mynode/setup/setup_device.sh

#!/bin/bash

###
### Setup MyNode (all devices)
### Run with "sudo"
###

set -x
set -e

if [ "$#" != "1" ]; then
    echo "Usage: $0 <ip address | online>"
    exit 1
fi
SERVER_IP=$1

# Determine Device
IS_ARMBIAN=0
IS_ROCK64=0
IS_ROCKPRO64=0
IS_RASPI=0
IS_RASPI3=0
IS_RASPI4=0
IS_RASPI5=0
IS_ROCKPI4=0
IS_X86=0
IS_ARM64=0
IS_32_BIT=0
IS_64_BIT=0
IS_UNKNOWN=0
DEVICE_TYPE="unknown"
MODEL=$(cat /proc/device-tree/model) || IS_UNKNOWN=1
DEBIAN_VERSION=$(lsb_release -c -s) || DEBIAN_VERSION="unknown"
uname -a | grep amd64 && IS_X86=1 && IS_64_BIT=1 && IS_UNKNOWN=0 || true
if [[ $MODEL == *"Rock64"* ]]; then
    IS_ARMBIAN=1
    IS_ROCK64=1
    IS_64_BIT=1
elif [[ $MODEL == *"RockPro64"* ]]; then
    IS_ARMBIAN=1
    IS_ROCKPRO64=1
    IS_64_BIT=1
elif [[ $MODEL == *"Raspberry Pi 3"* ]]; then
    IS_RASPI=1
    IS_RASPI3=1
    IS_32_BIT=1
elif [[ $MODEL == *"Raspberry Pi 4"* ]]; then
    IS_RASPI=1
    IS_RASPI4=1
    IS_32_BIT=1
    UNAME=$(uname -a)
    if [[ $UNAME == *"aarch64"* ]]; then
        IS_ARM64=1
        IS_32_BIT=0
        IS_64_BIT=1
    fi
elif [[ $MODEL == *"Raspberry Pi 5"* ]]; then
    IS_RASPI=1
    IS_RASPI5=1
    IS_ARM64=1
    IS_64_BIT=1
elif [[ $MODEL == *"ROCK Pi 4"* ]]; then
    IS_ARMBIAN=1
    IS_ROCKPI4=1
    IS_64_BIT=1
fi


if [ $IS_UNKNOWN = 1 ]; then
    echo "UNKNOWN DEVICE TYPE"
    exit 1
fi

# Set kernel settings
sysctl -w net.ipv6.conf.all.disable_ipv6=1
sysctl -w net.ipv6.conf.default.disable_ipv6=1
sysctl -w net.ipv6.conf.lo.disable_ipv6=1

# Set DNS for install (old)
#echo "" > /etc/resolv.conf
#echo "nameserver 1.1.1.1" >> /etc/resolv.conf
#echo "nameserver 9.9.9.9" >> /etc/resolv.conf
#echo "nameserver 8.8.8.8" >> /etc/resolv.conf

# Set DNS for install (new)
echo "" >> /etc/dhcp/dhclient.conf
echo "append domain-name-servers 1.1.1.1, 208.67.222.222, 8.8.8.8;" >> /etc/dhcp/dhclient.conf
dhclient -r

# Test DNS resolution issues (may have only seen issues on bad device)
#ping -c 2 raspberrypi.org
#ping -c 2 raspbian.raspberrypi.org
#ping -c 2 pythonhosted.org
#ping -c 2 python.org
#ping -c 2 piwheels.org


# Make sure FS is expanded
if [ $IS_ARMBIAN = 1 ] ; then
    /usr/lib/armbian/armbian-resize-filesystem start
fi
if [ $IS_X86 = 1 ]; then
    apt-get -y install gdisk parted

    X86_ROOT_PARTITION="$(mount | grep ' / ' | cut -d ' ' -f1)"
    X86_DEVICE="$(lsblk -no pkname $X86_ROOT_PARTITION)"
    X86_DEVICE_PATH="/dev/$X86_DEVICE"
    case "$X86_DEVICE" in
        sd* | hd* | vd*)
            # SATA
            X86_PARTITION_NUMBER=$(cat /proc/partitions | grep -c "${X86_DEVICE}[0-9]")
            ;;
        nvme*)
            # NVMe
            X86_PARTITION_NUMBER=$(cat /proc/partitions | grep -c "${X86_DEVICE}p[0-9]")
            ;;            
    esac    
    X86_FDISK_TYPE=$(fdisk -l "$X86_DEVICE_PATH" | grep "Disklabel")
    echo "Root Partition:   $X86_ROOT_PARTITION"
    echo "Root Device:      $X86_DEVICE"
    echo "Root Dev Path:    $X86_DEVICE_PATH"
    echo "Root Partition #: $X86_PARTITION_NUMBER"
    if [[ "$X86_FDISK_TYPE" = *"Disklabel type: gpt"* ]]; then
        if [ "$X86_PARTITION_NUMBER" = "2" ]; then
            sgdisk -e $X86_DEVICE_PATH
            sgdisk -d $X86_PARTITION_NUMBER $X86_DEVICE_PATH
            sgdisk -N $X86_PARTITION_NUMBER $X86_DEVICE_PATH
            partprobe $X86_DEVICE_PATH
            resize2fs $X86_ROOT_PARTITION
        else
            echo "Not resizing - Expected 2 partitions, found $X86_PARTITION_NUMBER"
        fi
    else
        echo "Not resizing - Expected GPT partition"
        echo "$X86_FDISK"
    fi
fi


# Download rootfs
rm -rf /tmp/rootfs.tar.gz
rm -rf /tmp/upgrade/
mkdir -p /tmp/upgrade

TARBALL=""
if [ $IS_ROCK64 = 1 ]; then
    TARBALL="mynode_rootfs_rock64.tar.gz"
elif [ $IS_ROCKPRO64 = 1 ]; then
    TARBALL="mynode_rootfs_rockpro64.tar.gz"
elif [ $IS_RASPI3 = 1 ]; then
    TARBALL="mynode_rootfs_raspi3.tar.gz"
elif [ $IS_RASPI4 = 1 ]; then
    TARBALL="mynode_rootfs_raspi4.tar.gz"
elif [ $IS_RASPI5 = 1 ]; then
    TARBALL="mynode_rootfs_raspi5.tar.gz"
elif [ $IS_ROCKPI4 = 1 ]; then
    TARBALL="mynode_rootfs_rockpi4.tar.gz"
elif [ $IS_X86 = 1 ]; then
    TARBALL="mynode_rootfs_debian.tar.gz"
fi
if [ "$SERVER_IP" == "online" ]; then
    TARBALL="${TARBALL/"mynode_rootfs_"/"mynode_release_latest_"}"
    wget https://mynodebtc.com/device/upgrade_images/${TARBALL} -O /tmp/rootfs.tar.gz
else
    wget http://${SERVER_IP}:8000/${TARBALL} -O /tmp/rootfs.tar.gz
fi

# Extract rootfs (so we can reference temporary files)
tar -xvf /tmp/rootfs.tar.gz -C /tmp/upgrade/
TMP_INSTALL_PATH="/tmp/upgrade/out/rootfs_*"

# Setup some dependencies
mkdir -p /usr/share/mynode/
cp -f /tmp/upgrade/out/rootfs_*/usr/share/mynode/mynode_device_info.sh /usr/share/mynode/mynode_device_info.sh
cp -f /tmp/upgrade/out/rootfs_*/usr/share/mynode/mynode_config.sh /usr/share/mynode/mynode_config.sh
cp -f /tmp/upgrade/out/rootfs_*/usr/share/mynode/mynode_functions.sh /usr/share/mynode/mynode_functions.sh
cp -f /tmp/upgrade/out/rootfs_*/usr/bin/mynode-get-device-serial /usr/bin/mynode-get-device-serial

# Source file containing app versions
source /tmp/upgrade/out/rootfs_*/usr/share/mynode/mynode_app_versions.sh

# Update SD card
mkdir -p /etc/torrc.d

# Set admin password to bolt
useradd -p $(openssl passwd -1 bolt) -m -s /bin/bash admin || true

# Initialize Users
/bin/bash $TMP_INSTALL_PATH/usr/bin/mynode_initialize_users.sh

# Setup bitcoin user folders
mkdir -p /home/bitcoin/.mynode/
chown bitcoin:bitcoin /home/bitcoin
chown -R bitcoin:bitcoin /home/bitcoin/.mynode/

# Update host info
echo "mynode" > /etc/hostname
sed -i 's/rock64/mynode/g' /etc/hosts
sed -i 's/rockpi4-b/mynode/g' /etc/hosts

# Update sources
apt-get -y update --allow-releaseinfo-change

# Add sources
apt-get -y install apt-transport-https curl gnupg ca-certificates
# Tor (arm32 support was dropped)
if [ $IS_64_BIT = 1 ]; then
    grep -qxF "deb https://deb.torproject.org/torproject.org ${DEBIAN_VERSION} main" /etc/apt/sources.list  || echo "deb https://deb.torproject.org/torproject.org ${DEBIAN_VERSION} main" >> /etc/apt/sources.list
    grep -qxF "deb-src https://deb.torproject.org/torproject.org ${DEBIAN_VERSION} main" /etc/apt/sources.list  || echo "deb-src https://deb.torproject.org/torproject.org ${DEBIAN_VERSION} main" >> /etc/apt/sources.list
fi
if [ "$DEBIAN_VERSION" = "buster" ]; then
    # Migrate old buster backports to archive
    sed -i 's|deb.debian.org/debian buster-backports|archive.debian.org/debian buster-backports|g' /etc/apt/sources.list
    # Add backports repo
    grep -qxF "deb http://archive.debian.org/debian buster-backports main" /etc/apt/sources.list  || echo "deb http://archive.debian.org/debian buster-backports main" >> /etc/apt/sources.list
fi
# Add I2P Repo
/bin/bash $TMP_INSTALL_PATH/usr/share/mynode/scripts/add_i2p_repo.sh

# Import Keys
curl https://keybase.io/roasbeef/pgp_keys.asc | gpg --import
curl https://keybase.io/bitconner/pgp_keys.asc | gpg --import
curl https://keybase.io/guggero/pgp_keys.asc | gpg --import # Pool
curl https://raw.githubusercontent.com/JoinMarket-Org/joinmarket-clientserver/master/pubkeys/AdamGibson.asc | gpg --import
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 01EA5486DE18A882D4C2684590C8019E36C2E964
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys E777299FC265DD04793070EB944D35F9AC3DB76A # Bitcoin - Michael Ford (fanquake)
curl https://keybase.io/suheb/pgp_keys.asc | gpg --import
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys DE23E73BFA8A0AD5587D2FCDE80D2F3F311FD87E # Loop (abosworth)
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 9FC6B0BFD597A94DBF09708280E5375C094198D8 # Loop (bhandras)
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 26984CB69EB8C4A26196F7A4D7D916376026F177 # Lightning Terminal
gpg --keyserver hkps://keyserver.ubuntu.com --recv-keys 187F6ADD93AE3B0CF335AA6AB984570980684DCC # Lightning Terminal
wget -q https://deb.torproject.org/torproject.org/A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89.asc -O- | apt-key add - # Tor
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 648ACFD622F3D138     # Debian Backports
gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0E98404D386FA1D9     # Debian Backports
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 74A941BA219EC810   # Tor
apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 66F6C87B98EBCFE2   # I2P (R4SAS)

# Update OS
apt -y update # Needed to accept new repos
apt-get -y update

# Freeze any packages we don't want to update
if [ $IS_X86 = 1 ]; then
    apt-mark hold grub*
fi
#apt-mark hold redis-server

# Upgrade packages
apt-get -y upgrade

# Install other tools (run section multiple times to make sure success)
export DEBIAN_FRONTEND=noninteractive
apt-get -y install apt-transport-https lsb-release
apt-get -y install htop git curl bash-completion jq dphys-swapfile lsof libzmq3-dev
apt-get -y install build-essential python3-dev python3-pip python3-grpcio
apt-get -y install transmission-cli fail2ban ufw tclsh redis-server
apt-get -y install clang hitch zlib1g-dev libffi-dev file toilet ncdu
apt-get -y install toilet-fonts avahi-daemon figlet libsecp256k1-dev
apt-get -y install inotify-tools libssl-dev tor tmux screen fonts-dejavu
apt-get -y install pv sysstat network-manager rsync parted unzip pkg-config
apt-get -y install libfreetype6-dev libpng-dev libatlas-base-dev libgmp-dev libltdl-dev
apt-get -y install libffi-dev libssl-dev python3-bottle automake libtool libltdl7
apt -y -qq install apt-transport-https ca-certificates
apt-get -y install libevent-dev ncurses-dev
apt-get -y install zlib1g-dev libudev-dev libusb-1.0-0-dev python3-venv gunicorn
apt-get -y install sqlite3 libsqlite3-dev torsocks python3-requests libsystemd-dev
apt-get -y install libjpeg-dev zlib1g-dev psmisc hexyl libbz2-dev liblzma-dev netcat-openbsd
apt-get -y install hdparm iotop nut obfs4proxy libpq-dev socat btrfs-progs i2pd apparmor pass
apt-get -y install gdisk xxd

# Install Java
apt-get -y install default-jre

# Install packages dependent on Debian release
if [ "$DEBIAN_VERSION" == "bullseye" ]; then
    apt-get -y install wireguard
elif [ "$DEBIAN_VERSION" == "bookworm" ]; then
    apt-get -y install wireguard
elif [ "$DEBIAN_VERSION" == "buster" ]; then
    apt-get -y -t buster-backports install wireguard
else
    echo "========================================="
    echo "== UNKNOWN DEBIAN VERSION: $DEBIAN_VERSION"
    echo "== SOME APPS MAY NOT WORK PROPERLY"
    echo "========================================="
fi

# Install Openbox GUI
if [ $IS_X86 = 1 ]; then
    apt-get -y install xorg chromium openbox lightdm
fi

# Install device specific packages
if [ $IS_X86 = 1 ]; then
    apt-get -y install cloud-init
    apt-get -y install intel-microcode || true
fi
if [ $IS_ARMBIAN = 1 ] ; then
    apt-get -y install systemd-timesyncd
    timedatectl set-ntp true
fi

# Make sure some software is removed
apt-get -y purge ntp # (conflicts with systemd-timedatectl)
apt-get -y purge chrony # (conflicts with systemd-timedatectl)


# Install other things without recommendation
apt-get -y install --no-install-recommends expect


# Install nginx
mkdir -p /var/log/nginx
apt-get -y install nginx || true
apt-get -y install libnginx-mod-stream || true
# Install may fail, so we need to edit the default config file and reconfigure
rm -f /etc/nginx/modules-enabled/50-mod-* || true
echo "" > /etc/nginx/sites-available/default
dpkg --configure -a

# Cleanup apt-get cache to save some space
apt-get clean

# Update users
usermod -a -G debian-tor bitcoin

# Make admin a member of bitcoin
adduser admin bitcoin
adduser joinmarket bitcoin
grep "joinmarket" /etc/sudoers || (echo 'joinmarket ALL=(ALL) NOPASSWD:ALL' | EDITOR='tee -a' visudo)


# Install Go
GO_ARCH="unknown"
if [ "$DEVICE_ARCH" == "armv7l" ]; then
    GO_ARCH="armv6l"
elif [ "$DEVICE_ARCH" == "aarch64" ]; then
    GO_ARCH="arm64"
elif [ "$DEVICE_ARCH" == "x86_64" ]; then
    GO_ARCH="amd64"
fi
GO_UPGRADE_URL=https://go.dev/dl/go$GO_VERSION.linux-$GO_ARCH.tar.gz
CURRENT=""
if [ -f $GO_VERSION_FILE ]; then
    CURRENT=$(cat $GO_VERSION_FILE)
fi
if [ "$CURRENT" != "$GO_VERSION" ]; then
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $GO_UPGRADE_URL -O go.tar.gz
    rm -rf /usr/local/go && tar -C /usr/local -xzf go.tar.gz

    # Mark current version
    echo $GO_VERSION > $GO_VERSION_FILE
fi
echo "export GOBIN=/usr/local/go/bin; PATH=\$PATH:/usr/local/go/bin" > /etc/profile.d/go.sh
grep -qxF '. /etc/profile.d/go.sh' /root/.bashrc || echo '. /etc/profile.d/go.sh' >> /root/.bashrc


# Install Rust (only needed on 32-bit RPi for building some python wheels)
if [ ! -f $HOME/.cargo/env ]; then
    wget https://sh.rustup.rs -O /tmp/setup_rust.sh
    /bin/bash /tmp/setup_rust.sh -y --default-toolchain none
    sync
fi
if [ -f $HOME/.cargo/env ]; then
    # Remove old toolchains
    source $HOME/.cargo/env
    TOOLCHAINS=$(rustup toolchain list)
    for toolchain in $TOOLCHAINS; do
        if [[ "$toolchain" == *"linux"* ]] && [[ "$toolchain" != *"${RUST_VERSION}"* ]]; then
            rustup toolchain remove $toolchain || true
        fi
    done
    # Manage rust toolchains
    if [ $IS_RASPI = 1 ] && [ $IS_ARM64 = 0 ]; then
        # Install and use desired version
        rustup install $RUST_VERSION
        rustup default $RUST_VERSION
        rustc --version
    fi
fi


# Install Python3 (latest)
CURRENT_PYTHON3_VERSION=$(python3 --version)
if [[ "$CURRENT_PYTHON3_VERSION" != *"Python ${PYTHON_VERSION}"* ]]; then
    mkdir -p /opt/download
    cd /opt/download
    rm -rf Python-*

    wget https://www.python.org/ftp/python/${PYTHON_VERSION}/Python-${PYTHON_VERSION}.tar.xz -O python.tar.xz
    tar xf python.tar.xz

    cd Python-*
    ./configure
    make -j4
    make install
    cd ~
else
    echo "Python up to date"
fi

# Add to python path
[ -d /usr/local/lib/python2.7/dist-packages ] && echo "/var/pynode" > /usr/local/lib/python2.7/dist-packages/pynode.pth
[ -d /usr/local/lib/python3.7/site-packages ] && echo "/var/pynode" > /usr/local/lib/python3.7/site-packages/pynode.pth
[ -d /usr/local/lib/python3.8/site-packages ] && echo "/var/pynode" > /usr/local/lib/python3.8/site-packages/pynode.pth


# Install Python3 specific tools
pip3 install --upgrade pip wheel setuptools

pip3 install -r $TMP_INSTALL_PATH/usr/share/mynode/mynode_pip3_requirements.txt --no-cache-dir || \
    pip3 install -r $TMP_INSTALL_PATH/usr/share/mynode/mynode_pip3_requirements.txt --no-cache-dir --use-deprecated=html5lib

# For RP4 32-bit, install specific grpcio version known to build (uses proper glibc for wheel)
if [ $IS_32_BIT = 1 ]; then
    pip3 install grpcio==$PYTHON_ARM32_GRPCIO_VERSION grpcio-tools==$PYTHON_ARM32_GRPCIO_VERSION
fi


# Install node
if [ ! -f /tmp/installed_node ]; then
    curl -sL https://deb.nodesource.com/setup_$NODE_JS_VERSION | bash -
    apt-get install -y nodejs
    touch /tmp/installed_node
fi

# Install docker
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg | gpg --batch --yes --dearmor -o /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian \
  $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get update --allow-releaseinfo-change
apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin || true

# Use systemd for managing docker
rm -f /etc/init.d/docker
rm -f /etc/systemd/system/multi-user.target.wants/docker.service
systemctl -f enable docker.service

groupadd docker || true
usermod -aG docker admin
usermod -aG docker bitcoin
usermod -aG docker root

# Install node packages
npm install -g pug-cli browserify uglify-js babel-cli
npm install -g npm@$NODE_NPM_VERSION
npm install -g yarn

# Install Log2Ram
if [ $IS_RASPI = 1 ] || [ $IS_X86 = 1 ]; then
    if [ ! -f /usr/local/bin/log2ram ]; then
        cd /tmp
        rm -rf log2ram* || true
        wget https://github.com/azlux/log2ram/archive/v1.2.2.tar.gz -O log2ram.tar.gz
        tar -xvf log2ram.tar.gz
        mv log2ram-* log2ram
        cd log2ram
        chmod +x install.sh
        service log2ram stop || true
        ./install.sh || true
        cd ~
    fi
fi


# Remove existing MOTD login info
rm -rf /etc/motd
rm -rf /etc/update-motd.d/*

#########################################################


# Install Bitcoin
ARCH="UNKNOWN"
if [ $IS_RASPI = 1 ]; then
    ARCH="arm-linux-gnueabihf"
    if [ $IS_ARM64 = 1 ]; then
        ARCH="aarch64-linux-gnu"
    fi
elif [ $IS_ROCK64 = 1 ] || [ $IS_ROCKPRO64 = 1 ] || [ $IS_ROCKPI4 = 1 ]; then
    ARCH="aarch64-linux-gnu"
elif [ $IS_X86 = 1 ]; then
    ARCH="x86_64-linux-gnu"
else
    echo "Unknown Bitcoin Version"
    exit 1
fi
BTC_UPGRADE_URL=https://bitcoincore.org/bin/bitcoin-core-$BTC_VERSION/bitcoin-$BTC_VERSION-$ARCH.tar.gz
BTC_UPGRADE_SHA256SUM_URL=https://bitcoincore.org/bin/bitcoin-core-$BTC_VERSION/SHA256SUMS
BTC_UPGRADE_SHA256SUM_ASC_URL=https://bitcoincore.org/bin/bitcoin-core-$BTC_VERSION/SHA256SUMS.asc
BTC_CLI_COMPLETION_URL=https://raw.githubusercontent.com/bitcoin/bitcoin/v$BTC_VERSION/contrib/completions/bash/bitcoin-cli.bash
CURRENT=""
if [ -f $BTC_VERSION_FILE ]; then
    CURRENT=$(cat $BTC_VERSION_FILE)
fi
if [ "$CURRENT" != "$BTC_VERSION" ]; then
    # Download and install Bitcoin
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $BTC_UPGRADE_URL
    wget $BTC_UPGRADE_SHA256SUM_URL -O SHA256SUMS
    wget $BTC_UPGRADE_SHA256SUM_ASC_URL -O SHA256SUMS.asc

    sha256sum --ignore-missing --check SHA256SUMS
    gpg --verify SHA256SUMS.asc SHA256SUMS |& grep "gpg: Good signature"

    # Install Bitcoin
    tar -xvf bitcoin-$BTC_VERSION-$ARCH.tar.gz
    mv bitcoin-$BTC_VERSION bitcoin
    install -m 0755 -o root -g root -t /usr/local/bin bitcoin/bin/*
    
    if [ ! -L /home/bitcoin/.bitcoin ]; then
        sudo -u bitcoin ln -s /mnt/hdd/mynode/bitcoin /home/bitcoin/.bitcoin
    fi
    if [ ! -L /home/bitcoin/.lnd ]; then
        sudo -u bitcoin ln -s /mnt/hdd/mynode/lnd /home/bitcoin/.lnd
    fi
    mkdir -p /home/admin/.bitcoin
    echo $BTC_VERSION > $BTC_VERSION_FILE

    # Install bash-completion for bitcoin-cli
    wget $BTC_CLI_COMPLETION_URL -O bitcoin-cli.bash
    sudo cp bitcoin-cli.bash /etc/bash_completion.d/bitcoin-cli
fi
cd ~

# Install Lightning
LND_ARCH="lnd-linux-armv7"
if [ $IS_X86 = 1 ]; then
    LND_ARCH="lnd-linux-amd64"
fi
if [ $IS_ARM64 = 1 ] || [ $IS_ROCK64 = 1 ] || [ $IS_ROCKPRO64 = 1 ] || [ $IS_ROCKPI4 = 1 ]; then
    LND_ARCH="lnd-linux-arm64"
fi
LND_UPGRADE_URL=https://github.com/lightningnetwork/lnd/releases/download/$LND_VERSION/$LND_ARCH-$LND_VERSION.tar.gz
LNCLI_COMPLETION_URL=https://raw.githubusercontent.com/lightningnetwork/lnd/$LND_VERSION/contrib/lncli.bash-completion

CURRENT=""
if [ -f $LND_VERSION_FILE ]; then
    CURRENT=$(cat $LND_VERSION_FILE)
fi
if [ "$CURRENT" != "$LND_VERSION" ]; then
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $LND_UPGRADE_URL
    wget $LND_UPGRADE_MANIFEST_URL -O manifest.txt
    wget $LND_UPGRADE_MANIFEST_ROASBEEF_SIG_URL -O manifest_roasbeef.txt.sig || true
    wget $LND_UPGRADE_MANIFEST_GUGGERO_SIG_URL -O manifest_guggero.txt.sig || true

    gpg --verify manifest_roasbeef.txt.sig manifest.txt || \
    gpg --verify manifest_guggero.txt.sig manifest.txt

    tar -xzf lnd-*.tar.gz
    mv $LND_ARCH-$LND_VERSION lnd
    install -m 0755 -o root -g root -t /usr/local/bin lnd/*
    ln -s /bin/ip /usr/bin/ip || true

    echo $LND_VERSION > $LND_VERSION_FILE

    # Download bash-completion file for lncli
    wget $LNCLI_COMPLETION_URL
    sudo cp lncli.bash-completion /etc/bash_completion.d/lncli
fi
cd ~

# Install Loop
echo "Installing loop..."
LOOP_ARCH="loop-linux-armv7"
if [ $IS_X86 = 1 ]; then
    LOOP_ARCH="loop-linux-amd64"
fi
if [ $IS_ARM64 = 1 ]; then
    LOOP_ARCH="loop-linux-arm64"
fi
LOOP_UPGRADE_URL=https://github.com/lightninglabs/loop/releases/download/$LOOP_VERSION/$LOOP_ARCH-$LOOP_VERSION.tar.gz
CURRENT=""
if [ -f $LOOP_VERSION_FILE ]; then
    CURRENT=$(cat $LOOP_VERSION_FILE)
fi
if [ "$CURRENT" != "$LOOP_VERSION" ]; then
    # Download and install Loop
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $LOOP_UPGRADE_URL
    wget $LOOP_UPGRADE_MANIFEST_URL -O manifest.txt
    wget $LOOP_UPGRADE_MANIFEST_SIG_URL -O manifest.txt.sig

    gpg --verify manifest.txt.sig manifest.txt
    if [ $? == 0 ]; then
        # Install Loop
        tar -xzf loop-*.tar.gz
        mv $LOOP_ARCH-$LOOP_VERSION loop
        install -m 0755 -o root -g root -t /usr/local/bin loop/*

        # Mark current version
        echo $LOOP_VERSION > $LOOP_VERSION_FILE
    else
        echo "ERROR UPGRADING LND - GPG FAILED"
    fi
fi

# Install Pool
echo "Installing pool..."
POOL_ARCH="pool-linux-armv7"
if [ $IS_X86 = 1 ]; then
    POOL_ARCH="pool-linux-amd64"
fi
if [ $IS_ARM64 = 1 ]; then
    POOL_ARCH="pool-linux-arm64"
fi
POOL_UPGRADE_URL=https://github.com/lightninglabs/pool/releases/download/$POOL_VERSION/$POOL_ARCH-$POOL_VERSION.tar.gz
CURRENT=""
if [ -f $POOL_VERSION_FILE ]; then
    CURRENT=$(cat $POOL_VERSION_FILE)
fi
if [ "$CURRENT" != "$POOL_VERSION" ]; then
    # Download and install pool
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $POOL_UPGRADE_URL
    wget $POOL_UPGRADE_MANIFEST_URL -O manifest.txt
    wget $POOL_UPGRADE_MANIFEST_SIG_URL -O manifest.txt.sig

    gpg --verify manifest.txt.sig manifest.txt
    if [ $? == 0 ]; then
        # Install Pool
        tar -xzf pool-*.tar.gz
        mv $POOL_ARCH-$POOL_VERSION pool
        install -m 0755 -o root -g root -t /usr/local/bin pool/*

        # Mark current version
        echo $POOL_VERSION > $POOL_VERSION_FILE
    else
        echo "ERROR UPGRADING POOL - GPG FAILED"
    fi
fi

# Install Lightning Terminal
echo "Installing lit..."
LIT_ARCH="lightning-terminal-linux-armv7"
if [ $IS_X86 = 1 ]; then
    LIT_ARCH="lightning-terminal-linux-amd64"
fi
if [ $IS_ARM64 = 1 ]; then
    LIT_ARCH="lightning-terminal-linux-arm64"
fi
LIT_UPGRADE_URL=https://github.com/lightninglabs/lightning-terminal/releases/download/$LIT_VERSION/$LIT_ARCH-$LIT_VERSION.tar.gz
CURRENT=""
if [ -f $LIT_VERSION_FILE ]; then
    CURRENT=$(cat $LIT_VERSION_FILE)
fi
if [ "$CURRENT" != "$LIT_VERSION" ]; then
    # Download and install lit
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $LIT_UPGRADE_URL
    wget $LIT_UPGRADE_MANIFEST_URL -O manifest.txt
    wget $LIT_UPGRADE_MANIFEST_SIG_URL  -O manifest.txt.sig

    gpg --verify manifest.txt.sig manifest.txt
    if [ $? == 0 ]; then
        # Install lit
        tar -xzf lightning-terminal-*.tar.gz
        mv $LIT_ARCH-$LIT_VERSION lightning-terminal
        install -m 0755 -o root -g root -t /usr/local/bin lightning-terminal/lit*

        # Mark current version
        echo $LIT_VERSION > $LIT_VERSION_FILE
    else
        echo "ERROR UPGRADING LIT - GPG FAILED"
    fi
fi
cd ~

# Upgrade Lightning Chantools
echo "Upgrading chantools..."
CHANTOOLS_ARCH="chantools-linux-armv7"
if [ $IS_X86 = 1 ]; then
    CHANTOOLS_ARCH="chantools-linux-amd64"
fi
if [ $IS_ARM64 = 1 ]; then
    CHANTOOLS_ARCH="chantools-linux-arm64"
fi
CHANTOOLS_UPGRADE_URL=https://github.com/lightninglabs/chantools/releases/download/$CHANTOOLS_VERSION/$CHANTOOLS_ARCH-$CHANTOOLS_VERSION.tar.gz
CURRENT=""
if [ -f $CHANTOOLS_VERSION_FILE ]; then
    CURRENT=$(cat $CHANTOOLS_VERSION_FILE)
fi
if [ "$CURRENT" != "$CHANTOOLS_VERSION" ]; then
    # Download and install lit
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download

    wget $CHANTOOLS_UPGRADE_URL
    wget $CHANTOOLS_UPGRADE_MANIFEST_URL -O manifest.txt
    wget $CHANTOOLS_UPGRADE_MANIFEST_SIG_URL  -O manifest.txt.sig

    gpg --verify manifest.txt.sig manifest.txt
    if [ $? == 0 ]; then
        # Install lit
        tar -xzf chantools-*.tar.gz
        mv $CHANTOOLS_ARCH-$CHANTOOLS_VERSION chantools
        install -m 0755 -o root -g root -t /usr/local/bin chantools/chantools

        # Mark current version
        echo $CHANTOOLS_VERSION > $CHANTOOLS_VERSION_FILE
    else
        echo "ERROR UPGRADING CHANTOOLS - GPG FAILED"
    fi
fi
cd ~


# Setup "install" location for some apps
mkdir -p /opt/mynode
chown -R bitcoin:bitcoin /opt/mynode


# Install LND Hub
# Skip - no longer default app

# Install Caravan
# Skip - no longer default app


# Install cors proxy (my fork)
CORSPROXY_UPGRADE_URL=https://github.com/tehelsper/CORS-Proxy/archive/$CORSPROXY_VERSION.tar.gz
CURRENT=""
if [ -f $CORSPROXY_VERSION_FILE ]; then
    CURRENT=$(cat $CORSPROXY_VERSION_FILE)
fi
if [ "$CURRENT" != "$CORSPROXY_VERSION" ]; then
    cd /opt/mynode
    rm -rf corsproxy

    rm -f corsproxy.tar.gz
    wget $CORSPROXY_UPGRADE_URL -O corsproxy.tar.gz
    tar -xzf corsproxy.tar.gz
    rm -f corsproxy.tar.gz
    mv CORS-* corsproxy

    cd corsproxy
    npm install
    echo $CORSPROXY_VERSION > $CORSPROXY_VERSION_FILE
fi
cd ~


# Install Electrs (just mark version, now included in overlay)
echo $ELECTRS_VERSION > $ELECTRS_VERSION_FILE


# Install recent version of secp256k1
echo "Installing secp256k1..."
SECP256K1_UPGRADE_URL=https://github.com/bitcoin-core/secp256k1/archive/$SECP256K1_VERSION.tar.gz
CURRENT=""
if [ -f $SECP256K1_VERSION_FILE ]; then
    CURRENT=$(cat $SECP256K1_VERSION_FILE)
fi
if [ "$CURRENT" != "$SECP256K1_VERSION" ]; then
    rm -rf /tmp/secp256k1
    cd /tmp/
    git clone https://github.com/bitcoin-core/secp256k1.git
    cd secp256k1

    ./autogen.sh
    ./configure --enable-module-recovery --disable-jni --enable-experimental --enable-module-ecdh --enable-benchmark=no
    make
    make install
    cp -f include/* /usr/include/

    echo $SECP256K1_VERSION > $SECP256K1_VERSION_FILE
fi

echo "Installing JoinInBox..."
if [ $IS_RASPI = 1 ] || [ $IS_X86 = 1 ]; then
    JOININBOX_UPGRADE_URL=https://github.com/openoms/joininbox/archive/$JOININBOX_VERSION.tar.gz
    CURRENT=""
    if [ -f $JOININBOX_VERSION_FILE ]; then
        CURRENT=$(cat $JOININBOX_VERSION_FILE)
    fi
    if [ "$CURRENT" != "$JOININBOX_VERSION" ]; then
        # Download and build JoinInBox
        cd /home/joinmarket
        
        # Delete all non-hidden files
        rm -rf *
        rm -rf joininbox-*

        sudo -u joinmarket wget $JOININBOX_UPGRADE_URL -O joininbox.tar.gz
        sudo -u joinmarket tar -xvf joininbox.tar.gz
        sudo -u joinmarket rm joininbox.tar.gz
        mv joininbox-* joininbox

        chmod -R +x ./joininbox/
        sudo -u joinmarket cp -rf ./joininbox/scripts/* .

        # Use Python3.7 on RP4 32-bit
        JM_ENV_VARS=""
        if [ $IS_32_BIT = 1 ]; then
            JM_ENV_VARS="export JM_PYTHON=python3.7; "
        fi

        # Install
        sudo -u joinmarket bash -c "cd /home/joinmarket/; ${JM_ENV_VARS} ./install.joinmarket.sh --install install" || true
        sudo -u joinmarket bash -c "cd /home/joinmarket/; ${JM_ENV_VARS} ./install.joinmarket-api.sh on" || true

        # Cleanup apt-get cache to save some space
        apt-get clean
            
        # Enable obwatcher at the end of setup_device.sh

        echo $JOININBOX_VERSION > $JOININBOX_VERSION_FILE
    fi
fi


# Install RTL
RTL_UPGRADE_URL=https://github.com/Ride-The-Lightning/RTL/archive/$RTL_VERSION.tar.gz
RTL_UPGRADE_ASC_URL=https://github.com/Ride-The-Lightning/RTL/releases/download/$RTL_VERSION/$RTL_VERSION.tar.gz.asc
CURRENT=""
if [ -f $RTL_VERSION_FILE ]; then
    CURRENT=$(cat $RTL_VERSION_FILE)
fi
if [ "$CURRENT" != "$RTL_VERSION" ]; then
    cd /opt/mynode
    rm -rf RTL

    sudo -u bitcoin wget $RTL_UPGRADE_URL -O RTL.tar.gz
    #sudo -u bitcoin wget $RTL_UPGRADE_ASC_URL -O RTL.tar.gz.asc

    #gpg --verify RTL.tar.gz.asc RTL.tar.gz

    sudo -u bitcoin tar -xvf RTL.tar.gz
    sudo -u bitcoin rm RTL.tar.gz
    sudo -u bitcoin mv RTL-* RTL
    cd RTL
    sudo -u bitcoin NG_CLI_ANALYTICS=false npm install --only=production --legacy-peer-deps

    echo $RTL_VERSION > $RTL_VERSION_FILE
fi


# Install BTC RPC Explorer
BTCRPCEXPLORER_UPGRADE_URL=https://github.com/janoside/btc-rpc-explorer/archive/$BTCRPCEXPLORER_VERSION.tar.gz
CURRENT=""
if [ -f $BTCRPCEXPLORER_VERSION_FILE ]; then
    CURRENT=$(cat $BTCRPCEXPLORER_VERSION_FILE)
fi
if [ "$CURRENT" != "$BTCRPCEXPLORER_VERSION" ]; then
    cd /opt/mynode
    rm -rf btc-rpc-explorer
    sudo -u bitcoin wget $BTCRPCEXPLORER_UPGRADE_URL -O btc-rpc-explorer.tar.gz
    sudo -u bitcoin tar -xvf btc-rpc-explorer.tar.gz
    sudo -u bitcoin rm btc-rpc-explorer.tar.gz
    sudo -u bitcoin mv btc-rpc-* btc-rpc-explorer
    cd btc-rpc-explorer
    sudo -u bitcoin npm install --only=production

    echo $BTCRPCEXPLORER_VERSION > $BTCRPCEXPLORER_VERSION_FILE
fi


# Upgrade Specter Desktop
CURRENT=""
if [ -f $SPECTER_VERSION_FILE ]; then
    CURRENT=$(cat $SPECTER_VERSION_FILE)
fi
if [ "$CURRENT" != "$SPECTER_VERSION" ]; then
    cd /opt/mynode
    rm -rf specter
    mkdir -p specter
    chown -R bitcoin:bitcoin specter
    cd specter

    # Make venv
    if [ ! -d env ]; then
        sudo -u bitcoin python3 -m venv env
    fi
    source env/bin/activate
    pip3 install ecdsa===0.13.3
    pip3 install cryptoadvance.specter===$SPECTER_VERSION --upgrade
    deactivate

    echo $SPECTER_VERSION > $SPECTER_VERSION_FILE
fi


# Upgrade Thunderhub
THUNDERHUB_UPGRADE_URL=https://github.com/apotdevin/thunderhub/archive/$THUNDERHUB_VERSION.tar.gz
CURRENT=""
if [ -f $THUNDERHUB_VERSION_FILE ]; then
    CURRENT=$(cat $THUNDERHUB_VERSION_FILE)
fi
if [ "$CURRENT" != "$THUNDERHUB_VERSION" ]; then
    cd /opt/mynode
    rm -rf thunderhub
    sudo -u bitcoin wget $THUNDERHUB_UPGRADE_URL -O thunderhub.tar.gz
    sudo -u bitcoin tar -xvf thunderhub.tar.gz
    sudo -u bitcoin rm thunderhub.tar.gz
    sudo -u bitcoin mv thunderhub-* thunderhub
    cd thunderhub

    # Patch versions
    #sed -i 's/\^5.3.5/5.3.3/g' package.json || true     # Fixes segfault with 5.3.5 on x86

    sudo -u bitcoin npm install # --only=production # (can't build with only production)
    sudo -u bitcoin npm run build
    sudo -u bitcoin npx next telemetry disable

    # Setup symlink to service files
    rm -f /opt/mynode/thunderhub/.env.local
    sudo ln -s /mnt/hdd/mynode/thunderhub/.env.local /opt/mynode/thunderhub/.env.local

    echo $THUNDERHUB_VERSION > $THUNDERHUB_VERSION_FILE
fi


# Install LND Connect
LNDCONNECTARCH="lndconnect-linux-armv7"
if [ $IS_X86 = 1 ]; then
    LNDCONNECTARCH="lndconnect-linux-amd64"
fi
LNDCONNECT_UPGRADE_URL=https://github.com/LN-Zap/lndconnect/releases/download/v0.2.0/$LNDCONNECTARCH-$LNDCONNECT_VERSION.tar.gz
CURRENT=""
if [ -f $LNDCONNECT_VERSION_FILE ]; then
    CURRENT=$(cat $LNDCONNECT_VERSION_FILE)
fi
if [ "$CURRENT" != "$LNDCONNECT_VERSION" ]; then
    rm -rf /opt/download
    mkdir -p /opt/download
    cd /opt/download
    wget $LNDCONNECT_UPGRADE_URL -O lndconnect.tar.gz
    tar -xvf lndconnect.tar.gz
    rm lndconnect.tar.gz
    mv lndconnect-* lndconnect
    install -m 0755 -o root -g root -t /usr/local/bin lndconnect/*

    echo $LNDCONNECT_VERSION > $LNDCONNECT_VERSION_FILE
fi


# Install ngrok for debugging
if [ ! -f /usr/bin/ngrok  ]; then
    cd /tmp
    NGROK_URL=https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-arm.zip
    if [ $IS_X86 = 1 ]; then
        NGROK_URL=https://bin.equinox.io/c/4VmDzA7iaHb/ngrok-stable-linux-386.zip
    fi
    wget $NGROK_URL
    unzip ngrok-*.zip
    cp ngrok /usr/bin/
fi

# Make sure "Remote Access" apps are marked installed
touch /home/bitcoin/.mynode/install_tor
touch /home/bitcoin/.mynode/install_premium_plus
touch /home/bitcoin/.mynode/install_vpn

# Mark docker images for install (on SD so install occurs after drive attach)
touch /home/bitcoin/.mynode/install_mempool
touch /home/bitcoin/.mynode/install_btcpayserver

# SKIPPING LNBITS - OPTIONAL ALL
# SKIPPING CKBUNKER - OPTIONAL APP
# SKIPPING SPHINX - OPTIONAL APP
# SKIPPING BOS - OPTIONAL APP
# SKIPPING PYBLOCK - OPTIONAL APP
# SKIPPING WARDEN - OPTIONAL APP


# Make sure we are using legacy iptables
update-alternatives --set iptables /usr/sbin/iptables-legacy || true
update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy || true


#########################################################


# Install files (downloaded and extracted earlier)
rsync -r -K /tmp/upgrade/out/rootfs_*/* /
sync
sleep 1


# Mark dynamic applications as defalt application
# ... (none yet)

# Upgrade Dyanmic Applications (must be done after file installation)
# mynode-manage-apps upgrade # not yet working during setup process


# Enable fan control
if [ $IS_ROCKPRO64 = 1 ]; then
    systemctl enable fan_control
fi

# Random Cleanup
rm -rf /opt/download
mkdir -p /opt/download

# Clean apt-cache
apt-get clean

# Setup MyNode Startup Script
systemctl daemon-reload
systemctl enable check_in
systemctl enable premium_plus_connect
systemctl enable background
systemctl enable docker
systemctl enable mynode
systemctl enable quicksync
systemctl enable torrent_check
systemctl enable firewall
systemctl enable bandwidth
systemctl enable www
systemctl enable drive_check
systemctl enable bitcoin
systemctl enable seed_bitcoin_peers
systemctl enable lnd
systemctl enable loop
systemctl enable pool
systemctl enable lit
#systemctl enable lnd_unlock # NOT NECESSARY WITH LND 0.13+
systemctl enable lnd_backup
systemctl enable lnd_admin_files
systemctl enable lndconnect
systemctl enable redis-server
#systemctl enable mongodb
#systemctl enable electrs # DISABLED BY DEFAULT
#systemctl enable lndhub # DISABLED BY DEFAULT
#systemctl enable btcrpcexplorer # DISABLED BY DEFAULT
systemctl enable rtl
systemctl enable tor
systemctl enable invalid_block_check
systemctl enable usb_driver_check
systemctl enable docker_images
systemctl enable glances
#systemctl enable netdata # DISABLED BY DEFAULT
systemctl enable webssh2
systemctl enable rotate_logs
systemctl enable corsproxy_btcrpc
systemctl enable usb_extras
systemctl enable ob-watcher
systemctl enable rathole


# Disable services
systemctl disable hitch || true
systemctl disable mongodb || true
systemctl disable dhcpcd || true
systemctl disable dphys-swapfile || true


# Delete junk
rm -rf /home/admin/download
rm -rf /home/admin/.bash_history
rm -rf /home/bitcoin/.bash_history
rm -rf /root/.bash_history
rm -rf /root/.ssh/known_hosts
rm -rf /etc/resolv.conf
rm -rf /tmp/*
rm -rf ~/setup_device.sh
rm -rf /etc/motd # Remove simple motd for update-motd.d

# Remove default debian stuff
deluser mynode || true
rm -rf /home/mynode || true

# Remove default Pi stuff
deluser pi || true
rm -rf /home/pi || true

# Regenerate MAC address for some Armbian devices
if [ $IS_ROCK64 = 1 ] || [ $IS_ROCKPRO64 = 1 ] ; then
    . /usr/lib/armbian/armbian-common
    CONNECTION="$(nmcli -f UUID,ACTIVE,DEVICE,TYPE connection show --active | tail -n1)"
    UUID=$(awk -F" " '/ethernet/ {print $1}' <<< "${CONNECTION}")
    get_random_mac
    nmcli connection modify $UUID ethernet.cloned-mac-address $MACADDR
    nmcli connection modify $UUID -ethernet.mac-address ""
fi

# Add fsck force to startup for x86
if [ $IS_X86 = 1 ]; then
    sed -i "s/GRUB_CMDLINE_LINUX_DEFAULT=.*/GRUB_CMDLINE_LINUX_DEFAULT=\"quiet fsck.mode=force fsck.repair=yes\"/g" /etc/default/grub
    update-grub
fi

# Add generic boot option if UEFI
if [ -f /boot/efi/EFI/debian/grubx64.efi ]; then
    mkdir -p /boot/efi/EFI/BOOT
    cp -f /boot/efi/EFI/debian/grubx64.efi /boot/efi/EFI/BOOT/bootx64.efi
fi

sync

set +x
echo ""
echo ""
echo "##################################"
echo "          SETUP COMPLETE          "
echo "   Reboot your device to begin!   "
echo "##################################"
echo ""
echo ""

### MAKE IMAGE NOW ###
# This prevents auto gen files like certs to be part of the base image
# Must make sure image can boot after this point and fully come up