diff options
Diffstat (limited to 'manpages/taler.conf.5.rst')
-rw-r--r-- | manpages/taler.conf.5.rst | 149 |
1 files changed, 110 insertions, 39 deletions
diff --git a/manpages/taler.conf.5.rst b/manpages/taler.conf.5.rst index 7d7f5b86..1c70879d 100644 --- a/manpages/taler.conf.5.rst +++ b/manpages/taler.conf.5.rst @@ -12,37 +12,7 @@ taler.conf(5) Description =========== -The configuration file is line-oriented. -Blank lines and whitespace at the beginning and end of a line are ignored. -Comments start with ``#`` or ``%`` in the first column -(after any beginning-of-line whitespace) and go to the end of the line. - -The file is split into sections. -Every section begins with “[SECTIONNAME]” and -contains a number of options of the form “OPTION=VALUE”. -There may be whitespace around the ``=`` (equal sign). -Section names and options are *case-insensitive*. - -The values, however, are *case-sensitive*. -In particular, boolean values are one of ``YES`` or ``NO``. -Values can include whitespace by surrounding -the entire value with ``"`` (double quote). -Note, however, that there are no escape characters in such strings; -all characters between the double quotes (including other double quotes) -are taken verbatim. - -Values that represent filenames can begin with a ``/bin/sh``-like -variable reference. -This can be simple, such as ``$TMPDIR/foo``, or complex, -such as ``${TMPDIR:-${TMP:-/tmp}}/foo``. -See ``[PATHS]`` (below). - -Values that represent a time duration are represented as a series of one or -more ``NUMBER UNIT`` pairs, e.g. ``60 s``, ``4 weeks 1 day``, ``5 years 2 minutes``. - -Values that represent an amount are in the usual amount syntax: -``CURRENCY:VALUE.FRACTION``, e.g. ``EUR:1.50``. -The ``FRACTION`` portion may extend up to 8 places. +.. include:: ../frags/common-conf-syntax.rst Files containing default values for many of the options described below are installed under ``$TALER_PREFIX/share/taler/config.d/``. @@ -114,6 +84,7 @@ MASTER_PRIV_FILE BASE_URL The base URL under which the exchange can be reached. Added to wire transfers to enable tracking by merchants. + Used by the KYC logic when interacting with OAuth 2.0. AGGREGATOR_IDLE_SLEEP_INTERVAL For how long should the taler-exchange-aggregator sleep when it is idle @@ -140,6 +111,9 @@ SIGNKEY_LEGAL_DURATION MAX_KEYS_CACHING For how long should clients cache ``/keys`` responses at most? +MAX_REQUESTS + How many requests should the HTTP server process at most before committing suicide? + TERMS_DIR Directory where the terms of service of the exchange operator can be fund. The directory must contain sub-directories for every supported language, @@ -174,19 +148,39 @@ PRIVACY_DIR PRIVACY_ETAG Works the same as ``TERMS_ETAG``, just for the privacy policy. -KYC_MODE - Set to "NONE" to disable KYC for this exchange (but check with your lawyer first). - Set to "OAUTH2" to use OAuth2 for KYC. + +EXCHANGE KYC PROVIDER OPTIONS +----------------------------- + +The following options must be in the section "[kyc-provider-XXX]" sections. + +COST + Relative cost of the KYC provider, non-negative number. +LOGIC + API type of the KYC provider. +USER_TYPE + Type of user this provider is for, either INDIVIDUAL or BUSINESS. +PROVIDED_CHECKS + List of checks performed by this provider. Space-separated names of checks, must match check names in legitimization rules. EXCHANGE KYC OAUTH2 OPTIONS ---------------------------- +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following options must be in the section "[kyc-provider-XXX]" sections with "LOGIC = oauth2". + + +KYC_OAUTH2_VALIDITY + Duration (e.g. "12 months") of the validity of the performed KYC check. Can be "forever". -The following options must be in the section "[exchange-kyc-oauth2]". +KYC_OAUTH2_AUTH_URL + URL of the OAuth2 endpoint to be used for KYC checks. Requires KYC_ENABLED to be "OAUTH2". Example: "http://localhost:8888/oauth/v2/login" (or "/token") +KYC_OAUTH2_LOGIN_URL + URL of the OAuth2 endpoint to be used for KYC checks. Requires KYC_ENABLED to be "OAUTH2". Example: "http://localhost:8888/oauth/v2/login" -KYC_OAUTH2_URL - URL of the OAuth2 endpoint to be used for KYC checks. Requires KYC_ENABLED to be "OAUTH2". +KYC_OAUTH2_INFO_URL + URL of the endpoint where the OAuth 2.0 token can be used to download the user's details. Requires KYC_ENABLED to be "OAUTH2". Example: "http://localhost:8888/api/user/me" KYC_OAUTH2_CLIENT_ID Client ID of the exchange when it talks to the KYC OAuth2 endpoint. Requires KYC_ENABLED to be "OAUTH2". @@ -194,6 +188,29 @@ KYC_OAUTH2_CLIENT_ID KYC_OAUTH2_CLIENT_SECRET Client secret of the exchange to use when talking to the KYC Oauth2 endpoint. Requires KYC_ENABLED to be "OAUTH2". +KYC_OAUTH2_POST_URL + URL to which the exchange will redirect the client's browser after successful authorization/login for the KYC process. + + +EXCHANGE KYC KYCAID OPTIONS +^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +The following options must be in the section "[kyc-provider-XXX]" sections with "LOGIC = kycaid". + + +KYC_KYCAID_VALIDITY + Duration (e.g. "12 months") of the validity of the performed KYC check. Can be "forever". + +KYC_KYCAID_AUTH_TOKEN + Authentication token to access the KYC service. + +KYC_KYCAID_FORM_ID + ID that specifies the form to use for the KYC process. + +KYC_KYCAID_POST_URL + URL to which the exchange will redirect the client's browser after successful authorization/login for the KYC process. + + EXCHANGE OFFLINE SIGNING OPTIONS -------------------------------- @@ -250,6 +267,34 @@ Note that the **taler-exchange-secmod-rsa** also evaluates the ``[coin_*]`` configuration sections described below. +EXCHANGE CS CRYPTO HELPER OPTIONS +--------------------------------- + +The following options must be in the section "[taler-exchange-secmod-cs]". + +LOOKAHEAD_SIGN + How long do we generate denomination and signing keys ahead of time? + +OVERLAP_DURATION + How much should validity periods for coins overlap? + Should be long enough to avoid problems with + wallets picking one key and then due to network latency + another key being valid. The ``DURATION_WITHDRAW`` period + must be longer than this value. + +SM_PRIV_KEY + Where should the security module store its long-term private key? + +KEY_DIR + Where should the security module store the private keys it manages? + +UNIXPATH + On which path should the security module listen for signing requests? + +Note that the **taler-exchange-secmod-cs** also evaluates the ``[coin_*]`` +configuration sections described below. + + EXCHANGE EDDSA CRYPTO HELPER OPTIONS ------------------------------------ @@ -291,6 +336,14 @@ IDLE_RESERVE_EXPIRATION_TIME LEGAL_RESERVE_EXPIRATION_TIME After what time do we forget about (drained) reserves during garbage collection? +AGGREGATOR_SHIFT + Delay between a deposit being eligible for aggregation and + the aggregator actually triggering. + +DEFAULT_PURSE_LIMIT + Number of concurrent purses that a reserve may have active + if it is paid to be opened for a year. + EXCHANGE POSTGRES BACKEND DATABASE OPTIONS ------------------------------------------ @@ -393,8 +446,14 @@ FEE_REFUND What fee is charged for refunds? When a coin is refunded, the deposit fee is returned. Instead, the refund fee is charged to the customer. +CIPHER + What cryptosystem should be used? Must be set to either "CS" or "RSA". + The respective crypto-helper will then generate the keys for this + denomination. + RSA_KEYSIZE - What is the RSA keysize modulos (in bits)? + What is the RSA keysize modulos (in bits)? Only used if "CIPHER=RSA". + MERCHANT OPTIONS ---------------- @@ -508,6 +567,18 @@ CONFIG "taler" database. Testcases use “talercheck”. +Bank Options +------------ + +The following options must be in section "[bank]" for the taler-fakebank-run(1) command. They are not used by the exchange or LibEuFin! + +HTTP_PORT + On which TCP port should the (fake)bank offer its REST API. +RAM_LIMIT + This gives the number of transactions to keep in memory. Older transactions will be overwritten and history requests for overwritten transactions will fail. + + + SEE ALSO ======== |