debian: new config file structure

2021-07-16 17:16:38 +02:00 · 2021-07-16 17:16:38 +02:00 · 5597dc6f1e
commit 5597dc6f1e
parent 970c9eab86
12 changed files with 164 additions and 165 deletions
--- a/debian/etc/taler-exchange.conf
+++ b/debian/etc/taler-exchange.conf
@ -1,38 +0,0 @@
-# First line should be: "INLINE@ taler-exchange-db.conf"
-# 2nd   line should be: "INLINE@ taler-secmod.conf"
-@INLINE@ taler-exchange-db.conf
-@INLINE@ taler-secmod.conf
-# Do not edit this file using 'taler-config', otherwise the line
-# above will be lost!
-#
-# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
-#
-
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
-
-[exchange]
-# Debian package is configured to use a reverse proxy with a UNIX
-# domain socket. See nginx/apache configuration files.
-SERVE = UNIX
-UNIXPATH = /var/lib/taler-exchange/exchange.sock
-
-# Only supported database is Postgres right now.
-DATABASE = postgres
-
-# Here you MUST add the master public key of the offline system
-# which you can get using `taler-exchange-offline setup`.
-# This is just an example, your key will be different!
-# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
-MASTER_PUBLIC_KEY =
-
-# For your terms of service and privacy policy, you should specify
-# an Etag that must be updated whenever there are significant
-# changes to either document.  The format is up to you, what matters
-# is that the value is updated and never re-used. See the HTTP
-# specification on Etags.
-# TERMS_ETAG =
-# PRIVACY_ETAG =
--- a/debian/etc/taler/auditor-service-default.conf
+++ b/debian/etc/taler/auditor-service-default.conf
@ -0,0 +1 @@
+@INCLUDE@ /etc/taler/auditor-system.conf
--- a/debian/etc/taler/auditor-system.conf
+++ b/debian/etc/taler/auditor-system.conf
--- a/debian/etc/taler/exchange-business.conf
+++ b/debian/etc/taler/exchange-business.conf
@ -1,13 +1,23 @@
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
 TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/

 [taler]
 # Here you need to set the currency of your exchange:
 # CURRENCY = KUDOS

+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY =
+
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document.  The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
+

 # You must specify the various denominations to be offered by your exchange
 # in sections called "coin_".
--- a/debian/etc/taler/exchange-db.conf
+++ b/debian/etc/taler/exchange-db.conf
@ -1,5 +1,4 @@
-# This file should contain the access control information to talk to
-# the exchange database.
+# Database configuration for the Taler exchange.

 [exchangedb-postgres]

--- a/debian/etc/taler/exchange-service-default.conf
+++ b/debian/etc/taler/exchange-service-default.conf
@ -0,0 +1,3 @@
+@INCLUDE@ /etc/taler/exchange-system.conf
+@INCLUDE@ /etc/taler/exchange-db.conf
+@INCLUDE@ /etc/taler/exchange-business.conf
--- a/debian/etc/taler/exchange-service-wire.conf
+++ b/debian/etc/taler/exchange-service-wire.conf
@ -0,0 +1,4 @@
+@INCLUDE@ /etc/taler/exchange-system.conf
+@INCLUDE@ /etc/taler/exchange-db.conf
+@INCLUDE@ /etc/taler/exchange-business.conf
+@INCLUDE@ /etc/taler/exchange-wire-gateway.conf
--- a/debian/etc/taler/exchange-system.conf
+++ b/debian/etc/taler/exchange-system.conf
@ -0,0 +1,21 @@
+# Configuration settings for system parameters of
+# the exchange.  Should be included in all service-specific
+# configuration files for the exchange.
+#
+# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
+
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-exchange/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+
+
+[exchange]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-exchange/exchange.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
--- a/debian/etc/taler/exchange-wire-gateway.conf
+++ b/debian/etc/taler/exchange-wire-gateway.conf
@ -1,9 +1,3 @@
-# First line should be: "INLINE@ taler-exchange-db.conf"
-@INLINE@ taler-exchange-db.conf
-# Do not edit this file using 'taler-config', otherwise the line
-# above will be lost!
-
-
 # This file should contain the wire account access information which is needed
 # by the Taler exchange to talk to LibEuFin to interact with the bank.
 # The file SHOULD only be readable for the "taler-exchange-wire" user,
--- a/debian/taler-auditor.install
+++ b/debian/taler-auditor.install
@ -13,6 +13,6 @@ usr/share/man/man1/taler-helper-auditor*
 usr/share/info/taler-auditor*
 usr/share/taler/config.d/auditor*
 usr/share/taler/sql/auditor/*
-debian/etc/taler-auditor.conf etc/
+debian/etc/taler/auditor* etc/
 debian/auditor-conf/* etc/taler-auditor/
 usr/share/taler-exchange/auditor-report.tex.j2
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@ -6,7 +6,7 @@ usr/share/man/man1/taler-wire*
 usr/share/info/taler-bank*
 usr/share/info/taler-exchange*
 usr/share/taler/config.d/*
-debian/etc/* etc/
-debian/exchange-conf/* etc/taler-exchange/
+debian/etc/exchange* etc/
+debian/exchange-conf/* usr/share/taler/sample-configs/
 usr/share/taler-exchange/pp/*/*
 usr/share/taler-exchange/tos/*/*
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@ -2,9 +2,21 @@

 set -e

-
 . /usr/share/debconf/confmodule

+# usage: fixperm user:group perms file
+function fixperm() {
+  chown "$1" "$3"
+  chmod "$2" "$3"
+}
+
+# usage: lncfg user target
+function lncfg() {
+  mkdir ~$1/.config
+  chown $1:$1 ~$1/.config
+  ln -sf $1/.config/taler.conf $2
+}
+
 case "${1}" in
 configure)
  db_version 2.0
@ -36,48 +48,41 @@ case "${1}" in
  TALER_HOME="/var/lib/taler-exchange"

  # Creating taler groups as needed
-		if ! getent group ${_GROUPNAME} > /dev/null
-		then
+  if ! getent group ${_GROUPNAME} >/dev/null; then
    echo -n "Creating new Taler group ${_GROUPNAME}:"
    addgroup --quiet --system ${_GROUPNAME}
    echo " done."
  fi
-		if ! getent group ${_DBGROUPNAME} > /dev/null
-		then
+  if ! getent group ${_DBGROUPNAME} >/dev/null; then
    echo -n "Creating new Taler group ${_DBGROUPNAME}:"
    addgroup --quiet --system ${_DBGROUPNAME}
    echo " done."
  fi

  # Creating taler users if needed
-		if ! getent passwd ${_EUSERNAME} > /dev/null
-		then
+  if ! getent passwd ${_EUSERNAME} >/dev/null; then
    echo -n "Creating new Taler user ${_EUSERNAME}:"
    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
    adduser ${_EUSERNAME} ${_DBGROUPNAME}
    echo " done."
  fi
-		if ! getent passwd ${_RSECUSERNAME} > /dev/null
-		then
+  if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
    echo -n "Creating new Taler user ${_RSECUSERNAME}:"
    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
    echo " done."
  fi
-		if ! getent passwd ${_ESECUSERNAME} > /dev/null
-		then
+  if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
    echo -n "Creating new Taler user ${_ESECUSERNAME}:"
    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
    echo " done."
  fi
-		if ! getent passwd ${_WIREUSERNAME} > /dev/null
-		then
+  if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
    echo -n "Creating new Taler user ${_WIREUSERNAME}:"
    adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
    adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
    echo " done."
  fi
-		if ! getent passwd ${_AGGRUSERNAME} > /dev/null
-		then
+  if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
    echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
    adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
    adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
@ -94,7 +99,7 @@ cat > "${CONFIG_NEW}" <<EOF
 # please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.

 TALER_EUSER=${_EUSERNAME}
-TALER_RSECUSER=${_RESCUSERNAME}
+TALER_RSECUSER=${_RSECUSERNAME}
 TALER_ESECUSER=${_ESECUSERNAME}
 TALER_WIREUSER=${_WIREUSERNAME}
 TALER_AGGRUSER=${_AGGRUSERNAME}
@ -131,7 +136,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_EUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@ -149,7 +154,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_RSECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@ -164,7 +169,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_ESECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@ -180,7 +185,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_WIREUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
@ -197,7 +202,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_WIREUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
@ -212,7 +217,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_AGGRUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
@ -231,26 +236,26 @@ EOF
  chmod 770 /var/lib/taler-exchange/tmp
  chmod +s /var/lib/taler-exchange/tmp

-        chown root:${_GROUPNAME} /etc/taler-secmod.conf
-        chmod 640 /etc/taler-secmod.conf
-        chown ${_WIREUSERNAME}:root /etc/taler-wire.conf
-        chmod 460 /etc/taler-wire.conf
-        chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf
-        chmod 640 /etc/taler-exchange-db.conf
-        chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf
-        chmod 460 /etc/taler-wire.conf
+  fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
+  fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf

  systemctl daemon-reload >/dev/null 2>&1 || true

-
  echo "done."

+  echo -n "Linking config files"
+  lncfg ${_EUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_RSECUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_ESECUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_AGGRUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_WIREUSERNAME} /etc/taler/exchange-service-wire.conf
+  echo " done"
+
  # Cleaning
  echo "All done."
  ;;

-	abort-upgrade|abort-remove|abort-deconfigure)
-		;;
+abort-upgrade | abort-remove | abort-deconfigure) ;;

 *)
  echo "postinst called with unknown argument \`${1}'" >&2