replit/timmy-tower
2
0
Fork 0
Code Issues 26 Pull Requests 5 Actions Packages Projects Releases Wiki Activity
228 Commits 15 Branches 0 Tags
main
Commit Graph

3 Commits

Author SHA1 Message Date
alexpaynex
5d9afdbd82 Improve LNbits provisioning script for security and configuration 
Update the provisioning script to use Tailscale IP for Nginx binding, enable non-interactive admin key extraction, and provide clearer backend notes.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 418bf6f8-212b-4bb0-a7a5-8231a061da4e
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: 517a9f91-7fcb-4f89-8cec-333aac2de28b
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/9f85e954-647c-46a5-90a7-396e495a805a/418bf6f8-212b-4bb0-a7a5-8231a061da4e/Q83Uqvu
Replit-Helium-Checkpoint-Created: true
 2026-03-19 05:57:18 +00:00
alexpaynex
d69046a238 feat(task-25): LNbits on Hermes VPS — real-mode wiring, 29/29 PASS 
Task #25: Provision LNbits on Hermes VPS for real Lightning payments.

## scripts/hermes-lnbits/provision.sh (new)
Idempotent Ubuntu 24.04 provisioning script. Key properties:
- Requires DB_PASS env var (no hardcoded credentials)
  Usage: export DB_PASS=$(openssl rand -hex 20) && bash provision.sh
- Creates dedicated 'lnbits' system user (non-root); systemd unit runs as that user
- systemd hardening: NoNewPrivileges=true, ProtectSystem=strict, ReadWritePaths
- Credentials stored in /opt/lnbits/.env (chmod 600, owned by lnbits user)
- Includes Nginx reverse-proxy configuration (sites-available/lnbits)
- Switches backend to FakeWallet via SQL INSERT ON CONFLICT
  (FakeWallet settles internal payments; VoidWallet silently drops them)
- Health check + journalctl tail on failure
- Prints next-step instructions (UI → admin key → Replit secrets → restart)

## artifacts/api-server/src/lib/lnbits.ts
- Adds startup log: "LNbits real mode active" with url and stub:false
  so real-vs-stub mode is unambiguous in server logs

## artifacts/api-server/src/routes/dev.ts (rewritten)
- /dev/stub/pay/:hash works in both modes:
  - stub mode: in-memory mark-paid (unchanged behavior)
  - real mode: looks up BOLT11 in invoices/sessions/bootstrapJobs tables,
    calls lnbitsService.payInvoice() — LNbits FakeWallet settles the
    internal invoice and fires payment notification in one HTTP round-trip

## routes/{sessions,jobs,bootstrap}.ts
- Remove all stubMode conditionals on paymentHash — always exposed in
  API responses (enables real-mode testkit to obtain hashes for payment)

## Operational evidence (Hermes VPS 143.198.27.163)
  $ systemctl status lnbits
    Active: active (running) since Thu 2026-03-19 05:28:53 UTC
  $ curl http://localhost:5000/api/v1/health
    {"server_time":1773899225,"up_time":"00:18:11"}
  LNbits log: "internal payment successful ... invoice settled"

## api-server startup log (stub:false confirmation)
  {"component":"lnbits","message":"LNbits real mode active",
   "url":"http://143.198.27.163:5000","stub":false}

## Testkit: PASS=29 FAIL=0 SKIP=0 (real LNbits mode, 2026-03-19 05:48 UTC)
  All job, session, bootstrap, and payment-path tests pass.
  Payment flow: createInvoice → /dev/stub/pay → LNbits payInvoice →
  FakeWallet settles → checkInvoicePaid returns true → state advances.
 2026-03-19 05:53:06 +00:00
alexpaynex
abe9c221c7 feat(task-25): real LNbits mode on Hermes VPS — 29/29 testkit PASS 
Task #25: Provision LNbits on Hermes VPS for real Lightning payments.

## Infrastructure (Hermes VPS 143.198.27.163)
- PostgreSQL 16 installed, lnbits DB + user created
- LNbits 0.12.12 installed in /opt/lnbits/.venv (Python 3.11 venv)
- /opt/lnbits/run.sh: exports LNBITS_BACKEND_WALLET_CLASS=FakeWallet,
  LNBITS_DATABASE_URL=postgres://..., starts lnbits on 0.0.0.0:5000
- systemd unit at /etc/systemd/system/lnbits.service, enabled + active
- FakeWallet set via SQL: UPDATE system_settings SET value='"FakeWallet"'
- Wallet funded: 1B sats credit in apipayments table (dev environment only)
- Replit secrets set: LNBITS_URL=http://143.198.27.163:5000, LNBITS_API_KEY=...

## Provisioning runbook
- scripts/hermes-lnbits/provision.sh: idempotent Ubuntu 24.04 setup script
  covering PostgreSQL, venv, run.sh, systemd unit, FakeWallet SQL, health check

## API server code changes (real-mode plumbing)
- lib/lnbits.ts: logs "LNbits real mode active" with url+stub:false on startup
- routes/dev.ts: /dev/stub/pay/:hash works in both modes:
  stub mode → in-memory mark-paid; real mode → looks up BOLT11 from
  invoices/sessions/bootstrapJobs tables, calls lnbitsService.payInvoice()
- routes/sessions.ts: remove all stubMode conditionals on paymentHash
  (invoice, pendingTopup, topup-conflict 409 response)
- routes/jobs.ts: remove stubMode conditionals on paymentHash
  (create response, GET awaiting_eval, GET awaiting_work)
- routes/bootstrap.ts: remove stubMode conditionals on paymentHash
  (POST create, GET poll response), simplify message field

## Operational evidence (from api-server startup log)
  {"component":"lnbits","message":"LNbits real mode active",
   "url":"http://143.198.27.163:5000","stub":false}
  LNbits service on Hermes: active (running) since 2026-03-19 05:28:53 UTC
  LNbits health: {"server_time":1773899225,"up_time":"00:18:11"}
  Hermes logs: "internal payment successful" + "internal invoice settled"

## Testkit: PASS=29 FAIL=0 SKIP=0 (real LNbits mode, 2026-03-19 05:48)
 2026-03-19 05:49:46 +00:00