3.1 Lightning client: LND

We set up LND, the Lightning Network Daemon by Lightning Labs.

Requirements

Bitcoin Core
Others
- PostgreSQL
- Go! (optional)

Preparations

The installation of LND is straightforward, but the application is quite powerful and capable of things not explained here. Check out their GitHub repository for a wealth of information about their open-source project and Lightning in general.

Configure Bitcoin Core

Before running LND, we need to set up settings in the Bitcoin Core configuration file to enable the LND RPC connection.

sudo nano /data/bitcoin/bitcoin.conf

Add the following lines. Save and exit

# LND RPC connection
zmqpubrawblock=tcp://127.0.0.1:28332
zmqpubrawtx=tcp://127.0.0.1:28333

Restart Bitcoin Core to apply changes

sudo systemctl restart bitcoind

Check Bitcoin Core is enabled zmqpubrawblock and zmqpubrawtx on the 28332 and 28333 port

sudo ss -tulpn | grep LISTEN | grep bitcoind | grep 2833

Expected output:

> tcp   LISTEN 0      100        127.0.0.1:      0.0.0.0:*    users:(("bitcoind",pid=773834,fd=20))
> tcp   LISTEN 0      100        127.0.0.1:      0.0.0.0:*    users:(("bitcoind",pid=773834,fd=22))

Install PostgreSQL

You may want to use the bbolt database backend instead of PostgreSQL, if yes, jump to the next step and follow the Use bbolt database backend section and remember to create the lnd.conf properly with this configuration when you arrive at the configuration section

With user admin, check if you already have PostgreSQL installed

psql -V

Example of expected output:

> psql (PostgreSQL) 15.3 (Ubuntu 15.3-1.pgdg22.04+1)

If you obtain "command not found" outputs, you need to follow the PostgreSQL bonus guide installation progress to install it and then come back to continue with the guide

Create PostgreSQL database

With user admin, create a new database with the postgres user and assign as the owner to the admin user

sudo -u postgres createdb -O admin lndb

Installation

Download binaries

We'll download, verify, and install LND. Navigate to the temporary directory

cd /tmp

Set a temporary version environment variable to the installation

VERSION=0.18.0

Download the application, checksums, and signature

wget https://github.com/lightningnetwork/lnd/releases/download/v$VERSION-beta/lnd-linux-amd64-v$VERSION-beta.tar.gz

wget https://github.com/lightningnetwork/lnd/releases/download/v$VERSION-beta/manifest-v$VERSION-beta.txt.ots

wget https://github.com/lightningnetwork/lnd/releases/download/v$VERSION-beta/manifest-v$VERSION-beta.txt

wget https://github.com/lightningnetwork/lnd/releases/download/v$VERSION-beta/manifest-roasbeef-v$VERSION-beta.sig.ots

wget https://github.com/lightningnetwork/lnd/releases/download/v$VERSION-beta/manifest-roasbeef-v$VERSION-beta.sig

Checksum check

Verify the signed checksum against the actual checksum of your download

sha256sum --check manifest-v$VERSION-beta.txt --ignore-missing

Example of expected output:

> lnd-linux-amd64-v0.16.3-beta.tar.gz: OK

Signature check

Now that we've verified the integrity of the downloaded binary, we need to check the authenticity of the manifest file we just used, starting with its signature.

Get the public key from a LND developer, who signed the manifest file; and add it to your GPG keyring

curl https://raw.githubusercontent.com/lightningnetwork/lnd/master/scripts/keys/roasbeef.asc | gpg --import

Expected output:

>   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
>                                  Dload  Upload   Total   Spent    Left  Speed
> 100  6900  100  6900    0     0  19676      0 --:--:-- --:--:-- --:--:-- 19714
> gpg: key 372CBD7633C61696: "Olaoluwa Osuntokun <[email protected]>" 
> gpg: Total number processed: 1
> gpg:              unchanged: 1

Verify the signature of the text file containing the checksums for the application

gpg --verify manifest-roasbeef-v$VERSION-beta.sig manifest-v$VERSION-beta.txt

Example of expected output:

> gpg: Signature made Mon 13 Nov 2023 11:45:38 PM UTC
> gpg:                using RSA key 60A1FA7DA5BFF08BDCBBE7903BBD59E99B280306
> gpg:  from "Olaoluwa Osuntokun <[email protected]>" [unknown]
> gpg: WARNING: This key is not certified with a trusted signature!
> gpg:          There is no indication that the signature belongs to the owner.
> Primary key fingerprint: E4D8 5299 674B 2D31 FAA1  892E 372C BD76 33C6 1696
>      Subkey fingerprint: 60A1 FA7D A5BF F08B DCBB  E790 3BBD 59E9 9B28 0306

Timestamp check

We can also check that the manifest file was in existence around the time of the release using its timestamp.

Let's verify the timestamp of the file matches the release date

ots --no-cache verify manifest-roasbeef-v$VERSION-beta.sig.ots -f manifest-roasbeef-v$VERSION-beta.sig

Example of expected output:

> Got 1 attestation(s) from https://alice.btc.calendar.opentimestamps.org
> Got 1 attestation(s) from https://btc.calendar.catallaxy.com
> Got 1 attestation(s) from https://finney.calendar.eternitywall.com
> Got 1 attestation(s) from https://bob.btc.calendar.opentimestamps.org
>  Bitcoin block

ots --no-cache verify manifest-v$VERSION-beta.txt.ots -f manifest-v$VERSION-beta.txt

Example of expected output:

> Got 1 attestation(s) from https://alice.btc.calendar.opentimestamps.org
> Got 1 attestation(s) from https://btc.calendar.catallaxy.com
> Got 1 attestation(s) from https://finney.calendar.eternitywall.com
> Got 1 attestation(s) from https://bob.btc.calendar.opentimestamps.org
>  Bitcoin block

Check that the date of the timestamp is close to the release date of the LND binary

Having verified the integrity and authenticity of the release binary, we can safely

tar -xvf lnd-linux-amd64-v$VERSION-beta.tar.gz

Example of expected output:

> lnd-linux-amd64-v0.17.1-beta/lnd
> lnd-linux-amd64-v0.17.1-beta/lncli
> lnd-linux-amd64-v0.17.1-beta/

Binaries installation

Install it

sudo install -m 0755 -o root -g root -t /usr/local/bin lnd-linux-amd64-v$VERSION-beta/lnd lnd-linux-amd64-v$VERSION-beta/lncli

Ensure you are installed by running the version command

lnd --version

Example of expected output:

> lnd version 0.16.3-beta commit=v0.16.3-beta

(Optional) Clean the LND files of the tmp folder

sudo rm -r lnd-linux-amd64-v$VERSION-beta lnd-linux-amd64-v$VERSION-beta.tar.gz manifest-roasbeef-v$VERSION-beta.sig manifest-roasbeef-v$VERSION-beta.sig.ots manifest-v$VERSION-beta.txt manifest-v$VERSION-beta.txt.ots

If you come to update this is the final step

Create the lnd user & group

Create the lnd user and group

sudo adduser --disabled-password --gecos "" lnd

Add the lnd user to the groups "bitcoin" and "debian-tor", allowing to the btcrpcexplorer user read the bitcoind .cookie file and to use the control port configuring Tor directly

sudo usermod -a -G bitcoin,debian-tor lnd

Add the user admin to the group "lnd"

sudo adduser admin lnd

Create data folder

Create the LND data folder

sudo mkdir /data/lnd

Assign as owner the lnd user

sudo chown -R lnd:lnd /data/lnd

Open a lnd user session

sudo su - lnd

Create symbolic links pointing to the LND and bitcoin data directories

ln -s /data/lnd /home/lnd/.lnd

ln -s /data/bitcoin /home/lnd/.bitcoin

Check symbolic links have been created correctly

ls -la

Expected output:

total 20
drwxr-x--- 2 lnd  lnd  4096 Jul 15 20:57 .
drwxr-xr-x 7 root root 4096 Jul 15 20:54 ..
-rw-r--r-- 1 lnd  lnd   220 Jul 15 20:54 .bash_logout
-rw-r--r-- 1 lnd  lnd  3771 Jul 15 20:54 .bashrc
lrwxrwxrwx 1 lnd  lnd    13 Jul 15 20:57 
lrwxrwxrwx 1 lnd  lnd     9 Jul 15 20:56 
-rw-r--r-- 1 lnd  lnd   807 Jul 15 20:54 .profile

Wallet password

LND includes a Bitcoin wallet that manages your onchain and Lightning coins. It is password protected and must be unlocked when LND starts. This creates the dilemma that you either manually unlock LND after each restart of your PC, or store the password somewhere on the node.

For this initial setup, we choose the easy route: we store the password in a file that allows LND to unlock the wallet automatically.

Still as user lnd, create a text file and enter your LND wallet password [C]. Password should have at least 8 characters. Save and exit

nano /data/lnd/password.txt

Tighten access privileges and make the file readable only for user lnd

chmod 600 /data/lnd/password.txt

Configuration

Create the LND configuration file

nano /data/lnd/lnd.conf

Paste the following content (set your alias "<YOUR_FANCY_ALIAS>", your preferred color "<#ff9900>", your minimum channel size "minchansize" , and fees). Save and exit

# MiniBolt: lnd configuration
# /data/lnd/lnd.conf

[Application Options]
# Up to 32 UTF-8 characters, accepts emojis i.e ⚡🧡 https://emojikeyboard.top/
alias=
# You can choose the color you want at https://www.color-hex.com/
color=#ff9900

# Automatically unlock wallet with the password in this file
wallet-unlock-password-file=/data/lnd/password.txt
wallet-unlock-allow-create=true

# The TLS private key will be encrypted to the node's seed
tlsencryptkey=true

# Automatically regenerate certificate when near expiration
tlsautorefresh=true

# Do not include the interface IPs or the system hostname in TLS certificate
tlsdisableautofill=true

## Channel settings
# (Optional) Minimum channel size. Uncomment and set whatever you want
# (default: 20000 sats)


## High fee environment (Optional)
# (default: 10 sat/byte)



## Communication
accept-keysend=true
accept-amp=true

## Rebalancing
allow-circular-route=true

## Performance
gc-canceled-invoices-on-startup=true
gc-canceled-invoices-on-the-fly=true
ignore-historical-gossip-filters=true

[Bitcoin]
bitcoin.mainnet=true
bitcoin.node=bitcoind

# Fee settings - default LND base fee = 1000 (mSat), fee rate = 1 (ppm)
# You can choose whatever you want e.g ZeroFeeRouting (0,0) or ZeroBaseFee (0,X)



# The CLTV delta we will subtract from a forwarded HTLC's timelock value
# (default: 80)


[protocol]
protocol.wumbo-channels=true
protocol.option-scid-alias=true
protocol.simple-taproot-chans=true

[wtclient]
## Watchtower client settings
wtclient.active=true

# (Optional) Specify the fee rate with which justice transactions will be signed
# (default: 10 sat/byte)


[watchtower]
## Watchtower server settings
watchtower.active=true

[routing]
routing.strictgraphpruning=true

[db]
## Database
db.backend=postgres

[postgres]
db.postgres.dsn=postgresql://admin:[email protected]:5432/lndb?sslmode=disable
db.postgres.timeout=0

## High fee environment (Optional)
# (default: CONSERVATIVE) Uncomment the next 2 lines
#[Bitcoind]


[tor]
tor.active=true
tor.v3=true
tor.streamisolation=true

This is a standard configuration. Check the official LND sample-lnd.conf with all possible options if you want to add something special

Exit of the lnd user session to return to the admin user session

exit

Create systemd service

Now, let's set up LND to start automatically on system startup.

As user admin, create LND systemd unit

sudo nano /etc/systemd/system/lnd.service

Enter the following complete content. Save and exit

# MiniBolt: systemd unit for lnd
# /etc/systemd/system/lnd.service

[Unit]
Description=Lightning Network Daemon
Requires=bitcoind.service postgresql.service
After=bitcoind.service postgresql.service

[Service]
ExecStart=/usr/local/bin/lnd
ExecStop=/usr/local/bin/lncli stop

# Process management
####################
Restart=on-failure
RestartSec=60
Type=notify
TimeoutStartSec=1200
TimeoutStopSec=3600

# Directory creation and permissions
####################################
RuntimeDirectory=lightningd
RuntimeDirectoryMode=0710
User=lnd
Group=lnd

# Hardening Measures
####################
PrivateTmp=true
ProtectSystem=full
NoNewPrivileges=true
PrivateDevices=true
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target

Enable autoboot (optional)

sudo systemctl enable lnd

Now, the daemon information is no longer displayed on the command line but is written into the system journal. You can check on it using the following command. You can exit monitoring at any time with Ctrl-C

journalctl -fu lnd

Run

To keep an eye on the software movements, start your SSH program (eg. PuTTY) a second time, connect to the MiniBolt node, and log in as admin

Start the service

sudo systemctl start lnd

Example of expected output on the first terminal with journalctl -fu lnd ⬇️

Jun 05 14:58:50 minibolt systemd[1]: Starting Lightning Network Daemon...
Jun 05 14:58:50 minibolt lnd[124224]: Attempting automatic RPC configuration to bitcoind
Jun 05 14:58:50 minibolt lnd[124224]: Automatically obtained bitcoind's RPC credentials
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.368 [INF] LTND: Version: 0.18.0-beta commit=v0.18.0-beta, build=production, logging=default, debuglevel=info
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.369 [INF] LTND: Active chain: Bitcoin (network=mainnet)
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.369 [INF] RPCS: Generating ephemeral TLS certificates...
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.370 [INF] RPCS: Done generating ephemeral TLS certificates
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.372 [INF] RPCS: RPC server listening on 127.0.0.1:10009
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.394 [INF] RPCS: gRPC proxy started at 127.0.0.1:8080
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.395 [INF] LTND: Opening the main database, this might take a few minutes...
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.615 [INF] LTND: Using remote postgres database! Creating graph and channel state DB instances
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.667 [INF] CHDB: Checking for schema update: latest_version=31, db_version=31
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.669 [INF] CHDB: Checking for optional update: prune_revocation_log=false, db_version=empty
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.700 [INF] LTND: Database(s) now open (time_to_open=305.162267ms)!
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.703 [INF] LTND: Systemd was notified about our readiness
Jun 05 14:58:50 minibolt lnd[124224]: 2024-06-05 14:58:50.703 [INF] LTND: Waiting for wallet encryption password. Use `lncli create` to create a wallet, `lncli unlock` to unlock an existing wallet, or `lncli changepassword` to change the password of an existing wallet and unlock it.

Wallet setup

Once LND is started, the process waits for us to create the integrated Bitcoin onchain wallet.

Change to the lnd user

sudo su - lnd

Create the LND wallet

lncli --tlscertpath /data/lnd/tls.cert.tmp create

Expected output:

Input wallet password:
Confirm password:

Enter your password [C] as wallet password 2 times (it must be the same one you stored in password.txt on the Wallet password step)

Expected output

Do you have an existing cipher seed mnemonic or extended master root key you want to use?
Enter 'y' to use an existing cipher seed mnemonic, 'x' to use an extended master root key
or 'n' to create a new seed (Enter y/x/n):

-> Now, you could have 2 possible scenarios, follow the proper steps depending on your case⬇️

If you are creating a new node and you wish to create a new seed

Press n and enter

If you choose this option, the next step will be choosing the passphrase (optional - press enter to proceed without a cipher seed passphrase**)**

Expected output:

Your cipher seed can optionally be encrypted.
Input your passphrase if you wish to encrypt it (or press enter to proceed without a cipher seed passphrase):

Type the passphrase and press enter [the prompt will request you to enter your password [C] one more time (Confirm password:)] or if you choose not to use the passphrase press enter simply

Example of expected output:

Generating fresh cipher seed...

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

---------------BEGIN LND CIPHER SEED---------------
 1. ability   2. soap    3. album    4. resource
 5. plate     6. fiber   7. immune   8. fringe
[...]

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

lnd successfully initialized!

These 24 words are all that you need (and the channel.backup file in case of disaster recovery) to restore the Bitcoin onchain wallet and possible UTXOs blocked

Write these 24 words down manually on a piece of paper and store it in a safe place

You can use a simple piece of paper, write them on the custom themed Shiftcrypto backup card, or even stamp the seed words into metal

This piece of paper is all an attacker needs to empty your on-chain wallet!

🚫 Do not store it on a computer

🚫 Do not take a picture with your mobile phone

🚫 This information should never be stored anywhere in digital form

This information must be kept secret at all times

Return to the first terminal with journalctl -fu lnd. Example of expected output ⬇️

[...]
Nov 26 19:17:38 minibolt lnd[1004]: 2023-11-26 19:17:38.037 [INF] LNWL: Opened wallet
Nov 26 19:17:38 minibolt lnd[1004]: 2023-11-26 19:17:38.204 [INF] CHRE: Primary chain is set to: bitcoin
Nov 26 19:17:38 minibolt lnd[1004]: 2023-11-26 19:17:38.244 [INF] LNWL: Started listening for bitcoind block notifications via ZMQ on 127.0.0.1:28332
Nov 26 19:17:38 minibolt lnd[1004]: 2023-11-26 19:17:38.245 [INF] CHRE: Initializing bitcoind backed fee estimator in CONSERVATIVE mode
Nov 26 19:17:38 minibolt lnd[1004]: 2023-11-26 19:17:38.244 [INF] LNWL: Started listening for bitcoind transaction notifications via ZMQ on 127.0.0.1:28333
Nov 26 19:17:40 minibolt lnd[1004]: 2023-11-26 19:17:40.576 [INF] LNWL: The wallet has been unlocked without a time limit
Nov 26 19:17:40 minibolt lnd[1004]: 2023-11-26 19:17:40.712 [INF] CHRE: LightningWallet opened
Nov 26 19:17:40 minibolt lnd[1004]: 2023-11-26 19:17:40.722 [INF] SRVR: Proxying all network traffic via Tor (stream_isolation=true)! NOTE: Ensure the backend node is proxying over Tor as well
Nov 26 19:17:40 minibolt lnd[1004]: 2023-11-26 19:17:40.723 [INF] TORC: Starting tor controller
Nov 26 19:17:40 minibolt lnd[1004]: 2023-11-26 19:17:40.744 [INF] HSWC: Cleaning circuits from disk for closed channels
Nov 26 19:17:40 minibolt lnd[1004]: 2023-11-26 19:17:40.744 [INF] HSWC: Finished cleaning: no closed channels found, no actions taken.
[...]

If you had an old node and an existing cipher seed

Press y and enter to recover it

If you choose this option, the next step will be to enter the seed words of your old node

Expected output:

Input your 24-word mnemonic separated by spaces:

Type your 24-word mnemonic separated by spaces and press enter

Expected output:

Input your cipher seed passphrase (press enter if your seed doesn't have a passphrase):

If you used a passphrase, enter it, if not, press enter again directly

If you were wrong with the passphrase, don't worry, LND shows you the next log and will not run: [lncli] rpc error: code = Unknown desc = invalid passphrase, recheck, and try again, if not, the prompt shows you the next

Expected output:

Input an optional address look-ahead used to scan for used keys (default 2500):

Now the LND will enable the RECOVERY MODE

Press enter again when the prompt above asks you, the default windows recovery is enough

Example of expected output:

Generating fresh cipher seed...

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

---------------BEGIN LND CIPHER SEED---------------
 1. ability   2. soap    3. album    4. resource
 5. plate     6. fiber   7. immune   8. fringe
[...]

!!!YOU MUST WRITE DOWN THIS SEED TO BE ABLE TO RESTORE THE WALLET!!!

lnd successfully initialized!

Return to the first terminal with journalctl -f -u lnd. Search to the next lines to ensure LND already entered the RECOVERY MODE and go out of this ⬇️

[...]
Jun 05 15:05:16 minibolt lnd[124224]: 2024-06-05 15:05:16.248 [INF] LNWL: Opened wallet
Jun 05 15:05:16 minibolt lnd[124224]: 2024-06-05 15:05:16.249 [INF] LTND: Wallet recovery mode enabled with address lookahead of 2500 addresses
Jun 05 15:05:16 minibolt lnd[124224]: 2024-06-05 15:05:16.442 [INF] LNWL: Started listening for bitcoind block notifications via ZMQ on 127.0.0.1:28332
Jun 05 15:05:16 minibolt lnd[124224]: 2024-06-05 15:05:16.442 [INF] LNWL: Started listening for bitcoind transaction notifications via ZMQ on 127.0.0.1:28333
Jun 05 15:05:16 minibolt lnd[124224]: 2024-06-05 15:05:16.442 [INF] CHRE: Initializing bitcoind backed fee estimator in CONSERVATIVE mode
Jun 05 15:05:18 minibolt lnd[124224]: 2024-06-05 15:05:18.762 [INF] LNWL: The wallet has been unlocked without a time limit
Jun 05 15:05:21 minibolt lnd[124224]: 2024-06-05 15:05:21.066 [INF] CHRE: LightningWallet opened
[...]
Jun 05 19:47:08 minibolt lnd[124224]: 2023-11-26 19:47:08.642 [INF] LNWL: RECOVERY MODE ENABLED -- rescanning for used addresses with recovery_window=2500
Jun 05 19:47:08 minibolt lnd[124224]: 2023-11-26 19:47:08.685 [INF] LNWL: Seed birthday surpassed, starting recovery of wallet from height=2540246 hash=00000000000000178484e446a4fb5c966b5fd5db76121421bfa470c7c879ff05 with recovery-window=2500
Jun 05 19:47:09 minibolt lnd[124224]: 2023-11-26 19:47:09.859 [INF] LNWL: Scanning 311 blocks for recoverable addresses
Jun 05 19:48:36 minibolt lnd[124224]: 2023-11-26 19:48:36.328 [INF] LNWL: Recovered addresses from blocks 2540246-2540556
Jun 05 19:48:36 minibolt lnd[124224]: 2023-11-26 19:48:36.338 [INF] LNWL: Started rescan from block 000000000000001e297a052a69708908dbe9769d834a07447d85e446b6b4b2a0 (height 2540556) for 0 addresses
Jun 05 19:48:36 minibolt lnd[124224]: 2023-11-26 19:48:36.360 [INF] LNWL: Catching up block hashes to height 2540557, this might take a while
Jun 05 19:48:36 minibolt lnd[124224]: 2023-11-26 19:48:36.361 [INF] LNWL: Done catching up block hashes
Jun 05 19:48:36 minibolt lnd[124224]: 2023-11-26 19:48:36.361 [INF] LNWL: Finished rescan for 0 addresses (synced to block 00000000443337ee5135e26cc7611c570f0cfface2823516a59fee41fc9750b0, height 2540557)
[...]

The current state of your channels, however, cannot be recreated from this seed. For this, the Static Channel Backup stored /data/lnd/data/chain/bitcoin/mainnet/channel.backup is updated for each channel opening and closing

There is a dedicated guide to making an automatic backup

Return to the admin user

exit

Check that LND is running and related ports listening

sudo ss -tulpn | grep LISTEN | grep lnd

Expected output:

tcp   LISTEN 0      4096       127.0.0.1:10009      0.0.0.0:*    users:(("lnd",pid=386562,fd=8))
tcp   LISTEN 0      4096       127.0.0.1:8080       0.0.0.0:*    users:(("lnd",pid=386562,fd=29))
tcp   LISTEN 0      4096       127.0.0.1:9735       0.0.0.0:*    users:(("lnd",pid=386562,fd=45))
tcp   LISTEN 0      4096               *:9911             *:*    users:(("lnd",pid=386562,fd=44))

Allow user "admin" to work with LND

We interact with LND using the application lncli. At the moment, only the user lnd has the necessary access privileges. To make the user "admin" the main administrative user, we make sure it can interact with LND as well.

As user admin, link the LND data directory in the user admin home. As a member of the group lnd, the admin user has read-only access to certain files

ln -s /data/lnd /home/admin/.lnd

Check symbolic link has been created correctly

ls -la /home/admin

Expected output ⬇️

total 96
drwxr-x--- 10 admin admin  4096 Jul 18 07:10 .
drwxr-xr-x  8 root  root   4096 Jul 16 09:28 ..
-rw-rw-r--  1 admin admin 13901 Jul 12 15:54 .bash_aliases
-rw-------  1 admin admin 13993 Jul 18 06:31 .bash_history
-rw-r--r--  1 admin admin   220 Jul 11 20:25 .bash_logout
-rw-r--r--  1 admin admin  3792 Jul 12 07:56 .bashrc
lrwxrwxrwx  1 admin admin    13 Jul 12 10:41 .bitcoin -> /data/bitcoin
drwx------  2 admin admin  4096 Jul 11 20:27 .cache
drwxrwxr-x  5 admin admin  4096 Jul 12 07:57 .cargo
drwxrwxr-x  3 admin admin  4096 Jul 11 20:32 .config
drwx------  3 admin admin  4096 Jul 15 20:54 .gnupg
-rw-------  1 admin admin    20 Jul 11 22:09 .lesshst
lrwxrwxrwx  1 admin admin     9 Jul 18 07:10 
drwxrwxr-x  3 admin admin  4096 Jul 12 09:15 .local
drwxrwxr-x  3 admin admin  4096 Jul 16 09:23 .npm
-rw-r--r--  1 admin admin   828 Jul 12 07:56 .profile
drwxrwxr-x  6 admin admin  4096 Jul 12 07:56 .rustup
drwx------  2 admin admin  4096 Jul 11 20:47 .ssh
-rw-r--r--  1 admin admin     0 Jul 11 20:27 .sudo_as_admin_successful
-rw-rw-r--  1 admin admin   293 Jul 15 20:53 .wget-hsts
-rw-------  1 admin admin   228 Jul 18 07:04 .Xauthority

Make all directories browsable for the group

sudo chmod -R g+X /data/lnd/data/

Check if you can use lncli with the admin user by querying LND for information

lncli getinfo

LND in action

💊 Now your Lightning node is ready. This is also the point of no return. Up until now, you can just start over. Once you send real Bitcoin to your MiniBolt, you have "skin in the game"

The next commands can be entered in any new session without keeping a specific terminal opened with logs, but I recommend keeping this just in case any log could give extra information about the command you just entered

Watchtower client

Lightning channels need to be monitored to prevent malicious behavior by your channel peers. If your MiniBolt goes down for a longer time, for instance, due to a hardware problem, a node on the other side of one of your channels might try to close the channel with an earlier channel balance that is better for them.

Watchtowers are other Lightning nodes that can monitor your channels for you. If they detect such bad behavior, they can react on your behalf, and send a punishing transaction to close this channel. In this case, all channel funds will be sent to your LND on-chain wallet.

A watchtower can only send such a punishing transaction to your wallet, so you don't have to trust them. It's good practice to add a few watchtowers, just to be on the safe side.

With user admin, add the Lightning Network+ watchtower Tor address as a first example

lncli wtclient add 023bad37e5795654cecc69b43599da8bd5789ac633c098253f60494bde602b60bf@iiu4epqzm6cydqhezueenccjlyzrqeruntlzbx47mlmdgfwgtrll66qd.onion:9911

Or the clearnet address

lncli wtclient add 023bad37e5795654cecc69b43599da8bd5789ac633c098253f60494bde602b60bf@34.216.52.158:9911

If you want to list your towers and active watchtowers

lncli wtclient towers

Expected output:

{
    "towers": [
        {
            "pubkey": "023bad37e5795654cecc69b43599da8bd5789ac633c098253f60494bde602b60bf",
            "addresses": [
                "iiu4epqzm6cydqhezueenccjlyzrqeruntlzbx47mlmdgfwgtrll66qd.onion:9911"
            ],
            "active_session_candidate": true,
            "num_sessions": 0,
            "sessions": [
            ]
        },
    ]
}

If you want to deactivate an active tower

lncli wtclient remove <pubkey>

Monitor logs with journalctl -fu lnd to check the watchtower client is working fine, it should show you after a while, the next logs ⬇️

Watchtower server

Same you can connect as a watchtower client to other watchtower servers, you could give the same service running an altruist watchtower server. This was previously activated in the lnd.conf, and you can see the information about it by typing the following command and sharing it with your peers.

lncli tower info

Expected output:

{
  "pubkey": "023bad37e5795654cecc69b43599da8bd5789ac633c098253f60494bde602b60bf",
  "listeners": [
      "[::]:9911"
  ],
  "uris": [
      "iiu4epqzm6cydqhezueenccjlyzrqeruntlzbx47mlmdgfwgtrll66qd.onion:9911"
  ]
}

This watchtower server service is not recommended to activate if you have a slow device without high-performance features, if yes consider disabling it commenting, or deleting the line watchtower.active=true of the lnd.conf file

Almost all of the following steps could be run with the mobile | web app guides. We strongly recommend using these applications with intuitive and visual UI to manage the Lightning Node, instead of using the command line. Anyway, if you want to explore the lncli, you have some useful commands in the extra section

Extras (optional)

Use the default bbolt database backend

Once you have skipped the before section of the PostgreSQL installation, and when you arrive at the Configuration section, modify lnd.conf file

With user lnd, edit lnd.conf

nano /data/lnd/lnd.conf

Replace # Database section about the PostgreSQL database backend

[db]
## Database
db.backend=postgres

[postgres]
db.postgres.dsn=postgresql://admin:[email protected]:5432/lndb?sslmode=disable
db.postgres.timeout=0

To this

[bolt]
## Database
# Set the next value to false to disable auto-compact DB
# and fast boot and comment the next line
db.bolt.auto-compact=true
# Uncomment to do DB compact at every LND reboot (default: 168h)
#db.bolt.auto-compact-min-age=0h

Return to the admin user

exit

Continue with the guide on the Create systemd service section

Migrate an existing bbolt database to PostgreSQL

Attention: this process is very risky, supposedly this software is in an experimental state which could damage your existing LND database. Act at your own risk❗

-> It is recommended to start from scratch by closing all existing channels, rather than a migration to ensure we don't lose anything because it is not possible to come back to the old bbolt database once migrated

Install dependencies

With user admin, install the next dependencies packages. Press enter when the prompt asks you

sudo apt install build-essential

Install Go!

With user admin, verify that you've installed Go by typing the following command

go version

Example of expected output:

> go version go1.21.10 linux/amd64

If you obtain "command not found" outputs, you need to follow the Go! bonus guide installation progress to install it and then come back to continue with the guide

Install lndinit

With user admin, go to the temporary folder

cd /tmp

Clone the migrate-db branch of the lndinit, from the official repository of the Minibolt and enter to the lndinit folder

git clone --branch migrate-db https://github.com/minibolt-guide/lndinit.git && cd lndinit

Compile it

make install

This process can take quite a long time, 5-10 minutes or more, depending on the performance of your device. Please be patient until the prompt shows again

Install it

sudo install -m 0755 -o root -g root -t /usr/local/bin /home/admin/go/bin/lndinit

Check the correct installation

lndinit -v

Example of expected output:

2024-05-30 23:00:15.666 LNDINIT: Version 0.1.4-beta commit=, debuglevel=debug
2024-05-30 23:00:15.668 LNDINIT: Config error: Please specify one command of: gen-password, gen-seed, init-wallet, load-secret, migrate-db, store-secret or wait-ready

(Optional) Delete the installation files

sudo rm -r /tmp/lndinit

Migrate bbolt database to PostgreSQL

With user admin, stop lnd

sudo systemctl stop lnd

Confirm and ensure that LND is stopped successfully by monitoring logs

journalctl -fu lnd

Expected output:

May 30 20:44:36 minibolt lnd[314082]: 2024-05-30 20:44:36.840 [INF] INVC: Cancelling invoice subscription for client=1
May 30 20:44:36 minibolt lnd[314082]: 2024-05-30 20:44:36.855 [ERR] RPCS: [/routerrpc.Router/SubscribeHtlcEvents]: context canceled
May 30 20:44:36 minibolt lnd[314082]: 2024-05-30 20:44:36.861 [ERR] RPCS: [/routerrpc.Router/SubscribeHtlcEvents]: context canceled
May 30 20:44:48 minibolt lnd[314082]: 2024-05-30 20:44:48.927 [INF] CRTR: Processed channels=0 updates=21 nodes=0 in last 1m0.000123683s
May 30 20:45:02 minibolt systemd[1]: Stopping Lightning Network Daemon...
May 30 20:45:02 minibolt lnd[314082]: 2024-05-30 20:45:02.606 [INF] LTND: Received shutdown request.
May 30 20:45:02 minibolt lnd[314082]: 2024-05-30 20:45:02.609 [INF] LTND: Shutting down...
May 30 20:45:02 minibolt lnd[314082]: 2024-05-30 20:45:02.612 [INF] LTND: Systemd was notified about stopping
May 30 20:45:02 minibolt lnd[314082]: 2024-05-30 20:45:02.612 [INF] LTND: Gracefully shutting down.
May 30 20:45:02 minibolt lnd[314082]: 2024-05-30 20:45:02.615 [INF] WTWR: Stopping watchtower
May 30 20:45:02 minibolt systemd[1]: lnd.service: Succeeded.
May 30 20:45:02 minibolt systemd[1]: 
May 30 20:45:02 minibolt systemd[1]: lnd.service: Consumed 12h 11min 606ms CPU time.

a Previously followed:
1. Install PostgreSQL section
2. Create PostgreSQL database section
Exec the migration and wait to finish it

sudo lndinit -v migrate-db \
      --source.bolt.data-dir /home/admin/.lnd/data \
      --source.bolt.tower-dir /home/admin/.lnd/data/watchtower \
      --source.bolt.network=mainnet \
      --dest.backend postgres \
      --dest.postgres.dsn=postgresql://admin:[email protected]:5432/lndb?sslmode=disable \
      --dest.postgres.timeout=0

Example of expected output ⬇️

2024-04-17 14:07:41.277 LNDINIT: Version 0.1.4-beta commit=, debuglevel=debug
2024-04-17 14:07:41.279 LNDINIT: Migrating DB with prefix channeldb
2024-04-17 14:07:41.279 LNDINIT: Opening bbolt backend at /home/admin/.lnd/data/graph/mainnet/channel.db for prefix 'channeldb'
2024-04-17 14:07:41.370 LNDINIT: Opened source DB
2024-04-17 14:07:41.370 LNDINIT: Opening postgres backend at postgresql://admin:[email protected]:5432/lndb?sslmode=disable with prefix 'channeldb'
2024-04-17 14:07:41.394 LNDINIT: Opened destination DB
2024-04-17 14:07:41.394 LNDINIT: Checking tombstone marker on source DB
2024-04-17 14:07:41.394 LNDINIT: Checking if migration was already applied to target DB
2024-04-17 14:07:41.401 LNDINIT: Starting the migration to the target backend
2024-04-17 14:07:41.402 LNDINIT: Copying top-level bucket 'alias-bucket'
2024-04-17 14:07:41.409 LNDINIT: Committing bucket 'alias-bucket'
2024-04-17 14:07:41.411 LNDINIT: Copying top-level bucket 'base-bucket'
2024-04-17 14:07:41.413 LNDINIT: Committing bucket 'base-bucket'
2024-04-17 14:07:41.415 LNDINIT: Copying top-level bucket 'chan-id-bucket'
2024-04-17 14:07:41.417 LNDINIT: Committing bucket 'chan-id-bucket'
2024-04-17 14:07:41.481 LNDINIT: Copying top-level bucket 'circuit-adds'
2024-04-17 14:07:41.483 LNDINIT: Committing bucket 'circuit-adds'
2024-04-17 14:07:41.484 LNDINIT: Copying top-level bucket 'circuit-fwd-log'
2024-04-17 14:07:41.486 LNDINIT: Committing bucket 'circuit-fwd-log'
2024-04-17 14:07:41.487 LNDINIT: Copying top-level bucket 'circuit-keystones'
2024-04-17 14:07:41.489 LNDINIT: Committing bucket 'circuit-keystones'
2024-04-17 14:07:41.490 LNDINIT: Copying top-level bucket 'close-summaries'
2024-04-17 14:07:41.492 LNDINIT: Committing bucket 'close-summaries'
2024-04-17 14:07:41.493 LNDINIT: Copying top-level bucket 'closed-chan-bucket'
2024-04-17 14:07:41.495 LNDINIT: Committing bucket 'closed-chan-bucket'
2024-04-17 14:07:41.496 LNDINIT: Copying top-level bucket 'confirm-hints'
2024-04-17 14:07:41.497 LNDINIT: Committing bucket 'confirm-hints'
2024-04-17 14:07:41.499 LNDINIT: Copying top-level bucket 'edge-index'
2024-04-17 14:07:41.500 LNDINIT: Committing bucket 'edge-index'
2024-04-17 14:07:41.501 LNDINIT: Copying top-level bucket 'fwd-packages'
2024-04-17 14:07:41.503 LNDINIT: Committing bucket 'fwd-packages'
2024-04-17 14:07:41.504 LNDINIT: Copying top-level bucket 'graph-edge'
2024-04-17 14:07:58.418 LNDINIT: Committing bucket 'graph-edge'
2024-04-17 14:08:08.332 LNDINIT: Copying top-level bucket 'graph-meta'
2024-04-17 14:08:08.337 LNDINIT: Committing bucket 'graph-meta'
2024-04-17 14:08:08.834 LNDINIT: Copying top-level bucket 'graph-node'
2024-04-17 14:08:11.346 LNDINIT: Committing bucket 'graph-node'
2024-04-17 14:08:13.710 LNDINIT: Copying top-level bucket 'historical-chan-bucket'
2024-04-17 14:08:13.713 LNDINIT: Committing bucket 'historical-chan-bucket'
2024-04-17 14:08:13.727 LNDINIT: Copying top-level bucket 'invoice-alias-bucket'
2024-04-17 14:08:13.728 LNDINIT: Committing bucket 'invoice-alias-bucket'
2024-04-17 14:08:13.733 LNDINIT: Copying top-level bucket 'invoices'
2024-04-17 14:08:13.737 LNDINIT: Committing bucket 'invoices'
2024-04-17 14:08:13.742 LNDINIT: Copying top-level bucket 'message-store'
2024-04-17 14:08:13.743 LNDINIT: Committing bucket 'message-store'
2024-04-17 14:08:13.748 LNDINIT: Copying top-level bucket 'metadata'
2024-04-17 14:08:13.750 LNDINIT: Committing bucket 'metadata'
2024-04-17 14:08:13.754 LNDINIT: Copying top-level bucket 'missioncontrol-results'
2024-04-17 14:08:13.756 LNDINIT: Committing bucket 'missioncontrol-results'
2024-04-17 14:08:13.760 LNDINIT: Copying top-level bucket 'network-result-store-bucket'
2024-04-17 14:08:13.762 LNDINIT: Committing bucket 'network-result-store-bucket'
2024-04-17 14:08:13.767 LNDINIT: Copying top-level bucket 'next-payment-id-key'
2024-04-17 14:08:13.768 LNDINIT: Committing bucket 'next-payment-id-key'
2024-04-17 14:08:13.773 LNDINIT: Copying top-level bucket 'nib'
2024-04-17 14:08:13.774 LNDINIT: Committing bucket 'nib'
2024-04-17 14:08:13.779 LNDINIT: Copying top-level bucket 'open-chan-bucket'
2024-04-17 14:08:13.780 LNDINIT: Committing bucket 'open-chan-bucket'
2024-04-17 14:08:13.782 LNDINIT: Copying top-level bucket 'outpoint-bucket'
2024-04-17 14:08:13.783 LNDINIT: Committing bucket 'outpoint-bucket'
2024-04-17 14:08:13.784 LNDINIT: Copying top-level bucket 'pay-addr-index'
2024-04-17 14:08:13.786 LNDINIT: Committing bucket 'pay-addr-index'
2024-04-17 14:08:13.787 LNDINIT: Copying top-level bucket 'payments-index-bucket'
2024-04-17 14:08:13.788 LNDINIT: Committing bucket 'payments-index-bucket'
2024-04-17 14:08:13.790 LNDINIT: Copying top-level bucket 'peers-bucket'
2024-04-17 14:08:13.791 LNDINIT: Committing bucket 'peers-bucket'
2024-04-17 14:08:13.792 LNDINIT: Copying top-level bucket 'set-id-index'
2024-04-17 14:08:13.793 LNDINIT: Committing bucket 'set-id-index'
2024-04-17 14:08:13.794 LNDINIT: Copying top-level bucket 'spend-hints'
2024-04-17 14:08:13.796 LNDINIT: Committing bucket 'spend-hints'
2024-04-17 14:08:13.797 LNDINIT: Copying top-level bucket 'sweeper-tx-hashes'
2024-04-17 14:08:13.798 LNDINIT: Committing bucket 'sweeper-tx-hashes'
2024-04-17 14:08:13.803 LNDINIT: Migrating DB with prefix macaroondb
2024-04-17 14:08:13.803 LNDINIT: Opening bbolt backend at /home/admin/.lnd/data/chain/bitcoin/mainnet/macaroons.db for prefix 'macaroondb'
2024-04-17 14:08:13.804 LNDINIT: Opened source DB
2024-04-17 14:08:13.804 LNDINIT: Opening postgres backend at postgresql://admin:[email protected]:5432/lndb?sslmode=disable with prefix 'macaroondb'
2024-04-17 14:08:13.878 LNDINIT: Opened destination DB
2024-04-17 14:08:13.878 LNDINIT: Checking tombstone marker on source DB
2024-04-17 14:08:13.878 LNDINIT: Checking if migration was already applied to target DB
2024-04-17 14:08:13.881 LNDINIT: Starting the migration to the target backend
2024-04-17 14:08:13.881 LNDINIT: Copying top-level bucket 'macrootkeys'
2024-04-17 14:08:13.887 LNDINIT: Committing bucket 'macrootkeys'
2024-04-17 14:08:13.900 LNDINIT: Migrating DB with prefix decayedlogdb
2024-04-17 14:08:13.900 LNDINIT: Opening bbolt backend at /home/admin/.lnd/data/graph/mainnet/sphinxreplay.db for prefix 'decayedlogdb'
2024-04-17 14:08:13.900 LNDINIT: Opened source DB
2024-04-17 14:08:13.900 LNDINIT: Opening postgres backend at postgresql://admin:[email protected]:5432/lndb?sslmode=disable with prefix 'decayedlogdb'
2024-04-17 14:08:14.762 LNDINIT: Opened destination DB
2024-04-17 14:08:14.762 LNDINIT: Checking tombstone marker on source DB
2024-04-17 14:08:14.762 LNDINIT: Checking if migration was already applied to target DB
2024-04-17 14:08:14.768 LNDINIT: Starting the migration to the target backend
2024-04-17 14:08:14.768 LNDINIT: Copying top-level bucket 'batch-replay'
2024-04-17 14:08:14.776 LNDINIT: Committing bucket 'batch-replay'
2024-04-17 14:08:14.782 LNDINIT: Copying top-level bucket 'shared-hash'
2024-04-17 14:08:14.786 LNDINIT: Committing bucket 'shared-hash'
2024-04-17 14:08:14.811 LNDINIT: Migrating DB with prefix towerclientdb
2024-04-17 14:08:14.811 LNDINIT: Opening bbolt backend at /home/admin/.lnd/data/graph/mainnet/wtclient.db for prefix 'towerclientdb'
2024-04-17 14:08:14.812 LNDINIT: Opened source DB
2024-04-17 14:08:14.812 LNDINIT: Opening postgres backend at postgresql://admin:[email protected]:5432/lndb?sslmode=disable with prefix 'towerclientdb'
2024-04-17 14:08:14.956 LNDINIT: Opened destination DB
2024-04-17 14:08:14.956 LNDINIT: Checking tombstone marker on source DB
2024-04-17 14:08:14.956 LNDINIT: Checking if migration was already applied to target DB
2024-04-17 14:08:14.963 LNDINIT: Starting the migration to the target backend
2024-04-17 14:08:14.963 LNDINIT: Copying top-level bucket 'client-channel-detail-bucket'
2024-04-17 14:08:14.970 LNDINIT: Committing bucket 'client-channel-detail-bucket'
2024-04-17 14:08:14.975 LNDINIT: Copying top-level bucket 'client-channel-id-index'
2024-04-17 14:08:14.978 LNDINIT: Committing bucket 'client-channel-id-index'
2024-04-17 14:08:14.983 LNDINIT: Copying top-level bucket 'client-closable-sessions-bucket'
2024-04-17 14:08:14.986 LNDINIT: Committing bucket 'client-closable-sessions-bucket'
2024-04-17 14:08:14.991 LNDINIT: Copying top-level bucket 'client-session-bucket'
2024-04-17 14:08:14.994 LNDINIT: Committing bucket 'client-session-bucket'
2024-04-17 14:08:14.999 LNDINIT: Copying top-level bucket 'client-session-id-index'
2024-04-17 14:08:15.002 LNDINIT: Committing bucket 'client-session-id-index'
2024-04-17 14:08:15.007 LNDINIT: Copying top-level bucket 'client-session-key-index-bucket'
2024-04-17 14:08:15.010 LNDINIT: Committing bucket 'client-session-key-index-bucket'
2024-04-17 14:08:15.015 LNDINIT: Copying top-level bucket 'client-tower-bucket'
2024-04-17 14:08:15.017 LNDINIT: Committing bucket 'client-tower-bucket'
2024-04-17 14:08:15.022 LNDINIT: Copying top-level bucket 'client-tower-index-bucket'
2024-04-17 14:08:15.025 LNDINIT: Committing bucket 'client-tower-index-bucket'
2024-04-17 14:08:15.030 LNDINIT: Copying top-level bucket 'client-tower-to-session-index-bucket'
2024-04-17 14:08:15.032 LNDINIT: Committing bucket 'client-tower-to-session-index-bucket'
2024-04-17 14:08:15.037 LNDINIT: Copying top-level bucket 'metadata-bucket'
2024-04-17 14:08:15.043 LNDINIT: Committing bucket 'metadata-bucket'
2024-04-17 14:08:15.061 LNDINIT: Migrating DB with prefix towerserverdb
2024-04-17 14:08:15.061 LNDINIT: Opening bbolt backend at /home/admin/.lnd/data/watchtower/bitcoin/mainnet/watchtower.db for prefix 'towerserverdb'
2024-04-17 14:08:15.061 LNDINIT: Opened source DB
2024-04-17 14:08:15.061 LNDINIT: Opening postgres backend at postgresql://admin:[email protected]:5432/lndb?sslmode=disable with prefix 'towerserverdb'
2024-04-17 14:08:15.144 LNDINIT: Opened destination DB
2024-04-17 14:08:15.144 LNDINIT: Checking tombstone marker on source DB
2024-04-17 14:08:15.144 LNDINIT: Checking if migration was already applied to target DB
2024-04-17 14:08:15.149 LNDINIT: Starting the migration to the target backend
2024-04-17 14:08:15.149 LNDINIT: Copying top-level bucket 'lookout-tip-bucket'
2024-04-17 14:08:15.155 LNDINIT: Committing bucket 'lookout-tip-bucket'
2024-04-17 14:08:15.161 LNDINIT: Copying top-level bucket 'metadata-bucket'
2024-04-17 14:08:15.166 LNDINIT: Committing bucket 'metadata-bucket'
2024-04-17 14:08:15.168 LNDINIT: Copying top-level bucket 'sessions-bucket'
2024-04-17 14:08:15.171 LNDINIT: Committing bucket 'sessions-bucket'
2024-04-17 14:08:15.173 LNDINIT: Copying top-level bucket 'update-index-bucket'
2024-04-17 14:08:15.175 LNDINIT: Committing bucket 'update-index-bucket'
2024-04-17 14:08:15.177 LNDINIT: Copying top-level bucket 'updates-bucket'
2024-04-17 14:08:15.180 LNDINIT: Committing bucket 'updates-bucket'
2024-04-17 14:08:15.192 LNDINIT: Migrating DB with prefix walletdb
2024-04-17 14:08:15.193 LNDINIT: Opening bbolt backend at /home/admin/.lnd/data/chain/bitcoin/mainnet/wallet.db for prefix 'walletdb'
2024-04-17 14:08:15.213 LNDINIT: Opened source DB
2024-04-17 14:08:15.213 LNDINIT: Opening postgres backend at postgresql://admin:[email protected]:5432/lndb?sslmode=disable with prefix 'walletdb'
2024-04-17 14:08:15.299 LNDINIT: Opened destination DB
2024-04-17 14:08:15.299 LNDINIT: Checking tombstone marker on source DB
2024-04-17 14:08:15.300 LNDINIT: Checking if migration was already applied to target DB
2024-04-17 14:08:15.304 LNDINIT: Starting the migration to the target backend
2024-04-17 14:08:15.304 LNDINIT: Copying top-level bucket 'waddrmgr'
2024-04-17 14:08:15.809 LNDINIT: Committing bucket 'waddrmgr'
2024-04-17 14:08:15.815 LNDINIT: Copying top-level bucket 'wtxmgr'
2024-04-17 14:08:15.828 LNDINIT: Committing bucket 'wtxmgr'
2024-04-17 14:08:15.833 LNDINIT: Creating 'wallet created' marker
2024-04-17 14:08:15.835 LNDINIT: Committing 'wallet created' marker

This process could take a few minutes depending on the size of the database. When the prompt comes back to show you, that the migration is finished successfully

Now follow the Configured section lnd.conf, to use the PostgreSQL database as the backend, paying attention to the next section

# Database
[db]
db.backend=postgres

[postgres]
db.postgres.dsn=postgresql://admin:[email protected]:5432/lndb?sslmode=disable
db.postgres.timeout=0

With user admin, edit the systemd service file

sudo nano /etc/systemd/system/lnd.service

Replace the next lines to include the postgres.service dependency

Requires=bitcoind.service postgresql.service
After=bitcoind.service postgresql.service

Reload the systemd daemon

sudo systemctl daemon-reload

Start LND again

sudo systemctl start lnd

Monitor the LND logs to ensure all is working correctly with the new PostgreSQL database backend successfully migrated

journalctl -fu lnd

The [WRN] logs indicate that LND has detected an existing old bbolt database and It will not be migrated to postgres automatically, but we already migrated it before 😏

[...]
> [WRN] LTND: Found existing bbolt database file in /home/lnd/.lnd/data/chain/bitcoin/mainnet/wallet.db while using database type postgres. Existing data will NOT be migrated to postgres automatically!
> [WRN] LTND: Found existing bbolt database file in /home/lnd/.lnd/data/graph/mainnet/channel.db while using database type postgres. Existing data will NOT be migrated to postgres automatically!
[...]

-> You can delete these logs by following the next section

Pay attention to this [INF] significant log to confirm you are using PostgreSQL now

[...]
> [INF] LTND: Using remote postgres database! Creating graph and channel state DB instances
[...]

Ensure you still have your node in the same situation before the migration using the Web app: ThunderHub or using lncli with commands like lncli listchannels / lncli listunspent / lncli wtclient towers and see if everything is as you left it before the migration

(Optional) Delete old bbolt files database

With user admin, change to the lnd user

sudo su - lnd

Detele the old bbolt database files

rm /data/lnd/data/chain/bitcoin/mainnet/macaroons.db && rm /data/lnd/data/chain/bitcoin/mainnet/macaroons.db.last-compacted && rm /data/lnd/data/chain/bitcoin/mainnet/wallet.db && rm /data/lnd/data/graph/mainnet/* && rm /data/lnd/data/watchtower/bitcoin/mainnet/*

Return to the admin user

exit

Some useful lncli commands

Quick reference with special commands to play around with:

Create your own Re-Usable Static AMP invoice

lncli addinvoice --memo "your memo here" --amt <amount in sats> --expiry <time in seconds> --amp

The flags --memo |--amt & --expiry are optional. The default expiry time will be 30 days by default and the rest can be empty

Copy the output [lnbc...] of the "payment_request": "lnbc...". Transform your output payment request into a QR code, embed it on your website, or add it to your social media. LibreOffice has built-in functionality, and there are plenty of freely available online tools

Pay an AMP invoice (both sender and receiver nodes have to have AMP enabled)

lncli payinvoice --amt <amount> <amp invoice>

Send payment to node without invoice using AMP invoice (both sender and receiver nodes have to have AMP enabled)

lncli sendpayment --dest <destination public key> --amt <amount> --amp

Example of expected output:

// Some code+------------+--------------+--------------+--------------+-----+----------+---------------------+--------------------+
| HTLC_STATE | ATTEMPT_TIME | RESOLVE_TIME | RECEIVER_AMT | FEE | TIMELOCK | CHAN_OUT            | ROUTE              |
+------------+--------------+--------------+--------------+-----+----------+---------------------+--------------------+
| SUCCEEDED  |        0.017 |        4.789 | 10000        | 0   |  2819586 | 3100070835543670784 | 2FakTor⚡Testnet🧪 |
+------------+--------------+--------------+--------------+-----+----------+---------------------+--------------------+
Amount + fee:   10000 + 0 sat
Payment hash:   466351a225dfff6b7205c1397c2c19d803c87e888baa0d845050498ade44f4fe
Payment status: SUCCEEDED, preimage: 7c7c34c655eaea4f683db53f22ca2f5256758eb260f2c355d815b71977e3308f

If you want to send a circular payment to yourself, add the next flag at the end of the command:--allow_self_payment

Extract the SegWit and Taproot master public key of your onchain LND wallet

lncli wallet accounts list | grep -A 3 "TAPROOT" && echo "------------------------" && \
lncli wallet accounts list | grep -B 3 "m/84"

Example of expected output:

            "address_type":  "TAPROOT_PUBKEY",
            "extended_public_key":  "",
            "master_key_fingerprint":  "",
            "derivation_path":  "m/86'/0'/0'",
------------------------
            "address_type":  "WITNESS_PUBKEY_HASH",
            "extended_public_key":  "",
            "master_key_fingerprint":  "",
            "derivation_path":  "m/84'/0'/0'",

Upgrade

Upgrading LND can lead to some issues. Always read the LND release notes completely to understand the changes. These also cover many additional topics and new features not mentioned here.

Check your current LND version

lnd --version

Download, verify, and install the latest LND binaries as described in the Installation section of this guide, replacing the environment variable "VERSION=x.xx" value for the latest if it has not been already changed in this guide (acting behind your responsibility)
Restart LND to apply the new version

sudo systemctl restart lnd

Uninstall

Uninstall service

With user admin , stop lnd

sudo systemctl stop lnd

Disable autoboot (if enabled)

sudo systemctl disable lnd

Delete the service

sudo rm /etc/systemd/system/lnd.service

Delete user & group

Delete lnd user's group

sudo gpasswd -d admin lnd; sudo gpasswd -d thunderhub lnd; sudo gpasswd -d btcpay lnd

Delete the lnd user. Don't worry about userdel: lnd mail spool (/var/mail/lnd) not found output, the uninstall has been successful

sudo userdel -rf lnd

Delete the lnd group

sudo groupdel lnd

Detele the data directory

Delete the complete lnd directory

sudo rm -rf /data/lnd/

Delete the PostgreSQL database (if used)

Delete the lndb database

sudo -u postgres psql -c "DROP DATABASE lndb;"

Uninstall binaries

Delete the binaries installed

sudo rm /usr/local/bin/lnd && sudo rm /usr/local/bin/lncli

Port reference

Port	Protocol	Use
9735	TCP	P2P port
10009	TCP	gRPC port
9911	TCP	Watchtower server port

Port

Protocol

Use

9735

TCP

P2P port

10009

TCP

gRPC port

9911

TCP

Watchtower server port

Previous3. Lightning Next3.2 Channel backup for LND

Last updated 4 days ago