taler-docs

taler-cyclos-manual.rst (10208B)

---

 ..
   This file is part of GNU TALER.
   Copyright (C) 2025, 2026 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU Affero General Public License as published by the Free Software
   Foundation; either version 2.1, or (at your option) any later version.
 
   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
 
   You should have received a copy of the GNU Affero General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 
   @author Antoine d'Aligny
   @author Christian Grothoff
 
 
 Cyclos Adapter Setup Manual
 ###########################
 
 taler-cyclos is a Cyclos Taler adapter. It allows running a GNU Taler exchange
 on top of a core banking system provided by Cyclos, which is commonly
 used for regional currencies. taler-cylos implements the
 taler-wire-gateway API, which is alternatively provided by the
 :ref:`libeufin-bank <libeufin-bank>` (stand-alone),
 :ref:`libeufin-nexus <libeufin-nexus>` (EBICS integration) or the
 :ref:`Deploymerizer <depolymerization>` (for Bitcoin and Ethereum).
 
 .. image:: images/taler-cyclos.png
 
 
 To use the adapter, you must setup an account for the GNU Taler exchange
 in your Cyclos system and configure the adapter with the respective
 credentials. Furthermore, you must point the GNU Taler exchange to the
 taler-cyclos adapter as its taler-wire-gateway (and again provide the
 necessary credentials).
 
 Afterwards, taler-cyclos will inform your GNU Taler exchange about
 wire transfers made within Cyclos to the GNU Taler exchange account,
 allowing users to withdraw digital cash by sending money in Cyclos
 to the GNU Taler exchange account. Similarly, when a merchant receives
 payments via the GNU Taler exchange, the GNU Taler exchange will use
 the taler-cyclos adapter to send funds from its Cyclos account to
 the merchant's Cyclos account.
 
 As a result, you can use GNU Taler as a digital cash payment system
 on top of any regional currency using Cyclos.
 
 This manual targets system administrators who want to install and
 operate a Cyclos GNU Taler adapter.
 
 
 .. contents:: Table of Contents
   :depth: 1
   :local:
 
 Installation
 ============
 
 Installing on Debian
 --------------------
 
 .. include:: frags/installing-debian.rst
 
 To install the adapter, you can now simply run:
 
 .. code-block:: shell-session
 
   # apt install taler-cyclos
 
 Installing on Ubuntu
 --------------------
 
 .. include:: frags/installing-ubuntu.rst
 
 To install the adapter, you can now simply run:
 
 .. code-block:: shell-session
 
   # apt install taler-cyclos
 
 Building from source
 --------------------
 
 Cyclos Adapter belongs to the Taler Rust project, and can be downloaded via Git:
 
 .. code-block:: console
 
   $ git clone git://git.taler.net/taler-rust
   $ cd taler-rust
 
 You will need the latest version of the rust stable toolchain and a C toolchain:
 
 .. code-block:: console
 
   $ sudo apt install rustup build-essential
   $ rustup toolchain install stable
 
 Then from top-level run:
 
 .. code-block:: console
 
   $ ./bootstrap
 
 To install the adapter as a Debian/Ubuntu package with an automated secure setup and systemd services:
 
 .. code-block:: console
 
   $ sudo apt install debhelper
   $ make deb
   $ sudo dpkg -i ../taler-cyclos*.deb
 
 If the previous steps succeeded, the ``taler-cyclos`` command should be found in the $PATH.
 
 Services, users, groups and file system hierarchy
 -------------------------------------------------
 
 The *taler-cyclos* package will create several system users
 to compartmentalize different parts of the system:
 
 * ``taler-cyclos-httpd``: runs the HTTP daemon with the API logic.
 * ``taler-cyclos-worker``: runs the worker daemon interacting with the Cyclos API.
 * ``postgres``: runs the PostgreSQL database (from *postgresql* package).
 
 The adapter setup uses the following system groups:
 
 * ``taler-cyclos-db``: group for all adapter users with direct database access, specifically taler-cyclos-httpd and taler-cyclos-worker.
 
 The package will deploy systemd service files in
 ``/usr/lib/systemd/system/`` for the various components:
 
 * ``taler-cyclos-httpd.service``: adapter REST API.
 * ``taler-cyclos-httpd.socket``: systemd socket activation for the HTTP daemon.
 * ``taler-cyclos-worker.service``: worker deamon interacting with the Cyclos API.
 * ``taler-cyclos.target``: main target for the adapter to be operational.
 
 The deployment creates the following key locations in the system:
 
 * ``/etc/taler-cyclos/``: configuration files.
 * ``/run/taler-cyclos/``: contains the UNIX domain sockets for inter-process communication (IPC).
 
 Configuration Fundamentals
 ==========================
 
 This chapter provides fundamental details about the adapter configuration.
 
 The configuration for all adapter components uses a single configuration file
 as entry point: ``/etc/taler-cyclos/taler-cyclos.conf``.
 
 System defaults are automatically loaded from files in
 ``/usr/share/taler-cyclos/config.d``.
 These default files should never be modified.
 
 The default configuration ``taler-cyclos.conf`` configuration file
 also includes all configuration files in ``/etc/taler-cyclos/conf.d``.
 The settings from files in
 ``conf.d`` are only relevant to particular components of an adapter, while
 ``taler-cyclos.conf`` contains settings that affect all adapter components.
 
 
 The directory ``/etc/taler-cyclos/secrets`` contains configuration file snippets with
 values that should only be readable to certain users.  They are included with the ``@inline-secret@``
 directive and should end with ``.secret.conf``.
 
 To view the entire configuration annotated with the source of each configuration option, you
 can use the ``taler-cyclos config`` helper:
 
 
 .. code-block:: shell-session
 
   # taler-cyclos config dump --diagnostics
 
 Basic Setup
 ===========
 
 Database setup
 --------------
 
 The configuration file must include a connection string that tells the adapter how it should connect to the database. The default
 is:
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/secrets/cyclos-db.secret.conf
 
   [cyclosdb-postgres]
   config = postgres:///taler-cyclos
 
 If the database is run on a different host, please follow the instructions
 from the PostgreSQL manual for configuring remote access.
 
 Assuming the configuration is correct, the following
 command initializes (or upgrades) the database schema using:
 You can then use a script to automate a secure database setup:
 
 .. code-block:: console
 
   # taler-cyclos-dbconfig
 
 Worker setup
 ------------
 
 You will need a Cyclos account to sync.
 Update the configuration files:
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/taler-cyclos.conf
 
   [cyclos]
   CURRENCY = KUDOS
   CYCLOS_URL = https://demo.cyclos.org/
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/secrets/cyclos-worker.secret.conf
 
   [cyclos-worker]
   USERNAME = admin
   PASSWORD = password
 
 And then run the setup process:
 
 .. code-block:: console
 
   $ sudo -u taler-cyclos-worker taler-cyclos -c /etc/taler-cyclos/taler-cyclos.conf setup
 
 If the previous command failed with a ``inaccessibleChannel`` you will have to enable the ``Web services`` channel in you account settings. If this channel is disabled, you should contact the network administrators.
 
 The setup process should fail and provide you with the information needed to fill in the required Cyclos IDs:
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/taler-cyclos.conf
 
   [cyclos]
   ACCOUNT_ID = 7762070814178012479
   NAME = John Smith S.A.
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/conf.d/cyclos-worker.conf
 
   [cyclos-worker]
   ACCOUNT_TYPE_ID = 7762070814178012479
   PAYMENT_TYPE_ID = 7762070814178012479
 
 And finaly run the setup process again:
 
 .. code-block:: console
 
   $ sudo -u taler-cyclos-worker taler-cyclos -c /etc/taler-cyclos/taler-cyclos.conf setup
 
 This time, you should not see any errors; if you do, you should modify the configuration until it works.
 
 Wire Gateway setup
 ------------------
 
 Update the configuration files:
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/conf.d/cyclos-httpd.conf
 
   [cyclos-httpd-wire-gateway-api]
   ENABLED = YES
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/secrets/cyclos-httpd.secret.conf
 
   [cyclos-httpd-wire-gateway-api]
   AUTH_METHOD = bearer
   TOKEN = $SECRET_TOKEN
 
 Check the server is correctly configured:
 
 .. code-block:: console
 
   $ sudo -u taler-cyclos-httpd taler-cyclos -c /etc/taler-cyclos/taler-cyclos.conf serve --check
 
 Configuration
 =============
 
 Here are some configuration you might want to change:
 
 Worker frequency
 ----------------
 
 The worker runs periodically to index the history and initiate payments. It also listens to real-time notifications to index new transfers as soon as they are announced.
 If the network does not allow notifications to be received, it is best for the worker to run more often; otherwise, you can reduce the frequency. Keep in mind that a very high frequency can place a significant load on your network provider.
 
 .. code-block:: ini
   :caption: /etc/taler-cyclos/conf.d/cyclos-worker.conf
 
   [cyclos-worker]
   FREQUENCY = 3m
 
 Deployment
 ==========
 
 This chapter describes how to deploy the adapter once the basic installation
 and configuration are completed.
 
 Reverse Proxy Setup
 -------------------
 
 By default, the ``taler-cyclos-httpd`` service listens for HTTP connections
 on a UNIX domain socket.  To make the service publicly available, a reverse
 proxy such as nginx should be used.  We strongly recommend to configure nginx
 to use TLS.
 
 The ``taler-cyclos`` package ships with a sample configuration that can be
 enabled in nginx:
 
 .. code-block:: shell-session
 
   # vim /etc/nginx/sites-available/taler-cyclos
   < ... customize configuration ... >
   # ln -s /etc/nginx/sites-available/taler-cyclos /etc/nginx/sites-enabled/taler-cyclos
   # systemctl reload nginx
 
 With this last step, we are finally ready to launch the
 main adapter process.
 
 Launching the adapter
 ---------------------
 
 .. code-block:: console
 
   # systemctl enable --now taler-cyclos.target