Working. Clams integration stop.

defaults.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -ex
+set -e
 
 export DEPLOY_WWW_SERVER=false
 export DEPLOY_GHOST=false
@@ -80,7 +80,7 @@ export PROJECTS_DIR="$HOME/ss-projects"
 export SITES_PATH="$HOME/ss-sites"
 
 # The base VM image.
-export LXD_UBUNTU_BASE_VERSION="22.04"
+export LXD_UBUNTU_BASE_VERSION="jammy"
 export BASE_IMAGE_VM_NAME="ss-base-${LXD_UBUNTU_BASE_VERSION//./-}"
 export BASE_LXC_IMAGE="ubuntu/$LXD_UBUNTU_BASE_VERSION/cloud"
 export UBUNTU_BASE_IMAGE_NAME="ss-ubuntu-${LXD_UBUNTU_BASE_VERSION//./-}"
@@ -89,7 +89,7 @@ export UBUNTU_BASE_IMAGE_NAME="ss-ubuntu-${LXD_UBUNTU_BASE_VERSION//./-}"
 export DEPLOY_MGMT_REGISTRY=false
 export OTHER_SITES_LIST=
 export BTCPAY_ALT_NAMES=
-
+export BITCOIN_CHAIN=regtest
 export REMOTE_HOME="/home/ubuntu"
 
 export BTCPAY_SERVER_APPPATH="$REMOTE_HOME/btcpayserver-docker"
@@ -98,4 +98,4 @@ export REMOTE_CERT_BASE_DIR="$REMOTE_HOME/.certs"
 # this space is for OS, docker images, etc. DOES NOT INCLUDE USER DATA.
 export ROOT_DISK_SIZE_GB=20
 export REGISTRY_URL="https://index.docker.io/v1/"
-export PRIMARY_DOMAIN=
+export PRIMARY_DOMAIN=

deployment/btcpayserver/.gitignore

@@ -0,0 +1 @@
+core-lightning

deployment/btcpayserver/backup_btcpay.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -e
+set -ex
 cd "$(dirname "$0")"
 
 # take the services down, create a backup archive, then pull it down.

deployment/btcpayserver/go.sh

@@ -5,6 +5,15 @@ cd "$(dirname "$0")"
 
 export DOCKER_HOST="ssh://ubuntu@$BTCPAY_FQDN"
 
+docker pull btcpayserver/lightning:v22.11.1
+docker build -t clightning:latest ./core-lightning
+
+# run the btcpay setup script if it hasn't been done before.
+if [ "$(ssh "$BTCPAY_FQDN" [[ ! -f "$REMOTE_HOME/btcpay.complete" ]]; echo $?)" -eq 0 ]; then
+    ./stub_btcpay_setup.sh
+    BACKUP_BTCPAY=false
+fi
+
 RUN_SERVICES=true
 
 # we will re-run the btcpayserver provisioning scripts if directed to do so.
@@ -34,6 +43,7 @@ elif [ "$RECONFIGURE_BTCPAY_SERVER" == true ]; then
     ./stub_btcpay_setup.sh
 
     RUN_SERVICES=true
+    BACKUP_BTCPAY=false
 fi
 
 # if the script gets this far, then we grab a regular backup.
@@ -48,4 +58,4 @@ if [ "$RUN_SERVICES" = true ] && [ "$STOP_SERVICES" = false ]; then
     ssh "$FQDN" "bash -c $BTCPAY_SERVER_APPPATH/btcpay-up.sh"
 fi
 
-echo "FINISHED btcpayserver/go.sh"
+echo "FINISHED btcpayserver/go.sh"

deployment/btcpayserver/stub_btcpay_setup.sh

@@ -3,12 +3,26 @@
 set -e
 cd "$(dirname "$0")"
 
+# default is for regtest
+CLIGHTNING_WEBSOCKET_PORT=9736
+if [ "$BITCOIN_CHAIN" = testnet ]; then
+    CLIGHTNING_WEBSOCKET_PORT=9737
+elif [ "$BITCOIN_CHAIN" = mainnet ]; then
+    CLIGHTNING_WEBSOCKET_PORT=9738
+fi
+
+export CLIGHTNING_WEBSOCKET_PORT="$CLIGHTNING_WEBSOCKET_PORT"
+
 # export BTCPAY_FASTSYNC_ARCHIVE_FILENAME="utxo-snapshot-bitcoin-testnet-1445586.tar"
 # BTCPAY_REMOTE_RESTORE_PATH="/var/lib/docker/volumes/generated_bitcoin_datadir/_data"
 
 # This is the config for a basic proxy to the listening port 127.0.0.1:2368
 # It also supports modern TLS, so SSL certs must be available.
 #opt-add-nostr-relay;
+
+export BTCPAYSERVER_GITREPO="https://github.com/farscapian/btcpayserver-docker"
+#https://github.com/btcpayserver/btcpayserver-docker
+
 cat > "$SITE_PATH/btcpay.sh" <<EOL
 #!/bin/bash
 
@@ -22,7 +36,7 @@ done
 
 if [ ! -d "btcpayserver-docker" ]; then 
     echo "cloning btcpayserver-docker"; 
-    git clone -b master https://github.com/btcpayserver/btcpayserver-docker btcpayserver-docker;
+    git clone -b master ${BTCPAYSERVER_GITREPO} btcpayserver-docker;
     git config --global --add safe.directory /home/ubuntu/btcpayserver-docker
 else
     cd ./btcpayserver-docker
@@ -67,6 +81,11 @@ services:
     environment:
       LIGHTNINGD_OPT: |
         announce-addr-dns=true
+        experimental-websocket-port=9736
+    ports:
+      - "${CLIGHTNING_WEBSOCKET_PORT}:9736"
+    expose:
+      - "9736"
 
 EOF
 

deployment/cluster.sh

@@ -8,12 +8,13 @@ cd "$(dirname "$0")"
 # to use LXD.
 
 DATA_PLANE_MACVLAN_INTERFACE=
-DISK_TO_USE=loop
+DISK_TO_USE=
 
 # override the cluster name.
 CLUSTER_NAME="${1:-}"
 if [ -z "$CLUSTER_NAME" ]; then
-    echo "ERROR: The cluster name was not provided."
+    echo "ERROR: The cluster name was not provided. Syntax is: 'ss-cluster CLUSTER_NAME SSH_HOST_FQDN'"
+    echo "  for example: 'ss-cluster dev clusterhost01.domain.tld"
     exit 1
 fi
 
@@ -34,6 +35,7 @@ if [ ! -f "$CLUSTER_DEFINITION" ]; then
 
 export LXD_CLUSTER_PASSWORD="$(gpg --gen-random --armor 1 14)"
 export BITCOIN_CHAIN="regtest"
+export PROJECT_PREFIX="dev"
 #export REGISTRY_URL="https://index.docker.io/v1/"
 
 EOL
@@ -85,6 +87,9 @@ if ! lxc remote list | grep -q "$CLUSTER_NAME"; then
         esac
     done
 
+    # first let's copy our ssh pubkey to the remote server so we don't have to login constantly.
+    ssh-copy-id -i "$HOME/.ssh/id_rsa.pub" "ubuntu@$FQDN"
+
     if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
         echo "INFO: It looks like you didn't provide input on the command line for the data plane macvlan interface."
         echo "      We need to know which interface that is! Enter it here now."
@@ -147,10 +152,6 @@ if ! command -v lxc >/dev/null 2>&1; then
         sleep 1
     fi
 
-    if lxc network list --format csv | grep -q lxdbr1; then
-        lxc network delete lxdbr1
-        sleep 1
-    fi
 fi
 
 ssh -t "ubuntu@$FQDN" "
@@ -161,7 +162,7 @@ sudo apt-get update && sudo apt-get upgrade -y && sudo apt install htop dnsutils
 
 # install lxd as a snap if it's not installed.
 if ! snap list | grep -q lxd; then
-    sudo snap install lxd
+    sudo snap install lxd --channel=5.10/stable
     sleep 10
 fi
 "
@@ -172,6 +173,9 @@ if [ -z "$DATA_PLANE_MACVLAN_INTERFACE" ]; then
     DATA_PLANE_MACVLAN_INTERFACE="$(ssh -t ubuntu@"$FQDN" ip route | grep default | cut -d " " -f 5)"
 fi
 
+export DATA_PLANE_MACVLAN_INTERFACE="$DATA_PLANE_MACVLAN_INTERFACE"
+
+echo "DATA_PLANE_MACVLAN_INTERFACE: $DATA_PLANE_MACVLAN_INTERFACE"
 # run lxd init on the remote server.
 cat <<EOF | ssh ubuntu@"$FQDN" lxd init --preseed
 config:
@@ -179,22 +183,13 @@ config:
   core.trust_password: ${LXD_CLUSTER_PASSWORD}
   core.dns_address: ${MGMT_PLANE_IP}
   images.auto_update_interval: 15
-
+  
 networks:
 - name: lxdbr0
-  description: "ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-}"
+  description: "ss-config,${DATA_PLANE_MACVLAN_INTERFACE:-error}"
   type: bridge
   config:
-    ipv4.nat: "true"
-    ipv4.dhcp: "true"
-    ipv6.address: "none"
-    dns.mode: "managed"
-- name: lxdbr1
-  description: "For regtest"
-  type: bridge
-  config:
-    ipv4.address: 10.139.144.1/24
-    ipv4.nat: false
+    ipv4.nat: true
     ipv4.dhcp: true
     ipv6.address: none
     dns.mode: managed
@@ -219,8 +214,6 @@ cluster:
   cluster_token: ""
 EOF
 
-#    #
-
 # ensure the lxd service is available over the network, then add a lxc remote, then switch the active remote to it.
 if wait-for-it -t 20 "$FQDN:8443"; then
     # now create a remote on your local LXC client and switch to it.

deployment/cluster_env.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -exu
+set -eu
 cd "$(dirname "$0")"
 
 CURRENT_CLUSTER="$(lxc remote get-default)"
@@ -30,6 +30,8 @@ export CLUSTER_PATH="$CLUSTERS_DIR/$CURRENT_CLUSTER"
 CLUSTER_DEFINITION="$CLUSTER_PATH/cluster_definition"
 export CLUSTER_DEFINITION="$CLUSTER_DEFINITION"
 
+echo "CLUSTER_DEFINITION: $CLUSTER_DEFINITION"
+
 # ensure the cluster definition exists.
 if [ ! -f "$CLUSTER_DEFINITION" ]; then
     echo "ERROR: The cluster definition could not be found. You may need to run 'ss-cluster'."
@@ -41,10 +43,17 @@ source "$CLUSTER_DEFINITION"
 
 # source project defition.
 # Now let's load the project definition.
+PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
+export PROJECT_NAME="$PROJECT_NAME"
 PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
 PROJECT_DEFINITION_PATH="$PROJECT_PATH/project_definition"
-source "$PROJECT_DEFINITION_PATH"
 
+if [ ! -f "$PROJECT_DEFINITION_PATH" ]; then
+    echo "ERROR: 'project_definition' not found $PROJECT_DEFINITION_PATH not found."
+    exit 1
+fi
+
+source "$PROJECT_DEFINITION_PATH"
 export PRIMARY_SITE_DEFINITION_PATH="$SITES_PATH/$PRIMARY_DOMAIN/site_definition"
 source "$PRIMARY_SITE_DEFINITION_PATH"
 

deployment/create_lxc_base.sh

@@ -17,7 +17,7 @@ fi
 # If the lxc VM does exist, then we will delete it (so we can start fresh) 
 if lxc list -q --format csv | grep -q "$BASE_IMAGE_VM_NAME"; then
     # if there's no snapshot, we dispense with the old image and try again.
-    if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "ss-docker-$(date +%Y-%m)"; then
+    if ! lxc info "$BASE_IMAGE_VM_NAME" | grep -q "ss-docker-$LXD_UBUNTU_BASE_VERSION"; then
         lxc delete "$BASE_IMAGE_VM_NAME" --force
         ssh-keygen -f "$SSH_HOME/known_hosts" -R "$BASE_IMAGE_VM_NAME"
     fi
@@ -31,12 +31,13 @@ else
 
     lxc start "$BASE_IMAGE_VM_NAME"
 
-    sleep 70
+    sleep 30
 
     # ensure the ssh service is listening at localhost
     lxc exec "$BASE_IMAGE_VM_NAME" -- wait-for-it 127.0.0.1:22 -t 120
 
+
     # stop the VM and get a snapshot.
     lxc stop "$BASE_IMAGE_VM_NAME"
-    lxc snapshot "$BASE_IMAGE_VM_NAME" "ss-docker-$(date +%Y-%m)"
+    lxc snapshot "$BASE_IMAGE_VM_NAME" "ss-docker-$LXD_UBUNTU_BASE_VERSION"
 fi

deployment/deploy.sh

@@ -13,8 +13,8 @@ DOMAIN_NAME=
 RUN_CERT_RENEWAL=true
 SKIP_WWW=false
 RESTORE_WWW=false
-BACKUP_CERTS=true
-BACKUP_APPS=true
+BACKUP_CERTS=false
+BACKUP_APPS=false
 BACKUP_BTCPAY=true
 BACKUP_BTCPAY_ARCHIVE_PATH=
 RESTORE_BTCPAY=false
@@ -126,7 +126,6 @@ export USER_SAYS_YES="$USER_SAYS_YES"
 export BACKUP_BTCPAY_ARCHIVE_PATH="$BACKUP_BTCPAY_ARCHIVE_PATH"
 export RESTART_FRONT_END="$RESTART_FRONT_END"
 
-
 # todo convert this to Trezor-T
 SSH_PUBKEY_PATH="$SSH_HOME/id_rsa.pub"
 export SSH_PUBKEY_PATH="$SSH_PUBKEY_PATH"
@@ -185,8 +184,8 @@ function instantiate_vms {
 
         # Goal is to get the macvlan interface.
         LXD_SS_CONFIG_LINE=
-        if lxc network list --format csv | grep lxdbrSS | grep -q ss-config; then
-            LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbrSS | grep ss-config)"
+        if lxc network list --format csv | grep lxdbr0 | grep -q ss-config; then
+            LXD_SS_CONFIG_LINE="$(lxc network list --format csv | grep lxdbr0 | grep ss-config)"
         fi
 
         if [ -z "$LXD_SS_CONFIG_LINE" ]; then
@@ -205,7 +204,7 @@ function instantiate_vms {
         # fi
 
         # create the lxd base image.
-        #./create_lxc_base.sh
+        ./create_lxc_base.sh
 
         # # now switch to the current chain project.
         # if ! lxc project list --format csv | grep -a "$BITCOIN_CHAIN"; then
@@ -257,15 +256,15 @@ function instantiate_vms {
 
         ./deploy_vms.sh
 
-        # this tells our local docker client to target the remote endpoint via SSH
-        export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
+        if [ "$VIRTUAL_MACHINE" = www ]; then
+            # this tells our local docker client to target the remote endpoint via SSH
+            export DOCKER_HOST="ssh://ubuntu@$PRIMARY_WWW_FQDN"
 
-
-        # enable docker swarm mode so we can support docker stacks.
-        if docker info | grep -q "Swarm: inactive"; then
-            docker swarm init --advertise-addr enp6s0
+            # enable docker swarm mode so we can support docker stacks.
+            if docker info | grep -q "Swarm: inactive"; then
+                docker swarm init --advertise-addr enp6s0
+            fi
         fi
-
     done
 
 }
@@ -314,8 +313,10 @@ EOL
 
 }
 
+PROJECT_NAME="$PROJECT_PREFIX-$BITCOIN_CHAIN"
 PROJECT_PATH="$PROJECTS_DIR/$PROJECT_NAME"
 mkdir -p "$PROJECT_PATH" "$CLUSTER_PATH/projects"
+export PROJECT_NAME="$PROJECT_NAME"
 export PROJECT_PATH="$PROJECT_PATH"
 
 # create a symlink from ./clusterpath/projects/project
@@ -327,12 +328,13 @@ fi
 if ! lxc project list | grep -q "$PROJECT_NAME"; then
     echo "INFO: The lxd project specified in the cluster_definition did not exist. We'll create one!"
     lxc project create "$PROJECT_NAME"
+    lxc project set "$PROJECT_NAME" features.networks=true
 fi
 
 # # check if we need to provision a new lxc project.
-# if [ "$BITCOIN_CHAIN" != "$CURRENT_PROJECT" ]; then
-#     echo "INFO: switch to lxd project '$BITCOIN_CHAIN'."
-#     lxc project switch "$BITCOIN_CHAIN"
+# if ! lxc info | grep "project:" | grep -q "$PROJECT_NAME"; then
+#     echo "INFO: switch to lxd project '$PROJECT_NAME'."
+#     lxc project switch "$PROJECT_NAME"
 # fi
 
 # check to see if the enf file exists. exist if not.
@@ -426,21 +428,7 @@ fi
 export DOMAIN_NAME="$PRIMARY_DOMAIN"
 export SITE_PATH="$SITES_PATH/$DOMAIN_NAME"
 if [ "$SKIP_BTCPAY" = false ] && [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
-    bash -c "./btcpayserver/go.sh"
+    ./btcpayserver/go.sh
 
     ssh ubuntu@"$BTCPAY_FQDN" "echo $LATEST_GIT_COMMIT > /home/ubuntu/.ss-githead"
 fi
-
-# deploy clams wallet.
-LOCAL_CLAMS_PATH="$(pwd)/www/clams"
-if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
-    if [ ! -d "$LOCAL_CLAMS_PATH" ]; then
-        git clone "$CLAMS_GIT_REPO" "$LOCAL_CLAMS_PATH"
-    else
-        cd "$LOCAL_CLAMS_PATH"
-        git pull
-        cd -
-    fi
-fi
-
-

deployment/deploy_vms.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-set -ex
+set -exu
 cd "$(dirname "$0")"
 
 
@@ -33,9 +33,10 @@ if ! lxc list --format csv | grep -q "$LXD_VM_NAME"; then
 
     ./stub_lxc_profile.sh "$LXD_VM_NAME"
 
-    lxc copy --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME"/"ss-docker-$(date +%Y-%m)" "$LXD_VM_NAME"
+    lxc copy --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME"/"ss-docker-$LXD_UBUNTU_BASE_VERSION" "$LXD_VM_NAME"
+
     # now let's create a new VM to work with.
-    #lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
+    #@lxc init --profile="$LXD_VM_NAME" "$BASE_IMAGE_VM_NAME" "$LXD_VM_NAME" --vm
 
     # let's PIN the HW address for now so we don't exhaust IP
     # and so we can set DNS internally.
@@ -52,11 +53,3 @@ ssh-keyscan -H -t ecdsa "$FQDN" >> "$SSH_HOME/known_hosts"
 
 # create a directory to store backup archives. This is on all new vms.
 ssh "$FQDN" mkdir -p "$REMOTE_HOME/backups"
-
-# if this execution is for btcpayserver, then we run the stub/btcpay setup script
-# but only if it hasn't been executed before.
-if [ "$VIRTUAL_MACHINE" = btcpayserver ]; then
-    if [ "$(ssh "$BTCPAY_FQDN" [[ ! -f "$REMOTE_HOME/btcpay.complete" ]]; echo $?)" -eq 0 ]; then
-        ./btcpayserver/stub_btcpay_setup.sh
-    fi
-fi

deployment/destroy.sh

@@ -1,9 +1,15 @@
 #!/bin/bash
 
-set -exu
+set -ex
 cd "$(dirname "$0")"
 # this script takes down all resources in the cluster. This script is DESTRUCTIVE of data, so make sure it's backed up first.
 
+
+if lxc remote get-default | grep -q "local"; then
+    echo "ERROR: you are on the local lxc remote. Nothing to destroy"
+    exit 1
+fi
+
 RESPONSE=
 read -r -p "Are you sure you want to continue? Responding 'y' here results in destruction of user data!": RESPONSE
 if [ "$RESPONSE" != "y" ]; then
@@ -12,6 +18,8 @@ if [ "$RESPONSE" != "y" ]; then
 fi
 
 . ../defaults.sh
+
+
 . ./cluster_env.sh
 
 for VM in www btcpayserver; do

deployment/reset.sh

@@ -6,54 +6,48 @@ cd "$(dirname "$0")"
 
 source ../defaults.sh
 
-echo "Need to uncomment"
-exit 1
-# ./destroy.sh
+./destroy.sh
 
-# # these only get initialzed upon creation, so we MUST delete here so they get recreated.
-# if lxc profile list | grep -q "$BASE_IMAGE_VM_NAME"; then
-#     lxc profile delete "$BASE_IMAGE_VM_NAME"
-# fi
+# these only get initialzed upon creation, so we MUST delete here so they get recreated.
+if lxc profile list | grep -q "$BASE_IMAGE_VM_NAME"; then
+    lxc profile delete "$BASE_IMAGE_VM_NAME"
+fi
 
-# if lxc image list | grep -q "$BASE_IMAGE_VM_NAME"; then
-#     lxc image rm "$BASE_IMAGE_VM_NAME"
-# fi
+if lxc image list | grep -q "$BASE_IMAGE_VM_NAME"; then
+    lxc image rm "$BASE_IMAGE_VM_NAME"
+fi
 
-# if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
-#     lxc image rm "$UBUNTU_BASE_IMAGE_NAME"
-# fi
+if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
+    lxc image rm "$UBUNTU_BASE_IMAGE_NAME"
+fi
 
-# CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
-# if ! lxc info | grep -q "project: default"; then
-#     lxc project switch default
-#     lxc project delete "$CURRENT_PROJECT"
-# fi
+CURRENT_PROJECT="$(lxc info | grep "project:" | awk '{print $2}')"
+if ! lxc info | grep -q "project: default"; then
+    lxc project switch default
+    lxc project delete "$CURRENT_PROJECT"
+fi
 
-# if lxc profile show default | grep -q "root:"; then
-#     lxc profile device remove default root
-# fi
+if lxc profile show default | grep -q "root:"; then
+    lxc profile device remove default root
+fi
 
-# if lxc profile show default| grep -q "eth0:"; then
-#     lxc profile device remove default eth0
-# fi
+if lxc profile show default| grep -q "eth0:"; then
+    lxc profile device remove default eth0
+fi
 
-# if lxc network list --format csv | grep -q lxdbr0; then
-#     lxc network delete lxdbr0
-# fi
+if lxc network list --format csv | grep -q lxdbr0; then
+    lxc network delete lxdbr0
+fi
 
-# if lxc network list --format csv | grep -q lxdbr1; then
-#     lxc network delete lxdbr1
-# fi
+if lxc storage list --format csv | grep -q ss-base; then
+    lxc storage delete ss-base
+fi
 
-# if lxc storage list --format csv | grep -q ss-base; then
-#     lxc storage delete ss-base
-# fi
-
-# CURRENT_REMOTE="$(lxc remote get-default)"
-# if ! lxc remote get-default | grep -q "local"; then
-#     lxc remote switch local
-#     lxc remote remove "$CURRENT_REMOTE"
-# fi
+CURRENT_REMOTE="$(lxc remote get-default)"
+if ! lxc remote get-default | grep -q "local"; then
+    lxc remote switch local
+    lxc remote remove "$CURRENT_REMOTE"
+fi
 
 
 

deployment/stub_lxc_profile.sh

@@ -50,12 +50,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
     preserve_hostname: false
     fqdn: ${BASE_IMAGE_VM_NAME}
 
-    apt:
-      sources:
-        docker.list:
-          source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu jammy stable"
-          keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
-
     packages:
       - curl
       - ssh-askpass
@@ -76,10 +70,6 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
       - wait-for-it
       - dnsutils
       - wget
-      - docker-ce
-      - docker-ce-cli
-      - containerd.io
-      - docker-compose-plugin
 
     groups:
       - docker
@@ -104,18 +94,34 @@ if [ "$LXD_HOSTNAME" = "$BASE_IMAGE_VM_NAME" ]; then
               UsePAM no
               LogLevel INFO
 
-      - path: /etc/docker/daemon.json
-        content: |
-              {
-                "registry-mirrors": ["${REGISTRY_URL}"],
-                "labels": [ "githead=${LATEST_GIT_COMMIT}" ]
-              }
-
     runcmd:
+      - sudo mkdir -m 0755 -p /etc/apt/keyrings
+      - curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
+      - echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list
+      - sudo apt-get update
+      - sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
       - sudo apt-get install -y openssh-server
 
 EOF
 
+
+    # apt:
+    #   sources:
+    #     docker.list:
+    #       source: "deb [arch=amd64] https://download.docker.com/linux/ubuntu ${LXD_UBUNTU_BASE_VERSION} stable"
+    #       keyid: 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
+
+    #   - path: /etc/docker/daemon.json
+    #     content: |
+    #           {
+    #             "registry-mirrors": ["${REGISTRY_URL}"],
+    #             "labels": [ "githead=${LATEST_GIT_COMMIT}" ]
+    #           }
+
+
+#      - sudo apt-get update
+      #- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
+
 else 
     # all other machines.
     cat >> "$YAML_PATH" <<EOF
@@ -195,7 +201,7 @@ cat >> "$YAML_PATH" <<EOF
     type: nic
   enp6s0:
     name: enp6s0
-    network: lxdbr1
+    network: lxdbr0
     type: nic
 
 name: ${PRIMARY_DOMAIN}

deployment/www/deploy_clams.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+
+set -ex
+cd "$(dirname "$0")"
+
+# deploy clams wallet.
+LOCAL_CLAMS_REPO_PATH="$(pwd)/www/clams"
+if [ "$DEPLOY_BTCPAY_SERVER" = true ]; then
+    if [ ! -d "$LOCAL_CLAMS_REPO_PATH" ]; then
+        git clone "$CLAMS_GIT_REPO" "$LOCAL_CLAMS_REPO_PATH"
+    else
+        cd "$LOCAL_CLAMS_REPO_PATH"
+        #git config pull.ff only
+        git pull
+        cd -
+    fi
+fi
+
+lxc file push -r -p ./clams "${PRIMARY_WWW_FQDN//./-}"/home/ubuntu/code
+
+# run the primary script and output the files to --output-path
+ssh "$PRIMARY_WWW_FQDN" mkdir -p "$REMOTE_HOME/clams/browser-app"
+ssh "$PRIMARY_WWW_FQDN" "$REMOTE_HOME/code/clams/browser-app/run.sh --output-path=$REMOTE_HOME/clams/browser-app"
+ssh "$PRIMARY_WWW_FQDN" rm -rf "$REMOTE_HOME/code"

deployment/www/go.sh

@@ -137,7 +137,7 @@ fi
 ./stub/nextcloud_yml.sh
 ./stub/gitea_yml.sh
 ./stub/nostr_yml.sh
-
+./deploy_clams.sh
 
 # # start a browser session; point it to port 80 to ensure HTTPS redirect.
 # # WWW_FQDN is in our certificate, so we resolve to that.

deployment/www/stub/nginx_config.sh

@@ -141,7 +141,7 @@ EOL
     add_header Strict-Transport-Security "max-age=63072000" always;
     ssl_stapling on;
     ssl_stapling_verify on;
-    resolver 198.54.117.10;
+    e
     # TODO change resolver to local DNS resolver, or inherit from system.
 
 

install.sh

@@ -24,7 +24,7 @@ fi
 
 # install snap
 if ! snap list | grep -q lxd; then
-    sudo snap install lxd
+    sudo snap install lxd --channel=5.10/stable
     sleep 3
 
     # run lxd init on the remote server./dev/nvme1n1
@@ -39,8 +39,7 @@ networks:
     ipv6.address: none
   description: "Default network bridge for ss-mgmt outbound network access."
   name: lxdbr0
-  type: "bridge"
-  project: default
+  type: bridge
 storage_pools:
 - config:
     source: ${DISK}
@@ -73,7 +72,7 @@ if ! lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
 fi
 
 if ! lxc list --format csv | grep -q ss-mgmt; then
-    lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB
+    lxc init "images:$BASE_LXC_IMAGE" ss-mgmt --vm -c limits.cpu=4 -c limits.memory=4GiB --profile=default
 
     # mount the pre-verified sovereign stack git repo into the new vm
     lxc config device add ss-mgmt sscode disk source="$(pwd)" path=/home/ubuntu/sovereign-stack
@@ -81,7 +80,7 @@ fi
 
 if lxc list --format csv | grep -q "ss-mgmt,STOPPED"; then
     lxc start ss-mgmt
-    sleep 15
+    sleep 20
 fi
 
 . ./management/wait_for_lxc_ip.sh
@@ -92,13 +91,15 @@ fi
 #     sleep 1
 # done
 
-# now run the mgmt provisioning script.
 SSH_PUBKEY_PATH="$HOME/.ssh/id_rsa.pub"
+if [ ! -f "$SSH_PUBKEY_PATH" ]; then
+    ssh-keygen -f "$SSH_HOME/id_rsa" -t ecdsa -b 521 -N ""
+fi
+
+# now run the mgmt provisioning script.
+
 if [ -f "$SSH_PUBKEY_PATH" ]; then
     lxc file push "$SSH_PUBKEY_PATH" ss-mgmt/home/ubuntu/.ssh/authorized_keys
-else
-    echo "ERROR: You need to generate an SSH key."
-    exit 1
 fi
 
 lxc file push ./management/bash_profile ss-mgmt/home/ubuntu/.bash_profile

manage.sh

@@ -3,8 +3,8 @@
 set -eu
 cd "$(dirname "$0")"
 
-if ! lxc remote get-default | grep -q local; then
-    lxc remote switch local
+if ! lxc remote get-default | grep -q "local"; then
+    lxc remote switch "local"
 fi
 
 # if the mgmt machine doesn't exist, then warn the user to perform ./install.sh
@@ -24,4 +24,5 @@ fi
 
 wait-for-it -t 300 "$IP_V4_ADDRESS:22" > /dev/null 2>&1
 
+# let's ensure ~/.ssh/ssh_config is using the correct IP address for ss-mgmt.
 ssh ubuntu@"$IP_V4_ADDRESS"

management/bashrc

@@ -85,7 +85,7 @@ if [ -x /usr/bin/dircolors ]; then
 fi
 
 # colored GCC warnings and errors
-#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
+export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01'
 
 # some more ls aliases
 alias ll='ls -alF'

management/provision.sh

@@ -34,7 +34,7 @@ sleep 1
 
 # install snap
 if ! snap list | grep -q lxd; then
-    sudo snap install lxd
+    sudo snap install lxd --channel=5.10/stable
     sleep 6
 
     # We just do an auto initialization. All we are using is the LXD client inside the management environment.

temp/core-lightning/Dockerfile

@@ -0,0 +1,3 @@
+FROM btcpayserver/lightning:v22.11.1
+
+EXPOSE 9736

uninstall.sh

@@ -3,37 +3,52 @@
 set -exu
 
 # this script undoes install.sh
+if ! command -v lxc >/dev/null 2>&1; then
+    echo "This script requires 'lxc' to be installed. Please run 'install.sh'."
+    exit 1
+fi
 
 . ./defaults.sh
 
 if lxc list --format csv | grep -q ss-mgmt; then
 
-    if ! list list --format csv | grep ss-mgmt | grep -q "RUNNING"; then
+    if ! lxc list --format csv | grep ss-mgmt | grep -q "RUNNING"; then
         lxc stop ss-mgmt
     fi
 
     lxc config device remove ss-mgmt sscode
-    lxc delete ss-mgmt
+    lxc delete ss-mgmt -f
 fi
 
-# if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
-#     lxc image delete "$UBUNTU_BASE_IMAGE_NAME"
-# fi
+if lxc profile device list default | grep -q root; then
+    lxc profile device remove default root
+fi
 
-# if lxc storage list --format csv | grep -q sovereign-stack; then
-#     lxc profile device remove default root
-#     lxc storage delete sovereign-stack
-# fi
+if lxc profile device list default | grep -q enp5s0; then
+    lxc profile device remove default enp5s0
+fi
 
-# if snap list | grep -q lxd; then
-#     sudo snap remove lxd
-#     sleep 2
-# fi
+if lxc network list | grep -q lxdbr0; then
+    lxc network delete lxdbr0
+fi
 
-# if zfs list | grep -q sovereign-stack; then
-#     sudo zfs destroy -r sovereign-stack
-# fi
+if lxc image list | grep -q "$UBUNTU_BASE_IMAGE_NAME"; then
+    lxc image delete "$UBUNTU_BASE_IMAGE_NAME"
+fi
 
-# if zfs list | grep -q "sovereign-stack"; then
-#     sudo zfs destroy -r "rpool/lxd"
-# fi
+if lxc storage list --format csv | grep -q sovereign-stack; then
+    lxc storage delete sovereign-stack
+fi
+
+if snap list | grep -q lxd; then
+    sudo snap remove lxd
+    sleep 2
+fi
+
+if zfs list | grep -q sovereign-stack; then
+    sudo zfs destroy -r sovereign-stack
+fi
+
+if zfs list | grep -q "sovereign-stack"; then
+    sudo zfs destroy -r "rpool/lxd"
+fi