diff options
| author | Florian Dold <florian@dold.me> | 2023-12-04 22:00:12 +0100 |
|---|---|---|
| committer | Florian Dold <florian@dold.me> | 2023-12-04 22:00:12 +0100 |
| commit | 294070748042491ea431abb72674e8d5bf8dc433 (patch) | |
| tree | df3bbde9ae4eea75d7c455300d81cb651dbb0553 | |
| parent | ac38198d161f892cd63bf118e3d780096f879c37 (diff) | |
| download | deployment-294070748042491ea431abb72674e8d5bf8dc433.tar.gz deployment-294070748042491ea431abb72674e8d5bf8dc433.tar.bz2 deployment-294070748042491ea431abb72674e8d5bf8dc433.zip | |
get rid of the legacy sandcastle
49 files changed, 0 insertions, 2162 deletions
diff --git a/sandcastle/.env b/sandcastle/.env deleted file mode 100644 index 3179771..0000000 --- a/sandcastle/.env +++ /dev/null @@ -1,12 +0,0 @@ -TALER_DB_PORT=8888 - -TALER_EXCHANGE_PORT=5555 - -TALER_MERCHANT_PORT=5556 -TALER_BLOG_PORT=5559 -TALER_DONATIONS_PORT=5560 -TALER_SURVEY_PORT=5561 -TALER_LANDING_PORT=5562 -TALER_SYNC_PORT=5563 - -LIBEUFIN_BANK_PORT=15000 diff --git a/sandcastle/.gitignore b/sandcastle/.gitignore deleted file mode 100644 index e69de29..0000000 --- a/sandcastle/.gitignore +++ /dev/null diff --git a/sandcastle/README b/sandcastle/README deleted file mode 100644 index 1a89c22..0000000 --- a/sandcastle/README +++ /dev/null @@ -1,292 +0,0 @@ -Description -=========== - -This setup orchestrates the following containers: - -1. Banking (libEufin) -2. Shop(s) -3. Payment service provider (Taler exchange and helpers) -4. Database - -FIXME (#7463): the current version requires the user to manually -point the bank SPA to any backend not being served at bank.demo.taler.net. - -How to compile -============== - -The base image (not managed by the docker compose setup) and -all the other images must be compiled. - -Base image ----------- - -This image contains a minimal Debian distribution -with ALL the Taler software and its dependencies. - -From this directory, run: - - $ ./build_base.sh [--help] [tags-file] - -Composed containers -------------------- - -From this directory, run: - - $ docker compose build - -Hotfixes --------- - -Attach to the base image first: - - # $HOTFIX is arbitrary; helps avoid copying and pasting alphanumeric IDs - $ docker run --name $HOTFIX -it taler_local/taler_base /bin/bash - -From inside the container, navigate to "/$REPO", issue -"git pull" and install the software as usual. Exit the -container thereafter. - -Commit the container having the hotfix: - - $ docker commit $HOTFIX - -That outputs a new ID ($RETVAL). That is the ID of the -modified image. Tag it, to let other images use it to build: - - $ docker tag $RETVAL taler_local/taler_base:latest - -Now build all the images with docker-compose, as described -in the 'How to run' section. - -How to run only one image -========================= - -The following commands run only one image, from those -belonging to the compose file. Note that such image may -easily fail because it likely relies on other images not -being run. - -$ docker compose build $image-name # if also new changes need to be tested. -$ docker compose up $image-name - -'bank', 'exchange', 'merchant', 'talerdb' are valid values -for $image-name. - -Enabling rewards -================ - -The following command (executed from the container CLI) manually creates a rewards reserve: - -$ taler-harness deployment tip-topup --merchant-url https://backend.demo.taler.net/instances/survey/ --merchant-apikey=$MERCHANT_APIKEY --bank-access-url https://bank.demo.taler.net/demobanks/default/access-api/ --wire-method=iban --amount=KUDOS:5000 --bank-account=survey-at-sandbox --bank-password=$SURVEY_SECRET --exchange-url https://exchange.demo.taler.net/ - -The status of the rewards reserves can be checked via: - -$ taler-harness deployment tip-status --merchant-url https://backend.demo.taler.net/instances/survey/ --merchant-apikey=$MERCHANT_APIKEY - -To purge all non-funded rewards reserves, run: - -$ taler-harness deployment tip-cleanup --merchant-url https://backend.demo.taler.net/instances/survey/ --merchant-apikey=$MERCHANT_APIKEY - -[*] - To enable the "rewards balance checking" script. Please execute after doing the "docker compose up" the next command from, -the "deployment/sandcastle" directory. - -./utils/enable-services.sh - -This will put to run a systemd service, which will check the rewards balance once per week (this can be change editing -the systemd/fund-rewards.timer). - -How to run -========== - -Configuration -------------- - -Export the env variable TALER_SANDCASTLE_CONFIG to an -absolute path of the configuration directory. See config/ -for an example configuration directory. - -Run ---- - -The following command starts all the services in the background, -and manages all the restarts. Run it from this directory: - - $ docker compose up --remove-orphans -d - -The ports exposed on the host by each service can be changed -via the following environment variables: - -- TALER_MERCHANT_PORT -- TALER_BLOG_PORT -- TALER_DONATIONS_PORT -- TALER_SURVEY_PORT -- TALER_LANDING_PORT -- TALER_SYNC_PORT -- LIBEUFIN_SANDBOX_PORT -- LIBEUFIN_NEXUS_PORT -- LIBEUFIN_FRONTEND_PORT -- TALER_DB_PORT - -TALER_DB_PORT is not used by the contained services, but -allows a 'psql' instance to attach to the contained database -for debugging. - -On a daemonized setup, live logs can still be seen by running -the following command from this directory: - - $ docker compose logs --tail=$NUM --follow [container-name] - -To stop the services, run the following command from this directory: - $ docker compose stop - -To start the services in the foreground, run the following command -from this directory (no restart is provided): - - $ docker compose up --remove-orphans --abort-on-container-exit - -Volumes -------- - -Data is kept into Docker volumes. To export database, key -material, and logs, run the following command from this directory. - - $ ./backup.sh - -The following command imports the TAR backup from -the previous step into the Docker volumes. From this directory: - - $ ./import-backup.sh $PATH_TO_THE_TAR_FILE - -The following command gives a shell to inspect the data volume: - - $ docker run -v demo_talerdata:/data -it taler_local/taler_base /bin/bash - -The data is available under /data. - -How to save and restore Docker images -===================================== - -When certain deployment is fully working on test.taler.net, and therefore is going -to be deployed in demo.taler.net, you should save those docker working images, as -mean of backup. - -How to save working Docker images ---------------------------------- - -To save each --good image of each component you can execute the script "save-good.sh" without any -arguments. This script will create some tagged docker images with the current timestamp - -This way, if something goes wrong with newly created images, you can use these previous good images, to -re-deploy the GNU Taler program. - -How to recover saved images ---------------------------- - -In order to use them, after the manual creation of the wrong ones, you should execute the -script "restore-good.sh". - -Thus, to restore previously created images, you should provide a -timestamp as an option, to the "restore-good.sh" script. - -Example: ./restore-good.sh 1693812987 - -To get the timestamp (which was previously generated by save-good.sh), you can execute this command: - -docker images #having as result "taler_local/taler_base:good-$TIMESTAMP" - -Then whenever you know about the precise timestamp, you can type "./restore-good.sh <TIMESTAMP>" - -[*] - Warning - -This method of saving docker images and restoring them, won't work, if after executing -save-good.sh, you do a server cleanup with "docker system prune -a or --all" - -Doing a "docker system prune" without the "-a" option, it's okay. - -Eventually as a future improvement, we might configure "docker registry", to -store safely all these good and stable docker images. - -Data removal ------------- - -Data can be classified between Taler (DBs, keys, logs), and Docker specific -(dangling images, volumes, stopped containers). Most of Taler data is found -in 'volumes', and can be removed in the following way: - - # From this directory. - $ docker compose down -v - -Note: the current version does not store config files into volumes, but in -services' containers. - -Use the following command to remove stopped containers, dangling images -and build cache, and unused networks. After its return, the Taler sandbox -can be run again without rebuilding it. - - $ docker system prune - -Disk usage can be monitored by the command: - - $ docker system df - -Logs ----- - -Newest rotated logs can be seen by the following command, -from any directory: - - $ docker run -v demo_talerlogs:/logs -it taler_local/taler_base /bin/bash - -The started container should now have all the logs under /logs. - -How to test on localhost -======================== - -From this directory: - - $ ./test-docker-localhost.sh - -The above test registers a new bank account to libEufin, -withdraw coins and spend them directly at the merchant backend. - -NOTE: localhost works only with the default ports exposed. - -How to deploy to online sites -============================= - -Before deploying the sandcastle setup, you need to undertake certain replacements within -the configuration file "config/deployment.conf". - -currency = KUDOS (or the name of your currency) -merchant-url = https://backend.domain.tld -landing-url = https://domain.tld/ -blog-url = https://shop.domain.tld/ -donations-url = https://donations.domain.tld/ -survey-url = https://survey.domain.tld/ -sync-url = https://sync.domain.tld/ -bank-url = https://bank.domain.tld/ -bank-backend-url = https://bank.domain.tld/demobanks/default/ - -After doing this, and assuming that TLS is already configured, you can use the file named -"nginx-example.conf" on the sandcastle directory, as a NGINX virtual host, replacing -the domain name "example.com" with your own domain name. - -You can use the SED command to replace this automatically as this, being located within - the sandcastle directory beforehand: - -sed -i "s/example.com/yourdomain.com/g" nginx-example.conf - -TLS Configuration -=================== - -For the sake of simplicity we recommend CERBOT as a mean to obtain the Let's Encrypt -certificates. - -First install the CERTBOT program following the instructions from https://certbot.eff.org/ - -After you have correctly installed CERTBOT, just execute "certbot --nginx" to obtain -the necessary certificates to use the https protocol, and have them renewed automatically - every 90 days. - - - diff --git a/sandcastle/backup.sh b/sandcastle/backup.sh deleted file mode 100755 index 3ad3972..0000000 --- a/sandcastle/backup.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash - -set -eu - -usage () { - echo - echo Usage: ./backup.sh [-h, --help] - echo - echo This utility extracts a TAR backup of data and logs - echo produced by the Taler services running inside this Docker - echo Compose setup. The backup is saved in /tmp/YYYY-MM-DD-taler-backup.tar -} - -for helpOpt in "-h" "--help"; do - if test "$helpOpt" = "${1:-}"; then - usage - exit 0 - fi -done - -if ! which docker > /dev/null; then - echo docker not found. - exit 1 -fi - -BACKUP_FILE="/tmp/$(date +%Y-%m-%d)-taler-backup.tar" - -if test -a $BACKUP_FILE; then - echo "Backup file $BACKUP_FILE exists already, please move it and run the script again." - exit 3 -fi - -# 'chown' should still help rootful runs to -# have the TAR owned by the user invoking the command. -docker run \ - -v /tmp:/tmp \ - -v demo_talerdata:/taler-data \ - -v demo_talerlogs:/taler-logs \ - -it debian:stable \ - /bin/bash -c "tar --no-same-owner --no-same-permissions -c -f ${BACKUP_FILE} /taler-data /taler-logs" > /dev/null - -echo Backup at: ${BACKUP_FILE} diff --git a/sandcastle/build_base.sh b/sandcastle/build_base.sh deleted file mode 100755 index fc37c1b..0000000 --- a/sandcastle/build_base.sh +++ /dev/null @@ -1,41 +0,0 @@ -#!/bin/bash - -# args: $1 base Dockerfile, $2 optional tags file - -set -e - -usage () { - echo Usage: ./build_base.sh [-h, --help] - echo - echo Builds the taler_local/taler_base base image, - echo using the buildconfig/tags.sh, a bash file containing environment - echo variables definitions to specify to which Git tag each Taler - echo component should be pulled. -} - -for helpOpt in "-h" "--help"; do - if test "$helpOpt" = "${1:-}"; then - usage - exit 0 - fi -done - -if ! which realpath > /dev/null; then - echo "Please install 'realpath' (coreutils)" -fi - -DOCKER_FILE="images/base/Dockerfile" - -if [[ ! -e $DOCKER_FILE ]]; then - echo Base Dockerfile: $DOCKER_FILE not found. - exit 1 -fi - -# Allows extra features to conditionally copy files -# from the host during the build. That solves the -# case where the tag file is not given. -export DOCKER_BUILDKIT=1 - -exec docker build --no-cache \ - -t taler_local/taler_base \ - -f $DOCKER_FILE . diff --git a/sandcastle/buildconfig/README b/sandcastle/buildconfig/README deleted file mode 100644 index 005630f..0000000 --- a/sandcastle/buildconfig/README +++ /dev/null @@ -1,5 +0,0 @@ -These files determine the git tag from which the respective components are -built in the base Docker image. - -They are in separate files to make modification checking with -staged Docker builds work nicely. diff --git a/sandcastle/buildconfig/exchange.tag b/sandcastle/buildconfig/exchange.tag deleted file mode 100644 index 188bef5..0000000 --- a/sandcastle/buildconfig/exchange.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.3 diff --git a/sandcastle/buildconfig/gnunet.tag b/sandcastle/buildconfig/gnunet.tag deleted file mode 100644 index 1847373..0000000 --- a/sandcastle/buildconfig/gnunet.tag +++ /dev/null @@ -1 +0,0 @@ -v0.20.0 diff --git a/sandcastle/buildconfig/libeufin.tag b/sandcastle/buildconfig/libeufin.tag deleted file mode 100644 index da1b019..0000000 --- a/sandcastle/buildconfig/libeufin.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.3-dev.22 diff --git a/sandcastle/buildconfig/libmhd.tag b/sandcastle/buildconfig/libmhd.tag deleted file mode 100644 index 17ab5bf..0000000 --- a/sandcastle/buildconfig/libmhd.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.75 diff --git a/sandcastle/buildconfig/merchant-demos.tag b/sandcastle/buildconfig/merchant-demos.tag deleted file mode 100644 index cb27af9..0000000 --- a/sandcastle/buildconfig/merchant-demos.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.3-dev.1 diff --git a/sandcastle/buildconfig/merchant.tag b/sandcastle/buildconfig/merchant.tag deleted file mode 100644 index 188bef5..0000000 --- a/sandcastle/buildconfig/merchant.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.3 diff --git a/sandcastle/buildconfig/sync.tag b/sandcastle/buildconfig/sync.tag deleted file mode 100644 index dafe884..0000000 --- a/sandcastle/buildconfig/sync.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.3-dev.3 diff --git a/sandcastle/buildconfig/wallet.tag b/sandcastle/buildconfig/wallet.tag deleted file mode 100644 index 3a369ac..0000000 --- a/sandcastle/buildconfig/wallet.tag +++ /dev/null @@ -1 +0,0 @@ -v0.9.3-dev.26 diff --git a/sandcastle/config/deployment.conf b/sandcastle/config/deployment.conf deleted file mode 100644 index ffa4562..0000000 --- a/sandcastle/config/deployment.conf +++ /dev/null @@ -1,36 +0,0 @@ -[taler-deployment] -currency = EUR -merchant-apikey = secret-token:sandbox -merchant-url = http://localhost:5556/ - -bank-signup-bonus = yes -bank-allow-registrations = yes - -# Frontends URLs -landing-url = http://localhost:5562/ -blog-url = http://localhost:5559/ -donations-url = http://localhost:5560/ -survey-url = http://localhost:5561/ -sync-url = http://localhost:5563/ -# This URL is the demobank-ui's: -bank-url = http://localhost:15002/ - -# Pointed to by the bank UI -bank-backend-url = http://localhost:15000/ - -# Bank accounts - -exchange-bank-password = exchangebankpw -blog-bank-password = secret-at-sandbox -pos-bank-password = secret-at-sandbox -gnunet-bank-password = secret-at-sandbox -taler-bank-password = secret-at-sandbox -tor-bank-password = secret-at-sandbox -survey-bank-password = secret-at-sandbox -# default merchant instance -default-bank-password = secret-at-sandbox - -db-password = db-secret - -# exchange URL, as seen outside of the container -default-exchange = http://localhost:5555/ diff --git a/sandcastle/config/exchange/taler.conf b/sandcastle/config/exchange/taler.conf deleted file mode 100644 index a1fe788..0000000 --- a/sandcastle/config/exchange/taler.conf +++ /dev/null @@ -1,112 +0,0 @@ -# This file is a configuration template for the exchange. -# When the exchange container is started, values from deployment.conf -# are inserted into the __...__ placeholders here. - -[taler] -currency = __CURRENCY__ -currency_round_unit = __CURRENCY__:0.01 -# Needed by older exchanges -AML_THRESHOLD = __CURRENCY__:10000000 - -[paths] -taler_data_home = /data/exchange - -[taler-exchange-secmod-eddsa] -unixpath = /eddsa.http - -[taler-exchange-secmod-rsa] -sm_priv_key = /data/taler-exchange-secmod-rsa/secmod-private-key -unixpath = /sockets/exchange-secmod-rsa.sock - -[taler-exchange-secmod-cs] -sm_priv_key = /data/taler-exchange-secmod-cs/secmod-private-key -unixpath = /sockets/exchange-secmod-cs.sock - -[exchange-accountcredentials-1] -username = exchange -wire_gateway_auth_method = basic -wire_gateway_url = __BANK_URL__/accounts/exchange/taler-wire-gateway/ -password = __EXCHANGE_BANK_PASSWORD__ - -[exchange-account-1] -enable_credit = yes -enable_debit = yes -payto_uri = payto://iban/SANDBOXX/__EXCHANGE_IBAN__?receiver-name=Name+unknown - -[exchange] -master_public_key = __EXCHANGE_MASTER_PUB__ -AML_THRESHOLD = __CURRENCY__:10000000 - -privacy_etag = exchange-pp-v0 -privacy_dir = /usr/local/share/taler/terms - -terms_etag = exchange-tos-v0 -terms_dir = /usr/local/share/taler/terms - -base_url = __EXCHANGE_URL__ -unixpath = /sockets/exchange.sock -serve = tcp -port = 80 - -[exchangedb-postgres] -config = postgres://root:__DB_PASSWORD__@talerdb/taler - -[coin___CURRENCY___10] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:10 -cipher = RSA - -[coin___CURRENCY___5] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:5 -cipher = RSA - -[coin___CURRENCY___2] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:2 -cipher = RSA - -[coin___CURRENCY___1] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:1 -cipher = RSA - -[coin___CURRENCY___ct_10] -rsa_keysize = 2048 -fee_deposit = __CURRENCY__:0.01 -fee_refund = __CURRENCY__:0.01 -fee_refresh = __CURRENCY__:0.01 -fee_withdraw = __CURRENCY__:0.01 -duration_legal = 10 years -duration_spend = 5 years -duration_withdraw = 3 years -value = __CURRENCY__:0.10 -cipher = RSA diff --git a/sandcastle/config/libeufin-bank/taler.conf b/sandcastle/config/libeufin-bank/taler.conf deleted file mode 100644 index 55b65db..0000000 --- a/sandcastle/config/libeufin-bank/taler.conf +++ /dev/null @@ -1,16 +0,0 @@ -[libeufin-bank] -CURRENCY = __CURRENCY__ -DEFAULT_CUSTOMER_DEBT_LIMIT = __CURRENCY__:200 -DEFAULT_ADMIN_DEBT_LIMIT = __CURRENCY__:200000 -REGISTRATION_BONUS = __CURRENCY__:100 -REGISTRATION_BONUS_ENABLED = yes -MAX_AUTH_TOKEN_DURATION = 1d - -SERVE = tcp -PORT = 15000 - -[libeufin-bankdb-postgres] -CONFIG = postgresql://talerdb/taler?user=root&password=__DB_PASSWORD__ - -#CONFIG = postgresql://root:__DB_PASSWORD__@talerdb/taler -#CONFIG = postgresql:///talerdb diff --git a/sandcastle/config/merchant/taler.conf b/sandcastle/config/merchant/taler.conf deleted file mode 100644 index bf1eb0f..0000000 --- a/sandcastle/config/merchant/taler.conf +++ /dev/null @@ -1,24 +0,0 @@ -[taler] -currency = __CURRENCY__ - -[paths] -taler_data_home = /data - -[merchant-exchange-__CURRENCY__] -currency = __CURRENCY__ -exchange_base_url = __EXCHANGE_URL__ -master_key = __EXCHANGE_PUB__ - -[merchantdb-postgres] -config = postgres://root:__DB_PASSWORD__@talerdb/taler - -[merchant] -default_max_deposit_fee = __CURRENCY__:0.05 -default_max_wire_fee = __CURRENCY__:0.01 -wire_transfer_delay = 0 s -port = 80 -serve = tcp - -[frontends] -backend = __BACKEND_URL__ -backend_apikey = __BACKEND_APIKEY__ diff --git a/sandcastle/docker-compose.yml b/sandcastle/docker-compose.yml deleted file mode 100644 index b055b8a..0000000 --- a/sandcastle/docker-compose.yml +++ /dev/null @@ -1,78 +0,0 @@ -version: '3' # it's a constant - -volumes: - talerdata: - talerlogs: - -services: - talerdb: - build: ./images/postgres - image: sandcastle_talerdb - ports: - - 127.0.0.1:${TALER_DB_PORT}:5432 - volumes: - - talerlogs:/logs - - talerdata:/var/lib/postgresql/data/ - - ./config:/config:ro - environment: - # root is the only role existing in the DBMS. That - # matches the role used by other containers when - # they connect to the database. - POSTGRES_USER: root - # this changes to the password used by other - # containers to connect here. This definition - # only makes the init logic happy. - POSTGRES_PASSWORD: nonce - POSTGRES_HOST_AUTH_METHOD: scram-sha-256 - # the final "/postgresql" is used to create - # a "postgresql" subfolder in the data volume. - PGDATA: /var/lib/postgresql/data/postgresql - restart: always - - exchange: - build: ./images/exchange - image: sandcastle_exchange - depends_on: - - talerdb - ports: - - 127.0.0.1:${TALER_EXCHANGE_PORT}:80 - volumes: - - talerlogs:/logs - - talerdata:/data - - ${TALER_SANDCASTLE_CONFIG:-./config}:/config:ro - restart: always - - merchant: - build: ./images/merchant - image: sandcastle_merchant - depends_on: - - talerdb - ports: - - 127.0.0.1:${TALER_MERCHANT_PORT}:80 # backend - - 127.0.0.1:${TALER_BLOG_PORT}:8080 # blog - - 127.0.0.1:${TALER_DONATIONS_PORT}:8081 # donations - - 127.0.0.1:${TALER_SURVEY_PORT}:8082 # survey - - 127.0.0.1:${TALER_LANDING_PORT}:8083 # landing - - 127.0.0.1:${TALER_SYNC_PORT}:8084 # sync - volumes: - - talerlogs:/logs - - ${TALER_SANDCASTLE_CONFIG:-./config}:/config:ro - # uwsgi allocates memory based on available file descriptors, so be - # conservative here - ulimits: - nproc: 5000 - nofile: - soft: 2000 - hard: 4000 - restart: always - - bank: - build: ./images/libeufin - ports: - - 127.0.0.1:${LIBEUFIN_BANK_PORT}:15000 # libeufin-bank - - 127.0.0.1:${LIBEUFIN_FRONTEND_PORT}:80 # Nginx serving the SPA - volumes: - - talerlogs:/logs - - talerdata:/data - - ${TALER_SANDCASTLE_CONFIG:-./config}:/config:ro - restart: always diff --git a/sandcastle/images/base/Dockerfile b/sandcastle/images/base/Dockerfile deleted file mode 100644 index 4945418..0000000 --- a/sandcastle/images/base/Dockerfile +++ /dev/null @@ -1,161 +0,0 @@ -FROM debian:bookworm AS base-system -RUN apt-get update - -# FIXME: Right now, the build doesn't proceed nicely -# in stages. For that to work properly, each build -# step needs to output some artifact (.deb, etc.). - -RUN apt-get install -y \ - autoconf \ - autopoint \ - libtool \ - texinfo \ - libgcrypt-dev \ - libidn11-dev \ - zlib1g-dev \ - libunistring-dev \ - libjansson-dev \ - git \ - recutils \ - libsqlite3-dev \ - libpq-dev \ - postgresql \ - libcurl4-openssl-dev \ - libsodium-dev \ - libqrencode-dev \ - zip \ - jq \ - npm \ - openjdk-17-jre \ - nginx \ - procps \ - curl \ - python3-jinja2 \ - wget \ - curl \ - socat \ - apache2-utils \ - python3-pip \ - python3-sphinx \ - python3-sphinx-rtd-theme \ - python3-venv \ - sqlite3 \ - vim \ - emacs \ - nodejs - -# FIXME: Try to use debian packages where possible and otherwise really use -# a venv or per-user installation of the package. -RUN pip3 install --break-system-packages requests click poetry uwsgi htmlark sphinx-book-theme - -# Libmicro httpd - -WORKDIR / -COPY buildconfig/libmhd.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/libmhd.tag) && \ - git clone git://git.gnunet.org/libmicrohttpd \ - --branch $TAG -WORKDIR /libmicrohttpd -RUN ./bootstrap -RUN ./configure --disable-doc -RUN make install -WORKDIR / - -# Gnunet - -COPY buildconfig/gnunet.tag /buildconfig/ -WORKDIR / -RUN TAG=$(cat /buildconfig/gnunet.tag) && \ - git clone git://git.gnunet.org/gnunet \ - --branch $TAG -WORKDIR /gnunet -RUN ./bootstrap -RUN ./configure --enable-logging=verbose --disable-documentation -RUN make install -WORKDIR / - -# Exchange - -WORKDIR / -COPY buildconfig/exchange.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/exchange.tag) && \ - git clone git://git.taler.net/exchange \ - --branch $TAG -WORKDIR /exchange -RUN ./bootstrap -RUN ./configure CFLAGS="-ggdb -O0" --enable-logging=verbose --disable-doc -RUN make install -WORKDIR / - -# Merchant - -WORKDIR / -COPY buildconfig/merchant.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/merchant.tag) && \ - git clone git://git.taler.net/merchant \ - --branch $TAG -WORKDIR /merchant -RUN ./bootstrap -RUN ./configure CFLAGS="-ggdb -O0" \ - --enable-logging=verbose \ - --disable-doc -RUN make install -WORKDIR / - -# Libeufin - -WORKDIR / -COPY buildconfig/libeufin.tag /buildconfig/ -RUN TAG=$(cat buildconfig/libeufin.tag) && \ - git clone git://git.taler.net/libeufin \ - --branch $TAG -WORKDIR /libeufin -RUN ./bootstrap -RUN ./configure -RUN make install -WORKDIR / - -# Merchant demos - -WORKDIR / -COPY buildconfig/merchant-demos.tag /buildconfig/ -RUN TAG=$(cat buildconfig/merchant-demos.tag) && \ - git clone git://git.taler.net/taler-merchant-demos \ - --branch $TAG -WORKDIR /taler-merchant-demos -RUN ./bootstrap -RUN ./configure -RUN make install -WORKDIR / - -# Wallet - -WORKDIR / -COPY buildconfig/wallet.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/wallet.tag) && \ - git clone git://git.taler.net/wallet-core \ - --branch $TAG -RUN npm install -g pnpm@^8.7.0 -WORKDIR /wallet-core -RUN ./bootstrap -RUN ./configure -RUN make install - -# Sync - -COPY buildconfig/sync.tag /buildconfig/ -WORKDIR / -RUN TAG=$(cat buildconfig/sync.tag) && \ - git clone git://git.taler.net/sync \ - --branch $TAG -WORKDIR /sync -RUN ./bootstrap -RUN ./configure CFLAGS="-ggdb -O0" \ - --enable-logging=verbose \ - --disable-doc -RUN make install -WORKDIR / - -# Copy utils/fund-rewards.sh script to the base image - -COPY utils/fund-rewards.sh / diff --git a/sandcastle/images/exchange/Dockerfile b/sandcastle/images/exchange/Dockerfile deleted file mode 100644 index 35979d0..0000000 --- a/sandcastle/images/exchange/Dockerfile +++ /dev/null @@ -1,6 +0,0 @@ -FROM taler_local/taler_base - -RUN mkdir -p /scripts -COPY scripts/* /scripts/ -RUN chmod +x /scripts/*.sh -ENTRYPOINT /scripts/startup.sh diff --git a/sandcastle/images/exchange/scripts/config.sh b/sandcastle/images/exchange/scripts/config.sh deleted file mode 100644 index e3e9a75..0000000 --- a/sandcastle/images/exchange/scripts/config.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash - -# This script takes the deployment configuration from /config, -# generates the taler exchange specific configuration in /etc -# and sets some environment variables needed to properly -# run the exchange. - -set -o pipefail -set -eu - -export LD_LIBRARY_PATH=/usr/local/lib -export GNUNET_FORCE_LOG=";;;;WARNING" - -mkdir -p /etc/taler -TALERCONF=/etc/taler/taler.conf -cp /config/exchange/taler.conf $TALERCONF - -# Values from config file mounted at run time: -CURRENCY=`taler-config -c /config/deployment.conf -s taler-deployment -o currency` -EXCHANGE_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange` - -EXCHANGE_BANK_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o exchange-bank-password` -EXCHANGE_IBAN=DE159593 -DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o db-password` - -sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};" $TALERCONF -sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" $TALERCONF -sed -i "s/__CURRENCY__/${CURRENCY}/" $TALERCONF -sed -i "s/__EXCHANGE_BANK_PASSWORD__/${EXCHANGE_BANK_PASSWORD}/" $TALERCONF -sed -i "s/__EXCHANGE_IBAN__/${EXCHANGE_IBAN}/" $TALERCONF -sed -i "s;__BANK_URL__;http://bank:15000;" $TALERCONF - -# This is executed last since taler-exchange-offline already needs the config! - -EXCHANGE_MASTER_PUB=$(taler-exchange-offline -c $TALERCONF setup) -sed -i "s/__EXCHANGE_MASTER_PUB__/$EXCHANGE_MASTER_PUB/" $TALERCONF diff --git a/sandcastle/images/exchange/scripts/startup.sh b/sandcastle/images/exchange/scripts/startup.sh deleted file mode 100644 index d570be8..0000000 --- a/sandcastle/images/exchange/scripts/startup.sh +++ /dev/null @@ -1,103 +0,0 @@ -#!/bin/bash - -# -# Generate Taler ToS (Terms of Service) -# - - -TOS_PATH=/usr/local/share/taler/terms -TOS_AUTHOR="Taler Systems SA" -TOS_COPYRIGHT="Taler Systems SA" -TOS_LANGUAGE=en -TOS_OUTPUT=/usr/local/share/taler/terms/ -TOS_PAPER=a4 -TOS_TITLE="GNU Taler terms of service" - -# ToS generator is picky about the path that it is being run from -cd $TOS_PATH -taler-terms-generator -i exchange-tos-v0 -a $TOS_AUTHOR -C $TOS_COPYRIGHT -p $TOS_PAPER -o $TOS_OUTPUT -taler-terms-generator -i exchange-pp-v0 -a $TOS_AUTHOR -C $TOS_COPYRIGHT -p $TOS_PAPER -o $TOS_OUTPUT - -cd / - -source /scripts/config.sh - -while ! pg_isready -h talerdb -d taler; do - echo DB not ready yet. - sleep 2 -done -echo Now DB is ready. - -socat TCP-LISTEN:5555,fork,reuseaddr TCP:localhost:80 & - -echo -n "Init database... " -taler-exchange-dbinit -L WARNING -c $TALERCONF -echo DONE - -echo -n "Starting EDDSA helper..." -taler-exchange-secmod-eddsa -L WARNING \ - -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-secmod-eddsa-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Starting RSA helper..." -taler-exchange-secmod-rsa -L WARNING \ - -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-secmod-rsa-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Starting CS helper..." -taler-exchange-secmod-cs -L WARNING \ - -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-secmod-cs-%Y-%m-%d.log 86400 & -echo DONE - -echo -n "Launching exchange HTTPD..." -taler-exchange-httpd -L WARNING -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-httpd-%Y-%m-%d.log 86400 & -for n in `seq 1 50` - do - echo "." - sleep 0.3 - OK=1 - wget $EXCHANGE_URL -t 1 -o /dev/null -O /dev/null >/dev/null && break - OK=0 - done - if [ 1 != $OK ] - then - echo "ERROR: failed to launch Exchange" - exit 1 - fi -echo DONE - -echo -n "Launching wirewatch..." -taler-exchange-wirewatch -L WARNING --longpoll-timeout=2s -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-wirewatch-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launching transfer service..." -taler-exchange-transfer -L WARNING -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-transfer-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launching aggregator service..." -taler-exchange-aggregator -L WARNING -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-exchange-aggregator-%Y-%m-%d.log 86400 & -echo DONE -echo -echo -n "Setup keys and fees with taler-exchange-offline..." -taler-exchange-offline -L WARNING -c $TALERCONF \ - download sign \ - enable-account "payto://iban/SANDBOXX/${EXCHANGE_IBAN}?receiver-name=Exchange+Company" \ - wire-fee now iban ${CURRENCY}:0.01 ${CURRENCY}:0.01 \ - global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 1year 5 \ - upload 2>&1 -echo DONE - -echo -n "Requesting exchange's /keys..." -curl --max-time 4 -s "${EXCHANGE_URL}keys" -echo DONE - -# Spawn a process that will fail after an hour, -# to facilitate restarting every hour. -( sleep 3600 && exit 1) & - -# Exit once a single process fails. -# Then, docker-compose will restart the whole container. -wait -n diff --git a/sandcastle/images/libeufin/Dockerfile b/sandcastle/images/libeufin/Dockerfile deleted file mode 100644 index 99745aa..0000000 --- a/sandcastle/images/libeufin/Dockerfile +++ /dev/null @@ -1,8 +0,0 @@ -FROM taler_local/taler_base - -COPY startup.sh / -COPY demobank-ui-settings.js /usr/local/share/taler/demobank-ui/ -RUN chmod +x /startup.sh -COPY nginx.conf / - -ENTRYPOINT ["/startup.sh"] diff --git a/sandcastle/images/libeufin/demobank-ui-settings.js b/sandcastle/images/libeufin/demobank-ui-settings.js deleted file mode 100644 index 7f2745c..0000000 --- a/sandcastle/images/libeufin/demobank-ui-settings.js +++ /dev/null @@ -1,19 +0,0 @@ -globalThis.talerDemobankSettings = { - allowRegistrations: true, - bankName: "Taler Bank", - // Show explainer text and navbar to other demo sites - showDemoNav: true, - // Names and links for other demo sites to show in the navbar - demoSites: [ - ["Landing", "__LANDING_URL__"], - ["Bank", "__BANK_WEBUI_URL__"], - ["Essay Shop", "__BLOG_URL__"], - ["Donations", "__DONATIONS_URL__"], - ["Survey", "__SURVEY_URL__"], - ], - bankBaseUrl: "__BANK_BACKEND_URL__" -}; - -// Currently this is still required by demobank-ui, -// the above, nicer method doesn't work yet. -localStorage.setItem("bank-base-url", "__BANK_BACKEND_URL__") diff --git a/sandcastle/images/libeufin/nginx.conf b/sandcastle/images/libeufin/nginx.conf deleted file mode 100644 index d5436f5..0000000 --- a/sandcastle/images/libeufin/nginx.conf +++ /dev/null @@ -1,14 +0,0 @@ -error_log /dev/stdout; -daemon off; -events {} -http { - access_log /dev/stdout; - server { - include /etc/nginx/mime.types; - listen 80; - listen [::]:80; - location / { - root /usr/local/share/taler/demobank-ui; - } - } -} diff --git a/sandcastle/images/libeufin/startup.sh b/sandcastle/images/libeufin/startup.sh deleted file mode 100644 index 2238523..0000000 --- a/sandcastle/images/libeufin/startup.sh +++ /dev/null @@ -1,116 +0,0 @@ -#!/bin/bash - -set -o pipefail -set -eu - -export JAVA_OPTS="-Xss4m -XX:MaxJavaStackTraceDepth=1073741823" - -# helps taler-config -export LD_LIBRARY_PATH=/usr/local/lib - -mkdir -p /etc/taler/ -TALERCONF=/etc/taler/taler.conf -cp /config/libeufin-bank/taler.conf $TALERCONF - -CURRENCY=$(taler-config -c /config/deployment.conf -s taler-deployment -o currency) -EXCHANGE_IBAN=DE159593 -DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o db-password` - -sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" $TALERCONF -sed -i "s/__CURRENCY__/${CURRENCY}/" $TALERCONF - -# takes port and service name -is_serving() { - echo Is $1 serving? - for n in `seq 1 80` - do - echo "." - sleep 0.1 - OK=1 - wget $1 -o /dev/null -O /dev/null >/dev/null && break - OK=0 - done - if [ 1 != $OK ] - then - echo "$2 unreachable." - exit 1 - fi - echo $2 reachable. -} - -BANK_SIGNUP_BONUS=$(taler-config -c /config/deployment.conf -s taler-deployment -o bank-signup-bonus) -BANK_ALLOW_REGISTRATIONS=$(taler-config -c /config/deployment.conf -s taler-deployment -o bank-allow-registrations) - -case "${1:-}" in - shell) - echo "Starting interactive shell" - exec bash - ;; - *) - ;; -esac - -echo "running libeufin-bank dbinit" -libeufin-bank dbinit - -echo "running libeufin-bank serve in background" -libeufin-bank serve & - -is_serving http://localhost:15000/config libeufin-bank - -EXCHANGE_IBAN=DE159593 -BLOG_IBAN=DE940993 -GNUNET_IBAN=DE463312 -DEFAULT_IBAN=DE474361 -TOR_IBAN=DE358263 -TALER_IBAN=DE102893 -SURVEY_IBAN=DE731371 - -EXCHANGE_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o exchange-bank-password` -POS_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o pos-bank-password` -BLOG_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-bank-password` -GNUNET_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o gnunet-bank-password` -DEFAULT_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o default-bank-password` -TOR_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o tor-bank-password` -TALER_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o taler-bank-password` -SURVEY_SANDBOX_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-bank-password` - -req=$(jq -n ' - { - username: "exchange", - password: $PW, - name: "exchange", - is_public: true, - is_taler_exchange: true, - internal_payto_uri: $PAYTO, - }' \ - --arg PW $EXCHANGE_SANDBOX_PASSWORD \ - --arg PAYTO "payto://iban/$EXCHANGE_IBAN" - ) -echo $req -curl -v -X POST -H "Content-Type: application/json" --data "$req" http://localhost:15000/accounts - - -# starting the SPA -BLOG_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-url` -DONATIONS_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o donations-url` -SURVEY_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-url` -LANDING_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o landing-url` -BANK_WEBUI_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o bank-url` -BANK_BACKEND_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o bank-backend-url` - -sed -i "s;__LANDING_URL__;${LANDING_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__BLOG_URL__;${BLOG_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__DONATIONS_URL__;${DONATIONS_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__SURVEY_URL__;${SURVEY_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__BANK_WEBUI_URL__;${BANK_WEBUI_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -sed -i "s;__BANK_BACKEND_URL__;${BANK_BACKEND_URL};" /usr/local/share/taler/demobank-ui/demobank-ui-settings.js -# Serves BANK_WEBUI_URL -nginx -c /nginx.conf 2>&1 | rotatelogs -e /logs/bank-ui-%Y-%m-%d.log 86400 & - -echo "Launched bank services" - -# -n makes 'wait' return as soon as one of the background -# processes exits. That triggers then the 'restart: always' -# policy set in the compose file. -wait -n diff --git a/sandcastle/images/merchant/Dockerfile b/sandcastle/images/merchant/Dockerfile deleted file mode 100644 index feffada..0000000 --- a/sandcastle/images/merchant/Dockerfile +++ /dev/null @@ -1,7 +0,0 @@ -FROM taler_local/taler_base - -COPY startup.sh / -COPY create_instances.sh / -COPY update_instances_auth.sh / -RUN chmod +x /startup.sh -ENTRYPOINT /startup.sh diff --git a/sandcastle/images/merchant/create_instances.sh b/sandcastle/images/merchant/create_instances.sh deleted file mode 100644 index c3b9adf..0000000 --- a/sandcastle/images/merchant/create_instances.sh +++ /dev/null @@ -1,45 +0,0 @@ -function die() { - echo $1 - exit 1 -} -function create_instance() { - echo -n "Creating merchant backend instance $1 with IBAN $2..." - NAME=$1 - IBAN=$2 - RECV_NAME=$3 - URI='payto://iban/SANDBOXX/'$IBAN'?receiver-name='$RECV_NAME - REQ="$(jq -n ' - { - auth: { method: "token", "token": $TOKEN }, - payto_uris: [$URI], - accounts: [{payto_uri: $URI}], - id: $NAME, - name: "GNU Taler", - address: {}, - jurisdiction: {}, - use_stefan: true, - default_wire_transfer_delay: {d_us: 1}, - default_pay_delay: {d_us: 3600000000}, - }' \ - --arg URI "$URI" \ - --arg TOKEN "$BACKEND_APIKEY" \ - --arg CURRENCY "$CURRENCY" \ - --arg NAME "$NAME" - )" - - curl --silent --show-error \ - -H "Content-Type: application/json" \ - -H "Authorization: Bearer $BACKEND_APIKEY" \ - -X POST \ - -d "$REQ" \ - http://merchant/management/instances || die "instance creation failed" - echo DONE -} - -create_instance default "$DEFAULT_IBAN" TestMerchant -create_instance pos "$POS_IBAN" PoS -create_instance blog "$BLOG_IBAN" BlogCompany -create_instance GNUnet "$GNUNET_IBAN" GNUnet -create_instance Taler "$TALER_IBAN" Taler -create_instance Tor "$TOR_IBAN" Tor -create_instance survey "$SURVEY_IBAN" Survey diff --git a/sandcastle/images/merchant/startup.sh b/sandcastle/images/merchant/startup.sh deleted file mode 100644 index c33121a..0000000 --- a/sandcastle/images/merchant/startup.sh +++ /dev/null @@ -1,146 +0,0 @@ -#!/bin/bash - -set -o pipefail -set -eu - -export LD_LIBRARY_PATH=/usr/local/lib -export GNUNET_FORCE_LOG=";;;;WARNING" - -mkdir -p /etc/taler -TALERCONF=/etc/taler/taler.conf -cp /config/merchant/taler.conf $TALERCONF - -# Values from config file mounted at run time: -CURRENCY=`taler-config -c /config/deployment.conf -s taler-deployment -o currency` -BACKEND_APIKEY=`taler-config -c /config/deployment.conf -s taler-deployment -o merchant-apikey` -BACKEND_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o merchant-url` -SYNC_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o sync-url` -EXCHANGE_URL=`taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange` -DB_PASSWORD=`taler-config -c /config/deployment.conf -s taler-deployment -o db-password` - -BLOG_IBAN=DE940993 -POS_IBAN=DE445094 -GNUNET_IBAN=DE463312 -DEFAULT_IBAN=DE474361 -TOR_IBAN=DE358263 -TALER_IBAN=DE102893 -SURVEY_IBAN=DE731371 - -while ! pg_isready -h talerdb -d taler; do - echo DB not ready yet. - sleep 2 -done -echo Now DB is ready. - -# FIXME: wallets external to the containers put localhost'ed -# exchanges along a /pay request. That breaks here, since the -# exchange listens from another container. The following -# command routes every request to 5555 (port on the host -# system that points to a contained exchange AND where the -# merchant tries to /deposit), to the container where the exchange listens. -socat TCP-LISTEN:5555,fork,reuseaddr TCP:exchange:80 & - -# FIXME: browsers can only get redirected to merchant backends -# as they appear outside of the container (port 5556). OTOH, -# merchant frontends can only talk to backends as they appear -# _inside_ the container (port 80). Config, ultimately, must -# specify backends as they appear outside, otherwise frontends -# would redirect browsers with in-container addresses, that -# would make the backend not reached. The following redirection -# allows to bridge the external merchant port to the internal, -# to make frontends reach the backend. -socat TCP-LISTEN:5556,fork,reuseaddr TCP:localhost:80 & - -# sync HTTPD redirect: -socat TCP-LISTEN:5563,fork,reuseaddr TCP:localhost:8080 & - -# $2 might have Authorization header. -is_serving () { -set +u # tolerate missing $2 -echo Checking $1 -for n in `seq 1 50` - do - echo "." - sleep 0.5 - OK=1 - # auth case. - if test -n "$2"; then - wget --header "$2" $1 -t 1 -o /dev/null -O /dev/null >/dev/null && break - else - wget $1 -t 1 -o /dev/null -O /dev/null >/dev/null && break - fi - OK=0 - done - if [ 1 != $OK ] - then - echo "ERROR: $1 unreachable." - exit 1 - fi - echo Now available: $1 - set -u -} - -is_serving ${EXCHANGE_URL} - -EXCHANGE_MASTER_PUB=$(curl -s ${EXCHANGE_URL}keys | jq -r .master_public_key) -echo Found Exchange Pub: $EXCHANGE_MASTER_PUB -sed -i "s;__EXCHANGE_URL__;${EXCHANGE_URL};" $TALERCONF -sed -i "s/__EXCHANGE_PUB__/${EXCHANGE_MASTER_PUB}/" $TALERCONF -sed -i "s/__CURRENCY__/${CURRENCY}/" $TALERCONF -sed -i "s/__BACKEND_APIKEY__/${BACKEND_APIKEY}/" $TALERCONF -sed -i "s;__BACKEND_URL__;${BACKEND_URL};" $TALERCONF -sed -i "s;__DB_PASSWORD__;${DB_PASSWORD};" $TALERCONF - -echo "Init database... " -taler-merchant-dbinit -L WARNING -c $TALERCONF -echo DONE -echo -n "Launch merchant backend..." -taler-merchant-httpd -L WARNING -a $BACKEND_APIKEY -c $TALERCONF 2>&1 | \ - rotatelogs -e /logs/taler-merchant-httpd-%Y-%m-%d.log 86400 & -echo DONE -sleep 1 - -is_serving "${BACKEND_URL}config" - -# If the witness instance exists or has wrong auth, -# then all the others do. -echo -n "Checking instances existence..." -INSTANCES_STATUS=$(curl -s -o /dev/null \ - -w "%{http_code}" \ - -H "Authorization: Bearer $BACKEND_APIKEY" \ - "${BACKEND_URL}instances/Taler/private") -echo "DONE ($INSTANCES_STATUS)" - -case $INSTANCES_STATUS in - "404") - echo "Taler (witness) instance not found, assuming none is." - source /create_instances.sh; - ;; - "401") - echo "Taler (witness) instance had wrong auth, assuming API key is new." - source /update_instances_auth.sh; - ;; - *) - echo "Taler (witness) instance found, API key correct, do nothing." - ;; -esac -export TALER_ENV_URL_MERCHANT_BLOG=`taler-config -c /config/deployment.conf -s taler-deployment -o blog-url` -export TALER_ENV_URL_MERCHANT_DONATIONS=`taler-config -c /config/deployment.conf -s taler-deployment -o donations-url` -export TALER_ENV_URL_MERCHANT_SURVEY=`taler-config -c /config/deployment.conf -s taler-deployment -o survey-url` -export TALER_ENV_URL_INTRO=`taler-config -c /config/deployment.conf -s taler-deployment -o landing-url` -export TALER_ENV_URL_BANK=`taler-config -c /config/deployment.conf -s taler-deployment -o bank-url` - -echo -n "Launch blog..." -taler-merchant-demos -c $TALERCONF --http-port 8080 blog 2>&1 | rotatelogs -e /logs/blog-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launch donations..." -taler-merchant-demos -c $TALERCONF --http-port 8081 donations 2>&1 | rotatelogs -e /logs/donations-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launch Survey..." -taler-merchant-demos -c $TALERCONF --http-port 8082 survey 2>&1 | rotatelogs -e /logs/survey-%Y-%m-%d.log 86400 & -echo DONE -echo -n "Launch Landing..." -taler-merchant-demos -c $TALERCONF --http-port 8083 landing 2>&1 | rotatelogs -e /logs/landing-%Y-%m-%d.log 86400 & -echo DONE - -wait -n diff --git a/sandcastle/images/merchant/update_instances_auth.sh b/sandcastle/images/merchant/update_instances_auth.sh deleted file mode 100644 index b1ab8a6..0000000 --- a/sandcastle/images/merchant/update_instances_auth.sh +++ /dev/null @@ -1,18 +0,0 @@ -echo -n "Change pos auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/pos/auth -echo DONE -echo -n "Change blog auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/blog/auth -echo DONE -echo -n "Change GNUnet auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/GNUnet/auth -echo DONE -echo -n "Change Taler auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/Taler/auth -echo DONE -echo -n "Change Tor auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/Tor/auth -echo DONE -echo -n "Change survey auth..." -curl -s -H "Content-Type: application/json" -H "Authorization: Bearer $BACKEND_APIKEY" -X POST -d '{"method":"token", "token":"'$BACKEND_APIKEY'"}' http://merchant/management/instances/survey/auth -echo DONE diff --git a/sandcastle/images/postgres/Dockerfile b/sandcastle/images/postgres/Dockerfile deleted file mode 100644 index d0fde23..0000000 --- a/sandcastle/images/postgres/Dockerfile +++ /dev/null @@ -1,9 +0,0 @@ -FROM docker.io/postgres - -# Default "${PGDATA}/log" directory was problematic -# when mounted in a volume. Prefer arbitrary "/logs". -RUN mkdir /logs -RUN chown postgres:postgres /logs - -COPY init.sh /docker-entrypoint-initdb.d/init.sh -RUN chmod +x /docker-entrypoint-initdb.d/init.sh diff --git a/sandcastle/images/postgres/init.sh b/sandcastle/images/postgres/init.sh deleted file mode 100644 index d0cdacf..0000000 --- a/sandcastle/images/postgres/init.sh +++ /dev/null @@ -1,15 +0,0 @@ -#!/bin/bash - -set -eu - -# FIXME: use taler-config. -CUSTOM_PASSWORD=$(grep ^db-password < /config/deployment.conf | awk -F= '{print $2}' | tr -d "[:space:]") -if test -z "${CUSTOM_PASSWORD}"; then - echo ERROR: database password empty. -fi -echo "ALTER ROLE root WITH PASSWORD '"${CUSTOM_PASSWORD}"';" | psql -U root -createdb -U root -O root taler -echo "ALTER SYSTEM SET logging_collector TO 'true';" | psql -U root -echo "ALTER SYSTEM SET log_directory TO '/logs';" | psql -U root -echo "ALTER SYSTEM SET log_filename TO 'postgres-%Y-%m-%d.log';" | psql -U root -pg_ctl restart diff --git a/sandcastle/images/woocommerce/Dockerfile b/sandcastle/images/woocommerce/Dockerfile deleted file mode 100644 index 0d16df7..0000000 --- a/sandcastle/images/woocommerce/Dockerfile +++ /dev/null @@ -1,99 +0,0 @@ -FROM debian:bullseye - -# This file is in the public domain. - -LABEL docker-woocommerce.demo.taler.net="0.0.1-beta" -RUN echo "avoid docker cache..." - -EXPOSE 9001 - -WORKDIR /root/ - -COPY tags.conf . -COPY entry-point.sh . - -# Install dependencies - - -RUN apt-get update && apt-get install -y \ - software-properties-common \ - ca-certificates \ - lsb-release \ - apt-transport-https \ - wget \ - curl \ - git \ - unzip \ - gnupg \ - nginx - -RUN sh -c 'echo "deb https://packages.sury.org/php/ bullseye main" > /etc/apt/sources.list.d/php.list' - -RUN wget -qO - https://packages.sury.org/php/apt.gpg | apt-key add - - -RUN apt-get update - -RUN . /root/tags.conf \ - && apt-get install \ - php${PHP_VERSION} \ - php${PHP_VERSION}-common \ - php${PHP_VERSION}-mbstring \ - php${PHP_VERSION}-xmlrpc \ - php${PHP_VERSION}-soap \ - php${PHP_VERSION}-gd \ - php${PHP_VERSION}-xml \ - php${PHP_VERSION}-intl \ - php${PHP_VERSION}-mysql \ - php${PHP_VERSION}-cli \ - php${PHP_VERSION}-ldap \ - php${PHP_VERSION}-zip \ - php${PHP_VERSION}-curl\ - php${PHP_VERSION}-zip \ - php${PHP_VERSION}-fpm -y - -# Download Wordpress, plugins and theme + extract - -RUN . /root/tags.conf \ - && mkdir -p /var/www/wordpress/wp-content/plugins \ - && mkdir -p /var/www/wordpress/wp-content/themes \ - && wget https://wordpress.org/wordpress-${WORDPRESS_VERSION}.tar.gz \ - && tar -xzf wordpress-${WORDPRESS_VERSION}.tar.gz -C /var/www/ \ - && wget https://downloads.wordpress.org/plugin/woocommerce.${WOOCOMMERCE_VERSION}.zip \ - && unzip woocommerce.${WOOCOMMERCE_VERSION}.zip -d /var/www/wordpress/wp-content/plugins \ - && wget https://downloads.wordpress.org/theme/ecommerce-star.${WORDPRESS_PARENT_THEME_VERSION}.zip \ - && unzip ecommerce-star.${WORDPRESS_PARENT_THEME_VERSION}.zip -d /var/www/wordpress/wp-content/themes \ - && wget https://downloads.wordpress.org/theme/shop-here.${WORDPRESS_CHILD_THEME_VERSION}.zip \ - && unzip shop-here.${WORDPRESS_CHILD_THEME_VERSION}.zip -d /var/www/wordpress/wp-content/themes \ - && wget https://downloads.wordpress.org/plugin/gnu-taler-payment-for-woocommerce.zip \ - && unzip gnu-taler-payment-for-woocommerce.zip -d /var/www/wordpress/wp-content/plugins - -# Install wp-cli - -RUN wget https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar \ - && chmod +x wp-cli.phar \ - && mv wp-cli.phar /usr/local/bin/wp - - -RUN chown -R www-data:www-data /var/www/wordpress - -# Remove downloads from root directory - -RUN rm -Rf /root/*.zip - -# Copy nginx configuration from host, to container - -COPY woocommerce.conf /etc/nginx/sites-available - -RUN ln -s /etc/nginx/sites-available/woocommerce.conf /etc/nginx/sites-enabled/woocommerce.conf \ - && rm /etc/nginx/sites-enabled/default - - -# Execute entrypoint - -RUN chmod +x entry-point.sh - -ENTRYPOINT /root/entry-point.sh - -# Additional steps after entrypoint. - -#CMD ["nginx", "-g", "daemon off;"] diff --git a/sandcastle/images/woocommerce/docker-compose.yml b/sandcastle/images/woocommerce/docker-compose.yml deleted file mode 100644 index 63850d6..0000000 --- a/sandcastle/images/woocommerce/docker-compose.yml +++ /dev/null @@ -1,46 +0,0 @@ -version: '3' -services: - db: - image: mariadb - environment: - MARIADB_DATABASE: exampledb - MYSQL_USER: wordpress_user - MYSQL_PASSWORD: wordpress_password - MYSQL_RANDOM_ROOT_PASSWORD: "1" - volumes: - - mariadb_data:/var/lib/mysql - wordpress: - build: images/woocommerce - image: woo - container_name: woocommerce_taler - depends_on: - - db - ports: - - "9001:80" - environment: - WORDPRESS_DB_HOST: db:3306 - WORDPRESS_DB_USER: wordpress_user - WORDPRESS_DB_PASSWORD: wordpress_password - WORDPRESS_DB_NAME: exampledb - WORDPRESS_TABLE_PREFIX: "wp_" - WORDPRESS_DEBUG: 1 - volumes: - - wp_data:/var/www/wordpress - - /home/jj/final-woocommerce-docker/nginx-conf:/etc/nginx/conf.d - wordpress-cli: - container_name: wp_cli - #entrypoint: wordpress - depends_on: - - db - - wordpress - volumes: - - wp_data:/var/www/wordpress - image: wordpress:cli - links: - - db:db - working_dir: /var/www/wordpress - user: "33" - command: wp core install --path="/var/www/wordpress" --url="http://woocommerce.valenciatech.com" --title=gnu-taler --admin_user=admin --admin_password=admin --admin_email=your-email-here -volumes: - wp_data: - mariadb_data: diff --git a/sandcastle/images/woocommerce/entry-point.sh b/sandcastle/images/woocommerce/entry-point.sh deleted file mode 100755 index d954d78..0000000 --- a/sandcastle/images/woocommerce/entry-point.sh +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/bash - -source /root/tags.conf - -# Import the whole database (if wp-cli works, this wont be necessary) - -#mysql -u ${MARIADB_USER} -p${MARIADB_PASSWORD} ${MARIADB_DATABASE_NAME} < woocommerce.sql - -# Rename wordpress config file - -mv /var/www/wordpress/wp-config-sample.php /var/www/wordpress/wp-config.php - -# Replace values database connection - -# Replace values with .env VARIABLES - -sed -ie "s/database_name_here/${WORDPRESS_DATABASE_NAME}/g" /var/www/wordpress/wp-config.php \ - && sed -ie "s/username_here/${WORDPRESS_DATABASE_USER}/g" /var/www/wordpress/wp-config.php \ - && sed -ie "s/password_here/${WORDPRESS_DATABASE_PASSWORD}/g" /var/www/wordpress/wp-config.php \ - && sed -ie "s/localhost/${WORDPRESS_DATABASE_HOST}/g" /var/www/wordpress/wp-config.php - - -# Install WP (either do it here, or through the docker-compose.yml). - -#wp core install --allow-root --url=test.woocommerce.taler.net --title=GNU Taler for WooCommerce --admin_user=admin --admin_password=admin --admin_email=info@example.com - -# Enable theme shop-here - -#wp theme enable shop-here - -# Activate Woocommerce plugin - -#wp plugin activate woocommerce - -# Activate GNU Taler plugin - -#wp plugin activate gnu-taler-payment-for-woocommerce - -# Import products into database - -#wp import /woocommerce-products-backup.xml --authors=create - -service nginx start - -service php${PHP_VERSION}-fpm start - - -while true; do - sleep 100; - done diff --git a/sandcastle/images/woocommerce/tags.conf b/sandcastle/images/woocommerce/tags.conf deleted file mode 100644 index 2ac9d96..0000000 --- a/sandcastle/images/woocommerce/tags.conf +++ /dev/null @@ -1,21 +0,0 @@ - -# Software versions - -PHP_VERSION="8.2" -WOOCOMMERCE_VERSION="7.1.1" -WORDPRESS_VERSION="6.1" -WORDPRESS_PARENT_THEME_VERSION="1.3.9" -WORDPRESS_CHILD_THEME_VERSION="1.0.2" - -# MariaDB credentials (just in case) - -MARIADB_USER="wordpress_user" -MARIADB_PASSWORD="wordpress_password" -MARIADB_DATABASE_NAME="exampledb" - -# Database connection details - -WORDPRESS_DATABASE_NAME="exampledb" -WORDPRESS_DATABASE_USER="wordpress_user" -WORDPRESS_DATABASE_PASSWORD="wordpress_password" -WORDPRESS_DATABASE_HOST="db" diff --git a/sandcastle/images/woocommerce/woocommerce.conf b/sandcastle/images/woocommerce/woocommerce.conf deleted file mode 100644 index b560802..0000000 --- a/sandcastle/images/woocommerce/woocommerce.conf +++ /dev/null @@ -1,47 +0,0 @@ -# Upstream to abstract backend connection(s) for php -upstream php { - server unix:/var/run/php/php8.2-fpm.sock; - server 127.0.0.1:9000; -} - -server { - listen 80; - server_name _; - ## Your website name goes here. - # server_name woocommerce.valenciatech.cloud; - ## Your only path reference. - root /var/www/wordpress; - ## This should be in your http block and if it is, it's not needed here. - index index.php; - - location = /favicon.ico { - log_not_found off; - access_log off; - } - - location = /robots.txt { - allow all; - log_not_found off; - access_log off; - } - - location / { - # This is cool because no php is touched for static content. - # include the "?$args" part so non-default permalinks doesn't break when using query string - try_files $uri $uri/ /index.php?$args; - } - - location ~ \.php$ { - #NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini - include fastcgi_params; - fastcgi_intercept_errors on; - fastcgi_pass php; - #The following parameter can be also included in fastcgi_params file - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - } - - location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { - expires max; - log_not_found off; - } -} diff --git a/sandcastle/import-backup.sh b/sandcastle/import-backup.sh deleted file mode 100755 index 2531611..0000000 --- a/sandcastle/import-backup.sh +++ /dev/null @@ -1,48 +0,0 @@ -#!/bin/bash - -set -eu - -usage () { - echo - echo Usage: ./import-backup.sh [-h, --help] backup-tar - echo - echo This utility imports a TAR backup of data and logs - echo into the Taler services running inside this Docker - echo Compose setup. -} - -for arg in "$@"; do - if test "$arg" = "--help" -o "$arg" = "-h"; then - usage - exit 0 - fi -done - -if ! which docker > /dev/null; then - echo docker not found. - exit 1 -fi - -if ! docker images | grep debian | grep stable > /dev/null; then - echo debian:stable not found. Please extract backup with custom image. - exit 2 -fi - -# No --help/-h given, assume the first argument is the TAR. -BACKUP_TAR="${1:-}" - -if test -z $BACKUP_TAR; then - echo Backup file argument not given. - exit 1 -fi - -if ! test -a $BACKUP_TAR; then - echo File $BACKUP_TAR not found. - exit 1 -fi - -docker run \ - -v $BACKUP_TAR:/tmp/backup.tar \ - -v demo_talerdata:/taler-data \ - -v demo_talerlogs:/taler-logs \ - -it debian:stable /bin/bash -c "tar -x -f /tmp/backup.tar" diff --git a/sandcastle/nginx-example.conf b/sandcastle/nginx-example.conf deleted file mode 100644 index b43e49b..0000000 --- a/sandcastle/nginx-example.conf +++ /dev/null @@ -1,322 +0,0 @@ - server { - server_name exchange.example.com; - root /dev/null; - - location / { - proxy_pass http://localhost:5555/; - proxy_redirect off; - proxy_set_header Host $host; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name backend.example.com; - - location / { - proxy_set_header X-Forwarded-Host "backend.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix "/"; - proxy_pass http://localhost:5556/; - proxy_redirect off; - proxy_set_header Host $host; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name webui-bank.example.com; - - location = / { - # Serves the SPA - index index.html; - proxy_pass http://localhost:15002/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name bank.example.com; - - location = / { - return 301 https://bank.example.com/webui; - - } - - location /webui/ { - index index.html; - proxy_pass http://127.0.0.1:15002/; - } - - - - location / { - recursive_error_pages on; - proxy_pass http://127.0.0.1:15000; - # Used, for example, to build the taler://-URIs - proxy_set_header X-Forwarded-Host "bank.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix "/"; - } - - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name shop.example.com; - - location / { - proxy_set_header X-Forwarded-Host "shop.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5559/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/shop.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/shop.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - - -} - - server { - server_name donations.example.com; - - location / { - proxy_set_header X-Forwarded-Host "donations.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5560/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - server { - server_name survey.example.com; - - location / { - proxy_set_header X-Forwarded-Host "survey.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5561/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - # Landing page that explains the demo. - server { - server_name example.com; - - location / { - proxy_pass http://localhost:5562/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - - -} - - server { - server_name sync.example.com; - - location / { - proxy_set_header X-Forwarded-Host "sync.example.com"; - proxy_set_header X-Forwarded-Proto "https"; - proxy_set_header X-Forwarded-Prefix /; - proxy_pass http://localhost:5563/; - } - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - - -} - - - server { - if ($host = backend.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name backend.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = bank.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name bank.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = blog.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name blog.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = donations.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name donations.example.com; - listen 80; - return 404; # managed by Certbot - - -} server { - if ($host = exchange.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name exchange.example.com; - listen 80; - return 404; # managed by Certbot - - -} - server { - if ($host = intro.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name intro.example.com; - return 404; # managed by Certbot - - - - listen 443 ssl; # managed by Certbot - ssl_certificate /etc/letsencrypt/live/backend.example.com/fullchain.pem; # managed by Certbot - ssl_certificate_key /etc/letsencrypt/live/backend.example.com/privkey.pem; # managed by Certbot - include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot - -} - - server { - if ($host = survey.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name survey.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = sync.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name sync.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = webui-bank.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - server_name webui-bank.example.com; - listen 80; - return 404; # managed by Certbot - - -} - - server { - if ($host = intro.example.com) { - return 301 https://$host$request_uri; - } # managed by Certbot - - - - - server_name intro.example.com; - listen 80; - return 404; # managed by Certbot - - -} diff --git a/sandcastle/restore-good.sh b/sandcastle/restore-good.sh deleted file mode 100755 index 727cd6a..0000000 --- a/sandcastle/restore-good.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# Save the current set of (known-good) images under a new tag with label "good-$TIMESTAMP" - -set -eu - -STAMP=$1 - -docker tag "taler_local/taler_base:good-$STAMP" "taler_local/taler_base:latest" -docker tag "sandcastle_talerdb:good-$STAMP" "sandcastle_talerdb:latest" -docker tag "sandcastle_merchant:good-$STAMP" "sandcastle_merchant:latest" -docker tag "sandcastle_exchange:good-$STAMP" "sandcastle_exchange:latest" -docker tag "sandcastle_bank:good-$STAMP" "sandcastle_bank:latest" diff --git a/sandcastle/save-good.sh b/sandcastle/save-good.sh deleted file mode 100755 index 90582ea..0000000 --- a/sandcastle/save-good.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -# Save the current set of (known-good) images under a new tag with label "good-$TIMESTAMP" - -set -eu - -STAMP=$(date +%s) - -docker tag "taler_local/taler_base:latest" "taler_local/taler_base:good-$STAMP" -docker tag "sandcastle_talerdb:latest" "sandcastle_talerdb:good-$STAMP" -docker tag "sandcastle_merchant:latest" "sandcastle_merchant:good-$STAMP" -docker tag "sandcastle_exchange:latest" "sandcastle_exchange:good-$STAMP" -docker tag "sandcastle_bank:latest" "sandcastle_bank:good-$STAMP" diff --git a/sandcastle/systemd/fund-rewards.service b/sandcastle/systemd/fund-rewards.service deleted file mode 100644 index faa4c37..0000000 --- a/sandcastle/systemd/fund-rewards.service +++ /dev/null @@ -1,10 +0,0 @@ -[Unit] -Description=fund rewards - -[Service] -Type=oneshot -WorkingDirectory=%h/deployment/sandcastle -ExecStart=/usr/bin/docker compose exec exchange bash -c "/fund-rewards.sh" - -[Install] -WantedBy=default.target diff --git a/sandcastle/systemd/fund-rewards.timer b/sandcastle/systemd/fund-rewards.timer deleted file mode 100644 index c69eeab..0000000 --- a/sandcastle/systemd/fund-rewards.timer +++ /dev/null @@ -1,11 +0,0 @@ -[Unit] -Description=Run fund rewards script -Requires=fund-rewards.service - -[Timer] -Unit=fund-rewards.service -OnCalendar=weekly -Persistent=true - -[Install] -WantedBy=timers.target diff --git a/sandcastle/test-docker-gv.sh b/sandcastle/test-docker-gv.sh deleted file mode 100755 index 068d73a..0000000 --- a/sandcastle/test-docker-gv.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/bash - -set -eu - -CURRENCY=KUDOS -HOST="demo.taler.net" -# HOST="int.taler.net" - -taler-wallet-cli --no-throttle api --expect-success 'runIntegrationTest' \ - '{"amountToSpend":"'$CURRENCY':1", - "amountToWithdraw":"'$CURRENCY':3", - "bankBaseUrl":"https://bank.'$HOST'/demobanks/default/access-api/", - "exchangeBaseUrl":"https://exchange.'$HOST'/", - "merchantBaseUrl":"https://backend.'$HOST'/", - "merchantAuthToken": "'$TALER_DOCKER_APIKEY'" - }' diff --git a/sandcastle/test-docker-localhost.sh b/sandcastle/test-docker-localhost.sh deleted file mode 100755 index 234d840..0000000 --- a/sandcastle/test-docker-localhost.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - -taler-wallet-cli --no-throttle api --expect-success 'runIntegrationTest' \ - '{"amountToSpend":"EUR:10", - "amountToWithdraw":"EUR:30", - "bankBaseUrl":"http://localhost:15000/demobanks/default/access-api/", - "exchangeBaseUrl":"http://localhost:5555/", - "merchantBaseUrl":"http://localhost:5556/", - "merchantAuthToken": "'${TALER_DOCKER_APIKEY:-secret-token:salt}'" - }' diff --git a/sandcastle/up.sh b/sandcastle/up.sh deleted file mode 100755 index 6cd7901..0000000 --- a/sandcastle/up.sh +++ /dev/null @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -exec docker compose up --remove-orphans --force-recreate --build --detach diff --git a/sandcastle/utils/enable-services.sh b/sandcastle/utils/enable-services.sh deleted file mode 100755 index 0feacbd..0000000 --- a/sandcastle/utils/enable-services.sh +++ /dev/null @@ -1,10 +0,0 @@ -#!/bin/bash - - -# Copy the fund-rewards.service and fund-rewards.timer files, to the host systemd folder - -cp systemd/fund-rewards.* ~/.config/systemd/user - -systemctl --user daemon-reload - -systemctl --user enable --now fund-rewards.timer diff --git a/sandcastle/utils/fund-rewards.sh b/sandcastle/utils/fund-rewards.sh deleted file mode 100755 index 6f76a39..0000000 --- a/sandcastle/utils/fund-rewards.sh +++ /dev/null @@ -1,74 +0,0 @@ -#!/bin/bash - -# This file is in the public domain. - -set -eu - -# Maybe add these to base Dockerfile as ENV? - -export LD_LIBRARY_PATH=/usr/local/lib -export GNUNET_FORCE_LOG=";;;;WARNING" - -# Configuration variables - Please change to your needs - -DOMAIN="demo.taler.net" - -# Program variables - No need to be changed by the user. - -MERCHANT_URL="https://backend.${DOMAIN}/" -MERCHANT_APIKEY=$(taler-config -c /config/deployment.conf -s taler-deployment -o merchant-apikey) -BANK_ACCESS_URL="https://bank.${DOMAIN}/demobanks/default/access-api/" -WIRE_METHOD="iban" -AMOUNT="100" # Amount to add, on each new reserve (tiptopup option) -BANK_ACCOUNT="survey-at-sandbox" -BANK_PASSWORD="secret-at-sandbox" -#BANK_PASSWORD=$(taler-config -c /config/deployment.conf -s taler-deployment -o db-password) -EXCHANGE_URL=$(taler-config -c /config/deployment.conf -s taler-deployment -o default-exchange) -EXCHANGE_URL="https://exchange.${DOMAIN}/" -# shellcheck disable=SC2034 -CURRENCY=$(taler-config -c /config/deployment.conf -s taler-deployment -o currency) - -# Obtain current reserves in json format -# Just one single call to the taler-harness program to avoid inconsistencies - -JSON=$(taler-harness deployment tip-status \ - --merchant-url "$MERCHANT_URL" \ - --merchant-apikey "$MERCHANT_APIKEY") - -# Calculate remaining funds - -ACTIVE_FUNDS=$(echo "$JSON" | jq '[.reserves[] | select(.active)]') - -# If there is ANY active reserve, then do the substraction -if [[ $ACTIVE_FUNDS != "[]" ]]; then -TOTAL_EXCHANGE_INITIAL_AMOUNT=$(echo "$ACTIVE_FUNDS" | jq --arg cur "$CURRENCY" '[.[].exchange_initial_amount | sub($cur + ":"; "") | tonumber] | add') -TOTAL_PICKUP_AMOUNT=$(echo "$ACTIVE_FUNDS" | jq --arg cur "$CURRENCY" '[.[].pickup_amount | sub($cur + ":"; "") | tonumber] | add') -TOTAL_RESERVE_AMOUNT=$((TOTAL_EXCHANGE_INITIAL_AMOUNT - TOTAL_PICKUP_AMOUNT)) -else -# Otherwise set variable to zero -TOTAL_RESERVE_AMOUNT=0 -fi - -# Decide whether add a new reserve, or leave it as is. - -if [ "$TOTAL_RESERVE_AMOUNT" -lt 100 ]; then - # Add new reserve amount of 100 units - taler-harness deployment tip-topup \ - --merchant-url "$MERCHANT_URL" \ - --merchant-apikey="$MERCHANT_APIKEY" \ - --bank-access-url "$BANK_ACCESS_URL" \ - --wire-method="$WIRE_METHOD" \ - --amount=KUDOS:"$AMOUNT" \ - --bank-account="$BANK_ACCOUNT" \ - --bank-password="$BANK_PASSWORD" \ - --exchange-url "$EXCHANGE_URL" -fi - -# If the json variable contains more than 100 records, wipe its content - -TOTAL_JSON_RECORDS=$(echo "$JSON" | jq '.[] | length') - -if [ "$TOTAL_JSON_RECORDS" -gt 100 ]; then - taler-harness deployment tip-cleanup --merchant-url "$BACKEND_URL" -fi - |