summaryrefslogtreecommitdiff
path: root/manpages/taler.conf.5.rst
blob: bfdece3c1b6af40c8b64c3d6d9a7639bcb67cc9f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
taler.conf(5)
#############

.. only:: html

   Name
   ====

   **taler.conf** - Taler configuration file


Description
===========

The basic structure of the configuration file is the following. The file
is split into sections. Every section begins with “[SECTIONNAME]” and
contains a number of options of the form “OPTION=VALUE”. Empty lines and
lines beginning with a “#” are treated as comments. Files containing
default values for many of the options described below are installed
under $TALER_PREFIX/share/taler/config.d/. The configuration file given
with **-c** to Taler binaries overrides these defaults.

Global Options
--------------

The following options are from the “[taler]” section and used by
virtually all Taler components.

CURRENCY
   Name of the currency, i.e. “EUR” for Euro.

The “[PATHS]” section is special in that it contains paths that can be
referenced using “$” in other configuration values that specify
filenames. For Taler, it commonly contains the following paths:

TALER_HOME
   Home directory of the user, usually “${HOME}”. Can be overwritten by
   testcases by setting ${TALER_TEST_HOME}.

TALER_DATA_HOME
   Where should Taler store its long-term data. Usually
   “${TALER_HOME}/.local/share/taler/”

TALER_CONFIG_HOME
   Where is the Taler configuration kept. Usually
   “${TALER_HOME}/.config/taler/”

TALER_CACHE_HOME
   Where should Taler store cached data. Usually
   “${TALER_HOME}/.cache/taler/”

TALER_RUNTIME_DIR
   Where should Taler store system runtime data (like UNIX domain
   sockets). Usually “${TMP}/taler-system-runtime”.

EXCHANGE OPTIONS
----------------

The following options are from the “[exchange]” section and used by most
exchange tools.

DB
   Plugin to use for the database, i.e. “postgres”

PORT
   Port on which the HTTP server listens, i.e. 8080.

MASTER_PUBLIC_KEY
   Crockford Base32-encoded master public key, public version of the
   exchange´s long-time offline signing key.

MASTER_PRIV_FILE
   Location of the master private key on disk. Only used by tools that
   can be run offline (as the master key is for offline signing).

BASE_URL
   Specifies the base URL under which the exchange can be reached. Added
   to wire transfers to enable tracking by merchants.

AGGREGATOR_IDLE_SLEEP_INTERVAL
   For how long should the aggregator sleep when it is idle before trying
   to look for more work? Default is 60 seconds.

SIGNKEY_DURATION
   For how long is a signing key valid?

LEGAL_DURATION
   For how long are signatures with signing keys legally valid?

LOOKAHEAD_SIGN
   How long do we generate denomination and signing keys ahead of time?

LOOKAHEAD_PROVIDE
   How long into the future do we provide signing and denomination keys
   to clients?

TERMS_DIR
   Directory where the terms of service of the exchange operator can be fund. The directory must contain sub-directories for every supported language, using the two-character language code in lower case, i.e. "en/" or "fr/".  Each subdirectory must then contain files with the terms of service in various formats.  The basename of the file of the current policy must be specified under TERMS_ETAG.  The extension defines the mime type. Supported extensions include "html", "htm", "txt", "pdf", "jpg", "jpeg", "png" and "gif".  For example, using a TERMS_ETAG of "0", the structure could be the following:
   - $TERMS_DIR/en/0.pdf
   - $TERMS_DIR/en/0.html
   - $TERMS_DIR/en/0.txt
   - $TERMS_DIR/fr/0.pdf
   - $TERMS_DIR/fr/0.html
   - $TERMS_DIR/de/0.txt

TERMS_ETAG
   Basename of the file(s) in the TERMS_DIR with the current terms of service.  The value is also used for the "Etag" in the HTTP request to control caching. Whenever the terms of service change, the TERMS_ETAG MUST also change, and old values MUST NOT be repeated.  For example, the date or version number of the terms of service SHOULD be used for the Etag.  If there are minor (i.e. spelling) fixes to the terms of service, the TERMS_ETAG probably SHOULD NOT be changed. However, whenever users must approve the new terms, the TERMS_ETAG MUST change.

PRIVACY_DIR
   Works the same as TERMS_DIR, just for the privacy policy.
PRIVACY_ETAG
   Works the same as TERMS_ETAG, just for the privacy policy.


EXCHANGE DATABASE OPTIONS
-------------------------

The following options must be in the section "[exchangedb]".

DURATION_OVERLAP
   How much should validity periods for coins overlap?
   Should be long enough to avoid problems with
   wallets picking one key and then due to network latency
   another key being valid.  The DURATION_WITHDRAW period
   must be longer than this value.

IDLE_RESERVE_EXPIRATION_TIME
   After which time period should reserves be closed if they are idle?

LEGAL_RESERVE_EXPIRATION_TIME
   After what time do we forget about (drained) reserves during garbage collection?


EXCHANGE POSTGRES BACKEND DATABASE OPTIONS
------------------------------------------

The following options must be in section “[exchangedb-postgres]” if the
“postgres” plugin was selected for the database.

CONFIG
   How to access the database, i.e. “postgres:///taler” to use the
   “taler” database. Testcases use “talercheck”.


EXCHANGE ACCOUNT OPTIONS
------------------------

An exchange (or merchant) can have multiple bank accounts. The following
options are for sections named “[exchange-account-SOMETHING]”. The SOMETHING is
arbitrary and should be chosen to uniquely identify the bank account for
the operator.

PAYTO_URI
   Specifies the payto://-URL of the account. The general format is
   payto://METHOD/DETAILS.

WIRE_GATEWAY_URL
  URL of the wire gateway

WIRE_GATEWAY_AUTH_METHOD
  This option determines how the exchange (auditor/wirewatch/aggregator)
  authenticates with the wire gateway.  Choices are ``basic`` and ``none``.

USERNAME
  User name for ``basic`` authentication with the wire gateway.

PASSWORD
  Password for ``basic`` authentication with the wire gateway.

WIRE_RESPONSE
   Specifies the name of the file in which the /wire response for this
   account should be located. Used by the Taler exchange service and the
   taler-exchange-wire tool.

ENABLE_DEBIT
   Must be set to YES for the accounts that the
   taler-exchange-aggregator should debit. Not used by merchants.

ENABLE_CREDIT
   Must be set to YES for the accounts that the taler-exchange-wirewatch
   should check for credits. It is yet uncertain if the merchant
   implementation may check this flag as well.


TALER-BANK AUTHENTICATION OPTIONS (for accounts)
------------------------------------------------

The following authentication options are supported by the “taler-bank”
wire plugin. They must be specified in the “[account-]” section that
uses the “taler-bank” plugin.

TALER_BANK_AUTH_METHOD
   Authentication method to use. “none” or “basic” are currently
   supported.

USERNAME
   Username to use for authentication. Used with the “basic”
   authentication method.

PASSWORD
   Password to use for authentication. Used with the “basic”
   authentication method.


EXCHANGE WIRE FEE OPTIONS
-------------------------

For each supported wire method (i.e. “x-taler-bank” or “sepa”), sections
named “[fees-METHOD]” state the (aggregate) wire transfer fee and the
reserve closing fees charged by the exchange. Note that fees are
specified using the name of the wire method, not by the plugin name. You
need to replace “YEAR” in the option name by the calendar year for which
the fee should apply. Usually, fees should be given for several years
in advance.

WIRE-FEE-YEAR
   Aggregate wire transfer fee merchants are charged in YEAR. Specified
   as a Taler amount using the usual amount syntax
   (CURRENCY:VALUE.FRACTION).

CLOSING-FEE-YEAR
   Reserve closing fee customers are charged in YEAR. Specified as a
   Taler amount using the usual amount syntax (CURRENCY:VALUE.FRACTION).

EXCHANGE COIN OPTIONS
---------------------

The following options must be in sections starting with ``"[coin_]"`` and
are used by taler-exchange-keyup to create denomination keys.

VALUE
   Value of the coin, i.e. “EUR:1.50” for 1 Euro and 50 Cents (per
   coin).

DURATION_WITHDRAW
   How long should the same key be used for clients to withdraw coins of
   this value?

DURATION_SPEND
   How long do clients have to spend these coins?

FEE_WITHDRAW
   What fee is charged for withdrawal?

FEE_DEPOSIT
   What fee is charged for depositing?

FEE_REFRESH
   What fee is charged for refreshing?

FEE_REFUND
   What fee is charged for refunds? When a coin is refunded, the deposit
   fee is returned. Instead, the refund fee is charged to the customer.

RSA_KEYSIZE
   What is the RSA keysize modulos (in bits)?


MERCHANT OPTIONS
----------------

The following options are from the “[merchant]” section and used by the
merchant backend.

DB
   Plugin to use for the database, i.e._“postgres”

PORT
   Port on which the HTTP server listens, i.e. 8080.

LEGAL_PRESERVATION
   How long do we keep data in the database for tax audits after the
   transaction has completed?  Default is 10 years.

FORCE_AUDIT
   Force the merchant to report every transaction to the auditor
   (if the exchange has an auditor).  Default is NO. Do not change
   except for testing.


MERCHANT POSTGRES BACKEND DATABASE OPTIONS
------------------------------------------

The following options must be in section “[merchantdb-postgres]” if the
“postgres” plugin was selected for the database.

CONFIG
   How to access the database, i.e. “postgres:///taler” to use the
   “taler” database. Testcases use “talercheck”.


KNOWN EXCHANGES (for merchants)
-------------------------------

The merchant configuration can include a list of known exchanges if the
merchant wants to specify that certain exchanges are explicitly trusted.
For each trusted exchange, a section [merchant-exchange-$NAME] must exist, where
$NAME is a merchant-given name for the exchange. The following options
must be given in each “[exchange-$NAME]” section.

EXCHANGE_BASE_URL
   Base URL of the exchange, i.e. “https://exchange.demo.taler.net/”

MASTER_KEY
   Crockford Base32 encoded master public key, public version of the
   exchange´s long-time offline signing key.  Can be omitted, in that
   case the exchange will NOT be trusted unless it is audited by
   a known auditor.
   Omitting the MASTER_KEY can be useful if we do not trust the exchange
   without an auditor, but should pre-load the keys of this
   particular exchange on startup instead of waiting for it to be
   required by a client.

CURRENCY
   Name of the currency for which this exchange is used, i.e. “KUDOS”.
   The entire section is ignored if the currency does not match the currency
   we use, which must be given in the [taler] section.

KNOWN AUDITORS (for merchants)
------------------------------

The merchant configuration can include a list of known exchanges if the
merchant wants to specify that certain auditors are explicitly trusted.
For each trusted exchange, a section [merchant-auditor-$NAME] must exist, where
$NAME is a merchant-given name for the auditor. The following options
must be given in each “[merchant-auditor-$NAME]” section.

AUDITOR_BASE_URL
   Base URL of the auditor, i.e. “https://auditor.demo.taler.net/”

AUDITOR_KEY
   Crockford Base32 encoded auditor public key.

CURRENCY
   Name of the currency for which this auditor is trusted, i.e. “KUDOS”
   The entire section is ignored if the currency does not match the currency
   we use, which must be given in the [taler] section.


AUDITOR OPTIONS
---------------

The following options must be in section “[auditor]” for the Taler
auditor.

DB
   Plugin to use for the database, i.e. “postgres”

AUDITOR_PRIV_FILE
   Name of the file containing the auditor’s private key


AUDITOR POSTGRES BACKEND DATABASE OPTIONS
-----------------------------------------

The following options must be in section “[auditordb-postgres]” if the
“postgres” plugin was selected for the database.

CONFIG
   How to access the database, i.e. "postgres:///taler" to use the
   "taler" database. Testcases use “talercheck”.


SEE ALSO
========

taler-exchange-dbinit(1), taler-exchange-httpd(1),
taler-exchange-keyup(1), taler-exchange-wire(1).

BUGS
====

Report bugs by using https://bugs.taler.net/ or by sending electronic
mail to <taler@gnu.org>.