Backup core-lightning and LNBits
Dear future self, these are the steps how I securely backup my core-lightning emergency recovery file and LNbits wallets using GPG and Git.
Setup
Backup Plan A:
— Backing up core-lightning databases in real-time to a secondary drive.
— Backing up LNBits every 5 minutes with rsync to a secondary drive
Backup Plan B:
— Upload core-lightning emergency.recover
— Upload LNBits wallets to the cloud
This story will focus on Plan B. It is called Plan B because these backups will only be used if something catastrophic happens to both storage devices.
Plan A is if something bad happens to the drive where the cln channels and LNBits databases are stored.
I have both backup plans running simultaneously.
Encryption
Before we start uploading our backup files to a cloud storage, we need to make sure they’re encrypted, I’m using GPG to encrypt the files. Here’s an article that covers how to configure GPG on a Raspberry Pi.
After we have GPG configured on the node running C-Lightning and LNBits it’s time to configure the node to start encrypting and uploading the important files on a recurring basis.
Upload
The bash file below gets all the files modified in the past 5 minutes to encrypt and then uploads to a git repository.
Which files?
emergency.recover— core lightning recovery file- all LNBits data files and extensions
The emergency.recover file is a last resort to recover funds, when it is used it will close all lightning channels and put funds back to the cln on-chain wallet. It it really important to also backup of the hsm_secret file, without it you won’t be able to recover funds, it contains the master seed to the on-chain wallet and everything lightning, it is risky to upload this file to a cloud provider even if its encrypted, the good thing is that it doesn’t need recurring backups, I have stored it in a secure place.
Restoring LNBits data files won’t make us lose funds, but it is important to keep track of each wallet’s balance, or at least check with the people that had wallets in your node that they have all funds before the recovery.
#!/usr/bin/bash
backup() {
FILENAME=`basename $1`
ENCRYPTED_FILENAME="$2/$FILENAME.gpg"
fixpermissions "$1"
encrypt "$1" "$ENCRYPTED_FILENAME"
commit "$ENCRYPTED_FILENAME"
}
fixpermissions() {
sudo chmod g+r "$1"
}
encrypt() {
gpg --yes --output "$2" --encrypt --sign --armor --recipient recipient@email.com "$1"
}
commit() {
git add "$1"
git commit -m "update $1"
}
# backup lnbits data to external drive
sudo rsync -av /mnt/sda/downloads/lnbits/data /mnt/sdb/lnbits
pushd /mnt/sdb/rpi-backup
# upload core lightning files
find /mnt/sdb/lightning-db/emergency.recover -type f -mmin -5 | while read file; do backup "$file" "/mnt/sdb/rpi-backup/clightning" ; done
# upload lnbit DB files
find /mnt/sdb/lnbits/data -maxdepth 1 -type f -mmin -5 | while read file; do backup "$file" "/mnt/sdb/rpi-backup/lnbits" ; done
# upload lnbits extension
find /mnt/sdb/lnbits/data/extensions -maxdepth 1 -type f -mmin -5 | while read file; do backup "$file" "/mnt/sdb/rpi-backup/lnbits/extensions" ; done
# Push only when there are commits
if [[ $((`git cherry | wc -l`)) > 0 ]]; then
git push
fi
popdMy suggestion is to give the above script a try on other directories so you know how it works.
Next, setup recurring executing using crontab:
$ crontab -eThe above crontab will open a window to edit the recurring executions settings, add the following line to execute the above bash script every 5 minutes:
*/5 * * * * /mnt/sdb/rpi-backup/sync.sh > /mnt/sdb/rpi-backup/sync.sh.logNow that I have automatic cloud backups and local backups I’m confident on putting funds in my node and LNbits wallets. ✔️
Recovery
Recovering LNBits wallets it’s just a copy/paste.
To recover C-Lightning funds I recommend reading the whole document on their official site about this topic:
