo "cloning btcpayserver-docker"; 
-    git clone -b master https://github.com/btcpayserver/btcpayserver-docker btcpayserver-docker;
+    git clone -b master ${BTCPAYSERVER_GITREPO} btcpayserver-docker;
     git config --global --add safe.directory /home/ubuntu/btcpayserver-docker
 else
     cd ./btcpayserver-docker
@@ -67,6 +81,11 @@ services:
     environment:
       LIGHTNINGD_OPT: |
         announce-addr-dns=true
+        experimental-websocket-port=9736
+    ports:
+      - "${CLIGHTNING_WEBSOCKET_PORT}:9736"
+    expose:
+      - "9736"
 
 EOF
 
diff --git a/deployment/cluster.sh b/deployment/cluster.sh
index c7ff9aa..8edf5b1 100755
--- a/deployment/cluster.sh
+++ b/deployment/cluster.sh
@@ -8,12 +8,13 @@ cd "$(dirname "$0")"
 # to use LXD.
 
 DATA_PLANE_MACVLAN_INTERFACE=
-DISK_TO_USE=loop
+DISK_TO_USE=
 
 # override the cluster name.
 CLUSTER_NAME="${1:-}"
 if [ -z "$CLUSTER_NAME" ]; then
-    echo "ERROR: The cluster name was not provided."
+    echo "ERROR: The cluster name was not provided. Syntax is: 'ss-cluster CLUSTER_NAME SSH_HOST_FQDN'"
+    echo "  for example: 'ss-cluster dev clusterhost01.domain.tld"
     exit 1
 fi
 
@@ -34,6 +35,7 @@ if [ ! -f "$CLUSTER_DEFINITION" ]; then
 
 export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
 export BITCOIN_CHAIN="regtest"
+export PROJECT_PREFIX="dev"
 #export REGISTRY_URL="https://index.docker.io/v1/"
 
 EOL
@@ -147,10 +149,6 @@ if ! command -v lxc >/dev/null 2>&1; then
         sleep 1
     fi
 
-    if lxc network list --format csv | grep -q lxdbr1; then
-        lxc network delete lxdbr1
-        sleep 1
-    fi
 fi
 
 ssh -t "ubuntu@$FQDN" "
@@ -172,6 +170,9 @@ if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
     DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
 fi
 
+export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
+
+echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
 # run lxd init on the remote server.
 cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed
 config:
@@ -179,22 +180,13 @@ config:
   core.trust_password: ${LXD_CLUSTER_PASSWORD}
   core.dns_address: ${MGMT_PLANE_IP}
   images.auto_update_interval: 15
-
+  
 networks:
 - name: lxdbr0
-  description: "ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-}"
+  description: "ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-error}"
   type: bridge
   config:
-    ipv4.nat: "true"
-    ipv4.dhcp: "true"
-    ipv6.address: "none"
-    dns.mode: "managed"
-- name: lxdbr1
-  description: "For regtest"
-  type: bridge
-  config:
-    ipv4.address: 10.139.144.1/24
-    ipv4.nat: false
+    ipv4.nat: true
     ipv4.dhcp: true
     ipv6.address: none
     dns.mode: managed
@@ -219,8 +211,6 @@ cluster:
   cluster_token: ""
 EOF
 
-#    #
-
 # ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
 if wait-for-it -t 20 "$FQDN:8443"; then
     # now create a remote on your local LXC client and switch to it.
diff --git a/deployment/cluster_env.sh b/deployment/cluster_env.sh
index 83a81ec..47f5af8 100755
--- a/deployment/cluster_env.sh
+++ b/deployment/cluster_env.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -exu
+set -eu
 cd "$(dirname "$0")"
 
 CURRENT_CLUSTER="$(lxc remote get-default)"
@@ -30,6 +30,8 @@ export CLUSTER_PATH="$CLUSTERS_DIR/$CURRENT_CLUSTER"
 CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
 export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
 
+echo "CLUSTER_DEFINITION: $CLUSTER_DEFINITION"
+
 # ensure the cluster definition exists.
 if [ ! -f "$CLUSTER_DEFINITION" ]; then
     echo "ERROR: The cluster definition could not be found. You may need to run 'ss-cluster'."
@@ -41,10 +43,17 @@ source "$CLUSTER_DEFINITION"
 
 # source project defition.
 # Now let's load the project definition.
+PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
+export PROJECT_NAME="$PROJECT_NAME"
 PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
 PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
-source "$PROJECT_DEFINITION_PATH"
 
+if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
+    echo "ERROR: 'project_definition' not found $PROJECT_DEFINITION_PATH not found."
+    exit 1
+fi
+
+source "$PROJECT_DEFINITION_PATH"
 export PRIMARY_SITE_DEFINITION_PATH="$SITES_PATH/$PRIMARY_DOMAIN/site_definition"
 source "$PRIMARY_SITE_DEFINITION_PATH"
 
diff --git a/deployment/deploy.sh b/deployment/deploy.sh
index 8f37282..553cdd7 100755
--- a/deployment/deploy.sh
+++ b/deployment/deploy.sh
@@ -13,8 +13,8 @@ DOMAIN_NAME=
 RUN_CERT_RENEWAL=true
 SKIP_WWW=false
 RESTORE_WWW=false
-BACKUP_CERTS=true
-BACKUP_APPS=true
+BACKUP_CERTS=false
+BACKUP_APPS=false
 BACKUP_BTCPAY=true
 BACKUP_BTCPAY_ARCHIVE_PATH=
 RESTORE_BTCPAY=false
@@ -126,7 +126,6 @@ export USER_SAYS_YES="$USER_SAYS_YES"
 export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
 export RESTART_FRONT_END="$RESTART_FRONT_END"
 
-
 # todo convert this to Trezor-T
 SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub"
 export SSH_PUBKEY_PATH="$SSH_PUBKEY_PATH"
@@ -185,8 +184,8 @@ function instantiate_vms {
 
         # Goal is to get the macvlan interface.
         LXD_SS_CONFIG_LINE=
-        if lxc network list --format csv | grep lxdbrSS | grep -q ss-config; then
-            LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
+        if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
+            LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
         fi
 
         if [ -z "$LXD_SS_CONFIG_LINE" ]; then
@@ -205,7 +204,7 @@ function instantiate_vms {
         # fi
 
         # create the lxd base image.
-        #./create_lxc_base.sh
+        ./create_lxc_base.sh
 
         # # now switch to the current chain project.
         # if ! lxc project list --format csv | grep -a "$BITCOIN_CHAIN"; then
@@ -257,15 +256,15 @@ function instantiate_vms {
 
         ./deploy_vms.sh
 
-        # this tells our local docker client to target the remote endpoint via SSH
-        export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
+        if [ "$VIRTUAL_MACHINE" = www ]; then
+            # this tells our local docker client to target the remote endpoint via SSH
+            export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
 
-
-        # enable docker swarm mode so we can support docker stacks.
-        if docker info | grep -q "Swarm: inactive"; then
-            docker swarm init --advertise-addr enp6s0
+            # enable docker swarm mode so we can support docker stacks.
+            if docker info | grep -q "Swarm: inactive"; then
+                docker swarm init --advertise-addr enp6s0
+            fi
         fi
-
     done
 
 }
@@ -314,8 +313,10 @@ EOL
 
 }
 
+PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
 PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
 mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
+export PROJECT_NAME="$PROJECT_NAME"
 export PROJECT_PATH="$PROJECT_PATH"
 
 # create a symlink from ./clusterpath/projects/project
@@ -327,12 +328,13 @@ fi
 if ! lxc project list | grep -q "$PROJECT_NAME"; then
     echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
     lxc project create "$PROJECT_NAME"
+    lxc project set "$PROJECT_NAME" features.networks=true
 fi
 
 # # check if we need to provision a new lxc project.
-# if [ "$BITCOIN_CHAIN" != "$CURRENT_PROJECT" ]; then
-#     echo "INFO: switch to lxd project '$BITCOIN_CHAIN'."
-#     lxc project switch "$BITCOIN_CHAIN"
+# if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
+#     echo "INFO: switch to lxd project '$PROJECT_NAME'."
+#     lxc project switch "$PROJECT_NAME"
 # fi
 
 # check to see if the enf file exists. exist if not.
@@ -426,21 +428,7 @@ fi
 export DOMAIN_NAME="$PRIMARY_DOMAIN"
 export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
 if [ "$SKIP_BTCPAY" = false ] && [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
-    bash -c "./btcpayserver/go.sh"
+    ./btcpayserver/go.sh
 
     ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead"
 fi
-
-# deploy clams wallet.
-LOCAL_CLAMS_PATH="$(pwd)/www/clams"
-if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
-    if [ ! -d "$LOCAL_CLAMS_PATH" ]; then
-        git clone "$CLAMS_GIT_REPO" "$LOCAL_CLAMS_PATH"
-    else
-        cd "$LOCAL_CLAMS_PATH"
-        git pull
-        cd -
-    fi
-fi
-
-
diff --git a/deployment/deploy_vms.sh b/deployment/deploy_vms.sh
index 2603b73..4bd6be1 100755
--- a/deployment/deploy_vms.sh
+++ b/deployment/deploy_vms.sh
@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -ex
+set -exu
 cd "$(dirname "$0")"
 
 
@@ -34,8 +34,9 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
     ./stub_lxc_profile.sh "$LXD_VM_NAME"
 
     lxc copy --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME"/"ss-docker-$(date +%Y-%m)" "$LXD_VM_NAME"
+
     # now let's create a new VM to work with.
-    #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
+    #@lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
 
     # let's PIN the HW address for now so we don't exhaust IP
     # and so we can set DNS internally.
@@ -52,11 +53,3 @@ ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
 
 # create a directory to store backup archives. This is on all new vms.
 ssh "$FQDN" mkdir -p "$REMOTE_HOME/backups"
-
-# if this execution is for btcpayserver, then we run the stub/btcpay setup script
-# but only if it hasn't been executed before.
-if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
-    if [ "$(ssh "$BTCPAY_FQDN" [[ ! -f "$REMOTE_HOME/btcpay.complete" ]]; echo $?)" -eq 0 ]; then
-        ./btcpayserver/stub_btcpay_setup.sh
-    fi
-fi
diff --git a/deployment/destroy.sh b/deployment/destroy.sh
index 02ba408..b4704b6 100755
--- a/deployment/destroy.sh
+++ b/deployment/destroy.sh
@@ -1,9 +1,15 @@
 #!/bin/bash
 
-set -exu
+set -ex
 cd "$(dirname "$0")"
 # this script takes down all resources in the cluster. This script is DESTRUCTIVE of data, so make sure it's backed up first.
 
+
+if lxc remote get-default | grep -q "local"; then
+    echo "ERROR: you are on the local lxc remote. Nothing to destroy"
+    exit 1
+fi
+
 RESPONSE=
 read -r -p "Are you sure you want to continue? Responding 'y' here results in destruction of user data!": RESPONSE
 if [ "$RESPONSE" != "y" ]; then
@@ -12,6 +18,8 @@ if [ "$RESPONSE" != "y" ]; then
 fi
 
 . ../defaults.sh
+
+
 . ./cluster_env.sh
 
 for VM in www btcpayserver; do
diff --git a/deployment/reset.sh b/deployment/reset.sh
index 79a01f3..199b978 100755
--- a/deployment/reset.sh
+++ b/deployment/reset.sh
@@ -6,54 +6,48 @@ cd "$(dirname "$0")"
 
 source ../defaults.sh
 
-echo "Need to uncomment"
-exit 1
-# ./destroy.sh
+./destroy.sh
 
-# # these only get initialzed upon creation, so we MUST delete here so they get recreated.
-# if lxc profile list | grep -q "$BASE_IMAGE_VM_NAME"; then
-#     lxc profile delete "$BASE_IMAGE_VM_NAME"
-# fi
+# these only get initialzed upon creation, so we MUST delete here so they get recreated.
+if lxc profile list | grep -q "$BASE_IMAGE_VM_NAME"; then
+    lxc profile delete "$BASE_IMAGE_VM_NAME"
+fi
 
-# if lxc image list | grep -q "$BASE_IMAGE_VM_NAME"; then
-#     lxc image rm "$BASE_IMAGE_VM_NAME"
-# fi
+if lxc image list | grep -q "$BASE_IMAGE_VM_NAME"; then
+    lxc image rm "$BASE_IMAGE_VM_NAME"
+fi
 
-# if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
-#     lxc image rm "$UBUNTU_BASE_IMAGE_NAME"
-# fi
+if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
+    lxc image rm "$UBUNTU_BASE_IMAGE_NAME"
+fi
 
-# CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
-# if ! lxc info | grep -q "project: default"; then
-#     lxc project switch default
-#     lxc project delete "$CURRENT_PROJECT"
-# fi
+CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
+if ! lxc info | grep -q "project: default"; then
+    lxc project switch default
+    lxc project delete "$CURRENT_PROJECT"
+fi
 
-# if lxc profile show default | grep -q "root:"; then
-#     lxc profile device remove default root
-# fi
+if lxc profile show default | grep -q "root:"; then
+    lxc profile device remove default root
+fi
 
-# if lxc profile show default| grep -q "eth0:"; then
-#     lxc profile device remove default eth0
-# fi
+if lxc profile show default| grep -q "eth0:"; then
+    lxc profile device remove default eth0
+fi
 
-# if lxc network list --format csv | grep -q lxdbr0; then
-#     lxc network delete lxdbr0
-# fi
+if lxc network list --format csv | grep -q lxdbr0; then
+    lxc network delete lxdbr0
+fi
 
-# if lxc network list --format csv | grep -q lxdbr1; then
-#     lxc network delete lxdbr1
-# fi
+if lxc storage list --format csv | grep -q ss-base; then
+    lxc storage delete ss-base
+fi
 
-# if lxc storage list --format csv | grep -q ss-base; then
-#     lxc storage delete ss-base
-# fi
-
-# CURRENT_REMOTE="$(lxc remote get-default)"
-# if ! lxc remote get-default | grep -q "local"; then
-#     lxc remote switch local
-#     lxc remote remove "$CURRENT_REMOTE"
-# fi
+CURRENT_REMOTE="$(lxc remote get-default)"
+if ! lxc remote get-default | grep -q "local"; then
+    lxc remote switch local
+    lxc remote remove "$CURRENT_REMOTE"
+fi
 
 
 
diff --git a/deployment/stub_lxc_profile.sh b/deployment/stub_lxc_profile.sh
index 2be5849..2d554c8 100755
--- a/deployment/stub_lxc_profile.sh
+++ b/deployment/stub_lxc_profile.sh
@@ -107,14 +107,15 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
       - path: /etc/docker/daemon.json
         content: |
               {
-                "registry-mirrors": ["${REGISTRY_URL}"],
-                "labels": [ "githead=${LATEST_GIT_COMMIT}" ]
+                "registry-mirrors": ["${REGISTRY_URL}"]
               }
 
     runcmd:
       - sudo apt-get install -y openssh-server
 
 EOF
+#,
+#"labels": [ "githead=${LATEST_GIT_COMMIT}" ]
 
 else 
     # all other machines.
@@ -195,7 +196,7 @@ cat >> "$YAML_PATH" <<EOF
     type: nic
   enp6s0:
     name: enp6s0
-    network: lxdbr1
+    network: lxdbr0
     type: nic
 
 name: ${PRIMARY_DOMAIN}
diff --git a/deployment/www/deploy_clams.sh b/deployment/www/deploy_clams.sh
new file mode 100755
index 0000000..54c7ab1
--- /dev/null
+++ b/deployment/www/deploy_clams.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -ex
+cd "$(dirname "$0")"
+
+# deploy clams wallet.
+LOCAL_CLAMS_REPO_PATH="$(pwd)/www/clams"
+if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
+    if [ ! -d "$LOCAL_CLAMS_REPO_PATH" ]; then
+        git clone "$CLAMS_GIT_REPO" "$LOCAL_CLAMS_REPO_PATH"
+    else
+        cd "$LOCAL_CLAMS_REPO_PATH"
+        git pull
+        cd -
+    fi
+fi
+
+lxc file push -r -p ./clams "${PRIMARY_WWW_FQDN//./-}"/home/ubuntu/code
+
+# run the primary script and output the files to --output-path
+ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/clams/browser-app"
+ssh "$PRIMARY_WWW_FQDN" "$REMOTE_HOME/code/clams/browser-app/run.sh --output-path=$REMOTE_HOME/clams/browser-app"
+ssh "$PRIMARY_WWW_FQDN" rm -rf "$REMOTE_HOME/code"
diff --git a/deployment/www/go.sh b/deployment/www/go.sh
index 7f35657..d5d8a82 100755
--- a/deployment/www/go.sh
+++ b/deployment/www/go.sh
@@ -137,7 +137,7 @@ fi
 ./stub/nextcloud_yml.sh
 ./stub/gitea_yml.sh
 ./stub/nostr_yml.sh
-
+./deploy_clams.sh
 
 # # start a browser session; point it to port 80 to ensure HTTPS redirect.
 # # WWW_FQDN is in our certificate, so we resolve to that.
diff --git a/deployment/www/stub/nginx_config.sh b/deployment/www/stub/nginx_config.sh
index 2e83f73..b63362c 100755
--- a/deployment/www/stub/nginx_config.sh
+++ b/deployment/www/stub/nginx_config.sh
@@ -141,7 +141,7 @@ EOL
     add_header Strict-Transport-Security "max-age=63072000" always;
     ssl_stapling on;
     ssl_stapling_verify on;
-    resolver 198.54.117.10;
+    e
     # TODO change resolver to local DNS resolver, or inherit from system.
 
 
diff --git a/install.sh b/install.sh
index 1817760..d2bce62 100755
--- a/install.sh
+++ b/install.sh
@@ -24,7 +24,7 @@ fi
 
 # install snap
 if ! snap list | grep -q lxd; then
-    sudo snap install lxd
+    sudo snap install lxd --channel=5.11/candidate
     sleep 3
 
     # run lxd init on the remote server./dev/nvme1n1
@@ -39,8 +39,7 @@ networks:
     ipv6.address: none
   description: "Default network bridge for ss-mgmt outbound network access."
   name: lxdbr0
-  type: "bridge"
-  project: default
+  type: bridge
 storage_pools:
 - config:
     source: ${DISK}
@@ -73,7 +72,7 @@ if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
 fi
 
 if ! lxc list --format csv | grep -q ss-mgmt; then
-    lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB
+    lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default
 
     # mount the pre-verified sovereign stack git repo into the new vm
     lxc config device add ss-mgmt sscode disk source="$(pwd)" path=/home/ubuntu/sovereign-stack
@@ -81,7 +80,7 @@ fi
 
 if lxc list --format csv | grep -q "ss-mgmt,STOPPED"; then
     lxc start ss-mgmt
-    sleep 15
+    sleep 20
 fi
 
 . ./management/wait_for_lxc_ip.sh
@@ -92,13 +91,15 @@ fi
 #     sleep 1
 # done
 
-# now run the mgmt provisioning script.
 SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
+if [ ! -f "$SSH_PUBKEY_PATH" ]; then
+    ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
+fi
+
+# now run the mgmt provisioning script.
+
 if [ -f "$SSH_PUBKEY_PATH" ]; then
     lxc file push "$SSH_PUBKEY_PATH" ss-mgmt/home/ubuntu/.ssh/authorized_keys
-else
-    echo "ERROR: You need to generate an SSH key."
-    exit 1
 fi
 
 lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile
diff --git a/manage.sh b/manage.sh
index 0c5cb2b..ff6035b 100755
--- a/manage.sh
+++ b/manage.sh
@@ -3,8 +3,8 @@
 set -eu
 cd "$(dirname "$0")"
 
-if ! lxc remote get-default | grep -q local; then
-    lxc remote switch local
+if ! lxc remote get-default | grep -q "local"; then
+    lxc remote switch "local"
 fi
 
 # if the mgmt machine doesn't exist, then warn the user to perform ./install.sh
@@ -24,4 +24,5 @@ fi
 
 wait-for-it -t 300 "$IP_V4_ADDRESS:22" > /dev/null 2>&1
 
+# let's ensure ~/.ssh/ssh_config is using the correct IP address for ss-mgmt.
 ssh ubuntu@"$IP_V4_ADDRESS"
diff --git a/management/bashrc b/management/bashrc
index afdeafb..6434430 100644
--- a/management/bashrc
+++ b/management/bashrc
@@ -85,7 +85,7 @@ if [ -x /usr/bin/dircolors ]; then
 fi
 
 # colored GCC warnings and errors
-#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
 
 # some more ls aliases
 alias ll='ls -alF'
diff --git a/temp/core-lightning/Dockerfile b/temp/core-lightning/Dockerfile
new file mode 100644
index 0000000..6b5809d
--- /dev/null
+++ b/temp/core-lightning/Dockerfile
@@ -0,0 +1,3 @@
+FROM btcpayserver/lightning:v22.11.1
+
+EXPOSE 9736
\ No newline at end of file
diff --git a/uninstall.sh b/uninstall.sh
index b571fe6..9f75ebb 100755
--- a/uninstall.sh
+++ b/uninstall.sh
@@ -3,37 +3,52 @@
 set -exu
 
 # this script undoes install.sh
+if ! command -v lxc >/dev/null 2>&1; then
+    echo "This script requires 'lxc' to be installed. Please run 'install.sh'."
+    exit 1
+fi
 
 . ./defaults.sh
 
 if lxc list --format csv | grep -q ss-mgmt; then
 
-    if ! list list --format csv | grep ss-mgmt | grep -q "RUNNING"; then
+    if ! lxc list --format csv | grep ss-mgmt | grep -q "RUNNING"; then
         lxc stop ss-mgmt
     fi
 
     lxc config device remove ss-mgmt sscode
-    lxc delete ss-mgmt
+    lxc delete ss-mgmt -f
 fi
 
-# if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
-#     lxc image delete "$UBUNTU_BASE_IMAGE_NAME"
-# fi
+if lxc profile device list default | grep -q root; then
+    lxc profile device remove default root
+fi
 
-# if lxc storage list --format csv | grep -q sovereign-stack; then
-#     lxc profile device remove default root
-#     lxc storage delete sovereign-stack
-# fi
+if lxc profile device list default | grep -q enp5s0; then
+    lxc profile device remove default enp5s0
+fi
 
-# if snap list | grep -q lxd; then
-#     sudo snap remove lxd
-#     sleep 2
-# fi
+if lxc network list | grep -q lxdbr0; then
+    lxc network delete lxdbr0
+fi
 
-# if zfs list | grep -q sovereign-stack; then
-#     sudo zfs destroy -r sovereign-stack
-# fi
+if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
+    lxc image delete "$UBUNTU_BASE_IMAGE_NAME"
+fi
 
-# if zfs list | grep -q "sovereign-stack"; then
-#     sudo zfs destroy -r "rpool/lxd"
-# fi
+if lxc storage list --format csv | grep -q sovereign-stack; then
+    lxc storage delete sovereign-stack
+fi
+
+if snap list | grep -q lxd; then
+    sudo snap remove lxd
+    sleep 2
+fi
+
+if zfs list | grep -q sovereign-stack; then
+    sudo zfs destroy -r sovereign-stack
+fi
+
+if zfs list | grep -q "sovereign-stack"; then
+    sudo zfs destroy -r "rpool/lxd"
+fi