1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
|
.. target audience: operator
Regional Currency Setup Manual
##############################
.. contents:: Table of Contents
GNU Taler can be used to operate a regional currency. For this, LibEuFin Bank
is setup to operate bank accounts in the regional currency that ultimately
interact with the GNU Taler exchange. Optionally, LibEuFin Nexus can be used to
integrate with the traditional core banking system, and then the LibEuFin
Conversion triggers help convert fiat currency to regional currency and vice
versa. Conversion rates and limits can be applied when converting between
the regional currency and the fiat currency.
In this manual, we explain how to setup such a regional currency.
Guided basic setup
==================
Prerequisites
-------------
For this manual, we assume that the system is deployed on a contemporary
Debian GNU/Linux or Ubuntu LTS system using the binary packages provided.
Furthermore, you should run the process on a system with one or more globally
reachable IP address(es) *and* with various DNS names already pointing to
these IPs.
To further simplify the process, we suggest to use (or at least study) the
automatic deployment scripts provided in the ``deployment.git`` Git repository
in the ``netzbon/`` folder.
Obtaining the scripts
---------------------
First, download the deployment scripts via Git:
.. code-block:: console
$ git clone git://git.taler.net/deployment
Guided Configuration
--------------------
Navigate into the *netzbon/* directory, and as **root** run:
.. code-block:: console
# ./main.sh
The script will start by asking you fundamental questions about the
desired setup, in particular:
* The name of the regional currency. It must have 3 to 11 letters.
* The name of the regional currency bank. It will be shown to business
users when they interact with the system.
* Whether to use TLS or not. You should answer ``y`` in most cases.
* Whether to run taler-exchange-offline. Unless you need a high-security
setup and expect to run an offline key management process, say ``y``.
If you say ``n``, you will need to run ``taler-exchange-offline setup``
on your offline system and provide the master public key. Furthermore,
you should then study the exchange manual on offline key management to
finish the exchange setup process later.
* The admin password for the bank. Be absolutely sure to enter a very,
very long and high-entropy password, preferably generated by a tool
like "uuidgen".
* The DNS domain name of your setup (i.e: domain.tld). The installer will
create by itself all the needed subdomains for your domain name,
as (``bank.$DOMAIN``, ``exchange.$DOMAIN`` and ``backend.$DOMAIN``).
But, these subdomain names, must have been added beforehand to your
DNS domain control panel , and they must be pointing to the
IP address of the system on which you are running the
installation (before you execute the installer)).
The information you entered will be stored in a file called
``config/user.conf``. Should you run the script in the future (for
example, to upgrade the installation), you will not be asked these
questions a second time.
After answering all of the questions, the actual installation will
start. The scripts will download and configure various packages,
which may take some time. Grab a coffee.
Connecting to a Fiat Bank
=========================
Some regional currencies are backed by assets in a fiat currency
and allow users to convert fiat currency into the regional
currency (``cash in``) and to convert regional currency into
fiat currency (``cash out``). Restrictions, exchange rates and
fees may apply to these conversions. This section explains how
to setup LibEuFin Nexus to communicate with the fiat bank account
that backs the regional currency.
Prerequisites
-------------
You must have a bank account at a bank dealing in fiat currency that offers an
online banking protocol supported by LibEuFin Nexus. As legacy transactions
in that bank account would likely confuse the system, it is highly advised to
use a fresh bank account, with an empty transaction history.
Today, the LibEuFin implementation supports EBICS 2.5 and 3.0 and has been
tested with the GLS Bank (EUR) and the Postfinance (CHF). Please note that
banks tend to have their own dialects of finance messages and thus other
retail banks may or may not work. Contact us if you need support for another
bank or core banking protocol.
EBICS setup
-----------
Follow the instructions from
:ref:`EBICS subscriber setup <ebics-setup>` to
configure the LibEuFin Nexus for access to your
fiat bank account, but do edit the config file at
``/etc/libeufin/libeufin-nexus.conf``, since the
other components expect it.
.. note::
For debug setups where the cash-ins are simulated
:ref:`this way <withdraw-simulation>`, this step can
be entirely skipped.
Once you have accepted the bank keys, you should
setup currency conversion before actually starting
to import transactions.
Enable regional currency conversion
===================================
Prerequisites
-------------
This step assumes that you already have a working regional currency bank
and have successfully connected to a backing fiat bank account.
Additionally, for each account that is allowed to convert regional currency
into fiat, you must configure the (fiat) bank account number of the fiat
currency with the respective account profile. Only the bank ``admin`` is
allowed to set fiat bank account numbers.
Furthermore, to achieve a reasonable security level, you must enable two
factor authentication for "cash out" transactions. This requires you to
configure an e-mail address or phone number for every account that supports
"cash out" transactions --- and to setup your system for sending e-mails or
SMS. This manual does not cover setting up e-mail. For SMS delivery, you will
need to obtain credentials from an SMS provider and provide a script to send
messages via such a provider.
Configuration
-------------
You have to enable conversion and at least one TAN channel for cashout in the
``/etc/libeufin/libeufin-bank.conf`` configuration file:
.. code-block:: console
[libeufin-bank]
ALLOW_CONVERSION = yes
FIAT_CURRENCY = EUR
TAN_SMS = libeufin-tan-sms.sh
# And/Or
TAN_EMAIL = libeufin-tan-email.sh
Afterwards, restart the bank:
.. code-block:: console
# systemctl restart libeufin-bank
Note: the scripts TAN_SMS/EMAIL must accept the phone number as the ``$1``
parameter and the content in their standard input. The LibEuFin repository
offers them in ``contrib/``: adjust to your setup!
Web-based Configuration
-----------------------
Now you should be able to setup conversion rates though the Web
interface of the bank as the ``admin`` user.
Conversion ON!
--------------
The last step is to enable the Nexus services to import incoming bank
transactions (cash in) and to trigger outgoing bank transactions (cash out):
.. code-block:: console
# systemd enable --now libeufin-nexus-ebics-fetch
# systemd enable --now libeufin-nexus-ebics-submit
Going live!
===========
Exchange setup
--------------
First, you need to use the ``taler-exchange-offline`` tool to inform the
exchange about the fiat bank account that can be used for cash in operations
and also specify the URL for currency conversion. Additionally, you may also
configure restrictions on the bank accounts that may originate the funds, for
example to prevent international wire transfers that may expose you to
additional compliance risks.
Given the ``$IBAN`` of the fiat currency bank account and ``$NAME`` as
the (URL-encoded) name of the exchange-account owner, the following
``taler-exchange-offline`` invocation can be used to notify wallets about
the possibility of currency conversion (cash in):
.. code-block:: console
# taler-exchange-offline \
enable-account \
payto://iban/$IBAN?receiver-name=$NAME \
conversion-url "$CONVERSION_URL" \
upload
Here, the ``$CONVERSION_URL`` must be set to the base URL of the conversion
endpoint of the bank, which should be ``https://bank.$DOMAIN/conversion-info/``
in our setup.
.. _withdraw-simulation:
Testing the installation
------------------------
In the same ``netzbon/`` folder, run the script ``./withdraw.sh``. If it completes
successfuly, the command ``taler-wallet-cli`` got 5 units more of regional currency
to spend!
Visit the default Web shop at ``$protocol://backend.$DOMAIN`` and finish your purchases
by feeding the wallet CLI with the taler://-URI to send the payment. The following
example sends a payment to ``$payUri``
.. code-block:: console
$ taler-wallet-cli handle-uri $payUri
.. note::
Delete the database records before going to production, as they alter the way
nexus-fetch asks records to the bank.
Wallet setup
------------
Next, you need to add your regional currency exchange to the wallet. This can
be done by scanning a QR code with a ``taler://add-exchange/exchange.$DOMAIN``
URL or by manually entering the URL into the respective ``Add exchange``
dialogue.
With this, you should then be able to ``add`` funds in the regional currency
to your exchange by starting the withdraw process in the wallet. After
specifying the desired amount, the wallet should show you the details of the
fiat wire transfer that must be made for the cash in to be completed. Once the
money has arrived at the fiat bank account, Nexus will obtain the transaction
data and the regional currency bank will create the corresponding amount in
regional currency, crediting the GNU Taler exchange account. In turn, the
exchange will issue the respective amount to your wallet.
For testing, you should be able to *deposit* regional currency directly
into a LibEuFin Bank account from the Taler wallet. Once the exchange
has credited the regional currency account, log into the bank account
using the Web interface. Assuming the cash out rules are satisfied, you
should then be able to start a cash out operation. This will trigger a
transfer from your regional currency account to the regional currency
master ``bank`` account which will effectively destroy the respective
amount of regional currency. The conversion triggers will inform Nexus
about the destruction, and Nexus will then wire the corresponding amount
in fiat to the associated fiat bank account.
|
