use static certs for lndk dev

Author: riccardobl

.gitignore

@@ -58,4 +58,7 @@ docker-compose.*.yml
 scripts/nwc-keys.json
 
 # lnbits
-docker/lnbits/data
+docker/lnbits/data
+
+# lndk
+!docker/lndk/tls-*.pem

docker-compose.yml

@@ -389,6 +389,7 @@ services:
       - '--grpc-host=0.0.0.0'
       - '--address=https://sn_lnd:10009'   
       - '--cert-path=/home/lnd/.lnd/tls.cert'
+      - '--tls-ip=sn_lndk'
       - '--macaroon-path=/home/lnd/.lnd/data/chain/bitcoin/regtest/admin.macaroon'
     ports:
       - "${SN_LNDK_GRPC_PORT}:7000"

docker/lndk/Dockerfile

@@ -2,6 +2,13 @@
 # glibc 2.39 which is not available on debian or ubuntu images.
 FROM fedora:40
 RUN useradd -u 1000 -m lndk
+
+RUN mkdir -p /home/lndk/.lndk 
+COPY ["./tls-*", "/home/lndk/.lndk"]
+RUN chown 1000:1000 -Rvf /home/lndk/.lndk && \
+    chmod 644 /home/lndk/.lndk/tls-cert.pem && \
+    chmod 600 /home/lndk/.lndk/tls-key.pem
+
 USER lndk
 RUN curl --proto '=https' --tlsv1.2 -LsSf https://github.com/lndk-org/lndk/releases/download/v0.2.0/lndk-installer.sh | sh
 RUN echo 'source /home/lndk/.cargo/env' >> $HOME/.bashrc

docker/lndk/tls-cert.pem

@@ -0,0 +1,10 @@
+-----BEGIN CERTIFICATE-----
+MIIBaDCCAQ2gAwIBAgIUOms3xZ+pBVUntnFD7J0m7Ll1MZYwCgYIKoZIzj0EAwIw
+ITEfMB0GA1UEAwwWcmNnZW4gc2VsZiBzaWduZWQgY2VydDAgFw03NTAxMDEwMDAw
+MDBaGA80MDk2MDEwMTAwMDAwMFowITEfMB0GA1UEAwwWcmNnZW4gc2VsZiBzaWdu
+ZWQgY2VydDBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABGdu9cXUGSPIycSCbmGb
+6/4U+txvE0aSvzsMc+pKFiXlB+P/3x/WxYMxlHB0lh9fTQU8tdViJ2AY/QnHVwUk
+O4CjITAfMB0GA1UdEQQWMBSCCWxvY2FsaG9zdIIHc25fbG5kazAKBggqhkjOPQQD
+AgNJADBGAiEA78UdPHgdaXVyttqt21+uWTlFn4B6queGL/cmYpQbiIsCIQCwxY0n
+x2v5zXEwPU/bOnaQNeq9F8AT+/4lKelHfON/Gw==
+-----END CERTIFICATE-----

docker/lndk/tls-key.pem

@@ -0,0 +1,5 @@
+-----BEGIN PRIVATE KEY-----
+MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgTa/r2pnmB05EwKk6
+a4FbigSagGBok+i/ASxkG9iGedWhRANCAARnbvXF1BkjyMnEgm5hm+v+FPrcbxNG
+kr87DHPqShYl5Qfj/98f1sWDMZRwdJYfX00FPLXVYidgGP0Jx1cFJDuA
+-----END PRIVATE KEY-----