Commit | Line | Data |
---|---|---|
5a22025c AE |
1 | #!/usr/bin/env bash |
2 | # This file is in the public domain. | |
3 | ||
4 | ######### | |
5 | # This is an example of the steps needed to install and run GNU Taler | |
6 | ######## | |
7 | ||
8 | # This script assume root privileges. | |
9 | # Use this if you know what you are doing. | |
10 | ||
11 | export LANGUAGE=C | |
12 | export LC_ALL=C | |
13 | export LANG=C | |
14 | export LC_CTYPE=C | |
15 | ||
16 | set -e | |
17 | ||
18 | export CURRENCY=LIBRE | |
19 | export EXCHANGE_IBAN=DE940993 | |
20 | export MERCHANT_IBAN=DE463312 | |
21 | export ALICE_IBAN=DE474361 | |
22 | export BOB_IBAN=DE731371 | |
23 | ||
24 | read -p "Setup GNU Taler for $CURRENCY!. Press any key to start..." | |
25 | echo ========================================================================== | |
26 | echo ========================================================================== | |
27 | echo ========================================================================== | |
28 | echo "1/8 Update and install tools" | |
29 | ||
30 | apt update | |
31 | apt install -y gnupg less vim procps curl inetutils-ping jq net-tools man | |
32 | ||
33 | echo ---------------------------------------- | |
34 | read -p "1/8 tools installed. Press any key to continue..." | |
35 | echo ========================================================================== | |
36 | echo ========================================================================== | |
37 | echo ========================================================================== | |
38 | echo "2/8 Setup dns config and database " | |
39 | ||
40 | #using this hosts as alias for localhost | |
41 | #it will be useful for nginx configuration | |
42 | echo 127.0.0.1 bank.taler auditor.taler exchange.taler merchant.taler | tee -a /etc/hosts | |
43 | ||
44 | #install database and create a default user for the whole setup | |
45 | apt install -y postgresql | |
46 | service postgresql start | |
47 | su - postgres -c "createuser -d -l -r -s root" | |
48 | psql postgres -c "ALTER USER root PASSWORD 'root'" | |
49 | ||
50 | #create the database that we are going to use | |
51 | createdb auditor | |
52 | createdb exchange | |
53 | createdb merchant | |
54 | createdb sandbox | |
55 | createdb nexus | |
56 | ||
57 | echo ---------------------------------------- | |
58 | read -p "2/8 databases created. Press any key to continue..." | |
59 | echo ========================================================================== | |
60 | echo ========================================================================== | |
61 | echo ========================================================================== | |
62 | echo "3/8 Install GNU Taler components " | |
63 | ||
64 | yes no | apt install -y \ | |
65 | libeufin-sandbox \ | |
66 | libeufin-nexus \ | |
67 | taler-exchange \ | |
68 | taler-auditor \ | |
69 | taler-merchant \ | |
70 | taler-harness \ | |
71 | taler-wallet-cli | |
72 | ||
73 | echo ---------------------------------------- | |
74 | read -p "3/8 all components installed. Press any key to continue..." | |
75 | echo ========================================================================== | |
76 | echo ========================================================================== | |
77 | echo ========================================================================== | |
78 | echo "4/8 Setup NGINX reverse proxy" | |
79 | ||
80 | apt install -y nginx | |
81 | ||
82 | #enable sandbox and config server to http://bank.taler/ | |
83 | ln -s /etc/nginx/sites-available/libeufin-sandbox /etc/nginx/sites-enabled/ | |
84 | sed 's/server_name localhost/server_name bank.taler/' -i /etc/nginx/sites-available/libeufin-sandbox | |
85 | ||
86 | #enable auditor and config server to http://auditor.taler/ | |
87 | ln -s /etc/nginx/sites-available/taler-auditor /etc/nginx/sites-enabled/ | |
88 | sed 's/server_name localhost/server_name auditor.taler/' -i /etc/nginx/sites-available/taler-auditor | |
89 | sed 's_location /taler-auditor/_location /_' -i /etc/nginx/sites-available/taler-auditor | |
90 | ||
91 | #enable exchange and config server to http://exchange.taler/ | |
92 | ln -s /etc/nginx/sites-available/taler-exchange /etc/nginx/sites-enabled/ | |
93 | sed 's/server_name localhost/server_name exchange.taler/' -i /etc/nginx/sites-available/taler-exchange | |
94 | sed 's_location /taler-exchange/_location /_' -i /etc/nginx/sites-available/taler-exchange | |
95 | ||
96 | #enable merchant and config server to http://merchant.taler/ | |
97 | ln -s /etc/nginx/sites-available/taler-merchant /etc/nginx/sites-enabled/ | |
98 | sed 's/server_name localhost/server_name merchant.taler/' -i /etc/nginx/sites-available/taler-merchant | |
99 | sed 's_location /taler-merchant/_location /_' -i /etc/nginx/sites-available/taler-merchant | |
100 | ||
101 | #set nginx user to root se we dont have problems reading sockets with root ownership | |
102 | sed 's/^user www-data/user root/' -i /etc/nginx/nginx.conf | |
103 | ||
104 | #notify all services that are exposed with other host | |
105 | sed 's/X-Forwarded-Host "localhost"/X-Forwarded-Host $host/' -i /etc/nginx/sites-available/* | |
106 | ||
107 | nginx | |
108 | ||
109 | echo ---------------------------------------- | |
110 | read -p "4/8 web interface exposed. Press any key to continue..." | |
111 | echo ========================================================================== | |
112 | echo ========================================================================== | |
113 | echo ========================================================================== | |
114 | echo "5/8 Setup BANK instance and some accounts" | |
115 | ||
116 | export LIBEUFIN_SANDBOX_DB_CONNECTION="jdbc:postgresql://localhost:5432/sandbox?user=root&password=root" | |
117 | export LIBEUFIN_SANDBOX_URL="http://localhost:5016/" | |
118 | export LIBEUFIN_SANDBOX_USERNAME="admin" | |
119 | export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="bank" | |
120 | export LIBEUFIN_SANDBOX_PASSWORD=$LIBEUFIN_SANDBOX_ADMIN_PASSWORD | |
121 | ||
122 | export LIBEUFIN_NEXUS_DB_CONNECTION="jdbc:postgresql://localhost:5432/nexus?user=root&password=root" | |
123 | export LIBEUFIN_NEXUS_URL="http://localhost:5017/" | |
124 | export LIBEUFIN_NEXUS_USERNAME="nexus_admin" | |
125 | export LIBEUFIN_NEXUS_PASSWORD="secret_nexus" | |
126 | ||
127 | # bank configuration | |
128 | libeufin-sandbox config \ | |
129 | --bank-debt-limit 1000000 \ | |
130 | --users-debt-limit 10000 \ | |
131 | --with-signup-bonus \ | |
132 | --currency $CURRENCY \ | |
133 | --captcha-url http://bank.taler/ \ | |
134 | default | |
135 | ||
136 | mkdir /etc/libeufin/ | |
137 | cat >/etc/libeufin/demobank-ui-settings.js <<EOF | |
138 | globalThis.talerDemobankSettings = { | |
139 | backendBaseURL: "http://bank.taler/demobanks/default/", | |
140 | allowRegistrations: true, | |
141 | bankName: "FSF Bank" | |
142 | } | |
143 | EOF | |
144 | ||
145 | libeufin-sandbox default-exchange --demobank default http://exchange.taler/ payto://iban/$EXCHANGE_IBAN | |
146 | ||
147 | # nexus configuration | |
148 | libeufin-nexus superuser $LIBEUFIN_NEXUS_USERNAME --password $LIBEUFIN_NEXUS_PASSWORD | |
149 | ||
150 | # start services | |
151 | libeufin-sandbox serve --port 5016 --ipv4-only --no-localhost-only > log.sandbox 2> err.sandbox & | |
152 | libeufin-nexus serve --port 5017 --ipv4-only --no-localhost-only > log.nexus 2> err.nexus & | |
153 | ||
154 | echo "5/8 Waiting for nexus and sanbox to be ready" | |
155 | grep -q "Application started:" <(tail -f err.sandbox -n +0) | |
156 | grep -q "Application started:" <(tail -f err.nexus -n +0) | |
157 | ||
158 | echo "5/8 Creating accounts" | |
159 | LIBEUFIN_SANDBOX_USERNAME="exchange" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ | |
160 | --iban $EXCHANGE_IBAN --name "Exchange company" --public | |
161 | LIBEUFIN_SANDBOX_USERNAME="merchant" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ | |
162 | --iban $MERCHANT_IBAN --name "Merchant company" --public | |
163 | LIBEUFIN_SANDBOX_USERNAME="alice" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ | |
164 | --iban $ALICE_IBAN --name "Alice" --no-public | |
165 | LIBEUFIN_SANDBOX_USERNAME="bob" LIBEUFIN_SANDBOX_PASSWORD="123" libeufin-cli sandbox demobank register \ | |
166 | --iban $BOB_IBAN --name "Bob" --no-public | |
167 | ||
168 | echo "5/8 Creating the EBICs connection between sandbox and nexus" | |
169 | ### open sandbox to nexus | |
170 | libeufin-cli sandbox ebicshost create --host-id ebicHost | |
171 | libeufin-cli sandbox demobank new-ebicssubscriber \ | |
172 | --host-id ebicHost \ | |
173 | --partner-id ebicPartner \ | |
174 | --user-id ebicExchange \ | |
175 | --bank-account exchange | |
176 | ||
177 | ### connection nexus to sandbox | |
178 | libeufin-cli connections new-ebics-connection \ | |
179 | --ebics-url http://localhost:5016/ebicsweb \ | |
180 | --host-id ebicHost \ | |
181 | --partner-id ebicPartner \ | |
182 | --ebics-user-id ebicExchange \ | |
183 | nexus-conn | |
184 | ||
185 | libeufin-cli connections connect nexus-conn | |
186 | libeufin-cli connections download-bank-accounts nexus-conn | |
187 | libeufin-cli connections import-bank-account \ | |
188 | --offered-account-id exchange \ | |
189 | --nexus-bank-account-id nexus-exchange \ | |
190 | nexus-conn | |
191 | ||
192 | libeufin-cli accounts task-schedule nexus-exchange \ | |
193 | --task-type=submit \ | |
194 | --task-name=submit-payments-5secs \ | |
195 | --task-cronspec='*/1 * * * *' | |
196 | ||
197 | libeufin-cli accounts task-schedule nexus-exchange \ | |
198 | --task-type=fetch \ | |
199 | --task-name=fetch-5secs \ | |
200 | --task-cronspec='*/1 * * * *' \ | |
201 | --task-param-level=report \ | |
202 | --task-param-range-type=latest | |
203 | ||
204 | ### configuration of nexus | |
205 | echo "5/8 Creating nexus facade for the exchange" | |
206 | libeufin-cli facades new-taler-wire-gateway-facade \ | |
207 | --currency $CURRENCY \ | |
208 | --facade-name taler-exchange \ | |
209 | nexus-conn nexus-exchange | |
210 | ||
211 | libeufin-cli users create exchange-nexus --password exchange-nexus-password | |
212 | libeufin-cli permissions grant user exchange-nexus \ | |
213 | facade taler-exchange \ | |
214 | facade.talerwiregateway.transfer | |
215 | libeufin-cli permissions grant user exchange-nexus \ | |
216 | facade taler-exchange \ | |
217 | facade.talerwiregateway.history | |
218 | ||
219 | ||
220 | echo ---------------------------------------- | |
221 | read -p "5/8 banking system ready. Press any key to continue..." | |
222 | echo ========================================================================== | |
223 | echo ========================================================================== | |
224 | echo ========================================================================== | |
225 | echo "6/8 Setup Exchange" | |
226 | ||
227 | taler-config -s exchange -o master_public_key -V $(taler-exchange-offline setup) | |
228 | taler-config -s exchange -o base_url -V http://exchange.taler/ | |
229 | ||
230 | #database location | |
231 | taler-config -s exchangedb-postgres -o config -V postgres:///exchange | |
232 | taler-config -s exchange-account-1 -o payto_uri -V "payto://iban/$EXCHANGE_IBAN?receiver-name=Exchanger" | |
233 | taler-config -s exchange-account-1 -o enable_debit -V yes | |
234 | taler-config -s exchange-account-1 -o enable_credit -V yes | |
235 | ||
236 | #nexus connection | |
237 | taler-config -s exchange-accountcredentials-1 -o wire_gateway_url -V http://localhost:5017/facades/taler-exchange/taler-wire-gateway/ | |
238 | taler-config -s exchange-accountcredentials-1 -o username -V exchange-nexus | |
239 | taler-config -s exchange-accountcredentials-1 -o password -V exchange-nexus-password | |
240 | ||
241 | #monetary policy | |
242 | taler-config -s taler -o currency -V $CURRENCY | |
243 | taler-config -s taler -o aml_threshold -V $CURRENCY:10000 | |
244 | taler-config -s taler -o currency_round_unit -V $CURRENCY:0.1 | |
245 | ||
246 | taler-harness deployment gen-coin-config \ | |
247 | --min-amount $CURRENCY:0.1 \ | |
248 | --max-amount $CURRENCY:20 >> /etc/taler/taler.conf | |
249 | ||
250 | ||
251 | for coinSection in $(taler-config --list-sections | grep COIN); do | |
252 | taler-config -s $coinSection -o duration_withdraw -V "1 year" | |
253 | done | |
254 | ||
255 | taler-exchange-dbinit | |
256 | ||
257 | taler-exchange-secmod-eddsa -l log.secmod.eddsa -L debug & | |
258 | taler-exchange-secmod-rsa -l log.secmod.rsa -L debug & | |
259 | taler-exchange-secmod-cs -l log.secmod.cs -L debug & | |
260 | taler-exchange-httpd -l log.exchange -L debug & | |
261 | ||
262 | echo "6/8 Waiting for exchange HTTP service" | |
263 | sleep 1 | |
264 | grep -q "Updating keys of denomination" <(tail -F log.secmod.rsa -n +0) | |
265 | ||
266 | echo "6/8 Enable exchange wire transfer" | |
267 | ||
268 | #enable account and wire fee configuration | |
269 | taler-exchange-offline \ | |
270 | enable-account $(taler-config -s exchange-account-1 -o payto_uri) \ | |
271 | global-fee 2023 $CURRENCY:0 $CURRENCY:0 $CURRENCY:0 1year 1year 10 \ | |
272 | wire-fee 2023 iban $CURRENCY:0.1 $CURRENCY:0.1 \ | |
273 | upload; | |
274 | ||
275 | taler-exchange-offline download sign upload | |
276 | ||
277 | echo "6/8 Waiting for key signed" | |
278 | curl --unix-socket /run/taler/exchange-httpd/exchange-http.sock \ | |
279 | --max-time 2 \ | |
280 | --retry-connrefused \ | |
281 | --retry-delay 1 \ | |
282 | --retry 10 \ | |
283 | http://exchange.taler/keys &> /dev/null | |
284 | ||
285 | taler-exchange-wirewatch -l log.wirewatch -L debug & | |
286 | taler-exchange-transfer -l log.transfer -L debug & | |
287 | taler-exchange-aggregator -l log.aggregator -L debug & | |
288 | taler-exchange-closer -l log.closer -L debug & | |
289 | ||
290 | ||
291 | echo ---------------------------------------- | |
292 | read -p "6/8 exchange ready. Press any key to continue..." | |
293 | echo ========================================================================== | |
294 | echo ========================================================================== | |
295 | echo ========================================================================== | |
296 | echo "7/8 Setup auditor" | |
297 | ||
298 | taler-config -s auditor -o base_url -V http://auditor.taler/ | |
299 | taler-config -s auditordb-postgres -o config -V postgres:///auditor | |
300 | ||
301 | #add exchange into the auditor | |
302 | taler-auditor-exchange -m $(taler-config -s exchange -o master_public_key) -u $(taler-config -s exchange -o base_url) | |
303 | ||
304 | taler-auditor-dbinit | |
305 | ||
306 | echo "7/8 Notify the exchange about the auditor" | |
307 | ||
308 | taler-exchange-offline enable-auditor $(taler-auditor-offline setup) $(taler-config -s auditor -o base_url) the_auditor upload | |
309 | ||
310 | taler-auditor-httpd -l log.auditor -L debug & | |
311 | ||
312 | echo ---------------------------------------- | |
313 | read -p "7/8 auditor ready. Press any key to continue..." | |
314 | echo ========================================================================== | |
315 | echo ========================================================================== | |
316 | echo ========================================================================== | |
317 | echo "8/8 Setup merchant" | |
318 | ||
319 | taler-config -s merchantdb-postgres -o config -V postgres:///merchant | |
320 | ||
321 | taler-config -s merchant-exchange-fsf -o exchange_base_url -V $(taler-config -s exchange -o base_url) | |
322 | taler-config -s merchant-exchange-fsf -o master_key -V $(taler-config -s exchange -o master_public_key) | |
323 | taler-config -s merchant-exchange-fsf -o currency -V $CURRENCY | |
324 | ||
325 | taler-config -s merchant-auditor-fsf -o auditor_base_url -V $(taler-config -s auditor -o base_url) | |
326 | taler-config -s merchant-auditor-fsf -o auditor_key -V $(taler-auditor-offline setup) | |
327 | taler-config -s merchant-auditor-fsf -o currency -V $CURRENCY | |
328 | ||
329 | taler-merchant-dbinit | |
330 | ||
331 | taler-merchant-httpd -a secret-token:secret -l log.merchant -L debug & | |
332 | ||
333 | echo "8/8 creating the first instance" | |
334 | sleep 1 | |
335 | curl 'http://merchant.taler/management/instances' \ | |
336 | --unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \ | |
337 | -X POST -H 'Authorization: Bearer secret-token:secret' \ | |
338 | --data-raw '{"id":"default","payto_uris":["payto://iban/'$MERCHANT_IBAN'?receiver-name=merchant"],"default_pay_delay":{"d_us":7200000000},"default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us":172800000000},"name":"FSF","email":"","default_max_deposit_fee":"'$CURRENCY':3","default_max_wire_fee":"'$CURRENCY':3","auth":{"method":"token","token":"secret-token:secret"},"address":{},"jurisdiction":{}}' | |
339 | ||
340 | curl 'http://merchant.taler/instances/default/private/products' \ | |
341 | --unix-socket /var/run/taler/merchant-httpd/merchant-http.sock \ | |
342 | -X POST -H 'Authorization: Bearer secret-token:secret' \ | |
343 | -d @shirt.json | |
344 | ||
345 | echo ---------------------------------------- | |
346 | read -p "8/8 merchant ready. Press any key to close." | |
347 | echo ========================================================================== | |
348 | echo ========================================================================== | |
349 | echo ========================================================================== | |
350 |