netzbon deployment

- no duplicated lines in the conf files
- factoring out questions to helper function

6 files changed, 122 insertions, 111 deletions

diff --git a/netzbon/config_libeufin.sh b/netzbon/config_libeufin.sh
new file mode 100644
index 0000000..9b413bd
--- /dev/null
+++ b/netzbon/config_libeufin.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+
+libeufin-dbconfig
+./config_libeufin_nexus.sh
+./config_libeufin_bank.sh
diff --git a/netzbon/config_libeufin_bank.sh b/netzbon/config_libeufin_bank.sh
index d431932..2adba40 100755
--- a/netzbon/config_libeufin_bank.sh
+++ b/netzbon/config_libeufin_bank.sh
@@ -77,17 +77,7 @@ alt_unit_names = {"0":"NETZBON"}
 EOF
 fi
 
-echo "GRANT USAGE ON SCHEMA libeufin_nexus TO \"libeufin-bank\"" \
-  | sudo -i -u postgres psql libeufin
-
-echo "GRANT SELECT, INSERT, TRIGGER ON ALL TABLES IN SCHEMA libeufin_nexus TO \"libeufin-bank\"" \
-  | sudo -i -u postgres psql libeufin
-
-say "Setting up libeufin-bank database"
-libeufin-bank-dbconfig
-
 say "Setting up libeufin-bank admin account"
-# TODO DBUSER="libeufin-bank" ?
 sudo -u "libeufin-bank" libeufin-bank passwd admin "${BANK_ADMIN_PASSWORD}"
 
 say "Setting up SPA configuration..."
@@ -101,7 +91,14 @@ EXCHANGE_WIRE_GATEWAY_URL="${PROTO}://bank.$DOMAIN_NAME/accounts/exchange/taler-
 
 # Communicating this to the exchange script, as the exchange
 # needs these for the /keys response.
-echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >> config/internal.conf
-echo "EXCHANGE_WIRE_GATEWAY_URL=\"${EXCHANGE_WIRE_GATEWAY_URL}\"" >> config/internal.conf
+
+if test -z "${EXCHANGE_PAYTO:-}"; then
+  echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >> config/internal.conf
+fi
+
+if test -z "${EXCHANGE_WIRE_GATEWAY_URL:-}"; then
+  echo "EXCHANGE_WIRE_GATEWAY_URL=\"${EXCHANGE_WIRE_GATEWAY_URL}\"" >> config/internal.conf
+fi
+
 say "Start the bank..."
 systemctl enable --now libeufin-bank
diff --git a/netzbon/config_libeufin_nexus.sh b/netzbon/config_libeufin_nexus.sh
index e987013..44af3d5 100755
--- a/netzbon/config_libeufin_nexus.sh
+++ b/netzbon/config_libeufin_nexus.sh
@@ -16,9 +16,6 @@ taler-config -s nexus-postgres -o config \
 taler-config -s nexus-ebics -o currency \
   -V $FIAT_CURRENCY -c /etc/libeufin/libeufin-nexus.conf
 
-say "Setting up libeufin-nexus database"
-libeufin-nexus-dbconfig
-
 say "Start nexus tasks..."
 systemctl enable --now libeufin-nexus-ebics-fetch
 systemctl enable --now libeufin-nexus-ebics-submit
diff --git a/netzbon/functions.sh b/netzbon/functions.sh
index 753d846..66ad22d 100755
--- a/netzbon/functions.sh
+++ b/netzbon/functions.sh
@@ -7,13 +7,66 @@ function say() {
 
 # Check user if the user is root
 function check_user() {
-
   if [ "$(whoami)" != "root" ]; then
     say "Please run this script as root"
     exit 1
   fi
 }
 
+function ask_questions() {
+  if test -z "${CURRENCY:-}"; then
+    read -r -p "Enter the name of the regional currency (e.g. 'NETZBON'): " CURRENCY
+    # convert to all-caps
+    CURRENCY=$(echo "${CURRENCY}" | tr a-z A-Z)
+    # libeufin currenly doesn't like currency names less than 3 letters.
+    if [[ ${#CURRENCY} -lt 3 || ${#CURRENCY} -gt 11 ]]; then
+      say "Currency name must be between 3 and 10 letters"
+      exit 1
+    fi
+    echo "CURRENCY=${CURRENCY}" >>config/user.conf
+  fi
+  if test -z "${FIAT_CURRENCY:-}"; then
+    read -r -p "Enter the name of the fiat currency (e.g. 'CHF'): " FIAT_CURRENCY
+    # convert to all-caps
+    FIAT_CURRENCY=$(echo "${FIAT_CURRENCY}" | tr a-z A-Z)
+    # libeufin currenly doesn't like currency names less than 3 letters.
+    if [[ ${#FIAT_CURRENCY} -lt 3 || ${#FIAT_CURRENCY} -gt 11 ]]; then
+      say "Currency name must be between 3 and 10 letters"
+      exit 1
+    fi
+    echo "FIAT_CURRENCY=${FIAT_CURRENCY}" >>config/user.conf
+  fi
+  if test -z "${BANK_NAME:-}"; then
+    read -r -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME
+    echo "BANK_NAME=\"${BANK_NAME}\"" >>config/user.conf
+  fi
+  if test -z "${ENABLE_TLS:-}"; then
+    read -r -p "Use TLS? (y/n): " ENABLE_TLS
+    echo "ENABLE_TLS=${ENABLE_TLS}" >>config/user.conf
+  fi
+  if test -z "${DO_OFFLINE:-}"; then
+    read -r -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE
+    echo "DO_OFFLINE=${DO_OFFLINE}" >>config/user.conf
+  fi
+  if test -z "${MASTER_PUBLIC_KEY:-}"; then
+    if test "${DO_OFFLINE:-y}" == n; then
+      read -r -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY
+      echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf
+    fi
+  fi
+  if test -z "${BANK_ADMIN_PASSWORD:-}"; then
+    read -r -s -p "Enter the admin password for the bank: " BANK_ADMIN_PASSWORD
+    echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf
+    echo "" # force new line
+  fi
+  if test -z "${DOMAIN_NAME:-}"; then
+    read -r -p "Enter the domain name: " DOMAIN_NAME
+    # convert to lower-case
+    DOMAIN_NAME=$(echo "${DOMAIN_NAME}" | tr A-Z a-z)
+    echo "DOMAIN_NAME=${DOMAIN_NAME}" >>config/user.conf
+  fi
+}
+
 # Set DISTRO to the detected distro or return non-zero
 # status if distro not supported.
 function detect_distro() {
@@ -25,3 +78,10 @@ function detect_distro() {
   echo "Unsupported distro, should be either ubuntu or debian" >&2
   return 1
 }
+
+function config_services() {
+  ./config_libeufin.sh
+  ./config_nginx.sh
+  ./setup-exchange.sh
+  ./setup-merchant.sh
+}
diff --git a/netzbon/main.sh b/netzbon/main.sh
index 769b407..585cf34 100755
--- a/netzbon/main.sh
+++ b/netzbon/main.sh
@@ -26,57 +26,8 @@ say ""
 say "All configuration values asked during the setup script"
 say "can be changed in config/user.conf"
 
-if test -z "${CURRENCY:-}"; then
-  read -r -p "Enter the name of the regional currency (e.g. 'NETZBON'): " CURRENCY
-  # convert to all-caps
-  CURRENCY=$(echo "${CURRENCY}" | tr a-z A-Z)
-  # libeufin currenly doesn't like currency names less than 3 letters.
-  if [[ ${#CURRENCY} -lt 3 || ${#CURRENCY} -gt 11 ]]; then
-    say "Currency name must be between 3 and 10 letters"
-    exit 1
-  fi
-  echo "CURRENCY=${CURRENCY}" >>config/user.conf
-fi
-if test -z "${FIAT_CURRENCY:-}"; then
-  read -r -p "Enter the name of the fiat currency (e.g. 'CHF'): " FIAT_CURRENCY
-  # convert to all-caps
-  FIAT_CURRENCY=$(echo "${FIAT_CURRENCY}" | tr a-z A-Z)
-  # libeufin currenly doesn't like currency names less than 3 letters.
-  if [[ ${#FIAT_CURRENCY} -lt 3 || ${#FIAT_CURRENCY} -gt 11 ]]; then
-    say "Currency name must be between 3 and 10 letters"
-    exit 1
-  fi
-  echo "FIAT_CURRENCY=${FIAT_CURRENCY}" >>config/user.conf
-fi
-if test -z "${BANK_NAME:-}"; then
-  read -r -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME
-  echo "BANK_NAME=\"${BANK_NAME}\"" >>config/user.conf
-fi
-if test -z "${ENABLE_TLS:-}"; then
-  read -r -p "Use TLS? (y/n): " ENABLE_TLS
-  echo "ENABLE_TLS=${ENABLE_TLS}" >>config/user.conf
-fi
-if test -z "${DO_OFFLINE:-}"; then
-  read -r -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE
-  echo "DO_OFFLINE=${DO_OFFLINE}" >>config/user.conf
-fi
-if test -z "${MASTER_PUBLIC_KEY:-}"; then
-  if test "${DO_OFFLINE:-y}" == n; then
-    read -r -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY
-    echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf
-  fi
-fi
-if test -z "${BANK_ADMIN_PASSWORD:-}"; then
-  read -r -s -p "Enter the admin password for the bank: " BANK_ADMIN_PASSWORD
-  echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf
-  echo "" # force new line
-fi
-if test -z "${DOMAIN_NAME:-}"; then
-  read -r -p "Enter the domain name: " DOMAIN_NAME
-  # convert to lower-case
-  DOMAIN_NAME=$(echo "${DOMAIN_NAME}" | tr A-Z a-z)
-  echo "DOMAIN_NAME=${DOMAIN_NAME}" >>config/user.conf
-fi
+ask_questions
+
 # END USER INTERACTION
 
 # Check DNS settings
@@ -102,20 +53,20 @@ if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
   echo "BANK_EXCHANGE_PASSWORD=\"${BANK_EXCHANGE_PASSWORD}\"" >>config/internal.conf
 fi
 
-# TODO With port should be use ? ask user ?
-echo "BANK_PORT=8080" >>config/user.conf
-if test "${ENABLE_TLS:-}" == "y"; then
-  PROTO="https"
-else
-  PROTO="http"
+if test -z "${BANK_PORT:-}"; then
+  echo "BANK_PORT=8080" >>config/user.conf
+fi
+
+if test -z "${PROTO:-}"; then
+  if test "${ENABLE_TLS:-}" == "y"; then
+    PROTO="https"
+  else
+    PROTO="http"
+  fi
+  echo "PROTO=$PROTO">>config/internal.conf
 fi
-echo "PROTO=$PROTO">>config/internal.conf
 
-./config_libeufin_nexus.sh
-./config_libeufin_bank.sh
-./config_nginx.sh
-./setup-exchange.sh
-./setup-merchant.sh
+config_services
 
 # Final message to the user
 say "Congratulations, you have successfully installed GNU Taler"
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
index 41ec082..614766e 100755
--- a/netzbon/setup-exchange.sh
+++ b/netzbon/setup-exchange.sh
@@ -70,9 +70,9 @@ if test -z "${MASTER_PUBLIC_KEY:-}"; then
     exit 1
   fi
   say "Setting up offline key"
-  echo -e "[exchange-offline]\n" \
-    "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n" \
-    "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n" \
+  echo -e "[exchange-offline]\n"\
+    "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\
+    "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\
     >/etc/taler/conf.d/offline-setup.conf
 
   MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup)
@@ -103,30 +103,30 @@ say "Configuring exchange"
 export EXCHANGE_BASE_URL="$PROTO://exchange.${DOMAIN_NAME}/"
 
 # Generate /etc/taler/conf.d/setup.conf
-echo -e "[taler]\n" \
-  "CURRENCY=${CURRENCY}\n" \
-  "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n" \
-  "\n[exchange]\n" \
-  "AML_THRESHOLD=${CURRENCY}:1000000\n" \
-  "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n" \
-  "BASE_URL=${EXCHANGE_BASE_URL}\n" \
-  "\n[merchant-exchange-${DOMAIN_NAME}]\n" \
-  "MASTER_KEY=${MASTER_PUBLIC_KEY}\n" \
-  "CURRENCY=${CURRENCY}\n" \
-  "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n" \
-  "\n[exchange-account-default]\n" \
-  "PAYTO_URI=${EXCHANGE_PAYTO}\n" \
-  "ENABLE_DEBIT=YES\n" \
-  "ENABLE_CREDIT=YES\n" \
-  "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \
-  "\n[currency-netzbon]\n" \
-  "ENABLED=YES\n" \
-  "name=NetzBon\n" \
-  "code=NETZBON\n" \
-  "fractional_input_digits=2\n" \
-  "fractional_normal_digits=2\n" \
-  "fractional_trailing_zero_digits=2\n" \
-  "alt_unit_names = {\"0\":\"NETZBON\"}\n" \
+echo -e "[taler]\n"\
+  "CURRENCY=${CURRENCY}\n"\
+  "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\
+  "\n[exchange]\n"\
+  "AML_THRESHOLD=${CURRENCY}:1000000\n"\
+  "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\
+  "BASE_URL=${EXCHANGE_BASE_URL}\n"\
+  "\n[merchant-exchange-${DOMAIN_NAME}]\n"\
+  "MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\
+  "CURRENCY=${CURRENCY}\n"\
+  "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\
+  "\n[exchange-account-default]\n"\
+  "PAYTO_URI=${EXCHANGE_PAYTO}\n"\
+  "ENABLE_DEBIT=YES\n"\
+  "ENABLE_CREDIT=YES\n"\
+  "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n"\
+  "\n[currency-netzbon]\n"\
+  "ENABLED=YES\n"\
+  "name=NetzBon\n"\
+  "code=NETZBON\n"\
+  "fractional_input_digits=2\n"\
+  "fractional_normal_digits=2\n"\
+  "fractional_trailing_zero_digits=2\n"\
+  "alt_unit_names = {\"0\":\"NETZBON\"}\n"\
   >/etc/taler/conf.d/setup.conf
 
 echo -e "[exchangedb-postgres]\n" \
@@ -135,12 +135,13 @@ echo -e "[exchangedb-postgres]\n" \
 chmod 440 /etc/taler/secrets/exchange-db.secret.conf
 chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
 
-echo -e "[exchange-accountcredentials-default]\n" \
-  "WIRE_GATEWAY_URL=${EXCHANGE_WIRE_GATEWAY_URL}\n" \
-  "WIRE_GATEWAY_AUTH_METHOD=basic\n" \
-  "USERNAME=Exchange\n" \
-  "PASSWORD=${BANK_EXCHANGE_PASSWORD}\n" \
+echo -e "[exchange-accountcredentials-default]\n"\
+  "WIRE_GATEWAY_URL=${EXCHANGE_WIRE_GATEWAY_URL}\n"\
+  "WIRE_GATEWAY_AUTH_METHOD=basic\n"\
+  "USERNAME=Exchange\n"\
+  "PASSWORD=${BANK_EXCHANGE_PASSWORD}\n"\
   >/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+
 chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
 chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf