commit b6e516e4236b9f0e3c262c9823574c32fbcfe116
parent 2d262651b02d150ac805eb8580b925a64f2a9b15
Author: Florian Dold <florian@dold.me>
Date: Sat, 7 Aug 2021 12:22:24 +0200
formatting, /var/run -> /run
Diffstat:
1 file changed, 25 insertions(+), 23 deletions(-)
diff --git a/taler-exchange-setup-guide.rst b/taler-exchange-setup-guide.rst
@@ -34,6 +34,7 @@ does not have Internet access.
In this guide's shell-session fragments, the command prompt shows two pieces
of information:
+
* Who is performing the command
(``$user`` vs ``root``, and ending char ``$`` vs ``#``).
* Host where the command is supposed to be executed
@@ -165,14 +166,14 @@ Services, users, groups and file system hierarchy
The *taler-exchange-httpd* package will create several system users
to compartmentalize different parts of the system:
-* taler-exchange-httpd: runs the HTTP daemon with the core business logic.
-* taler-exchange-secmod-rsa: manages the RSA private online signing keys.
-* taler-exchange-secmod-eddsa: manages the EdDSA private online signing keys.
-* taler-exchange-closer: closes idle reserves by triggering wire transfers that refund the originator.
-* taler-exchange-aggregator: aggregates deposits into larger wire transfer requests.
-* taler-exchange-wire: performs wire transfers with the bank (via LibEuFin/Nexus).
-* postgres: runs the Postgres database (from *postgres* package).
-* www-data: runs the frontend HTTPS service with the TLS keys (from *nginx* package).
+* ``taler-exchange-httpd``: runs the HTTP daemon with the core business logic.
+* ``taler-exchange-secmod-rsa``: manages the RSA private online signing keys.
+* ``taler-exchange-secmod-eddsa``: manages the EdDSA private online signing keys.
+* ``taler-exchange-closer``: closes idle reserves by triggering wire transfers that refund the originator.
+* ``taler-exchange-aggregator``: aggregates deposits into larger wire transfer requests.
+* ``taler-exchange-wire``: performs wire transfers with the bank (via LibEuFin/Nexus).
+* ``postgres``: runs the Postgres database (from *postgres* package).
+* ``www-data``: runs the frontend HTTPS service with the TLS keys (from *nginx* package).
.. note::
@@ -182,31 +183,32 @@ to compartmentalize different parts of the system:
The exchange setup uses the following system groups:
-* taler-exchange-db: group for all Taler users with direct database access, specifically taler-exchange-httpd, taler-exchange-wire, taler-exchange-closer and taler-exchange-aggregator.
-* taler-exchange-secmod: group for processes with access to online signing keys; this group must have three users: taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and taler-exchange-httpd.
-* taler-exchange-offline: group for the access to the offline private key (only used on the offline host and not used on the online system).
+* ``taler-exchange-db``: group for all Taler users with direct database access, specifically taler-exchange-httpd, taler-exchange-wire, taler-exchange-closer and taler-exchange-aggregator.
+* ``taler-exchange-secmod``: group for processes with access to online signing keys; this group must have three users: taler-exchange-secmod-rsa, taler-exchange-secmod-eddsa and taler-exchange-httpd.
+* ``taler-exchange-offline``: group for the access to the offline private key (only used on the offline host and not used on the online system).
The package will deploy systemd service files in
``/usr/lib/systemd/system/`` for the various components:
-* taler-exchange-aggregator.service: service that schedules wire transfers which combine multiple deposits to the same merchant.
-* taler-exchange-closer.service: service that watches for reserves that have been abandoned and schedules wire transfers to send the money back to the originator.
-* taler-exchange-httpd.service: main Taler exchange logic with the public REST API.
-* taler-exchange-httpd.socket: systemd socket activation for the Taler exchange HTTP daemon.
-* taler-exchange-secmod-eddsa.service: software security module for making EdDSA signatures.
-* taler-exchange-secmod-rsa.service: software security module for making RSA signatures.
-* taler-exchange-transfer.service: service that triggers outgoing wire transfers (pays merchants).
-* taler-exchange-wirewatch.service: service that watches for incoming wire transfers (first step of withdraw).
-* taler-exchange.target: Main target for the Taler exchange to be operational.
+* ``taler-exchange-aggregator.service``: service that schedules wire transfers
+ which combine multiple deposits to the same merchant.
+* ``taler-exchange-closer.service``: service that watches for reserves that have been abandoned and schedules wire transfers to send the money back to the originator.
+* ``taler-exchange-httpd.service``: main Taler exchange logic with the public REST API.
+* ``taler-exchange-httpd.socket``: systemd socket activation for the Taler exchange HTTP daemon.
+* ``taler-exchange-secmod-eddsa.service``: software security module for making EdDSA signatures.
+* ``taler-exchange-secmod-rsa.service``: software security module for making RSA signatures.
+* ``taler-exchange-transfer.service``: service that triggers outgoing wire transfers (pays merchants).
+* ``taler-exchange-wirewatch.service``: service that watches for incoming wire transfers (first step of withdraw).
+* ``taler-exchange.target``: Main target for the Taler exchange to be operational.
The deployment creates the following key locations in the system:
-* /etc/taler/: configuration files.
-* /var/run/taler/: contains the UNIX domain sockets for inter-process communication (IPC).
-* /var/lib/taler/: serves as the $HOME for all Taler users and contains sub-directories
+* ``/etc/taler/``: configuration files.
+* ``/run/taler/``: contains the UNIX domain sockets for inter-process communication (IPC).
+* ``/var/lib/taler/``: serves as the $HOME for all Taler users and contains sub-directories
with the private keys; which keys are stored here depends on the host:
* online system: exchange-secmod-eddsa and exchange-secmod-rsa keys.
