Initial Taler stack with templated configs, db init script, caddy proxy
This commit is contained in:
nocci
commit
d0b0722a7b
16 changed files with 723 additions and 0 deletions
61
scripts/enable-exchange-account.sh
Normal file
61
scripts/enable-exchange-account.sh
Normal file
|
|
@ -0,0 +1,61 @@
|
|||
#!/usr/bin/env bash
|
||||
# Helper to enable a bank account for the exchange via taler-exchange-offline.
|
||||
# Run this inside the exchange container (where the master private key lives).
|
||||
# Requires taler-exchange-offline and a valid master key in the secrets path.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
EXCHANGE_CONFIG="${EXCHANGE_CONFIG:-/etc/taler/taler-exchange.conf}"
|
||||
PAYTO_URI="${PAYTO_URI:-payto://x-taler-bank/ob.antifa.ltd/demogeld?receiver-name=demogeld}"
|
||||
OUT="${ENABLE_ACCOUNT_JSON:-/tmp/enable-account.json}"
|
||||
EXCHANGE_KEYS_URL="${EXCHANGE_KEYS_URL:-http://exchange:8081/keys}"
|
||||
EXCHANGE_WAIT_RETRIES="${EXCHANGE_WAIT_RETRIES:-60}"
|
||||
EXCHANGE_WAIT_INTERVAL="${EXCHANGE_WAIT_INTERVAL:-2}"
|
||||
EXCHANGE_CURL_OPTS="${EXCHANGE_CURL_OPTS:-}"
|
||||
|
||||
render_template() {
|
||||
local src="$1"
|
||||
local dst="$2"
|
||||
if [[ -f "${src}" ]]; then
|
||||
echo "Rendering template ${src} -> ${dst}"
|
||||
envsubst < "${src}" > "${dst}"
|
||||
fi
|
||||
}
|
||||
|
||||
render_template /etc/taler/taler-exchange.conf.tmpl /etc/taler/taler-exchange.conf
|
||||
render_template /etc/taler/conf.d/99-exchange.conf.tmpl /etc/taler/conf.d/99-exchange.conf
|
||||
|
||||
enabled_flag="${ENABLE_EXCHANGE_ACCOUNT:-0}"
|
||||
case "${enabled_flag,,}" in
|
||||
1|true|yes|on) ;;
|
||||
*)
|
||||
echo "ENABLE_EXCHANGE_ACCOUNT not set to true; skipping enable-account."
|
||||
exit 0
|
||||
;;
|
||||
esac
|
||||
|
||||
echo "Using config: ${EXCHANGE_CONFIG}"
|
||||
echo "Payto URI: ${PAYTO_URI}"
|
||||
echo "Output JSON: ${OUT}"
|
||||
echo "Waiting for exchange at: ${EXCHANGE_KEYS_URL}"
|
||||
|
||||
wait_for_exchange() {
|
||||
local i
|
||||
for ((i=1; i<=EXCHANGE_WAIT_RETRIES; i++)); do
|
||||
if curl -fsS ${EXCHANGE_CURL_OPTS} "${EXCHANGE_KEYS_URL}" >/dev/null 2>&1; then
|
||||
echo "Exchange reachable (attempt ${i})."
|
||||
return 0
|
||||
fi
|
||||
sleep "${EXCHANGE_WAIT_INTERVAL}"
|
||||
done
|
||||
echo "Exchange not reachable after ${EXCHANGE_WAIT_RETRIES} attempts." >&2
|
||||
return 1
|
||||
}
|
||||
|
||||
wait_for_exchange
|
||||
|
||||
taler-exchange-offline -c "${EXCHANGE_CONFIG}" enable-account "${PAYTO_URI}" > "${OUT}"
|
||||
echo "enable-account JSON written to ${OUT}"
|
||||
|
||||
taler-exchange-offline -c "${EXCHANGE_CONFIG}" upload < "${OUT}"
|
||||
echo "Upload complete."
|
||||
77
scripts/provision-bank-user.sh
Normal file
77
scripts/provision-bank-user.sh
Normal file
|
|
@ -0,0 +1,77 @@
|
|||
#!/usr/bin/env bash
|
||||
# Provision LibEuFin bank users, debit limits and tokens via docker compose.
|
||||
# Reads .env if present, then uses docker compose exec inside the bank container.
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
if [[ -f ".env" ]]; then
|
||||
set -a
|
||||
# shellcheck disable=SC1091
|
||||
source ".env"
|
||||
set +a
|
||||
fi
|
||||
|
||||
COMPOSE_CMD="${COMPOSE_CMD:-docker compose}"
|
||||
BANK_SERVICE="${BANK_SERVICE:-bank}"
|
||||
BANK_CONFIG="${BANK_CONFIG:-/etc/libeufin/bank.conf}"
|
||||
|
||||
USER="${LIBEUFIN_USER:-demogeld}"
|
||||
USER_PASSWORD="${LIBEUFIN_USER_PASSWORD:-}"
|
||||
DEBIT_THRESHOLD="${LIBEUFIN_DEBIT_THRESHOLD:-DEMOGELD:1000000}"
|
||||
|
||||
TOKEN_USER="${LIBEUFIN_MERCHANT_USER:-demogeldbank}"
|
||||
TOKEN_PASSWORD="${LIBEUFIN_MERCHANT_PASSWORD:-}"
|
||||
TOKEN_SCOPE="${LIBEUFIN_MERCHANT_SCOPE:-readwrite}"
|
||||
TOKEN_DURATION="${LIBEUFIN_MERCHANT_TOKEN_DURATION:-forever}"
|
||||
TOKEN_OUTPUT="${TOKEN_OUTPUT:-bank/token-info.txt}"
|
||||
|
||||
ensure_user() {
|
||||
echo "Ensuring bank user '${USER}' exists (password will be set if provided)..."
|
||||
if ! ${COMPOSE_CMD} exec -T "${BANK_SERVICE}" libeufin-bank users add "${USER}" --password "${USER_PASSWORD}" -c "${BANK_CONFIG}" >/tmp/libeufin-users-add.log 2>&1; then
|
||||
if grep -qi "already exists" /tmp/libeufin-users-add.log; then
|
||||
echo "User ${USER} already exists; proceeding."
|
||||
else
|
||||
echo "Failed to add user ${USER}:"
|
||||
cat /tmp/libeufin-users-add.log
|
||||
exit 1
|
||||
fi
|
||||
fi
|
||||
|
||||
echo "Setting debit threshold ${DEBIT_THRESHOLD} for ${USER}..."
|
||||
${COMPOSE_CMD} exec -T "${BANK_SERVICE}" libeufin-bank edit-account "${USER}" \
|
||||
--debit_threshold "${DEBIT_THRESHOLD}" -c "${BANK_CONFIG}"
|
||||
}
|
||||
|
||||
provision_token() {
|
||||
echo "Creating token for user '${TOKEN_USER}' (scope=${TOKEN_SCOPE}, duration=${TOKEN_DURATION})..."
|
||||
local token_output
|
||||
token_output="$(${COMPOSE_CMD} exec -T "${BANK_SERVICE}" libeufin-bank create-token \
|
||||
-c "${BANK_CONFIG}" \
|
||||
--user="${TOKEN_USER}" \
|
||||
--scope="${TOKEN_SCOPE}" \
|
||||
--duration="${TOKEN_DURATION}")"
|
||||
|
||||
echo "Token response:"
|
||||
echo "${token_output}"
|
||||
|
||||
mkdir -p "$(dirname "${TOKEN_OUTPUT}")"
|
||||
{
|
||||
echo "# Generated $(date -Is)"
|
||||
echo "USER=${TOKEN_USER}"
|
||||
echo "SCOPE=${TOKEN_SCOPE}"
|
||||
echo "DURATION=${TOKEN_DURATION}"
|
||||
echo "${token_output}"
|
||||
} > "${TOKEN_OUTPUT}"
|
||||
echo "Token saved to ${TOKEN_OUTPUT}"
|
||||
}
|
||||
|
||||
main() {
|
||||
if [[ -z "${USER_PASSWORD}" || -z "${TOKEN_PASSWORD}" ]]; then
|
||||
echo "Warning: LIBEUFIN_USER_PASSWORD or LIBEUFIN_MERCHANT_PASSWORD not set; user/token may be created without password enforcement." >&2
|
||||
fi
|
||||
ensure_user
|
||||
provision_token
|
||||
echo "Done."
|
||||
}
|
||||
|
||||
main "$@"
|
||||
Loading…
Add table
Add a link
Reference in a new issue