commit 778ad61d3e44f427eceee65bd9f29e670f0728ba
parent 15e15b0bfdbfb4f4c74685144129223b35ebc2f5
Author: Florian Dold <florian@dold.me>
Date: Tue, 20 May 2025 02:12:27 +0200
basic GLS-style setup (#9982)
Diffstat:
6 files changed, 74 insertions(+), 10 deletions(-)
diff --git a/inventories/group_vars/all/defaults.yml b/inventories/group_vars/all/defaults.yml
@@ -7,4 +7,7 @@ deploy_auditor: true
deploy_challenger: false
# Deploy monitoring?
-deploy_monitoring: true
-\ No newline at end of file
+deploy_monitoring: true
+
+# If true, use EBICS keys from that were externally created.
+ebics_keys_external: false
+\ No newline at end of file
diff --git a/inventories/host_vars/fdold-acai-gls/test-public.yml b/inventories/host_vars/fdold-acai-gls/test-public.yml
@@ -5,6 +5,10 @@ USE_PREGENERATED_DHPARAM: true
# No auditor (yet)
deploy_auditor: false
deploy_monitoring: false
+# We use EBICS to talk to the bank.
+use_ebics: true
+# Use externally created EBICS keys.
+ebics_keys_external: true
# Main domain name.
DOMAIN_NAME: "glstest.fdold.eu"
# High-level kind of deployment.
@@ -22,8 +26,6 @@ TARGET_HOST_NAME: "acai.box.fdold.eu"
DISABLE_RESTORE_BACKUP: true
# Use nightly Taler distro (true/false).
USE_NIGHTLY: false
-# Deploy EBICS configuration (true/false).
-use_ebics: false
# Our currency.
CURRENCY: EUR
# Smallest unit of the currency for wire transfers.
@@ -31,7 +33,7 @@ CURRENCY_ROUND_UNIT: "EUR:0.01"
# Base URL of the exchange REST API
EXCHANGE_BASE_URL: "https://exchange.{{ DOMAIN_NAME }}/"
# Exchange offline master public key.
-EXCHANGE_MASTER_PUB: GT1ZRF6DT4RAETDEGW3KTWRH15RAKH9T0TK6ZJEYFGRX18B54AK0
+EXCHANGE_MASTER_PUB: X84658KACCBRWMM7FS3TGGRZB0NFF6TWMMXDVCQG46WW84S40SVG
# URL with merchants accepting this exchange.
EXCHANGE_SHOPPING_URL: "https://shops.taler.gls.de/"
# Name of Terms of service resource file
diff --git a/roles/libeufin-nexus/tasks/main.yml b/roles/libeufin-nexus/tasks/main.yml
@@ -71,12 +71,49 @@
- name: Setup libeufin database
ansible.builtin.command:
cmd: libeufin-dbconfig --only-nexus
-# FIXME: pass "--bank-config=/etc/libeufin/libeufin-nexus.conf" once libeufin 0.14.x is out!
chdir: /tmp
- name: Show vars
ansible.builtin.setup:
+- name: Check if EBICS client keys exist.
+ stat:
+ path: /var/lib/libeufin-nexus/client-ebics-keys.json
+ register: stat_result
+
+- name: Fail if external client keys are missing.
+ fail:
+ msg: External EBICS client keys missing
+ when: ebics_keys_external and not stat_result.stat.exists
+
+- name: Adjust EBICS client keys permissions
+ file:
+ path: "/var/lib/libeufin-nexus/client-ebics-keys.json"
+ state: file
+ mode: "0400"
+ owner: libeufin-nexus
+ group: libeufin-nexus
+ when: ebics_keys_external and stat_result.stat.exists
+
+- name: Check if EBICS bank keys exist.
+ stat:
+ path: /var/lib/libeufin-nexus/bank-ebics-keys.json
+ register: stat_result
+
+- name: Fail if external bank keys are missing.
+ fail:
+ msg: External EBICS bank keys missing
+ when: ebics_keys_external and not stat_result.stat.exists
+
+- name: Adjust EBICS client keys permissions
+ file:
+ path: "/var/lib/libeufin-nexus/bank-ebics-keys.json"
+ state: file
+ mode: "0400"
+ owner: libeufin-nexus
+ group: libeufin-nexus
+ when: ebics_keys_external and stat_result.stat.exists
+
# FIXME: this step currently fails with pofi, seems command wants
# extra arguments to do PDF letter generation?
- name: EBICS setup
@@ -100,7 +137,6 @@
name: libeufin-nexus-httpd.service
state: started
enabled: true
- when: not use_ebics
- name: Place login script for libeufin-nexus-import technical user
ansible.builtin.copy:
@@ -109,6 +145,7 @@
owner: root
group: root
mode: "0755"
+ when: not use_ebics
- name: Place login script for libeufin-nexus-export technical user
ansible.builtin.copy:
@@ -117,6 +154,7 @@
owner: root
group: root
mode: "0755"
+ when: not use_ebics
- name: Ensure group for libeufin-nexus-import exists
group:
@@ -133,7 +171,7 @@
name: libeufin-nexus-import
group: libeufin-nexus-import
shell: /usr/local/bin/libeufin-nexus-import.sh
- password: '!'
+ password: "!"
when: not use_ebics
- name: Ensure technical user for libeufin-nexus export exists
@@ -141,7 +179,7 @@
name: libeufin-nexus-export
group: libeufin-nexus-export
shell: /usr/local/bin/libeufin-nexus-export.sh
- password: '!'
+ password: "!"
when: not use_ebics
- name: Grant sudo rights to login script for importer
diff --git a/roles/libeufin-nexus/templates/etc/libeufin/libeufin-nexus-ebics.conf.j2 b/roles/libeufin-nexus/templates/etc/libeufin/libeufin-nexus-ebics.conf.j2
@@ -14,3 +14,5 @@ PARTNER_ID = {{ LIBEUFIN_NEXUS_EBICS_PARTNER_ID }}
# EBICS partner ID, as assigned by the bank. # ???
SYSTEM_ID = {{ LIBEUFIN_NEXUS_EBICS_SYSTEM_ID }}
+
+BANK_DIALECT = {{ LIBEUFIN_NEXUS_EBICS_BANK_DIALECT }}
+\ No newline at end of file
diff --git a/testing-offline/fdold-acai-gls.conf b/testing-offline/fdold-acai-gls.conf
@@ -3,5 +3,5 @@ CURRENCY = EUR
BASE_URL = https://exchange.glstest.fdold.eu/
[exchange-offline]
-MASTER_PRIV_FILE = testing-offline/fdold-acai-gls-master.priv
+MASTER_PRIV_FILE = fdold-acai-gls-master.priv
SECM_TOFU_FILE = /tmp/fdold-acaci-gls-tofu.pub
diff --git a/testing-offline/fdold-acai-gls.sh b/testing-offline/fdold-acai-gls.sh
@@ -0,0 +1,18 @@
+#!/usr/bin/env bash
+
+set -eu
+set -x
+
+SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )
+
+taler-exchange-offline -c "$SCRIPT_DIR/fdold-acai-gls.conf" \
+ download sign upload
+
+taler-exchange-offline -c "$SCRIPT_DIR/fdold-acai-gls.conf" \
+ wire-fee 2025 iban EUR:0 EUR:0 \
+ global-fee 2025 EUR:0 EUR:0 EUR:0 "1 d" "1 year" 1000 \
+ wire-fee 2026 iban EUR:0 EUR:0 \
+ global-fee 2026 EUR:0 EUR:0 EUR:0 "1 d" "1 year" 1000 \
+ enable-account 'payto://iban/DE88430609678937360305?receiver-name=GLS+Taler%2FVerrechnungskonto' \
+ upload
+
