From 05bc00b5f226e6e6695ef00609a02549284c8f55 Mon Sep 17 00:00:00 2001 From: Florian Dold Date: Fri, 30 Jul 2021 13:22:45 +0200 Subject: debian: better config split by package --- .../apache2/sites-available/taler-exchange.conf | 4 ++ .../nginx/sites-available/taler-exchange | 7 +++ .../taler/conf.d/exchange-business.conf | 50 ++++++++++++++++++++++ .../taler/conf.d/exchange-system.conf | 11 +++++ .../taler/secrets/exchange-accounts.secret.conf | 21 +++++++++ .../taler/secrets/exchange-db.secret.conf | 10 +++++ 6 files changed, 103 insertions(+) create mode 100644 debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf create mode 100644 debian/etc-taler-exchange/nginx/sites-available/taler-exchange create mode 100644 debian/etc-taler-exchange/taler/conf.d/exchange-business.conf create mode 100644 debian/etc-taler-exchange/taler/conf.d/exchange-system.conf create mode 100644 debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf create mode 100644 debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf (limited to 'debian/etc-taler-exchange') diff --git a/debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf b/debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf new file mode 100644 index 000000000..3cfbf9edb --- /dev/null +++ b/debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf @@ -0,0 +1,4 @@ + +ProxyPass "unix:/var/lib/taler-exchange/exchange.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" + diff --git a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange new file mode 100644 index 000000000..6737d9129 --- /dev/null +++ b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange @@ -0,0 +1,7 @@ +location /taler-exchange/ { + proxy_pass http://unix:/run/taler/exchange/exchange-http.sock; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "example.com"; + proxy_set_header X-Forwarded-Proto "https"; +} diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf new file mode 100644 index 000000000..92d968f4d --- /dev/null +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf @@ -0,0 +1,50 @@ +# Configuration for business-level aspects of the exchange. + +[exchange] + +# Here you MUST add the master public key of the offline system +# which you can get using `taler-exchange-offline setup`. +# This is just an example, your key will be different! +# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG +MASTER_PUBLIC_KEY = + +# Publicly visible base URL of the exchange. +# BASE_URL = https://example.com/ +BASE_URL = + +# For your terms of service and privacy policy, you should specify +# an Etag that must be updated whenever there are significant +# changes to either document. The format is up to you, what matters +# is that the value is updated and never re-used. See the HTTP +# specification on Etags. +# TERMS_ETAG = +# PRIVACY_ETAG = + + +# You must specify the various denominations to be offered by your exchange +# in sections called "coin_". +# What follows is an example. + +# [coin_FOO] +## Actual value of the coin +#VALUE = KUDOS:1 + +## How long will one key be used for withdrawals? +#DURATION_WITHDRAW = 7 days + +## How long do users have to spend their coins? +#DURATION_SPEND = 2 years + +## How long does the exchange keep the proofs around for legal disputes? +#DURATION_LEGAL = 6 years + +## Fees charged. Note that for the lowest denomination, the +## fee must precisely be the lowest denomination, or zero. +#FEE_WITHDRAW = KUDOS:0 +#FEE_DEPOSIT = KUDOS:0 +#FEE_REFRESH = KUDOS:0 +#FEE_REFUND = KUDOS:0 + +## How long should the RSA keys be. Do not change unless you really know +## what you are doing (consult your local cryptographer first!). +#RSA_KEYSIZE = 2048 diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf new file mode 100644 index 000000000..7fb65d983 --- /dev/null +++ b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf @@ -0,0 +1,11 @@ +# Configuration settings for system parameters of the exchange. + +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ exchange-account-1 ../secrets/exchange-accounts.secret.conf +@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf + +[exchange] + +# Only supported database is Postgres right now. +DATABASE = postgres diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf new file mode 100644 index 000000000..7b6c649fd --- /dev/null +++ b/debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf @@ -0,0 +1,21 @@ +# This file should contain the wire account access information which is needed +# by the Taler exchange to talk to LibEuFin to interact with the bank. +# The file SHOULD only be readable for the "taler-exchange-wire" user, +# as other users/services have no business talking to the bank. + + +[exchange-account-1] +enable_credit = yes + +enable_debit = yes + +wire_gateway_auth_method = basic + +password = + +username = + +wire_gateway_url = + +payto_uri = + diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf new file mode 100644 index 000000000..596dcc92b --- /dev/null +++ b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf @@ -0,0 +1,10 @@ +# Database configuration for the Taler exchange. + +[exchangedb-postgres] + +# Typically, there should only be a single line here, of the form: + +CONFIG=postgres:///DATABASE + +# The details of the URI depend on where the database lives and how +# access control was configured. -- cgit v1.2.3