0. Intro
Here we go again, with the fifth guide of this improvised series. This one is to help you attach your LND node to SN via ThunderHub (TH) and automagiically autowithdraw your precious sats.
If you never heard of TH, that's bad! It's a really powerful user interface that enable you to easily control the Lightning, meaning, monitor and manage your node from any browser and any device. It runs on most LND node implementations, without prejudice and in alphabetical order: MyNode, RaspiBlitz, Start9, Umbrel, or cloud services like BTCpay Server, Nodana and VOLTAGE.
So if you are running your node with one of the above, ideally hosted in your hardware, you should be able to install it without asking permissions.
1. Requirements
- 1 SN account! Not joking... if you did not sign up yet, DO IT NOW!!
- 1 s̲e̲l̲f̲-̲h̲o̲s̲t̲e̲d̲ (preferred) or cloud-served Bitcoin Lightning LND public node.
- 1 ThunderHub app installed in your node (check above for compatible implementations)
- Some basic understanding of Bitcoin and the Lightning Network (LN). Not required but useful!
2. SN wallet attach LND requirements
2.1 grpc host and port
These two are literally the URL address where your node is publicly accessible on the web. It could be a public static IP or a domain/subdomain (if you have set it up) or a
torURLaddress.onion
address if you are also running the node on TOR network to preserve your privacy. The port will change depending on which OS your LND app is running on.When running a node on a cloud service, everything is much easier, and you skip all that networking setup, port forwarding and proxy installations that get most people stacked with errors. Be ₿RAVE and search online without fear, everything is already there, and we do learn by making mistakes. You are not the first, nor will be the last people on having this type of challenges when setting up your node. Avoid cloud services if you can, and DYOR, every OS provides nice documentation, here below some of them:
In a nutshell, you need your node's local IP. You can find it in your router settings or running
arp -a
from your terminal (from a computer in the same LAN connected to your node). It will show you a list of IPs, one is your node. You can read more in details on these guides for Windows or MacOS and learn how to add a line to contain IP and the name of the host (computer) in your host file, something like 192.168.1.x umbrel.local
(where 192.168.1.x is the IP of your node).And here is a quote that might help you better understand how LND gRPC works:
... You might need to forward the port10009
on your router for it to be reachable from the outside. Also, you definitely needrpclisten=0.0.0.0:10009
, otherwise only connections from the same machine will work (which is what the127.0.0.1
indicates here:RPC server listening on 127.0.0.1:10009
). -- guggero on GitHub
2.2 invoice macaroon
𝑁𝑜𝑡𝑒: There are obviously multiple ways to get a macaroon, in this guide we'll use specifically Thunder Hub, as it is available on mostly all OS running LND.
To preserve your privacy, SN accepts prebaked invoice.macaroon, and here is where we gonna open our TH app and from the side bar menu in the left
Tools > Bakery
bake the macaroon string as follow:
Allow permissions to only Create Invoices and Get invoices, as shown below.
Then, click the [Generate New Macaroon] button.
Copy the hex or base64 encoded macaroon...
... and paste it in the second input field to attach LND node to SN:
𝑁𝑜𝑡𝑒: If you fancy using
cli
, generate a new macaroon as follows after ssh
ing in your node from terminal:lncli bakemacaroon invoices:write invoices:read
2.3 certificate
Here we dive a little bit more into technicalities. The certificate is something needed to secure the connection between your node and SN. It's optional if your node is hosted in the cloud and the provider (like BTCpay Server, Nodana, etc... ) has an agreement with (or is) a Certificate Authority (CA).
But how do I get a certificate then? Here too, as in step 2.1 there are many options, DYOR!
Here is another quote to help you learn about tls.cert:
... you don't have to runlnd
on the client side. Thetls.cert
is required on the client side to authenticate the encrypted connection, to verify you are talking to the correct node. So you don't have to create atls.cert
on the client side, you have to copy the one from the server side to the client (so the client can verify the public key in the certificate against the one offered bylnd
during the TLS encrypted connection). -- guggero on GitHub
2.4 final details
We are nearly there... just make sure to set:
- desired balance =
0
, - max fee to a min of
1%
and... - . ... click on the yellow [ attach ] button.
PS: Let us know how you go with this and if there's any way we can improve this guide. In case you get anerror
in the logs after clicking the attach button, report it in a comment below and we'll try to figure out what's wrong.
3.0 Congratulations, stackers!
You just did your first step into bitcoin sovereignty! Your sats now should be landing directly in your Lightning node. Happy stacking!