pyrox.dev
1{ lib, ... }:
2let
3 # Forward SSH and WebUI ports to host machine
4 #
5 # Connect with: ssh root@localhost -p <hostPort>
6 # Access WebUI from: http://localhost:<hostPort>
7 #
8 # NOTE: This is only accessible from an interactive test, for example:
9 # $ eval $(nix-build -A nixosTests.taler.basic.driver)/bin/nixos-test-driver
10 mkNode =
11 {
12 sshPort ? 0,
13 webuiPort ? 0,
14 nodeSettings ? { },
15 }:
16 lib.recursiveUpdate {
17 services.openssh = {
18 enable = true;
19 settings = {
20 PermitRootLogin = "yes";
21 PermitEmptyPasswords = "yes";
22 };
23 };
24 security.pam.services.sshd.allowNullPassword = true;
25 virtualisation.forwardPorts =
26 (lib.optionals (sshPort != 0) [
27 {
28 from = "host";
29 host.port = sshPort;
30 guest.port = 22;
31 }
32 ])
33 ++ (lib.optionals (webuiPort != 0) [
34 {
35 from = "host";
36 host.port = webuiPort;
37 guest.port = webuiPort;
38 }
39 ]);
40 } nodeSettings;
41in
42rec {
43 CURRENCY = "KUDOS";
44 FIAT_CURRENCY = "CHF";
45
46 nodes = {
47 exchange =
48 { config, lib, ... }:
49 mkNode {
50 sshPort = 1111;
51 webuiPort = 8081;
52
53 nodeSettings = {
54 services.taler = {
55 settings = {
56 taler.CURRENCY = CURRENCY;
57 };
58 includes = [
59 ../conf/taler-accounts.conf
60 # The exchange requires a token from the bank, so its credentials
61 # need to be set at runtime
62 "/etc/taler/secrets/exchange-account.secret.conf"
63 ];
64 exchange = {
65 enable = true;
66 debug = true;
67 openFirewall = true;
68 # https://docs.taler.net/taler-exchange-manual.html#coins-denomination-keys
69 # NOTE: use `taler-harness`, not `taler-wallet-cli`
70 denominationConfig = lib.readFile ../conf/taler-denominations.conf;
71 settings = {
72 exchange = {
73 inherit CURRENCY;
74 MASTER_PUBLIC_KEY = "2TQSTPFZBC2MC4E52NHPA050YXYG02VC3AB50QESM6JX1QJEYVQ0";
75 BASE_URL = "http://exchange:8081/";
76 };
77 exchange-offline = {
78 MASTER_PRIV_FILE = "${../conf/private.key}";
79 };
80 };
81 };
82 };
83 };
84 };
85
86 bank =
87 { config, ... }:
88 mkNode {
89 sshPort = 2222;
90 webuiPort = 8082;
91
92 nodeSettings = {
93 services.libeufin.bank = {
94 enable = true;
95 debug = true;
96
97 openFirewall = true;
98 createLocalDatabase = true;
99
100 initialAccounts = [
101 {
102 username = "exchange";
103 password = "exchange";
104 name = "Exchange";
105 }
106 ];
107
108 settings = {
109 libeufin-bank = {
110 WIRE_TYPE = "x-taler-bank";
111 # WIRE_TYPE = "iban";
112 X_TALER_BANK_PAYTO_HOSTNAME = "bank:8082";
113 # IBAN_PAYTO_BIC = "SANDBOXX";
114 BASE_URL = "http://bank:8082/";
115
116 # Allow creating new accounts
117 ALLOW_REGISTRATION = "yes";
118
119 # A registration bonus makes withdrawals easier since the
120 # bank account balance is not empty
121 REGISTRATION_BONUS_ENABLED = "yes";
122 REGISTRATION_BONUS = "${CURRENCY}:100";
123
124 DEFAULT_DEBT_LIMIT = "${CURRENCY}:500";
125
126 # NOTE: The exchange's bank account must be initialised before
127 # the main bank service starts, else it doesn't work.
128 # The `services.libeufin.bank.initialAccounts` option can be used to do this.
129 ALLOW_CONVERSION = "yes";
130 ALLOW_EDIT_CASHOUT_PAYTO_URI = "yes";
131
132 SUGGESTED_WITHDRAWAL_EXCHANGE = "http://exchange:8081/";
133
134 inherit CURRENCY FIAT_CURRENCY;
135 };
136 };
137 };
138
139 services.libeufin.nexus = {
140 enable = true;
141 debug = true;
142
143 openFirewall = true;
144 createLocalDatabase = true;
145
146 settings = {
147 # https://docs.taler.net/libeufin/setup-ebics-at-postfinance.html
148 nexus-ebics = {
149 # == Mandatory ==
150 CURRENCY = FIAT_CURRENCY;
151 # Bank
152 HOST_BASE_URL = "https://isotest.postfinance.ch/ebicsweb/ebicsweb";
153 BANK_DIALECT = "postfinance";
154 # EBICS IDs
155 HOST_ID = "PFEBICS";
156 USER_ID = "PFC00639";
157 PARTNER_ID = "PFC00639";
158 # Account information
159 IBAN = "CH4740123RW4167362694";
160 BIC = "BIC";
161 NAME = "nixosTest nixosTest";
162
163 # == Optional ==
164 CLIENT_PRIVATE_KEYS_FILE = "${../conf/client-ebics-keys.json}";
165 BANK_PUBLIC_KEYS_FILE = "${../conf/bank-ebics-keys.json}";
166 };
167 };
168 };
169 };
170 };
171
172 merchant =
173 { config, ... }:
174 mkNode {
175 sshPort = 3333;
176 webuiPort = 8083;
177
178 nodeSettings = {
179 services.taler = {
180 settings = {
181 taler.CURRENCY = CURRENCY;
182 };
183 merchant = {
184 enable = true;
185 debug = true;
186 openFirewall = true;
187 settings.merchant-exchange-test = {
188 EXCHANGE_BASE_URL = "http://exchange:8081/";
189 MASTER_KEY = "2TQSTPFZBC2MC4E52NHPA050YXYG02VC3AB50QESM6JX1QJEYVQ0";
190 inherit CURRENCY;
191 };
192 };
193 };
194 };
195 };
196
197 client =
198 { pkgs, ... }:
199 mkNode {
200 sshPort = 4444;
201
202 nodeSettings = {
203 environment.systemPackages = [ pkgs.taler-wallet-core ];
204 };
205 };
206 };
207
208}