From 689fd46a60863f9a5b025cec79f5a03be1bddbab Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Thu, 18 May 2023 22:15:29 +0200 Subject: [PATCH] Add a packaging folder to contrib and place systemd/etc files from debian folder. Also adds the packaging folder to the tarball. --- contrib/Makefile.am | 3 +- .../etc-libtalerexchange/taler/overrides.conf | 1 + .../etc-libtalerexchange/taler/taler.conf | 49 ++++++++++++++++++ .../sites-available/taler-auditor.conf | 4 ++ .../nginx/sites-available/taler-auditor | 18 +++++++ .../taler/conf.d/auditor-system.conf | 12 +++++ .../taler/secrets/auditor-db.secret.conf | 10 ++++ .../sites-available/taler-exchange.conf | 4 ++ .../nginx/sites-available/taler-exchange | 17 +++++++ .../taler/conf.d/exchange-business.conf | 50 +++++++++++++++++++ .../taler/conf.d/exchange-coins.conf | 33 ++++++++++++ .../taler/conf.d/exchange-system.conf | 13 +++++ .../exchange-accountcredentials-1.secret.conf | 17 +++++++ .../taler/secrets/exchange-db.secret.conf | 10 ++++ .../taler-auditor.taler-auditor-httpd.service | 12 +++++ ...exchange.taler-exchange-aggregator.service | 18 +++++++ ...xchange.taler-exchange-aggregator@.service | 17 +++++++ ...ler-exchange.taler-exchange-closer.service | 18 +++++++ ...ler-exchange.taler-exchange-expire.service | 18 +++++++ ...aler-exchange.taler-exchange-httpd.service | 33 ++++++++++++ ...ler-exchange.taler-exchange-httpd@.service | 27 ++++++++++ ...-exchange.taler-exchange-secmod-cs.service | 18 +++++++ ...change.taler-exchange-secmod-eddsa.service | 19 +++++++ ...exchange.taler-exchange-secmod-rsa.service | 18 +++++++ ...r-exchange.taler-exchange-transfer.service | 18 +++++++ ...-exchange.taler-exchange-wirewatch.service | 18 +++++++ ...exchange.taler-exchange-wirewatch@.service | 18 +++++++ 27 files changed, 492 insertions(+), 1 deletion(-) create mode 100644 contrib/packages/fedora/etc-libtalerexchange/taler/overrides.conf create mode 100644 contrib/packages/fedora/etc-libtalerexchange/taler/taler.conf create mode 100644 contrib/packages/fedora/etc-taler-auditor/apache2/sites-available/taler-auditor.conf create mode 100644 contrib/packages/fedora/etc-taler-auditor/nginx/sites-available/taler-auditor create mode 100644 contrib/packages/fedora/etc-taler-auditor/taler/conf.d/auditor-system.conf create mode 100644 contrib/packages/fedora/etc-taler-auditor/taler/secrets/auditor-db.secret.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf create mode 100644 contrib/packages/fedora/taler-auditor.taler-auditor-httpd.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-aggregator.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-aggregator@.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-closer.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-expire.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-httpd.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-httpd@.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-secmod-cs.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-secmod-eddsa.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-secmod-rsa.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-transfer.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch.service create mode 100644 contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch@.service diff --git a/contrib/Makefile.am b/contrib/Makefile.am index 99927e7e6..9d1fe6cf4 100644 --- a/contrib/Makefile.am +++ b/contrib/Makefile.am @@ -70,7 +70,8 @@ EXTRA_DIST = \ $(rdata_DATA) \ coverage.sh \ gnunet.tag \ - microhttpd.tag + microhttpd.tag \ + packages # Change the set of supported languages here. You should # also update tos'XX'data and EXTRA_DIST accordingly. diff --git a/contrib/packages/fedora/etc-libtalerexchange/taler/overrides.conf b/contrib/packages/fedora/etc-libtalerexchange/taler/overrides.conf new file mode 100644 index 000000000..60296ead4 --- /dev/null +++ b/contrib/packages/fedora/etc-libtalerexchange/taler/overrides.conf @@ -0,0 +1 @@ +# This configuration will be changed by tooling. Do not touch it manually. diff --git a/contrib/packages/fedora/etc-libtalerexchange/taler/taler.conf b/contrib/packages/fedora/etc-libtalerexchange/taler/taler.conf new file mode 100644 index 000000000..1c86ccc36 --- /dev/null +++ b/contrib/packages/fedora/etc-libtalerexchange/taler/taler.conf @@ -0,0 +1,49 @@ +# Main entry point for the GNU Taler configuration. +# +# Structure: +# - taler.conf is the main configuration entry point +# used by all Taler components (the file you are currently +# looking at. +# - overrides.conf contains configuration overrides that are +# set by some tools that help with the configuration, +# and should not be edited by humans. Comments in this file +# are not preserved. +# - conf.d/ contains configuration files for +# Taler components, which can be read by all +# users of the system and are included by the main +# configuration. +# - secrets/ contains configuration snippets +# with secrets for particular services. +# These files should have restrictive permissions +# so that only users of the relevant services +# can read it. All files in it should end with +# ".secret.conf". + +[taler] + +# Currency of the Taler deployment. This setting applies to all Taler +# components that only support a single currency. +#currency = KUDOS + +# Smallest currency unit handled by the underlying bank system. Taler payments +# can make payments smaller than this units, but interactions with external +# systems is always rounded to this unit. +#currency_round_unit = KUDOS:0.01 + +# Monthly amount that mandatorily triggers an AML check +#AML_THRESHOLD = KUDOS:10000000 + +[paths] + +TALER_HOME = /var/lib/taler +TALER_RUNTIME_DIR = /run/taler +TALER_CACHE_HOME = /var/cache/taler +TALER_CONFIG_HOME = /etc/taler +TALER_DATA_HOME = /var/lib/taler + + +# Inline configurations from all Taler components. +@inline-matching@ conf.d/*.conf + +# Overrides from tools that help with configuration. +@inline@ overrides.conf diff --git a/contrib/packages/fedora/etc-taler-auditor/apache2/sites-available/taler-auditor.conf b/contrib/packages/fedora/etc-taler-auditor/apache2/sites-available/taler-auditor.conf new file mode 100644 index 000000000..f68c59558 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-auditor/apache2/sites-available/taler-auditor.conf @@ -0,0 +1,4 @@ + +ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" + diff --git a/contrib/packages/fedora/etc-taler-auditor/nginx/sites-available/taler-auditor b/contrib/packages/fedora/etc-taler-auditor/nginx/sites-available/taler-auditor new file mode 100644 index 000000000..f74035d53 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-auditor/nginx/sites-available/taler-auditor @@ -0,0 +1,18 @@ +server { + + listen 80; + listen [::]:80; + + server_name localhost; + + access_log /var/log/nginx/auditor.log; + error_log /var/log/nginx/auditor.err; + + location /taler-auditor/ { + proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "localhost"; + #proxy_set_header X-Forwarded-Proto "https"; + } +} \ No newline at end of file diff --git a/contrib/packages/fedora/etc-taler-auditor/taler/conf.d/auditor-system.conf b/contrib/packages/fedora/etc-taler-auditor/taler/conf.d/auditor-system.conf new file mode 100644 index 000000000..3d3aef33a --- /dev/null +++ b/contrib/packages/fedora/etc-taler-auditor/taler/conf.d/auditor-system.conf @@ -0,0 +1,12 @@ +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf + +[auditor] +# Debian package is configured to use a reverse proxy with a UNIX +# domain socket. See nginx/apache configuration files. +SERVE = UNIX +UNIXPATH = /var/lib/taler-auditor/auditor.sock + +# Only supported database is Postgres right now. +DATABASE = postgres diff --git a/contrib/packages/fedora/etc-taler-auditor/taler/secrets/auditor-db.secret.conf b/contrib/packages/fedora/etc-taler-auditor/taler/secrets/auditor-db.secret.conf new file mode 100644 index 000000000..b81bb817f --- /dev/null +++ b/contrib/packages/fedora/etc-taler-auditor/taler/secrets/auditor-db.secret.conf @@ -0,0 +1,10 @@ +# Database configuration for the Taler auditor. + +[auditordb-postgres] + +# Typically, there should only be a single line here, of the form: + +CONFIG=postgres:///DATABASE + +# The details of the URI depend on where the database lives and how +# access control was configured. diff --git a/contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf b/contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf new file mode 100644 index 000000000..3ec14feb2 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf @@ -0,0 +1,4 @@ + +ProxyPass "unix:/run/taler/exchange-httpd/exchange-http.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" + diff --git a/contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange b/contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange new file mode 100644 index 000000000..9b61a32df --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange @@ -0,0 +1,17 @@ +server { + listen 80; + listen [::]:80; + + server_name localhost; + + access_log /var/log/nginx/exchange.log; + error_log /var/log/nginx/exchange.err; + + location /taler-exchange/ { + proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "localhost"; + #proxy_set_header X-Forwarded-Proto "https"; + } +} diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf new file mode 100644 index 000000000..d5938f2b1 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf @@ -0,0 +1,50 @@ +# Configuration for business-level aspects of the exchange. + +[exchange] + +# Here you MUST add the master public key of the offline system +# which you can get using `taler-exchange-offline setup`. +# This is just an example, your key will be different! +# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG +# MASTER_PUBLIC_KEY = + +# Publicly visible base URL of the exchange. +# BASE_URL = https://example.com/ +# BASE_URL = + +# Here you MUST configure the amount above which transactions are +# always subject to manual AML review. +# AML_THRESHOLD = + +# Attribute encryption key for storing attributes encrypted +# in the database. Should be a high-entropy nonce. +ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE + +# For your terms of service and privacy policy, you should specify +# an Etag that must be updated whenever there are significant +# changes to either document. The format is up to you, what matters +# is that the value is updated and never re-used. See the HTTP +# specification on Etags. +# TERMS_ETAG = +# PRIVACY_ETAG = + +SERVE = unix +UNIXPATH_MODE = 666 + +# Bank accounts used by the exchange should be specified here: +[exchange-account-1] + +ENABLE_CREDIT = NO +ENABLE_DEBIT = NO + +# Account identifier in the form of an RFC-8905 payto:// URI. +# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME +# Make sure to URL-encode spaces in $NAME! +PAYTO_URI = + +# Credentials to access the account are in a separate +# config file with restricted permissions. +@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf + + + diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf new file mode 100644 index 000000000..8294525cb --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf @@ -0,0 +1,33 @@ +# +# This configuration file specifies the various denominations offered by your +# exchange. +# +# Each denomination must be specified in a sections starting with +# "coin_". +# +# What follows is an example. +# + +# [coin_FOO] +## Actual value of the coin +#VALUE = KUDOS:1 + +## How long will one key be used for withdrawals? +#DURATION_WITHDRAW = 7 days + +## How long do users have to spend their coins? +#DURATION_SPEND = 2 years + +## How long does the exchange keep the proofs around for legal disputes? +#DURATION_LEGAL = 6 years + +## Fees charged. Note that for the lowest denomination, the +## fee must precisely be the lowest denomination, or zero. +#FEE_WITHDRAW = KUDOS:0 +#FEE_DEPOSIT = KUDOS:0 +#FEE_REFRESH = KUDOS:0 +#FEE_REFUND = KUDOS:0 + +## How long should the RSA keys be. Do not change unless you really know +## what you are doing (consult your local cryptographer first!). +#RSA_KEYSIZE = 2048 diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf new file mode 100644 index 000000000..4ad7e06f6 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf @@ -0,0 +1,13 @@ +# Configuration settings for system parameters of the exchange. + +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf + +[exchange] + +# Only supported database is Postgres right now. +DATABASE = postgres + + + diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf new file mode 100644 index 000000000..8c8d14320 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf @@ -0,0 +1,17 @@ +# This file contains the secret credentials +# to access the Taler Wire Gateway API (usually +# provided by LibEuFin) for the exchange accounts. +# +# Each exchange-account-* section should have a matching +# exchange-accountcredentials-* section here. +# +# Each of those sections must be imported via @inline-secret@, +# usually in conf.d/exchange-business.conf. + +[exchange-accountcredentials-1] + +wire_gateway_auth_method = basic +password = +username = +wire_gateway_url = + diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf new file mode 100644 index 000000000..a7a727b62 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf @@ -0,0 +1,10 @@ +# Database configuration for the Taler exchange. + +[exchangedb-postgres] + +# Typically, there should only be a single line here, of the form: + +# CONFIG=postgres:///DATABASE + +# The details of the URI depend on where the database lives and how +# access control was configured. diff --git a/contrib/packages/fedora/taler-auditor.taler-auditor-httpd.service b/contrib/packages/fedora/taler-auditor.taler-auditor-httpd.service new file mode 100644 index 000000000..9aefab641 --- /dev/null +++ b/contrib/packages/fedora/taler-auditor.taler-auditor-httpd.service @@ -0,0 +1,12 @@ +[Unit] +Description=GNU Taler payment system auditor REST API +After=postgres.service network.target + +[Service] +User=taler-auditor-httpd +Type=simple +Restart=on-failure +ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf + +[Install] +WantedBy=multi-user.target diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-aggregator.service b/contrib/packages/fedora/taler-exchange.taler-exchange-aggregator.service new file mode 100644 index 000000000..246cad5c1 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-aggregator.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange aggregator service +PartOf=taler-exchange.target +After=postgres.service + +[Service] +User=taler-exchange-aggregator +Type=simple +Restart=always +RestartSec=1s +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-aggregator@.service b/contrib/packages/fedora/taler-exchange.taler-exchange-aggregator@.service new file mode 100644 index 000000000..bfc44a9a9 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-aggregator@.service @@ -0,0 +1,17 @@ +[Unit] +Description=GNU Taler payment system exchange aggregator service +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-aggregator +Type=simple +Restart=always +RestartSec=1s +ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-closer.service b/contrib/packages/fedora/taler-exchange.taler-exchange-closer.service new file mode 100644 index 000000000..97a385c13 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-closer.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange closer service +PartOf=taler-exchange.target +After=network.target postgres.service + +[Service] +User=taler-exchange-closer +Type=simple +Restart=always +RestartSec=1s +ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-expire.service b/contrib/packages/fedora/taler-exchange.taler-exchange-expire.service new file mode 100644 index 000000000..250f210fe --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-expire.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange expire service +PartOf=taler-exchange.target +After=postgres.service + +[Service] +User=taler-exchange-expire +Type=simple +Restart=always +RestartSec=1s +ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-httpd.service b/contrib/packages/fedora/taler-exchange.taler-exchange-httpd.service new file mode 100644 index 000000000..3671bdc7d --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-httpd.service @@ -0,0 +1,33 @@ +[Unit] +Description=GNU Taler payment system exchange REST API +AssertPathExists=/run/taler/exchange-httpd +Requires=taler-exchange-httpd.socket taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +After=postgres.service network.target taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-httpd +Type=simple + +# Depending on the configuration, the service process kills itself and then +# needs to be restarted. Thus no significant delay on restarts. +Restart=always +RestartSec=1ms + +# Disable the service if more than 5 restarts are encountered within 5s. +# These are usually the systemd defaults, but can be overwritten, thus we set +# them here explicitly, as the exchange code assumes StartLimitInterval +# to be >=5s. +StartLimitBurst=5 +StartLimitInterval=5s + +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice + +[Install] +WantedBy=multi-user.target diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-httpd@.service b/contrib/packages/fedora/taler-exchange.taler-exchange-httpd@.service new file mode 100644 index 000000000..e0246899c --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-httpd@.service @@ -0,0 +1,27 @@ +% This is a systemd service template. +[Unit] +Description=GNU Taler payment system exchange REST API at %I +AssertPathExists=/run/taler/exchange-httpd +Requires=taler-exchange-httpd@%i.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +After=postgres.service network.target taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-httpd +Type=simple +# Depending on the configuration, the service suicides and then +# needs to be restarted. +Restart=always +# Do not dally on restarts. +RestartSec=1ms +EnvironmentFile=/etc/environment +ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice + +[Install] +WantedBy=multi-user.target diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-cs.service b/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-cs.service new file mode 100644 index 000000000..3b5e0745d --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-cs.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange CS security module +AssertPathExists=/run/taler/exchange-secmod-cs +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-secmod-cs +Type=simple +Restart=always +RestartSec=100ms +ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full +IPAddressDeny=any +Slice=taler-exchange.slice diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-eddsa.service b/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-eddsa.service new file mode 100644 index 000000000..e8fba1736 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-eddsa.service @@ -0,0 +1,19 @@ +[Unit] +Description=GNU Taler payment system exchange EdDSA security module +AssertPathExists=/run/taler/exchange-secmod-eddsa +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-secmod-eddsa +Type=simple +Restart=always +RestartSec=100ms +ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full +IPAddressDeny=any +Slice=taler-exchange.slice + diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-rsa.service b/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-rsa.service new file mode 100644 index 000000000..10a9585a7 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-secmod-rsa.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange RSA security module +AssertPathExists=/run/taler/exchange-secmod-rsa +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-secmod-rsa +Type=simple +Restart=always +RestartSec=100ms +ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=no +PrivateDevices=yes +ProtectSystem=full +IPAddressDeny=any +Slice=taler-exchange.slice diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-transfer.service b/contrib/packages/fedora/taler-exchange.taler-exchange-transfer.service new file mode 100644 index 000000000..e26af20d0 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-transfer.service @@ -0,0 +1,18 @@ +[Unit] +Description=Taler Exchange Transfer Service +After=network.target postgres.service +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-wire +Type=simple +Restart=always +RestartSec=1s +ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch.service b/contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch.service new file mode 100644 index 000000000..7b74737b7 --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange wirewatch service +After=network.target postgres.service +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-wire +Type=simple +Restart=always +RestartSec=1s +RuntimeMaxSec=3600s +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice diff --git a/contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch@.service b/contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch@.service new file mode 100644 index 000000000..85bb9268b --- /dev/null +++ b/contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch@.service @@ -0,0 +1,18 @@ +[Unit] +Description=GNU Taler payment system exchange wirewatch service +After=network.target +PartOf=taler-exchange.target + +[Service] +User=taler-exchange-wire +Type=simple +Restart=always +RestartSec=1s +ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf +StandardOutput=journal +StandardError=journal +PrivateTmp=yes +PrivateDevices=yes +ProtectSystem=full +Slice=taler-exchange.slice +RuntimeMaxSec=3600s