Start9 Core Lightning node as Stacker.News wallet

pull down to refresh

Start9 Core Lightning node as Stacker.News wallet - Solution

1426 sats \ 19 comments \ @Lumor 25 Jan meta

Here follows the tale of how I managed to get my CLN node connected to Stacker.News today. One section for each required field in https://stacker.news/wallets/cln. Hopefully it will help another wallet-straggler like me.

rest host and port

In the StartOS web UI: Go to Core Lighting -> Properties.

Make the "CLNRest Quick Connect"-section visible. (If it's not shown, you need to enable the CLNRest plugin under Core Lightning -> Config -> Advanced -> Plugins).

Copy the "foo.onion:3010" part from clnrest://<nodeid>@foo.onion:3010?rune=yadayada into the 1st field.

invoice only rune

The StartOS web interface for Core Lightning allows creating full-capability runes, but Stacker News requires a restricted rune, so we have to drop to CLI.

In the StartOS web UI: Go to System -> SSH and add a new SSH key in order to be able to connect via the command line (docs). Once set up, login to your node:

ssh start9@<address of your StartOS node>

Via SSH, follow the instructions for dropping into a shell inside a container. Something like:

sudo podman exec -it c-lightning.embassy bash

Create an invoice-only rune using slightly different syntax than in the SN help, note the extra angle brackets(!):

lightning-cli createrune restrictions='[["method=invoice"]]'

The output should be

{
   "rune": "<base64-value>",
   "unique_id": "1"
}

base64-value is what you need to copy into the 2nd field.

cert

(I was surprised this was required as we are running behind a Tor hidden service, but okay...)

Open up your node's certificate (downloadable from the StartOS web UI under System -> Root CA).

Copy the public key value, it may be displayed in Base64 or in hex. For me, Firefox was showing it in hexadecimal with extra ":"-delimiters that I needed to discard. This is the value for the 3rd field.

view all related items

43 sats \ 6 replies \ @Lumor OP 25 Jan

@ek Please note that I needed an extra pair of angle brackets. With the single brackets my CLN log showed:

INFO    lightningd: JSON COMMAND createrune: Invalid parameter restrictions (not a valid restriction (should be array)): token '"method=invoice"'

Might want to change/amend https://github.com/stackernews/stacker.news/blob/53b8f6f9564bee813c8e0dfd9f7295ea164d3256/wallets/cln/index.js#L24 (Not logging into Github because reasons 😎).

0 sats \ 5 replies \ @ek 25 Jan

Which CLN version are you running? It works with a single bracket for me:

$ lightning-cli createrune restrictions='["method=invoice"]'

We are testing with v23.08

43 sats \ 4 replies \ @Lumor OP 25 Jan

I'm on v24.11.1

0 sats \ 3 replies \ @ek 25 Jan

Did you use first ' and then inside " or the other way around?

I also get an error if I run

$ lightning-cli createrune restrictions="['method=invoice']"
lightning-cli: Some parameters are malformed, cannot create a valid JSON-RPC request: { "jsonrpc" : "2.0", "method" : "createrune", "id" : "cli:createrune#3018", "params" :{ "restrictions" : ['method=invoice']} }

but I don't if I run

$ lightning-cli createrune restrictions='["method=invoice"]'

It's probably some shell expansion that is consuming the brackets if you use " since " does not disable shell expansion but ' does.

1010 sats \ 2 replies \ @Lumor OP 25 Jan

I was trying the second one ('["method=invoice"]'). $SHELL is bash. Maybe something in newer CLN versions made the parameter actually be an array of arrays?

21 sats \ 1 reply \ @ek 25 Jan

Mhh, reading the createrune docs, that might indeed be the case:

restrictions (one of, optional): It can be the string readonly, or an array of restrictions. Each restriction is an array of one or more alternatives

Will test with v24.11

update: you are right, on v24.11, I need to run this:

$ lightning-cli createrune restrictions='[["method=invoice"]]'

and this throws:

$ lightning-cli createrune restrictions='["method=invoice"]'
{
   "code": -32602,
   "message": "restrictions: not a valid restriction (should be array): invalid token (see logs for details)"
}

0 sats \ 0 replies \ @ek 25 Jan

created a PR

10 sats \ 6 replies \ @ek 25 Jan

I was surprised this was required as we are running behind a Tor hidden service, but okay...

Oh, it shouldn't be required for hidden services but I see in our local dev setup that it throws "socket hang up" if you don't give it a cert. That's a bug!

21 sats \ 2 replies \ @ek 25 Jan

Mhh, or maybe this is actually not a bug because CLNRest uses HTTPS by default, see docs. Are you sure you passed --clnrest-protocol=http?

It works without a cert if I do so.

0 sats \ 1 reply \ @Lumor OP 25 Jan

Oh, I'm trying to keep my StartOS config as "dumb" as possible, so I only try to mess with configuration via the web UI, and it doesn't expose the option of changing the protocol for CLNRest, just enabling/disabling the whole plugin. Guess they leave that HTTPS-default, which makes sense as they are/have added clearnet-support for StartOS.

10 sats \ 0 replies \ @ek 25 Jan

makes sense, just wanted to let you know that we do allow onion without cert :)

0 sats \ 2 replies \ @Lumor OP 25 Jan

Ah, thanks for noticing! Yes, I think I was getting exactly the same error.

Was getting some exception thrown from here I think: https://github.com/gevent/gevent/blob/master/src/gevent/ssl.py#L319

10 sats \ 1 reply \ @ek 25 Jan

That's SSL code so your CLN node is expecting HTTPS and therefore we need a cert to talk to it. You need to configure it appropriately to not expect HTTPS, see my other comment.

0 sats \ 0 replies \ @Lumor OP 25 Jan

Yup, realizing it was SSL-related is what made me give up on trying with an empty cert-field and dig up the public key.

0 sats \ 1 reply \ @anon 21h

So anybody on the Tor network can create invoices on your node at foo.onion:3010? It better be rate limited.

0 sats \ 0 replies \ @ek 21h

It requires a rune and lightning addresses are also usually not rate-limited afaict.