commit 71d05e689cfc12001ab8aa7aa5b9d6f77473c154
parent 12e2c761b5d7a1d1c7fe6d3d583eec54d9087283
Author: Sebastian <sebasjm@gmail.com>
Date: Tue, 14 Mar 2023 15:51:00 -0300
comments
Diffstat:
1 file changed, 54 insertions(+), 2 deletions(-)
diff --git a/2023-fsf/walkthrough.sh b/2023-fsf/walkthrough.sh
@@ -104,6 +104,7 @@ sed 's/^user www-data/user root/' -i /etc/nginx/nginx.conf
#notify all services that are exposed with other host
sed 's/X-Forwarded-Host "localhost"/X-Forwarded-Host $host/' -i /etc/nginx/sites-available/*
+#run the http server as daemon
nginx
echo ----------------------------------------
@@ -113,18 +114,24 @@ echo ==========================================================================
echo ==========================================================================
echo "5/8 Setup BANK instance and some accounts"
+#environment config for libeufin-sandbox tool
export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:postgresql://localhost:5432/sandbox?user=root&password=root"
export LIBEUFIN_SANDBOX_URL="http://localhost:5016/"
export LIBEUFIN_SANDBOX_USERNAME="admin"
export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="bank"
export LIBEUFIN_SANDBOX_PASSWORD=$LIBEUFIN_SANDBOX_ADMIN_PASSWORD
+#environment config for libeufin-nexus tool
export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:postgresql://localhost:5432/nexus?user=root&password=root"
export LIBEUFIN_NEXUS_URL="http://localhost:5017/"
export LIBEUFIN_NEXUS_USERNAME="nexus_admin"
export LIBEUFIN_NEXUS_PASSWORD="secret_nexus"
# bank configuration
+# * bank-deb-limit is how much the admin account balance can go negative
+# * users-deb-limit is how much an account balance can go negative
+# * with-sigup-bonus will give 100 to new signups
+# * captcha-url is where the user going to complete wire transfers
libeufin-sandbox config \
--bank-debt-limit 1000000 \
--users-debt-limit 10000 \
@@ -133,6 +140,10 @@ libeufin-sandbox config \
--captcha-url http://bank.taler/ \
default
+#bank SPA configuration
+# * bankendBaseURL points where the backend is located
+# * allowRegistrations shows or hide the registration button in the login form
+# * bankName is used in the title
mkdir /etc/libeufin/
cat >/etc/libeufin/demobank-ui-settings.js <<EOF
globalThis.talerDemobankSettings = {
@@ -142,6 +153,8 @@ globalThis.talerDemobankSettings = {
}
EOF
+#setting up the bank with a default exchange so
+#user will be able to withdraw using GNU Taler wallets
libeufin-sandbox default-exchange --demobank default http://exchange.taler/ payto://iban/$EXCHANGE_IBAN
# nexus configuration
@@ -166,6 +179,8 @@ LIBEUFIN_SANDBOX_USERNAME="bob" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cl
--iban $BOB_IBAN --name "Bob" --no-public
echo "5/8 Creating the EBICs connection between sandbox and nexus"
+
+#EBIC spec: https://www.ebics.org/
### open sandbox to nexus
libeufin-cli sandbox ebicshost create --host-id ebicHost
libeufin-cli sandbox demobank new-ebicssubscriber \
@@ -189,6 +204,7 @@ libeufin-cli connections import-bank-account \
--nexus-bank-account-id nexus-exchange \
nexus-conn
+#Setup tasks sync sandbox state with nexus database
libeufin-cli accounts task-schedule nexus-exchange \
--task-type=submit \
--task-name=submit-payments-5secs \
@@ -203,11 +219,15 @@ libeufin-cli accounts task-schedule nexus-exchange \
### configuration of nexus
echo "5/8 Creating nexus facade for the exchange"
+
+#Expose Bank Integration API
+#https://docs.taler.net/core/api-bank-integration.html
libeufin-cli facades new-taler-wire-gateway-facade \
--currency $CURRENCY \
--facade-name taler-exchange \
nexus-conn nexus-exchange
+#Setup a user to be able to acces the Bank Integration API
libeufin-cli users create exchange-nexus --password exchange-nexus-password
libeufin-cli permissions grant user exchange-nexus \
facade taler-exchange \
@@ -224,6 +244,8 @@ echo ==========================================================================
echo ==========================================================================
echo "6/8 Setup Exchange"
+#Documentation: https://docs.taler.net/taler-exchange-manual.html
+
taler-config -s exchange -o master_public_key -V $(taler-exchange-offline setup)
taler-config -s exchange -o base_url -V http://exchange.taler/
@@ -243,20 +265,32 @@ taler-config -s taler -o currency -V $CURRENCY
taler-config -s taler -o aml_threshold -V $CURRENCY:10000
taler-config -s taler -o currency_round_unit -V $CURRENCY:0.1
+#Generate coins denominations from value 0.1 to 20
+# * fees by operations: refresh, refund, deposit and withdraw
+# * no fee for refund, refresh and withdraw
+# * 0.1 fee for deposit
+# * legal duration: defines for how long the exchange needs to keep records for this denominations (6 years)
+# * spend duration: defines for how long clients have to spend these coins (2 years)
+# * withdraw duration: defines for how long this can be withdrawn (7 days)
+
taler-harness deployment gen-coin-config \
--min-amount $CURRENCY:0.1 \
--max-amount $CURRENCY:20 >> /etc/taler/taler.conf
-
+# override default withdraw duration to 1 year
for coinSection in $(taler-config --list-sections | grep COIN); do
taler-config -s $coinSection -o duration_withdraw -V "1 year"
done
+#create tables
taler-exchange-dbinit
+#start crypto helpers
taler-exchange-secmod-eddsa -l log.secmod.eddsa -L debug &
taler-exchange-secmod-rsa -l log.secmod.rsa -L debug &
taler-exchange-secmod-cs -l log.secmod.cs -L debug &
+
+#start http service
taler-exchange-httpd -l log.exchange -L debug &
echo "6/8 Waiting for exchange HTTP service"
@@ -266,12 +300,14 @@ grep -q "Updating keys of denomination" <(tail -F log.secmod.rsa -n +0)
echo "6/8 Enable exchange wire transfer"
#enable account and wire fee configuration
+#in real world this should be done in a safe box
taler-exchange-offline \
enable-account $(taler-config -s exchange-account-1 -o payto_uri) \
global-fee 2023 $CURRENCY:0 $CURRENCY:0 $CURRENCY:0 1year 1year 10 \
wire-fee 2023 iban $CURRENCY:0.1 $CURRENCY:0.1 \
upload;
+#sync exchange config and upload signed values
taler-exchange-offline download sign upload
echo "6/8 Waiting for key signed"
@@ -282,11 +318,17 @@ curl --unix-socket /run/taler/exchange-httpd/exchange-http.sock \
--retry 10 \
http://exchange.taler/keys &> /dev/null
+#watches for incoming wire transfers from customers
taler-exchange-wirewatch -l log.wirewatch -L debug &
+
+#executes outgoing wire transfers
taler-exchange-transfer -l log.transfer -L debug &
+
+#aggregates and executes wire transfers
taler-exchange-aggregator -l log.aggregator -L debug &
-taler-exchange-closer -l log.closer -L debug &
+#closes expired reserves
+taler-exchange-closer -l log.closer -L debug &
echo ----------------------------------------
read -p "6/8 exchange ready. Press any key to continue..."
@@ -301,12 +343,16 @@ taler-config -s auditordb-postgres -o config -V postgres:///auditor
#add exchange into the auditor
taler-auditor-exchange -m $(taler-config -s exchange -o master_public_key) -u $(taler-config -s exchange -o base_url)
+#create database tables
taler-auditor-dbinit
echo "7/8 Notify the exchange about the auditor"
+#notify the exchange about the auditor
+#in real world this should be done in a safe box
taler-exchange-offline enable-auditor $(taler-auditor-offline setup) $(taler-config -s auditor -o base_url) the_auditor upload
+#start the http service
taler-auditor-httpd -l log.auditor -L debug &
echo ----------------------------------------
@@ -332,11 +378,17 @@ taler-merchant-httpd -a secret-token:secret -l log.merchant -L debug &
echo "8/8 creating the first instance"
sleep 1
+
+#create a default instance
+# * deposits will go to $MERCHANT_IBAN
+# * name: FSF
+# * password: secret
curl 'http://merchant.taler/management/instances' \
--unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \
-X POST -H 'Authorization: Bearer secret-token:secret' \
--data-raw '{"id":"default","payto_uris":["payto://iban/'$MERCHANT_IBAN'?receiver-name=merchant"],"default_pay_delay":{"d_us":7200000000},"default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us":172800000000},"name":"FSF","email":"","default_max_deposit_fee":"'$CURRENCY':3","default_max_wire_fee":"'$CURRENCY':3","auth":{"method":"token","token":"secret-token:secret"},"address":{},"jurisdiction":{}}'
+# create a product to be sold
curl 'http://merchant.taler/instances/default/private/products' \
--unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \
-X POST -H 'Authorization: Bearer secret-token:secret' \
