[ { "path": ".editorconfig", "content": "# http://editorconfig.org\n\nroot = true\n\n[*]\ncharset = utf-8\nend_of_line = lf\ninsert_final_newline = true\ntrim_trailing_whitespace = true\nmax_line_length = 120\n\n[*.go]\nindent_style = tab\nindent_size = 4\n\n[*.tsx]\nindent_style = space\nindent_size = 2\n\n[*.jsx]\nindent_style = space\nindent_size = 2\n\n[*.js]\nindent_style = space\nindent_size = 2\n\n[*.ts]\nindent_style = space\nindent_size = 2\n\n[*.json]\nindent_style = space\nindent_size = 2\n\n[*.css]\nindent_style = space\nindent_size = 2\n\n[*.scss]\nindent_style = space\nindent_size = 2\n\n[Makefile]\nindent_style = tab\n" }, { "path": ".gitignore", "content": ".DS_Store\n.idea\n" }, { "path": "README.md", "content": "![Torq - Banner](./docs/images/readme-banner.png)\n\n# Torq\n\n![All Tests](https://github.com/lncapital/torq/actions/workflows/test-on-push.yml/badge.svg)\n\nTorq is an advanced node management software that helps lightning node operators analyze and automate their nodes. It is designed to handle large nodes with over 1000 channels, and it offers a range of features to simplify your node management tasks, including:\n\n* Analyze, connect and manage all your nodes from one place!\n* Access a complete overview of all channels instantly.\n* Build advanced automation workflows to automate Rebalancing, Channel Policy, Tagging and eventually any node action.\n* Review forwarding history, both current and at any point in history.\n* Customize and save table views. Containing only selected columns, advanced sorting and high fidelity filters.\n* Export table data as CSV. Finally get all your forwarding or channel data as CSV files.\n* Enjoy advanced charts to visualize your node's performance and make informed decisions.\n\nWhether you're running a small or a large node, Torq can help you optimize its performance and streamline your node management process. Give it a try and see how it can simplify your node management tasks.\n\n![torq-automation-preview](./docs/images/automation.png)\n\n\n## Quick start\n\n### Docker compose\nTo install Torq via docker compose:\n\n```bash\nbash -c \"$(curl -fsSL https://torq.sh)\"\n```\nYou do not need sudo/root to run this, and you can check the contents of the installation script here: https://torq.sh\n\nWhen you:\n - Have a firewall\n - Run Torq in a container\n - Need to access LND or CLN on the host\n - Are not using host network configuration for the container\n\nThen make sure to allow docker bridge network traffic i.e. `sudo ufw allow from 172.16.0.0/12`\n\n### Podman\nTo run the database via host network:\n\n```sh\npodman run -d --name torqdb --network=host -v torq_db:/var/lib/postgresql/data -e POSTGRES_PASSWORD=\"\" timescale/timescaledb:latest-pg14\n```\n\nTo run Torq via host network:\n\nFirst create your TOML configuration file and store it in `~/.torq/torq.conf`\n\n```sh\npodman run -d --name torq --network=host -v ~/.torq/torq.conf:/home/torq/torq.conf lncapital/torq:latest --config=/home/torq/torq.conf start\n```\n**Note**: Only run with host network when your server has a firewall and doesn't automatically open all port to the internet. You don't want the database to be accessible from the internet!\n\n### Kubernetes\n\nWe shared templates for CRDs in folder [kubernetes](./kubernetes).\nThis folder also has its own [readme](./kubernetes/README.md).\n\n### Network\n\nBe aware that when you try Torq on testnet, simnet or some other type of network that you must use the network switch when trying to browse the web interface.\nThe network switch is the globe icon in the top left corner, next to the Torq logo.\n\n\n### Guides\n\nWe're adding more guides and help articles on [docs.torq.co](https://docs.torq.co).\n\n* [How to add a domain for Torq with https](https://docs.torq.co/en/articles/7323907-how-to-add-a-domain-to-torq-using-caddy).\n* [How to monitor your infrastructure with Torq](https://docs.torq.co/en/articles/7323908-how-to-monitor-your-infrastructure-with-torq).\n\n## Configuration\n\nTorq supports a TOML configuration file. The docker compose install script auto generates this file.\nYou can find an example configuration file at [example-torq.conf](./docker/example-torq.conf)\n\nIt is also possible not to use any TOML configuration files and use command like parameters or environment variables. The list of parameters are:\n - **--lnd.url**: (optional) Host:Port of the LND node (example: \"127.0.0.1:10009\")\n - **--lnd.macaroon-path**: (optional) Path on disk to LND Macaroon (example: \"~/.lnd/admin.macaroon\")\n - **--lnd.tls-path**: (optional) Path on disk to LND TLS file (example: \"~/.lnd/tls.cert\")\n - **--cln.url**: (optional) Host:Port of the CLN node (example: \"127.0.0.1:17272\")\n - **--cln.certificate-path**: (optional) Path on disk to CLN client certificate file (example: \"~/.cln/client.pem\")\n - **--cln.key-path**: (optional) Path on disk to CLN client key file (example: \"~/.cln/client-key.pem\")\n - **--cln.ca-certificate-path**: (optional) Path on disk to CLN certificate authority file (example: \"~/.cln/ca.pem\")\n - **--db.name**: (optional) Name of the database (default: \"torq\")\n - **--db.user**: (optional) Name of the postgres user with access to the database (default: \"postgres\")\n - **--db.password**: (optional) Password used to access the database (default: \"runningtorq\")\n - **--db.port**: (optional) Port of the database (default: \"5432\")\n - **--db.host**: (optional) Host of the database (default: \"localhost\")\n - **--torq.password**: Password used to access the API and frontend (example: \"C44y78A4JXHCVziRcFqaJfFij5HpJhF6VwKjz4vR\")\n - **--torq.network-interface**: (optional) The nework interface to serve the HTTP API (default: \"0.0.0.0\")\n - **--torq.port**: (optional) Port to serve the HTTP API (default: \"8080\")\n - **--torq.pprof.path**: (optional) When pprof path is set then pprof is loaded when Torq boots. (example: \":6060\"). **See Note**\n - **--torq.prometheus.path**: (optional) When prometheus path is set then prometheus is loaded when Torq boots. (example: \"localhost:7070\"). **See Note**\n - **--torq.debuglevel**: (optional) Specify different debug levels (panic|fatal|error|warn|info|debug|trace) (default: \"info\")\n - **--torq.vector.url**: (optional) Alternative path for alternative vector service implementation (default: \"https://vector.ln.capital/\")\n - **--torq.cookie-path**: (optional) Path to auth cookie file\n - **--torq.no-sub**: (optional) Start the server without subscribing to node data (default: \"false\")\n - **--torq.auto-login**: (optional) Allows logging in without a password (default: \"false\")\n - **--customize.mempool.url**: (optional) Mempool custom URL (no trailing slash) (default: \"https://mempool.space\")\n - **--customize.electrum.path**: (optional) Electrum path (example: \"localhost:50001\")\n - **--otel.exporter.type**: (optional) OpenTelemetry exporter type: stdout/file/jaeger (default: \"stdout\")\n - **--otel.exporter.endpoint**: (optional) OpenTelemetry exporter endpoint\n - **--otel.exporter.path**: (optional) OpenTelemetry exporter path (default: \"traces.txt\")\n - **--otel.sampler.fraction**: (optional) OpenTelemetry sampler fraction (default: \"0.0\")\n - **--bitcoind.network**: (optional) Bitcoind network: MainNet/TestNet/RegTest/SigNet/SimNet. (default: \"MainNet\")\n - **--bitcoind.url**: (optional) Bitcoind RPC Host:Port\n - **--bitcoind.user**: (optional) Bitcoind RPC username\n - **--bitcoind.password**: (optional) Bitcoind RPC password\n\n**Note**: pprof and prometheus expose internal statistics, be careful not to expose this publicly.\n\nMore information about infrastructure and node monitoring over [here](https://docs.torq.co/en/articles/8488866-infrastructure-and-node-monitoring)\n\n## How to Videos\n\n[You can find the full list of video guides here.](https://docs.torq.co/en/collections/3817618-torq-video-tutorials)\n\n### How to create custom Channel Views\n\n[![Torq Forwarding Views YouTube Guide](https://img.youtube.com/vi/5ZfgflfOFwQ/maxresdefault.jpg)](https://www.youtube.com/watch?v=5ZfgflfOFwQ)\n\n### How to use Automation Workflows\n\n[![Torq Workflow Automation YouTube Guide](https://img.youtube.com/vi/Go4uJoMhwrE/maxresdefault.jpg)](https://www.youtube.com/watch?v=Go4uJoMhwrE)\n\n### How to use the Forwards Tab\n\n[![Torq Forwarding Views YouTube Guide](https://img.youtube.com/vi/ZTetH8_jbgk/maxresdefault.jpg)](https://www.youtube.com/watch?v=ZTetH8_jbgk)\n\n\n## LND Permissions\n\nSince Torq is built to manage your node, it needs most/all permissions to be fully functional. However, if you want to\nbe extra careful you can disable some permissions that are not strictly needed.\n\nTorq does not for now need the ability to create new macaroon or stop the LND daemon,\n\n lncli bakemacaroon \\\n invoices:read \\\n invoices:write \\\n onchain:read \\\n onchain:write \\\n offchain:read \\\n offchain:write \\\n address:read \\\n address:write \\\n message:read \\\n message:write \\\n peers:read \\\n peers:write \\\n info:read \\\n uri:/lnrpc.Lightning/UpdateChannelPolicy \\\n --save_to=torq.macaroon\n\nHere is an example of a macaroon that can be used if you want to prevent all actions that sends funds from your node:\n\n lncli bakemacaroon \\\n invoices:read \\\n invoices:write \\\n onchain:read \\\n offchain:read \\\n address:read \\\n address:write \\\n message:read \\\n message:write \\\n peers:read \\\n peers:write \\\n info:read \\\n uri:/lnrpc.Lightning/UpdateChannelPolicy \\\n --save_to=torq.macaroon\n\n## CLN\n\nWe support CLN nodes (Except HTLC firewall). Make sure your CLN node is compatible with the version of Torq (See Compatibility).\n\nYou will have to have RUST active and also specify `--grpc-port` which should generate the appropriate mTLS certificates.\nYou need to provide these certificates once Torq is running (or as boot parameter or in the configuration file)\n\n## Compatibility\n\nTorq `v2.0.0` and up are compatible with `CLN v24.05.*` and `LND v0.18.2+`\n\nTorq `v1.5.0` <-> `v1.6.1` are compatible with `CLN v23.11.*`\n\nTorq `v1.2.0` <-> `v1.4.3` are compatible with `CLN v23.08.1+`\n\nTorq `v0.22.1` <-> `v1.1.5` are all compatible with `CLN v23.05.*`\n\n## Help and feedback\n\nJoin our [Telegram group](https://t.me/joinchat/V-Dks6zjBK4xZWY0) if you need help getting started.\nFeel free to ping us in the telegram group if you have any feature request or feedback. We would also love to hear your ideas for features or any other feedback you might have.\n" }, { "path": "SECURITY.md", "content": "# Security Policy\n\n## Reporting a Vulnerability\n\nIf you believe you have found a security vulnerability in any GitHub-owned repository, please report it to us through coordinated disclosure.\n\n**Please do not report security vulnerabilities through public GitHub issues, discussions, or pull requests.**\n\nInstead, please send an email to max[@]ln.capital.\n\nPlease include as much of the information listed below as you can to help us better understand and resolve the issue:\n\n * The type of issue (e.g., buffer overflow, SQL injection, or cross-site scripting)\n * Full paths of source file(s) related to the manifestation of the issue\n * The location of the affected source code (tag/branch/commit or direct URL)\n * Any special configuration required to reproduce the issue\n * Step-by-step instructions to reproduce the issue\n * Proof-of-concept or exploit code (if possible)\n * Impact of the issue, including how an attacker might exploit the issue\n\nThis information will help us triage your report more quickly.\n" }, { "path": "docker/delete.sh", "content": "#!/usr/bin/env bash\n\n# Check that the Docker daemon is running\nif ! docker ps > /dev/null; then exit 1; fi\n\nBASEDIR=$(dirname \"$0\")\n\nread -p \"Are you wish to delete Torq including data? (y/n)\" -n 1 -r\necho # (optional) move to a new line\nif [[ $REPLY =~ ^[Yy]$ ]]\nthen\n docker-compose -f $BASEDIR/docker-compose.yml down -v\nfi\n" }, { "path": "docker/example-docker-compose-host-network.yml", "content": "version: \"3.7\"\nservices:\n torq:\n image: \"lncapital/torq:latest\"\n restart: always\n depends_on:\n - \"db\"\n command:\n - --config\n - \"/home/torq/torq.conf\"\n - start\n network_mode: \"host\"\n volumes:\n - :/home/torq/torq.conf\n extra_hosts:\n - \"host.docker.internal:host-gateway\"\n db:\n restart: always\n image: \"timescale/timescaledb:latest-pg14\"\n environment:\n POSTGRES_PASSWORD: \"runningtorq\" # Must match db password set above\n volumes:\n - torq_db:/var/lib/postgresql/data\n network_mode: \"host\"\nvolumes:\n torq_db:\n" }, { "path": "docker/example-docker-compose.yml", "content": "version: \"3.7\"\nservices:\n torq:\n image: \"lncapital/torq:latest\"\n restart: always\n depends_on:\n - \"db\"\n command:\n - --config\n - \"/home/torq/torq.conf\"\n - start\n ports:\n - \":\"\n - \":\"\n volumes:\n - :/home/torq/torq.conf\n extra_hosts:\n - \"host.docker.internal:host-gateway\"\n db:\n restart: always\n image: \"timescale/timescaledb:latest-pg14\"\n environment:\n POSTGRES_PASSWORD: \"runningtorq\" # Must match db password set above\n volumes:\n - torq_db:/var/lib/postgresql/data\nvolumes:\n torq_db:\n" }, { "path": "docker/example-torq.conf", "content": "[cln]\n# Host:Port of the CLN node\n#url = \"127.0.0.1:17272\"\n# Path on disk to CLN client certificate file (if you are running Torq in a container, make sure to mount the file)\n#certificate-path = \"~/.cln/client.pem\"\n# Path on disk to CLN client key file (if you are running Torq in a container, make sure to mount the file)\n#key-path = \"~/.cln/client-key.pem\"\n# Path on disk to CLN certificate authority file (if you are running Torq in a container, make sure to mount the file)\n#ca-certificate-path = \"~/.cln/ca.pem\"\n\n[lnd]\n# Host:Port of the LND node\n#url = \"127.0.0.1:10009\"\n# Path on disk to LND Macaroon (if you are running Torq in a container, make sure to mount the file)\n#macaroon-path = \"~/.lnd/admin.macaroon\"\n# Path on disk to LND TLS file (if you are running Torq in a container, make sure to mount the file)\n#tls-path = \"~/.lnd/tls.cert\"\n\n[bitcoind]\n# Bitcoind network (MainNet, TestNet, RegTest, SigNet, SimNet)\n#network = \"MainNet\"\n# Bitcoind RPC Host:Port\n#url = \"localhost:8332\"\n# Bitcoind RPC user\n#user = \"bitcoinrpc\"\n# Bitcoind RPC password\n#password =\n\n[db]\n# Name of the database\n#name = \"torq\"\n# Name of the postgres user with access to the database\n#user = \"postgres\"\n# Password used to access the database\npassword = \"runningtorq\"\n# Port of the database\n#port = \"5432\"\n# Host of the database\nhost = \"\"\n\n[torq]\n# Password used to access the API and frontend\npassword = \"\"\n# Network interface to serve the HTTP API\"\n#network-interface = \"0.0.0.0\"\n# Port to serve the HTTP API\nport = \"\"\n# When pprof path is set then pprof is loaded when Torq boots.\n#pprof.path = \"localhost:6060\"\n# When prometheus path is set then prometheus is loaded when Torq boots.\n#prometheus.path = \"localhost:7070\"\n# Specify different debug levels (panic|fatal|error|warn|info|debug|trace)\n#debuglevel = \"info\"\n# Alternative path for alternative vector service implementation.\n#vector.url = \"https://vector.ln.capital/\"\n# Path to auth cookie file\n#cookie-path =\n# Start the server without subscribing to node data\n#no-sub = false\n# Allows logging in without a password\n#auto-login = false\n\n[customize]\n# Mempool custom URL (no trailing slash)\n#mempool.url = \"https://mempool.space\"\n# Electrum path (example: localhost:50001)\n#electrum.path = \"localhost:50001\"\n\n[otel]\n# Type of OpenTelemetry exporter stdout/file/jaeger\nexporter.type=\"stdout\"\n# Endpoint for jaeger\n#exporter.endpoint=\"\"\n# Path for the exporter\n#exporter.path=\"traces.txt\"\n# Sampler ratio default: 0.10 or 10%\nsampler.fraction=0.0\n" }, { "path": "docker/install.sh", "content": "#!/usr/bin/env bash\n\necho Configuring docker-compose and torq.conf files\n\neval CURRENT_DIRECTORY=`pwd`\nprintf \"\\n\"\necho Please specify where you want to add the Torq help commands\nread -p \"Directory (default: ~/.torq): \" TORQDIR\neval TORQDIR=\"${TORQDIR:=$HOME/.torq}\"\necho $TORQDIR\nmkdir -p $TORQDIR\ncd $TORQDIR\neval TORQDIR=`pwd`\ncd $CURRENT_DIRECTORY\nprintf \"\\n\"\n\n# Set web UI password\nprintf \"\\n\"\nstty -echo\nread -p \"Please set a web UI password: \" UIPASSWORD\n\nwhile [[ -z \"$UIPASSWORD\" ]]; do\n printf \"\\n\"\n read -p \"The password cannot be empty, please try again: \" UIPASSWORD\ndone\n\nstty echo\nprintf \"\\n\"\n\n# Set web UI port number\nprintf \"\\n\"\necho Please choose a port number for the web UI.\necho NB! Umbrel users needs to use a different port than 8080. Try 8081.\nread -p \"Port number (default: 8080): \" UI_PORT\neval UI_PORT=\"${UI_PORT:=8080}\"\n\nwhile [[ ! $UI_PORT =~ ^[0-9]+$ ]] || [[ $UI_PORT -lt 1 ]] || [[ $UI_PORT -gt 65535 ]]; do\n read -p \"Invalid port number. Please enter a valid port number from 1 through 65535: \" UI_PORT\ndone\n\n# Set gRPC port number\nprintf \"\\n\"\necho Please choose a port number for the Torq gRPC.\nread -p \"Port number (default: 50051): \" GRPC_PORT\neval GRPC_PORT=\"${GRPC_PORT:=50051}\"\n\nwhile [[ ! $GRPC_PORT =~ ^[0-9]+$ ]] || [[ $GRPC_PORT -lt 1 ]] || [[ $GRPC_PORT -gt 65535 ]]; do\n read -p \"Invalid port number. Please enter a valid port number from 1 through 65535: \" GRPC_PORT\ndone\n\n# Set network type\nprintf \"\\n\"\necho \"Only run with host network when your server has a firewall and doesn't automatically open all port to the internet.\"\necho \"You don't want the database to be accessible from the internet!\"\necho \"You usually want host network when you have a firewall and access the GRPC via localhost or 127.0.0.1\"\necho \"In all other cases bridge is the better and safer choice\"\nread -p \"Please choose network type host or bridge (default: bridge): \" NETWORK\neval NETWORK=\"${NETWORK:=bridge}\"\n\nwhile [[ \"$NETWORK\" != \"host\" ]] && [[ \"$NETWORK\" != \"bridge\" ]]; do\n printf \"\\n\"\n read -p \"Please choose network type host or bridge (default: bridge): \" NETWORK\n eval NETWORK=\"${NETWORK:=bridge}\"\ndone\n\nprintf \"\\n\"\n\n\n[ -f ${TORQDIR}/docker-compose.yml ] && rm ${TORQDIR}/docker-compose.yml\n\nTORQ_CONFIG=${TORQDIR}/torq.conf\n\ncurl --location --silent --output \"${TORQ_CONFIG}\" https://raw.githubusercontent.com/lncapital/torq/main/docker/example-torq.conf\nif [[ \"$NETWORK\" == \"host\" ]]; then\n curl --location --silent --output \"${TORQDIR}/docker-compose.yml\" https://raw.githubusercontent.com/lncapital/torq/main/docker/example-docker-compose-host-network.yml\nfi\nif [[ \"$NETWORK\" == \"bridge\" ]]; then\n curl --location --silent --output \"${TORQDIR}/docker-compose.yml\" https://raw.githubusercontent.com/lncapital/torq/main/docker/example-docker-compose.yml\nfi\n\n# https://stackoverflow.com/questions/16745988/sed-command-with-i-option-in-place-editing-works-fine-on-ubuntu-but-not-mac\n#torq.conf setup\nsed -i.bak \"s||$TORQ_CONFIG|g\" $TORQDIR/docker-compose.yml && rm $TORQDIR/docker-compose.yml.bak\nif [[ \"$NETWORK\" == \"bridge\" ]]; then\n sed -i.bak \"s//db/g\" $TORQ_CONFIG && rm $TORQ_CONFIG.bak\n sed -i.bak \"s//$UI_PORT/g\" $TORQDIR/docker-compose.yml && rm $TORQDIR/docker-compose.yml.bak\n sed -i.bak \"s//$GRPC_PORT/g\" $TORQDIR/docker-compose.yml && rm $TORQDIR/docker-compose.yml.bak\nfi\nsed -i.bak \"s//$UIPASSWORD/g\" $TORQ_CONFIG && rm $TORQ_CONFIG.bak\nsed -i.bak \"s//$UI_PORT/g\" $TORQ_CONFIG && rm $TORQ_CONFIG.bak\nsed -i.bak \"s//$GRPC_PORT/g\" $TORQ_CONFIG && rm $TORQ_CONFIG.bak\nif [[ \"$NETWORK\" == \"host\" ]]; then\n sed -i.bak \"s//localhost/g\" $TORQ_CONFIG && rm $TORQ_CONFIG.bak\nfi\n\necho 'Docker compose file (docker-compose.yml) created in '$TORQDIR\necho 'Torq configuration file (torq.conf) created in '$TORQDIR\n\nprintf \"\\n\"\n\n\nSTART_COMMAND='start-torq'\nSTOP_COMMAND='stop-torq'\nUPDATE_COMMAND='update-torq'\nDELETE_COMMAND='delete-torq'\n\ncurl --location --silent --output \"${TORQDIR}/${START_COMMAND}\" https://raw.githubusercontent.com/lncapital/torq/main/docker/start.sh\ncurl --location --silent --output \"${TORQDIR}/${STOP_COMMAND}\" https://raw.githubusercontent.com/lncapital/torq/main/docker/stop.sh\ncurl --location --silent --output \"${TORQDIR}/${UPDATE_COMMAND}\" https://raw.githubusercontent.com/lncapital/torq/main/docker/update.sh\ncurl --location --silent --output \"${TORQDIR}/${DELETE_COMMAND}\" https://raw.githubusercontent.com/lncapital/torq/main/docker/delete.sh\n\n#start-torq setup\nsed -i.bak \"s//$UI_PORT/g\" $TORQDIR/${START_COMMAND} && rm $TORQDIR/start-torq.bak\nsed -i.bak \"s//$GRPC_PORT/g\" $TORQDIR/${START_COMMAND} && rm $TORQDIR/start-torq.bak\n\nchmod +x $TORQDIR/$START_COMMAND\nchmod +x $TORQDIR/$STOP_COMMAND\nchmod +x $TORQDIR/$UPDATE_COMMAND\nchmod +x $TORQDIR/$DELETE_COMMAND\n\nprintf \"\\n\"\n\necho \"We have added these scripts to ${TORQDIR}:\"\necho \"${START_COMMAND} (This command starts Torq)\"\necho \"${STOP_COMMAND} (This command stops Torq)\"\necho \"${UPDATE_COMMAND} (This command updates Torq)\"\necho \"${DELETE_COMMAND} (WARNING: This command deletes Torq _including_ all collected data!)\"\n\nprintf \"\\n\"\n\necho \"Optional you can add these scripts to your PATH by running:\"\necho \"sudo ln -s ${TORQDIR}/* /usr/local/bin/\"\n\nprintf \"\\n\"\n\necho \"Try it out now! Make sure the Docker daemon is running, and then start Torq with:\"\necho \"${TORQDIR}/${START_COMMAND}\"\n" }, { "path": "docker/nginx.conf", "content": "events {}\nhttp {\n server {\n listen 132;\n location /torq/ {\n proxy_pass http://host.docker.internal:8080/;\n }\n }\n}\n" }, { "path": "docker/reverse-proxy-example.sh", "content": "docker run --name reverseproxy --mount type=bind,source=/nginx.conf,target=/etc/nginx/nginx.conf,readonly -p 132:132 --rm nginx\n" }, { "path": "docker/start.sh", "content": "#!/usr/bin/env bash\n\n# Check that the Docker daemon is running\nif ! docker ps > /dev/null; then exit 1; fi\n\nBASEDIR=$(dirname \"$0\")\n\ndocker pull lncapital/torq\ndocker-compose -f $BASEDIR/docker-compose.yml up -d\n\necho Torq is starting, please wait\n\nfunction timeout() { perl -e 'alarm shift; exec @ARGV' \"$@\"; }\n\ntimeout 300 bash -c 'while [[ \"$(curl -s -o /dev/null -w ''%{http_code}'' localhost:)\" != \"200\" ]]; do sleep 5; done' || false\n\necho Torq has started and is available on http://localhost:\nif [ \"$(uname)\" == \"Darwin\" ]; then\n open http://localhost:\nfi\nif [[ \"$(uname)\" != \"Darwin\" && x$DISPLAY != x ]]; then\n xdg-open http://localhost:\nfi\n" }, { "path": "docker/stop.sh", "content": "#!/usr/bin/env bash\n\n# Check that the Docker daemon is running\nif ! docker ps > /dev/null; then exit 1; fi\n\nBASEDIR=$(dirname \"$0\")\n\ndocker-compose -f $BASEDIR/docker-compose.yml down\n" }, { "path": "docker/update.sh", "content": "#!/usr/bin/env bash\n\n# Check that the Docker daemon is running\nif ! docker ps > /dev/null; then exit 1; fi\n\nBASEDIR=$(dirname \"$0\")\n\ndocker-compose -f $BASEDIR/docker-compose.yml down\ndocker pull lncapital/torq\ndocker-compose -f $BASEDIR/docker-compose.yml up -d\n" }, { "path": "kubernetes/README.md", "content": "![Torq - Banner](./docs/images/readme-banner.png)\n\n# Torq\n\nTorq Kubernetes CRD files are work-in-progress example template files.\n\nFiles that require custom modifications are:\n - bitcoin-core.yaml: \\\n - cluster-issuer.yaml: \\\n - lnd-postgres-configmap.yaml: \\ and \\\n - lnd.yaml: \\, \\, \\ and \\\n - torq-ingress.yaml: \\\n - torq-postgres-configmap.yaml: \\ and \\\n - torq.yaml: \\ and \\\n\n# Secret creation\n\n`kubectl create configmap lnd-tls.cert --from-file=/path/to/lnd/tls.cert`\n\n`kubectl create configmap lnd-admin.macaroon --from-file=/home/kobe/lnd/admin.macaroon`\n\n# TODO\n\nConvert more things to secrets.\n\n## Help and feedback\n\nJoin our [Telegram group](https://t.me/joinchat/V-Dks6zjBK4xZWY0) if you need help getting started.\nFeel free to ping us in the telegram group if you have any feature request or feedback. We would also love to hear your ideas for features or any other feedback you might have.\n" }, { "path": "kubernetes/bitcoin-core-pvc.yaml", "content": "kind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: bitcoin-core-pv-claim\nspec:\n storageClassName: default\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 700Gi\n" }, { "path": "kubernetes/bitcoin-core.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: bitcoin-core-deployment\n labels:\n app: bitcoin-core-app\n tier: bitcoin\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: bitcoin-core-app\n template:\n metadata:\n labels:\n app: bitcoin-core-app\n tier: bitcoin\n spec:\n hostname: bitcoin-core-mainnet\n volumes:\n - name: bitcoin-core-pv-storage\n persistentVolumeClaim:\n claimName: bitcoin-core-pv-claim\n containers:\n - name: bitcoin-core\n image: \"ruimarinho/bitcoin-core:latest\"\n imagePullPolicy: IfNotPresent\n resources:\n requests:\n memory: \"10G\"\n args:\n - -printtoconsole\n - -rpcauth=\n - -disablewallet=1\n - -nopeerbloomfilters=1\n - -txindex=1\n - -rpcbind=0.0.0.0\n - -rpcbind=bitcoin-core-mainnet\n - -rpcport=8332\n - -rpcallowip=0.0.0.0/0\n - -server=1\n - -maxmempool=100\n - -peerbloomfilters=0\n - -dbcache=3000\n - -maxuploadtarget=1000\n - -permitbaremultisig=0\n - -zmqpubrawblock=tcp://0.0.0.0:28332\n - -zmqpubrawtx=tcp://0.0.0.0:28333\n volumeMounts:\n - name: bitcoin-core-pv-storage\n mountPath: \"/home/bitcoin/.bitcoin\"\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: bitcoin-core-service\n labels:\n tier: bitcoin\nspec:\n selector:\n app: bitcoin-core-app\n tier: bitcoin\n ports:\n - port: 28332\n name: bitcoin-core-zmq-block\n - port: 28333\n name: bitcoin-core-zmq-tx\n - port: 8332\n name: bitcoin-core-rpc\n" }, { "path": "kubernetes/cluster-issuer.yaml", "content": "apiVersion: cert-manager.io/v1\nkind: ClusterIssuer\nmetadata:\n name: letsencrypt\nspec:\n acme:\n server: https://acme-v02.api.letsencrypt.org/directory\n email: \n privateKeySecretRef:\n name: letsencrypt\n solvers:\n - http01:\n ingress:\n class: nginx\n podTemplate:\n spec:\n nodeSelector:\n \"kubernetes.io/os\": linux\n" }, { "path": "kubernetes/lnd-postgres-configmap.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: lnd-postgres-config\n labels:\n app: lnd-postgres\ndata:\n POSTGRES_DB: \"lndpostgresdb\"\n POSTGRES_USER: \"\"\n POSTGRES_PASSWORD: \"\"\n PGDATA: \"/var/lib/postgresql/data/pgdata\"\n" }, { "path": "kubernetes/lnd-postgres-pvc.yaml", "content": "kind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: lnd-postgres-pv-claim\nspec:\n storageClassName: default\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n" }, { "path": "kubernetes/lnd-postgres.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: lnd-postgres-deployment\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: lnd-postgres-app\n template:\n metadata:\n labels:\n app: lnd-postgres-app\n spec:\n containers:\n - name: lnd-postgres\n image: postgres:15\n imagePullPolicy: \"IfNotPresent\"\n ports:\n - containerPort: 5432\n envFrom:\n - configMapRef:\n name: lnd-postgres-config\n volumeMounts:\n - mountPath: /var/lib/postgresql/data\n name: lndpostgresdb\n volumes:\n - name: lndpostgresdb\n persistentVolumeClaim:\n claimName: lnd-postgres-pv-claim\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: lnd-postgres-service\nspec:\n selector:\n app: lnd-postgres-app\n ports:\n - port: 5432\n" }, { "path": "kubernetes/lnd-pvc.yaml", "content": "kind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: lnd-pv-claim\nspec:\n storageClassName: default\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 10Gi\n" }, { "path": "kubernetes/lnd.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: lnd-deployment\n labels:\n app: lnd-app\n tier: lnd\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: lnd-app\n template:\n metadata:\n labels:\n app: lnd-app\n tier: lnd\n spec:\n volumes:\n - name: lnd-pv-storage\n persistentVolumeClaim:\n claimName: lnd-pv-claim\n containers:\n - name: lnd\n image: \"lightninglabs/lnd:v0.16.0-beta\"\n imagePullPolicy: IfNotPresent\n args:\n - --bitcoin.active\n - --bitcoin.mainnet\n - --lnddir=/root/.lnd\n - --bitcoin.node=bitcoind\n - --tlsextradomain=lnd-service\n - --rpclisten=0.0.0.0:10009\n - --restlisten=0.0.0.0:8080\n - --listen=0.0.0.0\n - --bitcoind.rpchost=bitcoin-core-service\n - --bitcoind.rpcpass=\n - --bitcoind.rpcuser=\n - --bitcoind.zmqpubrawblock=tcp://bitcoin-core-service:28332\n - --bitcoind.zmqpubrawtx=tcp://bitcoin-core-service:28333\n - --db.backend=postgres\n - --db.postgres.dsn=postgres://:@lnd-postgres-service:5432/lndpostgresdb?sslmode=disable\n - --wallet-unlock-password-file=/root/.lnd/wallet_password\n volumeMounts:\n - name: lnd-pv-storage\n mountPath: \"/root/.lnd\"\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: lnd-service\n labels:\n tier: lnd\nspec:\n selector:\n app: lnd-app\n tier: lnd\n ports:\n - port: 10009\n name: lnd-rpc-port\n - port: 9735\n name: lnd-peer-port\n - port: 8080\n name: lnd-http-port\n" }, { "path": "kubernetes/torq-ingress.yaml", "content": "apiVersion: networking.k8s.io/v1\nkind: Ingress\nmetadata:\n name: torq-ingress\n namespace: default\n annotations:\n cert-manager.io/cluster-issuer: letsencrypt\nspec:\n ingressClassName: nginx\n tls:\n - hosts:\n - \n secretName: tls-secret\n rules:\n - host: \n http:\n paths:\n - path: /\n pathType: Prefix\n backend:\n service:\n name: torq-service\n port:\n number: 8080\n" }, { "path": "kubernetes/torq-postgres-configmap.yaml", "content": "apiVersion: v1\nkind: ConfigMap\nmetadata:\n name: torq-timescaledb-config\n labels:\n app: torq-timescaledb\ndata:\n POSTGRES_DB: \"torqtimescaledb\"\n POSTGRES_USER: \"\"\n POSTGRES_PASSWORD: \"\"\n PGDATA: \"/var/lib/postgresql/data/pgdata\"\n" }, { "path": "kubernetes/torq-postgres-pvc.yaml", "content": "kind: PersistentVolumeClaim\napiVersion: v1\nmetadata:\n name: torq-timescaledb-pv-claim\nspec:\n storageClassName: default\n accessModes:\n - ReadWriteOnce\n resources:\n requests:\n storage: 100Gi\n" }, { "path": "kubernetes/torq-postgres.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: torq-timescaledb-deployment\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: torq-timescaledb-app\n template:\n metadata:\n labels:\n app: torq-timescaledb-app\n spec:\n containers:\n - name: torq-timescaledb\n image: timescale/timescaledb:latest-pg14\n imagePullPolicy: \"IfNotPresent\"\n resources:\n requests:\n memory: \"10G\"\n ports:\n - containerPort: 5432\n envFrom:\n - configMapRef:\n name: torq-timescaledb-config\n volumeMounts:\n - mountPath: /var/lib/postgresql/data\n name: torqtimescaledb\n volumes:\n - name: torqtimescaledb\n persistentVolumeClaim:\n claimName: torq-timescaledb-pv-claim\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: torq-timescaledb-service\nspec:\n selector:\n app: torq-timescaledb-app\n ports:\n - port: 5432\n" }, { "path": "kubernetes/torq.yaml", "content": "apiVersion: apps/v1\nkind: Deployment\nmetadata:\n name: torq-deployment\n labels:\n app: torq-app\n tier: torq\nspec:\n replicas: 1\n selector:\n matchLabels:\n app: torq-app\n template:\n metadata:\n labels:\n app: torq-app\n tier: torq\n spec:\n securityContext:\n runAsUser: 1000\n fsGroup: 1000\n volumes:\n - name: macaroonvolume\n configMap:\n name: lnd-admin.macaroon\n - name: tlsvolume\n configMap:\n name: lnd-tls.cert\n containers:\n - name: vector\n image: \"lncapital/torq:latest\"\n imagePullPolicy: IfNotPresent\n args:\n - --db.name=torqtimescaledb\n - --db.host=torq-timescaledb-service\n - --db.user=\n - --db.password=\n - --lnd.url=lnd-service:10009\n - --lnd.tls-path=/app/lnd/tls/tls.cert\n - --lnd.macaroon-path=/app/lnd/macaroon/admin.macaroon\n - start\n volumeMounts:\n - name: macaroonvolume\n mountPath: /app/lnd/macaroon\n - name: tlsvolume\n mountPath: /app/lnd/tls\n---\napiVersion: v1\nkind: Service\nmetadata:\n name: torq-service\n labels:\n tier: torq\nspec:\n type: ClusterIP\n selector:\n app: torq-app\n tier: torq\n ports:\n - port: 8080\n name: torq-http-port\n" } ]