diff options
Diffstat (limited to 'sandcastle/scripts/setup-sandcastle.sh')
-rwxr-xr-x | sandcastle/scripts/setup-sandcastle.sh | 179 |
1 files changed, 178 insertions, 1 deletions
diff --git a/sandcastle/scripts/setup-sandcastle.sh b/sandcastle/scripts/setup-sandcastle.sh index 8067ac5..cb0ae68 100755 --- a/sandcastle/scripts/setup-sandcastle.sh +++ b/sandcastle/scripts/setup-sandcastle.sh @@ -1,7 +1,19 @@ #!/usr/bin/env bash +# This scripts provisions all configuration and +# services for the Taler sandcastle container. + +set -eu +set -x + echo "hello" +CURRENCY=KUDOS +EXCHANGE_IBAN=DE159593 +EXCHANGE_PLAIN_PAYTO=payto://iban/$EXCHANGE_IBAN +EXCHANGE_FULL_PAYTO="payto://iban/$EXCHANGE_IBAN?receiver-name=Sandcastle+Echange+Inc" +EXCHANGE_BANK_PASSWORD=sandbox + # Just make sure the services are stopped systemctl stop taler-exchange.target systemctl stop taler-merchant-httpd.service @@ -13,6 +25,7 @@ systemctl stop postgresql.service # and then symlinked. # These locations are: # /etc/taler +# /etc/libeufin-bank # /var/lib/taler # postgres DB directory @@ -35,12 +48,78 @@ function lift_dir() { lift_dir /var/lib/taler var-lib-taler lift_dir /etc/taler etc-taler +lift_dir /etc/libeufin-bank etc-libeufin-bank lift_dir /var/lib/postgresql var-lib-postgresql -MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) +# Caddy configuration. +# We use the caddy reverse proxy with automatic +# internal TLS setup to ensure that the services are +# reachable inside the container without any external +# DNS setup under the same domain name and with TLS +# from inside the container. + +systemctl stop caddy.service + +LANDING_DOMAIN=demo.taler.net +BANK_DOMAIN=bank.demo.taler.net +EXCHANGE_DOMAIN=exchange.demo.taler.net +MERCHANT_DOMAIN=backend.demo.taler.net +BLOG_DOMAIN=shop.demo.taler.net +DONATIONS_DOMAIN=donations.demo.taler.net +SURVEY_DOMAIN=survey.demo.taler.net + +cat <<EOF > /etc/caddy/Caddyfile +https://$BANK_DOMAIN { + tls internal + reverse_proxy :8080 +} + +https://$EXCHANGE_DOMAIN { + tls internal + reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock +} +EOF + +cat <<EOF >> /etc/hosts +# Start of Taler Sandcastle Domains +127.0.0.1 $LANDING_DOMAIN +127.0.0.1 $BANK_DOMAIN +127.0.0.1 $EXCHANGE_DOMAIN +127.0.0.1 $MERCHANT_DOMAIN +127.0.0.1 $BLOG_DOMAIN +127.0.0.1 $DONATIONS_DOMAIN +127.0.0.1 $SURVEY_DOMAIN +# End of Taler Sandcastle Domains +EOF + +systemctl start caddy.service + +# Install local, internal CA certs for caddy +caddy trust systemctl start postgresql.service +# Set up bank + +BANK_DB=libeufinbank +# Use "|| true" to continue if these already exist. +sudo -i -u postgres createuser -d libeufin-bank || true +sudo -i -u postgres createdb -O libeufin-bank $BANK_DB || true + +sudo -i -u libeufin-bank libeufin-bank dbinit + +systemctl start libeufin-bank.service + +# TODO: Wait until service is up and running +# TODO: Create accounts for exchange and merchants + +taler-harness deployment wait-taler-service libeufin-bank https://$BANK_DOMAIN/config +taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ --login exchange --exchange --public --payto $EXCHANGE_PLAIN_PAYTO --name Exchange --password sandbox + +# Set up exchange + +MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) + EXCHANGE_DB=talerexchange # Use "|| true" to continue if these already exist. sudo -i -u postgres createuser -d taler-exchange-httpd || true @@ -48,3 +127,101 @@ sudo -i -u postgres createuser taler-exchange-wire || true sudo -i -u postgres createuser taler-exchange-closer || true sudo -i -u postgres createuser taler-exchange-aggregator || true sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true + +# Generate /etc/taler/conf.d/setup.conf +cat <<EOF > /etc/taler/conf.d/setup.conf +[taler] +CURRENCY = $CURRENCY +CURRENCY_ROUND_UNIT = $CURRENCY:0.01 + +[exchange] +AML_THRESHOLD = $CURRENCY:1000000 +MASTER_PUBLIC_KEY = $MASTER_PUBLIC_KEY +BASE_URL = https://$EXCHANGE_DOMAIN/ + +[exchange-account-default] +PAYTO_URI = $EXCHANGE_FULL_PAYTO +ENABLE_DEBIT = YES +ENABLE_CREDIT = YES +@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf +EOF + +cat <<EOF >/etc/taler/secrets/exchange-db.secret.conf +[exchangedb-postgres] +CONFIG=postgres:///${EXCHANGE_DB} +EOF +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + +cat <<EOF > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +[exchange-accountcredentials-default] +WIRE_GATEWAY_URL = https://$BANK_DOMAIN/accounts/exchange/taler-wire-gateway/ +WIRE_GATEWAY_AUTH_METHOD = basic +USERNAME = exchange +PASSWORD = ${EXCHANGE_BANK_PASSWORD} +EOF +chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf +chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf + +taler-harness deployment gen-coin-config \ + --min-amount "${CURRENCY}:0.01" \ + --max-amount "${CURRENCY}:100" \ + >/etc/taler/conf.d/"${CURRENCY}"-coins.conf + +echo "Initializing exchange database" +sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf + +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + +echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} +echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} + + +systemctl enable --now taler-exchange.target + +taler-harness deployment wait-taler-service taler-exchange https://$EXCHANGE_DOMAIN/config +taler-harness deployment wait-endpoint https://$EXCHANGE_DOMAIN/management/keys + +sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + -c /etc/taler/taler.conf \ + download \ + sign \ + upload + +sudo -i -u taler-exchange-offline \ + taler-exchange-offline \ + enable-account "${EXCHANGE_FULL_PAYTO}" \ + wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ + global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ + upload + +# Set up merchant backend + +systemctl enable --now taler-merchant-httpd +taler-harness deployment wait-taler-service merchant https://$MERCHANT_DOMAIN/config + +MERCHANT_DB=talermerchant +# Use "|| true" to continue if these already exist. +sudo -i -u postgres createuser -d taler-merchant-httpd || true +sudo -i -u postgres createdb -O taler-merchant-httpd $MERCHANT_DB || true + +cat <<EOF >/etc/taler/secrets/merchant-db.secret.conf +[merchantdb-postgres] +CONFIG=postgres:///${MERCHANT_DB} +EOF +chmod 440 /etc/taler/secrets/exchange-db.secret.conf +chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf + +# merchant passwd +# taler-harness deployment provision-merchant-instance https://$MERCHANT_DOMAIN/ |