#!/bin/bash set -e . /usr/share/debconf/confmodule case "${1}" in configure) db_version 2.0 db_get taler-exchange/eusername _EUSERNAME="${RET:-taler-exchange-httpd}" db_get taler-exchange/rsecusername _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}" db_get taler-exchange/esecusername _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}" db_get taler-exchange/wireusername _WIREUSERNAME="${RET:-taler-exchange-wire}" db_get taler-exchange/aggrusername _AGGRUSERNAME="${RET:-taler-exchange-aggregator}" db_get taler-exchange/groupname _GROUPNAME="${RET:-taler-private}" db_get taler-exchange/dbgroupname _DBGROUPNAME="${RET:-taler-exchange-db}" db_stop CONFIG_FILE="/etc/default/taler-exchange" TALER_HOME="/var/lib/taler-exchange" # Creating taler groups as needed if ! getent group ${_GROUPNAME} > /dev/null then echo -n "Creating new Taler group ${_GROUPNAME}:" addgroup --quiet --system ${_GROUPNAME} echo " done." fi if ! getent group ${_DBGROUPNAME} > /dev/null then echo -n "Creating new Taler group ${_DBGROUPNAME}:" addgroup --quiet --system ${_DBGROUPNAME} echo " done." fi # Creating taler users if needed if ! getent passwd ${_EUSERNAME} > /dev/null then echo -n "Creating new Taler user ${_EUSERNAME}:" adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME} adduser ${_EUSERNAME} ${_DBGROUPNAME} echo " done." fi if ! getent passwd ${_RSECUSERNAME} > /dev/null then echo -n "Creating new Taler user ${_RSECUSERNAME}:" adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME} echo " done." fi if ! getent passwd ${_ESECUSERNAME} > /dev/null then echo -n "Creating new Taler user ${_ESECUSERNAME}:" adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME} echo " done." fi if ! getent passwd ${_WIREUSERNAME} > /dev/null then echo -n "Creating new Taler user ${_WIREUSERNAME}:" adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME} adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME} echo " done." fi if ! getent passwd ${_AGGRUSERNAME} > /dev/null then echo -n "Creating new Taler user ${_AGGRUSERNAME}:" adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME} adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME} echo " done." fi # Writing new values to configuration file echo -n "Writing new configuration file:" CONFIG_NEW=$(tempfile) cat > "${CONFIG_NEW}" <<EOF # This file controls the behaviour of the Taler init script. # It will be parsed as a shell script. # please do not edit by hand, use 'dpkg-reconfigure taler-exchange'. TALER_EUSER=${_EUSERNAME} TALER_RSECUSER=${_RESCUSERNAME} TALER_ESECUSER=${_ESECUSERNAME} TALER_WIREUSER=${_WIREUSERNAME} TALER_AGGRUSER=${_AGGRUSERNAME} TALER_GROUP=${_GROUPNAME} EOF cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF [Unit] Description=GNU Taler payment system exchange REST API Requires=taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service Wants=taler-exchange-wirewatch taler-exchange-aggregator taler-exchange-transfer After=postgres.service network.target [Service] EnvironmentFile=/etc/default/taler-exchange User=${_EUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full [Install] WantedBy=multi-user.target EOF cat > "/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF [Unit] Description=GNU Taler payment system exchange RSA security module [Service] EnvironmentFile=/etc/default/taler-exchange User=${_RSECUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full EOF cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF [Unit] Description=GNU Taler payment system exchange EdDSA security module [Service] EnvironmentFile=/etc/default/taler-exchange User=${_ESECUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-exchange.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full EOF cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF [Unit] Description=GNU Taler payment system exchange wirewatch service After=network.target [Service] EnvironmentFile=/etc/default/taler-exchange User=${_WIREUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf PrivateTmp=yes PrivateDevices=yes ProtectSystem=full EOF cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF [Unit] Description=GNU Taler payment system exchange transfer service After=network.target [Service] EnvironmentFile=/etc/default/taler-exchange User=${_WIREUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf PrivateTmp=yes PrivateDevices=yes ProtectSystem=full EOF cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF [Unit] Description=GNU Taler payment system exchange aggregator service [Service] EnvironmentFile=/etc/default/taler-exchange User=${_AGGRUSERNAME} Type=simple Restart=on-failure ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf PrivateTmp=yes PrivateDevices=yes ProtectSystem=full EOF cp -f "${CONFIG_NEW}" "${CONFIG_FILE}" rm -f "${CONFIG_NEW}" echo " done." echo -n "Setting up system services " mkdir -p /var/lib/taler-exchange/tmp chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp chmod 770 /var/lib/taler-exchange/tmp chmod +s /var/lib/taler-exchange/tmp chown ${_WIREUSERNAME}:root /etc/taler-wire.conf chmod 460 /etc/taler-wire.conf chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf chmod 640 /etc/taler-exchange-db.conf chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf chmod 460 /etc/taler-wire.conf systemctl daemon-reload >/dev/null 2>&1 || true echo "done." # Cleaning echo "All done." ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`${1}'" >&2 exit 1 ;; esac #DEBHELPER# exit 0