diff options
author | Florian Dold <florian@dold.me> | 2023-04-12 15:24:22 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2023-04-12 15:24:22 +0200 |
commit | 009d693bd6ea3bbc3e64deb8d93ce7d5cffaaa72 (patch) | |
tree | 834b0e4ca71ab8342a98a41e327c08addae3d79d | |
parent | a3c4146de72aadae52b33b696b69d537ff888a49 (diff) | |
download | deployment-009d693bd6ea3bbc3e64deb8d93ce7d5cffaaa72.tar.gz deployment-009d693bd6ea3bbc3e64deb8d93ce7d5cffaaa72.tar.bz2 deployment-009d693bd6ea3bbc3e64deb8d93ce7d5cffaaa72.zip |
netzbon: formatting
-rwxr-xr-x | netzbon/config_launch_libeufin.sh | 96 | ||||
-rwxr-xr-x | netzbon/config_nginx.sh | 6 | ||||
-rwxr-xr-x | netzbon/main.sh | 24 | ||||
-rwxr-xr-x | netzbon/setup-exchange.sh | 27 |
4 files changed, 70 insertions, 83 deletions
diff --git a/netzbon/config_launch_libeufin.sh b/netzbon/config_launch_libeufin.sh index a7f7c91..1231378 100755 --- a/netzbon/config_launch_libeufin.sh +++ b/netzbon/config_launch_libeufin.sh @@ -30,28 +30,25 @@ source functions.sh source config/user.conf source config/internal.conf -if test -z "${BANK_NAME:-}" -then - say "Error: config/user.conf does not specify BANK_NAME" - exit 1 +if test -z "${BANK_NAME:-}"; then + say "Error: config/user.conf does not specify BANK_NAME" + exit 1 fi -if test -z ${DOMAIN_NAME:-} -then - say "Error: config/user.conf does not specify DOMAIN_NAME" - exit 1 +if test -z "${DOMAIN_NAME:-}"; then + say "Error: config/user.conf does not specify DOMAIN_NAME" + exit 1 fi -if test -z "${SANDBOX_ADMIN_PASSWORD:-}" -then - say "Error: config/user.conf does not specify SANDBOX_ADMIN_PASSWORD" - exit 1 +if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then + say "Error: config/user.conf does not specify SANDBOX_ADMIN_PASSWORD" + exit 1 fi # TODO: add sanity-checks for presence of other required env-vars if test ${ENABLE_TLS:-} == "y"; then - PROTO="https" + PROTO="https" else - PROTO="http" + PROTO="http" fi say "Setting up libeufin" @@ -63,7 +60,7 @@ EBICS_USER_ID="exchangeebics" EBICS_CONNECTION_NAME="exchangeconn" LIBEUFIN_TALER_FACADE="taler-facade" export LIBEUFIN_NEXUS_USERNAME="exchange-at-nexus" -echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" >> config/internal.conf +echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" >>config/internal.conf # Load configuration with # LIBEUFIN_NEXUS_DB_CONNECTION and @@ -71,32 +68,29 @@ echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" >> config/internal source /etc/libeufin/nexus.env export LIBEUFIN_NEXUS_DB_CONNECTION -if test -z ${LIBEUFIN_NEXUS_DB_CONNECTION:-} -then - say "Error: /etc/libeufin/nexus.env does not specify LIBEUFIN_NEXUS_DB_CONNECTION" - exit 1 +if test -z ${LIBEUFIN_NEXUS_DB_CONNECTION:-}; then + say "Error: /etc/libeufin/nexus.env does not specify LIBEUFIN_NEXUS_DB_CONNECTION" + exit 1 fi export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_EXCHANGE_PASSWORD export LIBEUFIN_NEXUS_URL="http://localhost:${LIBEUFIN_NEXUS_PORT}" - # Load configuration with # LIBEUFIN_SANDBOX_DB_CONNECTION and # LIBEUFIN_SANDBOX_PORT . /etc/libeufin/sandbox.env export LIBEUFIN_SANDBOX_DB_CONNECTION -if test -z ${LIBEUFIN_SANDBOX_DB_CONNECTION:-} -then - say "Error: /etc/libeufin/sandbox.env does not specify LIBEUFIN_SANDBOX_DB_CONNECTION" - exit 1 +if test -z ${LIBEUFIN_SANDBOX_DB_CONNECTION:-}; then + say "Error: /etc/libeufin/sandbox.env does not specify LIBEUFIN_SANDBOX_DB_CONNECTION" + exit 1 fi export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="${SANDBOX_ADMIN_PASSWORD}" # FIXME-CG: this should be done inside the Debian package (incl. pw generation) # We need to add this password to the systemd environment to make it effective. -echo "LIBEUFIN_SANDBOX_ADMIN_PASSWORD=\"${SANDBOX_ADMIN_PASSWORD}\"" >> /etc/libeufin/sandbox.env +echo "LIBEUFIN_SANDBOX_ADMIN_PASSWORD=\"${SANDBOX_ADMIN_PASSWORD}\"" >>/etc/libeufin/sandbox.env SANDBOX_URL="http://localhost:${LIBEUFIN_SANDBOX_PORT}/" @@ -106,13 +100,13 @@ MY_DIR=$PWD # Go to directory valid for other users. cd / sudo -E -u libeufin-sandbox \ -libeufin-sandbox config \ - --captcha-url "${PROTO}://bank.${DOMAIN_NAME}" \ - --bank-debt-limit 1000000 \ - --users-debt-limit 0 \ - --without-signup-bonus \ - --currency ${CURRENCY} \ - default + libeufin-sandbox config \ + --captcha-url "${PROTO}://bank.${DOMAIN_NAME}" \ + --bank-debt-limit 1000000 \ + --users-debt-limit 0 \ + --without-signup-bonus \ + --currency ${CURRENCY} \ + default say "DONE" say "Start the bank..." systemctl enable --now libeufin-sandbox @@ -120,13 +114,12 @@ systemctl enable --now libeufin-sandbox say "DONE" say "Waiting for sandbox..." curl --max-time 25 \ - --retry-connrefused \ - --retry-delay 3 \ - --retry 10 \ - ${SANDBOX_URL} &> /dev/null + --retry-connrefused \ + --retry-delay 3 \ + --retry 10 \ + ${SANDBOX_URL} &>/dev/null say "DONE" - say "Make one superuser at Nexus..." sudo -E -u libeufin-nexus libeufin-nexus superuser \ ${LIBEUFIN_NEXUS_USERNAME} \ @@ -139,10 +132,10 @@ systemctl enable --now libeufin-nexus say "DONE" say "Waiting for Nexus..." curl --max-time 25 \ - --retry-connrefused \ - --retry-delay 3 \ - --retry 10 \ - ${LIBEUFIN_NEXUS_URL} &> /dev/null + --retry-connrefused \ + --retry-delay 3 \ + --retry 10 \ + ${LIBEUFIN_NEXUS_URL} &>/dev/null say "DONE" EXCHANGE_SANDBOX_USERNAME="exchange-at-sandbox" @@ -171,8 +164,8 @@ EXCHANGE_PAYTO=$(echo $EXCHANGE_DETAILS | jq -r .paytoUri) # needs it for the /wire response. export EXCHANGE_IBAN export EXCHANGE_PAYTO -echo "EXCHANGE_IBAN=\"${EXCHANGE_IBAN}\"" >> ${MY_DIR}/config/internal.conf -echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >> ${MY_DIR}/config/internal.conf +echo "EXCHANGE_IBAN=\"${EXCHANGE_IBAN}\"" >>${MY_DIR}/config/internal.conf +echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>${MY_DIR}/config/internal.conf say "Setting the default exchange at Sandbox..." libeufin-sandbox default-exchange "${PROTO}://exchange.$DOMAIN_NAME/" $EXCHANGE_PAYTO @@ -188,7 +181,6 @@ libeufin-cli sandbox \ ebicshost create --host-id ${EBICS_HOST_ID} || true say "OK" - say "Create exchange EBICS subscriber at Sandbox..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing host first. @@ -201,7 +193,6 @@ libeufin-cli sandbox \ --bank-account ${EXCHANGE_SANDBOX_USERNAME} || true say "OK" - say "Creating the EBICS connection at Nexus..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing host first. @@ -214,7 +205,7 @@ libeufin-cli connections new-ebics-connection \ say "DONE" say "Setup EBICS keying..." -libeufin-cli connections connect ${EBICS_CONNECTION_NAME} > /dev/null +libeufin-cli connections connect ${EBICS_CONNECTION_NAME} >/dev/null say "OK" say "Download bank account name from Sandbox..." @@ -241,7 +232,7 @@ libeufin-cli facades \ say "OK" export WIRE_GATEWAY_URL="${LIBEUFIN_NEXUS_URL}/facades/${LIBEUFIN_TALER_FACADE}/taler-wire-gateway/" -echo "WIRE_GATEWAY_URL=\"${WIRE_GATEWAY_URL}\"" >> ${MY_DIR}/config/internal.conf +echo "WIRE_GATEWAY_URL=\"${WIRE_GATEWAY_URL}\"" >>${MY_DIR}/config/internal.conf say "Configuring the background jobs to submit/get transactions..." # Tries every second. @@ -265,14 +256,11 @@ libeufin-cli accounts task-schedule \ exchange-at-nexus || true say "OK" - say "Setting up SPA configuration..." -cat /usr/share/libeufin/demobank-ui/demobank-ui-settings.js \ - | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \ - | sed -e "s/Taler Bank/${BANK_NAME}/g" \ - > /etc/libeufin/demobank-ui-settings.js; +cat /usr/share/libeufin/demobank-ui/demobank-ui-settings.js | + sed -e "s/localhost/bank.${DOMAIN_NAME}/g" | + sed -e "s/Taler Bank/${BANK_NAME}/g" \ + >/etc/libeufin/demobank-ui-settings.js say "DONE" - -cd ${MY_DIR} diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh index 8f7764c..6e90268 100755 --- a/netzbon/config_nginx.sh +++ b/netzbon/config_nginx.sh @@ -12,9 +12,9 @@ fi export PROTO export DOMAIN_NAME -envsubst <nginx-conf/backend.taler-nginx.conf >/etc/nginx/sites-available/backend.${DOMAIN_NAME} -envsubst <nginx-conf/bank.taler-nginx.conf >/etc/nginx/sites-available/bank.${DOMAIN_NAME} -envsubst <nginx-conf/exchange.taler-nginx.conf >/etc/nginx/sites-available/exchange.${DOMAIN_NAME} +envsubst <nginx-conf/backend.taler-nginx.conf >"/etc/nginx/sites-available/backend.${DOMAIN_NAME}" +envsubst <nginx-conf/bank.taler-nginx.conf >"/etc/nginx/sites-available/bank.${DOMAIN_NAME}" +envsubst <nginx-conf/exchange.taler-nginx.conf >"/etc/nginx/sites-available/exchange.${DOMAIN_NAME}" # Create nginx symlinks diff --git a/netzbon/main.sh b/netzbon/main.sh index 6a11679..92f5742 100755 --- a/netzbon/main.sh +++ b/netzbon/main.sh @@ -27,9 +27,9 @@ say "All configuration values asked during the setup script" say "can be changed in config/user.conf" if test -z "${CURRENCY:-}"; then - read -p "Enter the name of the currency (e.g. 'EUR'): " CURRENCY + read -r -p "Enter the name of the currency (e.g. 'EUR'): " CURRENCY # convert to all-caps - CURRENCY=$(echo ${CURRENCY} | tr a-z A-Z) + CURRENCY=$(echo "${CURRENCY}" | tr a-z A-Z) # libeufin currenly doesn't like currency names less than 3 letters. if [[ ${#CURRENCY} -lt 3 || ${#CURRENCY} -gt 11 ]]; then say "Currency name must be between 3 and 10 letters" @@ -38,38 +38,38 @@ if test -z "${CURRENCY:-}"; then echo "CURRENCY=${CURRENCY}" >>config/user.conf fi if test -z "${BANK_NAME:-}"; then - read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME + read -r -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME echo "BANK_NAME=\"${BANK_NAME}\"" >>config/user.conf fi if test -z "${ENABLE_TLS:-}"; then - read -p "Use TLS? (y/n): " ENABLE_TLS + read -r -p "Use TLS? (y/n): " ENABLE_TLS echo "ENABLE_TLS=${ENABLE_TLS}" >>config/user.conf fi if test -z "${DO_OFFLINE:-}"; then - read -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE + read -r -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE echo "DO_OFFLINE=${DO_OFFLINE}" >>config/user.conf fi if test -z "${MASTER_PUBLIC_KEY:-}"; then - if test ${DO_OFFLINE:-y} == n; then - read -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY + if test "${DO_OFFLINE:-y}" == n; then + read -r -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf fi fi if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then - read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD + read -r -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >>config/user.conf echo "" # force new line fi if test -z "${DOMAIN_NAME:-}"; then - read -p "Enter the domain name: " DOMAIN_NAME + read -r -p "Enter the domain name: " DOMAIN_NAME # convert to lower-case - DOMAIN_NAME=$(echo ${DOMAIN_NAME} | tr A-Z a-z) + DOMAIN_NAME=$(echo "${DOMAIN_NAME}" | tr A-Z a-z) echo "DOMAIN_NAME=${DOMAIN_NAME}" >>config/user.conf fi # END USER INTERACTION # Check DNS settings -if ! ping -c1 exchange.${DOMAIN_NAME} &>/dev/null; then +if ! ping -c1 "exchange.${DOMAIN_NAME}" &>/dev/null; then say "Could not ping exchange.${DOMAIN_NAME}." say "Please make sure your DNS/network are working." exit 1 @@ -96,7 +96,7 @@ fi ./setup-merchant.sh # Final message to the user -if test ${ENABLE_TLS:-} == "y"; then +if test "${ENABLE_TLS:-}" == "y"; then PROTO="https" else PROTO="http" diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh index 7bd27b4..1a031df 100755 --- a/netzbon/setup-exchange.sh +++ b/netzbon/setup-exchange.sh @@ -5,7 +5,7 @@ set -eu notify_exit() { - [[ $1 = 0 ]] || echo Script $0 failed, exit code $1 + [[ $1 == 0 ]] || echo Script $0 failed, exit code $1 } notify_err() { @@ -23,7 +23,6 @@ source functions.sh source config/user.conf source config/internal.conf - say "Beginning Exchange setup" # Required inputs: @@ -168,20 +167,20 @@ done say "Initializing exchange database" sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf -echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} -echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} say "Launching exchange" systemctl enable --now taler-exchange.target |