[taler-exchange] branch master updated: simplify configuration

gnunet-svn
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-exchange] branch master updated: simplify configuration

From:	gnunet
Subject:	[taler-exchange] branch master updated: simplify configuration
Date:	Thu, 29 Jul 2021 13:41:54 +0200
This is an automated email from the git hooks/post-receive script.

dold pushed a commit to branch master
in repository exchange.

The following commit(s) were added to refs/heads/master by this push:
     new a367347a simplify configuration
a367347a is described below

commit a367347a54338641180083573698b1fb48aced55
Author: Florian Dold <florian@dold.me>
AuthorDate: Thu Jul 29 13:41:49 2021 +0200

    simplify configuration
---
 debian/etc/taler/auditor-service-default.conf      |  1 -
 debian/etc/taler/{ => conf.d}/auditor-system.conf  |  8 +++---
 .../etc/taler/{ => conf.d}/exchange-business.conf  |  4 +--
 debian/etc/taler/{ => conf.d}/exchange-system.conf | 14 ++++-------
 debian/etc/taler/exchange-offline.conf             |  8 ------
 debian/etc/taler/exchange-service-default.conf     | 10 --------
 debian/etc/taler/exchange-service-secmod.conf      |  9 -------
 debian/etc/taler/exchange-service-wire.conf        | 12 ---------
 .../auditor-db.secret.conf}                        |  6 ++---
 .../exchange-accounts.secret.conf}                 | 17 +++++++++++++
 .../exchange-db.secret.conf}                       |  2 +-
 debian/etc/taler/taler.conf                        | 29 ++++++++++++++++++++++
 debian/taler-auditor.taler-auditor-httpd.service   |  2 +-
 debian/taler-exchange-offline.postinst             | 16 ------------
 debian/taler-exchange.postinst                     | 10 ++++++--
 ...aler-exchange.taler-exchange-aggregator.service |  2 +-
 .../taler-exchange.taler-exchange-closer.service   |  2 +-
 debian/taler-exchange.taler-exchange-httpd.service |  2 +-
 ...er-exchange.taler-exchange-secmod-eddsa.service |  2 +-
 ...aler-exchange.taler-exchange-secmod-rsa.service |  2 +-
 .../taler-exchange.taler-exchange-transfer.service |  2 +-
 ...taler-exchange.taler-exchange-wirewatch.service |  2 +-
 debian/taler-exchange.tmpfiles                     |  4 ---
 23 files changed, 75 insertions(+), 91 deletions(-)

diff --git a/debian/etc/taler/auditor-service-default.conf 
b/debian/etc/taler/auditor-service-default.conf
deleted file mode 100644
index 259c4359..00000000
--- a/debian/etc/taler/auditor-service-default.conf
+++ /dev/null
@@ -1 +0,0 @@
-@INLINE@ auditor-system.conf
diff --git a/debian/etc/taler/auditor-system.conf 
b/debian/etc/taler/conf.d/auditor-system.conf
similarity index 58%
rename from debian/etc/taler/auditor-system.conf
rename to debian/etc/taler/conf.d/auditor-system.conf
index 50971b2e..3d3aef33 100644
--- a/debian/etc/taler/auditor-system.conf
+++ b/debian/etc/taler/conf.d/auditor-system.conf
@@ -1,8 +1,6 @@
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-auditor/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf
 
 [auditor]
 # Debian package is configured to use a reverse proxy with a UNIX
diff --git a/debian/etc/taler/exchange-business.conf 
b/debian/etc/taler/conf.d/exchange-business.conf
similarity index 94%
rename from debian/etc/taler/exchange-business.conf
rename to debian/etc/taler/conf.d/exchange-business.conf
index 669ed454..ecd010da 100644
--- a/debian/etc/taler/exchange-business.conf
+++ b/debian/etc/taler/conf.d/exchange-business.conf
@@ -1,8 +1,6 @@
 # Configuration for business-level aspects of the exchange.
 
-[taler]
-# Here you need to set the currency of your exchange:
-# CURRENCY = KUDOS
+[exchange]
 
 # Here you MUST add the master public key of the offline system
 # which you can get using `taler-exchange-offline setup`.
diff --git a/debian/etc/taler/exchange-system.conf 
b/debian/etc/taler/conf.d/exchange-system.conf
similarity index 55%
rename from debian/etc/taler/exchange-system.conf
rename to debian/etc/taler/conf.d/exchange-system.conf
index 2b7f3430..6df381ee 100644
--- a/debian/etc/taler/exchange-system.conf
+++ b/debian/etc/taler/conf.d/exchange-system.conf
@@ -1,13 +1,9 @@
-# Configuration settings for system parameters of
-# the exchange.  Should be included in all service-specific
-# configuration files for the exchange.
-#
-# Please read the taler-exchange.README.Debian for how to configure a Taler 
exchange.
-
-[PATHS]
-
-TALER_RUNTIME_DIR = /run/taler-exchange-private
+# Configuration settings for system parameters of the exchange.
 
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ exchange-account-1 ../secrets/exchange-accounts.secret.conf
+@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
 
 [exchange]
 # Debian package is configured to use a reverse proxy with a UNIX
diff --git a/debian/etc/taler/exchange-offline.conf 
b/debian/etc/taler/exchange-offline.conf
deleted file mode 100644
index c1c039f9..00000000
--- a/debian/etc/taler/exchange-offline.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# This configuration file is the entry point for the offline key management.
-#
-# It includes other configuration files, which are applied on top of the
-# read-only base configuration (typically in /usr/share/taler/config.d/).
-
-# This file should be identical to the business configuration of the running
-# online exchange
-@INLINE@ exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-default.conf 
b/debian/etc/taler/exchange-service-default.conf
deleted file mode 100644
index 4e398100..00000000
--- a/debian/etc/taler/exchange-service-default.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# This configuration file is the entry point for most
-# Taler exchange services.
-#
-# It includes other configuration files,
-# which are applied on top of the read-only base configuration
-# (typically in /usr/share/taler/config.d/).
-
-@INLINE@ exchange-system.conf
-@INLINE@ exchange-db.conf
-@INLINE@ exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-secmod.conf 
b/debian/etc/taler/exchange-service-secmod.conf
deleted file mode 100644
index 5f5c012c..00000000
--- a/debian/etc/taler/exchange-service-secmod.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# This configuration file is the entry point for the exchange
-# security modules.
-#
-# It includes other configuration files,
-# which are applied on top of the read-only base configuration
-# (typically in /usr/share/taler/config.d/).
-
-@INLINE@ exchange-system.conf
-@INLINE@ exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-wire.conf 
b/debian/etc/taler/exchange-service-wire.conf
deleted file mode 100644
index ed25e381..00000000
--- a/debian/etc/taler/exchange-service-wire.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# This configuration file is the entry point for
-# Taler exchange services that access the wire gateway,
-# i.e. the protocol bridge to core banking functionality.
-#
-# It includes other configuration files,
-# which are applied on top of the read-only base configuration
-# (typically in /usr/share/taler/config.d/).
-
-@INLINE@ exchange-system.conf
-@INLINE@ exchange-db.conf
-@INLINE@ exchange-business.conf
-@INLINE@ exchange-wire-gateway.conf
diff --git a/debian/etc/taler/exchange-db.conf 
b/debian/etc/taler/secrets/auditor-db.secret.conf
similarity index 63%
copy from debian/etc/taler/exchange-db.conf
copy to debian/etc/taler/secrets/auditor-db.secret.conf
index a7a727b6..b81bb817 100644
--- a/debian/etc/taler/exchange-db.conf
+++ b/debian/etc/taler/secrets/auditor-db.secret.conf
@@ -1,10 +1,10 @@
-# Database configuration for the Taler exchange.
+# Database configuration for the Taler auditor.
 
-[exchangedb-postgres]
+[auditordb-postgres]
 
 # Typically, there should only be a single line here, of the form:
 
-# CONFIG=postgres:///DATABASE
+CONFIG=postgres:///DATABASE
 
 # The details of the URI depend on where the database lives and how
 # access control was configured.
diff --git a/debian/etc/taler/exchange-wire-gateway.conf 
b/debian/etc/taler/secrets/exchange-accounts.secret.conf
similarity index 64%
rename from debian/etc/taler/exchange-wire-gateway.conf
rename to debian/etc/taler/secrets/exchange-accounts.secret.conf
index e5c749c8..7b6c649f 100644
--- a/debian/etc/taler/exchange-wire-gateway.conf
+++ b/debian/etc/taler/secrets/exchange-accounts.secret.conf
@@ -2,3 +2,20 @@
 # by the Taler exchange to talk to LibEuFin to interact with the bank.
 # The file SHOULD only be readable for the "taler-exchange-wire" user,
 # as other users/services have no business talking to the bank.
+
+
+[exchange-account-1]
+enable_credit = yes
+
+enable_debit = yes
+
+wire_gateway_auth_method = basic
+
+password =
+
+username =
+
+wire_gateway_url =
+
+payto_uri =
+
diff --git a/debian/etc/taler/exchange-db.conf 
b/debian/etc/taler/secrets/exchange-db.secret.conf
similarity index 89%
rename from debian/etc/taler/exchange-db.conf
rename to debian/etc/taler/secrets/exchange-db.secret.conf
index a7a727b6..596dcc92 100644
--- a/debian/etc/taler/exchange-db.conf
+++ b/debian/etc/taler/secrets/exchange-db.secret.conf
@@ -4,7 +4,7 @@
 
 # Typically, there should only be a single line here, of the form:
 
-# CONFIG=postgres:///DATABASE
+CONFIG=postgres:///DATABASE
 
 # The details of the URI depend on where the database lives and how
 # access control was configured.
diff --git a/debian/etc/taler/taler.conf b/debian/etc/taler/taler.conf
new file mode 100644
index 00000000..27ccf47d
--- /dev/null
+++ b/debian/etc/taler/taler.conf
@@ -0,0 +1,29 @@
+# Main entry point for the GNU Taler configuration.
+#
+# Structure:
+# - taler.conf is the main configuration entry point
+#   used by all Taler components
+# - conf.d/ contains configuration files for
+#   Taler components, which can be read by all
+#   users of the system and are included by the main
+#   configuration
+# - secrets/ contains configuration snippets
+#   with secrets for particular services.
+#   These files should have restrictive permissions
+#   so that only users of the relevant services
+#   can read it.
+
+[taler]
+
+# Currency of the Taler deployment.  This setting applies to all Taler
+# components that only support a single currency.
+#currency = KUDOS
+
+# Smallest currency unit handled by the underlying bank system.  Taler payments
+# can make payments smaller than this units, but interactions with external
+# systems is always rounded to this unit.
+#currency_round_unit = KUDOS:0.01
+
+
+# Inline configurations from all Taler components.
+@inline-matching@ conf.d/*.conf
diff --git a/debian/taler-auditor.taler-auditor-httpd.service 
b/debian/taler-auditor.taler-auditor-httpd.service
index c5e1970c..9aefab64 100644
--- a/debian/taler-auditor.taler-auditor-httpd.service
+++ b/debian/taler-auditor.taler-auditor-httpd.service
@@ -6,7 +6,7 @@ After=postgres.service network.target
 User=taler-auditor-httpd
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler-auditor.conf
+ExecStart=/usr/bin/taler-auditor-httpd -c /etc/taler/taler.conf
 
 [Install]
 WantedBy=multi-user.target
diff --git a/debian/taler-exchange-offline.postinst 
b/debian/taler-exchange-offline.postinst
index a0659232..b93761de 100644
--- a/debian/taler-exchange-offline.postinst
+++ b/debian/taler-exchange-offline.postinst
@@ -1,4 +1,3 @@
-#!/bin/bash
 
 set -e
 
@@ -6,16 +5,6 @@ set -e
 
 TALER_HOME="/var/lib/taler-exchange"
 
-# usage: lncfg user home target
-function lncfg() {
-  local cf=$TALER_HOME/$2/.config
-  if [ ! -e $cf ]; then
-    mkdir $cf
-    chown $(stat -L -c %u $TALER_HOME/$2):$(stat -L -c %g $TALER_HOME/$2) $cf
-  fi
-  ln -sf $3 $cf/taler.conf
-}
-
 case "${1}" in
 configure)
 
@@ -29,11 +18,6 @@ configure)
       --home ${TALER_HOME}/offline taler-exchange-offline
   fi
 
-  lncfg taler-exchange-offline offline /etc/taler/exchange-offline.conf
-
-  echo "All done."
-  ;;
-
 abort-upgrade | abort-remove | abort-deconfigure) ;;
 
 *)
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index 18f140f5..a5a2b97a 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -15,6 +15,12 @@ _ESECUSERNAME=taler-exchange-secmod-eddsa
 _AGGRUSERNAME=taler-exchange-aggregator
 _WIREUSERNAME=taler-exchange-wire
 
+# usage: fixperm user:group perms file
+function fixperm() {
+  chown "$1" "$3"
+  chmod "$2" "$3"
+}
+
 case "${1}" in
 configure)
 
@@ -50,8 +56,8 @@ configure)
     adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
   fi
 
-  fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
-  fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
+  fixperm ${_WIREUSERNAME}:root 460 
/etc/taler/secrets/exchange-accounts.secret.conf
+  fixperm root:${_DBGROUPNAME} 640 /etc/taler/secrets/exchange-db.secret.conf
 
   ;;
 
diff --git a/debian/taler-exchange.taler-exchange-aggregator.service 
b/debian/taler-exchange.taler-exchange-aggregator.service
index b7010973..daee1d0b 100644
--- a/debian/taler-exchange.taler-exchange-aggregator.service
+++ b/debian/taler-exchange.taler-exchange-aggregator.service
@@ -6,7 +6,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-aggregator
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-aggregator -c 
/etc/taler/exchange-service-default.conf
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=yes
diff --git a/debian/taler-exchange.taler-exchange-closer.service 
b/debian/taler-exchange.taler-exchange-closer.service
index c4a8f2c4..3698a73a 100644
--- a/debian/taler-exchange.taler-exchange-closer.service
+++ b/debian/taler-exchange.taler-exchange-closer.service
@@ -6,7 +6,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-closer
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-closer -c 
/etc/taler/exchange-service-default.conf
+ExecStart=/usr/bin/taler-exchange-closer -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=yes
diff --git a/debian/taler-exchange.taler-exchange-httpd.service 
b/debian/taler-exchange.taler-exchange-httpd.service
index c0f03cff..ae794785 100644
--- a/debian/taler-exchange.taler-exchange-httpd.service
+++ b/debian/taler-exchange.taler-exchange-httpd.service
@@ -10,7 +10,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-httpd
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c 
/etc/taler/exchange-service-default.conf
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-secmod-eddsa.service 
b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
index b91a742d..3ca329aa 100644
--- a/debian/taler-exchange.taler-exchange-secmod-eddsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-eddsa.service
@@ -7,7 +7,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-secmod-eddsa
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c 
/etc/taler/exchange-service-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-secmod-rsa.service 
b/debian/taler-exchange.taler-exchange-secmod-rsa.service
index 2b45df46..bd72d4de 100644
--- a/debian/taler-exchange.taler-exchange-secmod-rsa.service
+++ b/debian/taler-exchange.taler-exchange-secmod-rsa.service
@@ -7,7 +7,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-secmod-rsa
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c 
/etc/taler/exchange-service-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/taler.con
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=no
diff --git a/debian/taler-exchange.taler-exchange-transfer.service 
b/debian/taler-exchange.taler-exchange-transfer.service
index 78276233..bd60a8a4 100644
--- a/debian/taler-exchange.taler-exchange-transfer.service
+++ b/debian/taler-exchange.taler-exchange-transfer.service
@@ -7,7 +7,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-wire
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-transfer -c 
/etc/taler/exchange-service-wire.conf
+ExecStart=/usr/bin/taler-exchange-transfer -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=yes
diff --git a/debian/taler-exchange.taler-exchange-wirewatch.service 
b/debian/taler-exchange.taler-exchange-wirewatch.service
index ba54770f..2e2fb1b7 100644
--- a/debian/taler-exchange.taler-exchange-wirewatch.service
+++ b/debian/taler-exchange.taler-exchange-wirewatch.service
@@ -7,7 +7,7 @@ PartOf=taler-exchange.service
 User=taler-exchange-wire
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c 
/etc/taler/exchange-service-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/taler.conf
 StandardOutput=journal
 StandardError=journal
 PrivateTmp=yes
diff --git a/debian/taler-exchange.tmpfiles b/debian/taler-exchange.tmpfiles
deleted file mode 100644
index 38229593..00000000
--- a/debian/taler-exchange.tmpfiles
+++ /dev/null
@@ -1,4 +0,0 @@
-# Type  Path Mode User Group Age Argument
-
-# Directory for secmod server and client sockets
-d /var/taler-exchange 2660 root taler-exchange-secmod - -

-- 
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
[Prev in Thread]
Current Thread
[Next in Thread]
[taler-exchange] branch master updated: simplify configuration, gnunet <=
Prev by Date: [taler-exchange] branch master updated: secmod: services create their own client dirs with correct permissions
Next by Date: [taler-exchange] branch master updated: debian: install files
Previous by thread: [taler-exchange] branch master updated: secmod: services create their own client dirs with correct permissions
Next by thread: [taler-exchange] branch master updated: debian: install files
Index(es):
- Date
- Thread