2 files changed, 178 insertions, 1 deletions
diff --git a/sandcastle/scripts/core b/sandcastle/scripts/core
new file mode 100644
index 0000000..0a586d3
--- /dev/null
+++ b/sandcastle/scripts/core
diff --git a/sandcastle/scripts/setup-sandcastle.sh b/sandcastle/scripts/setup-sandcastle.sh
index 8067ac5..cb0ae68 100755
--- a/sandcastle/scripts/setup-sandcastle.sh
+++ b/sandcastle/scripts/setup-sandcastle.sh
@@ -1,7 +1,19 @@
 #!/usr/bin/env bash
 
+# This scripts provisions all configuration and
+# services for the Taler sandcastle container.
+
+set -eu
+set -x
+
 echo "hello"
 
+CURRENCY=KUDOS
+EXCHANGE_IBAN=DE159593
+EXCHANGE_PLAIN_PAYTO=payto://iban/$EXCHANGE_IBAN
+EXCHANGE_FULL_PAYTO="payto://iban/$EXCHANGE_IBAN?receiver-name=Sandcastle+Echange+Inc"
+EXCHANGE_BANK_PASSWORD=sandbox
+
 # Just make sure the services are stopped
 systemctl stop taler-exchange.target
 systemctl stop taler-merchant-httpd.service
@@ -13,6 +25,7 @@ systemctl stop postgresql.service
 # and then symlinked.
 # These locations are:
 # /etc/taler
+# /etc/libeufin-bank
 # /var/lib/taler
 # postgres DB directory
 
@@ -35,12 +48,78 @@ function lift_dir() {
 
 lift_dir /var/lib/taler var-lib-taler
 lift_dir /etc/taler etc-taler
+lift_dir /etc/libeufin-bank etc-libeufin-bank
 lift_dir /var/lib/postgresql var-lib-postgresql
 
-MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup)
+# Caddy configuration.
+# We use the caddy reverse proxy with automatic
+# internal TLS setup to ensure that the services are
+# reachable inside the container without any external
+# DNS setup under the same domain name and with TLS
+# from inside the container.
+
+systemctl stop caddy.service
+
+LANDING_DOMAIN=demo.taler.net
+BANK_DOMAIN=bank.demo.taler.net
+EXCHANGE_DOMAIN=exchange.demo.taler.net
+MERCHANT_DOMAIN=backend.demo.taler.net
+BLOG_DOMAIN=shop.demo.taler.net
+DONATIONS_DOMAIN=donations.demo.taler.net
+SURVEY_DOMAIN=survey.demo.taler.net
+
+cat <<EOF > /etc/caddy/Caddyfile
+https://$BANK_DOMAIN {
+  tls internal
+  reverse_proxy :8080
+}
+
+https://$EXCHANGE_DOMAIN {
+  tls internal
+  reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock
+}
+EOF
+
+cat <<EOF >> /etc/hosts
+# Start of Taler Sandcastle Domains
+127.0.0.1 $LANDING_DOMAIN
+127.0.0.1 $BANK_DOMAIN
+127.0.0.1 $EXCHANGE_DOMAIN
+127.0.0.1 $MERCHANT_DOMAIN
+127.0.0.1 $BLOG_DOMAIN
+127.0.0.1 $DONATIONS_DOMAIN
+127.0.0.1 $SURVEY_DOMAIN
+# End of Taler Sandcastle Domains
+EOF
+
+systemctl start caddy.service
+
+# Install local, internal CA certs for caddy
+caddy trust
 
 systemctl start postgresql.service
 
+# Set up bank
+
+BANK_DB=libeufinbank
+# Use "|| true" to continue if these already exist.
+sudo -i -u postgres createuser -d libeufin-bank || true
+sudo -i -u postgres createdb -O libeufin-bank $BANK_DB || true
+
+sudo -i -u libeufin-bank libeufin-bank dbinit
+
+systemctl start libeufin-bank.service
+
+# TODO: Wait until service is up and running
+# TODO: Create accounts for exchange and merchants
+
+taler-harness deployment wait-taler-service libeufin-bank https://$BANK_DOMAIN/config
+taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ --login exchange --exchange --public --payto $EXCHANGE_PLAIN_PAYTO --name Exchange --password sandbox
+
+# Set up exchange
+
+MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup)
+
 EXCHANGE_DB=talerexchange
 # Use "|| true" to continue if these already exist.
 sudo -i -u postgres createuser -d taler-exchange-httpd || true
@@ -48,3 +127,101 @@ sudo -i -u postgres createuser taler-exchange-wire || true
 sudo -i -u postgres createuser taler-exchange-closer || true
 sudo -i -u postgres createuser taler-exchange-aggregator || true
 sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true
+
+# Generate /etc/taler/conf.d/setup.conf
+cat <<EOF > /etc/taler/conf.d/setup.conf
+[taler]
+CURRENCY = $CURRENCY
+CURRENCY_ROUND_UNIT = $CURRENCY:0.01
+
+[exchange]
+AML_THRESHOLD = $CURRENCY:1000000
+MASTER_PUBLIC_KEY = $MASTER_PUBLIC_KEY
+BASE_URL = https://$EXCHANGE_DOMAIN/
+
+[exchange-account-default]
+PAYTO_URI = $EXCHANGE_FULL_PAYTO
+ENABLE_DEBIT = YES
+ENABLE_CREDIT = YES
+@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf
+EOF
+
+cat <<EOF >/etc/taler/secrets/exchange-db.secret.conf
+[exchangedb-postgres]
+CONFIG=postgres:///${EXCHANGE_DB}
+EOF
+chmod 440 /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+
+cat <<EOF > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+[exchange-accountcredentials-default]
+WIRE_GATEWAY_URL = https://$BANK_DOMAIN/accounts/exchange/taler-wire-gateway/
+WIRE_GATEWAY_AUTH_METHOD = basic
+USERNAME = exchange
+PASSWORD = ${EXCHANGE_BANK_PASSWORD}
+EOF
+chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
+
+taler-harness deployment gen-coin-config \
+  --min-amount "${CURRENCY}:0.01" \
+  --max-amount "${CURRENCY}:100" \
+    >/etc/taler/conf.d/"${CURRENCY}"-coins.conf
+
+echo "Initializing exchange database"
+sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
+
+echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+
+
+systemctl enable --now taler-exchange.target
+
+taler-harness deployment wait-taler-service taler-exchange https://$EXCHANGE_DOMAIN/config
+taler-harness deployment wait-endpoint https://$EXCHANGE_DOMAIN/management/keys
+
+sudo -i -u taler-exchange-offline \
+  taler-exchange-offline \
+  -c /etc/taler/taler.conf \
+  download \
+  sign \
+  upload
+
+sudo -i -u taler-exchange-offline \
+  taler-exchange-offline \
+  enable-account "${EXCHANGE_FULL_PAYTO}" \
+  wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \
+  global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \
+  upload
+
+# Set up merchant backend
+
+systemctl enable --now taler-merchant-httpd
+taler-harness deployment wait-taler-service merchant https://$MERCHANT_DOMAIN/config
+
+MERCHANT_DB=talermerchant
+# Use "|| true" to continue if these already exist.
+sudo -i -u postgres createuser -d taler-merchant-httpd || true
+sudo -i -u postgres createdb -O taler-merchant-httpd $MERCHANT_DB || true
+
+cat <<EOF >/etc/taler/secrets/merchant-db.secret.conf
+[merchantdb-postgres]
+CONFIG=postgres:///${MERCHANT_DB}
+EOF
+chmod 440 /etc/taler/secrets/exchange-db.secret.conf
+chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
+
+# merchant passwd
+# taler-harness deployment provision-merchant-instance https://$MERCHANT_DOMAIN/