[taler-deployment] branch master updated: revise netzbon deployment scripts for 0.9.3

[gnunet]

This is an automated email from the git hooks/post-receive script.

grothoff pushed a commit to branch master
in repository deployment.

The following commit(s) were added to refs/heads/master by this push:
     new 3e2bb52  revise netzbon deployment scripts for 0.9.3
3e2bb52 is described below

commit 3e2bb52a2ba701c47c711d0f5d0318fe99e44956
Author: Christian Grothoff <grothoff@gnunet.org>
AuthorDate: Mon Nov 27 08:33:49 2023 +0900

    revise netzbon deployment scripts for 0.9.3
---
 netzbon/README                    |   2 +-
 netzbon/config_launch_libeufin.sh | 270 --------------------------------------
 netzbon/config_libeufin_bank.sh   | 102 ++++++++++++++
 netzbon/install_packages.sh       |   2 +-
 netzbon/main.sh                   |  24 ++--
 netzbon/setup-exchange.sh         |  71 +++-------
 netzbon/setup-merchant.sh         |   3 +
 7 files changed, 140 insertions(+), 334 deletions(-)

diff --git a/netzbon/README b/netzbon/README
index b5fde4f..d2fb5c7 100644
--- a/netzbon/README
+++ b/netzbon/README
@@ -126,7 +126,7 @@ Components
 The goal is not to only setup the Debian packages, but to also configure
 all of the components:
 
-* libeufin-sandbox with an account for the administrator and the exchange
+* libeufin-bank with an account for the administrator and the exchange
 * libeufin-nexus with access to the exchange account and Taler facade
 * exchange with denominations, fees (all zero) and credentials for the 
libeufin-nexus
 * merchant backend with the master key of the exchange for the target currency
diff --git a/netzbon/config_launch_libeufin.sh 
b/netzbon/config_launch_libeufin.sh
deleted file mode 100755
index 8c22c9a..0000000
--- a/netzbon/config_launch_libeufin.sh
+++ /dev/null
@@ -1,270 +0,0 @@
-#!/bin/bash
-# This file is in the public domain.
-#
-# This script configure and launches Sandbox and Nexus.
-# The setup provides the admin account at Sandbox, and
-# another account for the exchange at Nexus and Sandbox.
-# A Taler facade to serve taler-wire-gateway requests
-# is also provided.  The currency defaults to "NB".
-
-# The environment must provide the following variables:
-# - SANDBOX_ADMIN_PASSWORD: password of the Netzbon administrator.
-# - NEXUS_EXCHANGE_PASSWORD: password of the Nexus user hosted
-#     at Nexus, this password will let the Wire-gateway access
-#     its banking records.  The related username is:
-#     exchange-at-nexus
-# - SANDBOX_EXCHANGE_PASSWORD: password of the exchange
-#     bank account hosted at Sandbox.  The related
-#     username is: exchange-at-sandbox
-# - BANK_NAME: human-readable name for the bank
-#
-# OUTPUTS:
-#
-# LIBEUFIN_NEXUS_USERNAME -- username of the exchange
-# EXCHANGE_IBAN -- IBAN of the exchange
-# EXCHANGE_PAYTO -- payto-URI of the exchange
-
-set -eu
-
-source functions.sh
-source config/user.conf
-source config/internal.conf
-
-if test -z "${BANK_NAME:-}"; then
-  say "Error: config/user.conf does not specify BANK_NAME"
-  exit 1
-fi
-if test -z "${DOMAIN_NAME:-}"; then
-  say "Error: config/user.conf does not specify DOMAIN_NAME"
-  exit 1
-fi
-if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then
-  say "Error: config/user.conf does not specify SANDBOX_ADMIN_PASSWORD"
-  exit 1
-fi
-
-# TODO: add sanity-checks for presence of other required env-vars
-
-if test "${ENABLE_TLS:-}" == "y"; then
-  PROTO="https"
-else
-  PROTO="http"
-fi
-
-say "Setting up libeufin"
-
-# EBICS parameters that must match but are only used internally.
-EBICS_HOST_ID="TALERHOST"
-EBICS_PARTNER_ID="talerop"
-EBICS_USER_ID="exchangeebics"
-EBICS_CONNECTION_NAME="exchangeconn"
-LIBEUFIN_TALER_FACADE="taler-facade"
-export LIBEUFIN_NEXUS_USERNAME="exchange-at-nexus"
-echo "LIBEUFIN_NEXUS_USERNAME=\"${LIBEUFIN_NEXUS_USERNAME}\"" 
>>config/internal.conf
-
-# Load configuration with
-# LIBEUFIN_NEXUS_DB_CONNECTION and
-# LIBEUFIN_NEXUS_PORT
-# shellcheck disable=SC1091
-source /etc/libeufin/nexus.env
-export LIBEUFIN_NEXUS_DB_CONNECTION
-
-if test -z "${LIBEUFIN_NEXUS_DB_CONNECTION:-}"; then
-  say "Error: /etc/libeufin/nexus.env does not specify 
LIBEUFIN_NEXUS_DB_CONNECTION"
-  exit 1
-fi
-
-export LIBEUFIN_NEXUS_PASSWORD=$NEXUS_EXCHANGE_PASSWORD
-export LIBEUFIN_NEXUS_URL="http://localhost:${LIBEUFIN_NEXUS_PORT}";
-
-# Load configuration with
-# LIBEUFIN_SANDBOX_DB_CONNECTION and
-# LIBEUFIN_SANDBOX_PORT
-# shellcheck disable=SC1091
-. /etc/libeufin/sandbox.env
-export LIBEUFIN_SANDBOX_DB_CONNECTION
-
-if test -z "${LIBEUFIN_SANDBOX_DB_CONNECTION:-}"; then
-  say "Error: /etc/libeufin/sandbox.env does not specify 
LIBEUFIN_SANDBOX_DB_CONNECTION"
-  exit 1
-fi
-
-export LIBEUFIN_SANDBOX_ADMIN_PASSWORD="${SANDBOX_ADMIN_PASSWORD}"
-# FIXME-CG: this should be done inside the Debian package (incl. pw generation)
-# We need to add this password to the systemd environment to make it effective.
-echo "LIBEUFIN_SANDBOX_ADMIN_PASSWORD=\"${SANDBOX_ADMIN_PASSWORD}\"" 
>>/etc/libeufin/sandbox.env
-
-SANDBOX_URL="http://localhost:${LIBEUFIN_SANDBOX_PORT}/";
-
-say "Configure the default demobank with ${CURRENCY}..."
-MY_DIR=$PWD
-
-# Go to directory valid for other users.
-cd /
-sudo -E -u libeufin-sandbox \
-  libeufin-sandbox config \
-  --captcha-url "${PROTO}://bank.${DOMAIN_NAME}" \
-  --bank-debt-limit 1000000 \
-  --users-debt-limit 0 \
-  --without-signup-bonus \
-  --currency "${CURRENCY}" \
-  default
-say "DONE"
-say "Start the bank..."
-systemctl enable --now libeufin-sandbox
-
-say "DONE"
-say "Waiting for sandbox..."
-curl --max-time 25 \
-  --retry-connrefused \
-  --retry-delay 3 \
-  --retry 10 \
-  "${SANDBOX_URL}" &>/dev/null
-say "DONE"
-
-say "Make one superuser at Nexus..."
-sudo -E -u libeufin-nexus libeufin-nexus superuser \
-  ${LIBEUFIN_NEXUS_USERNAME} \
-  --password "$NEXUS_EXCHANGE_PASSWORD"
-say "DONE"
-say "Launching Nexus..."
-
-systemctl enable --now libeufin-nexus
-
-say "DONE"
-say "Waiting for Nexus..."
-curl --max-time 25 \
-  --retry-connrefused \
-  --retry-delay 3 \
-  --retry 10 \
-  "${LIBEUFIN_NEXUS_URL}" &>/dev/null
-say "DONE"
-
-EXCHANGE_SANDBOX_USERNAME="exchange-at-sandbox"
-say "Register the exchange Sandbox account..."
-export LIBEUFIN_SANDBOX_USERNAME=$EXCHANGE_SANDBOX_USERNAME
-export LIBEUFIN_SANDBOX_PASSWORD="${SANDBOX_EXCHANGE_PASSWORD}"
-# Succeed also if the account already exists...
-# (hopefully with the same password!)
-# FIXME-MS: might be better to DELETE an existing
-# account here instead!??
-libeufin-cli \
-  sandbox --sandbox-url "${SANDBOX_URL}" \
-  demobank register || true
-say "DONE"
-
-say "Getting the exchange IBAN and Payto URI..."
-EXCHANGE_DETAILS=$(libeufin-cli \
-  sandbox --sandbox-url "${SANDBOX_URL}" \
-  demobank info --bank-account ${LIBEUFIN_SANDBOX_USERNAME})
-say "DONE"
-
-EXCHANGE_IBAN=$(echo "$EXCHANGE_DETAILS" | jq -r .iban)
-EXCHANGE_PAYTO=$(echo "$EXCHANGE_DETAILS" | jq -r .paytoUri)
-
-# Communicating this to the exchange script, as the exchange
-# needs it for the /wire response.
-export EXCHANGE_IBAN
-export EXCHANGE_PAYTO
-echo "EXCHANGE_IBAN=\"${EXCHANGE_IBAN}\"" >>"${MY_DIR}"/config/internal.conf
-echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>"${MY_DIR}"/config/internal.conf
-
-say "Setting the default exchange at Sandbox..."
-libeufin-sandbox default-exchange "${PROTO}://exchange.$DOMAIN_NAME/" 
"$EXCHANGE_PAYTO"
-say "DONE"
-
-export LIBEUFIN_SANDBOX_USERNAME="admin"
-export LIBEUFIN_SANDBOX_PASSWORD=$SANDBOX_ADMIN_PASSWORD
-say "Create EBICS host at Sandbox..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing host first.
-libeufin-cli sandbox \
-  --sandbox-url "${SANDBOX_URL}" \
-  ebicshost create --host-id ${EBICS_HOST_ID} || true
-say "OK"
-
-say "Create exchange EBICS subscriber at Sandbox..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing host first.
-libeufin-cli sandbox \
-  --sandbox-url "${SANDBOX_URL}" \
-  demobank new-ebicssubscriber \
-  --host-id ${EBICS_HOST_ID} \
-  --user-id ${EBICS_USER_ID} \
-  --partner-id ${EBICS_PARTNER_ID} \
-  --bank-account ${EXCHANGE_SANDBOX_USERNAME} || true
-say "OK"
-
-say "Creating the EBICS connection at Nexus..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing host first.
-libeufin-cli connections new-ebics-connection \
-  --ebics-url "${SANDBOX_URL}ebicsweb" \
-  --host-id ${EBICS_HOST_ID} \
-  --partner-id ${EBICS_PARTNER_ID} \
-  --ebics-user-id ${EBICS_USER_ID} \
-  ${EBICS_CONNECTION_NAME} || true
-say "DONE"
-
-say "Setup EBICS keying..."
-libeufin-cli connections connect ${EBICS_CONNECTION_NAME} >/dev/null
-say "OK"
-
-say "Download bank account name from Sandbox..."
-libeufin-cli connections download-bank-accounts ${EBICS_CONNECTION_NAME}
-say "OK"
-
-say "Importing bank account info into Nexus..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing connection first.
-libeufin-cli connections import-bank-account \
-  --offered-account-id ${EXCHANGE_SANDBOX_USERNAME} \
-  --nexus-bank-account-id ${LIBEUFIN_NEXUS_USERNAME} \
-  ${EBICS_CONNECTION_NAME} || true
-echo "OK"
-
-say "Create the Taler facade at Nexus..."
-# Continue on failure, request is not idempotent...
-# FIXME-MS: might be nicer to delete existing facade first.
-libeufin-cli facades \
-  new-taler-wire-gateway-facade \
-  --currency "$CURRENCY" \
-  --facade-name ${LIBEUFIN_TALER_FACADE} \
-  ${EBICS_CONNECTION_NAME} ${LIBEUFIN_NEXUS_USERNAME} || true
-say "OK"
-
-export 
WIRE_GATEWAY_URL="${LIBEUFIN_NEXUS_URL}/facades/${LIBEUFIN_TALER_FACADE}/taler-wire-gateway/"
-echo "WIRE_GATEWAY_URL=\"${WIRE_GATEWAY_URL}\"" 
>>"${MY_DIR}"/config/internal.conf
-
-say "Configuring the background jobs to submit/get transactions..."
-# Tries every second.
-# Not idempotent, FIXME #7739
-libeufin-cli accounts task-schedule \
-  --task-type submit \
-  --task-name exchange-payments \
-  --task-cronspec "* * *" \
-  "${LIBEUFIN_NEXUS_USERNAME}" || true
-say "OK"
-
-# Tries every second.  Ask C52
-say "Setup history fetch task.."
-# Not idempotent, FIXME #7739
-libeufin-cli accounts task-schedule \
-  --task-type fetch \
-  --task-name exchange-history \
-  --task-cronspec "* * *" \
-  --task-param-level report \
-  --task-param-range-type latest \
-  "${LIBEUFIN_NEXUS_USERNAME}" || true
-say "OK"
-
-say "Setting up SPA configuration..."
-
-# shellcheck disable=SC2002
-cat /usr/share/libeufin/demobank-ui/demobank-ui-settings.js |
-  sed -e "s/localhost/bank.${DOMAIN_NAME}/g" |
-  sed -e "s/Taler Bank/${BANK_NAME}/g" \
-  sed -e "s/http:\/\//${PROTO}:\/\//g" \
-    >/etc/libeufin/demobank-ui-settings.js
-
-say "DONE"
diff --git a/netzbon/config_libeufin_bank.sh b/netzbon/config_libeufin_bank.sh
new file mode 100644
index 0000000..4c1fda0
--- /dev/null
+++ b/netzbon/config_libeufin_bank.sh
@@ -0,0 +1,102 @@
+#!/bin/bash
+# This file is in the public domain.
+#
+# This script configure and launches libeufin-bank.
+# The setup provides the admin account at the bank, and
+# another account for the exchange at the bank.
+#
+# The environment must provide the following variables:
+# - BANK_ADMIN_PASSWORD: password of the Netzbon administrator.
+# - BANK_EXCHANGE_PASSWORD: password of the exchange
+#     bank account hosted at Sandbox.  The related
+#     username is: exchange-at-sandbox
+# - BANK_NAME: human-readable name for the bank
+# - DOMAIN_NAME: DNS domain name to use for the setup
+# - ENABLE_TLS (http or https?)
+#
+# OUTPUTS:
+#
+# EXCHANGE_PAYTO -- payto-URI of the exchange
+# EXCHANGE_WIRE_GATEWAY_URL -- URL of the wire gateway for the exchange
+
+set -eu
+
+source functions.sh
+source config/user.conf
+source config/internal.conf
+
+if test -z "${BANK_NAME:-}"; then
+  say "Error: config/user.conf does not specify BANK_NAME"
+  exit 1
+fi
+if test -z "${DOMAIN_NAME:-}"; then
+  say "Error: config/user.conf does not specify DOMAIN_NAME"
+  exit 1
+fi
+if test -z "${BANK_ADMIN_PASSWORD:-}"; then
+  say "Error: config/user.conf does not specify BANK_ADMIN_PASSWORD"
+  exit 1
+fi
+if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
+  say "Error: config/user.conf does not specify BANK_EXCHANGE_PASSWORD"
+  exit 1
+fi
+
+# TODO: add sanity-checks for presence of other required env-vars
+
+if test "${ENABLE_TLS:-}" == "y"; then
+  PROTO="https"
+else
+  PROTO="http"
+fi
+
+say "Setting up libeufin-bank database"
+libeufin-bank-dbconfig
+
+say "Setting up libeufin-bank admin account"
+libeufin-bank passwd admin "${BANK_ADMIN_PASSWORD}"
+
+say "Configure the bank with ${CURRENCY}..."
+echo -e "[libeufin-bank]\n" \
+     "CURRENCY=${CURRENCY}\n"\
+     "DEFAULT_EXCHANGE=${PROTO}://exchange.$DOMAIN_NAME\n"\
+     >> /etc/libeufin/libeufin-bank.conf
+
+say "Setting up SPA configuration..."
+echo "settings = { bankName: \"${BANK_NAME}\" }"
+    >/etc/libeufin/settings.js
+
+say "DONE"
+
+say "Start the bank..."
+systemctl enable --now libeufin-bank
+
+say "Waiting for bank to be running..."
+curl --max-time 25 \
+  --retry-connrefused \
+  --retry-delay 3 \
+  --retry 10 \
+  "${LIBEUFIN_BANK_URL}" &>/dev/null
+say "DONE"
+
+say "Create exchange account..."
+LAST_RESPONSE=$(mktemp -p "${TMPDIR:-/tmp}" test_response.conf-XXXXXX)
+BODY='{"username":"exchange","password":"'${BANK_EXCHANGE_PASSWORD}',"name":"Exchange","is_taler_exchange":true}'
+wget \
+    --http-user="admin" \
+    --http-password="${BANK_ADMIN_PASSWORD}" \
+    --header='Content-type: application/json' \
+    --body-data="${BODY}" \
+    -o "$LAST_RESPONSE" \
+    "${LIBEUFIN_BANK_URL}/accounts"
+say "DONE"
+
+EXCHANGE_IBAN=$(cat "$LAST_RESPONSE" | jq -r .iban)
+EXCHANGE_PAYTO="payto://iban/${EXCHANGE_IBAN}/receiver-name=Exchange"
+EXCHANGE_WIRE_GATEWAY_URL="${LIBEUFIN_BANK_URL}/accounts/exchange/taler-wire-gateway/"
+
+# Communicating this to the exchange script, as the exchange
+# needs these for the /keys response.
+echo "EXCHANGE_PAYTO=\"${EXCHANGE_PAYTO}\"" >>"${MY_DIR}"/config/internal.conf
+echo "EXCHANGE_WIRE_GATEWAY_URL=\"${EXCHANGE_WIRE_GATEWAY_URL}\"" 
>>"${MY_DIR}"/config/internal.conf
+
diff --git a/netzbon/install_packages.sh b/netzbon/install_packages.sh
index 25bef3f..0250a62 100755
--- a/netzbon/install_packages.sh
+++ b/netzbon/install_packages.sh
@@ -55,4 +55,4 @@ apt update
 apt install taler-exchange -y
 apt install taler-merchant -y
 apt install taler-harness -y
-apt install libeufin-sandbox libeufin-nexus -y
+apt install libeufin-bank libeufin-nexus -y
diff --git a/netzbon/main.sh b/netzbon/main.sh
index 124c678..5b0fdfe 100755
--- a/netzbon/main.sh
+++ b/netzbon/main.sh
@@ -55,9 +55,9 @@ if test -z "${MASTER_PUBLIC_KEY:-}"; then
     echo "MASTER_PUBLIC_KEY=${MASTER_PUBLIC_KEY}" >>config/user.conf
   fi
 fi
-if test -z "${SANDBOX_ADMIN_PASSWORD:-}"; then
-  read -r -s -p "Enter the admin password for the bank: " 
SANDBOX_ADMIN_PASSWORD
-  echo "SANDBOX_ADMIN_PASSWORD=$(printf '%q' "${SANDBOX_ADMIN_PASSWORD}")" 
>>config/user.conf
+if test -z "${BANK_ADMIN_PASSWORD:-}"; then
+  read -r -s -p "Enter the admin password for the bank: " BANK_ADMIN_PASSWORD
+  echo "BANK_ADMIN_PASSWORD=$(printf '%q' "${BANK_ADMIN_PASSWORD}")" 
>>config/user.conf
   echo "" # force new line
 fi
 if test -z "${DOMAIN_NAME:-}"; then
@@ -74,6 +74,11 @@ if ! ping -c1 "exchange.${DOMAIN_NAME}" &>/dev/null; then
   say "Please make sure your DNS/network are working."
   exit 1
 fi
+if ! ping -c1 "bank.${DOMAIN_NAME}" &>/dev/null; then
+  say "Could not ping bank.${DOMAIN_NAME}."
+  say "Please make sure your DNS/network are working."
+  exit 1
+fi
 
 # Check if the user is root, otherwise EXIT.
 check_user
@@ -81,16 +86,13 @@ check_user
 # Installation of deb packages required
 . install_packages.sh
 
-if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"; then
-  NEXUS_EXCHANGE_PASSWORD=$(uuidgen)
-  echo "NEXUS_EXCHANGE_PASSWORD=\"${NEXUS_EXCHANGE_PASSWORD}\"" 
>>config/internal.conf
-fi
-if test -z "${SANDBOX_EXCHANGE_PASSWORD:-}"; then
-  SANDBOX_EXCHANGE_PASSWORD=$(uuidgen)
-  echo "SANDBOX_EXCHANGE_PASSWORD=\"${SANDBOX_EXCHANGE_PASSWORD}\"" 
>>config/internal.conf
+if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
+  BANK_EXCHANGE_PASSWORD=$(uuidgen)
+  echo "BANK_EXCHANGE_PASSWORD=\"${BANK_EXCHANGE_PASSWORD}\"" 
>>config/internal.conf
 fi
 
-./config_launch_libeufin.sh
+./config_libeufin_bank.sh
+./config_libeufin_nexus.sh
 ./config_nginx.sh
 ./setup-exchange.sh
 ./setup-merchant.sh
diff --git a/netzbon/setup-exchange.sh b/netzbon/setup-exchange.sh
index 2f52516..5fbe38d 100755
--- a/netzbon/setup-exchange.sh
+++ b/netzbon/setup-exchange.sh
@@ -1,6 +1,16 @@
 #!/bin/bash
-
-# Set up error handling
+# This file is in the public domain.
+#
+# This script configure and launches the Taler exchange.
+#
+# The environment must provide the following variables:
+#
+# - BANK_EXCHANGE_PASSWORD (exchange password for libeufin-bank)
+# - EXCHANGE_WIRE_GATEWAY_URL (where is the exchange wire gateway / 
libeufin-nexus)
+# - EXCHANGE_PAYTO (exchange account PAYTO)
+# - ENABLE_TLS (http or https?)
+# - DOMAIN_NAME: DNS domain name to use for the setup
+#
 
 set -eu
 
@@ -26,29 +36,12 @@ source config/internal.conf
 
 say "Beginning Exchange setup"
 
-# Required inputs:
-#
-# - LIBEUFIN_NEXUS_USERNAME (exchange username for libeufin-nexus)
-# - NEXUS_EXCHANGE_PASSWORD (exchange password for libeufin-nexus)
-# - WIRE_GATEWAY_URL (where is the exchange wire gateway / libeufin-nexus)
-# - EXCHANGE_IBAN (exchange account IBAN)
-# - EXCHANGE_PAYTO (exchange account PAYTO)
-# - ENABLE_TLS (http or https?)
-
-if test -z "${LIBEUFIN_NEXUS_USERNAME:-}"; then
-  say "Failure: LIBEUFIN_NEXUS_USERNAME not set"
-  exit 1
-fi
-if test -z "${NEXUS_EXCHANGE_PASSWORD:-}"; then
-  say "Failure: NEXUS_EXCHANGE_PASSWORD not set"
-  exit 1
-fi
-if test -z "${EXCHANGE_IBAN:-}"; then
-  say "Failure: EXCHANGE_IBAN not set"
+if test -z "${BANK_EXCHANGE_PASSWORD:-}"; then
+  say "Failure: BANK_EXCHANGE_PASSWORD not set"
   exit 1
 fi
-if test -z "${WIRE_GATEWAY_URL:-}"; then
-  say "Failure: WIRE_GATEWAY_URL not set"
+if test -z "${EXCHANGE_WIRE_GATEWAY_URL:-}"; then
+  say "Failure: EXCHANGE_WIRE_GATEWAY_URL not set"
   exit 1
 fi
 if test -z "${EXCHANGE_PAYTO:-}"; then
@@ -103,15 +96,6 @@ export MASTER_PUBLIC_KEY
 say "Stopping running exchange before reconfiguration"
 systemctl stop taler-exchange.target
 
-say "Setting up exchange database"
-EXCHANGE_DB=talerexchange
-# Use "|| true" to continue if these already exist.
-sudo -i -u postgres createuser -d taler-exchange-httpd || true
-sudo -i -u postgres createuser taler-exchange-wire || true
-sudo -i -u postgres createuser taler-exchange-closer || true
-sudo -i -u postgres createuser taler-exchange-aggregator || true
-sudo -i -u postgres createdb -O taler-exchange-httpd $EXCHANGE_DB || true
-
 say "Configuring exchange"
 
 if test "${ENABLE_TLS}" = "y"; then
@@ -146,10 +130,10 @@ chmod 440 /etc/taler/secrets/exchange-db.secret.conf
 chown root:taler-exchange-db /etc/taler/secrets/exchange-db.secret.conf
 
 echo -e "[exchange-accountcredentials-default]\n" \
-  "WIRE_GATEWAY_URL=${WIRE_GATEWAY_URL}\n" \
+  "WIRE_GATEWAY_URL=${EXCHANGE_WIRE_GATEWAY_URL}\n" \
   "WIRE_GATEWAY_AUTH_METHOD=basic\n" \
-  "USERNAME=${LIBEUFIN_NEXUS_USERNAME}\n" \
-  "PASSWORD=${NEXUS_EXCHANGE_PASSWORD}\n" \
+  "USERNAME=Exchange\n" \
+  "PASSWORD=${BANK_EXCHANGE_PASSWORD}\n" \
   >/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
 chmod 400 /etc/taler/secrets/exchange-accountcredentials-default.secret.conf
 chown taler-exchange-wire:taler-exchange-db 
/etc/taler/secrets/exchange-accountcredentials-default.secret.conf
@@ -166,22 +150,7 @@ for SEC in $(taler-config -c 
/etc/taler/conf.d/"${CURRENCY}"-coins.conf -S | gre
 done
 
 say "Initializing exchange database"
-sudo -u taler-exchange-httpd taler-exchange-dbinit -c /etc/taler/taler.conf
-
-echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-wire";' | sudo -i -u 
postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO 
"taler-exchange-wire";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-wire";' | sudo -i -u 
postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-wire";' | 
sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-
-echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-closer";' | sudo -i -u 
postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO 
"taler-exchange-closer";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-closer";' | sudo -i -u 
postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-closer";' | 
sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-
-echo 'GRANT USAGE ON SCHEMA exchange TO "taler-exchange-aggregator";' | sudo 
-i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA exchange TO 
"taler-exchange-aggregator";' | sudo -i -u postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT USAGE ON SCHEMA _v TO "taler-exchange-aggregator";' | sudo -i -u 
postgres psql -f - ${EXCHANGE_DB}
-echo 'GRANT SELECT ON ALL TABLES IN SCHEMA _v TO "taler-exchange-aggregator";' 
| sudo -i -u postgres psql -f - ${EXCHANGE_DB}
+taler-exchange-dbconfig -c /etc/taler/taler.conf
 
 say "Launching exchange"
 systemctl enable --now taler-exchange.target
diff --git a/netzbon/setup-merchant.sh b/netzbon/setup-merchant.sh
index c647af4..917e653 100755
--- a/netzbon/setup-merchant.sh
+++ b/netzbon/setup-merchant.sh
@@ -6,5 +6,8 @@ source functions.sh
 source config/user.conf
 source config/internal.conf
 
+say "Setting up merchant database"
+taler-merchant-dbconfig
+
 say "Launching taler-merchant-httpd"
 systemctl enable --now taler-merchant-httpd

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.