setup-exchange.sh (7387B)
1 #!/bin/bash 2 # This file is in the public domain. 3 # 4 # This script configure and launches the Taler exchange. 5 # 6 # The environment must provide the following variables: 7 # 8 # - BANK_EXCHANGE_TOKEN (exchange token for libeufin-bank) 9 # - EXCHANGE_PAYTO (exchange account PAYTO) 10 # - PROTO (http or https?) 11 # - DOMAIN_NAME: DNS domain name to use for the setup 12 # 13 14 set -eu 15 16 notify_exit() { 17 [[ $1 == 0 ]] || echo Script "$0" failed, exit code "$1" 18 } 19 20 notify_err() { 21 echo "errexit on line $(caller)" >&2 22 } 23 24 trap '(exit 130)' INT 25 trap '(exit 143)' TERM 26 trap notify_err ERR 27 # shellcheck disable=SC2154 28 trap 'rc=$?; notify_exit $rc; exit $rc' EXIT 29 30 # End of error handling setup 31 32 source functions.sh 33 source config/user.conf 34 source config/internal.conf 35 36 EXCHANGE_DB="taler-exchange" 37 38 say "Beginning Exchange setup" 39 40 expect_vars BANK_EXCHANGE_TOKEN EXCHANGE_PAYTO PROTO DOMAIN_NAME 41 42 function die() { 43 say "$1" 44 exit 1 45 } 46 47 # Just try if sudo works for diagnostics 48 sudo -i -u taler-exchange-offline id >/dev/null || die "Error: Unable to switch to taler-exchange-offline user" 49 50 # Create master key as taler-exchange-offline *unless* user already 51 # set the MASTER_PUBLIC_KEY to some value we can use. 52 export MASTER_PRIV_DIR=.local/share/taler/exchange/offline-keys 53 export MASTER_PRIV_FILE=${MASTER_PRIV_DIR}/master.priv 54 export SECMOD_TOFU_FILE=${MASTER_PRIV_DIR}/secm_tofus.pub 55 if test -z "${MASTER_PUBLIC_KEY:-}"; then 56 if test "${DO_OFFLINE:-y}" == n; then 57 say "Error: No MASTER_PUBLIC_KEY but DO_OFFLINE set to NO" 58 exit 1 59 fi 60 say "Setting up offline key" 61 echo -e "[exchange-offline]\n"\ 62 "MASTER_PRIV_FILE=\$HOME/${MASTER_PRIV_FILE}\n"\ 63 "SECM_TOFU_FILE=\$HOME/${SECMOD_TOFU_FILE}\n"\ 64 >/etc/taler-exchange/conf.d/offline-setup.conf 65 66 MASTER_PUBLIC_KEY=$(sudo -i -u taler-exchange-offline taler-exchange-offline -LDEBUG setup 2>> setup.log) 67 echo "MASTER_PUBLIC_KEY=\"${MASTER_PUBLIC_KEY}\"" >>config/user.conf 68 if test -z "${DO_OFFLINE:-}"; then 69 # Set 'DO_OFFLINE' 70 DO_OFFLINE=y 71 echo "DO_OFFLINE=y" >>config/user.conf 72 fi 73 else 74 say "Master public key is $MASTER_PUBLIC_KEY" 75 if test ${DO_OFFLINE:-y} == y; then 76 MASTER_PUBLIC_KEY2=$(sudo -i -u taler-exchange-offline taler-exchange-offline setup 2>> setup.log) 77 if test "${MASTER_PUBLIC_KEY2}" != "${MASTER_PUBLIC_KEY}"; then 78 say "Error: master public key missmatch ${MASTER_PUBLIC_KEY2} does not match ${MASTER_PUBLIC_KEY}" 79 exit 1 80 fi 81 fi 82 fi 83 84 say "Stopping running exchange before reconfiguration" 85 systemctl stop taler-exchange.target &>> setup.log 86 87 say "Configuring exchange" 88 89 say "Removing optimized files" #FIXME remove when this file works 90 rm -f /usr/share/taler-exchange/{aml,kyc}-spa/*.{zstd,gz} 91 92 # Generate terms of service (ToS) 93 TERMS_ETAG= 94 if test ${DO_EXCHANGE_TERMS} == y; then 95 if test -z "${EXCHANGE_TERMS_FILE:-}"; then 96 say "Error: No EXCHANGE_TERMS_FILE set but DO_EXCHANGE_TERMS set to YES" 97 exit 1 98 fi 99 100 TERMS_ETAG="$(basename "$EXCHANGE_TERMS_FILE" .rst)" 101 102 say "Setting up terms of service (ToS)" 103 taler-terms-generator -i "${EXCHANGE_TERMS_FILE}" &>> setup.log 104 fi 105 106 # Generate privacy policy 107 PRIVACY_ETAG= 108 if test ${DO_EXCHANGE_PRIVACY} == y; then 109 if test -z "${EXCHANGE_PRIVACY_FILE:-}"; then 110 say "Error: No EXCHANGE_PRIVACY_FILE set but DO_EXCHANGE_PRIVACY set to YES" 111 exit 1 112 fi 113 114 PRIVACY_ETAG="$(basename "$EXCHANGE_PRIVACY_FILE" .rst)" 115 116 say "Setting up the privacy policy" 117 taler-terms-generator -i "${EXCHANGE_PRIVACY_FILE}" &>> setup.log 118 fi 119 120 export EXCHANGE_BASE_URL="$PROTO://exchange.${DOMAIN_NAME}/" 121 122 cat << EOF > /etc/taler-exchange/conf.d/setup.conf 123 [exchange] 124 CURRENCY=${CURRENCY} 125 CURRENCY_ROUND_UNIT=${CURRENCY}:0.01 126 TINY_AMOUNT=${CURRENCY}:0.01 127 AML_THRESHOLD=${CURRENCY}:1000000 128 MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY} 129 BASE_URL=${EXCHANGE_BASE_URL} 130 STEFAN_ABS=${CURRENCY}:0 131 STEFAN_LOG=${CURRENCY}:0 132 STEFAN_LIN=0 133 134 TERMS_ETAG=${TERMS_ETAG} 135 PRIVACY_ETAG=${PRIVACY_ETAG} 136 137 [merchant-exchange-${DOMAIN_NAME}] 138 MASTER_KEY=${MASTER_PUBLIC_KEY} 139 CURRENCY=${CURRENCY} 140 EXCHANGE_BASE_URL=${EXCHANGE_BASE_URL} 141 142 [exchange-account-default] 143 PAYTO_URI=${EXCHANGE_PAYTO} 144 ENABLE_DEBIT=YES 145 ENABLE_CREDIT=YES 146 @inline-secret@ exchange-accountcredentials-default ../secrets/exchange-accountcredentials-default.secret.conf 147 EOF 148 149 cat << EOF > /etc/taler-exchange/secrets/exchange-db.secret.conf 150 [exchangedb-postgres] 151 CONFIG=postgres:///exchange 152 EOF 153 154 chmod 440 /etc/taler-exchange/secrets/exchange-db.secret.conf 155 chown root:taler-exchange-db /etc/taler-exchange/secrets/exchange-db.secret.conf 156 157 cat << EOF > /etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf 158 159 [exchange-accountcredentials-default] 160 WIRE_GATEWAY_URL=${PROTO}://bank.$DOMAIN_NAME/accounts/exchange/taler-wire-gateway/ 161 WIRE_GATEWAY_AUTH_METHOD=bearer 162 TOKEN=${BANK_EXCHANGE_TOKEN} 163 EOF 164 165 chmod 400 /etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf 166 chown taler-exchange-wire:taler-exchange-db /etc/taler-exchange/secrets/exchange-accountcredentials-default.secret.conf 167 168 taler-harness deployment gen-coin-config \ 169 --min-amount "${CURRENCY}":0.01 \ 170 --max-amount "${CURRENCY}":100 | 171 sed -e "s/FEE_DEPOSIT = ${CURRENCY}:0.01/FEE_DEPOSIT = ${CURRENCY}:0/" \ 172 >/etc/taler-exchange/conf.d/"${CURRENCY}"-coins.conf 173 174 say "Fixing coin configuraiton..." 175 # FIXME: Fix exchange configuration, remove when taler-harness is updated 176 sed 's/coin-/coin_/i' -i /etc/taler-exchange/conf.d/*-coins.conf 177 178 say "Initializing exchange database" 179 taler-exchange-dbconfig &>> setup.log 180 181 say "Launching exchange" 182 systemctl enable taler-exchange.target &>> setup.log 183 systemctl restart taler-exchange.target &>> setup.log 184 185 say "Waiting for exchange HTTP service (/config)..." 186 curl -sS --max-time 30 \ 187 --retry-all-errors \ 188 --retry-delay 2 \ 189 --retry 10 \ 190 --fail \ 191 "${EXCHANGE_BASE_URL}"config &>> setup.log 192 193 say "Waiting for exchange management keys (this may take a while)..." 194 curl -sS --max-time 30 \ 195 --retry-delay 2 \ 196 --retry 60 \ 197 --fail \ 198 "${EXCHANGE_BASE_URL}"management/keys &>> setup.log 199 200 if test ${DO_OFFLINE} == y; then 201 say "Offline interaction..." 202 sudo -i -u taler-exchange-offline \ 203 taler-exchange-offline \ 204 download \ 205 sign \ 206 upload &>> setup.log 207 208 say "Exchange account setup..." 209 sudo -i -u taler-exchange-offline \ 210 taler-exchange-offline \ 211 enable-account "${EXCHANGE_PAYTO}" \ 212 display-hint 0 "${CURRENCY} Exchange" \ 213 wire-fee now x-taler-bank "${CURRENCY}":0 "${CURRENCY}":0 \ 214 global-fee now "${CURRENCY}":0 "${CURRENCY}":0 "${CURRENCY}":0 1h 6a 0 \ 215 upload &>> setup.log 216 217 say "Enabling timer to automate renewals..." 218 systemctl enable taler-exchange-offline.timer &>> setup.log 219 systemctl restart taler-exchange-offline.timer &>> setup.log 220 221 if test ${DO_CONVERSION} == y; then 222 say "Conversion account setup (restricted to CH-only)..." 223 sudo -i -u taler-exchange-offline taler-exchange-offline \ 224 enable-account "${CONVERSION_PAYTO}" \ 225 display-hint 10 "${FIAT_BANK_NAME}" \ 226 conversion-url "${PROTO}://bank.$DOMAIN_NAME/conversion-info/" \ 227 debit-restriction deny \ 228 wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ 229 upload &>> setup.log 230 fi 231 fi 232 233 say "Waiting for exchange /keys..." 234 curl -sS --max-time 2 \ 235 --retry-connrefused \ 236 --retry-delay 2 \ 237 --retry 10 \ 238 "${EXCHANGE_BASE_URL}"keys &>> setup.log 239 240 say "Exchange setup finished"