Initial Taler stack with templated configs, db init script, caddy proxy

2025-12-11 12:22:48 +00:00 · 2025-12-11 12:22:48 +00:00 · d0b0722a7b
commit d0b0722a7b
16 changed files with 723 additions and 0 deletions
--- a/entrypoints/with-dbinit.sh
+++ b/entrypoints/with-dbinit.sh
@ -0,0 +1,119 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+: "${PGHOST:=postgres}"
+: "${PGPORT:=5432}"
+: "${PGUSER:=postgres}"
+: "${PGPASSWORD:=taler}"
+
+if [[ -z "${DB_NAME:-}" ]]; then
+  echo "DB_NAME not set; cannot run dbinit" >&2
+  exit 1
+fi
+
+if [[ -z "${INIT_CMD:-}" ]]; then
+  echo "INIT_CMD not set; cannot run dbinit" >&2
+  exit 1
+fi
+
+SERVICE_CMD=("$@")
+
+render_template() {
+  local src="$1"
+  local dst="$2"
+  if [[ -f "${src}" ]]; then
+    echo "Rendering template ${src} -> ${dst}"
+    envsubst < "${src}" > "${dst}"
+  fi
+}
+
+render_templates() {
+  case "${SERVICE_CMD[0]:-}" in
+    taler-exchange-httpd|taler-exchange-*)
+      render_template /etc/taler/taler-exchange.conf.tmpl /etc/taler/taler-exchange.conf
+      render_template /etc/taler/conf.d/99-exchange.conf.tmpl /etc/taler/conf.d/99-exchange.conf
+      ;;
+    taler-merchant-httpd|taler-merchant-*)
+      render_template /etc/taler-merchant/merchant.conf.tmpl /etc/taler-merchant/merchant.conf
+      ;;
+    libeufin-bank)
+      render_template /etc/libeufin/bank.conf.tmpl /etc/libeufin/bank.conf
+      ;;
+  esac
+}
+
+render_templates
+
+wait_for_db() {
+  echo "Waiting for Postgres at ${PGHOST}:${PGPORT}..."
+  until pg_isready -h "${PGHOST}" -p "${PGPORT}" -U "${PGUSER}" >/dev/null 2>&1; do
+    sleep 1
+  done
+}
+
+db_has_tables() {
+  local count
+  count="$(psql -h "${PGHOST}" -p "${PGPORT}" -U "${PGUSER}" -d "${DB_NAME}" -Atc \
+    "SELECT COUNT(*) FROM information_schema.tables WHERE table_schema='public';")"
+  [[ "${count}" != "0" ]]
+}
+
+run_init() {
+  if [[ "${SKIP_DBINIT:-}" == "1" ]]; then
+    echo "SKIP_DBINIT=1 set; skipping dbinit for ${DB_NAME}"
+    return
+  fi
+
+  echo "Running dbinit for ${DB_NAME}: ${INIT_CMD}"
+  # shellcheck disable=SC2206
+  init_arr=(${INIT_CMD})
+  "${init_arr[@]}"
+}
+
+set_libeufin_admin_password() {
+  # Only relevant for libeufin-bank service and if credentials are provided.
+  if [[ "${SERVICE_CMD[0]:-}" != "libeufin-bank" ]]; then
+    return
+  fi
+  if [[ -z "${LIBEUFIN_ADMIN_USER:-}" || -z "${LIBEUFIN_ADMIN_PASSWORD:-}" ]]; then
+    return
+  fi
+  echo "Setting LibEuFin admin password for user ${LIBEUFIN_ADMIN_USER}"
+  if ! printf "%s\n%s\n" "${LIBEUFIN_ADMIN_PASSWORD}" "${LIBEUFIN_ADMIN_PASSWORD}" | \
+    libeufin-bank passwd "${LIBEUFIN_ADMIN_USER}" -c /etc/libeufin/bank.conf; then
+    echo "Warning: failed to set LibEuFin admin password" >&2
+  fi
+}
+
+ensure_libeufin_user() {
+  # Create/update a non-admin bank user if configured.
+  if [[ "${SERVICE_CMD[0]:-}" != "libeufin-bank" ]]; then
+    return
+  fi
+  if [[ -z "${LIBEUFIN_USER:-}" || -z "${LIBEUFIN_USER_PASSWORD:-}" ]]; then
+    return
+  fi
+  echo "Ensuring LibEuFin user ${LIBEUFIN_USER}"
+  if ! libeufin-bank users add "${LIBEUFIN_USER}" --password "${LIBEUFIN_USER_PASSWORD}" \
+    -c /etc/libeufin/bank.conf 2>/tmp/libeufin-add-user.log; then
+    if grep -qi "already exists" /tmp/libeufin-add-user.log; then
+      echo "LibEuFin user ${LIBEUFIN_USER} already exists; skipping creation."
+    else
+      echo "Warning: failed to ensure LibEuFin user ${LIBEUFIN_USER}" >&2
+      cat /tmp/libeufin-add-user.log >&2
+    fi
+  fi
+}
+
+wait_for_db
+if db_has_tables; then
+  echo "Database ${DB_NAME} already initialized; skipping dbinit."
+else
+  run_init
+fi
+render_templates
+set_libeufin_admin_password
+ensure_libeufin_user
+
+echo "Starting service command: ${SERVICE_CMD[*]}"
+exec "${SERVICE_CMD[@]}"