walkthrough.sh (16560B)
1 #!/usr/bin/env bash 2 # This file is in the public domain. 3 4 ######### 5 # This is an example of the steps needed to install and run GNU Taler 6 ######## 7 8 # This script assume root privileges. 9 # Use this if you know what you are doing. 10 11 export LANGUAGE=C 12 export LC_ALL=C 13 export LANG=C 14 export LC_CTYPE=C 15 16 set -e 17 18 export CURRENCY=LIBRE 19 export EXCHANGE_IBAN=DE940993 20 export MERCHANT_IBAN=DE463312 21 export ALICE_IBAN=DE474361 22 export BOB_IBAN=DE731371 23 24 read -p "Setup GNU Taler for $CURRENCY!. Press any key to start..." 25 echo ========================================================================== 26 echo ========================================================================== 27 echo ========================================================================== 28 echo "1/8 Update and install tools" 29 30 apt update 31 apt install -y gnupg less vim procps curl inetutils-ping jq net-tools man 32 33 echo ---------------------------------------- 34 read -p "1/8 tools installed. Press any key to continue..." 35 echo ========================================================================== 36 echo ========================================================================== 37 echo ========================================================================== 38 echo "2/8 Setup dns config and database " 39 40 #using this hosts as alias for localhost 41 #it will be useful for nginx configuration 42 echo 127.0.0.1 bank.taler auditor.taler exchange.taler merchant.taler | tee -a /etc/hosts 43 44 #install database and create a default user for the whole setup 45 apt install -y postgresql 46 service postgresql start 47 su - postgres -c "createuser -d -l -r -s root" 48 psql postgres -c "ALTER USER root PASSWORD 'root'" 49 50 #create the database that we are going to use 51 createdb auditor 52 createdb exchange 53 createdb merchant 54 createdb sandbox 55 createdb nexus 56 57 echo ---------------------------------------- 58 read -p "2/8 databases created. Press any key to continue..." 59 echo ========================================================================== 60 echo ========================================================================== 61 echo ========================================================================== 62 echo "3/8 Install GNU Taler components " 63 64 yes no | apt install -y \ 65 libeufin-sandbox \ 66 libeufin-nexus \ 67 taler-exchange \ 68 taler-auditor \ 69 taler-merchant \ 70 taler-harness \ 71 taler-wallet-cli 72 73 echo ---------------------------------------- 74 read -p "3/8 all components installed. Press any key to continue..." 75 echo ========================================================================== 76 echo ========================================================================== 77 echo ========================================================================== 78 echo "4/8 Setup NGINX reverse proxy" 79 80 apt install -y nginx 81 82 #enable sandbox and config server to http://bank.taler/ 83 ln -s /etc/nginx/sites-available/libeufin-sandbox /etc/nginx/sites-enabled/ 84 sed 's/server_name localhost/server_name bank.taler/' -i /etc/nginx/sites-available/libeufin-sandbox 85 86 #enable auditor and config server to http://auditor.taler/ 87 ln -s /etc/nginx/sites-available/taler-auditor /etc/nginx/sites-enabled/ 88 sed 's/server_name localhost/server_name auditor.taler/' -i /etc/nginx/sites-available/taler-auditor 89 sed 's_location /taler-auditor/_location /_' -i /etc/nginx/sites-available/taler-auditor 90 91 #enable exchange and config server to http://exchange.taler/ 92 ln -s /etc/nginx/sites-available/taler-exchange /etc/nginx/sites-enabled/ 93 sed 's/server_name localhost/server_name exchange.taler/' -i /etc/nginx/sites-available/taler-exchange 94 sed 's_location /taler-exchange/_location /_' -i /etc/nginx/sites-available/taler-exchange 95 96 #enable merchant and config server to http://merchant.taler/ 97 ln -s /etc/nginx/sites-available/taler-merchant /etc/nginx/sites-enabled/ 98 sed 's/server_name localhost/server_name merchant.taler/' -i /etc/nginx/sites-available/taler-merchant 99 sed 's_location /taler-merchant/_location /_' -i /etc/nginx/sites-available/taler-merchant 100 101 #set nginx user to root se we dont have problems reading sockets with root ownership 102 sed 's/^user www-data/user root/' -i /etc/nginx/nginx.conf 103 104 #notify all services that are exposed with other host 105 sed 's/X-Forwarded-Host "localhost"/X-Forwarded-Host $host/' -i /etc/nginx/sites-available/* 106 107 #run the http server as daemon 108 nginx 109 110 echo ---------------------------------------- 111 read -p "4/8 web interface exposed. Press any key to continue..." 112 echo ========================================================================== 113 echo ========================================================================== 114 echo ========================================================================== 115 echo "5/8 Setup BANK instance and some accounts" 116 117 #environment config for libeufin-sandbox tool 118 export LIBEUFIN_SANDBOX_DB_CONNECTION="postgresql:///sandbox" 119 export LIBEUFIN_SANDBOX_URL="http://localhost:5016/" 120 export LIBEUFIN_SANDBOX_USERNAME="admin" 121 export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="bank" 122 export LIBEUFIN_SANDBOX_PASSWORD=$LIBEUFIN_SANDBOX_ADMIN_PASSWORD 123 124 #environment config for libeufin-nexus tool 125 export LIBEUFIN_NEXUS_DB_CONNECTION="postgresql:///nexus" 126 export LIBEUFIN_NEXUS_URL="http://localhost:5017/" 127 export LIBEUFIN_NEXUS_USERNAME="nexus_admin" 128 export LIBEUFIN_NEXUS_PASSWORD="secret_nexus" 129 130 # bank configuration 131 # * bank-deb-limit is how much the admin account balance can go negative 132 # * users-deb-limit is how much an account balance can go negative 133 # * with-sigup-bonus will give 100 to new signups 134 # * captcha-url is where the user going to complete wire transfers 135 libeufin-sandbox config \ 136 --bank-debt-limit 1000000 \ 137 --users-debt-limit 10000 \ 138 --with-signup-bonus \ 139 --currency $CURRENCY \ 140 --captcha-url http://bank.taler/ \ 141 default 142 143 #bank SPA configuration 144 # * bankendBaseURL points where the backend is located 145 # * allowRegistrations shows or hide the registration button in the login form 146 # * bankName is used in the title 147 mkdir /etc/libeufin/ 148 cat >/etc/libeufin/demobank-ui-settings.js <<EOF 149 globalThis.talerDemobankSettings = { 150 backendBaseURL: "http://bank.taler/demobanks/default/", 151 allowRegistrations: true, 152 bankName: "FSF Bank" 153 } 154 EOF 155 156 #setting up the bank with a default exchange so 157 #user will be able to withdraw using GNU Taler wallets 158 libeufin-sandbox default-exchange --demobank default http://exchange.taler/ payto://iban/$EXCHANGE_IBAN 159 160 # nexus configuration 161 libeufin-nexus superuser $LIBEUFIN_NEXUS_USERNAME --password $LIBEUFIN_NEXUS_PASSWORD 162 163 # start services 164 libeufin-sandbox serve --port 5016 --ipv4-only --no-localhost-only > log.sandbox 2> err.sandbox & 165 libeufin-nexus serve --port 5017 --ipv4-only --no-localhost-only > log.nexus 2> err.nexus & 166 167 echo "5/8 Waiting for nexus and sanbox to be ready" 168 grep -q "Application started:" <(tail -f err.sandbox -n +0) 169 grep -q "Application started:" <(tail -f err.nexus -n +0) 170 171 echo "5/8 Creating accounts" 172 LIBEUFIN_SANDBOX_USERNAME="exchange" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ 173 --iban $EXCHANGE_IBAN --name "Exchange company" --public 174 LIBEUFIN_SANDBOX_USERNAME="merchant" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ 175 --iban $MERCHANT_IBAN --name "Merchant company" --public 176 LIBEUFIN_SANDBOX_USERNAME="alice" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ 177 --iban $ALICE_IBAN --name "Alice" --no-public 178 LIBEUFIN_SANDBOX_USERNAME="bob" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ 179 --iban $BOB_IBAN --name "Bob" --no-public 180 181 echo "5/8 Creating the EBICs connection between sandbox and nexus" 182 183 #EBIC spec: https://www.ebics.org/ 184 ### open sandbox to nexus 185 libeufin-cli sandbox ebicshost create --host-id ebicHost 186 libeufin-cli sandbox demobank new-ebicssubscriber \ 187 --host-id ebicHost \ 188 --partner-id ebicPartner \ 189 --user-id ebicExchange \ 190 --bank-account exchange 191 192 ### connection nexus to sandbox 193 libeufin-cli connections new-ebics-connection \ 194 --ebics-url http://localhost:5016/ebicsweb \ 195 --host-id ebicHost \ 196 --partner-id ebicPartner \ 197 --ebics-user-id ebicExchange \ 198 nexus-conn 199 200 libeufin-cli connections connect nexus-conn 201 libeufin-cli connections download-bank-accounts nexus-conn 202 libeufin-cli connections import-bank-account \ 203 --offered-account-id exchange \ 204 --nexus-bank-account-id nexus-exchange \ 205 nexus-conn 206 207 #Setup tasks sync sandbox state with nexus database 208 libeufin-cli accounts task-schedule nexus-exchange \ 209 --task-type=submit \ 210 --task-name=submit-payments-5secs \ 211 --task-cronspec='*/1 * * * *' 212 213 libeufin-cli accounts task-schedule nexus-exchange \ 214 --task-type=fetch \ 215 --task-name=fetch-5secs \ 216 --task-cronspec='*/1 * * * *' \ 217 --task-param-level=report \ 218 --task-param-range-type=latest 219 220 ### configuration of nexus 221 echo "5/8 Creating nexus facade for the exchange" 222 223 #Expose Bank Integration API 224 #https://docs.taler.net/core/api-bank-integration.html 225 libeufin-cli facades new-taler-wire-gateway-facade \ 226 --currency $CURRENCY \ 227 --facade-name taler-exchange \ 228 nexus-conn nexus-exchange 229 230 #Setup a user to be able to acces the Bank Integration API 231 libeufin-cli users create exchange-nexus --password exchange-nexus-password 232 libeufin-cli permissions grant user exchange-nexus \ 233 facade taler-exchange \ 234 facade.talerwiregateway.transfer 235 libeufin-cli permissions grant user exchange-nexus \ 236 facade taler-exchange \ 237 facade.talerwiregateway.history 238 239 240 echo ---------------------------------------- 241 read -p "5/8 banking system ready. Press any key to continue..." 242 echo ========================================================================== 243 echo ========================================================================== 244 echo ========================================================================== 245 echo "6/8 Setup Exchange" 246 247 #Documentation: https://docs.taler.net/taler-exchange-manual.html 248 249 taler-config -s exchange -o master_public_key -V $(taler-exchange-offline setup) 250 taler-config -s exchange -o base_url -V http://exchange.taler/ 251 252 #database location 253 taler-config -s exchangedb-postgres -o config -V postgres:///exchange 254 taler-config -s exchange-account-1 -o payto_uri -V "payto://iban/$EXCHANGE_IBAN?receiver-name=Exchanger" 255 taler-config -s exchange-account-1 -o enable_debit -V yes 256 taler-config -s exchange-account-1 -o enable_credit -V yes 257 258 #nexus connection 259 taler-config -s exchange-accountcredentials-1 -o wire_gateway_url -V http://localhost:5017/facades/taler-exchange/taler-wire-gateway/ 260 taler-config -s exchange-accountcredentials-1 -o username -V exchange-nexus 261 taler-config -s exchange-accountcredentials-1 -o password -V exchange-nexus-password 262 263 #monetary policy 264 taler-config -s taler -o currency -V $CURRENCY 265 taler-config -s taler -o aml_threshold -V $CURRENCY:10000 266 taler-config -s taler -o currency_round_unit -V $CURRENCY:0.1 267 268 #Generate coins denominations from value 0.1 to 20 269 # * fees by operations: refresh, refund, deposit and withdraw 270 # * no fee for refund, refresh and withdraw 271 # * 0.1 fee for deposit 272 # * legal duration: defines for how long the exchange needs to keep records for this denominations (6 years) 273 # * spend duration: defines for how long clients have to spend these coins (2 years) 274 # * withdraw duration: defines for how long this can be withdrawn (7 days) 275 276 taler-harness deployment gen-coin-config \ 277 --min-amount $CURRENCY:0.1 \ 278 --max-amount $CURRENCY:20 >> /etc/taler/taler.conf 279 280 # override default withdraw duration to 1 year 281 for coinSection in $(taler-config --list-sections | grep COIN); do 282 taler-config -s $coinSection -o duration_withdraw -V "1 year" 283 done 284 285 #create tables 286 taler-exchange-dbinit 287 288 #start crypto helpers 289 taler-exchange-secmod-eddsa -l log.secmod.eddsa -L debug & 290 taler-exchange-secmod-rsa -l log.secmod.rsa -L debug & 291 taler-exchange-secmod-cs -l log.secmod.cs -L debug & 292 293 #start http service 294 taler-exchange-httpd -l log.exchange -L debug & 295 296 echo "6/8 Waiting for exchange HTTP service" 297 sleep 1 298 grep -q "Updating keys of denomination" <(tail -F log.secmod.rsa -n +0) 299 300 echo "6/8 Enable exchange wire transfer" 301 302 #enable account and wire fee configuration 303 #in real world this should be done in a safe box 304 taler-exchange-offline \ 305 enable-account $(taler-config -s exchange-account-1 -o payto_uri) \ 306 global-fee 2023 $CURRENCY:0 $CURRENCY:0 $CURRENCY:0 1year 1year 10 \ 307 wire-fee 2023 iban $CURRENCY:0.1 $CURRENCY:0.1 \ 308 upload; 309 310 #sync exchange config and upload signed values 311 taler-exchange-offline download sign upload 312 313 echo "6/8 Waiting for key signed" 314 curl --unix-socket /run/taler/exchange-httpd/exchange-http.sock \ 315 --max-time 2 \ 316 --retry-connrefused \ 317 --retry-delay 1 \ 318 --retry 10 \ 319 http://exchange.taler/keys &> /dev/null 320 321 #watches for incoming wire transfers from customers 322 taler-exchange-wirewatch -l log.wirewatch -L debug & 323 324 #executes outgoing wire transfers 325 taler-exchange-transfer -l log.transfer -L debug & 326 327 #aggregates and executes wire transfers 328 taler-exchange-aggregator -l log.aggregator -L debug & 329 330 #closes expired reserves 331 taler-exchange-closer -l log.closer -L debug & 332 333 echo ---------------------------------------- 334 read -p "6/8 exchange ready. Press any key to continue..." 335 echo ========================================================================== 336 echo ========================================================================== 337 echo ========================================================================== 338 echo "7/8 Setup auditor" 339 340 taler-config -s auditor -o base_url -V http://auditor.taler/ 341 taler-config -s auditordb-postgres -o config -V postgres:///auditor 342 343 #add exchange into the auditor 344 taler-auditor-exchange -m $(taler-config -s exchange -o master_public_key) -u $(taler-config -s exchange -o base_url) 345 346 #create database tables 347 taler-auditor-dbinit 348 349 echo "7/8 Notify the exchange about the auditor" 350 351 #notify the exchange about the auditor 352 #in real world this should be done in a safe box 353 taler-exchange-offline enable-auditor $(taler-auditor-offline setup) $(taler-config -s auditor -o base_url) the_auditor upload 354 355 #start the http service 356 taler-auditor-httpd -l log.auditor -L debug & 357 358 echo ---------------------------------------- 359 read -p "7/8 auditor ready. Press any key to continue..." 360 echo ========================================================================== 361 echo ========================================================================== 362 echo ========================================================================== 363 echo "8/8 Setup merchant" 364 365 taler-config -s merchantdb-postgres -o config -V postgres:///merchant 366 367 taler-config -s merchant-exchange-fsf -o exchange_base_url -V $(taler-config -s exchange -o base_url) 368 taler-config -s merchant-exchange-fsf -o master_key -V $(taler-config -s exchange -o master_public_key) 369 taler-config -s merchant-exchange-fsf -o currency -V $CURRENCY 370 371 taler-config -s merchant-auditor-fsf -o auditor_base_url -V $(taler-config -s auditor -o base_url) 372 taler-config -s merchant-auditor-fsf -o auditor_key -V $(taler-auditor-offline setup) 373 taler-config -s merchant-auditor-fsf -o currency -V $CURRENCY 374 375 taler-merchant-dbinit 376 377 taler-merchant-httpd -a secret-token:secret -l log.merchant -L debug & 378 379 echo "8/8 creating the first instance" 380 sleep 1 381 382 #create a default instance 383 # * deposits will go to $MERCHANT_IBAN 384 # * name: FSF 385 # * password: secret 386 curl 'http://merchant.taler/management/instances' \ 387 --unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \ 388 -X POST -H 'Authorization: Bearer secret-token:secret' \ 389 --data-raw '{"id":"default","accounts":[{"payto_uri":"payto://iban/'$MERCHANT_IBAN'?receiver-name=merchant"}],"default_pay_delay":{"d_us":7200000000},"default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us":172800000000},"name":"FSF","email":"","default_max_deposit_fee":"'$CURRENCY':3","default_max_wire_fee":"'$CURRENCY':3","auth":{"method":"token","token":"secret-token:secret"},"address":{},"jurisdiction":{}}' 390 391 # create a product to be sold 392 curl 'http://merchant.taler/instances/default/private/products' \ 393 --unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \ 394 -X POST -H 'Authorization: Bearer secret-token:secret' \ 395 -d @shirt.json 396 397 echo ---------------------------------------- 398 read -p "8/8 merchant ready. Press any key to close." 399 echo ========================================================================== 400 echo ========================================================================== 401 echo ==========================================================================