diff options
Diffstat (limited to 'regional-currency/setup-exchange.sh')
| -rwxr-xr-x | regional-currency/setup-exchange.sh | 242 |
1 files changed, 242 insertions, 0 deletions
diff --git a/regional-currency/setup-exchange.sh b/regional-currency/setup-exchange.sh new file mode 100755 index 0000000..91f916c --- /dev/null +++ b/regional-currency/setup-exchange.sh @@ -0,0 +1,242 @@ +#!/bin/bash +# This file is in the public domain. +# +# This script configure and launches the Taler exchange. +# +# The environment must provide the following variables: +# +# - BANK_EXCHANGE_PASSWORD (exchange password for libeufin-bank) +# - EXCHANGE_WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus) +# - EXCHANGE_PAYTO (exchange account PAYTO) +# - ENABLE_TLS (http or https?) +# - DOMAIN_NAME: DNS domain name to use for the setup +# + +set -eu + +notify_exit() { + [[ $1 == 0 ]] || echo Script "$0" failed, exit code "$1" +} + +notify_err() { + echo "errexit on line $(caller)" >&2 +} + +trap '(exit 130)' INT +trap '(exit 143)' TERM +trap notify_err ERR +# shellcheck disable=SC2154 +trap 'rc=$?; notify_exit $rc; exit $rc' EXIT + +# End of error handling setup + +source functions.sh +source config/user.conf +source config/internal.conf + +EXCHANGE_DB="taler-exchange" + +say "Beginning Exchange setup" + +if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then + say "Failure: BANK_EXCHANGE_PASSWORD not set" + exit 1 +fi +if test -z "${EXCHANGE_PAYTO:-}"; then + say "Failure: EXCHANGE_PAYTO not set" + exit 1 +fi + +function die() { + say "$1" + exit 1 +} + +# Just try if sudo works for diagnostics +sudo -i -u taler-exchange-offline id >/dev/null || die "Error: Unable to switch to taler-exchange-offline user" + +# Create master key as taler-exchange-offline *unless* user already +# set the MASTER_PUBLIC_KEY to some value we can use. +export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys +export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv +export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub +if test -z "${MASTER_PUBLIC_KEY:-}"; then + if test "${DO_OFFLINE:-y}" == n; then + say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO" + exit 1 + fi + say "Setting up offline key" + echo -e "[exchange-offline]\n"\ + "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\ + "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\ + >/etc/taler/conf.d/offline-setup.conf + + MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -c /etc/taler/taler.conf -LDEBUG setup 2>> setup.log) + echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >>config/user.conf + if test -z "${DO_OFFLINE:-}"; then + # Set 'DO_OFFLINE' + DO_OFFLINE=y + echo "DO_OFFLINE=y" >>config/user.conf + fi +else + say "Master public key is $MASTER_PUBLIC_KEY" + if test ${DO_OFFLINE:-y} == y; then + MASTER_PUBLIC_KEY2=$(sudo -i -u taler-exchange-offline taler-exchange-offline -c /etc/taler/taler.conf setup 2>> setup.log) + if test "${MASTER_PUBLIC_KEY2}" != "${MASTER_PUBLIC_KEY}"; then + say "Error: master public key missmatch ${MASTER_PUBLIC_KEY2} does not match ${MASTER_PUBLIC_KEY}" + exit 1 + fi + fi +fi + +say "Stopping running exchange before reconfiguration" +systemctl stop taler-exchange.target &>> setup.log + +say "Configuring exchange" + +# Generate terms of service (ToS) +TERMS_ETAG= +if test ${DO_EXCHANGE_TERMS} == y; then + if test -z "${EXCHANGE_TERMS_FILE:-}"; then + say "Error: No EXCHANGE_TERMS_FILE set but DO_EXCHANGE_TERMS set to YES" + exit 1 + fi + + TERMS_ETAG="$(basename "$EXCHANGE_TERMS_FILE" .rst)" + + say "Setting up terms of service (ToS)" + taler-terms-generator -i "${EXCHANGE_TERMS_FILE}" &>> setup.log +fi + +# Generate privacy policy +PRIVACY_ETAG= +if test ${DO_EXCHANGE_PRIVACY} == y; then + if test -z "${EXCHANGE_PRIVACY_FILE:-}"; then + say "Error: No EXCHANGE_PRIVACY_FILE set but DO_EXCHANGE_PRIVACY set to YES" + exit 1 + fi + + PRIVACY_ETAG="$(basename "$EXCHANGE_PRIVACY_FILE" .rst)" + + say "Setting up the privacy policy" + taler-terms-generator -i "${EXCHANGE_PRIVACY_FILE}" &>> setup.log +fi + +export EXCHANGE_BASE_URL="$PROTO://exchange.${DOMAIN_NAME}/" + +cat << EOF > /etc/taler/conf.d/setup.conf +[taler] +CURRENCY=${CURRENCY} +CURRENCY_ROUND_UNIT=${CURRENCY}:0.01 + +[exchange] +AML_THRESHOLD=${CURRENCY}:1000000 +MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY} +BASE_URL=${EXCHANGE_BASE_URL} +STEFAN_ABS=${CURRENCY}:0 +STEFAN_LOG=${CURRENCY}:0 +STEFAN_LIN=0 + +TERMS_ETAG=${TERMS_ETAG} +PRIVACY_ETAG=${PRIVACY_ETAG} + +[merchant-exchange-${DOMAIN_NAME}] +MASTER_KEY=${MASTER_PUBLIC_KEY} +CURRENCY=${CURRENCY} +EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL} + +[exchange-account-default] +PAYTO_URI=${EXCHANGE_PAYTO} +ENABLE_DEBIT=YES +ENABLE_CREDIT=YES +@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf +EOF + +cat << EOF > /etc/taler/secrets/exchange-db.secret.conf +[exchangedb-postgres] +CONFIG=postgres:///exchange +EOF + +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + +cat << EOF > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf + +[exchange-accountcredentials-default] +WIRE_GATEWAY_URL=${PROTO}://bank.$DOMAIN_NAME/accounts/exchange/taler-wire-gateway/ +WIRE_GATEWAY_AUTH_METHOD=basic +USERNAME=exchange +PASSWORD=${BANK_EXCHANGE_PASSWORD} +EOF + +chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf + +taler-harness deployment gen-coin-config \ + --min-amount "${CURRENCY}":0.01 \ + --max-amount "${CURRENCY}":100 | + sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \ + >/etc/taler/conf.d/"${CURRENCY}"-coins.conf + +say "Initializing exchange database" +taler-exchange-dbconfig -c /etc/taler/taler.conf &>> setup.log + +say "Launching exchange" +systemctl enable taler-exchange.target &>> setup.log +systemctl restart taler-exchange.target &>> setup.log + +say "Waiting for exchange HTTP service (/config)..." +curl -sS --max-time 2 \ + --retry-all-errors \ + --retry-delay 2 \ + --retry 10 \ + "${EXCHANGE_BASE_URL}"config &>> setup.log + +say "Waiting for exchange management keys (this may take a while)..." +curl -sS --max-time 30 \ + --retry-delay 2 \ + --retry 60 \ + "${EXCHANGE_BASE_URL}"management/keys &>> setup.log + +if test ${DO_OFFLINE} == y; then + say "Offline interaction..." + sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + -c /etc/taler/taler.conf \ + download \ + sign \ + upload &>> setup.log + + say "Exchange account setup..." + sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + enable-account "${EXCHANGE_PAYTO}" \ + display-hint 0 "${CURRENCY} Exchange" \ + wire-fee now x-taler-bank "${CURRENCY}":0 "${CURRENCY}":0 \ + global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ + upload &>> setup.log + + say "Enabling timer to automate renewals..." + systemctl enable taler-exchange-offline.timer &>> setup.log + systemctl restart taler-exchange-offline.timer &>> setup.log + + if test ${DO_CONVERSION} == y; then + say "Conversion account setup (restricted to CH-only)..." + sudo -i -u taler-exchange-offline taler-exchange-offline \ + enable-account "${CONVERSION_PAYTO}" \ + display-hint 10 "${FIAT_BANK_NAME}" \ + conversion-url "${PROTO}://bank.$DOMAIN_NAME/conversion-info/" \ + debit-restriction deny \ + wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ + upload &>> setup.log + fi +fi + +say "Waiting for exchange /keys..." +curl -sS --max-time 2 \ + --retry-connrefused \ + --retry-delay 2 \ + --retry 10 \ + "${EXCHANGE_BASE_URL}"keys &>> setup.log + +say "Exchange setup finished" |