#!/bin/bash # Set up error handling set -eu notify_exit() { [[ $1 == 0 ]] || echo Script "$0" failed, exit code "$1" } notify_err() { echo "errexit on line $(caller)" >&2 } trap '(exit 130)' INT trap '(exit 143)' TERM trap notify_err ERR # shellcheck disable=SC2154 trap 'rc=$?; notify_exit $rc; exit $rc' EXIT # End of error handling setup source functions.sh source config/user.conf source config/internal.conf say "Beginning Exchange setup" # Required inputs: # # - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus) # - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus) # - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus) # - EXCHANGE_IBAN (exchange account IBAN) # - EXCHANGE_PAYTO (exchange account PAYTO) # - ENABLE_TLS (http or https?) if test -z "${LIBEUFIN_NEXUS_USERNAME:-}"; then say "Failure: LIBEUFIN_NEXUS_USERNAME not set" exit 1 fi if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"; then say "Failure: NEXUS_EXCHANGE_PASSWORD not set" exit 1 fi if test -z "${EXCHANGE_IBAN:-}"; then say "Failure: EXCHANGE_IBAN not set" exit 1 fi if test -z "${WIRE_GATEWAY_URL:-}"; then say "Failure: WIRE_GATEWAY_URL not set" exit 1 fi if test -z "${EXCHANGE_PAYTO:-}"; then say "Failure: EXCHANGE_PAYTO not set" exit 1 fi function die() { say "$1" exit 1 } # Just try if sudo works for diagnostics sudo -i -u taler-exchange-offline id >/dev/null || die "Error: Unable to switch to taler-exchange-offline user" # Create master key as taler-exchange-offline *unless* user already # set the MASTER_PUBLIC_KEY to some value we can use. export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub if test -z "${MASTER_PUBLIC_KEY:-}"; then if test "${DO_OFFLINE:-y}" == n; then say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO" exit 1 fi say "Setting up offline key" echo -e "[exchange-offline]\n" \ "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n" \ "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n" \ >/etc/taler/conf.d/offline-setup.conf MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >>config/user.conf if test -z "${DO_OFFLINE:-}"; then # Set 'DO_OFFLINE' DO_OFFLINE=y echo "DO_OFFLINE=y" >>config/user.conf fi else say "Master public key is $MASTER_PUBLIC_KEY" if test ${DO_OFFLINE:-y} == y; then MASTER_PUBLIC_KEY2=$(sudo -i -u taler-exchange-offline taler-exchange-offline setup) if test "${MASTER_PUBLIC_KEY2}" != "${MASTER_PUBLIC_KEY}"; then say "Error: master public key missmatch ${MASTER_PUBLIC_KEY2} does not match ${MASTER_PUBLIC_KEY}" exit 1 fi fi fi export MASTER_PUBLIC_KEY say "Stopping running exchange before reconfiguration" systemctl stop taler-exchange.target say "Setting up exchange database" EXCHANGE_DB=talerexchange # Use "|| true" to continue if these already exist. sudo -i -u postgres createuser -d taler-exchange-httpd || true sudo -i -u postgres createuser taler-exchange-wire || true sudo -i -u postgres createuser taler-exchange-closer || true sudo -i -u postgres createuser taler-exchange-aggregator || true sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true say "Configuring exchange" if test "${ENABLE_TLS}" = "y"; then export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}/" else export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}/" fi # Generate /etc/taler/conf.d/setup.conf echo -e "[taler]\n" \ "CURRENCY=${CURRENCY}\n" \ "CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n" \ "AML_THRESHOLD=${CURRENCY}:1000000\n" \ "\n[exchange]\n" \ "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n" \ "BASE_URL=${EXCHANGE_BASE_URL}\n" \ "\n[merchant-exchange-${DOMAIN_NAME}]\n" \ "MASTER_KEY=${MASTER_PUBLIC_KEY}\n" \ "CURRENCY=${CURRENCY}\n" \ "EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n" \ "\n[exchange-account-default]\n" \ "PAYTO_URI=${EXCHANGE_PAYTO}\n" \ "ENABLE_DEBIT=YES\n" \ "ENABLE_CREDIT=YES\n" \ "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \ >/etc/taler/conf.d/setup.conf echo -e "[exchangedb-postgres]\n" \ "CONFIG=postgres:///${EXCHANGE_DB}\n" \ >/etc/taler/secrets/exchange-db.secret.conf chmod 440 /etc/taler/secrets/exchange-db.secret.conf chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf echo -e "[exchange-accountcredentials-default]\n" \ "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n" \ "WIRE_GATEWAY_AUTH_METHOD=basic\n" \ "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n" \ "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n" \ >/etc/taler/secrets/exchange-accountcredentials-default.secret.conf chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf taler-harness deployment gen-coin-config \ --min-amount "${CURRENCY}":0.01 \ --max-amount "${CURRENCY}":100 | sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \ >/etc/taler/conf.d/"${CURRENCY}"-coins.conf # FIXME-DOLD: this belongs with taler-harness for SEC in $(taler-config -c /etc/taler/conf.d/"${CURRENCY}"-coins.conf -S | grep COIN-); do taler-config -c /etc/taler/conf.d/"${CURRENCY}"-coins.conf -s "$SEC" -o CIPHER -V "RSA" done say "Initializing exchange database" sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB} say "Launching exchange" systemctl enable --now taler-exchange.target say "Waiting for exchange HTTP service (/config)..." curl --max-time 2 \ --retry-connrefused \ --retry-delay 1 \ --retry 10 \ "${EXCHANGE_BASE_URL}"config &>/dev/null say "DONE" say "Waiting for exchange management keys (this may take a while)..." curl --max-time 30 \ --retry-delay 1 \ --retry 60 \ "${EXCHANGE_BASE_URL}"management/keys &>/dev/null say "DONE" if test ${DO_OFFLINE} == y; then say "Offline interaction..." sudo -i -u taler-exchange-offline \ taler-exchange-offline \ -c /etc/taler/taler.conf \ download \ sign \ upload sudo -i -u taler-exchange-offline \ taler-exchange-offline \ enable-account "${EXCHANGE_PAYTO}" \ wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ upload fi say "Waiting for exchange /keys..." curl --max-time 2 \ --retry-connrefused \ --retry-delay 1 \ --retry 10 \ "${EXCHANGE_BASE_URL}"keys &>/dev/null say "DONE" say "Exchange setup finished"