2 # This file is in the public domain.
5 # This is an example of the steps needed to install and run GNU Taler
8 # This script assume root privileges.
9 # Use this if you know what you are doing.
19 export EXCHANGE_IBAN
=DE940993
20 export MERCHANT_IBAN
=DE463312
21 export ALICE_IBAN
=DE474361
22 export BOB_IBAN
=DE731371
24 read -p "Setup GNU Taler for $CURRENCY!. Press any key to start..."
25 echo ==========================================================================
26 echo ==========================================================================
27 echo ==========================================================================
28 echo "1/8 Update and install tools"
31 apt
install -y gnupg
less vim procps curl inetutils-ping jq net-tools man
33 echo ----------------------------------------
34 read -p "1/8 tools installed. Press any key to continue..."
35 echo ==========================================================================
36 echo ==========================================================================
37 echo ==========================================================================
38 echo "2/8 Setup dns config and database "
40 #using this hosts as alias for localhost
41 #it will be useful for nginx configuration
42 echo 127.0.0.1 bank.taler auditor.taler exchange.taler merchant.taler |
tee -a /etc
/hosts
44 #install database and create a default user for the whole setup
45 apt
install -y postgresql
46 service postgresql start
47 su
- postgres
-c "createuser -d -l -r -s root"
48 psql postgres
-c "ALTER USER root PASSWORD 'root'"
50 #create the database that we are going to use
57 echo ----------------------------------------
58 read -p "2/8 databases created. Press any key to continue..."
59 echo ==========================================================================
60 echo ==========================================================================
61 echo ==========================================================================
62 echo "3/8 Install GNU Taler components "
64 yes no | apt
install -y \
73 echo ----------------------------------------
74 read -p "3/8 all components installed. Press any key to continue..."
75 echo ==========================================================================
76 echo ==========================================================================
77 echo ==========================================================================
78 echo "4/8 Setup NGINX reverse proxy"
82 #enable sandbox and config server to http://bank.taler/
83 ln -s /etc
/nginx
/sites-available
/libeufin-sandbox
/etc
/nginx
/sites-enabled
/
84 sed 's/server_name localhost/server_name bank.taler/' -i /etc
/nginx
/sites-available
/libeufin-sandbox
86 #enable auditor and config server to http://auditor.taler/
87 ln -s /etc
/nginx
/sites-available
/taler-auditor
/etc
/nginx
/sites-enabled
/
88 sed 's/server_name localhost/server_name auditor.taler/' -i /etc
/nginx
/sites-available
/taler-auditor
89 sed 's_location /taler-auditor/_location /_' -i /etc
/nginx
/sites-available
/taler-auditor
91 #enable exchange and config server to http://exchange.taler/
92 ln -s /etc
/nginx
/sites-available
/taler-exchange
/etc
/nginx
/sites-enabled
/
93 sed 's/server_name localhost/server_name exchange.taler/' -i /etc
/nginx
/sites-available
/taler-exchange
94 sed 's_location /taler-exchange/_location /_' -i /etc
/nginx
/sites-available
/taler-exchange
96 #enable merchant and config server to http://merchant.taler/
97 ln -s /etc
/nginx
/sites-available
/taler-merchant
/etc
/nginx
/sites-enabled
/
98 sed 's/server_name localhost/server_name merchant.taler/' -i /etc
/nginx
/sites-available
/taler-merchant
99 sed 's_location /taler-merchant/_location /_' -i /etc
/nginx
/sites-available
/taler-merchant
101 #set nginx user to root se we dont have problems reading sockets with root ownership
102 sed 's/^user www-data/user root/' -i /etc
/nginx
/nginx.conf
104 #notify all services that are exposed with other host
105 sed 's/X-Forwarded-Host "localhost"/X-Forwarded-Host $host/' -i /etc
/nginx
/sites-available
/*
109 echo ----------------------------------------
110 read -p "4/8 web interface exposed. Press any key to continue..."
111 echo ==========================================================================
112 echo ==========================================================================
113 echo ==========================================================================
114 echo "5/8 Setup BANK instance and some accounts"
116 export LIBEUFIN_SANDBOX_DB_CONNECTION
="jdbc:postgresql://localhost:5432/sandbox?user=root&password=root"
117 export LIBEUFIN_SANDBOX_URL
="http://localhost:5016/"
118 export LIBEUFIN_SANDBOX_USERNAME
="admin"
119 export LIBEUFIN_SANDBOX_ADMIN_PASSWORD
="bank"
120 export LIBEUFIN_SANDBOX_PASSWORD
=$LIBEUFIN_SANDBOX_ADMIN_PASSWORD
122 export LIBEUFIN_NEXUS_DB_CONNECTION
="jdbc:postgresql://localhost:5432/nexus?user=root&password=root"
123 export LIBEUFIN_NEXUS_URL
="http://localhost:5017/"
124 export LIBEUFIN_NEXUS_USERNAME
="nexus_admin"
125 export LIBEUFIN_NEXUS_PASSWORD
="secret_nexus"
128 libeufin-sandbox config \
129 --bank-debt-limit 1000000 \
130 --users-debt-limit 10000 \
131 --with-signup-bonus \
132 --currency $CURRENCY \
133 --captcha-url http
://bank.taler
/ \
137 cat >/etc
/libeufin
/demobank-ui-settings.js
<<EOF
138 globalThis.talerDemobankSettings = {
139 backendBaseURL: "http://bank.taler/demobanks/default/",
140 allowRegistrations: true,
145 libeufin-sandbox default-exchange
--demobank default http
://exchange.taler
/ payto
://iban
/$EXCHANGE_IBAN
147 # nexus configuration
148 libeufin-nexus superuser
$LIBEUFIN_NEXUS_USERNAME --password $LIBEUFIN_NEXUS_PASSWORD
151 libeufin-sandbox serve
--port 5016 --ipv4-only --no-localhost-only > log.sandbox
2> err.sandbox
&
152 libeufin-nexus serve
--port 5017 --ipv4-only --no-localhost-only > log.nexus
2> err.nexus
&
154 echo "5/8 Waiting for nexus and sanbox to be ready"
155 grep -q "Application started:" <(tail -f err.sandbox
-n +0)
156 grep -q "Application started:" <(tail -f err.nexus
-n +0)
158 echo "5/8 Creating accounts"
159 LIBEUFIN_SANDBOX_USERNAME
="exchange" LIBEUFIN_SANDBOX_PASSWORD
="123" libeufin-cli sandbox demobank register \
160 --iban $EXCHANGE_IBAN --name "Exchange company" --public
161 LIBEUFIN_SANDBOX_USERNAME
="merchant" LIBEUFIN_SANDBOX_PASSWORD
="123" libeufin-cli sandbox demobank register \
162 --iban $MERCHANT_IBAN --name "Merchant company" --public
163 LIBEUFIN_SANDBOX_USERNAME
="alice" LIBEUFIN_SANDBOX_PASSWORD
="123" libeufin-cli sandbox demobank register \
164 --iban $ALICE_IBAN --name "Alice" --no-public
165 LIBEUFIN_SANDBOX_USERNAME
="bob" LIBEUFIN_SANDBOX_PASSWORD
="123" libeufin-cli sandbox demobank register \
166 --iban $BOB_IBAN --name "Bob" --no-public
168 echo "5/8 Creating the EBICs connection between sandbox and nexus"
169 ### open sandbox to nexus
170 libeufin-cli sandbox ebicshost create
--host-id ebicHost
171 libeufin-cli sandbox demobank new-ebicssubscriber \
173 --partner-id ebicPartner \
174 --user-id ebicExchange \
175 --bank-account exchange
177 ### connection nexus to sandbox
178 libeufin-cli connections new-ebics-connection \
179 --ebics-url http
://localhost
:5016/ebicsweb \
181 --partner-id ebicPartner \
182 --ebics-user-id ebicExchange \
185 libeufin-cli connections connect nexus-conn
186 libeufin-cli connections download-bank-accounts nexus-conn
187 libeufin-cli connections import-bank-account \
188 --offered-account-id exchange \
189 --nexus-bank-account-id nexus-exchange \
192 libeufin-cli accounts task-schedule nexus-exchange \
194 --task-name=submit-payments-5secs \
195 --task-cronspec='*/1 * * * *'
197 libeufin-cli accounts task-schedule nexus-exchange \
199 --task-name=fetch-5secs \
200 --task-cronspec='*/1 * * * *' \
201 --task-param-level=report \
202 --task-param-range-type=latest
204 ### configuration of nexus
205 echo "5/8 Creating nexus facade for the exchange"
206 libeufin-cli facades new-taler-wire-gateway-facade \
207 --currency $CURRENCY \
208 --facade-name taler-exchange \
209 nexus-conn nexus-exchange
211 libeufin-cli users create exchange-nexus
--password exchange-nexus-password
212 libeufin-cli permissions grant user exchange-nexus \
213 facade taler-exchange \
214 facade.talerwiregateway.transfer
215 libeufin-cli permissions grant user exchange-nexus \
216 facade taler-exchange \
217 facade.talerwiregateway.
history
220 echo ----------------------------------------
221 read -p "5/8 banking system ready. Press any key to continue..."
222 echo ==========================================================================
223 echo ==========================================================================
224 echo ==========================================================================
225 echo "6/8 Setup Exchange"
227 taler-config
-s exchange
-o master_public_key
-V $
(taler-exchange-offline setup
)
228 taler-config
-s exchange
-o base_url
-V http
://exchange.taler
/
231 taler-config
-s exchangedb-postgres
-o config
-V postgres
:///exchange
232 taler-config
-s exchange-account-1
-o payto_uri
-V "payto://iban/$EXCHANGE_IBAN?receiver-name=Exchanger"
233 taler-config
-s exchange-account-1
-o enable_debit
-V yes
234 taler-config
-s exchange-account-1
-o enable_credit
-V yes
237 taler-config
-s exchange-accountcredentials-1
-o wire_gateway_url
-V http
://localhost
:5017/facades
/taler-exchange
/taler-wire-gateway
/
238 taler-config
-s exchange-accountcredentials-1
-o username
-V exchange-nexus
239 taler-config
-s exchange-accountcredentials-1
-o password
-V exchange-nexus-password
242 taler-config
-s taler
-o currency
-V $CURRENCY
243 taler-config
-s taler
-o aml_threshold
-V $CURRENCY:10000
244 taler-config
-s taler
-o currency_round_unit
-V $CURRENCY:0.1
246 taler-harness deployment gen-coin-config \
247 --min-amount $CURRENCY:0.1 \
248 --max-amount $CURRENCY:20 >> /etc
/taler
/taler.conf
251 for coinSection
in $
(taler-config
--list-sections |
grep COIN
); do
252 taler-config
-s $coinSection -o duration_withdraw
-V "1 year"
255 taler-exchange-dbinit
257 taler-exchange-secmod-eddsa
-l log.secmod.eddsa
-L debug
&
258 taler-exchange-secmod-rsa
-l log.secmod.rsa
-L debug
&
259 taler-exchange-secmod-cs
-l log.secmod.cs
-L debug
&
260 taler-exchange-httpd
-l log.exchange
-L debug
&
262 echo "6/8 Waiting for exchange HTTP service"
264 grep -q "Updating keys of denomination" <(tail -F log.secmod.rsa
-n +0)
266 echo "6/8 Enable exchange wire transfer"
268 #enable account and wire fee configuration
269 taler-exchange-offline \
270 enable-account $
(taler-config
-s exchange-account-1
-o payto_uri
) \
271 global-fee
2023 $CURRENCY:0 $CURRENCY:0 $CURRENCY:0 1year
1year
10 \
272 wire-fee
2023 iban
$CURRENCY:0.1 $CURRENCY:0.1 \
275 taler-exchange-offline download sign upload
277 echo "6/8 Waiting for key signed"
278 curl
--unix-socket /run
/taler
/exchange-httpd
/exchange-http.sock \
280 --retry-connrefused \
283 http
://exchange.taler
/keys
&> /dev
/null
285 taler-exchange-wirewatch
-l log.wirewatch
-L debug
&
286 taler-exchange-transfer
-l log.transfer
-L debug
&
287 taler-exchange-aggregator
-l log.aggregator
-L debug
&
288 taler-exchange-closer
-l log.closer
-L debug
&
291 echo ----------------------------------------
292 read -p "6/8 exchange ready. Press any key to continue..."
293 echo ==========================================================================
294 echo ==========================================================================
295 echo ==========================================================================
296 echo "7/8 Setup auditor"
298 taler-config
-s auditor
-o base_url
-V http
://auditor.taler
/
299 taler-config
-s auditordb-postgres
-o config
-V postgres
:///auditor
301 #add exchange into the auditor
302 taler-auditor-exchange
-m $
(taler-config
-s exchange
-o master_public_key
) -u $
(taler-config
-s exchange
-o base_url
)
306 echo "7/8 Notify the exchange about the auditor"
308 taler-exchange-offline enable-auditor $
(taler-auditor-offline setup
) $
(taler-config
-s auditor
-o base_url
) the_auditor upload
310 taler-auditor-httpd
-l log.auditor
-L debug
&
312 echo ----------------------------------------
313 read -p "7/8 auditor ready. Press any key to continue..."
314 echo ==========================================================================
315 echo ==========================================================================
316 echo ==========================================================================
317 echo "8/8 Setup merchant"
319 taler-config
-s merchantdb-postgres
-o config
-V postgres
:///merchant
321 taler-config
-s merchant-exchange-fsf
-o exchange_base_url
-V $
(taler-config
-s exchange
-o base_url
)
322 taler-config
-s merchant-exchange-fsf
-o master_key
-V $
(taler-config
-s exchange
-o master_public_key
)
323 taler-config
-s merchant-exchange-fsf
-o currency
-V $CURRENCY
325 taler-config
-s merchant-auditor-fsf
-o auditor_base_url
-V $
(taler-config
-s auditor
-o base_url
)
326 taler-config
-s merchant-auditor-fsf
-o auditor_key
-V $
(taler-auditor-offline setup
)
327 taler-config
-s merchant-auditor-fsf
-o currency
-V $CURRENCY
329 taler-merchant-dbinit
331 taler-merchant-httpd
-a secret-token
:secret
-l log.merchant
-L debug
&
333 echo "8/8 creating the first instance"
335 curl
'http://merchant.taler/management/instances' \
336 --unix-socket /var
/run
/taler
/merchant-httpd
/merchant-http.sock \
337 -X POST
-H 'Authorization: Bearer secret-token:secret' \
338 --data-raw '{"id":"default","payto_uris":["payto://iban/'$MERCHANT_IBAN'?receiver-name=merchant"],"default_pay_delay":{"d_us":7200000000},"default_wire_fee_amortization":1,"default_wire_transfer_delay":{"d_us":172800000000},"name":"FSF","email":"","default_max_deposit_fee":"'$CURRENCY':3","default_max_wire_fee":"'$CURRENCY':3","auth":{"method":"token","token":"secret-token:secret"},"address":{},"jurisdiction":{}}'
340 curl
'http://merchant.taler/instances/default/private/products' \
341 --unix-socket /var
/run
/taler
/merchant-httpd
/merchant-http.sock \
342 -X POST
-H 'Authorization: Bearer secret-token:secret' \
345 echo ----------------------------------------
346 read -p "8/8 merchant ready. Press any key to close."
347 echo ==========================================================================
348 echo ==========================================================================
349 echo ==========================================================================