diff options
Diffstat (limited to 'libeufin/regional-custom-manual.rst')
| -rw-r--r-- | libeufin/regional-custom-manual.rst | 181 |
1 files changed, 181 insertions, 0 deletions
diff --git a/libeufin/regional-custom-manual.rst b/libeufin/regional-custom-manual.rst new file mode 100644 index 00000000..7da39c96 --- /dev/null +++ b/libeufin/regional-custom-manual.rst @@ -0,0 +1,181 @@ +.. + This file is part of GNU TALER. + Copyright (C) 2014-2024 Taler Systems SA + + TALER is free software; you can redistribute it and/or modify it under the + terms of the GNU Affero General Public License as published by the Free Software + Foundation; either version 2.1, or (at your option) any later version. + + TALER is distributed in the hope that it will be useful, but WITHOUT ANY + WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR + A PARTICULAR PURPOSE. See the GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License along with + TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/> + + @author Florian Dold + @author Marcello Stanisci + @author Christian Grothoff + + +.. target audience: operator + +Regional Currency Custom Setup Manual +##################################### + +This manual describes how to setup a regional currency manually. If you want a guided setup you can follow the :doc:`automated setup manual<regional-automated-manual>`. + +.. contents:: Table of Contents + :local: + +.. include:: ../frags/regional-manual-architecture.rst + +Custom Manual Setup +=================== + +You first need to setup the :ref:`libeufin-bank<libeufin-bank>` and integrate it with a Taler exchange. + +If you don't want your regional currency to be backed by a fiat currency, you can stop here. + +Enabling Currency Conversion +++++++++++++++++++++++++++++ + +You need to setup the :ref:`libeufin-nexus<libeufin-nexus>` using a bank account at a bank dealing in fiat currency that +offers an online banking protocol supported by LibEuFin Nexus. + +Next, you have to enable conversion and should ensure that at least one TAN +channel for :ref:`multi-factor authentication <libeufin-mfa>` is configured. + +The following snippet shows how to enable conversion in ``libeufin-bank`` configuration: + +.. code-block:: ini + + [libeufin-bank] + ALLOW_CONVERSION = YES + FIAT_CURRENCY = EUR + +Make sure to (re)start the libeufin-bank after changing +these configuration options: + +.. code-block:: console + + # systemctl restart libeufin-bank + + +Web-based Configuration ++++++++++++++++++++++++ + +Now you have to set the conversion rates and the ``admin`` debt limit via the bank's web interface as the ``admin`` user. + +.. _regional-conversion-setup: + +Configuring the Exchange for Conversion ++++++++++++++++++++++++++++++++++++++++ + +An exchange that supports currency conversion needs to advertise two bank +accounts, one in the regional currency and a second in the fiat currency. The +conversion logic ensures that wire transfers in either account are +immediately reflected in the other account. + +This section explains how to enable currency conversion at the exchange, +which is critical for wallets to know how to wire fiat currency to an +exchange to obtain regional currency. + +You will need to use the ``taler-exchange-offline`` tool to inform the +exchange about the **fiat** bank account that can be used for cash in +operations and also specify the URL for currency conversion. Additionally, +you may also configure restrictions on the bank accounts that may originate +the funds, for example, to prevent international wire transfers that may expose +you to additional compliance risks. + +Given the ``$IBAN`` of the fiat currency bank account and ``$NAME`` as +the (URL-encoded) name of the exchange-account owner, the following +``taler-exchange-offline`` invocation can be used to notify wallets about +the possibility of currency conversion (cash in): + +.. code-block:: console + + # source config/user.conf + # sudo -u taler-exchange-offline \ + taler-exchange-offline \ + wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \ + enable-account \ + "${CONVERSION_PAYTO}" \ + conversion-url "${PROTO}://bank.$DOMAIN_NAME/conversion-info/" \ + display-hint 10 "CHF" \ + debit-restriction deny \ + credit-restriction \ + regex \ + 'payto://iban/.*/CH.*?receiver-name=.*' \ + 'Swiss only' \ + '{"de":"nur Schweiz","fr":"Suisse uniquement"}' \ + upload + +Here, the ``$CONVERSION_URL`` must be set to the base URL of the conversion +endpoint of the bank, which should be +``https://bank.$DOMAIN/conversion-info/`` in our setup. + +The above commands set up the exchange to perform conversion with a +restriction to only accept credit transfers from Swiss bank accounts. You may +want to configure such restrictions on the bank accounts that may originate +funds to prevent international wire transfers that may expose you to +additional compliance risks. + +You can leave out the "credit-restriction" if you want to allow international +inbound wire transfers. + +The "debit-restriction" is largely mandatory as in this setup the +``taler-exchange-transfer`` is only configured to deal with the regional +currency bank. Crediting fiat bank accounts must thus be done via the +cash-out functionality of the regional currency bank account. + +The "display-hint" gives priority (10) for the fiat cash-in account over the +regional currency account in the withdraw dialog of the wallets and labels the +account with "CHF". + +.. note:: + + The above command adds a **second** bank account to the exchange. + You (or the guided setup script) should have already enabled the + regional currency bank account (without any "conversion-url"). + +.. include:: ../frags/regional-system-on.rst +.. include:: ../frags/deploying-tos.rst +.. include:: ../frags/regional-manual-use.rst + + +Maintenance ++++++++++++ + +The ``taler-exchange-offline`` commands given above set fees only for the +current year (``now``). Thus, before January 1st of each year, you must to set +up new fees for the new calendar year. In a regional currency setup, this +typically requires up to three annual settings: + +.. code-block:: console + + # YEAR=2025 # edit if necessary + # FIAT_CURRENCY=CHF # edit if necessary + # REGIO_CURRENCY=NETZBON # edit if necessary + # sudo -u taler-exchange-offline \ + taler-exchange-offline \ + wire-fee "$YEAR" \ + iban "${FIAT_CURRENCY}":0 "${FIAT_CURRENCY}":0 \ + wire-fee "$YEAR" \ + x-taler-bank "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 \ + global-fee $YEAR \ + "${REGIO_CURRENCY}:0" \ + "${REGIO_CURRENCY}:0" \ + "${REGIO_CURRENCY}:0" \ + 4w 6y 4 \ + upload + +If the fees are not all zero, simply change the respective place to specify +a non-zero fee. + +.. note:: + + Additionally, the denomination signing keys will only have been + pre-generated for some time, depending on your ``LOOKAHEAD_SIGN`` + configuration option. Thus, you may need to periodically run + the "taler-exchange-offline download sign upload" sequence as well! |