Add a packaging folder to contrib and place
systemd/etc files from debian folder. Also adds the packaging folder to the tarball.
This commit is contained in:
Martin Schanzenbach
parent
bac7123763
commit
689fd46a60
@ -70,7 +70,8 @@ EXTRA_DIST = \
|
||||
$(rdata_DATA) \
|
||||
coverage.sh \
|
||||
gnunet.tag \
|
||||
microhttpd.tag
|
||||
microhttpd.tag \
|
||||
packages
|
||||
|
||||
# Change the set of supported languages here. You should
|
||||
# also update tos'XX'data and EXTRA_DIST accordingly.
|
||||
|
||||
@ -0,0 +1 @@
|
||||
# This configuration will be changed by tooling. Do not touch it manually.
|
||||
@ -0,0 +1,49 @@
|
||||
# Main entry point for the GNU Taler configuration.
|
||||
#
|
||||
# Structure:
|
||||
# - taler.conf is the main configuration entry point
|
||||
# used by all Taler components (the file you are currently
|
||||
# looking at.
|
||||
# - overrides.conf contains configuration overrides that are
|
||||
# set by some tools that help with the configuration,
|
||||
# and should not be edited by humans. Comments in this file
|
||||
# are not preserved.
|
||||
# - conf.d/ contains configuration files for
|
||||
# Taler components, which can be read by all
|
||||
# users of the system and are included by the main
|
||||
# configuration.
|
||||
# - secrets/ contains configuration snippets
|
||||
# with secrets for particular services.
|
||||
# These files should have restrictive permissions
|
||||
# so that only users of the relevant services
|
||||
# can read it. All files in it should end with
|
||||
# ".secret.conf".
|
||||
|
||||
[taler]
|
||||
|
||||
# Currency of the Taler deployment. This setting applies to all Taler
|
||||
# components that only support a single currency.
|
||||
#currency = KUDOS
|
||||
|
||||
# Smallest currency unit handled by the underlying bank system. Taler payments
|
||||
# can make payments smaller than this units, but interactions with external
|
||||
# systems is always rounded to this unit.
|
||||
#currency_round_unit = KUDOS:0.01
|
||||
|
||||
# Monthly amount that mandatorily triggers an AML check
|
||||
#AML_THRESHOLD = KUDOS:10000000
|
||||
|
||||
[paths]
|
||||
|
||||
TALER_HOME = /var/lib/taler
|
||||
TALER_RUNTIME_DIR = /run/taler
|
||||
TALER_CACHE_HOME = /var/cache/taler
|
||||
TALER_CONFIG_HOME = /etc/taler
|
||||
TALER_DATA_HOME = /var/lib/taler
|
||||
|
||||
|
||||
# Inline configurations from all Taler components.
|
||||
@inline-matching@ conf.d/*.conf
|
||||
|
||||
# Overrides from tools that help with configuration.
|
||||
@inline@ overrides.conf
|
||||
@ -0,0 +1,4 @@
|
||||
<Location "/taler-auditor/">
|
||||
ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/"
|
||||
RequestHeader add "X-Forwarded-Proto" "https"
|
||||
</Location>
|
||||
@ -0,0 +1,18 @@
|
||||
server {
|
||||
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name localhost;
|
||||
|
||||
access_log /var/log/nginx/auditor.log;
|
||||
error_log /var/log/nginx/auditor.err;
|
||||
|
||||
location /taler-auditor/ {
|
||||
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host "localhost";
|
||||
#proxy_set_header X-Forwarded-Proto "https";
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,12 @@
|
||||
# Read secret sections into configuration, but only
|
||||
# if we have permission to do so.
|
||||
@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf
|
||||
|
||||
[auditor]
|
||||
# Debian package is configured to use a reverse proxy with a UNIX
|
||||
# domain socket. See nginx/apache configuration files.
|
||||
SERVE = UNIX
|
||||
UNIXPATH = /var/lib/taler-auditor/auditor.sock
|
||||
|
||||
# Only supported database is Postgres right now.
|
||||
DATABASE = postgres
|
||||
@ -0,0 +1,10 @@
|
||||
# Database configuration for the Taler auditor.
|
||||
|
||||
[auditordb-postgres]
|
||||
|
||||
# Typically, there should only be a single line here, of the form:
|
||||
|
||||
CONFIG=postgres:///DATABASE
|
||||
|
||||
# The details of the URI depend on where the database lives and how
|
||||
# access control was configured.
|
||||
@ -0,0 +1,4 @@
|
||||
<Location "/taler-exchange/">
|
||||
ProxyPass "unix:/run/taler/exchange-httpd/exchange-http.sock|http://example.com/"
|
||||
RequestHeader add "X-Forwarded-Proto" "https"
|
||||
</Location>
|
||||
@ -0,0 +1,17 @@
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
|
||||
server_name localhost;
|
||||
|
||||
access_log /var/log/nginx/exchange.log;
|
||||
error_log /var/log/nginx/exchange.err;
|
||||
|
||||
location /taler-exchange/ {
|
||||
proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
|
||||
proxy_redirect off;
|
||||
proxy_set_header Host $host;
|
||||
proxy_set_header X-Forwarded-Host "localhost";
|
||||
#proxy_set_header X-Forwarded-Proto "https";
|
||||
}
|
||||
}
|
||||
@ -0,0 +1,50 @@
|
||||
# Configuration for business-level aspects of the exchange.
|
||||
|
||||
[exchange]
|
||||
|
||||
# Here you MUST add the master public key of the offline system
|
||||
# which you can get using `taler-exchange-offline setup`.
|
||||
# This is just an example, your key will be different!
|
||||
# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
|
||||
# MASTER_PUBLIC_KEY =
|
||||
|
||||
# Publicly visible base URL of the exchange.
|
||||
# BASE_URL = https://example.com/
|
||||
# BASE_URL =
|
||||
|
||||
# Here you MUST configure the amount above which transactions are
|
||||
# always subject to manual AML review.
|
||||
# AML_THRESHOLD =
|
||||
|
||||
# Attribute encryption key for storing attributes encrypted
|
||||
# in the database. Should be a high-entropy nonce.
|
||||
ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE
|
||||
|
||||
# For your terms of service and privacy policy, you should specify
|
||||
# an Etag that must be updated whenever there are significant
|
||||
# changes to either document. The format is up to you, what matters
|
||||
# is that the value is updated and never re-used. See the HTTP
|
||||
# specification on Etags.
|
||||
# TERMS_ETAG =
|
||||
# PRIVACY_ETAG =
|
||||
|
||||
SERVE = unix
|
||||
UNIXPATH_MODE = 666
|
||||
|
||||
# Bank accounts used by the exchange should be specified here:
|
||||
[exchange-account-1]
|
||||
|
||||
ENABLE_CREDIT = NO
|
||||
ENABLE_DEBIT = NO
|
||||
|
||||
# Account identifier in the form of an RFC-8905 payto:// URI.
|
||||
# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
|
||||
# Make sure to URL-encode spaces in $NAME!
|
||||
PAYTO_URI =
|
||||
|
||||
# Credentials to access the account are in a separate
|
||||
# config file with restricted permissions.
|
||||
@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,33 @@
|
||||
#
|
||||
# This configuration file specifies the various denominations offered by your
|
||||
# exchange.
|
||||
#
|
||||
# Each denomination must be specified in a sections starting with
|
||||
# "coin_".
|
||||
#
|
||||
# What follows is an example.
|
||||
#
|
||||
|
||||
# [coin_FOO]
|
||||
## Actual value of the coin
|
||||
#VALUE = KUDOS:1
|
||||
|
||||
## How long will one key be used for withdrawals?
|
||||
#DURATION_WITHDRAW = 7 days
|
||||
|
||||
## How long do users have to spend their coins?
|
||||
#DURATION_SPEND = 2 years
|
||||
|
||||
## How long does the exchange keep the proofs around for legal disputes?
|
||||
#DURATION_LEGAL = 6 years
|
||||
|
||||
## Fees charged. Note that for the lowest denomination, the
|
||||
## fee must precisely be the lowest denomination, or zero.
|
||||
#FEE_WITHDRAW = KUDOS:0
|
||||
#FEE_DEPOSIT = KUDOS:0
|
||||
#FEE_REFRESH = KUDOS:0
|
||||
#FEE_REFUND = KUDOS:0
|
||||
|
||||
## How long should the RSA keys be. Do not change unless you really know
|
||||
## what you are doing (consult your local cryptographer first!).
|
||||
#RSA_KEYSIZE = 2048
|
||||
@ -0,0 +1,13 @@
|
||||
# Configuration settings for system parameters of the exchange.
|
||||
|
||||
# Read secret sections into configuration, but only
|
||||
# if we have permission to do so.
|
||||
@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
|
||||
|
||||
[exchange]
|
||||
|
||||
# Only supported database is Postgres right now.
|
||||
DATABASE = postgres
|
||||
|
||||
|
||||
|
||||
@ -0,0 +1,17 @@
|
||||
# This file contains the secret credentials
|
||||
# to access the Taler Wire Gateway API (usually
|
||||
# provided by LibEuFin) for the exchange accounts.
|
||||
#
|
||||
# Each exchange-account-* section should have a matching
|
||||
# exchange-accountcredentials-* section here.
|
||||
#
|
||||
# Each of those sections must be imported via @inline-secret@,
|
||||
# usually in conf.d/exchange-business.conf.
|
||||
|
||||
[exchange-accountcredentials-1]
|
||||
|
||||
wire_gateway_auth_method = basic
|
||||
password =
|
||||
username =
|
||||
wire_gateway_url =
|
||||
|
||||
@ -0,0 +1,10 @@
|
||||
# Database configuration for the Taler exchange.
|
||||
|
||||
[exchangedb-postgres]
|
||||
|
||||
# Typically, there should only be a single line here, of the form:
|
||||
|
||||
# CONFIG=postgres:///DATABASE
|
||||
|
||||
# The details of the URI depend on where the database lives and how
|
||||
# access control was configured.
|
||||
@ -0,0 +1,12 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system auditor REST API
|
||||
After=postgres.service network.target
|
||||
|
||||
[Service]
|
||||
User=taler-auditor-httpd
|
||||
Type=simple
|
||||
Restart=on-failure
|
||||
ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange aggregator service
|
||||
PartOf=taler-exchange.target
|
||||
After=postgres.service
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-aggregator
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
RuntimeMaxSec=3600s
|
||||
@ -0,0 +1,17 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange aggregator service
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-aggregator
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
RuntimeMaxSec=3600s
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange closer service
|
||||
PartOf=taler-exchange.target
|
||||
After=network.target postgres.service
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-closer
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
RuntimeMaxSec=3600s
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange expire service
|
||||
PartOf=taler-exchange.target
|
||||
After=postgres.service
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-expire
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
RuntimeMaxSec=3600s
|
||||
@ -0,0 +1,33 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange REST API
|
||||
AssertPathExists=/run/taler/exchange-httpd
|
||||
Requires=taler-exchange-httpd.socket taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
|
||||
After=postgres.service network.target taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-httpd
|
||||
Type=simple
|
||||
|
||||
# Depending on the configuration, the service process kills itself and then
|
||||
# needs to be restarted. Thus no significant delay on restarts.
|
||||
Restart=always
|
||||
RestartSec=1ms
|
||||
|
||||
# Disable the service if more than 5 restarts are encountered within 5s.
|
||||
# These are usually the systemd defaults, but can be overwritten, thus we set
|
||||
# them here explicitly, as the exchange code assumes StartLimitInterval
|
||||
# to be >=5s.
|
||||
StartLimitBurst=5
|
||||
StartLimitInterval=5s
|
||||
|
||||
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=no
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -0,0 +1,27 @@
|
||||
% This is a systemd service template.
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange REST API at %I
|
||||
AssertPathExists=/run/taler/exchange-httpd
|
||||
Requires=taler-exchange-httpd@%i.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
|
||||
After=postgres.service network.target taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-httpd
|
||||
Type=simple
|
||||
# Depending on the configuration, the service suicides and then
|
||||
# needs to be restarted.
|
||||
Restart=always
|
||||
# Do not dally on restarts.
|
||||
RestartSec=1ms
|
||||
EnvironmentFile=/etc/environment
|
||||
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=no
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange CS security module
|
||||
AssertPathExists=/run/taler/exchange-secmod-cs
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-secmod-cs
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=100ms
|
||||
ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=no
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
IPAddressDeny=any
|
||||
Slice=taler-exchange.slice
|
||||
@ -0,0 +1,19 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange EdDSA security module
|
||||
AssertPathExists=/run/taler/exchange-secmod-eddsa
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-secmod-eddsa
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=100ms
|
||||
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=no
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
IPAddressDeny=any
|
||||
Slice=taler-exchange.slice
|
||||
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange RSA security module
|
||||
AssertPathExists=/run/taler/exchange-secmod-rsa
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-secmod-rsa
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=100ms
|
||||
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=no
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
IPAddressDeny=any
|
||||
Slice=taler-exchange.slice
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=Taler Exchange Transfer Service
|
||||
After=network.target postgres.service
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-wire
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
RuntimeMaxSec=3600s
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange wirewatch service
|
||||
After=network.target postgres.service
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-wire
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
RuntimeMaxSec=3600s
|
||||
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
@ -0,0 +1,18 @@
|
||||
[Unit]
|
||||
Description=GNU Taler payment system exchange wirewatch service
|
||||
After=network.target
|
||||
PartOf=taler-exchange.target
|
||||
|
||||
[Service]
|
||||
User=taler-exchange-wire
|
||||
Type=simple
|
||||
Restart=always
|
||||
RestartSec=1s
|
||||
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
|
||||
StandardOutput=journal
|
||||
StandardError=journal
|
||||
PrivateTmp=yes
|
||||
PrivateDevices=yes
|
||||
ProtectSystem=full
|
||||
Slice=taler-exchange.slice
|
||||
RuntimeMaxSec=3600s
|
||||
Loading…
Reference in New Issue
Block a user