taler-deployment

Deployment scripts and configuration files
Log | Files | Refs | README
commit a069b85f53847e4decf65c24370f067524e15ac3
parent f5229c862edd53d60e20aafd0f8fffa6b68c4c98
Author: Javier Sepulveda <javier.sepulveda@uv.es>
Date:   Fri,  3 Mar 2023 19:12:05 +0100

Created config files + Created exchange/merchant sub-scripts

Diffstat:

Anetzbon/config/taler-internal.conf | 0


Anetzbon/config/taler.conf | 3+++


Mnetzbon/functions.sh | 34++++++++++++++++++++++++++++++++--


Mnetzbon/main.sh | 43+++++++++++++++++++++++++++++++++----------


Anetzbon/setup-exchange.sh | 28++++++++++++++++++++++++++++


Anetzbon/setup-merchant.sh | 8++++++++


6 files changed, 104 insertions(+), 12 deletions(-)

diff --git a/netzbon/config/taler-internal.conf b/netzbon/config/taler-internal.conf
diff --git a/netzbon/config/taler.conf b/netzbon/config/taler.conf
@@ -0,0 +1,3 @@
+DB_NAME="pgsql"
+ROLE_NAME="postgres"
+DATABASE_CONNECTION="jdbc:postgresql://localhost:5432/$DB_NAME?user=$ROLE_NAME"
diff --git a/netzbon/functions.sh b/netzbon/functions.sh
@@ -8,8 +8,7 @@ function say()
 }
 
 
-# Check user
-
+# Check user if the user is root
 
 function check_user()
 {
@@ -18,5 +17,36 @@ function check_user()
         say "Please run this script as root"
         exit 1
     fi
+}
+
+# Create users "exchange" and "merchant"
+
+function create_users()
+{
+    for n in exchange merchant
+    do 
+	# In case users already exists, remove it
+	deluser $n || true
+	rm -rf /home/$n
+	adduser --disabled-password $n
+    done
+}
 
+# Assign group and permissions to users
+
+function assign_user_permissions()
+{
+    for n in exchange merchant
+    do 
+	adduser www-data $n
+	mkdir -p /home/$n/.config/
+	# FIXME
+	# cp -r $n/* /home/$n/
+	# TODO: No taler.conf is provided
+	# mv /home/$n/taler.conf /home/$n/.config/taler.conf
+	chmod 600 /home/$n/.config/taler.conf
+	chown -R $n:$n /home/$n/
+	su - postgres -c "createuser $n"
+	su - postgres -c "createdb -O $n taler-$n"
+    done
 }
diff --git a/netzbon/main.sh b/netzbon/main.sh
@@ -2,13 +2,18 @@
 # This file is in the public domain.
 
 # main.sh is the main script that asks the questions and
-# puts the answers in environment variables in "deployment.conf" file
-# Nginx configuration - Reads values directly from "deployment.conf" file.
+# puts the answers into environment variables located at  "config/taler-internal.conf or config/taler.conf" files
+# Nginx configuration - Reads values directly from these "config files".
 
 set -eu
 
+# include functions source file
+
 source functions.sh
 
+# include variables config/taler.conf
+source config/taler.conf
+
 # Check if the user is root, otherwise EXIT.
 
 check_user
@@ -31,20 +36,26 @@ SANDBOX_EXCHANGE_PASSWORD=`uuidgen`
 
 read -s -p "Enter the password for the Webui backend: " WEB_INTERFACE_PASSWORD
 
-# Database default values
-
-DB_NAME="pgsql"
-ROLE_NAME="postgres"
-DATABASE_CONNECTION="jdbc:postgresql://localhost:5432/$DB_NAME?user=$ROLE_NAME"
-
 # END USER INTERACTION
 
-# START INSTALLATION
+# Put variables into taler-internal.conf
+echo "SANDBOX_ADMIN_PASSWORD=${SANDBOX_ADMIN_PASSWORD}" > config/taler-internal.conf
+echo "CURRENCY=${CURRENCY}" >> config/taler-internal.conf
+echo "WEB_INTERFACE_PASSWORD=${WEB_INTERFACE_PASSWORD}" >> config/taler-internal.conf
+echo "NEXUS_EXCHANGE_PASSWORD}=${NEXUS_EXCHANGE_PASSWORD}" >> config/taler-internal.conf
+echo "SANDBOX_EXCHANGE_PASSWORD=${SANDBOX_EXCHANGE_PASSWORD}" >> config/taler-internal.conf
 
-. config_launch_libeufin.sh
+# ENABLE MERCHANT & EXCHANGE
+create_users
+assign_user_permissions
+. setup-exchange.sh
+. setup-merchant.sh
 
 # ENABLE LIBEUFIN
 
+# Please take into account if something fails in this section, the NGINX configuration won't be created.
+# Recall all the scripts have the set -eu header.
+
 . config_launch_libeufin.sh
 
 systemctl enable --now libeufin-sandbox 
@@ -65,6 +76,18 @@ ln -s ${SITES_AVAILABLE_DIR}/taler-exchange ${SITES_ENABLED_DIR}/taler-exchange.
 
 systemctl reload nginx
 
+# Get SSL certificate for https - Certbot ???
+
+# letsencrypt certonly -d
+
+# taler.ti.bfh.ch
+# bank.chf.taler.net
+# exchange.chf.taler.net
+# backend.chf.taler.net
+# auditor.chf.taler.net
+
+# Final message to the user
+
 echo "Congratulations, you have successfully installed GNU Taler"
 echo "Please check your browser now at http://localhost:80"
 
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
@@ -0,0 +1,28 @@
+#!/bin/bash
+
+# Create master key
+
+su -c "mkdir -p ~/.local/share/taler/exchange/offline-keys" exchange
+su -c "gnunet-ecc -g1 ~/.local/share/taler/exchange/offline-keys/master.priv" exchange
+
+# Modify config/taler.conf
+
+# Then, modify the MASTER_PUBLIC_KEY option in taler.conf to contain
+# the public key. You can see the value to add using:
+
+su -c "gnunet-ecc -p ~/.local/share/taler/exchange/offline-keys/master.priv" exchange > MASTER_PUBLIC_KEY
+echo ${MASTER_PUBLIC_KEY} >> config/taler-internal.conf
+
+# Set a password for the exchange account at the bank
+
+# Next, set a password for the Exchange account at the bank, using
+# the 'bank' user:
+
+read -p "Exchange account bank password: " EXCHANGE_PASSWORD
+echo ${EXCHANGE_PASSWORD} >> config/taler-internal.conf
+
+# Now setup the wire responses, database and online signing keys:
+
+# taler-exchange-wire
+# taler-exchange-dbinit
+# taler-exchange-keyup -o auditor.in
diff --git a/netzbon/setup-merchant.sh b/netzbon/setup-merchant.sh
@@ -0,0 +1,8 @@
+#!/bin/bash
+
+# To initialize the merchant, simply run
+
+taler-merchant-dbinit
+
+# and possibly adjust the configuration in
+# ~/.config/taler.conf