blob: 0b6cb6f15680efca1cfff93180018b03f168e23a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
|
#!/bin/bash
# This file is in the public domain.
#
# This script configure and launches Sandbox and Nexus.
# The setup provides the admin account at Sandbox, and
# another account for the exchange at Nexus and Sandbox.
# A Taler facade to serve taler-wire-gateway requests
# is also provided. The currency defaults to "NB".
# The environment must provide the following variables:
# - SANDBOX_ADMIN_PASSWORD: password of the Netzbon administrator.
# - NEXUS_EXCHANGE_PASSWORD: password of the Nexus user hosted
# at Nexus, this password will let the Wire-gateway access
# its banking records. The related username is:
# exchange-at-nexus
# - SANDBOX_EXCHANGE_PASSWORD: password of the exchange
# bank account hosted at Sandbox. The related
# username is: exchange-at-sandbox
# - BANK_NAME: human-readable name for the bank
#
# OUTPUTS:
#
# LIBEUFIN_NEXUS_USERNAME -- username of the exchange
# EXCHANGE_IBAN -- IBAN of the exchange
# EXCHANGE_PAYTO -- payto-URI of the exchange
set -eu
source functions.sh
source config/user.conf
source config/internal.conf
if test -z "${BANK_NAME:-}"; then
say "Error: config/user.conf does not specify BANK_NAME"
exit 1
fi
if test -z "${DOMAIN_NAME:-}"; then
say "Error: config/user.conf does not specify DOMAIN_NAME"
exit 1
fi
if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then
say "Error: config/user.conf does not specify SANDBOX_ADMIN_PASSWORD"
exit 1
fi
# TODO: add sanity-checks for presence of other required env-vars
if test "${ENABLE_TLS:-}" == "y"; then
PROTO="https"
else
PROTO="http"
fi
say "Setting up libeufin"
# EBICS parameters that must match but are only used internally.
EBICS_HOST_ID="TALERHOST"
EBICS_PARTNER_ID="talerop"
EBICS_USER_ID="exchangeebics"
EBICS_CONNECTION_NAME="exchangeconn"
LIBEUFIN_TALER_FACADE="taler-facade"
export LIBEUFIN_NEXUS_USERNAME="exchange-at-nexus"
echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" >>config/internal.conf
# Load configuration with
# LIBEUFIN_NEXUS_DB_CONNECTION and
# LIBEUFIN_NEXUS_PORT
# shellcheck disable=SC1091
source /etc/libeufin/nexus.env
export LIBEUFIN_NEXUS_DB_CONNECTION
if test -z "${LIBEUFIN_NEXUS_DB_CONNECTION:-}"; then
say "Error: /etc/libeufin/nexus.env does not specify LIBEUFIN_NEXUS_DB_CONNECTION"
exit 1
fi
export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_EXCHANGE_PASSWORD
export LIBEUFIN_NEXUS_URL="http://localhost:${LIBEUFIN_NEXUS_PORT}"
# Load configuration with
# LIBEUFIN_SANDBOX_DB_CONNECTION and
# LIBEUFIN_SANDBOX_PORT
# shellcheck disable=SC1091
. /etc/libeufin/sandbox.env
export LIBEUFIN_SANDBOX_DB_CONNECTION
if test -z "${LIBEUFIN_SANDBOX_DB_CONNECTION:-}"; then
say "Error: /etc/libeufin/sandbox.env does not specify LIBEUFIN_SANDBOX_DB_CONNECTION"
exit 1
fi
export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="${SANDBOX_ADMIN_PASSWORD}"
# FIXME-CG: this should be done inside the Debian package (incl. pw generation)
# We need to add this password to the systemd environment to make it effective.
echo "LIBEUFIN_SANDBOX_ADMIN_PASSWORD=\"${SANDBOX_ADMIN_PASSWORD}\"" >>/etc/libeufin/sandbox.env
SANDBOX_URL="http://localhost:${LIBEUFIN_SANDBOX_PORT}/"
say "Configure the default demobank with ${CURRENCY}..."
MY_DIR=$PWD
# Go to directory valid for other users.
cd /
sudo -E -u libeufin-sandbox \
libeufin-sandbox config \
--captcha-url "${PROTO}://bank.${DOMAIN_NAME}" \
--bank-debt-limit 1000000 \
--users-debt-limit 0 \
--without-signup-bonus \
--currency "${CURRENCY}" \
default
say "DONE"
say "Start the bank..."
systemctl enable --now libeufin-sandbox
say "DONE"
say "Waiting for sandbox..."
curl --max-time 25 \
--retry-connrefused \
--retry-delay 3 \
--retry 10 \
"${SANDBOX_URL}" &>/dev/null
say "DONE"
say "Make one superuser at Nexus..."
sudo -E -u libeufin-nexus libeufin-nexus superuser \
${LIBEUFIN_NEXUS_USERNAME} \
--password "$NEXUS_EXCHANGE_PASSWORD"
say "DONE"
say "Launching Nexus..."
systemctl enable --now libeufin-nexus
say "DONE"
say "Waiting for Nexus..."
curl --max-time 25 \
--retry-connrefused \
--retry-delay 3 \
--retry 10 \
"${LIBEUFIN_NEXUS_URL}" &>/dev/null
say "DONE"
EXCHANGE_SANDBOX_USERNAME="exchange-at-sandbox"
say "Register the exchange Sandbox account..."
export LIBEUFIN_SANDBOX_USERNAME=$EXCHANGE_SANDBOX_USERNAME
export LIBEUFIN_SANDBOX_PASSWORD="${SANDBOX_EXCHANGE_PASSWORD}"
# Succeed also if the account already exists...
# (hopefully with the same password!)
# FIXME-MS: might be better to DELETE an existing
# account here instead!??
libeufin-cli \
sandbox --sandbox-url "${SANDBOX_URL}" \
demobank register || true
say "DONE"
say "Getting the exchange IBAN and Payto URI..."
EXCHANGE_DETAILS=$(libeufin-cli \
sandbox --sandbox-url "${SANDBOX_URL}" \
demobank info --bank-account ${LIBEUFIN_SANDBOX_USERNAME})
say "DONE"
EXCHANGE_IBAN=$(echo "$EXCHANGE_DETAILS" | jq -r .iban)
EXCHANGE_PAYTO=$(echo "$EXCHANGE_DETAILS" | jq -r .paytoUri)
# Communicating this to the exchange script, as the exchange
# needs it for the /wire response.
export EXCHANGE_IBAN
export EXCHANGE_PAYTO
echo "EXCHANGE_IBAN=\"${EXCHANGE_IBAN}\"" >>"${MY_DIR}"/config/internal.conf
echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>"${MY_DIR}"/config/internal.conf
say "Setting the default exchange at Sandbox..."
libeufin-sandbox default-exchange "${PROTO}://exchange.$DOMAIN_NAME/" "$EXCHANGE_PAYTO"
say "DONE"
export LIBEUFIN_SANDBOX_USERNAME="admin"
export LIBEUFIN_SANDBOX_PASSWORD=$SANDBOX_ADMIN_PASSWORD
say "Create EBICS host at Sandbox..."
# Continue on failure, request is not idempotent...
# FIXME-MS: might be nicer to delete existing host first.
libeufin-cli sandbox \
--sandbox-url "${SANDBOX_URL}" \
ebicshost create --host-id ${EBICS_HOST_ID} || true
say "OK"
say "Create exchange EBICS subscriber at Sandbox..."
# Continue on failure, request is not idempotent...
# FIXME-MS: might be nicer to delete existing host first.
libeufin-cli sandbox \
--sandbox-url "${SANDBOX_URL}" \
demobank new-ebicssubscriber \
--host-id ${EBICS_HOST_ID} \
--user-id ${EBICS_USER_ID} \
--partner-id ${EBICS_PARTNER_ID} \
--bank-account ${EXCHANGE_SANDBOX_USERNAME} || true
say "OK"
say "Creating the EBICS connection at Nexus..."
# Continue on failure, request is not idempotent...
# FIXME-MS: might be nicer to delete existing host first.
libeufin-cli connections new-ebics-connection \
--ebics-url "${SANDBOX_URL}ebicsweb" \
--host-id ${EBICS_HOST_ID} \
--partner-id ${EBICS_PARTNER_ID} \
--ebics-user-id ${EBICS_USER_ID} \
${EBICS_CONNECTION_NAME} || true
say "DONE"
say "Setup EBICS keying..."
libeufin-cli connections connect ${EBICS_CONNECTION_NAME} >/dev/null
say "OK"
say "Download bank account name from Sandbox..."
libeufin-cli connections download-bank-accounts ${EBICS_CONNECTION_NAME}
say "OK"
say "Importing bank account info into Nexus..."
# Continue on failure, request is not idempotent...
# FIXME-MS: might be nicer to delete existing connection first.
libeufin-cli connections import-bank-account \
--offered-account-id ${EXCHANGE_SANDBOX_USERNAME} \
--nexus-bank-account-id ${LIBEUFIN_NEXUS_USERNAME} \
${EBICS_CONNECTION_NAME} || true
echo "OK"
say "Create the Taler facade at Nexus..."
# Continue on failure, request is not idempotent...
# FIXME-MS: might be nicer to delete existing facade first.
libeufin-cli facades \
new-taler-wire-gateway-facade \
--currency "$CURRENCY" \
--facade-name ${LIBEUFIN_TALER_FACADE} \
${EBICS_CONNECTION_NAME} ${LIBEUFIN_NEXUS_USERNAME} || true
say "OK"
export WIRE_GATEWAY_URL="${LIBEUFIN_NEXUS_URL}/facades/${LIBEUFIN_TALER_FACADE}/taler-wire-gateway/"
echo "WIRE_GATEWAY_URL=\"${WIRE_GATEWAY_URL}\"" >>"${MY_DIR}"/config/internal.conf
say "Configuring the background jobs to submit/get transactions..."
# Tries every second.
# Not idempotent, FIXME #7739
libeufin-cli accounts task-schedule \
--task-type submit \
--task-name exchange-payments \
--task-cronspec "* * *" \
exchange-at-nexus || true
say "OK"
# Tries every second. Ask C52
say "Setup history fetch task.."
# Not idempotent, FIXME #7739
libeufin-cli accounts task-schedule \
--task-type fetch \
--task-name exchange-history \
--task-cronspec "* * *" \
--task-param-level report \
--task-param-range-type latest \
exchange-at-nexus || true
say "OK"
say "Setting up SPA configuration..."
# shellcheck disable=SC2002
cat /usr/share/libeufin/demobank-ui/demobank-ui-settings.js |
sed -e "s/localhost/bank.${DOMAIN_NAME}/g" |
sed -e "s/Taler Bank/${BANK_NAME}/g" \
>/etc/libeufin/demobank-ui-settings.js
say "DONE"
|
