commit 7550d66f00128c5bb5e860eb3f87d95fd8c9646e parent fbe6888433d9ecc48d2e1ca3ecbcaf15824264f6 Author: Devan Carpenter <devan@taler.net> Date: Thu, 11 Jan 2024 08:09:11 -0500 remove sandcastle-ng from tree Moved to https://git.taler.net/sandcastle-ng.git/ Diffstat:
23 files changed, 0 insertions(+), 1061 deletions(-)
diff --git a/sandcastle-ng/Dockerfile b/sandcastle-ng/Dockerfile @@ -1,238 +0,0 @@ -FROM docker.io/library/debian:bookworm AS base-system - -# FIXMEs: -# - debian packages should be built with a nightly tag -# - the final image contains all build dependencies, this isn't really necessary -# - the final image contains -dev packages, not really necessary -# - GNUnet build dependencies are excessive, maybe we can just build the required libs? - -RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ - autoconf \ - autopoint \ - build-essential \ - po-debconf \ - debhelper-compat \ - apt-utils \ - libtool \ - texinfo \ - libgcrypt-dev \ - libidn11-dev \ - zlib1g-dev \ - libunistring-dev \ - libjansson-dev \ - git \ - recutils \ - libsqlite3-dev \ - libpq-dev \ - libmicrohttpd-dev \ - libsodium-dev \ - libqrencode-dev \ - zip \ - unzip \ - jq \ - npm \ - openjdk-17-jre-headless \ - openjdk-17-jdk-headless \ - default-jre-headless \ - nano \ - procps \ - python3-jinja2 \ - python3-pip \ - python3-sphinx \ - python3-sphinx-rtd-theme \ - python3-venv \ - python3-dev \ - nodejs \ - iptables \ - miniupnpc \ - libextractor-dev \ - libbluetooth-dev \ - libcurl4-gnutls-dev \ - libogg-dev \ - libopus-dev \ - libpulse-dev \ - fakeroot \ - libzbar-dev \ - libltdl-dev \ - net-tools \ - python3-flask \ - python3-flask-babel \ - uwsgi \ - python3-bs4 \ - pybuild-plugin-pyproject - -# old: libzbar-dev - -# FIXME: Try to use debian packages where possible and otherwise really use -# a venv or per-user installation of the package. -RUN pip3 install --break-system-packages requests click poetry uwsgi htmlark sphinx-book-theme sphinx-markdown-builder - -# GNUnet -FROM base-system AS gnunet - -COPY buildconfig/gnunet.tag /buildconfig/ -WORKDIR /build -RUN TAG=$(cat /buildconfig/gnunet.tag) && \ - git clone git://git.gnunet.org/gnunet \ - --branch $TAG -WORKDIR /build/gnunet -RUN ./bootstrap -RUN dpkg-buildpackage -rfakeroot -b -uc -us -WORKDIR / -RUN mkdir -p /packages/gnunet -RUN mv /build/*.deb /packages/gnunet -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/gnunet/*.deb -WORKDIR / - -# Exchange -FROM gnunet as exchange - -COPY buildconfig/exchange.tag /buildconfig/ -WORKDIR /build -RUN TAG=$(cat /buildconfig/exchange.tag) && \ - git clone git://git.taler.net/exchange \ - --branch $TAG -WORKDIR /build/exchange -RUN ./bootstrap -RUN dpkg-buildpackage -rfakeroot -b -uc -us -WORKDIR / -RUN mkdir -p /packages/exchange -RUN mv /build/*.deb /packages/exchange -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/exchange/*.deb -WORKDIR / - -# Merchant -FROM exchange as merchant - -COPY buildconfig/merchant.tag /buildconfig/ -WORKDIR /build -RUN TAG=$(cat /buildconfig/merchant.tag) && \ - git clone git://git.taler.net/merchant \ - --branch $TAG -WORKDIR /build/merchant -RUN ./bootstrap -RUN dpkg-buildpackage -rfakeroot -b -uc -us -WORKDIR / -RUN mkdir -p /packages/merchant -RUN mv /build/*.deb /packages/merchant -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/merchant/*.deb -WORKDIR / - -# Libeufin -FROM base-system as libeufin - -WORKDIR /build -COPY buildconfig/libeufin.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/libeufin.tag) && \ - git clone git://git.taler.net/libeufin \ - --branch $TAG -WORKDIR /build/libeufin -RUN ./bootstrap -RUN ./configure --prefix=/usr -RUN dpkg-buildpackage -rfakeroot -b -uc -us -WORKDIR / -RUN mkdir -p /packages/libeufin -RUN mv /build/*.deb /packages/libeufin -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/libeufin/*.deb - -# Merchant demos -FROM base-system as merchant-demos - -WORKDIR /build -COPY buildconfig/merchant-demos.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/merchant-demos.tag) && \ - git clone git://git.taler.net/taler-merchant-demos \ - --branch $TAG -WORKDIR /build/taler-merchant-demos -RUN ./bootstrap -RUN dpkg-buildpackage -rfakeroot -b -uc -us -WORKDIR / -RUN mkdir -p /packages/merchant-demos -RUN mv /build/*.deb /packages/merchant-demos -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/merchant-demos/*.deb - -# wallet-core tools (taler-wallet-cli and taler-harness) -FROM base-system as wallet -WORKDIR /build -COPY buildconfig/wallet.tag /buildconfig/ -RUN TAG=$(cat /buildconfig/wallet.tag) && \ - git clone git://git.taler.net/wallet-core \ - --branch $TAG -RUN npm install -g pnpm@^8.7.0 -WORKDIR /build/wallet-core -RUN ./bootstrap -# taler-wallet-cli -WORKDIR /build/wallet-core/packages/taler-wallet-cli -RUN ./configure --prefix=/usr/local -RUN make deps -RUN dpkg-buildpackage -rfakeroot -b -uc -us -# taler-harness -WORKDIR /build/wallet-core/packages/taler-harness -RUN ./configure --prefix=/usr/local -RUN pnpm install --frozen-lockfile --filter @gnu-taler/taler-harness... -RUN pnpm run --filter @gnu-taler/taler-harness... compile -RUN dpkg-buildpackage -rfakeroot -b -uc -us -# copy debs -WORKDIR / -RUN mkdir -p /packages/wallet -RUN mv /build/wallet-core/packages/*.deb /packages/wallet -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/wallet/*.deb - -# Sync -FROM merchant as sync -COPY buildconfig/sync.tag /buildconfig/ -WORKDIR /build -RUN TAG=$(cat /buildconfig/sync.tag) && \ - git clone git://git.taler.net/sync \ - --branch $TAG -WORKDIR /build/sync -RUN ./bootstrap -RUN dpkg-buildpackage -rfakeroot -b -uc -us -WORKDIR / -RUN mkdir -p /packages/sync -RUN mv /build/*.deb /packages/sync -RUN rm -rf /build -RUN apt-get install --no-install-recommends -y /packages/sync/*.deb -WORKDIR / - - -# Final image -FROM base-system as taler-final -RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ - gpg -COPY apt/caddy-stable.list /etc/apt/sources.list.d/caddy-stable.list -COPY apt/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg -RUN gpg --dearmor -o /usr/share/keyrings/caddy-stable-archive-keyring.gpg /tmp/caddy-stable-archive-keyring.gpg -RUN apt-get update && apt-get -y upgrade && apt-get --no-install-recommends install -y \ - emacs \ - vim \ - curl \ - postgresql \ - bash-completion \ - sudo \ - less \ - caddy \ - systemd-coredump \ - libnss3-tools \ - latexmk \ - texlive-latex-extra \ - tex-gyre -RUN mkdir -p /packages -COPY --from=gnunet /packages/gnunet/* /packages/ -COPY --from=exchange /packages/exchange/* /packages/ -COPY --from=merchant /packages/merchant/* /packages/ -COPY --from=wallet /packages/wallet/* /packages/ -COPY --from=libeufin /packages/libeufin/* /packages/ -COPY --from=merchant-demos /packages/merchant-demos/* /packages/ -RUN apt-get install --no-install-recommends -y /packages/*.deb -COPY systemd/setup-sandcastle.service /etc/systemd/system/ -RUN systemctl enable setup-sandcastle.service -# Disable potentially problem-causing services -RUN systemctl disable postgresql && \ - systemctl disable apache2 || true diff --git a/sandcastle-ng/README.md b/sandcastle-ng/README.md @@ -1,137 +0,0 @@ -# Introduction - -The sandcastle is a containerized deployment of GNU Taler - -It uses podman to build an image and run a single container that -has systemd running inside. - - -# Prerequisites - -You need (on your host system): -* podman -* bash - - -# Building the Container Image - -1. Set buildconfig/$component.tag to the right git tag you want to build -2. Run ./sandcastle-build to build the Taler container. The resulting container - is tagged as taler-base-all - - -# Configuring the Deployment - -It is recommended that for each deployment, you clone the deployment.git -repository and create a branch with deployment-specific changes. - -Currently there is not much configuration. - -The main adjustments to be made are: - -* scripts/demo/setup-sandcastle.sh has the currency on top of the file -* sandcastle-run has variables for the port that'll be exposed ("published") on - the host. They can be overwritten with environment variables - (``TALER_SANDCASTLE_PORT_$COMPONENT``). - - -# Running the Deployment - -Run ``./sandcastle-run`` to run the single container. The container will be -named taler-sandcastle. - -You can run the container in the background by passing ``-d``. Note that ``./sandcastle-run`` is just -a wrapper around ``podman run``. - -The running container publishes ports to the host as defined in ``./sandcastle-run``. -You can manually verify these port mappings via ``podman port taler-sandcastle``. - -# Stopping the deployment - -``` -podman stop taler-sandcastle -``` - - -# Poking Around - -You can poke around in a running sandcastle instance by running - -``` -podman exec -it taler-sandcastle /bin/bash -``` - -Or, as a shortcut: - -``` -./sandcastle-enter -``` - -This will drop you into a shell inside the running container, -where you have access to systemd, journalctl, etc. - - -# Data Storage - -All persistent data is stored in a podman volume called -talerdata. You can see where it is in your filesystem -by running ``podman volume inspect talerdata``. - -That volume also contains the postgres database files. - - -# Provisioning Details - -The whole deployment is configured by the script ``/provision/setup-sandcastle.sh``. -This script will be run as a oneshot systemd service and will disable itself after -the first success. - -To troubleshoot, run ``journalctl -u setup-sandcastle.service``. - -There are different setup scripts in the ``scripts/$SANDCASTLE_SETUP_NAME`` -folders. Specifically: - -* ``none`` does no setup at all -* ``demo`` is the usual Taler demo -* TBD: ``regio`` is a currency conversion setup - -By default, ``demo`` is used. To mount a different provision script, set ``$SANDCASTLE_SETUP_NAME`` -when running ``./sandcastle-run``. - -You can always manually run the provisioning script inside the container as -``/scripts/$SANDCASTLE_SETUP_NAME/setup-sandcastle.sh``. - - -# Neat Things That Already Work - -* Rebulding the base image is incremental, since we use layers. If the tag - of the exchange is changed, only the exchange and components that depend - on it are rebuilt. -* Inside the container, the service names resolve to localhost, - and on localhost a reverse proxy with locally signed certificates - ensures that services can talk to each other *within* the container - by using their *public* base URL. - - -# Future Extensions - -* Fix rewards by deploying Javier's reward topup script inside the container via a systemd timer! -* Variant where credentials use proper secret management instead of hard-coding all - passwords to "sandbox". -* Better way to access logs, better way to expose errors during provisioning -* The Dockerfile should introduce nightly tags for debian packages it builds. - Currently it just uses the latest defined version, which is confusing. -* Deploy the Taler woocommerce plugin, wordpress plugin, Joomla plugin -* Do self-tests of the deployment using the wallet CLI -* Running the auditor -* Running a currency conversion setup with multiple libeufin-bank instances -* Allow a localhost-only, non-tls setup for being able to access a non-tls - Taler deployment on the podman host. -* Instead of exposing HTTP ports, we could expose everything via unix domain sockets, - avoiding port collision problems. -* Instead of requiring the reverse proxy to handle TLS, - the sandcastle container itself could do TLS termination with caddy. -* To improve performance, allow connecting to an external database -* Make it easy to import and export the persistent data -* Extra tooling to checkpoint images/containers to revert to a previous - state quickly. diff --git a/sandcastle-ng/apt/caddy-stable-archive-keyring.gpg b/sandcastle-ng/apt/caddy-stable-archive-keyring.gpg @@ -1,64 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2 - -mQINBFb+quEBEACl3/YkFekflvauEASL+neZjCctYWyt57Dv5AdRmUPO4zkxylLG -d/9JawlUfHuYYU4emz7940S2wR8kbBimiLgxMqyGP5+RQnggNZhjYIXoqkkh0G8v -purq+58d+VNYf0LWnWlwuJC0dtpi4bPqZTc5ST4QOItFK0s7F2xZJyOkuAPDI782 -pGMR8UzpburHt9JwIUv1oOHFfFA/4HFQ++A6RF9bjYQFNMreaXsvMKIA5VQKcnDd -SbKEfKnr0bwGr59MsnsQBgr1Ats2W722jIs89YevBanS6n0FWeiSxUqUrNypTLkL -QHVPlK7Agq1XGWUhu55clFC6loQXboph9BhnSxSn9Kou4toXDQj6AMDuLGcV+VQ+ -fVfSZFXsp/evzqkjbc0jsUTVOZgZhhRP8DD+vjkzJFfCq/tAWu4qgqnOwE9kEEQL -MXsnsZNSYS3MvWnQFPBmg0B483iKxaA/Oe89WckTnjt+jlpAKhOoS5ZURdOtwv1i -yrKlYiXYMQCMhOd3BCw5RELb7Qtpz+gBaOoxQMMyRRYwKiturpQdV53FVvu/re/x -xXVuxRyRI2Yo94ba3a5bEGjR3CNjvx7LuGuWplYyzDWn+OXa/HiTqWM153ho+oUl -s3ntiHQ16jtgyhcNSuMffCcMLYanfmB+2m4HZmkl97vs7XvclClEXNV6VwARAQAB -tCpDYWRkeSBXZWIgU2VydmVyIDxjb250YWN0QGNhZGR5c2VydmVyLmNvbT6JAjQE -EwEKAB4FAlb+quECGwMDCwkHAxUKCAIeAQIXgAMWAgECGQEACgkQFVttecpW6jRx -cQ/9GHdVoYf15rcU0ip3Vw1MF06ndRxLmilgBvdweZ5NcRttbu8ESh+MP59Z0gOp -0uX/CqBnqZb9E2vbYyly1plq5GwP4tcCHwwkyOT1doGcyP1XylPkJkieP9YUWsIA -3oG/wCsqxxwVYzwvm0opBdrNf6pAYg2tGNCqxh8bmYPDaReu3t2LZ6qeJ4obhYTx -IwAh36oF5dVG5OW2dnMNFVpjoEgCavvTNTcJCgonLct6Zl+Q7xptJyBv3LS8L674 -V2nxcoLvtTjXG86D3yPJvD1I5WYPEZMpHznj1PEztgOrvLo+Fyu+T5vCHqfTY6mG -89BXz8L4o5aBr2uY+ZV5oQa6GuV8GIiiWIZNyDwXTnUiW/GsUFNwg0AP05rva8fF -2a3ybwsq/Sv2nraKQMpYRltBQZkg+l5nZD7znHpYBfJiH6eW3/7ft3w8OptiIcu6 -87UzhI28yoFSNE+85V3sz7JphZ/XFaU2ApESO1ahjDzP96w4u0HeSds6tbkR3OlC -ECcFOmX79MhWfjDaVNnknBqGzjy1JdQ0ZKNWMZRVyxZ9fKiZxFw+q40Sta7ynxfH -p4v0bM8vDLM3cxxOj38U5jsP/ChctyZO3P0nCEzIAR9kvumc5PSqpjiqWlbaHsxa -fXohi3LAIi/clgIOV7bIVRmTz6b61Ngf+C8VYzlUph0ygS25Ag0EX+uckAEQAKyq -E0nbZa8/6Js5TGvlRGi/pb59c6cC+yqB3d7qzOuIJ/61W9yCXliQRZSB32dGXsqD -a375PtGlE5p7id4PNwegx2C4fFN6PWdxO1bwhOnrcUov6YHggkcjaFJqaWoa/EvF -DUgEKd0d1WGzNHlmkM0P6puJ8lbPW3SeWtv+V83BvS9Hkb//43HKNk2J3cV/+RNb -MsfER5CRAFYYHs/lyT2mpYU5dislzk4VDZbR7iyzXIrUEAQdpXe8itFYjFf8xzAe -qDsUefarr485USnTTxQtcBKX06ruHiQUSCOs7HR6cDJi332cTXT7kSbq3ouq9nB8 -oaxhl2I20kVBWqdRyzVAwtGvjkWIYuUteIpguzAqpfsBv6IJ/W5G5jw+HEUJSCRr -6rlC1z9agGCKl53NTV4gHqRY2GpYPr2KNN3uTVojignCC9BEP0eRqj876X90Y7id -QuDda/+QaHH6htUe/W51j5RLVWssCLTZwHPZmeHtxz6U6IOEtlSuso7IN4HQsdaj -lmOP+kfNy1gKVOW9fvF2HpUvY2cNwjSAO96C3K4w4z/ykHco/6HhZcAb/MydMKPy -cI8jUDKa++Dk88xvq/AsRH++ri5WIY3n/HIkDyxGX5KCyxAfU1xuGkosnu7iBxoz -2YVIV5GUwjf7ysOmgkb7FAcb73hUnCdGxcbWiQofABEBAAGJBHIEGAEKACYWIQRl -dgxR7eogF86iyhUVW215ylbqNAUCX+uckAIbAgUJCWYBgAJACRAVW215ylbqNMF0 -IAQZAQoAHRYhBC9cO+mIas0pEyme+6uh+biHWmZhBQJf65yQAAoJEKuh+biHWmZh -ZIIP/2FxCz40ev/sR60ozPRg/eMqAx8M8tmwACjPk84tCZryTRQ9dQ2nKzIWIQvt -rLljl0OU3CCLgHRHl5lEjTgeDSfvrCLgss48fKAenBlHLGTzaMqdI6bs1fg7Ieh5 -dZQd9Crf6xLC7tBSjEzaqaPseux9tEdLEbHn8oJlQAgymW4wBko+ymriZpjs43Hx -ir8iHn/H+oSJe4tOwaGmLzbMY5LMffvUWVKnoacjIx92XiVlUVypkh22iSa0upsz -vseu+hiytwBMyxU99dsRwOQy2BZd3P/tCwpnDI8hSZCzBTyuo6XNgwLHZzvUuNKc -qXZK4kxPRTVGyur9S1rYbZqnmPf4Wy7wFtwRUvbVve6BVdc7v9zWsTkEtTEJ4Buh -GHSwBTdGKy8CJJgRN8K2umGCPxnUNvoCOsqW6xIJTp2baM1nRWZf1UvNjgVhwyJt -AlrMk1xdmDDqVUO80Y5p7Jn2G1XPlQOVHcjyjFtM4sIWPqnrRzTzB4xTAZ1push3 -EOys2+4IGLgS7P6z0q+4Cxwtnm32ZueQDWyQA5gOOZAodb8HCku6sIIiF+zGtrNO -F45xsKAoJVPt5VvH4zOKK+TbYyHAN/Ujpf09zXrTtmrnHwjB8PD+Uq2Ober/Zf5Q -4MGnzQAy/Qkw8suciIxgLC9kCNwJIFRULHMTUsAFaAq+L9+IBmwP/R2Yt/Gop4Nl -IfJDSMIBXGVn/2I2rTW0NDU3UC1njVRSVwQ4fjyRcuxi7dM/f8YBPnNGXO2Ur709 -f7LF7GkY/VgjQ9RWaZ6CB3GPhUjj1Q5nmW+lQkyehPYgx1/MuD3wq3w/BfYyrYHb -xRn5r4N5QmUasFrPH8Ey/zI2cEFwckek0Z1G2SwnkEsY0e9vy12RvCGGicHJ+Xxs -7E/L6rEjRpcQg1xzzCh1Sdx4ZKIxss9N5vJ5xCTd9kFl68ZCQJEz9zJUztEiEYcG -l6WQ+BK3W4UepkbzgZ1HVB2LWf84cHC4a983k0avI1KtKSNd6Nn4qUJUa1Hj+mw7 -tlCwt97V+vbEnhFsoVjObJqsVXQOs9CdOiV2vsRqVD5tQPEq3AfowGHtNgxXbfO/ -wPiLmPSzZOaAlFaRXX6Off9B6RYuh5pVd/njewpsPAJfefiYeBOS0nThrQMbweyf -S7FG/ibAE8NspI2Dn3nT+D6cUeYzCVkhNKKgBzYotODMl0N3H6pfOQwWp0aO8teo -0v07lrePvMGNQcu2GuTM1v9YOt5kMrfbNgdAfrN8BLPUV/ZseCdKlfJLNlh6/pxr -STw95n1JvFHpSZCMR5NWbiEdtXZmlJTFlMNMww8vO3DwTkA9hdqnKl04yPHQQpMD -A5zVwuXbvH6GHaZJVHUrII6w8rjimo5r -=e4lF ------END PGP PUBLIC KEY BLOCK----- diff --git a/sandcastle-ng/apt/caddy-stable-archive-keyring.gpg.gpg b/sandcastle-ng/apt/caddy-stable-archive-keyring.gpg.gpg Binary files differ. diff --git a/sandcastle-ng/apt/caddy-stable.list b/sandcastle-ng/apt/caddy-stable.list @@ -1,9 +0,0 @@ -# Source: Caddy -# Site: https://github.com/caddyserver/caddy -# Repository: Caddy / stable -# Description: Fast, multi-platform web server with automatic HTTPS - - -deb [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main - -deb-src [signed-by=/usr/share/keyrings/caddy-stable-archive-keyring.gpg] https://dl.cloudsmith.io/public/caddy/stable/deb/debian any-version main diff --git a/sandcastle-ng/buildconfig/README b/sandcastle-ng/buildconfig/README @@ -1,5 +0,0 @@ -These files determine the git tag from which the respective components are -built in the base Docker image. - -They are in separate files to make modification checking with -staged Docker builds work nicely. diff --git a/sandcastle-ng/buildconfig/exchange.tag b/sandcastle-ng/buildconfig/exchange.tag @@ -1 +0,0 @@ -v0.9.4-dev.10 diff --git a/sandcastle-ng/buildconfig/gnunet.tag b/sandcastle-ng/buildconfig/gnunet.tag @@ -1 +0,0 @@ -v0.21.0-talerdev.5 diff --git a/sandcastle-ng/buildconfig/libeufin.tag b/sandcastle-ng/buildconfig/libeufin.tag @@ -1 +0,0 @@ -v0.9.3-dev.34 diff --git a/sandcastle-ng/buildconfig/libmhd.tag b/sandcastle-ng/buildconfig/libmhd.tag @@ -1 +0,0 @@ -v0.9.75 diff --git a/sandcastle-ng/buildconfig/merchant-demos.tag b/sandcastle-ng/buildconfig/merchant-demos.tag @@ -1 +0,0 @@ -v0.9.3-dev.6 diff --git a/sandcastle-ng/buildconfig/merchant.tag b/sandcastle-ng/buildconfig/merchant.tag @@ -1 +0,0 @@ -v0.9.4-dev.5 diff --git a/sandcastle-ng/buildconfig/sync.tag b/sandcastle-ng/buildconfig/sync.tag @@ -1 +0,0 @@ -v0.9.3 diff --git a/sandcastle-ng/buildconfig/wallet.tag b/sandcastle-ng/buildconfig/wallet.tag @@ -1 +0,0 @@ -v0.9.4-dev.4 diff --git a/sandcastle-ng/host/taler-sandcastle.service b/sandcastle-ng/host/taler-sandcastle.service @@ -1,13 +0,0 @@ -[Unit] -Description=Taler Sandcastle -Wants=network-online.target -After=network-online.target - -[Service] -ExecStart=%h/deployment/sandcastle-ng/sandcastle-run -ExecStop=/usr/bin/podman stop -t 10 taler-sandcastle -Restart=on-failure -Type=exec - -[Install] -WantedBy=default.target diff --git a/sandcastle-ng/overrides/test.taler.net b/sandcastle-ng/overrides/test.taler.net @@ -1,2 +0,0 @@ -CURRENCY=TESTKUDOS -MYDOMAIN=test.taler.net diff --git a/sandcastle-ng/print-component-versions b/sandcastle-ng/print-component-versions @@ -1,6 +0,0 @@ -#!/bin/bash -set -e - -for i in buildconfig/*.tag ; do - echo "$i is: $(cat $i)" -done diff --git a/sandcastle-ng/sandcastle-build b/sandcastle-ng/sandcastle-build @@ -1,9 +0,0 @@ -#!/usr/bin/env bash - -set -eu - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) - -cd "$SCRIPT_DIR" - -exec podman build -f Dockerfile --target taler-final -t taler-base-all . diff --git a/sandcastle-ng/sandcastle-enter b/sandcastle-ng/sandcastle-enter @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -exec podman exec -it taler-sandcastle /bin/bash diff --git a/sandcastle-ng/sandcastle-run b/sandcastle-ng/sandcastle-run @@ -1,71 +0,0 @@ -#!/usr/bin/env bash - -# Run the Taler container with all the right mounts and preset parameters - -set -exou - -SANDCASTLE_PORT_MERCHANT=16000 -SANDCASTLE_PORT_EXCHANGE=16001 -SANDCASTLE_PORT_BLOG=16002 -SANDCASTLE_PORT_DONATIONS=16003 -SANDCASTLE_PORT_SURVEY=16004 -SANDCASTLE_PORT_LANDING=16005 -SANDCASTLE_PORT_LIBEUFIN_BANK=16007 -SANDCASTLE_PORT_BANK_SPA=16009 - -# Container-internal ports, should by synced with scripts/setup-sandcastle.sh -PORT_INTERNAL_EXCHANGE=8201 -PORT_INTERNAL_MERCHANT=8301 -PORT_INTERNAL_LIBEUFIN_BANK=8080 -PORT_INTERNAL_LANDING=8501 -PORT_INTERNAL_BLOG=8502 -PORT_INTERNAL_DONATIONS=8503 -PORT_INTERNAL_SURVEY=8504 -PORT_INTERNAL_BANK_SPA=8505 - -SCRIPT_DIR=$( cd -- "$( dirname -- "${BASH_SOURCE[0]}" )" &> /dev/null && pwd ) -cd $SCRIPT_DIR - -existing_id=$(podman ps -q -a -f=name=taler-sandcastle) - -if [[ ! -z "$existing_id" ]]; then - echo "removing existing taler-sandcastle container $existing_id" - podman rm "$existing_id" -fi - -# We need to be careful with SELinux when using volume mounts, relabel! - -SETUP_NAME=${SANDCASTLE_SETUP_NAME:-demo} -if [[ ! -z "${SANDCASTLE_OVERRIDE_NAME:-}" ]]; then - OVERRIDES="-v $PWD/overrides/${SANDCASTLE_OVERRIDE_NAME}:/overrides:Z" -else - OVERRIDES="" -fi - -# Beware: It is futile to pass environment variables to the container here, -# as they will not be available in the systemd unit that provisions the -# services in the container. -# That's why we mount the right start-up script and override -# to a well-known location. - -podman run \ - -d \ - -p=$SANDCASTLE_PORT_MERCHANT:$PORT_INTERNAL_MERCHANT \ - -p=$SANDCASTLE_PORT_EXCHANGE:$PORT_INTERNAL_EXCHANGE \ - -p=$SANDCASTLE_PORT_LIBEUFIN_BANK:$PORT_INTERNAL_LIBEUFIN_BANK \ - -p=$SANDCASTLE_PORT_LANDING:$PORT_INTERNAL_LANDING \ - -p=$SANDCASTLE_PORT_BLOG:$PORT_INTERNAL_BLOG \ - -p=$SANDCASTLE_PORT_DONATIONS:$PORT_INTERNAL_DONATIONS \ - -p=$SANDCASTLE_PORT_SURVEY:$PORT_INTERNAL_SURVEY \ - -p=$SANDCASTLE_PORT_BANK_SPA:$PORT_INTERNAL_BANK_SPA \ - --name taler-sandcastle \ - --systemd=always \ - -v talerdata:/talerdata:Z \ - $OVERRIDES \ - -v $PWD/scripts:/scripts:Z \ - -v $PWD/scripts/$SETUP_NAME:/provision:Z \ - --entrypoint /sbin/init \ - "$@" \ - taler-base-all - -exec podman exec -it taler-sandcastle journalctl -f diff --git a/sandcastle-ng/scripts/demo/setup-sandcastle.sh b/sandcastle-ng/scripts/demo/setup-sandcastle.sh @@ -1,482 +0,0 @@ -#!/usr/bin/env bash - -# This scripts provisions all configuration and -# services for the Taler sandcastle container. -# -# Important: This script needs to be completely -# idempotent, nothing must break if it is executed -# multiple times. - -set -eu -set -x - -if [[ ! -z "${SANDCASTLE_SKIP_SETUP:-}" ]]; then - echo "skipping sandcastle setup, requested by environment var SANDCASTLE_SKIP_SETUP" - exit 1 -fi - -echo "Provisioning sandcastle" - -# General configuration. -# Might eventually be moved to an external file. - -# Source any ovverrides from external file -if [[ -e /overrides ]]; then - source /overrides -fi - -CURRENCY=${CURRENCY:="KUDOS"} -EXCHANGE_IBAN=DE159593 -EXCHANGE_PLAIN_PAYTO=payto://iban/$EXCHANGE_IBAN -EXCHANGE_FULL_PAYTO="payto://iban/$EXCHANGE_IBAN?receiver-name=Sandcastle+Echange+Inc" -EXCHANGE_BANK_PASSWORD=sandbox - -# Randomly generated IBANs for the merchants -MERCHANT_IBAN_DEFAULT=DE5135717 -MERCHANT_IBAN_POS=DE4218710 -MERCHANT_IBAN_BLOG=DE8292195 -MERCHANT_IBAN_GNUNET=DE9709960 -MERCHANT_IBAN_TALER=DE1740597 -MERCHANT_IBAN_TOR=DE2648777 -MERCHANT_IBAN_SURVEY=DE0793060 - -MYDOMAIN=${MYDOMAIN:="demo.taler.net"} -LANDING_DOMAIN=$MYDOMAIN -BANK_DOMAIN=bank.$MYDOMAIN -EXCHANGE_DOMAIN=exchange.$MYDOMAIN -MERCHANT_DOMAIN=backend.$MYDOMAIN -BLOG_DOMAIN=shop.$MYDOMAIN -DONATIONS_DOMAIN=donations.$MYDOMAIN -SURVEY_DOMAIN=survey.$MYDOMAIN - -# Ports of the services running inside the container. -# Should be synchronized with the sandcastle-run script. -PORT_INTERNAL_EXCHANGE=8201 -PORT_INTERNAL_MERCHANT=8301 -PORT_INTERNAL_LIBEUFIN_BANK=8080 -PORT_INTERNAL_LANDING=8501 -PORT_INTERNAL_BLOG=8502 -PORT_INTERNAL_DONATIONS=8503 -PORT_INTERNAL_SURVEY=8504 -PORT_INTERNAL_BANK_SPA=8505 - -# Just make sure the services are stopped -systemctl stop taler-exchange.target -systemctl stop taler-merchant-httpd.service -systemctl stop postgresql.service -systemctl stop taler-demo-landing.service -systemctl stop taler-demo-blog.service -systemctl stop taler-demo-donations.service -systemctl stop taler-demo-survey.service -systemctl stop libeufin-bank.service - -# We now make sure that some important locations are symlinked to -# the persistent storage volume. -# Files that already exist in this location are moved to the storage volume -# and then symlinked. -# These locations are: -# /etc/taler -# /etc/libeufin -# /var/lib/taler -# postgres DB directory - -function lift_dir() { - src=$1 - target=$2 - if [[ -L "$src" ]]; then - # be idempotent - echo "$src is already a symlink" - elif [[ -d /talerdata/$target ]]; then - echo "symlinking existing /talerdata/$target" - rm -rf "$src" - ln -s "/talerdata/$target" "$src" - else - echo "symlinking new /talerdata/$target" - mv "$src" "/talerdata/$target" - ln -s "/talerdata/$target" "$src" - fi -} - -lift_dir /var/lib/taler var-lib-taler -lift_dir /etc/taler etc-taler -lift_dir /etc/libeufin etc-libeufin -lift_dir /var/lib/postgresql var-lib-postgresql - -# Caddy configuration. -# We use the caddy reverse proxy with automatic -# internal TLS setup to ensure that the services are -# reachable inside the container without any external -# DNS setup under the same domain name and with TLS -# from inside the container. - -systemctl stop caddy.service - -cat <<EOF > /etc/caddy/Caddyfile -https://$BANK_DOMAIN { - tls internal - reverse_proxy :8080 { - # libeufin-bank should eventually not require this anymore, - # but currently doesn't work without this header. - header_up X-Forwarded-Prefix "" - } -} - -https://$EXCHANGE_DOMAIN { - tls internal - reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock -} - -https://$MERCHANT_DOMAIN { - tls internal - reverse_proxy unix//run/taler/merchant-httpd/merchant-http.sock -} - -# Services that only listen on unix domain sockets -# are reverse-proxied to serve on a TCP port. - -:$PORT_INTERNAL_EXCHANGE { - reverse_proxy unix//run/taler/exchange-httpd/exchange-http.sock -} - -:$PORT_INTERNAL_MERCHANT { - reverse_proxy unix//run/taler/merchant-httpd/merchant-http.sock { - # Set this, or otherwise wrong taler://pay URIs will be generated. - header_up X-Forwarded-Proto "https" - } -} - -:$PORT_INTERNAL_BANK_SPA { - root * /usr/share/libeufin/spa - root /settings.json /etc/libeufin/ - file_server -} -EOF - -cat <<EOF >> /etc/hosts -# Start of Taler Sandcastle Domains -127.0.0.1 $LANDING_DOMAIN -127.0.0.1 $BANK_DOMAIN -127.0.0.1 $EXCHANGE_DOMAIN -127.0.0.1 $MERCHANT_DOMAIN -127.0.0.1 $BLOG_DOMAIN -127.0.0.1 $DONATIONS_DOMAIN -127.0.0.1 $SURVEY_DOMAIN -# End of Taler Sandcastle Domains -EOF - -systemctl start caddy.service - -# Install local, internal CA certs for caddy -caddy trust - -systemctl start postgresql.service - -# Set up bank - - -BANK_DB=libeufinbank - -cat <<EOF >/etc/libeufin/libeufin-bank.conf -[libeufin-bankdb-postgres] -# DB connection string -CONFIG = postgresql:///$BANK_DB - -[libeufin-bank] -CURRENCY = $CURRENCY -DEFAULT_DEBT_LIMIT = $CURRENCY:500 -REGISTRATION_BONUS = $CURRENCY:100 -SPA_CAPTCHA_URL = https://$BANK_DOMAIN/webui/#/operation/{woid} -SUGGESTED_WITHDRAWAL_EXCHANGE = https://$EXCHANGE_DOMAIN/ -ALLOW_REGISTRATION = yes -SERVE = tcp -PORT = 8080 - -[currency-$CURRENCY] -ENABLED = YES -name = "$CURRENCY (Taler Demonstrator)" -code = "$CURRENCY" -decimal_separator = "." -fractional_input_digits = 2 -fractional_normal_digits = 2 -fractional_trailing_zero_digits = 2 -is_currency_name_leading = NO -alt_unit_names = {"0":"$CURRENCY"} -EOF - -cat <<EOF >/etc/libeufin/settings.json -{ - "topNavSites": { - "Landing": "https://$LANDING_DOMAIN/", - "Bank": "https://$BANK_DOMAIN", - "Essay Shop": "https://$BLOG_DOMAIN", - "Donations": "https://$DONATIONS_DOMAIN", - "Survey": "https://$SURVEY_DOMAIN" - } -} -EOF - -libeufin-dbconfig - -systemctl enable --now libeufin-bank.service - -taler-harness deployment wait-taler-service libeufin-bank https://$BANK_DOMAIN/config - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login exchange --exchange --public \ - --payto $EXCHANGE_PLAIN_PAYTO \ - --name Exchange \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-default --public \ - --payto "payto://iban/$MERCHANT_IBAN_DEFAULT" \ - --name "Default Demo Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-pos --public \ - --payto "payto://iban/$MERCHANT_IBAN_POS" \ - --name "PoS Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-blog --public \ - --payto "payto://iban/$MERCHANT_IBAN_BLOG" \ - --name "Blog Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-gnunet --public \ - --payto "payto://iban/$MERCHANT_IBAN_GNUNET" \ - --name "GNUnet Donations Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-taler --public \ - --payto "payto://iban/$MERCHANT_IBAN_TALER" \ - --name "Taler Donations Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-tor --public \ - --payto "payto://iban/$MERCHANT_IBAN_TOR" \ - --name "Tor Donations Merchant" \ - --password sandbox - -taler-harness deployment provision-bank-account https://$BANK_DOMAIN/ \ - --login merchant-survey --public \ - --payto "payto://iban/$MERCHANT_IBAN_SURVEY" \ - --name "Tor Survey Merchant" \ - --password sandbox - -sudo -i -u libeufin-bank libeufin-bank edit-account admin --debit_threshold=$CURRENCY:1000000 -sudo -i -u libeufin-bank libeufin-bank passwd admin sandbox - -# Set up exchange - -MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup) - -EXCHANGE_DB=talerexchange - -# Generate /etc/taler/conf.d/setup.conf -cat <<EOF > /etc/taler/conf.d/setup.conf -[taler] -CURRENCY = $CURRENCY -CURRENCY_ROUND_UNIT = $CURRENCY:0.01 - -[currency-$CURRENCY] -ENABLED = YES -name = "$CURRENCY (Taler Demonstrator)" -code = "$CURRENCY" -decimal_separator = "." -fractional_input_digits = 2 -fractional_normal_digits = 2 -fractional_trailing_zero_digits = 2 -is_currency_name_leading = NO -alt_unit_names = {"0":"$CURRENCY"} - -[exchange] -AML_THRESHOLD = $CURRENCY:1000000 -MASTER_PUBLIC_KEY = $MASTER_PUBLIC_KEY -BASE_URL = https://$EXCHANGE_DOMAIN/ - -[exchange-account-default] -PAYTO_URI = $EXCHANGE_FULL_PAYTO -ENABLE_DEBIT = YES -ENABLE_CREDIT = YES -@inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf -EOF - -cat <<EOF >/etc/taler/secrets/exchange-db.secret.conf -[exchangedb-postgres] -CONFIG=postgres:///${EXCHANGE_DB} -EOF -chmod 440 /etc/taler/secrets/exchange-db.secret.conf -chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf - -cat <<EOF > /etc/taler/secrets/exchange-accountcredentials-default.secret.conf -[exchange-accountcredentials-default] -WIRE_GATEWAY_URL = https://$BANK_DOMAIN/accounts/exchange/taler-wire-gateway/ -WIRE_GATEWAY_AUTH_METHOD = basic -USERNAME = exchange -PASSWORD = ${EXCHANGE_BANK_PASSWORD} -EOF - -chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf -chown taler-exchange-wire:taler-exchange-db /etc/taler/secrets/exchange-accountcredentials-default.secret.conf - -if [[ ! -e /etc/taler/conf.d/$CURRENCY-coins.conf ]]; then - # Only create if necessary, as each [COIN-...] section - # has a unique name with a timestamp. - taler-harness deployment gen-coin-config \ - --min-amount "${CURRENCY}:0.01" \ - --max-amount "${CURRENCY}:100" \ - >"/etc/taler/conf.d/$CURRENCY-coins.conf" -fi - -echo "Initializing exchange database" -taler-exchange-dbconfig - -taler-terms-generator -K -i /usr/share/taler/terms/exchange-tos-v0 -taler-terms-generator -K -i /usr/share/taler/terms/exchange-pp-v0 - -systemctl enable --now taler-exchange.target - -taler-harness deployment wait-taler-service taler-exchange https://$EXCHANGE_DOMAIN/config -taler-harness deployment wait-endpoint https://$EXCHANGE_DOMAIN/management/keys - -sudo -i -u taler-exchange-offline \ - taler-exchange-offline \ - -c /etc/taler/taler.conf \ - download \ - sign \ - upload - -sudo -i -u taler-exchange-offline \ - taler-exchange-offline \ - enable-account "${EXCHANGE_FULL_PAYTO}" \ - wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ - global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ - upload - -# Set up merchant backend - -MERCHANT_DB=talermerchant - -cat <<EOF >/etc/taler/secrets/merchant-db.secret.conf -[merchantdb-postgres] -CONFIG=postgres:///${MERCHANT_DB} -EOF - -chmod 440 /etc/taler/secrets/merchant-db.secret.conf -chown taler-merchant-httpd:root /etc/taler/secrets/merchant-db.secret.conf - -taler-merchant-dbconfig - -# The config shipped with the package can conflict with the -# trusted sandcastle exchange if the currency is KUDOS. -rm /usr/share/taler/config.d/kudos.conf - -cat <<EOF >/etc/taler/conf.d/merchant-exchanges.conf -[merchant-exchange-sandcastle] -EXCHANGE_BASE_URL = https://$EXCHANGE_DOMAIN/ -MASTER_KEY = $MASTER_PUBLIC_KEY -CURRENCY = $CURRENCY -EOF - -systemctl enable --now taler-merchant-httpd -taler-harness deployment wait-taler-service taler-merchant https://$MERCHANT_DOMAIN/config - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name Merchant \ - --id default \ - --payto "payto://iban/$MERCHANT_IBAN_DEFAULT?receiver-name=Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "POS Merchant" \ - --id pos \ - --payto "payto://iban/$MERCHANT_IBAN_POS?receiver-name=POS+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "Blog Merchant" \ - --id blog \ - --payto "payto://iban/$MERCHANT_IBAN_BLOG?receiver-name=Blog+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "GNUnet Merchant" \ - --id gnunet \ - --payto "payto://iban/$MERCHANT_IBAN_GNUNET?receiver-name=GNUnet+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "Taler Merchant" \ - --id taler \ - --payto "payto://iban/$MERCHANT_IBAN_TALER?receiver-name=Taler+Merchant" - -taler-harness deployment provision-merchant-instance \ - https://$MERCHANT_DOMAIN/ \ - --management-token secret-token:sandbox \ - --instance-token secret-token:sandbox \ - --name "Tor Merchant" \ - --id tor \ - --payto "payto://iban/$MERCHANT_IBAN_TOR?receiver-name=Tor+Merchant" - - -# Now we set up the taler-merchant-demos - -cat <<EOF >/etc/taler/taler-merchant-frontends.conf -# Different entry point, we need to repeat some settings. -# In the future, taler-merchant-demos should become -# robust enough to read from the main config. -[taler] -CURRENCY = $CURRENCY -[frontends] -BACKEND = https://$MERCHANT_DOMAIN/ -BACKEND_APIKEY = secret-token:sandbox -[landing] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_LANDING -[blog] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_BLOG -[donations] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_DONATIONS -[survey] -SERVE = http -HTTP_PORT = $PORT_INTERNAL_SURVEY -EOF - -# This really should not exist, the taler-merchant-frontends -# should be easier to configure! -cat <<EOF >/etc/taler/taler-merchant-frontends.env -TALER_ENV_URL_INTRO=https://$LANDING_DOMAIN/ -TALER_ENV_URL_LANDING=https://$LANDING_DOMAIN/ -TALER_ENV_URL_BANK=https://$BANK_DOMAIN/ -TALER_ENV_URL_MERCHANT_BLOG=https://$BLOG_DOMAIN/ -TALER_ENV_URL_MERCHANT_DONATIONS=https://$DONATIONS_DOMAIN/ -TALER_ENV_URL_MERCHANT_SURVEY=https://$SURVEY_DOMAIN/ -EOF - -systemctl enable --now taler-demo-landing -systemctl enable --now taler-demo-blog -systemctl enable --now taler-demo-donations -systemctl enable --now taler-demo-survey - - -# FIXME: Maybe do some taler-wallet-cli test? -# FIXME: How do we report errors occurring during the setup script? diff --git a/sandcastle-ng/scripts/none/setup-sandcastle.sh b/sandcastle-ng/scripts/none/setup-sandcastle.sh @@ -1,3 +0,0 @@ -#!/usr/bin/env bash - -echo "skipping provisioning" diff --git a/sandcastle-ng/systemd/setup-sandcastle.service b/sandcastle-ng/systemd/setup-sandcastle.service @@ -1,11 +0,0 @@ -[Unit] -Description=Provision the sandcastle -ConditionPathExists=/provision/setup-sandcastle.sh - -[Service] -Type=oneshot -ExecStart=/provision/setup-sandcastle.sh -RemainAfterExit=yes - -[Install] -WantedBy=multi-user.target