#!/bin/bash # This file is in the public domain. # # This script configure and launches Sandbox and Nexus. # The setup provides the admin account at Sandbox, and # another account for the exchange at Nexus and Sandbox. # A Taler facade to serve taler-wire-gateway requests # is also provided. The currency defaults to "NB". # The environment must provide the following variables: # - SANDBOX_ADMIN_PASSWORD: password of the Netzbon administrator. # - NEXUS_EXCHANGE_PASSWORD: password of the Nexus user hosted # at Nexus, this password will let the Wire-gateway access # its banking records. The related username is: # exchange-at-nexus # - SANDBOX_EXCHANGE_PASSWORD: password of the exchange # bank account hosted at Sandbox. The related # username is: exchange-at-sandbox # - BANK_NAME: human-readable name for the bank # # OUTPUTS: # # LIBEUFIN_NEXUS_USERNAME -- username of the exchange # EXCHANGE_IBAN -- IBAN of the exchange # EXCHANGE_PAYTO -- payto-URI of the exchange set -eu source functions.sh source config/user.conf source config/internal.conf if test -z "${BANK_NAME:-}"; then say "Error: config/user.conf does not specify BANK_NAME" exit 1 fi if test -z "${DOMAIN_NAME:-}"; then say "Error: config/user.conf does not specify DOMAIN_NAME" exit 1 fi if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then say "Error: config/user.conf does not specify SANDBOX_ADMIN_PASSWORD" exit 1 fi # TODO: add sanity-checks for presence of other required env-vars if test "${ENABLE_TLS:-}" == "y"; then PROTO="https" else PROTO="http" fi say "Setting up libeufin" # EBICS parameters that must match but are only used internally. EBICS_HOST_ID="TALERHOST" EBICS_PARTNER_ID="talerop" EBICS_USER_ID="exchangeebics" EBICS_CONNECTION_NAME="exchangeconn" LIBEUFIN_TALER_FACADE="taler-facade" export LIBEUFIN_NEXUS_USERNAME="exchange-at-nexus" echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" >>config/internal.conf # Load configuration with # LIBEUFIN_NEXUS_DB_CONNECTION and # LIBEUFIN_NEXUS_PORT # shellcheck disable=SC1091 source /etc/libeufin/nexus.env export LIBEUFIN_NEXUS_DB_CONNECTION if test -z "${LIBEUFIN_NEXUS_DB_CONNECTION:-}"; then say "Error: /etc/libeufin/nexus.env does not specify LIBEUFIN_NEXUS_DB_CONNECTION" exit 1 fi export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_EXCHANGE_PASSWORD export LIBEUFIN_NEXUS_URL="http://localhost:${LIBEUFIN_NEXUS_PORT}" # Load configuration with # LIBEUFIN_SANDBOX_DB_CONNECTION and # LIBEUFIN_SANDBOX_PORT # shellcheck disable=SC1091 . /etc/libeufin/sandbox.env export LIBEUFIN_SANDBOX_DB_CONNECTION if test -z "${LIBEUFIN_SANDBOX_DB_CONNECTION:-}"; then say "Error: /etc/libeufin/sandbox.env does not specify LIBEUFIN_SANDBOX_DB_CONNECTION" exit 1 fi export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="${SANDBOX_ADMIN_PASSWORD}" # FIXME-CG: this should be done inside the Debian package (incl. pw generation) # We need to add this password to the systemd environment to make it effective. echo "LIBEUFIN_SANDBOX_ADMIN_PASSWORD=\"${SANDBOX_ADMIN_PASSWORD}\"" >>/etc/libeufin/sandbox.env SANDBOX_URL="http://localhost:${LIBEUFIN_SANDBOX_PORT}/" say "Configure the default demobank with ${CURRENCY}..." MY_DIR=$PWD # Go to directory valid for other users. cd / sudo -E -u libeufin-sandbox \ libeufin-sandbox config \ --captcha-url "${PROTO}://bank.${DOMAIN_NAME}" \ --bank-debt-limit 1000000 \ --users-debt-limit 0 \ --without-signup-bonus \ --currency "${CURRENCY}" \ default say "DONE" say "Start the bank..." systemctl enable --now libeufin-sandbox say "DONE" say "Waiting for sandbox..." curl --max-time 25 \ --retry-connrefused \ --retry-delay 3 \ --retry 10 \ "${SANDBOX_URL}" &>/dev/null say "DONE" say "Make one superuser at Nexus..." sudo -E -u libeufin-nexus libeufin-nexus superuser \ ${LIBEUFIN_NEXUS_USERNAME} \ --password "$NEXUS_EXCHANGE_PASSWORD" say "DONE" say "Launching Nexus..." systemctl enable --now libeufin-nexus say "DONE" say "Waiting for Nexus..." curl --max-time 25 \ --retry-connrefused \ --retry-delay 3 \ --retry 10 \ "${LIBEUFIN_NEXUS_URL}" &>/dev/null say "DONE" EXCHANGE_SANDBOX_USERNAME="exchange-at-sandbox" say "Register the exchange Sandbox account..." export LIBEUFIN_SANDBOX_USERNAME=$EXCHANGE_SANDBOX_USERNAME export LIBEUFIN_SANDBOX_PASSWORD="${SANDBOX_EXCHANGE_PASSWORD}" # Succeed also if the account already exists... # (hopefully with the same password!) # FIXME-MS: might be better to DELETE an existing # account here instead!?? libeufin-cli \ sandbox --sandbox-url "${SANDBOX_URL}" \ demobank register || true say "DONE" say "Getting the exchange IBAN and Payto URI..." EXCHANGE_DETAILS=$(libeufin-cli \ sandbox --sandbox-url "${SANDBOX_URL}" \ demobank info --bank-account ${LIBEUFIN_SANDBOX_USERNAME}) say "DONE" EXCHANGE_IBAN=$(echo "$EXCHANGE_DETAILS" | jq -r .iban) EXCHANGE_PAYTO=$(echo "$EXCHANGE_DETAILS" | jq -r .paytoUri) # Communicating this to the exchange script, as the exchange # needs it for the /wire response. export EXCHANGE_IBAN export EXCHANGE_PAYTO echo "EXCHANGE_IBAN=\"${EXCHANGE_IBAN}\"" >>"${MY_DIR}"/config/internal.conf echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>"${MY_DIR}"/config/internal.conf say "Setting the default exchange at Sandbox..." libeufin-sandbox default-exchange "${PROTO}://exchange.$DOMAIN_NAME/" "$EXCHANGE_PAYTO" say "DONE" export LIBEUFIN_SANDBOX_USERNAME="admin" export LIBEUFIN_SANDBOX_PASSWORD=$SANDBOX_ADMIN_PASSWORD say "Create EBICS host at Sandbox..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing host first. libeufin-cli sandbox \ --sandbox-url "${SANDBOX_URL}" \ ebicshost create --host-id ${EBICS_HOST_ID} || true say "OK" say "Create exchange EBICS subscriber at Sandbox..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing host first. libeufin-cli sandbox \ --sandbox-url "${SANDBOX_URL}" \ demobank new-ebicssubscriber \ --host-id ${EBICS_HOST_ID} \ --user-id ${EBICS_USER_ID} \ --partner-id ${EBICS_PARTNER_ID} \ --bank-account ${EXCHANGE_SANDBOX_USERNAME} || true say "OK" say "Creating the EBICS connection at Nexus..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing host first. libeufin-cli connections new-ebics-connection \ --ebics-url "${SANDBOX_URL}ebicsweb" \ --host-id ${EBICS_HOST_ID} \ --partner-id ${EBICS_PARTNER_ID} \ --ebics-user-id ${EBICS_USER_ID} \ ${EBICS_CONNECTION_NAME} || true say "DONE" say "Setup EBICS keying..." libeufin-cli connections connect ${EBICS_CONNECTION_NAME} >/dev/null say "OK" say "Download bank account name from Sandbox..." libeufin-cli connections download-bank-accounts ${EBICS_CONNECTION_NAME} say "OK" say "Importing bank account info into Nexus..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing connection first. libeufin-cli connections import-bank-account \ --offered-account-id ${EXCHANGE_SANDBOX_USERNAME} \ --nexus-bank-account-id ${LIBEUFIN_NEXUS_USERNAME} \ ${EBICS_CONNECTION_NAME} || true echo "OK" say "Create the Taler facade at Nexus..." # Continue on failure, request is not idempotent... # FIXME-MS: might be nicer to delete existing facade first. libeufin-cli facades \ new-taler-wire-gateway-facade \ --currency "$CURRENCY" \ --facade-name ${LIBEUFIN_TALER_FACADE} \ ${EBICS_CONNECTION_NAME} ${LIBEUFIN_NEXUS_USERNAME} || true say "OK" export WIRE_GATEWAY_URL="${LIBEUFIN_NEXUS_URL}/facades/${LIBEUFIN_TALER_FACADE}/taler-wire-gateway/" echo "WIRE_GATEWAY_URL=\"${WIRE_GATEWAY_URL}\"" >>"${MY_DIR}"/config/internal.conf say "Configuring the background jobs to submit/get transactions..." # Tries every second. # Not idempotent, FIXME #7739 libeufin-cli accounts task-schedule \ --task-type submit \ --task-name exchange-payments \ --task-cronspec "* * *" \ exchange-at-nexus || true say "OK" # Tries every second. Ask C52 say "Setup history fetch task.." # Not idempotent, FIXME #7739 libeufin-cli accounts task-schedule \ --task-type fetch \ --task-name exchange-history \ --task-cronspec "* * *" \ --task-param-level report \ --task-param-range-type latest \ exchange-at-nexus || true say "OK" say "Setting up SPA configuration..." # shellcheck disable=SC2002 cat /usr/share/libeufin/demobank-ui/demobank-ui-settings.js | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" | sed -e "s/Taler Bank/${BANK_NAME}/g" \ >/etc/libeufin/demobank-ui-settings.js say "DONE"