diff options
author | MS <ms@taler.net> | 2024-01-10 23:21:32 +0100 |
---|---|---|
committer | ms <ms@taler.net> | 2024-03-08 10:51:42 +0100 |
commit | a48f864ff38c53534a49c4f77d01759756fe5ea0 (patch) | |
tree | a4b627c657b43e4feea67951a6735e01394d4639 | |
parent | d26308619427798ec4f86461dd04d35bbe6f0738 (diff) | |
download | deployment-regio.tar.gz deployment-regio.tar.bz2 deployment-regio.zip |
Regional currency Sandcastle.regio
-rwxr-xr-x | regional-currency/config_libeufin_bank.sh | 1 | ||||
-rwxr-xr-x | regional-currency/setup-exchange.sh | 1 | ||||
-rw-r--r-- | sandcastle-ng/README | 141 | ||||
-rw-r--r-- | sandcastle-ng/README.md | 137 | ||||
-rw-r--r-- | sandcastle-ng/config-examples/nexus.conf | 22 | ||||
-rw-r--r-- | sandcastle-ng/config-examples/runtime.env | 11 | ||||
-rwxr-xr-x | sandcastle-ng/keys-examples/bank-key.json | 0 | ||||
-rwxr-xr-x | sandcastle-ng/keys-examples/client-key.json | 0 | ||||
-rwxr-xr-x | sandcastle-ng/sandcastle-run | 23 | ||||
-rwxr-xr-x | sandcastle-ng/scripts/demo/nexus.conf | 0 | ||||
-rwxr-xr-x | sandcastle-ng/scripts/demo/setup-sandcastle.sh | 290 | ||||
-rw-r--r-- | sandcastle-ng/systemd/setup-sandcastle.service | 1 |
12 files changed, 270 insertions, 357 deletions
diff --git a/regional-currency/config_libeufin_bank.sh b/regional-currency/config_libeufin_bank.sh index 5a32844..c579263 100755 --- a/regional-currency/config_libeufin_bank.sh +++ b/regional-currency/config_libeufin_bank.sh @@ -55,6 +55,7 @@ FIAT_CURRENCY=${FIAT_CURRENCY} TAN_SMS=libeufin-tan-sms.sh TAN_EMAIL=libeufin-tan-email.sh ALLOW_EDIT_CASHOUT_PAYTO_URI=yes +ALLOW_REGISTRATIONS=no [CURRENCY-NETZBON] enabled=yes diff --git a/regional-currency/setup-exchange.sh b/regional-currency/setup-exchange.sh index 2c4c06f..52153ba 100755 --- a/regional-currency/setup-exchange.sh +++ b/regional-currency/setup-exchange.sh @@ -59,7 +59,6 @@ function die() { # Just try if sudo works for diagnostics sudo -i -u taler-exchange-offline id >/dev/null || die "Error: Unable to switch to taler-exchange-offline user" - chmod a+r /etc/taler/taler.conf # FIXME-CG: Debian installation should set this # Create master key as taler-exchange-offline *unless* user already diff --git a/sandcastle-ng/README b/sandcastle-ng/README new file mode 100644 index 0000000..f522f8d --- /dev/null +++ b/sandcastle-ng/README @@ -0,0 +1,141 @@ +Introduction +============ + +The Sandcastle is a containerized deployment of GNU Taler. + +It uses podman to build an image and run a single container that +has systemd running inside. In this version, Sandcastle is equipped +with the regional currency feature. + +Prerequisites +============= + +You need (on your host system): + +- podman +- bash + +How to build the Regio-Sandcastle +================================= + +Change buildconfig/$component.tag to the right git tag, if you do +not plan to build with the default tag. + +To build the Sandcastle, run: + +$ ./sandcastle-build + +The resulting container is tagged as taler-base-all + +How to pass run-time values +=========================== + +They should be set via an environment file, like in the following example: + +# Regional currency name: +CURRENCY=NETZBON + +# The services will be subdomains of this one: +MYDOMAIN=regio.example.com + +# Password for the exchange to login at the bank +# (username is always 'exchange'), defaults to 'sandbox': +EXCHANGE_BANK_PASSWORD=my-exchange-bank-password + +# Passowrd of the bank administrator, defaults to 'sandbox': +BANK_ADMIN_PASSWORD=my-bank-admin-password + +How to run the Regio-Sandcastle +=============================== + +Before running the Regio-Sandcastle, do the EBICS keying like it is +explained at the following link: + +https://docs.taler.net/libeufin/nexus-manual.html#setting-up-the-ebics-subscriber + +Note: to kill any previously running container and remove its related +data volume, run: + +$ podman kill taler-sandcastle && podman volume rm talerdata --force + +At this point, you can run the Regio-Sandcastle like it is explained +in the following example. Note: the config-examples/ directory may +help to get started. + +$ export SANDCASTLE_SETUP_NAME=demo + +# Config file with the banking details. Note: the +# BANK_PUBLIC_KEYS_FILE and CLIENT_PRIVATE_KEYS_FILE configuration +# values are not meaningful anymore, since the Podman wiring will +# acquire the keys from the host (see next env variables) and internally +# set their path to the nexus configuration. The database connection +# string is also not needed, since the database name must match the +# one used by the bank, and the Podman wiring solves this transparently. +# In case of logging directories being used, make sure to specify /ebicslogs +# as the top-most directory. The logs will then be stored in a Podman +# volume named 'ebicslogs'. +$ export NEXUS_CONFIG_FILE=/path/to/nexus.conf + +# Location on the host system where the bank EBICS keys are stored: +$ export NEXUS_BANK_KEY_FILE=/path/to/bank-keys.json + +# Location on the host system where the client EBICS keys are stored: +$ export NEXUS_CLIENT_KEY_FILE=/path/to/client-keys.json + +# Location on the host system where the secrets are set as +# environment variables: +$ export SANDCASTLE_RUNTIME_ENV_FILE=/path/to/runtime-env-file + +$ ./sandcastle-run + +And now? +======== + +If the launching was successful, the taler-sandcastle container should be running, +and the HTTP services should be serving at: + +bank -> localhost:16007 +exchange -> localhost:16001 +merchant backend -> localhost:16000 + +Typically, those services are served via a reverse proxy under the +names: ${exchange,bank,backend}.$MYDOMAIN. + +To use other port numbers, you can also export those environment +variables before running the Sandcastle: + +SANDCASTLE_PORT_MERCHANT +SANDCASTLE_PORT_EXCHANGE +SANDCASTLE_PORT_LIBEUFIN_BANK + +At this point, if all the services are correctly running, you +can configure the merchant, and also use the wallet. + +See here the instructions to configure the merchant: +https://docs.taler.net/libeufin/regional-manual.html#configuring-the-merchant + +The following page explains how to use the wallet: +https://docs.taler.net/libeufin/regional-manual.html#wallet-setup + +Poking Around +============= + +You can poke around in a running sandcastle instance by running + +$ podman exec -it taler-sandcastle /bin/bash + +Or, as a shortcut: + +$ ./sandcastle-enter + +This will drop you into a shell inside the running container, +where you have access to systemd, journalctl, etc. + +Data Storage +============ + +All persistent data is stored in a podman volume called talerdata +and (if logging is enabled) also in ebicslogs. You can see where +it is in your filesystem by running ``podman volume inspect $volumeName``. + +The talerdata volume also contains the postgres database files. diff --git a/sandcastle-ng/README.md b/sandcastle-ng/README.md deleted file mode 100644 index 01339d0..0000000 --- a/sandcastle-ng/README.md +++ /dev/null @@ -1,137 +0,0 @@ -# Introduction - -The sandcastle is a containerized deployment of GNU Taler - -It uses podman to build an image and run a single container that -has systemd running inside. - - -# Prerequisites - -You need (on your host system): -* podman -* bash - - -# Building the Container Image - -1. Set buildconfig/$component.tag to the right git tag you want to build -2. Run ./sandcastle-build to build the Taler container. The resulting container - is tagged as taler-base-all - - -# Configuring the Deployment - -It is recommended that for each deployment, you clone the deployment.git -repository and create a branch with deployment-specific changes. - -Currently there is not much configuration. - -The main adjustments to be made are: - -* scripts/demo/setup-sandcastle.sh has the currency on top of the file -* sandcastle-run has variables for the port that'll be exposed ("published") on - the host. They can be overwritten with environment variables - (``TALER_SANDCASTLE_PORT_$COMPONENT``). - - -# Running the Deployment - -Run ``./sandcastle-run`` to run the single container. The container will be -named taler-sandcastle. - -You can run the container in the background by passing ``-d``. Note that ``./sandcastle-run`` is just -a wrapper around ``podman run``. - -The running container publishes ports to the host as defined in ``./sandcastle-run``. -You can manually verify these port mappings via ``podman port taler-sandcastle``. - -# Stopping the deployment - -``` -podman stop taler-sandcastle -``` - - -# Poking Around - -You can poke around in a running sandcastle instance by running - -``` -podman exec -it taler-sandcastle /bin/bash -``` - -Or, as a shortcut: - -``` -./sandcastle-enter -``` - -This will drop you into a shell inside the running container, -where you have access to systemd, journalctl, etc. - - -# Data Storage - -All persistent data is stored in a podman volume called -talerdata. You can see where it is in your filesystem -by running ``podman volume inspect talerdata``. - -That volume also contains the postgres database files. - - -# Provisioning Details - -The whole deployment is configured by the script ``/provision/setup-sandcastle.sh``. -This script will be run as a oneshot systemd service and will disable itself after -the first success. - -To troubleshoot, run ``journalctl -u setup-sandcastle.service``. - -There are different setup scripts in the ``scripts/$SANDCASTLE_SETUP_NAME`` -folders. Specifically: - -* ``none`` does no setup at all -* ``demo`` is the usual Taler demo -* TBD: ``regio`` is a currency conversion setup - -By default, ``demo`` is used. To mount a different provision script, set ``$SANDCASTLE_SETUP_NAME`` -when running ``./sandcastle-run``. - -You can always manually run the provisioning script inside the container as -``/scripts/$SANDCASTLE_SETUP_NAME/setup-sandcastle.sh``. - - -# Neat Things That Already Work - -* Rebulding the base image is incremental, since we use layers. If the tag - of the exchange is changed, only the exchange and components that depend - on it are rebuilt. -* Inside the container, the service names resolve to localhost, - and on localhost a reverse proxy with locally signed certificates - ensures that services can talk to each other *within* the container - by using their *public* base URL. - - -# Future Extensions - -* Fix rewards by deploying Javier's reward topup script inside the container via a systemd timer! -* Variant where credentials use proper secret management instead of hard-coding all - passwords to "sandbox". -* Better way to access logs, better way to expose errors during provisioning -* The Dockerfile should introduce nightly tags for debian packages it builds. - Currently it just uses the latest defined version, which is confusing. -* Deploy the Taler woocommerce plugin, wordpress plugin, Joomla plugin -* Do self-tests of the deployment using the wallet CLI -* Running the auditor -* Running a currency conversion setup with multiple libeufin-bank instances -* Allow a localhost-only, non-tls setup for being able to access a non-tls - Taler deployment on the podman host. -* Instead of exposing HTTP ports, we could expose everything via unix domain sockets, - avoiding port collision problems. -* Instead of requiring the reverse proxy to handle TLS, - the sandcastle container itself could do TLS termination with caddy. -* To improve performance, allow connecting to an external database -* Make it easy to import and export the persistent data -* Extra tooling to checkpoint images/containers to revert to a previous - state quickly. diff --git a/sandcastle-ng/config-examples/nexus.conf b/sandcastle-ng/config-examples/nexus.conf new file mode 100644 index 0000000..7c04ac7 --- /dev/null +++ b/sandcastle-ng/config-examples/nexus.conf @@ -0,0 +1,22 @@ +[nexus-submit] +FREQUENCY = 15m + +[nexus-fetch] +FREQUENCY = 15m + +[nexus-ebics] +CURRENCY = CHF + +# Bank +HOST_BASE_URL = https://bank.example.com +BANK_DIALECT = postfinance + +# EBICS IDs +HOST_ID = HOST_ID_EXAMPLE +USER_ID = USER_ID_EXAMPLE +PARTNER_ID = PARTNER_ID_EXAMPLE + +IBAN = CH8189144452223984999 +BIC = SANDBOXX +# Following needs URL-encoding +NAME = NAME+EXAMPLE diff --git a/sandcastle-ng/config-examples/runtime.env b/sandcastle-ng/config-examples/runtime.env new file mode 100644 index 0000000..8107659 --- /dev/null +++ b/sandcastle-ng/config-examples/runtime.env @@ -0,0 +1,11 @@ +CURRENCY=NETZBON + +# This value prepares the services to serve under +# {bank,exchange,backend}.$MYDOMAIN: +MYDOMAIN=example.com +# Password for the exchange to login at the bank +# (username is always 'exchange'), defaults to 'sandbox': +EXCHANGE_BANK_PASSWORD=my-exchange-bank-password + +# Passowrd of the bank administrator, defaults to 'sandbox': +BANK_ADMIN_PASSWORD=my-bank-admin-password diff --git a/sandcastle-ng/keys-examples/bank-key.json b/sandcastle-ng/keys-examples/bank-key.json new file mode 100755 index 0000000..e69de29 --- /dev/null +++ b/sandcastle-ng/keys-examples/bank-key.json diff --git a/sandcastle-ng/keys-examples/client-key.json b/sandcastle-ng/keys-examples/client-key.json new file mode 100755 index 0000000..e69de29 --- /dev/null +++ b/sandcastle-ng/keys-examples/client-key.json diff --git a/sandcastle-ng/sandcastle-run b/sandcastle-ng/sandcastle-run index 7b5ccd1..59a0049 100755 --- a/sandcastle-ng/sandcastle-run +++ b/sandcastle-ng/sandcastle-run @@ -6,22 +6,12 @@ set -exou SANDCASTLE_PORT_MERCHANT=16000 SANDCASTLE_PORT_EXCHANGE=16001 -SANDCASTLE_PORT_BLOG=16002 -SANDCASTLE_PORT_DONATIONS=16003 -SANDCASTLE_PORT_SURVEY=16004 -SANDCASTLE_PORT_LANDING=16005 SANDCASTLE_PORT_LIBEUFIN_BANK=16007 -SANDCASTLE_PORT_BANK_SPA=16009 # Container-internal ports, should by synced with scripts/setup-sandcastle.sh PORT_INTERNAL_EXCHANGE=8201 PORT_INTERNAL_MERCHANT=8301 PORT_INTERNAL_LIBEUFIN_BANK=8080 -PORT_INTERNAL_LANDING=8501 -PORT_INTERNAL_BLOG=8502 -PORT_INTERNAL_DONATIONS=8503 -PORT_INTERNAL_SURVEY=8504 -PORT_INTERNAL_BANK_SPA=8505 SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) cd $SCRIPT_DIR @@ -47,18 +37,19 @@ podman run \ -p=$SANDCASTLE_PORT_MERCHANT:$PORT_INTERNAL_MERCHANT \ -p=$SANDCASTLE_PORT_EXCHANGE:$PORT_INTERNAL_EXCHANGE \ -p=$SANDCASTLE_PORT_LIBEUFIN_BANK:$PORT_INTERNAL_LIBEUFIN_BANK \ - -p=$SANDCASTLE_PORT_LANDING:$PORT_INTERNAL_LANDING \ - -p=$SANDCASTLE_PORT_BLOG:$PORT_INTERNAL_BLOG \ - -p=$SANDCASTLE_PORT_DONATIONS:$PORT_INTERNAL_DONATIONS \ - -p=$SANDCASTLE_PORT_SURVEY:$PORT_INTERNAL_SURVEY \ - -p=$SANDCASTLE_PORT_BANK_SPA:$PORT_INTERNAL_BANK_SPA \ --name taler-sandcastle \ --systemd=always \ - --env "SANDCASTLE_OVERRIDE_NAME=${SANDCASTLE_OVERRIDE_NAME:=none}" \ + --env "SANDCASTLE_OVERRIDE_NAME=${SANDCASTLE_OVERRIDE_NAME:-none}" \ -v talerdata:/talerdata:Z \ + -v ebicslogs:/ebicslogs:Z \ $OVERRIDES \ -v $PWD/scripts:/scripts:Z \ -v $PWD/scripts/$SETUP_NAME:/provision:Z \ + -v $NEXUS_CONFIG_FILE:/provision/nexus.conf:Z \ + -v $NEXUS_BANK_KEY_FILE:/provision/bank-key.json:Z \ + -v $NEXUS_CLIENT_KEY_FILE:/provision/client-key.json:Z \ + -v $SANDCASTLE_RUNTIME_ENV_FILE:/provision/runtime.env:Z \ + --network slirp4netns:enable_ipv6=true \ --entrypoint /sbin/init \ "$@" \ taler-base-all diff --git a/sandcastle-ng/scripts/demo/nexus.conf b/sandcastle-ng/scripts/demo/nexus.conf new file mode 100755 index 0000000..e69de29 --- /dev/null +++ b/sandcastle-ng/scripts/demo/nexus.conf diff --git a/sandcastle-ng/scripts/demo/setup-sandcastle.sh b/sandcastle-ng/scripts/demo/setup-sandcastle.sh index c2c25a1..62ee50f 100755 --- a/sandcastle-ng/scripts/demo/setup-sandcastle.sh +++ b/sandcastle-ng/scripts/demo/setup-sandcastle.sh @@ -21,53 +21,25 @@ echo "Provisioning sandcastle" # Might eventually be moved to an external file. # Source any ovverrides from external file -if [[ "${SANDCASTLE_OVERRIDE_NAME:-}" != "none" ]]; then +if [[ "${SANDCASTLE_OVERRIDE_NAME:-none}" != "none" ]]; then cat /overrides source "/overrides" || true fi -CURRENCY=${CURRENCY:="KUDOS"} -EXCHANGE_IBAN=DE159593 -EXCHANGE_PLAIN_PAYTO=payto://iban/$EXCHANGE_IBAN -EXCHANGE_FULL_PAYTO="payto://iban/$EXCHANGE_IBAN?receiver-name=Sandcastle+Echange+Inc" -EXCHANGE_BANK_PASSWORD=sandbox - -# Randomly generated IBANs for the merchants -MERCHANT_IBAN_DEFAULT=DE5135717 -MERCHANT_IBAN_POS=DE4218710 -MERCHANT_IBAN_BLOG=DE8292195 -MERCHANT_IBAN_GNUNET=DE9709960 -MERCHANT_IBAN_TALER=DE1740597 -MERCHANT_IBAN_TOR=DE2648777 -MERCHANT_IBAN_SURVEY=DE0793060 - -MYDOMAIN=${MYDOMAIN:="demo.taler.net"} -LANDING_DOMAIN=$MYDOMAIN + BANK_DOMAIN=bank.$MYDOMAIN EXCHANGE_DOMAIN=exchange.$MYDOMAIN MERCHANT_DOMAIN=backend.$MYDOMAIN -BLOG_DOMAIN=shop.$MYDOMAIN -DONATIONS_DOMAIN=donations.$MYDOMAIN -SURVEY_DOMAIN=survey.$MYDOMAIN # Ports of the services running inside the container. # Should be synchronized with the sandcastle-run script. PORT_INTERNAL_EXCHANGE=8201 PORT_INTERNAL_MERCHANT=8301 PORT_INTERNAL_LIBEUFIN_BANK=8080 -PORT_INTERNAL_LANDING=8501 -PORT_INTERNAL_BLOG=8502 -PORT_INTERNAL_DONATIONS=8503 -PORT_INTERNAL_SURVEY=8504 -PORT_INTERNAL_BANK_SPA=8505 # Just make sure the services are stopped systemctl stop taler-exchange.target systemctl stop taler-merchant-httpd.service systemctl stop postgresql.service -systemctl stop taler-demo-landing.service -systemctl stop taler-demo-blog.service -systemctl stop taler-demo-donations.service -systemctl stop taler-demo-survey.service systemctl stop libeufin-bank.service # We now make sure that some important locations are symlinked to @@ -146,22 +118,13 @@ https://$MERCHANT_DOMAIN { } } -:$PORT_INTERNAL_BANK_SPA { - root * /usr/share/libeufin/spa - root /settings.json /etc/libeufin/ - file_server -} EOF cat <<EOF >> /etc/hosts # Start of Taler Sandcastle Domains -127.0.0.1 $LANDING_DOMAIN 127.0.0.1 $BANK_DOMAIN 127.0.0.1 $EXCHANGE_DOMAIN 127.0.0.1 $MERCHANT_DOMAIN -127.0.0.1 $BLOG_DOMAIN -127.0.0.1 $DONATIONS_DOMAIN -127.0.0.1 $SURVEY_DOMAIN # End of Taler Sandcastle Domains EOF @@ -172,31 +135,59 @@ caddy trust systemctl start postgresql.service -# Set up bank - - -# FIXME: user libeufin-dbconf instead of manual setup - -BANK_DB=libeufinbank -# Use "|| true" to continue if these already exist. -sudo -i -u postgres createuser -d libeufin-bank || true -sudo -i -u postgres createdb -O libeufin-bank $BANK_DB || true +LIBEUFIN_DB=libeufin +BANK_KEY_FILE=/provision/bank-key.json +CLIENT_KEY_FILE=/provision/client-key.json +cat /provision/nexus.conf > /etc/libeufin/libeufin-nexus.conf + +echo "INFO: overriding nexus DB name to ${LIBEUFIN_DB}" +# Setting Nexus DB to constant name. +taler-config \ + -c /etc/libeufin/libeufin-nexus.conf \ + -s NEXUS-POSTGRES \ + -o CONFIG \ + -V "postgres:///$LIBEUFIN_DB" +echo "INFO: overriding bank EBICS key file location to ${BANK_KEY_FILE}" +# Setting key files to the locations mounted by Podman +taler-config \ + -c /etc/libeufin/libeufin-nexus.conf \ + -s NEXUS-EBICS \ + -o BANK_PUBLIC_KEYS_FILE \ + -V $BANK_KEY_FILE +echo "INFO: overriding client EBICS key file location to ${CLIENT_KEY_FILE}" +# Setting key files to the locations mounted by Podman +taler-config \ + -c /etc/libeufin/libeufin-nexus.conf \ + -s NEXUS-EBICS \ + -o CLIENT_PRIVATE_KEYS_FILE \ + -V $CLIENT_KEY_FILE + +FIAT_IBAN=$(taler-config -c /etc/libeufin/libeufin-nexus.conf -s NEXUS-EBICS -o IBAN) +FIAT_NAME=$(taler-config -c /etc/libeufin/libeufin-nexus.conf -s NEXUS-EBICS -o NAME) +FIAT_CURRENCY=$(taler-config -c /etc/libeufin/libeufin-nexus.conf -s NEXUS-EBICS -o CURRENCY) +# Set up bank cat <<EOF >/etc/libeufin/libeufin-bank.conf [libeufin-bankdb-postgres] # DB connection string -CONFIG = postgresql:///$BANK_DB +CONFIG = postgresql:///$LIBEUFIN_DB [libeufin-bank] CURRENCY = $CURRENCY -DEFAULT_DEBT_LIMIT = $CURRENCY:500 -REGISTRATION_BONUS = $CURRENCY:100 +DEFAULT_DEBT_LIMIT = $CURRENCY:0 +REGISTRATION_BONUS = $CURRENCY:0 SPA_CAPTCHA_URL = https://$BANK_DOMAIN/webui/#/operation/{woid} SUGGESTED_WITHDRAWAL_EXCHANGE = https://$EXCHANGE_DOMAIN/ -ALLOW_REGISTRATION = yes +ALLOW_REGISTRATION = no SERVE = tcp PORT = 8080 +ALLOW_CONVERSION=yes +FIAT_CURRENCY=${FIAT_CURRENCY} +TAN_SMS=libeufin-tan-sms.sh +TAN_EMAIL=libeufin-tan-email.sh +ALLOW_EDIT_CASHOUT_PAYTO_URI=yes + [currency-$CURRENCY] ENABLED = YES name = "$CURRENCY (Taler Demonstrator)" @@ -212,76 +203,54 @@ EOF cat <<EOF >/etc/libeufin/settings.json { "topNavSites": { - "Landing": "https://$LANDING_DOMAIN/", - "Bank": "https://$BANK_DOMAIN", - "Essay Shop": "https://$BLOG_DOMAIN", - "Donations": "https://$DONATIONS_DOMAIN", - "Survey": "https://$SURVEY_DOMAIN" + "Bank": "https://$BANK_DOMAIN" } } EOF -sudo -i -u libeufin-bank libeufin-bank dbinit +#FIXME: temporary workaround +sleep 1 +ln -s /var/run/postgresql/.s.PGSQL.5433 /var/run/postgresql/.s.PGSQL.5432 || true +ln -s /var/run/postgresql/.s.PGSQL.5432 /var/run/postgresql/.s.PGSQL.5433 || true -systemctl enable --now libeufin-bank.service +libeufin-dbconfig -d $LIBEUFIN_DB # includes dbinit for nexus and bank -taler-harness deployment wait-taler-service libeufin-bank https://$BANK_DOMAIN/config +#FIXME: "|| true" is temporary workaround until the command becomes idempotent +echo "Create exchange account..." +EXCHANGE_FULL_PAYTO="$(sudo -u libeufin-bank libeufin-bank create-account -c /etc/libeufin/libeufin-bank.conf --username exchange --password $EXCHANGE_BANK_PASSWORD --name Exchange --exchange)?receiver-name=Exchange" || true -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login exchange --exchange --public \ - --payto $EXCHANGE_PLAIN_PAYTO \ - --name Exchange \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-default --public \ - --payto "payto://iban/$MERCHANT_IBAN_DEFAULT" \ - --name "Default Demo Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-pos --public \ - --payto "payto://iban/$MERCHANT_IBAN_POS" \ - --name "PoS Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-blog --public \ - --payto "payto://iban/$MERCHANT_IBAN_BLOG" \ - --name "Blog Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-gnunet --public \ - --payto "payto://iban/$MERCHANT_IBAN_GNUNET" \ - --name "GNUnet Donations Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-taler --public \ - --payto "payto://iban/$MERCHANT_IBAN_TALER" \ - --name "Taler Donations Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-tor --public \ - --payto "payto://iban/$MERCHANT_IBAN_TOR" \ - --name "Tor Donations Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-survey --public \ - --payto "payto://iban/$MERCHANT_IBAN_SURVEY" \ - --name "Tor Survey Merchant" \ - --password sandbox +systemctl enable --now libeufin-bank.service +chown libeufin-nexus:libeufin-nexus /ebicslogs +systemctl enable --now libeufin-nexus-ebics-fetch +systemctl enable --now libeufin-nexus-ebics-submit +taler-harness deployment wait-taler-service libeufin-bank https://$BANK_DOMAIN/config sudo -i -u libeufin-bank libeufin-bank edit-account admin --debit_threshold=$CURRENCY:1000000 -sudo -i -u libeufin-bank libeufin-bank passwd admin sandbox +sudo -i -u libeufin-bank libeufin-bank passwd admin $BANK_ADMIN_PASSWORD + +# Enabling currency conversion +# FIXME: import this into taler-harness +curl -u "admin:${BANK_ADMIN_PASSWORD}" \ + -H 'Content-Type: application/json; charset=utf-8' \ + https://$BANK_DOMAIN/conversion-info/conversion-rate \ +--data-binary @- << EOF +{ + "cashin_ratio": "1", + "cashin_fee": "${CURRENCY}:0", + "cashin_tiny_amount": "${CURRENCY}:2", + "cashin_rounding_mode": "nearest", + "cashin_min_amount": "${FIAT_CURRENCY}:1", + "cashout_ratio": "1", + "cashout_fee": "${FIAT_CURRENCY}:0", + "cashout_tiny_amount": "${FIAT_CURRENCY}:2", + "cashout_rounding_mode": "zero", + "cashout_min_amount": "${CURRENCY}:1" +} +EOF # Set up exchange MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) - EXCHANGE_DB=talerexchange # Use "|| true" to continue if these already exist. sudo -i -u postgres createuser -d taler-exchange-httpd || true @@ -311,6 +280,8 @@ alt_unit_names = {"0":"$CURRENCY"} AML_THRESHOLD = $CURRENCY:1000000 MASTER_PUBLIC_KEY = $MASTER_PUBLIC_KEY BASE_URL = https://$EXCHANGE_DOMAIN/ +STEFAN_ABS=$CURRENCY:0 +STEFAN_LOG=$CURRENCY:0 [exchange-account-default] PAYTO_URI = $EXCHANGE_FULL_PAYTO @@ -396,6 +367,13 @@ sudo -i -u taler-exchange-offline \ global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ upload +sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + enable-account \ + "payto://iban/$FIAT_IBAN?receiver-name=$FIAT_NAME" \ + conversion-url "https://$BANK_DOMAIN" \ + upload + # Set up merchant backend MERCHANT_DB=talermerchant @@ -425,97 +403,3 @@ EOF systemctl enable --now taler-merchant-httpd taler-harness deployment wait-taler-service taler-merchant https://$MERCHANT_DOMAIN/config - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name Merchant \ - --id default \ - --payto "payto://iban/$MERCHANT_IBAN_DEFAULT?receiver-name=Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "POS Merchant" \ - --id pos \ - --payto "payto://iban/$MERCHANT_IBAN_POS?receiver-name=POS+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "Blog Merchant" \ - --id blog \ - --payto "payto://iban/$MERCHANT_IBAN_BLOG?receiver-name=Blog+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "GNUnet Merchant" \ - --id gnunet \ - --payto "payto://iban/$MERCHANT_IBAN_GNUNET?receiver-name=GNUnet+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "Taler Merchant" \ - --id taler \ - --payto "payto://iban/$MERCHANT_IBAN_TALER?receiver-name=Taler+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "Tor Merchant" \ - --id tor \ - --payto "payto://iban/$MERCHANT_IBAN_TOR?receiver-name=Tor+Merchant" - - -# Now we set up the taler-merchant-demos - -cat <<EOF >/etc/taler/taler-merchant-frontends.conf -# Different entry point, we need to repeat some settings. -# In the future, taler-merchant-demos should become -# robust enough to read from the main config. -[taler] -CURRENCY = $CURRENCY -[frontends] -BACKEND = https://$MERCHANT_DOMAIN/ -BACKEND_APIKEY = secret-token:sandbox -[landing] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_LANDING -[blog] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_BLOG -[donations] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_DONATIONS -[survey] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_SURVEY -EOF - -# This really should not exist, the taler-merchant-frontends -# should be easier to configure! -cat <<EOF >/etc/taler/taler-merchant-frontends.env -TALER_ENV_URL_INTRO=https://$LANDING_DOMAIN/ -TALER_ENV_URL_LANDING=https://$LANDING_DOMAIN/ -TALER_ENV_URL_BANK=https://$BANK_DOMAIN/ -TALER_ENV_URL_MERCHANT_BLOG=https://$BLOG_DOMAIN/ -TALER_ENV_URL_MERCHANT_DONATIONS=https://$DONATIONS_DOMAIN/ -TALER_ENV_URL_MERCHANT_SURVEY=https://$SURVEY_DOMAIN/ -EOF - -systemctl enable --now taler-demo-landing -systemctl enable --now taler-demo-blog -systemctl enable --now taler-demo-donations -systemctl enable --now taler-demo-survey - - -# FIXME: Maybe do some taler-wallet-cli test? -# FIXME: How do we report errors occurring during the setup script? diff --git a/sandcastle-ng/systemd/setup-sandcastle.service b/sandcastle-ng/systemd/setup-sandcastle.service index 31ff233..8549c75 100644 --- a/sandcastle-ng/systemd/setup-sandcastle.service +++ b/sandcastle-ng/systemd/setup-sandcastle.service @@ -5,6 +5,7 @@ ConditionPathExists=/provision/setup-sandcastle.sh [Service] Type=oneshot ExecStart=/provision/setup-sandcastle.sh +EnvironmentFile=/provision/runtime.env RemainAfterExit=yes [Install] |