Link

LND

lnd configuration

[Application Options]
debuglevel = info
maxpendingchannels=5
no-macaroons = false
alias = NODE_NAME_HERE
color = #BBA142
datadir = "~/.lnd/data"
listen=:9736
adminmacaroonpath = "~/.lnd/data/chain/bitcoin/testnet/admin.macaroon"
readonlymacaroonpath = "~/.lnd/data/chain/bitcoin/testnet/readonly.macaroon"
invoicemacaroonpath = "~/.lnd/data/chain/bitcoin/testnet/invoice.macaroon"
tlscertpath="~/.lnd/tls.cert"
tlskeypath="~/.lnd/tls.key"
nat = false

; Specify the interfaces to listen on for gRPC connections.  One listen
; address per line.
; Only ipv4 localhost on port 10009:
;   rpclisten=localhost:10009
; On ipv4 localhost port 10009 and ipv6 port 10010:
rpclisten=localhost:10009
rpclisten=[::1]:10010
; On an Unix socket:
;   rpclisten=unix:///var/run/lnd/lnd-rpclistener.sock

; Specify the interfaces to listen on for REST connections.  One listen
; address per line.
; All ipv4 interfaces on port 8080:
;   restlisten=0.0.0.0:8080
; On ipv4 localhost port 80 and 443:
restlisten=localhost:8080
restlisten=localhost:8443
; On an Unix socket:
;   restlisten=unix:///var/run/lnd-restlistener.sock

[Bitcoin]
bitcoin.mainnet = 0
bitcoin.testnet = 1
bitcoin.active = 1
bitcoin.node = bitcoind

[autopilot]
autopilot.active = 0
autopilot.maxchannels = 5
autopilot.allocation = 0.6

[bitcoind]
bitcoind.rpchost = localhost:18332
bitcoind.rpcuser = raspiuser
bitcoind.rpcpass = mypassword
bitcoind.zmqpubrawblock=tcp://127.0.0.1:28332
bitcoind.zmqpubrawtx=tcp://127.0.0.1:28333

systemd configuration

[Unit]
Description=LND Lightning Daemon

[Service]
ExecStart=/home/pi/gocode/bin/lnd
ExecStop=/home/pi/gocode/bin/lncli stop
PIDFile=/home/pi/.lnd/lnd.pid

User=pi
Group=pi
Type=simple
KillMode=process
TimeoutStartSec=60
TimeoutStopSec=60
Restart=always
RestartSec=60

# Hardening measures
####################
# Provide a private /tmp and /var/tmp.
PrivateTmp=true
# Mount /usr, /boot/ and /etc read-only for the process.
ProtectSystem=full
# Disallow the process and all of its children to gain
# new privileges through execve().
NoNewPrivileges=true
# Use a new /dev namespace only populated with API pseudo devices
# such as /dev/null, /dev/zero and /dev/random.
PrivateDevices=true
# Deny the creation of writable and executable memory mappings.
MemoryDenyWriteExecute=true

[Install]
WantedBy=multi-user.target