debian: new config file structure

debian/etc/taler-exchange.conf

@@ -1,38 +0,0 @@
-# First line should be: "INLINE@ taler-exchange-db.conf"
-# 2nd   line should be: "INLINE@ taler-secmod.conf"
-@INLINE@ taler-exchange-db.conf
-@INLINE@ taler-secmod.conf
-# Do not edit this file using 'taler-config', otherwise the line
-# above will be lost!
-#
-# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
-#
-
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
-
-[exchange]
-# Debian package is configured to use a reverse proxy with a UNIX
-# domain socket. See nginx/apache configuration files.
-SERVE = UNIX
-UNIXPATH = /var/lib/taler-exchange/exchange.sock
-
-# Only supported database is Postgres right now.
-DATABASE = postgres
-
-# Here you MUST add the master public key of the offline system
-# which you can get using `taler-exchange-offline setup`.
-# This is just an example, your key will be different!
-# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
-MASTER_PUBLIC_KEY =
-
-# For your terms of service and privacy policy, you should specify
-# an Etag that must be updated whenever there are significant
-# changes to either document.  The format is up to you, what matters
-# is that the value is updated and never re-used. See the HTTP
-# specification on Etags.
-# TERMS_ETAG =
-# PRIVACY_ETAG =

debian/etc/taler/auditor-service-default.conf

@@ -0,0 +1 @@
+@INCLUDE@ /etc/taler/auditor-system.conf

debian/etc/taler/exchange-business.conf

@@ -1,13 +1,23 @@
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
 TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
 
 [taler]
 # Here you need to set the currency of your exchange:
 # CURRENCY = KUDOS
 
+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY =
+
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document.  The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
+
 
 # You must specify the various denominations to be offered by your exchange
 # in sections called "coin_".

debian/etc/taler/exchange-db.conf

@@ -1,5 +1,4 @@
-# This file should contain the access control information to talk to
+# Database configuration for the Taler exchange.
-# the exchange database.
 
 [exchangedb-postgres]
 

debian/etc/taler/exchange-service-default.conf

@@ -0,0 +1,3 @@
+@INCLUDE@ /etc/taler/exchange-system.conf
+@INCLUDE@ /etc/taler/exchange-db.conf
+@INCLUDE@ /etc/taler/exchange-business.conf

debian/etc/taler/exchange-service-wire.conf

@@ -0,0 +1,4 @@
+@INCLUDE@ /etc/taler/exchange-system.conf
+@INCLUDE@ /etc/taler/exchange-db.conf
+@INCLUDE@ /etc/taler/exchange-business.conf
+@INCLUDE@ /etc/taler/exchange-wire-gateway.conf

debian/etc/taler/exchange-system.conf

@@ -0,0 +1,21 @@
+# Configuration settings for system parameters of
+# the exchange.  Should be included in all service-specific
+# configuration files for the exchange.
+#
+# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
+
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-exchange/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+
+
+[exchange]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-exchange/exchange.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres

debian/etc/taler/exchange-wire-gateway.conf

@@ -1,9 +1,3 @@
-# First line should be: "INLINE@ taler-exchange-db.conf"
-@INLINE@ taler-exchange-db.conf
-# Do not edit this file using 'taler-config', otherwise the line
-# above will be lost!
-
-
 # This file should contain the wire account access information which is needed
 # by the Taler exchange to talk to LibEuFin to interact with the bank.
 # The file SHOULD only be readable for the "taler-exchange-wire" user,

debian/taler-auditor.install

@@ -13,6 +13,6 @@ usr/share/man/man1/taler-helper-auditor*
 usr/share/info/taler-auditor*
 usr/share/taler/config.d/auditor*
 usr/share/taler/sql/auditor/*
-debian/etc/taler-auditor.conf etc/
+debian/etc/taler/auditor* etc/
 debian/auditor-conf/* etc/taler-auditor/
 usr/share/taler-exchange/auditor-report.tex.j2

debian/taler-exchange.install

@@ -6,7 +6,7 @@ usr/share/man/man1/taler-wire*
 usr/share/info/taler-bank*
 usr/share/info/taler-exchange*
 usr/share/taler/config.d/*
-debian/etc/* etc/
+debian/etc/exchange* etc/
-debian/exchange-conf/* etc/taler-exchange/
+debian/exchange-conf/* usr/share/taler/sample-configs/
 usr/share/taler-exchange/pp/*/*
 usr/share/taler-exchange/tos/*/*

debian/taler-exchange.postinst

@@ -2,106 +2,111 @@
 
 set -e
 
-
 . /usr/share/debconf/confmodule
 
+# usage: fixperm user:group perms file
+function fixperm() {
+  chown "$1" "$3"
+  chmod "$2" "$3"
+}
+
+# usage: lncfg user target
+function lncfg() {
+  mkdir ~$1/.config
+  chown $1:$1 ~$1/.config
+  ln -sf $1/.config/taler.conf $2
+}
+
 case "${1}" in
-	configure)
+configure)
-		db_version 2.0
+  db_version 2.0
 
-		db_get taler-exchange/eusername
+  db_get taler-exchange/eusername
-		_EUSERNAME="${RET:-taler-exchange-httpd}"
+  _EUSERNAME="${RET:-taler-exchange-httpd}"
 
-		db_get taler-exchange/rsecusername
+  db_get taler-exchange/rsecusername
-		_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
+  _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
 
-		db_get taler-exchange/esecusername
+  db_get taler-exchange/esecusername
-		_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
+  _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
 
-		db_get taler-exchange/wireusername
+  db_get taler-exchange/wireusername
-		_WIREUSERNAME="${RET:-taler-exchange-wire}"
+  _WIREUSERNAME="${RET:-taler-exchange-wire}"
 
-		db_get taler-exchange/aggrusername
+  db_get taler-exchange/aggrusername
-		_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
+  _AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
 
-		db_get taler-exchange/groupname
+  db_get taler-exchange/groupname
-		_GROUPNAME="${RET:-taler-private}"
+  _GROUPNAME="${RET:-taler-private}"
 
-   		db_get taler-exchange/dbgroupname
+  db_get taler-exchange/dbgroupname
-		_DBGROUPNAME="${RET:-taler-exchange-db}"
+  _DBGROUPNAME="${RET:-taler-exchange-db}"
 
-		db_stop
+  db_stop
 
-		CONFIG_FILE="/etc/default/taler-exchange"
+  CONFIG_FILE="/etc/default/taler-exchange"
-		TALER_HOME="/var/lib/taler-exchange"
+  TALER_HOME="/var/lib/taler-exchange"
 
-		# Creating taler groups as needed
+  # Creating taler groups as needed
-		if ! getent group ${_GROUPNAME} > /dev/null
+  if ! getent group ${_GROUPNAME} >/dev/null; then
-		then
+    echo -n "Creating new Taler group ${_GROUPNAME}:"
-			echo -n "Creating new Taler group ${_GROUPNAME}:"
+    addgroup --quiet --system ${_GROUPNAME}
-			addgroup --quiet --system ${_GROUPNAME}
+    echo " done."
-			echo " done."
+  fi
-		fi
+  if ! getent group ${_DBGROUPNAME} >/dev/null; then
-		if ! getent group ${_DBGROUPNAME} > /dev/null
+    echo -n "Creating new Taler group ${_DBGROUPNAME}:"
-		then
+    addgroup --quiet --system ${_DBGROUPNAME}
-			echo -n "Creating new Taler group ${_DBGROUPNAME}:"
+    echo " done."
-			addgroup --quiet --system ${_DBGROUPNAME}
+  fi
-			echo " done."
-		fi
 
-		# Creating taler users if needed
+  # Creating taler users if needed
-		if ! getent passwd ${_EUSERNAME} > /dev/null
+  if ! getent passwd ${_EUSERNAME} >/dev/null; then
-		then
+    echo -n "Creating new Taler user ${_EUSERNAME}:"
-			echo -n "Creating new Taler user ${_EUSERNAME}:"
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
-			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
+    adduser ${_EUSERNAME} ${_DBGROUPNAME}
-            adduser ${_EUSERNAME} ${_DBGROUPNAME}
+    echo " done."
-			echo " done."
+  fi
-		fi
+  if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
-		if ! getent passwd ${_RSECUSERNAME} > /dev/null
+    echo -n "Creating new Taler user ${_RSECUSERNAME}:"
-		then
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
-			echo -n "Creating new Taler user ${_RSECUSERNAME}:"
+    echo " done."
-			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
+  fi
-			echo " done."
+  if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
-		fi
+    echo -n "Creating new Taler user ${_ESECUSERNAME}:"
-		if ! getent passwd ${_ESECUSERNAME} > /dev/null
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
-		then
+    echo " done."
-			echo -n "Creating new Taler user ${_ESECUSERNAME}:"
+  fi
-			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
+  if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
-			echo " done."
+    echo -n "Creating new Taler user ${_WIREUSERNAME}:"
-		fi
+    adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
-		if ! getent passwd ${_WIREUSERNAME} > /dev/null
+    adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
-		then
+    echo " done."
-			echo -n "Creating new Taler user ${_WIREUSERNAME}:"
+  fi
-			adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
+  if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
-            adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
+    echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
-			echo " done."
+    adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
-		fi
+    adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
-		if ! getent passwd ${_AGGRUSERNAME} > /dev/null
+    echo " done."
-		then
+  fi
-			echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
-			adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
-            adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
-			echo " done."
-		fi
 
-        # Writing new values to configuration file
+  # Writing new values to configuration file
-        echo -n "Writing new configuration file:"
+  echo -n "Writing new configuration file:"
-        CONFIG_NEW=$(tempfile)
+  CONFIG_NEW=$(tempfile)
 
-cat > "${CONFIG_NEW}" <<EOF
+  cat >"${CONFIG_NEW}" <<EOF
 # This file controls the behaviour of the Taler init script.
 # It will be parsed as a shell script.
 # please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
 
 TALER_EUSER=${_EUSERNAME}
-TALER_RSECUSER=${_RESCUSERNAME}
+TALER_RSECUSER=${_RSECUSERNAME}
 TALER_ESECUSER=${_ESECUSERNAME}
 TALER_WIREUSER=${_WIREUSERNAME}
 TALER_AGGRUSER=${_AGGRUSERNAME}
 TALER_GROUP=${_GROUPNAME}
 EOF
 
-cat > "/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
 [Unit]
 Description=Taler Exchange Socket
 PartOf=taler-exchange-httpd.service
@@ -118,7 +123,7 @@ SocketMode=0660
 WantedBy=sockets.target
 EOF
 
-cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange REST API
 AssertPathExists=/var/lib/taler-exchange/
@@ -131,7 +136,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_EUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@@ -140,7 +145,7 @@ ProtectSystem=full
 WantedBy=multi-user.target
 EOF
 
-cat > "/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange RSA security module
 
@@ -149,13 +154,13 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_RSECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange EdDSA security module
 
@@ -164,13 +169,13 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_ESECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange wirewatch service
 After=network.target
@@ -180,14 +185,14 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_WIREUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange transfer service
 After=network.target
@@ -197,13 +202,13 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_WIREUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange aggregator service
 
@@ -212,7 +217,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_AGGRUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
@@ -220,42 +225,42 @@ ProtectSystem=full
 
 EOF
 
-		cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+  cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
-		rm -f "${CONFIG_NEW}"
+  rm -f "${CONFIG_NEW}"
-		echo " done."
+  echo " done."
 
-        echo -n "Setting up system services "
+  echo -n "Setting up system services "
 
-        mkdir -p /var/lib/taler-exchange/tmp
+  mkdir -p /var/lib/taler-exchange/tmp
-        chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp
+  chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp
-        chmod 770 /var/lib/taler-exchange/tmp
+  chmod 770 /var/lib/taler-exchange/tmp
-        chmod +s /var/lib/taler-exchange/tmp
+  chmod +s /var/lib/taler-exchange/tmp
 
-        chown root:${_GROUPNAME} /etc/taler-secmod.conf
+  fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
-        chmod 640 /etc/taler-secmod.conf
+  fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
-        chown ${_WIREUSERNAME}:root /etc/taler-wire.conf
-        chmod 460 /etc/taler-wire.conf
-        chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf
-        chmod 640 /etc/taler-exchange-db.conf
-        chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf
-        chmod 460 /etc/taler-wire.conf
 
-        systemctl daemon-reload >/dev/null 2>&1  || true
+  systemctl daemon-reload >/dev/null 2>&1 || true
 
+  echo "done."
 
-        echo "done."
+  echo -n "Linking config files"
+  lncfg ${_EUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_RSECUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_ESECUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_AGGRUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_WIREUSERNAME} /etc/taler/exchange-service-wire.conf
+  echo " done"
 
-		# Cleaning
+  # Cleaning
-		echo "All done."
+  echo "All done."
-		;;
+  ;;
 
-	abort-upgrade|abort-remove|abort-deconfigure)
+abort-upgrade | abort-remove | abort-deconfigure) ;;
-		;;
 
-	*)
+*)
-		echo "postinst called with unknown argument \`${1}'" >&2
+  echo "postinst called with unknown argument \`${1}'" >&2
-		exit 1
+  exit 1
-		;;
+  ;;
 esac
 
 #DEBHELPER#