taler-docs

taler-magnet-bank-manual.rst (8236B)

---

 ..
   This file is part of GNU TALER.
   Copyright (C) 2025 Taler Systems SA
 
   TALER is free software; you can redistribute it and/or modify it under the
   terms of the GNU Affero General Public License as published by the Free Software
   Foundation; either version 2.1, or (at your option) any later version.
 
   TALER is distributed in the hope that it will be useful, but WITHOUT ANY
   WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
   A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more details.
 
   You should have received a copy of the GNU Affero General Public License along with
   TALER; see the file COPYING.  If not, see <http://www.gnu.org/licenses/>
 
   @author Antoine d'Aligny
 
 
 Magnet Bank Adapter Setup Manual
 ################################
 
 taler-magnet-bank is a Magnet Bank Taler adapter.
 
 This manual targets system administrators who want to install and
 operate a Magnet Bank GNU Taler adapter
 
 Installation
 ============
 
 Installing on Debian
 --------------------
 
 .. include:: frags/installing-debian.rst
 
 To install the adapter, you can now simply run:
 
 .. code-block:: shell-session
 
   # apt install taler-magnet-bank
 
 Installing on Ubuntu
 --------------------
 
 .. include:: frags/installing-ubuntu.rst
 
 To install the adapter, you can now simply run:
 
 .. code-block:: shell-session
 
   # apt install taler-magnet-bank
 
 Building from source
 --------------------
 
 Magnet Bank Adapter belongs to the Taler Rust project, and can be downloaded via Git:
 
 .. code-block:: console
 
   $ git clone git://git.taler.net/taler-rust
   $ cd taler-rust
 
 You will need the latest version of the rust stable toolchain and a C toolchain:
 
 .. code-block:: console
 
   $ sudo apt install rustup build-essential
   $ rustup toolchain install stable
 
 Then from top-level run:
 
 .. code-block:: console
 
   $ ./bootstrap
 
 To install the adapter as a Debian/Ubuntu package with an automated secure setup and systemd services:
 
 .. code-block:: console
 
   $ sudo apt install debhelper 
   $ make deb
   $ sudo dpkg -i ../taler-magnet-bank*.deb
 
 If the previous steps succeeded, the ``taler-magnet-bank`` command should be found in the $PATH.
 
 Services, users, groups and file system hierarchy
 -------------------------------------------------
 
 The *taler-magnet-bank* package will create several system users
 to compartmentalize different parts of the system:
 
 * ``taler-magnet-bank-httpd``: runs the HTTP daemon with the API logic.
 * ``taler-magnet-bank-worker``: runs the worker daemon interacting with the Magnet Bank API.
 * ``postgres``: runs the PostgreSQL database (from *postgresql* package).
 
 The adapter setup uses the following system groups:
 
 * ``taler-magnet-bank-db``: group for all adapter users with direct database access, specifically taler-magnet-bank-httpd and taler-magnet-bank-worker.
 
 The package will deploy systemd service files in
 ``/usr/lib/systemd/system/`` for the various components:
 
 * ``taler-magnet-bank-httpd.service``: adapter REST API.
 * ``taler-magnet-bank-httpd.socket``: systemd socket activation for the HTTP daemon.
 * ``taler-magnet-bank-worker.service``: worker deamon interacting with the Magnet Bank API.
 * ``taler-magnet-bank.target``: main target for the adapter to be operational.
 
 The deployment creates the following key locations in the system:
 
 * ``/etc/taler-magnet-bank/``: configuration files.
 * ``/run/taler-magnet-bank/``: contains the UNIX domain sockets for inter-process communication (IPC).
 * ``/var/lib/taler-magnet-bank/``: serves as the $HOME for taler-magnet-bank-worker and contains the Magnet Bank authentification tokens.
 
 Configuration Fundamentals
 ==========================
 
 This chapter provides fundamental details about the adapter configuration.
 
 The configuration for all adapter components uses a single configuration file
 as entry point: ``/etc/taler-magnet-bank/taler-magnet-bank.conf``.
 
 System defaults are automatically loaded from files in
 ``/usr/share/taler-magnet-bank/config.d``.
 These default files should never be modified.
 
 The default configuration ``taler-magnet-bank.conf`` configuration file
 also includes all configuration files in ``/etc/taler-magnet-bank/conf.d``.
 The settings from files in
 ``conf.d`` are only relevant to particular components of an adapter, while
 ``taler-magnet-bank.conf`` contains settings that affect all adapter components.
 
 
 The directory ``/etc/taler-magnet-bank/secrets`` contains configuration file snippets with
 values that should only be readable to certain users.  They are included with the ``@inline-secret@``
 directive and should end with ``.secret.conf``.
 
 To view the entire configuration annotated with the source of each configuration option, you
 can use the ``taler-magnet-bank config`` helper:
 
 
 .. code-block:: shell-session
 
   # taler-magnet-bank config dump --diagnostics
 
 Basic Setup
 ===========
 
 Database setup
 --------------
 
 The configuration file must include a connection string that tells the adapter how it should connect to the database. The default
 is:
 
 .. code-block:: ini
   :caption: /etc/taler-magnet-bank/secrets/magnet-bank-db.secret.conf
 
   [magnet-bankdb-postgres]
   config = postgres:///taler-magnet-bank
 
 If the database is run on a different host, please follow the instructions
 from the PostgreSQL manual for configuring remote access.
 
 Assuming the configuration is correct, the following
 command initializes (or upgrades) the database schema using: 
 You can then use a script to automate a secure database setup:
 
 .. code-block:: console
 
   $ sudo taler-magnet-bank-dbconfig
 
 Worker setup
 ------------
 
 You will need a Magnet Bank account to sync.
 Update the configuration files:
 
 .. code-block:: ini
   :caption: /etc/taler-magnet-bank/taler-magnet-bank.conf
 
   [magnet-bank]
   IBAN = HU59131000073585363679133532
   NAME = John Smith S.A.
 
 .. code-block:: ini
   :caption: /etc/taler-magnet-bank/secrets/magnet-bank-worker.secret.conf
 
   [magnet-bank-worker]
   CONSUMER_KEY = $CONSUMER_KEY
   CONSUMER_SECRET = $CONSUMER_SECRET
 
 And finaly run the setup process: 
 
 .. code-block:: console
 
   $ sudo -u taler-magnet-bank-worker taler-magnet-bank -c /etc/taler-magnet-bank/taler-magnet-bank.conf setup
 
 Wire Gateway setup
 ------------------
 
 Update the configuration files:
 
 .. code-block:: ini
   :caption: /etc/taler-magnet-bank/conf.d/magnet-bank-httpd.conf
 
   [magnet-bank-httpd-wire-gateway-api]
   ENABLED = YES
 
 .. code-block:: ini
   :caption: /etc/taler-magnet-bank/secrets/magnet-bank-httpd.secret.conf
 
   [magnet-bank-httpd-wire-gateway-api
   AUTH_METHOD = bearer
   TOKEN = $SECRET_TOKEN
 
 Check the server is correctly configured:
 
 .. code-block:: console
 
   $ sudo -u taler-magnet-bank-httpd taler-magnet-bank -c /etc/taler-magnet-bank/taler-magnet-bank.conf serve --check
 
 Configuration
 =============
 
 Here are some configuration you might want to change:
 
 Worker frequency
 ----------------
 
 The worker runs periodically to index the bank history and initiate payments. It is best to run the worker often to make withdrawal faster but keep in mind that a very high frequency can place a significant load on your network provider.
 
 .. code-block:: ini
   :caption: /etc/taler-magnet-bank/conf.d/magnet-bank-worker.conf
 
   [magnet-bank-worker]
   FREQUENCY = 3m
 
 Deployment
 ==========
 
 This chapter describes how to deploy the adapter once the basic installation
 and configuration are completed.
 
 Reverse Proxy Setup
 -------------------
 
 By default, the ``taler-magnet-bank-httpd`` service listens for HTTP connections
 on a UNIX domain socket.  To make the service publicly available, a reverse
 proxy such as nginx should be used.  We strongly recommend to configure nginx
 to use TLS.
 
 The ``taler-magnet-bank`` package ships with a sample configuration that can be
 enabled in nginx:
 
 .. code-block:: shell-session
 
   # vim /etc/nginx/sites-available/taler-magnet-bank
   < ... customize configuration ... >
   # ln -s /etc/nginx/sites-available/taler-magnet-bank /etc/nginx/sites-enabled/taler-magnet-bank
   # systemctl reload nginx
 
 With this last step, we are finally ready to launch the
 main adapter process.
 
 Launching the adapter
 ---------------------
 
 .. code-block:: console
 
   $ sudo systemctl start taler-magnet-bank.target