commit 0b7cf4680644e228b63448af8a30d947f1320e40
parent a30235e4b5ac7676f576c867e9d705c5dc970e39
Author: Javier Sepulveda <javier.sepulveda@uv.es>
Date: Tue, 7 Mar 2023 13:25:15 +0100
Systems administration work - Grouping,sorting and reducing - Tested Okay
Diffstat:
4 files changed, 276 insertions(+), 279 deletions(-)
diff --git a/netzbon/config_nginx.sh b/netzbon/config_nginx.sh
@@ -1,54 +1,44 @@
#!/bin/bash
# This file is in the public domain.
-set -eu
-
# Inputs: DOMAIN_NAME & ENABLE_TLS
source functions.sh
source config/user.conf
source config/internal.conf
-if test -z ${DOMAIN_NAME:-}
-then
- say "Error: config/user.conf does not specify DOMAIN_NAME"
- exit 1
-fi
-if test -z ${ENABLE_TLS:-}
-then
- say "Error: config/user.conf does not specify ENABLE_TLS"
- exit 1
-fi
-
say "Configuring Nginx"
+systemctl start nginx
+
+# Paths of NGINX
+
SITES_AVAILABLE_DIR=/etc/nginx/sites-available
SITES_ENABLED_DIR=/etc/nginx/sites-enabled
-cat ${SITES_AVAILABLE_DIR}/taler-exchange \
- | sed -e "s/localhost/exchange.${DOMAIN_NAME}/g" \
- | sed -e "s/location \/taler-exchange\//location \//g" \
- > ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME}
-rm -f ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/taler-exchange.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
-
-cat ${SITES_AVAILABLE_DIR}/taler-merchant \
- | sed -e "s/localhost/backend.${DOMAIN_NAME}/g" \
- | sed -e "s/location \/taler-merchant\//location \//g" \
- > ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME}
-rm -f ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/taler-merchant.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
-
-cat ${SITES_AVAILABLE_DIR}/libeufin-sandbox \
- | sed -e "s/localhost/bank.${DOMAIN_NAME}/g" \
- > ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME}
-rm -f ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
-ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox.${DOMAIN_NAME} ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
-
-say "Restarting Nginx with new configuration"
-systemctl restart nginx
-
-if test ${ENABLE_TLS} == "y"
+# SED replacements - NGINX sites-available
+
+# taler-exchange
+sed -i 's/server_name localhost/server_name exchange.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-exchange
+sed -i 's/"localhost"/"exchange.${DOMAIN_NAME}"/g' ${SITES_AVAILABLE_DIR}/taler-exchange
+
+# taler-merchant
+sed -i 's/server_name localhost/server_name merchant.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/taler-medrchant
+
+# libeufin-sandbox
+sed -i 's/server_name localhost/server_name bank.${DOMAIN_NAME}/g' ${SITES_AVAILABLE_DIR}/libeufin-sandbox
+
+# Sym links for NGINX sites-enabled
+
+ln -s ${SITES_AVAILABLE_DIR}/taler-exchange ${SITES_ENABLED_DIR}/exchange.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/taler-merchant ${SITES_ENABLED_DIR}/backend.${DOMAIN_NAME}
+ln -s ${SITES_AVAILABLE_DIR}/libeufin-sandbox ${SITES_ENABLED_DIR}/bank.${DOMAIN_NAME}
+
+# Obtain SSL certificates with Certbot
+
+# TODO: check nginx, check dns ping, first.
+
+if test ${ENABLE_TLS} = "y"
then
say "Obtaining TLS certificates"
diff --git a/netzbon/functions.sh b/netzbon/functions.sh
@@ -1,15 +1,14 @@
#!/bin/bash
# Message
-
+# -----------------------------------
function say()
{
echo "TALER: " "$@"
}
-
# Check user if the user is root
-
+# -----------------------------------
function check_user()
{
@@ -19,36 +18,135 @@ function check_user()
fi
}
-# Create users "exchange" and "merchant"
-# Deprecated: should be done by Debian!
-function create_users()
+# Asks several questions to the user
+# -----------------------------------
+function ask()
+{
+
+# DOMAIN_NAME
+
+if [ $1 == "DOMAIN_NAME" ]; then
+ read -p "Enter the domain name: " DOMAIN_NAME
+fi
+
+# ENABLE_TLS
+
+if [ $1 == "ENABLE_TLS" ]; then
+ read -p "Use TLS? (y/n): " ENABLE_TLS
+fi
+
+# CURRENCY
+
+if [ $1 == "CURRENCY" ]; then
+ read -p "Enter the name of the currency (e.g. 'EUR'):" CURRENCY
+fi
+
+# BANK_NAME
+
+if [ $1 == "BANK_NAME" ]; then
+ read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME
+
+fi
+
+# DO_OFFLINE
+
+if [ $1 == "DO_OFFLINE" ]; then
+ read -p "Run taler-exchange offline? (y/n): " DO_OFFLINE
+fi
+
+# MASTER_PUBLIC_KEY
+
+if [ $1 == "MASTER_PUBLIC_KEY" ]; then
+ if [ $2 == "DO_OFFLINE" ] && [ $DO_OFFLINE == 'n' ]; then
+ read -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY
+ fi
+fi
+
+# SANDBOX_ADMIN_PASSWORD
+
+if [ $1 == "SANDBOX_ADMIN_PASSWORD" ]; then
+ read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD
+ echo "" # force new line
+fi
+
+# SANDBOX_EXCHANGE_PASSWORD
+
+if [ $1 == "SANDBOX_EXCHANGE_PASSWORD" ]; then
+ SANDBOX_EXCHANGE_PASSWORD=`uuidgen`
+
+fi
+
+
+# NEXUS_EXCHANGE_PASSWORD
+
+if [ $1 == "NEXUS_EXCHANGE_PASSWORD" ]; then
+ NEXUS_EXCHANGE_PASSWORD=`uuidgen`
+fi
+
+}
+
+
+
+function check_nexus_exchange ()
+{
+
+if test -z ${LIBEUFIN_NEXUS_USERNAME:-}
+then
+ say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
+ exit 1
+fi
+
+if test -z ${NEXUS_EXCHANGE_PASSWORD:-}
+then
+ say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
+ exit 1
+fi
+
+if test -z ${EXCHANGE_IBAN:-}
+then
+ say "Failure: EXCHANGE_IBAN not set"
+ exit 1
+fi
+if test -z ${EXCHANGE_PAYTO:-}
+then
+ say "Failure: EXCHANGE_PAYTO not set"
+ exit 1
+fi
+
+}
+
+
+# Ask about whether use TLS or not
+# -----------------------------------
+
+function ask_tls()
{
- say "Creating users"
- for n in exchange merchant
- do
- # Only setup use if it does not yet exist
- if test ! -d /home/$n
- then
- adduser --disabled-password $n
- fi
- done
+
+read -p "Use TLS? (y/n): " ENABLE_TLS
+
+if test ${ENABLE_TLS} == "y"
+then
+ PROTO="https"
+else
+ PROTO="http"
+fi
}
-# Assign group and permissions to users
-# Deprecated: should be done by Debian!
-function assign_user_permissions()
+# Check network
+# -----------------------------------
+
+check_dns()
{
- for n in exchange merchant
- do
- adduser www-data $n
- mkdir -p /home/$n/.config/
- # FIXME
- # cp -r $n/* /home/$n/
- # TODO: No taler.conf is provided
- # mv /home/$n/taler.conf /home/$n/.config/taler.conf
- chmod 600 /home/$n/.config/taler.conf
- chown -R $n:$n /home/$n/
- su - postgres -c "createuser $n"
- su - postgres -c "createdb -O $n taler-$n"
- done
+
+ping -c1 exchange.${DOMAIN_NAME} # &> /dev/null
+
+
+if test 0 != $?
+then
+ say "Could not ping TO exchange.${DOMAIN_NAME}."
+ say "Please make sure your DNS/network are working."
+ exit 1
+fi
+
}
+
diff --git a/netzbon/main.sh b/netzbon/main.sh
@@ -2,111 +2,108 @@
# This file is in the public domain.
# main.sh is the main script that asks the questions and
-# puts the answers into environment variables located at "config/taler-internal.conf or config/taler.conf" files
+# puts the answers into environment variables located at "config/internal.conf,use.conf" files
# Nginx configuration - Reads values directly from these "config files".
set -eu
-# include functions source file
+# Include functions source file
source functions.sh
-# include variables from configuration
+# CHECK if user is "root", otherwise EXIT.
+
+check_user
+
+
+# INSTALLATION of Debian packages
+
+. install_debian_packages.sh
+
+
+# Create folder and configuration files
+
mkdir -p config/
-touch config/user.conf config/internal.conf
-# Values supplied by user
+
+if [ -f config/user.conf ] || [ -f config/internal.conf ]; then
+ cat /dev/null > config/user.conf
+ cat /dev/null > config/internal.conf
+else
+ touch config/user.conf
+ touch config/internal.conf
+fi
+
+# Include configuration files (user and internal)
+
source config/user.conf
-# Values we generated
source config/internal.conf
-# Ask questions to user
# START USER INTERACTION
+
echo "TALER: Welcome to the GNU Taler Debian setup!"
-if test -z "${CURRENCY:-}"
-then
- read -p "Enter the name of the currency (e.g. 'EUR'): " CURRENCY
- # convert to all-caps
- CURRENCY=`echo ${CURRENCY} | tr a-z A-Z`
- echo "CURRENCY=${CURRENCY}" >> config/user.conf
-fi
-if test -z "${BANK_NAME:-}"
-then
- read -p "Enter the human-readable name of the bank (e.g. 'Taler Bank'): " BANK_NAME
- echo "BANK_NAME=\"${BANK_NAME}\"" >> config/user.conf
-fi
-if test -z "${ENABLE_TLS:-}"
-then
- read -p "Use TLS? (y/n): " ENABLE_TLS
- echo "ENABLE_TLS=${ENABLE_TLS}" >> config/user.conf
-fi
-if test -z "${DO_OFFLINE:-}"
-then
- read -p "Run taler-exchange-offline? (y/n): " DO_OFFLINE
- echo "DO_OFFLINE=${DO_OFFLINE}" >> config/user.conf
-fi
-if test -z "${MASTER_PUBLIC_KEY:-}"
-then
- if test ${DO_OFFLINE:-y} == n
- then
- read -p "Enter the exchange-offline master public key: " MASTER_PUBLIC_KEY
- echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >> config/user.conf
- fi
-fi
-if test -z "${SANDBOX_ADMIN_PASSWORD:-}"
-then
- read -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD
- echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >> config/user.conf
- echo "" # force new line
-fi
-if test -z "${DOMAIN_NAME:-}"
-then
- read -p "Enter the domain name: " DOMAIN_NAME
- # convert to lower-case
- DOMAIN_NAME=`echo ${DOMAIN_NAME} | tr A-Z a-z`
- echo "DOMAIN_NAME=${DOMAIN_NAME}" >> config/user.conf
-fi
-# END USER INTERACTION
+# ASK questions
-# Check DNS settings
-ping -c1 exchange.${DOMAIN_NAME} &> /dev/null
-if test 0 != $?
-then
- say "Could not ping exchange.${DOMAIN_NAME}."
- say "Please make sure your DNS/network are working."
- exit 1
-fi
+ask "DOMAIN_NAME"
+ask_tls "ENABLE_TLS"
-# Check if the user is root, otherwise EXIT.
-check_user
+ask "CURRENCY"
+ask "BANK_NAME"
+ask "DO_OFFLINE"
-# Installation of Debian packages required
-. install_debian_packages.sh
+ask "MASTER_PUBLIC_KEY" "DO_OFFLINE"
-if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"
-then
- NEXUS_EXCHANGE_PASSWORD=`uuidgen`
- echo "NEXUS_EXCHANGE_PASSWORD=${NEXUS_EXCHANGE_PASSWORD}" >> config/internal.conf
-fi
-if test -z "${SANDBOX_EXCHANGE_PASSWORD:-}"
-then
- SANDBOX_EXCHANGE_PASSWORD=`uuidgen`
- echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >> config/internal.conf
-fi
+ask "SANDBOX_ADMIN_PASSWORD"
+ask "SANDBOX_EXCHANGE_PASSWORD"
+
+ask "NEXUS_ADMIN_PASSWORD"
+ask "NEXUS_EXCHANGE_PASSWORD"
+
+# COPY values from variables -> to the configuration files
+
+# user.conf
+
+# Please note "^^" means convert to uppercase
+echo "CURRENCY=${CURRENCY^^}" >> config/user.conf
+
+echo "BANK_NAME=\"${BANK_NAME}\"" >> config/user.conf
+echo "ENABLE_TLS=${ENABLE_TLS}" >> config/user.conf
+echo "DO_OFFLINE=${DO_OFFLINE}" >> config/user.conf
+echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >> config/user.conf
+echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" >> config/user.conf
+
+# Please note ",," means convert to lowercase
+echo "DOMAIN_NAME=${DOMAIN_NAME,,}" >> config/user.conf
+
+# internal.conf
+
+echo "NEXUS_EXCHANGE_PASSWORD=${NEXUS_EXCHANGE_PASSWORD}" >> config/internal.conf
+echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >> config/internal.conf
+
+
+# END USER INTERACTION
+
+# CHECK DNS settings
+
+check_dns
+
+# LIBEUFIN (bank)
. config_launch_libeufin.sh
-. config_nginx.sh
+
+# EXCHANGE
+
. setup-exchange.sh
+
+# MERCHANT
+
. setup-merchant.sh
+# CONFIG NGINX
-# Final message to the user
-if test ${ENABLE_TLS:-} == "y"
-then
- PROTO="https"
-else
- PROTO="http"
-fi
+. config_nginx.sh
+
+# FINAL message to the user
say "Congratulations, you have successfully installed GNU Taler"
say "Your bank is at ${PROTO}://bank.${DOMAIN_NAME}/"
@@ -114,4 +111,5 @@ say "A merchant is at ${PROTO}://backend.${DOMAIN_NAME}/"
say "You should set credentials for the merchant soon."
exit 0
+
# END INSTALLATION
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
@@ -10,193 +10,104 @@ source config/internal.conf
#
# - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus)
# - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus)
-# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus)
# - EXCHANGE_IBAN (exchange account IBAN)
# - EXCHANGE_PAYTO (exchange account PAYTO)
# - ENABLE_TLS (http or https?)
-if test -z ${LIBEUFIN_NEXUS_USERNAME:-}
-then
- say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
- exit 1
-fi
-if test -z ${NEXUS_EXCHANGE_PASSWORD:-}
-then
- say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
- exit 1
-fi
-if test -z ${EXCHANGE_IBAN:-}
-then
- say "Failure: EXCHANGE_IBAN not set"
- exit 1
-fi
-if test -z ${WIRE_GATEWAY_URL:-}
-then
- say "Failure: WIRE_GATEWAY_URL not set"
- exit 1
-fi
-if test -z ${EXCHANGE_PAYTO:-}
-then
- say "Failure: EXCHANGE_PAYTO not set"
- exit 1
-fi
+check_nexus_exchange "LIBEUFIN_NEXUS_USERNAME"
+check_nexus_exchange "NEXUS_EXCHANGE_PASSWORD"
-# Create master key as taler-exchange-offline *unless* user already
+check_nexus_exchange "EXCHANGE_IBAN"
+check_nexus_exchange "EXCHANGE_PAYTO"
+
+# Create master key as root *unless* user already
# set the MASTER_PUBLIC_KEY to some value we can use.
-export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys
-export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv
-export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub
+
if test -z ${MASTER_PUBLIC_KEY:-}
then
- if test ${DO_OFFLINE:-y} == n
- then
- say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO"
- exit 1
- fi
say "Setting up offline key"
- MASTER_PUBLIC_KEY=`sudo -i -u taler-exchange-offline taler-exchange-offline setup`
- echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/user.conf
- if test -z ${DO_OFFLINE:-}
- then
- # Set 'DO_OFFLINE'
- DO_OFFLINE=y
- echo "DO_OFFLINE=y" >> config/user.conf
- fi
+ mkdir -p ~/.local/share/taler/exchange/offline-keys
+ MASTER_PRIV_FILE=~/.local/share/taler/exchange/offline-keys/master.priv
+ gnunet-ecc -g1 ${MASTER_PRIV_FILE}
+ MASTER_PUBLIC_KEY=`gnunet-ecc -p ~/.local/share/taler/exchange/offline-keys/master.priv`
fi
export MASTER_PUBLIC_KEY
-
-
-say "Setting up exchange database"
-EXCHANGE_DB=talerexchange
-# Use "|| true" to continue if these already exist.
-sudo -i -u postgres createuser -d taler-exchange-httpd || true
-sudo -i -u postgres createuser taler-exchange-wire || true
-sudo -i -u postgres createuser taler-exchange-closer || true
-sudo -i -u postgres createuser taler-exchange-aggregator || true
-sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true
-
-echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-wire\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-
-echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-closer\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-
-echo "GRANT USAGE ON SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT USAGE ON SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo "GRANT SELECT ON ALL TABLES IN SCHEMA _v TO \"taler-exchange-aggregator\";" | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >> config/taler-internal.conf
say "Configuring exchange"
if test ${ENABLE_TLS} = "y"
then
- export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}/"
+ export EXCHANGE_BASE_URL="https://exchange.${DOMAIN_NAME}"
else
- export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}/"
+ export EXCHANGE_BASE_URL="http://exchange.${DOMAIN_NAME}"
fi
-
# Generate /etc/taler/conf.d/setup.conf
+
echo -e "[taler]\n"\
"CURRENCY=${CURRENCY}\n"\
"CURRENCY_ROUND_UNIT=${CURRENCY}:0.01\n"\
"AML_THRESHOLD=${CURRENCY}:1000000\n"\
- "\n[exchange]\n"\
+ "\n"\
+ "[exchange]\n"\
"MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}\n"\
+ "MASTER_PRIV_FILE=${MASTER_PUBLIC_KEY}\n"\
"BASE_URL=${EXCHANGE_BASE_URL}\n"\
- "\n[exchange-offline]\n"\
- "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\
- "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\
- "\n[merchant-exchange-${DOMAIN_NAME}]\n"\
+ "\n"\
+ "[merchant-exchange-${DOMAIN_NAME}]\n"\
"MASTER_KEY=${MASTER_PUBLIC_KEY}\n"\
"CURRENCY=${CURRENCY}\n"\
"EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL}\n"\
- "\n[exchange-account-default]\n"\
+ "\n"\
+ "[exchange-account-default]\n"\
"PAYTO_URI=${EXCHANGE_PAYTO}\n"\
"ENABLE_DEBIT=YES\n"\
"ENABLE_CREDIT=YES\n"\
- "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n" \
+ "@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf\n"
> /etc/taler/conf.d/setup.conf
-echo -e "[exchangedb-postgres]\n"\
- "CONFIG=postgres:///${EXCHANGE_DB}\n"\
- > /etc/taler/secrets/exchange-db.secret.conf
-chmod 440 /etc/taler/secrets/exchange-db.secret.conf
-chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
-
echo -e "[exchange-accountcredentials-default]\n"\
- "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n"\
+ "WIRE_GATEWAY_URL=${CURRENCY}\n"\
"WIRE_GATEWAY_AUTH_METHOD=basic\n"\
"USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n"\
"PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n"\
> /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
-chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
-chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
taler-harness deployment gen-coin-config \
--min-amount ${CURRENCY}:0.01 \
--max-amount ${CURRENCY}:100 \
| sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \
- > /etc/taler/conf.d/${CURRENCY}-coins.conf
-
-
-# FIXME-DOLD: this belongs with taler-harness
-for SEC in `taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -S | grep COIN-`
-do
- taler-config -c /etc/taler/conf.d/${CURRENCY}-coins.conf -s $SEC -o CIPHER -V "RSA"
-done
-
-say "Initializing exchange database"
-sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
+ > /etc/taler/conf.d/${CURRENCY}-coins.conf
say "Launching exchange"
-systemctl enable --now taler-exchange.target
+systemctl enable --now taler-exchange
-say "Waiting for exchange HTTP service (/config)..."
+echo -n "Waiting for exchange..."
curl --max-time 2 \
--retry-connrefused \
--retry-delay 1 \
--retry 10 \
- ${EXCHANGE_BASE_URL}config &> /dev/null
-say "DONE"
-
-say "Waiting for exchange management keys (this may take a while)..."
-curl --max-time 30 \
- --retry-delay 1 \
- --retry 60 \
- ${EXCHANGE_BASE_URL}management/keys &> /dev/null
-say "DONE"
+ ${EXCHANGE_BASE_URL}/config &> /dev/null
+echo "DONE"
say "Offline interaction..."
-if test ${DO_OFFLINE} == y
-then
- sudo -i -u taler-exchange-offline \
- taler-exchange-offline \
- -c /etc/taler/taler.conf \
- download \
- sign \
- upload
-
- sudo -i -u taler-exchange-offline \
- taler-exchange-offline \
- enable-account ${EXCHANGE_PAYTO} \
- wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \
- global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6a 0 \
- upload
-fi
+taler-exchange-offline \
+ -c /etc/taler/taler.conf \
+ download \
+ sign \
+ enable-account ${EXCHANGE_PAYTO} \
+ wire-fee now iban ${CURRENCY}:0 ${CURRENCY}:0 \
+ global-fee now ${CURRENCY}:0 ${CURRENCY}:0 ${CURRENCY}:0 1h 6y 0 \
+ upload
+
-say "Waiting for exchange /keys..."
+echo -n "Waiting for exchange /keys..."
curl --max-time 2 \
--retry-connrefused \
--retry-delay 1 \
--retry 10 \
- ${EXCHANGE_BASE_URL}keys &> /dev/null
-say "DONE"
-
-say "Exchange setup finished"
+ ${EXCHANGE_BASE_URL}/keys &> /dev/null
+echo "DONE"
