diff options
| author | Christian Grothoff <christian@grothoff.org> | 2023-03-07 17:58:50 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2023-03-07 17:58:50 +0100 |
| commit | 2275f14e815a9218685a16de8a9359daaf41913c (patch) | |
| tree | d881d1e1c7ce7e982e54dbd76ec8d0ac6022ca58 | |
| parent | 17f189e268a59ff1573b4ca5ebeda33f39032f0f (diff) | |
| download | deployment-2275f14e815a9218685a16de8a9359daaf41913c.tar.gz deployment-2275f14e815a9218685a16de8a9359daaf41913c.tar.bz2 deployment-2275f14e815a9218685a16de8a9359daaf41913c.zip | |
revert Javier's patch
| -rwxr-xr-x | netzbon/config_nginx.sh | 64 | ||||
| -rwxr-xr-x | netzbon/functions.sh | 160 | ||||
| -rwxr-xr-x | netzbon/main.sh | 159 | ||||
| -rwxr-xr-x | netzbon/setup-exchange.sh | 171 |
4 files changed, 278 insertions, 276 deletions
diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh index e318096..1d355fd 100755 --- a/netzbon/config_nginx.sh +++ b/netzbon/config_nginx.sh @@ -1,44 +1,54 @@ #!/bin/bash # This file is in the public domain. +set -eu + # Inputs: DOMAIN_NAME & ENABLE_TLS source functions.sh source config/user.conf source config/internal.conf -say "Configuring Nginx" - -systemctl start nginx +if test -z ${DOMAIN_NAME:-} +then + say "Error: config/user.conf does not specify DOMAIN_NAME" + exit 1 +fi +if test -z ${ENABLE_TLS:-} +then + say "Error: config/user.conf does not specify ENABLE_TLS" + exit 1 +fi -# Paths of NGINX +say "Configuring Nginx" SITES_AVAILABLE_DIR=/etc/nginx/sites-available SITES_ENABLED_DIR=/etc/nginx/sites-enabled -# SED replacements - NGINX sites-available - -# taler-exchange -sed -i 's/server_name localhost/server_name exchange.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-exchange -sed -i 's/"localhost"/"exchange.${DOMAIN_NAME}"/g' ${SITES_AVAILABLE_DIR}/taler-exchange - -# taler-merchant -sed -i 's/server_name localhost/server_name merchant.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-medrchant - -# libeufin-sandbox -sed -i 's/server_name localhost/server_name bank.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/libeufin-sandbox - -# Sym links for NGINX sites-enabled - -ln -s ${SITES_AVAILABLE_DIR}/taler-exchange ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/taler-merchant ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} -ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} - -# Obtain SSL certificates with Certbot - -# TODO: check nginx, check dns ping, first. - -if test ${ENABLE_TLS} = "y" +cat ${SITES_AVAILABLE_DIR}/taler-exchange \ + | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \ + | sed -e "s/location \/taler-exchange\//location \//g" \ + > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} +rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} +ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME} + +cat ${SITES_AVAILABLE_DIR}/taler-merchant \ + | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \ + | sed -e "s/location \/taler-merchant\//location \//g" \ + > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} +rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} +ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME} + +cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \ + | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \ + > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} +rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} +ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME} + +say "Restarting Nginx with new configuration" +systemctl restart nginx + +if test ${ENABLE_TLS} == "y" then say "Obtaining TLS certificates" diff --git a/netzbon/functions.sh b/netzbon/functions.sh index 9820ca6..afdd12e 100755 --- a/netzbon/functions.sh +++ b/netzbon/functions.sh @@ -1,14 +1,15 @@ #!/bin/bash # Message -# ----------------------------------- + function say() { echo "TALER: " "$@" } + # Check user if the user is root -# ----------------------------------- + function check_user() { @@ -18,135 +19,36 @@ function check_user() fi } -# Asks several questions to the user -# ----------------------------------- -function ask() -{ - -# DOMAIN_NAME - -if [ $1 == "DOMAIN_NAME" ]; then - read -p "Enter the domain name: " DOMAIN_NAME -fi - -# ENABLE_TLS - -if [ $1 == "ENABLE_TLS" ]; then - read -p "Use TLS? (y/n): " ENABLE_TLS -fi - -# CURRENCY - -if [ $1 == "CURRENCY" ]; then - read -p "Enter the name of the currency (e.g. 'EUR'):" CURRENCY -fi - -# BANK_NAME - -if [ $1 == "BANK_NAME" ]; then - read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME - -fi - -# DO_OFFLINE - -if [ $1 == "DO_OFFLINE" ]; then - read -p "Run taler-exchange offline? (y/n): " DO_OFFLINE -fi - -# MASTER_PUBLIC_KEY - -if [ $1 == "MASTER_PUBLIC_KEY" ]; then - if [ $2 == "DO_OFFLINE" ] && [ $DO_OFFLINE == 'n' ]; then - read -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY - fi -fi - -# SANDBOX_ADMIN_PASSWORD - -if [ $1 == "SANDBOX_ADMIN_PASSWORD" ]; then - read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD - echo "" # force new line -fi - -# SANDBOX_EXCHANGE_PASSWORD - -if [ $1 == "SANDBOX_EXCHANGE_PASSWORD" ]; then - SANDBOX_EXCHANGE_PASSWORD=`uuidgen` - -fi - - -# NEXUS_EXCHANGE_PASSWORD - -if [ $1 == "NEXUS_EXCHANGE_PASSWORD" ]; then - NEXUS_EXCHANGE_PASSWORD=`uuidgen` -fi - -} - - - -function check_nexus_exchange () -{ - -if test -z ${LIBEUFIN_NEXUS_USERNAME:-} -then - say "Failure: LIBEUFIN_NEXUS_USERNAME not set" - exit 1 -fi - -if test -z ${NEXUS_EXCHANGE_PASSWORD:-} -then - say "Failure: NEXUS_EXCHANGE_PASSWORD not set" - exit 1 -fi - -if test -z ${EXCHANGE_IBAN:-} -then - say "Failure: EXCHANGE_IBAN not set" - exit 1 -fi -if test -z ${EXCHANGE_PAYTO:-} -then - say "Failure: EXCHANGE_PAYTO not set" - exit 1 -fi - -} - - -# Ask about whether use TLS or not -# ----------------------------------- - -function ask_tls() +# Create users "exchange" and "merchant" +# Deprecated: should be done by Debian! +function create_users() { - -read -p "Use TLS? (y/n): " ENABLE_TLS - -if test ${ENABLE_TLS} == "y" -then - PROTO="https" -else - PROTO="http" -fi + say "Creating users" + for n in exchange merchant + do + # Only setup use if it does not yet exist + if test ! -d /home/$n + then + adduser --disabled-password $n + fi + done } -# Check network -# ----------------------------------- - -check_dns() +# Assign group and permissions to users +# Deprecated: should be done by Debian! +function assign_user_permissions() { - -ping -c1 exchange.${DOMAIN_NAME} # &> /dev/null - - -if test 0 != $? -then - say "Could not ping TO exchange.${DOMAIN_NAME}." - say "Please make sure your DNS/network are working." - exit 1 -fi - + for n in exchange merchant + do + adduser www-data $n + mkdir -p /home/$n/.config/ + # FIXME + # cp -r $n/* /home/$n/ + # TODO: No taler.conf is provided + # mv /home/$n/taler.conf /home/$n/.config/taler.conf + chmod 600 /home/$n/.config/taler.conf + chown -R $n:$n /home/$n/ + su - postgres -c "createuser $n" + su - postgres -c "createdb -O $n taler-$n" + done } - diff --git a/netzbon/main.sh b/netzbon/main.sh index f442e98..f88db95 100755 --- a/netzbon/main.sh +++ b/netzbon/main.sh @@ -2,109 +2,111 @@ # This file is in the public domain. # main.sh is the main script that asks the questions and -# puts the answers into environment variables located at "config/internal.conf,user.conf" files +# puts the answers into environment variables located at "config/taler-internal.conf or config/taler.conf" files # Nginx configuration - Reads values directly from these "config files". set -eu -# Include functions source file +# include functions source file source functions.sh -# CHECK if user is "root", otherwise EXIT. - -check_user - - -# INSTALLATION of Debian packages - -. install_debian_packages.sh - - -# Create folder and configuration files - +# include variables from configuration mkdir -p config/ - -if [ -f config/user.conf ] || [ -f config/internal.conf ]; then - cat /dev/null > config/user.conf - cat /dev/null > config/internal.conf -else - touch config/user.conf - touch config/internal.conf -fi - -# Include configuration files (user and internal) - +touch config/user.conf config/internal.conf +# Values supplied by user source config/user.conf +# Values we generated source config/internal.conf +# Ask questions to user # START USER INTERACTION - echo "TALER: Welcome to the GNU Taler Debian setup!" -# ASK questions - -ask "DOMAIN_NAME" -ask_tls "ENABLE_TLS" - -ask "CURRENCY" -ask "BANK_NAME" -ask "DO_OFFLINE" - -ask "MASTER_PUBLIC_KEY" "DO_OFFLINE" - -ask "SANDBOX_ADMIN_PASSWORD" -ask "SANDBOX_EXCHANGE_PASSWORD" - -ask "NEXUS_ADMIN_PASSWORD" -ask "NEXUS_EXCHANGE_PASSWORD" - - +if test -z "${CURRENCY:-}" +then + read -p "Enter the name of the currency (e.g. 'EUR'): " CURRENCY + # convert to all-caps + CURRENCY=`echo ${CURRENCY} | tr a-z A-Z` + echo "CURRENCY=${CURRENCY}" >> config/user.conf +fi +if test -z "${BANK_NAME:-}" +then + read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME + echo "BANK_NAME=\"${BANK_NAME}\"" >> config/user.conf +fi +if test -z "${ENABLE_TLS:-}" +then + read -p "Use TLS? (y/n): " ENABLE_TLS + echo "ENABLE_TLS=${ENABLE_TLS}" >> config/user.conf +fi +if test -z "${DO_OFFLINE:-}" +then + read -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE + echo "DO_OFFLINE=${DO_OFFLINE}" >> config/user.conf +fi +if test -z "${MASTER_PUBLIC_KEY:-}" +then + if test ${DO_OFFLINE:-y} == n + then + read -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY + echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >> config/user.conf + fi +fi +if test -z "${SANDBOX_ADMIN_PASSWORD:-}" +then + read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD + echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >> config/user.conf + echo "" # force new line +fi +if test -z "${DOMAIN_NAME:-}" +then + read -p "Enter the domain name: " DOMAIN_NAME + # convert to lower-case + DOMAIN_NAME=`echo ${DOMAIN_NAME} | tr A-Z a-z` + echo "DOMAIN_NAME=${DOMAIN_NAME}" >> config/user.conf +fi # END USER INTERACTION +# Check DNS settings +ping -c1 exchange.${DOMAIN_NAME} &> /dev/null +if test 0 != $? +then + say "Could not ping exchange.${DOMAIN_NAME}." + say "Please make sure your DNS/network are working." + exit 1 +fi -# COPY values from variables -> to the configuration files. - -# user.conf - -# Please note "^^" means convert to uppercase -echo "CURRENCY=${CURRENCY^^}" >> config/user.conf -echo "BANK_NAME=\"${BANK_NAME}\"" >> config/user.conf -echo "ENABLE_TLS=${ENABLE_TLS}" >> config/user.conf -echo "DO_OFFLINE=${DO_OFFLINE}" >> config/user.conf -echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >> config/user.conf -echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >> config/user.conf - -# Please note ",," means convert to lowercase -echo "DOMAIN_NAME=${DOMAIN_NAME,,}" >> config/user.conf - -# internal.conf - -echo "NEXUS_EXCHANGE_PASSWORD=${NEXUS_EXCHANGE_PASSWORD}" >> config/internal.conf -echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >> config/internal.conf - - -# CHECK DNS settings +# Check if the user is root, otherwise EXIT. +check_user -check_dns +# Installation of Debian packages required +. install_debian_packages.sh -# LIBEUFIN (bank) +if test -z "${NEXUS_EXCHANGE_PASSWORD:-}" +then + NEXUS_EXCHANGE_PASSWORD=`uuidgen` + echo "NEXUS_EXCHANGE_PASSWORD=${NEXUS_EXCHANGE_PASSWORD}" >> config/internal.conf +fi +if test -z "${SANDBOX_EXCHANGE_PASSWORD:-}" +then + SANDBOX_EXCHANGE_PASSWORD=`uuidgen` + echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >> config/internal.conf +fi . config_launch_libeufin.sh - -# EXCHANGE - +. config_nginx.sh . setup-exchange.sh - -# MERCHANT - . setup-merchant.sh -# CONFIG NGINX - -. config_nginx.sh -# FINAL message to the user +# Final message to the user +if test ${ENABLE_TLS:-} == "y" +then + PROTO="https" +else + PROTO="http" +fi say "Congratulations, you have successfully installed GNU Taler" say "Your bank is at ${PROTO}://bank.${DOMAIN_NAME}/" @@ -112,5 +114,4 @@ say "A merchant is at ${PROTO}://backend.${DOMAIN_NAME}/" say "You should set credentials for the merchant soon." exit 0 - # END INSTALLATION diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh index 3491554..8881134 100755 --- a/netzbon/setup-exchange.sh +++ b/netzbon/setup-exchange.sh @@ -10,104 +10,193 @@ source config/internal.conf # # - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus) # - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus) +# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus) # - EXCHANGE_IBAN (exchange account IBAN) # - EXCHANGE_PAYTO (exchange account PAYTO) # - ENABLE_TLS (http or https?) -check_nexus_exchange "LIBEUFIN_NEXUS_USERNAME" -check_nexus_exchange "NEXUS_EXCHANGE_PASSWORD" - -check_nexus_exchange "EXCHANGE_IBAN" -check_nexus_exchange "EXCHANGE_PAYTO" +if test -z ${LIBEUFIN_NEXUS_USERNAME:-} +then + say "Failure: LIBEUFIN_NEXUS_USERNAME not set" + exit 1 +fi +if test -z ${NEXUS_EXCHANGE_PASSWORD:-} +then + say "Failure: NEXUS_EXCHANGE_PASSWORD not set" + exit 1 +fi +if test -z ${EXCHANGE_IBAN:-} +then + say "Failure: EXCHANGE_IBAN not set" + exit 1 +fi +if test -z ${WIRE_GATEWAY_URL:-} +then + say "Failure: WIRE_GATEWAY_URL not set" + exit 1 +fi +if test -z ${EXCHANGE_PAYTO:-} +then + say "Failure: EXCHANGE_PAYTO not set" + exit 1 +fi -# Create master key as root *unless* user already +# Create master key as taler-exchange-offline *unless* user already # set the MASTER_PUBLIC_KEY to some value we can use. - +export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys +export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv +export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub if test -z ${MASTER_PUBLIC_KEY:-} then + if test ${DO_OFFLINE:-y} == n + then + say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO" + exit 1 + fi say "Setting up offline key" - mkdir -p ~/.local/share/taler/exchange/offline-keys - MASTER_PRIV_FILE=~/.local/share/taler/exchange/offline-keys/master.priv - gnunet-ecc -g1 ${MASTER_PRIV_FILE} - MASTER_PUBLIC_KEY=`gnunet-ecc -p ~/.local/share/taler/exchange/offline-keys/master.priv` + MASTER_PUBLIC_KEY=`sudo -i -u taler-exchange-offline taler-exchange-offline setup` + echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/user.conf + if test -z ${DO_OFFLINE:-} + then + # Set 'DO_OFFLINE' + DO_OFFLINE=y + echo "DO_OFFLINE=y" >> config/user.conf + fi fi export MASTER_PUBLIC_KEY -echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/taler-internal.conf + + +say "Setting up exchange database" +EXCHANGE_DB=talerexchange +# Use "|| true" to continue if these already exist. +sudo -i -u postgres createuser -d taler-exchange-httpd || true +sudo -i -u postgres createuser taler-exchange-wire || true +sudo -i -u postgres createuser taler-exchange-closer || true +sudo -i -u postgres createuser taler-exchange-aggregator || true +sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true + +echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} say "Configuring exchange" if test ${ENABLE_TLS} = "y" then - export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}" + export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}/" else - export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}" + export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}/" fi -# Generate /etc/taler/conf.d/setup.conf +# Generate /etc/taler/conf.d/setup.conf echo -e "[taler]\n"\ "CURRENCY=${CURRENCY}\n"\ "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\ "AML_THRESHOLD=${CURRENCY}:1000000\n"\ - "\n"\ - "[exchange]\n"\ + "\n[exchange]\n"\ "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\ - "MASTER_PRIV_FILE=${MASTER_PUBLIC_KEY}\n"\ "BASE_URL=${EXCHANGE_BASE_URL}\n"\ - "\n"\ - "[merchant-exchange-${DOMAIN_NAME}]\n"\ + "\n[exchange-offline]\n"\ + "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\ + "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\ + "\n[merchant-exchange-${DOMAIN_NAME}]\n"\ "MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\ "CURRENCY=${CURRENCY}\n"\ "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\ - "\n"\ - "[exchange-account-default]\n"\ + "\n[exchange-account-default]\n"\ "PAYTO_URI=${EXCHANGE_PAYTO}\n"\ "ENABLE_DEBIT=YES\n"\ "ENABLE_CREDIT=YES\n"\ - "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" + "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \ > /etc/taler/conf.d/setup.conf +echo -e "[exchangedb-postgres]\n"\ + "CONFIG=postgres:///${EXCHANGE_DB}\n"\ + > /etc/taler/secrets/exchange-db.secret.conf +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + echo -e "[exchange-accountcredentials-default]\n"\ - "WIRE_GATEWAY_URL=${CURRENCY}\n"\ + "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n"\ "WIRE_GATEWAY_AUTH_METHOD=basic\n"\ "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n"\ "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n"\ > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf taler-harness deployment gen-coin-config \ --min-amount ${CURRENCY}:0.01 \ --max-amount ${CURRENCY}:100 \ | sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \ - > /etc/taler/conf.d/${CURRENCY}-coins.conf + > /etc/taler/conf.d/${CURRENCY}-coins.conf + + +# FIXME-DOLD: this belongs with taler-harness +for SEC in `taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -S | grep COIN-` +do + taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -s $SEC -o CIPHER -V "RSA" +done + +say "Initializing exchange database" +sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf say "Launching exchange" -systemctl enable --now taler-exchange +systemctl enable --now taler-exchange.target -echo -n "Waiting for exchange..." +say "Waiting for exchange HTTP service (/config)..." curl --max-time 2 \ --retry-connrefused \ --retry-delay 1 \ --retry 10 \ - ${EXCHANGE_BASE_URL}/config &> /dev/null -echo "DONE" + ${EXCHANGE_BASE_URL}config &> /dev/null +say "DONE" -say "Offline interaction..." +say "Waiting for exchange management keys (this may take a while)..." +curl --max-time 30 \ + --retry-delay 1 \ + --retry 60 \ + ${EXCHANGE_BASE_URL}management/keys &> /dev/null +say "DONE" -taler-exchange-offline \ - -c /etc/taler/taler.conf \ - download \ - sign \ - enable-account ${EXCHANGE_PAYTO} \ - wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \ - global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6y 0 \ - upload +say "Offline interaction..." +if test ${DO_OFFLINE} == y +then + sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + -c /etc/taler/taler.conf \ + download \ + sign \ + upload + + sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + enable-account ${EXCHANGE_PAYTO} \ + wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \ + global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6a 0 \ + upload +fi -echo -n "Waiting for exchange /keys..." +say "Waiting for exchange /keys..." curl --max-time 2 \ --retry-connrefused \ --retry-delay 1 \ --retry 10 \ - ${EXCHANGE_BASE_URL}/keys &> /dev/null -echo "DONE" + ${EXCHANGE_BASE_URL}keys &> /dev/null +say "DONE" + +say "Exchange setup finished" |