taler/exchange
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge branch 'master' of git+ssh://git.taler.net/exchange

Browse Source
This commit is contained in:
Christian Grothoff 2023-05-21 18:26:02 +02:00
commit 721cd047ff
No known key found for this signature in database
GPG Key ID: 939E6BE1E29FC3CC
27 changed files with 492 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
contrib/Makefile.am
View File

@ -70,7 +70,8 @@ EXTRA_DIST = \
$(rdata_DATA) \
coverage.sh \
gnunet.tag \
microhttpd.tag
microhttpd.tag \
packages
# Change the set of supported languages here. You should
# also update tos'XX'data and EXTRA_DIST accordingly.

1
contrib/packages/fedora/etc-libtalerexchange/taler/overrides.conf Normal file
View File

@ -0,0 +1 @@
# This configuration will be changed by tooling. Do not touch it manually.

49
contrib/packages/fedora/etc-libtalerexchange/taler/taler.conf Normal file
View File

@ -0,0 +1,49 @@
# Main entry point for the GNU Taler configuration.
#
# Structure:
# - taler.conf is the main configuration entry point
# used by all Taler components (the file you are currently
# looking at.
# - overrides.conf contains configuration overrides that are
# set by some tools that help with the configuration,
# and should not be edited by humans. Comments in this file
# are not preserved.
# - conf.d/ contains configuration files for
# Taler components, which can be read by all
# users of the system and are included by the main
# configuration.
# - secrets/ contains configuration snippets
# with secrets for particular services.
# These files should have restrictive permissions
# so that only users of the relevant services
# can read it. All files in it should end with
# ".secret.conf".
[taler]
# Currency of the Taler deployment. This setting applies to all Taler
# components that only support a single currency.
#currency = KUDOS
# Smallest currency unit handled by the underlying bank system. Taler payments
# can make payments smaller than this units, but interactions with external
# systems is always rounded to this unit.
#currency_round_unit = KUDOS:0.01
# Monthly amount that mandatorily triggers an AML check
#AML_THRESHOLD = KUDOS:10000000
[paths]
TALER_HOME = /var/lib/taler
TALER_RUNTIME_DIR = /run/taler
TALER_CACHE_HOME = /var/cache/taler
TALER_CONFIG_HOME = /etc/taler
TALER_DATA_HOME = /var/lib/taler
# Inline configurations from all Taler components.
@inline-matching@ conf.d/*.conf
# Overrides from tools that help with configuration.
@inline@ overrides.conf

4
contrib/packages/fedora/etc-taler-auditor/apache2/sites-available/taler-auditor.conf Normal file
View File

@ -0,0 +1,4 @@
<Location "/taler-auditor/">
ProxyPass "unix:/var/lib/taler-auditor/auditor.sock|http://example.com/"
RequestHeader add "X-Forwarded-Proto" "https"
</Location>

18
contrib/packages/fedora/etc-taler-auditor/nginx/sites-available/taler-auditor Normal file
View File

@ -0,0 +1,18 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/auditor.log;
error_log /var/log/nginx/auditor.err;
location /taler-auditor/ {
proxy_pass http://unix:/var/lib/taler-auditor/auditor.sock;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Proto "https";
}
}

12
contrib/packages/fedora/etc-taler-auditor/taler/conf.d/auditor-system.conf Normal file
View File

@ -0,0 +1,12 @@
# Read secret sections into configuration, but only
# if we have permission to do so.
@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf
[auditor]
# Debian package is configured to use a reverse proxy with a UNIX
# domain socket. See nginx/apache configuration files.
SERVE = UNIX
UNIXPATH = /var/lib/taler-auditor/auditor.sock
# Only supported database is Postgres right now.
DATABASE = postgres

10
contrib/packages/fedora/etc-taler-auditor/taler/secrets/auditor-db.secret.conf Normal file
View File

@ -0,0 +1,10 @@
# Database configuration for the Taler auditor.
[auditordb-postgres]
# Typically, there should only be a single line here, of the form:
CONFIG=postgres:///DATABASE
# The details of the URI depend on where the database lives and how
# access control was configured.

4
contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf Normal file
View File

@ -0,0 +1,4 @@
<Location "/taler-exchange/">
ProxyPass "unix:/run/taler/exchange-httpd/exchange-http.sock|http://example.com/"
RequestHeader add "X-Forwarded-Proto" "https"
</Location>

17
contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange Normal file
View File

@ -0,0 +1,17 @@
server {
listen 80;
listen [::]:80;
server_name localhost;
access_log /var/log/nginx/exchange.log;
error_log /var/log/nginx/exchange.err;
location /taler-exchange/ {
proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host "localhost";
#proxy_set_header X-Forwarded-Proto "https";
}
}

50
contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf Normal file
View File

@ -0,0 +1,50 @@
# Configuration for business-level aspects of the exchange.
[exchange]
# Here you MUST add the master public key of the offline system
# which you can get using `taler-exchange-offline setup`.
# This is just an example, your key will be different!
# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
# MASTER_PUBLIC_KEY =
# Publicly visible base URL of the exchange.
# BASE_URL = https://example.com/
# BASE_URL =
# Here you MUST configure the amount above which transactions are
# always subject to manual AML review.
# AML_THRESHOLD =
# Attribute encryption key for storing attributes encrypted
# in the database. Should be a high-entropy nonce.
ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE
# For your terms of service and privacy policy, you should specify
# an Etag that must be updated whenever there are significant
# changes to either document. The format is up to you, what matters
# is that the value is updated and never re-used. See the HTTP
# specification on Etags.
# TERMS_ETAG =
# PRIVACY_ETAG =
SERVE = unix
UNIXPATH_MODE = 666
# Bank accounts used by the exchange should be specified here:
[exchange-account-1]
ENABLE_CREDIT = NO
ENABLE_DEBIT = NO
# Account identifier in the form of an RFC-8905 payto:// URI.
# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME
# Make sure to URL-encode spaces in $NAME!
PAYTO_URI =
# Credentials to access the account are in a separate
# config file with restricted permissions.
@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf

33
contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf Normal file
View File

@ -0,0 +1,33 @@
#
# This configuration file specifies the various denominations offered by your
# exchange.
#
# Each denomination must be specified in a sections starting with
# "coin_".
#
# What follows is an example.
#
# [coin_FOO]
## Actual value of the coin
#VALUE = KUDOS:1
## How long will one key be used for withdrawals?
#DURATION_WITHDRAW = 7 days
## How long do users have to spend their coins?
#DURATION_SPEND = 2 years
## How long does the exchange keep the proofs around for legal disputes?
#DURATION_LEGAL = 6 years
## Fees charged. Note that for the lowest denomination, the
## fee must precisely be the lowest denomination, or zero.
#FEE_WITHDRAW = KUDOS:0
#FEE_DEPOSIT = KUDOS:0
#FEE_REFRESH = KUDOS:0
#FEE_REFUND = KUDOS:0
## How long should the RSA keys be. Do not change unless you really know
## what you are doing (consult your local cryptographer first!).
#RSA_KEYSIZE = 2048

13
contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf Normal file
View File

@ -0,0 +1,13 @@
# Configuration settings for system parameters of the exchange.
# Read secret sections into configuration, but only
# if we have permission to do so.
@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
[exchange]
# Only supported database is Postgres right now.
DATABASE = postgres

17
contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf Normal file
View File

@ -0,0 +1,17 @@
# This file contains the secret credentials
# to access the Taler Wire Gateway API (usually
# provided by LibEuFin) for the exchange accounts.
#
# Each exchange-account-* section should have a matching
# exchange-accountcredentials-* section here.
#
# Each of those sections must be imported via @inline-secret@,
# usually in conf.d/exchange-business.conf.
[exchange-accountcredentials-1]
wire_gateway_auth_method = basic
password =
username =
wire_gateway_url =

10
contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf Normal file
View File

@ -0,0 +1,10 @@
# Database configuration for the Taler exchange.
[exchangedb-postgres]
# Typically, there should only be a single line here, of the form:
# CONFIG=postgres:///DATABASE
# The details of the URI depend on where the database lives and how
# access control was configured.

12
contrib/packages/fedora/taler-auditor.taler-auditor-httpd.service Normal file
View File

@ -0,0 +1,12 @@
[Unit]
Description=GNU Taler payment system auditor REST API
After=postgres.service network.target
[Service]
User=taler-auditor-httpd
Type=simple
Restart=on-failure
ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf
[Install]
WantedBy=multi-user.target

18
contrib/packages/fedora/taler-exchange.taler-exchange-aggregator.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
After=postgres.service
[Service]
User=taler-exchange-aggregator
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

17
contrib/packages/fedora/taler-exchange.taler-exchange-aggregator@.service Normal file
View File

@ -0,0 +1,17 @@
[Unit]
Description=GNU Taler payment system exchange aggregator service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-aggregator
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

18
contrib/packages/fedora/taler-exchange.taler-exchange-closer.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange closer service
PartOf=taler-exchange.target
After=network.target postgres.service
[Service]
User=taler-exchange-closer
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

18
contrib/packages/fedora/taler-exchange.taler-exchange-expire.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange expire service
PartOf=taler-exchange.target
After=postgres.service
[Service]
User=taler-exchange-expire
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-expire -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

33
contrib/packages/fedora/taler-exchange.taler-exchange-httpd.service Normal file
View File

@ -0,0 +1,33 @@
[Unit]
Description=GNU Taler payment system exchange REST API
AssertPathExists=/run/taler/exchange-httpd
Requires=taler-exchange-httpd.socket taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
After=postgres.service network.target taler-exchange-secmod-cs.service taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-httpd
Type=simple
# Depending on the configuration, the service process kills itself and then
# needs to be restarted. Thus no significant delay on restarts.
Restart=always
RestartSec=1ms
# Disable the service if more than 5 restarts are encountered within 5s.
# These are usually the systemd defaults, but can be overwritten, thus we set
# them here explicitly, as the exchange code assumes StartLimitInterval
# to be >=5s.
StartLimitBurst=5
StartLimitInterval=5s
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
[Install]
WantedBy=multi-user.target

27
contrib/packages/fedora/taler-exchange.taler-exchange-httpd@.service Normal file
View File

@ -0,0 +1,27 @@
% This is a systemd service template.
[Unit]
Description=GNU Taler payment system exchange REST API at %I
AssertPathExists=/run/taler/exchange-httpd
Requires=taler-exchange-httpd@%i.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
After=postgres.service network.target taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-httpd
Type=simple
# Depending on the configuration, the service suicides and then
# needs to be restarted.
Restart=always
# Do not dally on restarts.
RestartSec=1ms
EnvironmentFile=/etc/environment
ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
[Install]
WantedBy=multi-user.target

18
contrib/packages/fedora/taler-exchange.taler-exchange-secmod-cs.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange CS security module
AssertPathExists=/run/taler/exchange-secmod-cs
PartOf=taler-exchange.target
[Service]
User=taler-exchange-secmod-cs
Type=simple
Restart=always
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-secmod-cs -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

19
contrib/packages/fedora/taler-exchange.taler-exchange-secmod-eddsa.service Normal file
View File

@ -0,0 +1,19 @@
[Unit]
Description=GNU Taler payment system exchange EdDSA security module
AssertPathExists=/run/taler/exchange-secmod-eddsa
PartOf=taler-exchange.target
[Service]
User=taler-exchange-secmod-eddsa
Type=simple
Restart=always
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

18
contrib/packages/fedora/taler-exchange.taler-exchange-secmod-rsa.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange RSA security module
AssertPathExists=/run/taler/exchange-secmod-rsa
PartOf=taler-exchange.target
[Service]
User=taler-exchange-secmod-rsa
Type=simple
Restart=always
RestartSec=100ms
ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=no
PrivateDevices=yes
ProtectSystem=full
IPAddressDeny=any
Slice=taler-exchange.slice

18
contrib/packages/fedora/taler-exchange.taler-exchange-transfer.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=Taler Exchange Transfer Service
After=network.target postgres.service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s

18
contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target postgres.service
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
RestartSec=1s
RuntimeMaxSec=3600s
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice

18
contrib/packages/fedora/taler-exchange.taler-exchange-wirewatch@.service Normal file
View File

@ -0,0 +1,18 @@
[Unit]
Description=GNU Taler payment system exchange wirewatch service
After=network.target
PartOf=taler-exchange.target
[Service]
User=taler-exchange-wire
Type=simple
Restart=always
RestartSec=1s
ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
StandardOutput=journal
StandardError=journal
PrivateTmp=yes
PrivateDevices=yes
ProtectSystem=full
Slice=taler-exchange.slice
RuntimeMaxSec=3600s