# gnutaler-docker Container stack for GNU Taler (Exchange, Merchant, LibEuFin Bank) with optional Caddy reverse proxy, automatic DB initialization, and an optional WordPress/WooCommerce demo shop with the GNU Taler payment plugin. ## Components - `compose.yml`: services postgres, exchange, merchant, bank, Caddy (`*.domain.tld`), one-off `exchange-account-init` job, optional `mariadb`/`wordpress`/`wp-init`. - `Dockerfile`: builds GNUnet/Taler/LibEuFin from Git and ships helper scripts. - `entrypoints/with-dbinit.sh`: renders templates via `envsubst`, waits for Postgres, runs `*-dbinit`, sets LibEuFin admin/user passwords. - `postgres/init/01-init-taler.sh`: creates DB users/databases using passwords from `.env`. - `scripts/enable-exchange-account.sh`: offline tool to enable the exchange payto account (optional, gated by `ENABLE_EXCHANGE_ACCOUNT`). - `scripts/provision-bank-user.sh`: creates a bank user, sets debit limit, generates a token, and writes it to the host. - `exchange/…`, `merchant/…`, `bank/…`: templated configs plus terms/privacy. - `caddy/Caddyfile`: reverse proxy with hosts from environment, ACME certificates. - `wordpress` stack: MariaDB + WordPress + WP-CLI init installing WooCommerce and `gnu-taler-payment-for-woocommerce`. ## Quick start 1. Prereqs: Docker + Docker Compose. 2. Copy `.env.example` → `.env` and fill it (passwords, hosts/URLs, ACME mail, master key, `EXCHANGE_SECRETS_PATH`, etc.). Important: - `EXCHANGE_SECRETS_PATH`: host path containing the exchange master private key (persistent!). - `MASTER_PUBLIC_KEY`: must match the master private key. - `LIBEUFIN_MERCHANT_TOKEN`: set after token generation (see below). - Versions: `GNUNET_REF` (default v0.26.1), `EXCHANGE_REF`, `MERCHANT_REF`, `LIBEUFIN_REF`, optional `GNUNET_TARBALL_URL` for tarball builds. 3. Build: `./scripts/build-image.sh` (liest `.env` für Build-Refs/URLs). Alternativ mit expliziten Build-Args, da `docker build ...` die `.env` NICHT automatisch lädt: ``` docker build \ --build-arg GNUNET_TARBALL_URL="$GNUNET_TARBALL_URL" \ --build-arg GNUNET_REF="$GNUNET_REF" \ --build-arg EXCHANGE_REF="$EXCHANGE_REF" \ --build-arg MERCHANT_REF="$MERCHANT_REF" \ --build-arg LIBEUFIN_REF="$LIBEUFIN_REF" \ -t taler-stack:build . ``` 4. Start: `docker compose up -d` 5. Generate bank token: `./scripts/provision-bank-user.sh` (bank service must be running). The token is written to `TOKEN_OUTPUT` (default `bank/token-info.txt`); copy the secret token into `.env` as `LIBEUFIN_MERCHANT_TOKEN`. 6. Optional: auto-enable exchange payto by setting `ENABLE_EXCHANGE_ACCOUNT=1` in `.env` (adjust PAYTO/hosts); job runs as `exchange-account-init`. 7. WordPress/WooCommerce (optional): set `WP_DB_*`, `WP_URL`, admin creds, and `WORDPRESS_HOST` in `.env`; `wp-init` installs WordPress, WooCommerce, and the GNU Taler payment plugin. ## Caddy / reverse proxy - Hosts via `BANK_HOST`, `EXCHANGE_HOST`, `MERCHANT_HOST`, `WORDPRESS_HOST`; ACME mail via `CADDY_ACME_EMAIL`. - On domain changes, adjust BASE_URL/PAYTO in `.env`; templates render automatically at startup. - You can remove direct port mappings (8080/8081/9966/8085) if only Caddy should be exposed. ## Notes - Passwords in `.env` must match `postgres/init/01-init-taler.sh` (picked up automatically via environment). - Keep the master key stable; mount it via `EXCHANGE_SECRETS_PATH`, do not regenerate on startup. - If `ENABLE_EXCHANGE_ACCOUNT=0`, run the offline tool manually (`scripts/enable-exchange-account.sh` inside the exchange container). - With custom CAs, set `EXCHANGE_CURL_OPTS="-k"` if the offline job needs to curl `/keys` over HTTPS. - After changing DB passwords in `.env`, no manual SQL rendering is needed—the init script reads them at container start. - Release refs/tarballs: Browse tags/commits at `https://git.taler.net/{gnunet,exchange,merchant,libeufin}.git/` (Tarballs via `.../snapshot/.tar.gz`) and set `*_REF`/`GNUNET_TARBALL_URL` accordingly. - Offline tarball drop-in: place a GNUnet tarball under `vendor/` (e.g., `gnunet-*.tar.gz`); the build picks the first match and falls back to git if the tarball looks incomplete. ## Useful commands - Logs: `docker compose logs -f exchange` (or bank/merchant/caddy/wordpress). - Re-provision bank users/token: `./scripts/provision-bank-user.sh` - Manual payto enable: `docker compose run --rm exchange /usr/local/bin/enable-exchange-account.sh PAYTO_URI=...`