diff options
author | MS <ms@taler.net> | 2023-12-04 21:54:10 +0100 |
---|---|---|
committer | MS <ms@taler.net> | 2023-12-04 21:55:09 +0100 |
commit | ac38198d161f892cd63bf118e3d780096f879c37 (patch) | |
tree | 57c431affd25b6479b2fb12646f268819862bf4e | |
parent | bbb840a76aed609c4a188142d97095b722186c61 (diff) | |
download | deployment-ac38198d161f892cd63bf118e3d780096f879c37.tar.gz deployment-ac38198d161f892cd63bf118e3d780096f879c37.tar.bz2 deployment-ac38198d161f892cd63bf118e3d780096f879c37.zip |
netzbon deployment
- no duplicated lines in the conf files
- factoring out questions to helper function
-rw-r--r-- | netzbon/config_libeufin.sh | 5 | ||||
-rwxr-xr-x | netzbon/config_libeufin_bank.sh | 21 | ||||
-rwxr-xr-x | netzbon/config_libeufin_nexus.sh | 3 | ||||
-rwxr-xr-x | netzbon/functions.sh | 62 | ||||
-rwxr-xr-x | netzbon/main.sh | 77 | ||||
-rwxr-xr-x | netzbon/setup-exchange.sh | 65 |
6 files changed, 122 insertions, 111 deletions
diff --git a/netzbon/config_libeufin.sh b/netzbon/config_libeufin.sh new file mode 100644 index 0000000..9b413bd --- /dev/null +++ b/netzbon/config_libeufin.sh @@ -0,0 +1,5 @@ +#!/bin/bash + +libeufin-dbconfig +./config_libeufin_nexus.sh +./config_libeufin_bank.sh diff --git a/netzbon/config_libeufin_bank.sh b/netzbon/config_libeufin_bank.sh index d431932..2adba40 100755 --- a/netzbon/config_libeufin_bank.sh +++ b/netzbon/config_libeufin_bank.sh @@ -77,17 +77,7 @@ alt_unit_names = {"0":"NETZBON"} EOF fi -echo "GRANT USAGE ON SCHEMA libeufin_nexus TO \"libeufin-bank\"" \ - | sudo -i -u postgres psql libeufin - -echo "GRANT SELECT, INSERT, TRIGGER ON ALL TABLES IN SCHEMA libeufin_nexus TO \"libeufin-bank\"" \ - | sudo -i -u postgres psql libeufin - -say "Setting up libeufin-bank database" -libeufin-bank-dbconfig - say "Setting up libeufin-bank admin account" -# TODO DBUSER="libeufin-bank" ? sudo -u "libeufin-bank" libeufin-bank passwd admin "${BANK_ADMIN_PASSWORD}" say "Setting up SPA configuration..." @@ -101,7 +91,14 @@ EXCHANGE_WIRE_GATEWAY_URL="${PROTO}://bank.$DOMAIN_NAME/accounts/exchange/taler- # Communicating this to the exchange script, as the exchange # needs these for the /keys response. -echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >> config/internal.conf -echo "EXCHANGE_WIRE_GATEWAY_URL=\"${EXCHANGE_WIRE_GATEWAY_URL}\"" >> config/internal.conf + +if test -z "${EXCHANGE_PAYTO:-}"; then + echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >> config/internal.conf +fi + +if test -z "${EXCHANGE_WIRE_GATEWAY_URL:-}"; then + echo "EXCHANGE_WIRE_GATEWAY_URL=\"${EXCHANGE_WIRE_GATEWAY_URL}\"" >> config/internal.conf +fi + say "Start the bank..." systemctl enable --now libeufin-bank diff --git a/netzbon/config_libeufin_nexus.sh b/netzbon/config_libeufin_nexus.sh index e987013..44af3d5 100755 --- a/netzbon/config_libeufin_nexus.sh +++ b/netzbon/config_libeufin_nexus.sh @@ -16,9 +16,6 @@ taler-config -s nexus-postgres -o config \ taler-config -s nexus-ebics -o currency \ -V $FIAT_CURRENCY -c /etc/libeufin/libeufin-nexus.conf -say "Setting up libeufin-nexus database" -libeufin-nexus-dbconfig - say "Start nexus tasks..." systemctl enable --now libeufin-nexus-ebics-fetch systemctl enable --now libeufin-nexus-ebics-submit diff --git a/netzbon/functions.sh b/netzbon/functions.sh index 753d846..66ad22d 100755 --- a/netzbon/functions.sh +++ b/netzbon/functions.sh @@ -7,13 +7,66 @@ function say() { # Check user if the user is root function check_user() { - if [ "$(whoami)" != "root" ]; then say "Please run this script as root" exit 1 fi } +function ask_questions() { + if test -z "${CURRENCY:-}"; then + read -r -p "Enter the name of the regional currency (e.g. 'NETZBON'): " CURRENCY + # convert to all-caps + CURRENCY=$(echo "${CURRENCY}" | tr a-z A-Z) + # libeufin currenly doesn't like currency names less than 3 letters. + if [[ ${#CURRENCY} -lt 3 || ${#CURRENCY} -gt 11 ]]; then + say "Currency name must be between 3 and 10 letters" + exit 1 + fi + echo "CURRENCY=${CURRENCY}" >>config/user.conf + fi + if test -z "${FIAT_CURRENCY:-}"; then + read -r -p "Enter the name of the fiat currency (e.g. 'CHF'): " FIAT_CURRENCY + # convert to all-caps + FIAT_CURRENCY=$(echo "${FIAT_CURRENCY}" | tr a-z A-Z) + # libeufin currenly doesn't like currency names less than 3 letters. + if [[ ${#FIAT_CURRENCY} -lt 3 || ${#FIAT_CURRENCY} -gt 11 ]]; then + say "Currency name must be between 3 and 10 letters" + exit 1 + fi + echo "FIAT_CURRENCY=${FIAT_CURRENCY}" >>config/user.conf + fi + if test -z "${BANK_NAME:-}"; then + read -r -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME + echo "BANK_NAME=\"${BANK_NAME}\"" >>config/user.conf + fi + if test -z "${ENABLE_TLS:-}"; then + read -r -p "Use TLS? (y/n): " ENABLE_TLS + echo "ENABLE_TLS=${ENABLE_TLS}" >>config/user.conf + fi + if test -z "${DO_OFFLINE:-}"; then + read -r -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE + echo "DO_OFFLINE=${DO_OFFLINE}" >>config/user.conf + fi + if test -z "${MASTER_PUBLIC_KEY:-}"; then + if test "${DO_OFFLINE:-y}" == n; then + read -r -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY + echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf + fi + fi + if test -z "${BANK_ADMIN_PASSWORD:-}"; then + read -r -s -p "Enter the admin password for the bank: " BANK_ADMIN_PASSWORD + echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf + echo "" # force new line + fi + if test -z "${DOMAIN_NAME:-}"; then + read -r -p "Enter the domain name: " DOMAIN_NAME + # convert to lower-case + DOMAIN_NAME=$(echo "${DOMAIN_NAME}" | tr A-Z a-z) + echo "DOMAIN_NAME=${DOMAIN_NAME}" >>config/user.conf + fi +} + # Set DISTRO to the detected distro or return non-zero # status if distro not supported. function detect_distro() { @@ -25,3 +78,10 @@ function detect_distro() { echo "Unsupported distro, should be either ubuntu or debian" >&2 return 1 } + +function config_services() { + ./config_libeufin.sh + ./config_nginx.sh + ./setup-exchange.sh + ./setup-merchant.sh +} diff --git a/netzbon/main.sh b/netzbon/main.sh index 769b407..585cf34 100755 --- a/netzbon/main.sh +++ b/netzbon/main.sh @@ -26,57 +26,8 @@ say "" say "All configuration values asked during the setup script" say "can be changed in config/user.conf" -if test -z "${CURRENCY:-}"; then - read -r -p "Enter the name of the regional currency (e.g. 'NETZBON'): " CURRENCY - # convert to all-caps - CURRENCY=$(echo "${CURRENCY}" | tr a-z A-Z) - # libeufin currenly doesn't like currency names less than 3 letters. - if [[ ${#CURRENCY} -lt 3 || ${#CURRENCY} -gt 11 ]]; then - say "Currency name must be between 3 and 10 letters" - exit 1 - fi - echo "CURRENCY=${CURRENCY}" >>config/user.conf -fi -if test -z "${FIAT_CURRENCY:-}"; then - read -r -p "Enter the name of the fiat currency (e.g. 'CHF'): " FIAT_CURRENCY - # convert to all-caps - FIAT_CURRENCY=$(echo "${FIAT_CURRENCY}" | tr a-z A-Z) - # libeufin currenly doesn't like currency names less than 3 letters. - if [[ ${#FIAT_CURRENCY} -lt 3 || ${#FIAT_CURRENCY} -gt 11 ]]; then - say "Currency name must be between 3 and 10 letters" - exit 1 - fi - echo "FIAT_CURRENCY=${FIAT_CURRENCY}" >>config/user.conf -fi -if test -z "${BANK_NAME:-}"; then - read -r -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME - echo "BANK_NAME=\"${BANK_NAME}\"" >>config/user.conf -fi -if test -z "${ENABLE_TLS:-}"; then - read -r -p "Use TLS? (y/n): " ENABLE_TLS - echo "ENABLE_TLS=${ENABLE_TLS}" >>config/user.conf -fi -if test -z "${DO_OFFLINE:-}"; then - read -r -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE - echo "DO_OFFLINE=${DO_OFFLINE}" >>config/user.conf -fi -if test -z "${MASTER_PUBLIC_KEY:-}"; then - if test "${DO_OFFLINE:-y}" == n; then - read -r -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY - echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf - fi -fi -if test -z "${BANK_ADMIN_PASSWORD:-}"; then - read -r -s -p "Enter the admin password for the bank: " BANK_ADMIN_PASSWORD - echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf - echo "" # force new line -fi -if test -z "${DOMAIN_NAME:-}"; then - read -r -p "Enter the domain name: " DOMAIN_NAME - # convert to lower-case - DOMAIN_NAME=$(echo "${DOMAIN_NAME}" | tr A-Z a-z) - echo "DOMAIN_NAME=${DOMAIN_NAME}" >>config/user.conf -fi +ask_questions + # END USER INTERACTION # Check DNS settings @@ -102,20 +53,20 @@ if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then echo "BANK_EXCHANGE_PASSWORD=\"${BANK_EXCHANGE_PASSWORD}\"" >>config/internal.conf fi -# TODO With port should be use ? ask user ? -echo "BANK_PORT=8080" >>config/user.conf -if test "${ENABLE_TLS:-}" == "y"; then - PROTO="https" -else - PROTO="http" +if test -z "${BANK_PORT:-}"; then + echo "BANK_PORT=8080" >>config/user.conf +fi + +if test -z "${PROTO:-}"; then + if test "${ENABLE_TLS:-}" == "y"; then + PROTO="https" + else + PROTO="http" + fi + echo "PROTO=$PROTO">>config/internal.conf fi -echo "PROTO=$PROTO">>config/internal.conf -./config_libeufin_nexus.sh -./config_libeufin_bank.sh -./config_nginx.sh -./setup-exchange.sh -./setup-merchant.sh +config_services # Final message to the user say "Congratulations, you have successfully installed GNU Taler" diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh index 41ec082..614766e 100755 --- a/netzbon/setup-exchange.sh +++ b/netzbon/setup-exchange.sh @@ -70,9 +70,9 @@ if test -z "${MASTER_PUBLIC_KEY:-}"; then exit 1 fi say "Setting up offline key" - echo -e "[exchange-offline]\n" \ - "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n" \ - "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n" \ + echo -e "[exchange-offline]\n"\ + "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\ + "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\ >/etc/taler/conf.d/offline-setup.conf MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) @@ -103,30 +103,30 @@ say "Configuring exchange" export EXCHANGE_BASE_URL="$PROTO://exchange.${DOMAIN_NAME}/" # Generate /etc/taler/conf.d/setup.conf -echo -e "[taler]\n" \ - "CURRENCY=${CURRENCY}\n" \ - "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n" \ - "\n[exchange]\n" \ - "AML_THRESHOLD=${CURRENCY}:1000000\n" \ - "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n" \ - "BASE_URL=${EXCHANGE_BASE_URL}\n" \ - "\n[merchant-exchange-${DOMAIN_NAME}]\n" \ - "MASTER_KEY=${MASTER_PUBLIC_KEY}\n" \ - "CURRENCY=${CURRENCY}\n" \ - "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n" \ - "\n[exchange-account-default]\n" \ - "PAYTO_URI=${EXCHANGE_PAYTO}\n" \ - "ENABLE_DEBIT=YES\n" \ - "ENABLE_CREDIT=YES\n" \ - "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \ - "\n[currency-netzbon]\n" \ - "ENABLED=YES\n" \ - "name=NetzBon\n" \ - "code=NETZBON\n" \ - "fractional_input_digits=2\n" \ - "fractional_normal_digits=2\n" \ - "fractional_trailing_zero_digits=2\n" \ - "alt_unit_names = {\"0\":\"NETZBON\"}\n" \ +echo -e "[taler]\n"\ + "CURRENCY=${CURRENCY}\n"\ + "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\ + "\n[exchange]\n"\ + "AML_THRESHOLD=${CURRENCY}:1000000\n"\ + "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\ + "BASE_URL=${EXCHANGE_BASE_URL}\n"\ + "\n[merchant-exchange-${DOMAIN_NAME}]\n"\ + "MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\ + "CURRENCY=${CURRENCY}\n"\ + "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\ + "\n[exchange-account-default]\n"\ + "PAYTO_URI=${EXCHANGE_PAYTO}\n"\ + "ENABLE_DEBIT=YES\n"\ + "ENABLE_CREDIT=YES\n"\ + "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n"\ + "\n[currency-netzbon]\n"\ + "ENABLED=YES\n"\ + "name=NetzBon\n"\ + "code=NETZBON\n"\ + "fractional_input_digits=2\n"\ + "fractional_normal_digits=2\n"\ + "fractional_trailing_zero_digits=2\n"\ + "alt_unit_names = {\"0\":\"NETZBON\"}\n"\ >/etc/taler/conf.d/setup.conf echo -e "[exchangedb-postgres]\n" \ @@ -135,12 +135,13 @@ echo -e "[exchangedb-postgres]\n" \ chmod 440 /etc/taler/secrets/exchange-db.secret.conf chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf -echo -e "[exchange-accountcredentials-default]\n" \ - "WIRE_GATEWAY_URL=${EXCHANGE_WIRE_GATEWAY_URL}\n" \ - "WIRE_GATEWAY_AUTH_METHOD=basic\n" \ - "USERNAME=Exchange\n" \ - "PASSWORD=${BANK_EXCHANGE_PASSWORD}\n" \ +echo -e "[exchange-accountcredentials-default]\n"\ + "WIRE_GATEWAY_URL=${EXCHANGE_WIRE_GATEWAY_URL}\n"\ + "WIRE_GATEWAY_AUTH_METHOD=basic\n"\ + "USERNAME=Exchange\n"\ + "PASSWORD=${BANK_EXCHANGE_PASSWORD}\n"\ >/etc/taler/secrets/exchange-accountcredentials-default.secret.conf + chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf |