blob: 77616bab619e672ea8996a19adc732c924c26f88 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
#!/bin/bash
notify_err() {
say "errexit on line $(caller)"
say "Error messages can be found at the end of setup.log"
exit 1
}
trap notify_err ERR
# Message
function say() {
echo "TALER: " "$@" >> setup.log
echo "TALER: " "$@"
}
# Check user if the user is root
function check_user() {
if [ "$(whoami)" != "root" ]; then
say "Please run this script as root"
exit 1
fi
}
function ask_questions() {
if test -z "${CURRENCY:-}"; then
read -r -p "1. Enter the name of the regional currency (e.g. 'NETZBON'): " CURRENCY
CURRENCY=$(normalize_currency "${CURRENCY}")
echo "CURRENCY=${CURRENCY}" >>config/user.conf
fi
if test -z "${FIAT_CURRENCY:-}"; then
read -r -p "2. Enter the name of the fiat currency (e.g. 'CHF'): " FIAT_CURRENCY
FIAT_CURRENCY=$(normalize_currency "${FIAT_CURRENCY}")
echo "FIAT_CURRENCY=${FIAT_CURRENCY}" >>config/user.conf
fi
if test -z "${BANK_NAME:-}"; then
read -r -p "3. Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME
echo "BANK_NAME=\"${BANK_NAME}\"" >>config/user.conf
fi
if test -z "${DOMAIN_NAME:-}"; then
read -r -p "4. Enter the domain name: " DOMAIN_NAME
# convert to lower-case
DOMAIN_NAME=$(echo "${DOMAIN_NAME}" | tr A-Z a-z)
check_dns
echo "DOMAIN_NAME=${DOMAIN_NAME}" >>config/user.conf
fi
if test -z "${ENABLE_TLS:-}"; then
read -r -p "5. Setup TLS using Let's Encrypt? (y/n): " ENABLE_TLS
echo "ENABLE_TLS=${ENABLE_TLS}" >>config/user.conf
fi
if test -z "${TLS_EMAIL:-}"; then
if test "${ENABLE_TLS:-}" == y; then
read -r -p "5.1. Enter an email address for Let's Encrypt: " TLS_EMAIL
echo "TLS_EMAIL=${TLS_EMAIL}" >>config/user.conf
fi
fi
if test -z "${TLS_TOS:-}"; then
if test "${ENABLE_TLS:-}" == y; then
echo "5.2. Please read the Terms of Service at https://letsencrypt.org/documents/LE-SA-v1.3-September-21-2022.pdf."
read -r -p "5.2. You must agree in order to register with the ACME server. Do you agree? (y/n): " TLS_TOS
if test "${TLS_TOS:-y}" != y; then
say "You must agree in order to register with the ACME server"
exit 1
fi
echo "TLS_TOS=${TLS_TOS}" >>config/user.conf
fi
fi
if test -z "${DO_OFFLINE:-}"; then
read -r -p "6. Do you want Taler Exchange keys on this server (y) or externally on another server (n): " DO_OFFLINE
echo "DO_OFFLINE=${DO_OFFLINE}" >>config/user.conf
fi
if test -z "${MASTER_PUBLIC_KEY:-}"; then
if test "${DO_OFFLINE:-y}" == n; then
read -r -p "6.1. Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY
echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf
fi
fi
if test -z "${DO_TELESIGN:-}"; then
read -r -p "7. Setup sms two-factor authentication using Telesign https://www.telesign.com? (y/n): " DO_TELESIGN
if test "${DO_TELESIGN:-y}" != n; then
read -r -p "7.1. Enter your Telesign Customer ID: " TELESIGN_CUSTOMER_ID
read -r -s -p "7.2. Enter your Telesign API Key: " TELESIGN_API_KEY
echo "" # force new line
read -r -p "7.3. Enter a phone number to test your API key (e.g. '+447911123456'): " TELESIGN_PHONE
TELESIGN_AUTH_TOKEN=$(echo "$TELESIGN_CUSTOMER_ID:$TELESIGN_API_KEY" | base64 -w 0)
export AUTH_TOKEN=$TELESIGN_AUTH_TOKEN
echo "12345" | libeufin-tan-sms.sh $TELESIGN_PHONE
read -r -p "7.4. Enter the code received by $TELESIGN_PHONE : " TELESIGN_TEST_CODE
if test "${TELESIGN_TEST_CODE:-y}" != "12345"; then
say "Wrong code got '$TELESIGN_TEST_CODE' expected '12345', rerun this script to enter the right Telesign auth info"
exit 1
fi
echo "TELESIGN_AUTH_TOKEN=\"${TELESIGN_AUTH_TOKEN}\"" >>config/user.conf
fi
echo "DO_TELESIGN=${DO_TELESIGN}" >>config/user.conf
fi
if test -z "${BANK_ADMIN_PASSWORD:-}"; then
read -r -s -p "8. Enter the admin password for the bank (or press enter to autogenerate password): " BANK_ADMIN_PASSWORD
echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf
echo "" # force new line
fi
}
function normalize_currency() {
# convert to all-caps
local CURRENCY=$(echo "$1" | tr a-z A-Z)
# libeufin currenly doesn't like currency names less than 3 letters.
if [[ ${#CURRENCY} -lt 3 || ${#CURRENCY} -gt 11 ]]; then
say "Currency name must be between 3 and 10 letters"
exit 1
fi
echo "${CURRENCY}"
}
function check_dns() {
for prefix in "exchange" "bank" "backend"; do
if ! ping -c1 "${prefix}.${DOMAIN_NAME}" &>>setup.log; then
say "Could not ping ${prefix}.${DOMAIN_NAME}."
say "Please make sure your DNS/network are working."
exit 1
fi
done
}
# Set DISTRO to the detected distro or return non-zero
# status if distro not supported.
function detect_distro() {
unset DISTRO
# shellcheck disable=SC2034
uname -a | grep Ubuntu >/dev/null && DISTRO=ubuntu && return 0
# shellcheck disable=SC2034
uname -a | grep Debian >/dev/null && DISTRO=debian && return 0
echo "Unsupported distro, should be either ubuntu or debian" >&2
return 1
}
|