commit 3e2bb52a2ba701c47c711d0f5d0318fe99e44956
parent 69bf25dff454caae63611faf7c07d634ddd557b9
Author: Christian Grothoff <grothoff@gnunet.org>
Date: Mon, 27 Nov 2023 08:33:49 +0900
revise netzbon deployment scripts for 0.9.3
Diffstat:
7 files changed, 140 insertions(+), 334 deletions(-)
diff --git a/netzbon/README b/netzbon/README
@@ -126,7 +126,7 @@ Components
The goal is not to only setup the Debian packages, but to also configure
all of the components:
-* libeufin-sandbox with an account for the administrator and the exchange
+* libeufin-bank with an account for the administrator and the exchange
* libeufin-nexus with access to the exchange account and Taler facade
* exchange with denominations, fees (all zero) and credentials for the libeufin-nexus
* merchant backend with the master key of the exchange for the target currency
diff --git a/netzbon/config_launch_libeufin.sh b/netzbon/config_launch_libeufin.sh
@@ -1,270 +0,0 @@
-#!/bin/bash
-# This file is in the public domain.
-#
-# This script configure and launches Sandbox and Nexus.
-# The setup provides the admin account at Sandbox, and
-# another account for the exchange at Nexus and Sandbox.
-# A Taler facade to serve taler-wire-gateway requests
-# is also provided. The currency defaults to "NB".
-
-# The environment must provide the following variables:
-# - SANDBOX_ADMIN_PASSWORD: password of the Netzbon administrator.
-# - NEXUS_EXCHANGE_PASSWORD: password of the Nexus user hosted
-# at Nexus, this password will let the Wire-gateway access
-# its banking records. The related username is:
-# exchange-at-nexus
-# - SANDBOX_EXCHANGE_PASSWORD: password of the exchange
-# bank account hosted at Sandbox. The related
-# username is: exchange-at-sandbox
-# - BANK_NAME: human-readable name for the bank
-#
-# OUTPUTS:
-#
-# LIBEUFIN_NEXUS_USERNAME -- username of the exchange
-# EXCHANGE_IBAN -- IBAN of the exchange
-# EXCHANGE_PAYTO -- payto-URI of the exchange
-
-set -eu
-
-source functions.sh
-source config/user.conf
-source config/internal.conf
-
-if test -z "${BANK_NAME:-}"; then
- say "Error: config/user.conf does not specify BANK_NAME"
- exit 1
-fi
-if test -z "${DOMAIN_NAME:-}"; then
- say "Error: config/user.conf does not specify DOMAIN_NAME"
- exit 1
-fi
-if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then
- say "Error: config/user.conf does not specify SANDBOX_ADMIN_PASSWORD"
- exit 1
-fi
-
-# TODO: add sanity-checks for presence of other required env-vars
-
-if test "${ENABLE_TLS:-}" == "y"; then
- PROTO="https"
-else
- PROTO="http"
-fi
-
-say "Setting up libeufin"
-
-# EBICS parameters that must match but are only used internally.
-EBICS_HOST_ID="TALERHOST"
-EBICS_PARTNER_ID="talerop"
-EBICS_USER_ID="exchangeebics"
-EBICS_CONNECTION_NAME="exchangeconn"
-LIBEUFIN_TALER_FACADE="taler-facade"
-export LIBEUFIN_NEXUS_USERNAME="exchange-at-nexus"
-echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" >>config/internal.conf
-
-# Load configuration with
-# LIBEUFIN_NEXUS_DB_CONNECTION and
-# LIBEUFIN_NEXUS_PORT
-# shellcheck disable=SC1091
-source /etc/libeufin/nexus.env
-export LIBEUFIN_NEXUS_DB_CONNECTION
-
-if test -z "${LIBEUFIN_NEXUS_DB_CONNECTION:-}"; then
- say "Error: /etc/libeufin/nexus.env does not specify LIBEUFIN_NEXUS_DB_CONNECTION"
- exit 1
-fi
-
-export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_EXCHANGE_PASSWORD
-export LIBEUFIN_NEXUS_URL="http://localhost:${LIBEUFIN_NEXUS_PORT}"
-
-# Load configuration with
-# LIBEUFIN_SANDBOX_DB_CONNECTION and
-# LIBEUFIN_SANDBOX_PORT
-# shellcheck disable=SC1091
-. /etc/libeufin/sandbox.env
-export LIBEUFIN_SANDBOX_DB_CONNECTION
-
-if test -z "${LIBEUFIN_SANDBOX_DB_CONNECTION:-}"; then
- say "Error: /etc/libeufin/sandbox.env does not specify LIBEUFIN_SANDBOX_DB_CONNECTION"
- exit 1
-fi
-
-export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="${SANDBOX_ADMIN_PASSWORD}"
-# FIXME-CG: this should be done inside the Debian package (incl. pw generation)
-# We need to add this password to the systemd environment to make it effective.
-echo "LIBEUFIN_SANDBOX_ADMIN_PASSWORD=\"${SANDBOX_ADMIN_PASSWORD}\"" >>/etc/libeufin/sandbox.env
-
-SANDBOX_URL="http://localhost:${LIBEUFIN_SANDBOX_PORT}/"
-
-say "Configure the default demobank with ${CURRENCY}..."
-MY_DIR=$PWD
-
-# Go to directory valid for other users.
-cd /
-sudo -E -u libeufin-sandbox \
- libeufin-sandbox config \
- --captcha-url "${PROTO}://bank.${DOMAIN_NAME}" \
- --bank-debt-limit 1000000 \
- --users-debt-limit 0 \
- --without-signup-bonus \
- --currency "${CURRENCY}" \
- default
-say "DONE"
-say "Start the bank..."
-systemctl enable --now libeufin-sandbox
-
-say "DONE"
-say "Waiting for sandbox..."
-curl --max-time 25 \
- --retry-connrefused \
- --retry-delay 3 \
- --retry 10 \
- "${SANDBOX_URL}" &>/dev/null
-say "DONE"
-
-say "Make one superuser at Nexus..."
-sudo -E -u libeufin-nexus libeufin-nexus superuser \
- ${LIBEUFIN_NEXUS_USERNAME} \
- --password "$NEXUS_EXCHANGE_PASSWORD"
-say "DONE"
-say "Launching Nexus..."
-
-systemctl enable --now libeufin-nexus
-
-say "DONE"
-say "Waiting for Nexus..."
-curl --max-time 25 \
- --retry-connrefused \
- --retry-delay 3 \
- --retry 10 \
- "${LIBEUFIN_NEXUS_URL}" &>/dev/null
-say "DONE"
-
-EXCHANGE_SANDBOX_USERNAME="exchange-at-sandbox"
-say "Register the exchange Sandbox account..."
-export LIBEUFIN_SANDBOX_USERNAME=$EXCHANGE_SANDBOX_USERNAME
-export LIBEUFIN_SANDBOX_PASSWORD="${SANDBOX_EXCHANGE_PASSWORD}"
-# Succeed also if the account already exists...
-# (hopefully with the same password!)
-# FIXME-MS: might be better to DELETE an existing
-# account here instead!??
-libeufin-cli \
- sandbox --sandbox-url "${SANDBOX_URL}" \
- demobank register || true
-say "DONE"
-
-say "Getting the exchange IBAN and Payto URI..."
-EXCHANGE_DETAILS=$(libeufin-cli \
- sandbox --sandbox-url "${SANDBOX_URL}" \
- demobank info --bank-account ${LIBEUFIN_SANDBOX_USERNAME})
-say "DONE"
-
-EXCHANGE_IBAN=$(echo "$EXCHANGE_DETAILS" | jq -r .iban)
-EXCHANGE_PAYTO=$(echo "$EXCHANGE_DETAILS" | jq -r .paytoUri)
-
-# Communicating this to the exchange script, as the exchange
-# needs it for the /wire response.
-export EXCHANGE_IBAN
-export EXCHANGE_PAYTO
-echo "EXCHANGE_IBAN=\"${EXCHANGE_IBAN}\"" >>"${MY_DIR}"/config/internal.conf
-echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>"${MY_DIR}"/config/internal.conf
-
-say "Setting the default exchange at Sandbox..."
-libeufin-sandbox default-exchange "${PROTO}://exchange.$DOMAIN_NAME/" "$EXCHANGE_PAYTO"
-say "DONE"
-
-export LIBEUFIN_SANDBOX_USERNAME="admin"
-export LIBEUFIN_SANDBOX_PASSWORD=$SANDBOX_ADMIN_PASSWORD
-say "Create EBICS host at Sandbox..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing host first.
-libeufin-cli sandbox \
- --sandbox-url "${SANDBOX_URL}" \
- ebicshost create --host-id ${EBICS_HOST_ID} || true
-say "OK"
-
-say "Create exchange EBICS subscriber at Sandbox..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing host first.
-libeufin-cli sandbox \
- --sandbox-url "${SANDBOX_URL}" \
- demobank new-ebicssubscriber \
- --host-id ${EBICS_HOST_ID} \
- --user-id ${EBICS_USER_ID} \
- --partner-id ${EBICS_PARTNER_ID} \
- --bank-account ${EXCHANGE_SANDBOX_USERNAME} || true
-say "OK"
-
-say "Creating the EBICS connection at Nexus..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing host first.
-libeufin-cli connections new-ebics-connection \
- --ebics-url "${SANDBOX_URL}ebicsweb" \
- --host-id ${EBICS_HOST_ID} \
- --partner-id ${EBICS_PARTNER_ID} \
- --ebics-user-id ${EBICS_USER_ID} \
- ${EBICS_CONNECTION_NAME} || true
-say "DONE"
-
-say "Setup EBICS keying..."
-libeufin-cli connections connect ${EBICS_CONNECTION_NAME} >/dev/null
-say "OK"
-
-say "Download bank account name from Sandbox..."
-libeufin-cli connections download-bank-accounts ${EBICS_CONNECTION_NAME}
-say "OK"
-
-say "Importing bank account info into Nexus..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing connection first.
-libeufin-cli connections import-bank-account \
- --offered-account-id ${EXCHANGE_SANDBOX_USERNAME} \
- --nexus-bank-account-id ${LIBEUFIN_NEXUS_USERNAME} \
- ${EBICS_CONNECTION_NAME} || true
-echo "OK"
-
-say "Create the Taler facade at Nexus..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing facade first.
-libeufin-cli facades \
- new-taler-wire-gateway-facade \
- --currency "$CURRENCY" \
- --facade-name ${LIBEUFIN_TALER_FACADE} \
- ${EBICS_CONNECTION_NAME} ${LIBEUFIN_NEXUS_USERNAME} || true
-say "OK"
-
-export WIRE_GATEWAY_URL="${LIBEUFIN_NEXUS_URL}/facades/${LIBEUFIN_TALER_FACADE}/taler-wire-gateway/"
-echo "WIRE_GATEWAY_URL=\"${WIRE_GATEWAY_URL}\"" >>"${MY_DIR}"/config/internal.conf
-
-say "Configuring the background jobs to submit/get transactions..."
-# Tries every second.
-# Not idempotent, FIXME #7739
-libeufin-cli accounts task-schedule \
- --task-type submit \
- --task-name exchange-payments \
- --task-cronspec "* * *" \
- "${LIBEUFIN_NEXUS_USERNAME}" || true
-say "OK"
-
-# Tries every second. Ask C52
-say "Setup history fetch task.."
-# Not idempotent, FIXME #7739
-libeufin-cli accounts task-schedule \
- --task-type fetch \
- --task-name exchange-history \
- --task-cronspec "* * *" \
- --task-param-level report \
- --task-param-range-type latest \
- "${LIBEUFIN_NEXUS_USERNAME}" || true
-say "OK"
-
-say "Setting up SPA configuration..."
-
-# shellcheck disable=SC2002
-cat /usr/share/libeufin/demobank-ui/demobank-ui-settings.js |
- sed -e "s/localhost/bank.${DOMAIN_NAME}/g" |
- sed -e "s/Taler Bank/${BANK_NAME}/g" \
- sed -e "s/http:\/\//${PROTO}:\/\//g" \
- >/etc/libeufin/demobank-ui-settings.js
-
-say "DONE"
diff --git a/netzbon/config_libeufin_bank.sh b/netzbon/config_libeufin_bank.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+# This file is in the public domain.
+#
+# This script configure and launches libeufin-bank.
+# The setup provides the admin account at the bank, and
+# another account for the exchange at the bank.
+#
+# The environment must provide the following variables:
+# - BANK_ADMIN_PASSWORD: password of the Netzbon administrator.
+# - BANK_EXCHANGE_PASSWORD: password of the exchange
+# bank account hosted at Sandbox. The related
+# username is: exchange-at-sandbox
+# - BANK_NAME: human-readable name for the bank
+# - DOMAIN_NAME: DNS domain name to use for the setup
+# - ENABLE_TLS (http or https?)
+#
+# OUTPUTS:
+#
+# EXCHANGE_PAYTO -- payto-URI of the exchange
+# EXCHANGE_WIRE_GATEWAY_URL -- URL of the wire gateway for the exchange
+
+set -eu
+
+source functions.sh
+source config/user.conf
+source config/internal.conf
+
+if test -z "${BANK_NAME:-}"; then
+ say "Error: config/user.conf does not specify BANK_NAME"
+ exit 1
+fi
+if test -z "${DOMAIN_NAME:-}"; then
+ say "Error: config/user.conf does not specify DOMAIN_NAME"
+ exit 1
+fi
+if test -z "${BANK_ADMIN_PASSWORD:-}"; then
+ say "Error: config/user.conf does not specify BANK_ADMIN_PASSWORD"
+ exit 1
+fi
+if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
+ say "Error: config/user.conf does not specify BANK_EXCHANGE_PASSWORD"
+ exit 1
+fi
+
+# TODO: add sanity-checks for presence of other required env-vars
+
+if test "${ENABLE_TLS:-}" == "y"; then
+ PROTO="https"
+else
+ PROTO="http"
+fi
+
+say "Setting up libeufin-bank database"
+libeufin-bank-dbconfig
+
+say "Setting up libeufin-bank admin account"
+libeufin-bank passwd admin "${BANK_ADMIN_PASSWORD}"
+
+say "Configure the bank with ${CURRENCY}..."
+echo -e "[libeufin-bank]\n" \
+ "CURRENCY=${CURRENCY}\n"\
+ "DEFAULT_EXCHANGE=${PROTO}://exchange.$DOMAIN_NAME\n"\
+ >> /etc/libeufin/libeufin-bank.conf
+
+say "Setting up SPA configuration..."
+echo "settings = { bankName: \"${BANK_NAME}\" }"
+ >/etc/libeufin/settings.js
+
+say "DONE"
+
+say "Start the bank..."
+systemctl enable --now libeufin-bank
+
+say "Waiting for bank to be running..."
+curl --max-time 25 \
+ --retry-connrefused \
+ --retry-delay 3 \
+ --retry 10 \
+ "${LIBEUFIN_BANK_URL}" &>/dev/null
+say "DONE"
+
+say "Create exchange account..."
+LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX)
+BODY='{"username":"exchange","password":"'${BANK_EXCHANGE_PASSWORD}',"name":"Exchange","is_taler_exchange":true}'
+wget \
+ --http-user="admin" \
+ --http-password="${BANK_ADMIN_PASSWORD}" \
+ --header='Content-type: application/json' \
+ --body-data="${BODY}" \
+ -o "$LAST_RESPONSE" \
+ "${LIBEUFIN_BANK_URL}/accounts"
+say "DONE"
+
+EXCHANGE_IBAN=$(cat "$LAST_RESPONSE" | jq -r .iban)
+EXCHANGE_PAYTO="payto://iban/${EXCHANGE_IBAN}/receiver-name=Exchange"
+EXCHANGE_WIRE_GATEWAY_URL="${LIBEUFIN_BANK_URL}/accounts/exchange/taler-wire-gateway/"
+
+# Communicating this to the exchange script, as the exchange
+# needs these for the /keys response.
+echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>"${MY_DIR}"/config/internal.conf
+echo "EXCHANGE_WIRE_GATEWAY_URL=\"${EXCHANGE_WIRE_GATEWAY_URL}\"" >>"${MY_DIR}"/config/internal.conf
+
diff --git a/netzbon/install_packages.sh b/netzbon/install_packages.sh
@@ -55,4 +55,4 @@ apt update
apt install taler-exchange -y
apt install taler-merchant -y
apt install taler-harness -y
-apt install libeufin-sandbox libeufin-nexus -y
+apt install libeufin-bank libeufin-nexus -y
diff --git a/netzbon/main.sh b/netzbon/main.sh
@@ -55,9 +55,9 @@ if test -z "${MASTER_PUBLIC_KEY:-}"; then
echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf
fi
fi
-if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then
- read -r -s -p "Enter the admin password for the bank: " SANDBOX_ADMIN_PASSWORD
- echo "SANDBOX_ADMIN_PASSWORD=$(printf '%q' "${SANDBOX_ADMIN_PASSWORD}")" >>config/user.conf
+if test -z "${BANK_ADMIN_PASSWORD:-}"; then
+ read -r -s -p "Enter the admin password for the bank: " BANK_ADMIN_PASSWORD
+ echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" >>config/user.conf
echo "" # force new line
fi
if test -z "${DOMAIN_NAME:-}"; then
@@ -74,6 +74,11 @@ if ! ping -c1 "exchange.${DOMAIN_NAME}" &>/dev/null; then
say "Please make sure your DNS/network are working."
exit 1
fi
+if ! ping -c1 "bank.${DOMAIN_NAME}" &>/dev/null; then
+ say "Could not ping bank.${DOMAIN_NAME}."
+ say "Please make sure your DNS/network are working."
+ exit 1
+fi
# Check if the user is root, otherwise EXIT.
check_user
@@ -81,16 +86,13 @@ check_user
# Installation of deb packages required
. install_packages.sh
-if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"; then
- NEXUS_EXCHANGE_PASSWORD=$(uuidgen)
- echo "NEXUS_EXCHANGE_PASSWORD=\"${NEXUS_EXCHANGE_PASSWORD}\"" >>config/internal.conf
-fi
-if test -z "${SANDBOX_EXCHANGE_PASSWORD:-}"; then
- SANDBOX_EXCHANGE_PASSWORD=$(uuidgen)
- echo "SANDBOX_EXCHANGE_PASSWORD=\"${SANDBOX_EXCHANGE_PASSWORD}\"" >>config/internal.conf
+if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
+ BANK_EXCHANGE_PASSWORD=$(uuidgen)
+ echo "BANK_EXCHANGE_PASSWORD=\"${BANK_EXCHANGE_PASSWORD}\"" >>config/internal.conf
fi
-./config_launch_libeufin.sh
+./config_libeufin_bank.sh
+./config_libeufin_nexus.sh
./config_nginx.sh
./setup-exchange.sh
./setup-merchant.sh
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
@@ -1,6 +1,16 @@
#!/bin/bash
-
-# Set up error handling
+# This file is in the public domain.
+#
+# This script configure and launches the Taler exchange.
+#
+# The environment must provide the following variables:
+#
+# - BANK_EXCHANGE_PASSWORD (exchange password for libeufin-bank)
+# - EXCHANGE_WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus)
+# - EXCHANGE_PAYTO (exchange account PAYTO)
+# - ENABLE_TLS (http or https?)
+# - DOMAIN_NAME: DNS domain name to use for the setup
+#
set -eu
@@ -26,29 +36,12 @@ source config/internal.conf
say "Beginning Exchange setup"
-# Required inputs:
-#
-# - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus)
-# - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus)
-# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus)
-# - EXCHANGE_IBAN (exchange account IBAN)
-# - EXCHANGE_PAYTO (exchange account PAYTO)
-# - ENABLE_TLS (http or https?)
-
-if test -z "${LIBEUFIN_NEXUS_USERNAME:-}"; then
- say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
- exit 1
-fi
-if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"; then
- say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
- exit 1
-fi
-if test -z "${EXCHANGE_IBAN:-}"; then
- say "Failure: EXCHANGE_IBAN not set"
+if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
+ say "Failure: BANK_EXCHANGE_PASSWORD not set"
exit 1
fi
-if test -z "${WIRE_GATEWAY_URL:-}"; then
- say "Failure: WIRE_GATEWAY_URL not set"
+if test -z "${EXCHANGE_WIRE_GATEWAY_URL:-}"; then
+ say "Failure: EXCHANGE_WIRE_GATEWAY_URL not set"
exit 1
fi
if test -z "${EXCHANGE_PAYTO:-}"; then
@@ -103,15 +96,6 @@ export MASTER_PUBLIC_KEY
say "Stopping running exchange before reconfiguration"
systemctl stop taler-exchange.target
-say "Setting up exchange database"
-EXCHANGE_DB=talerexchange
-# Use "|| true" to continue if these already exist.
-sudo -i -u postgres createuser -d taler-exchange-httpd || true
-sudo -i -u postgres createuser taler-exchange-wire || true
-sudo -i -u postgres createuser taler-exchange-closer || true
-sudo -i -u postgres createuser taler-exchange-aggregator || true
-sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true
-
say "Configuring exchange"
if test "${ENABLE_TLS}" = "y"; then
@@ -146,10 +130,10 @@ chmod 440 /etc/taler/secrets/exchange-db.secret.conf
chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
echo -e "[exchange-accountcredentials-default]\n" \
- "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n" \
+ "WIRE_GATEWAY_URL=${EXCHANGE_WIRE_GATEWAY_URL}\n" \
"WIRE_GATEWAY_AUTH_METHOD=basic\n" \
- "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n" \
- "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n" \
+ "USERNAME=Exchange\n" \
+ "PASSWORD=${BANK_EXCHANGE_PASSWORD}\n" \
>/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
@@ -166,22 +150,7 @@ for SEC in $(taler-config -c /etc/taler/conf.d/"${CURRENCY}"-coins.conf -S | gre
done
say "Initializing exchange database"
-sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
-
-echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-
-echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-
-echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+taler-exchange-dbconfig -c /etc/taler/taler.conf
say "Launching exchange"
systemctl enable --now taler-exchange.target
diff --git a/netzbon/setup-merchant.sh b/netzbon/setup-merchant.sh
@@ -6,5 +6,8 @@ source functions.sh
source config/user.conf
source config/internal.conf
+say "Setting up merchant database"
+taler-merchant-dbconfig
+
say "Launching taler-merchant-httpd"
systemctl enable --now taler-merchant-httpd
