commit fb37f4108706f9d620f521e4d3685f508d35f151 parent 378dcda26401b97a2ceaa87cdedfa0450a00b661 Author: Antoine A <> Date: Tue, 23 Dec 2025 14:18:36 +0100 cyclos: add deb Diffstat:
24 files changed, 331 insertions(+), 6 deletions(-)
diff --git a/.gitignore b/.gitignore @@ -8,6 +8,7 @@ dev.conf keys.json Cargo.lock debian/taler-magnet-bank +debian/taler-cyclos debian/files debian/*.substvars debian/*debhelper* \ No newline at end of file diff --git a/debian/control b/debian/control @@ -17,4 +17,12 @@ Depends: ${misc:Depends}, ${shlibs:Depends} Recommends: nginx | apache2 | httpd, postgresql (>= 14.0) -Description: GNU Taler adapter for Magnet Bank -\ No newline at end of file +Description: GNU Taler adapter for Magnet Bank + +Package: taler-cyclos +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Recommends: + nginx | apache2 | httpd, + postgresql (>= 14.0) +Description: GNU Taler adapter for Cyclos +\ No newline at end of file diff --git a/debian/etc/apache2/sites-available/taler-cyclos.conf b/debian/etc/apache2/sites-available/taler-cyclos.conf @@ -0,0 +1,22 @@ +# Make sure to enable the following Apache modules before +# integrating this into your configuration: +# +# a2enmod proxy +# a2enmod proxy_http +# a2enmod headers +# +# NOTE: +# - consider to adjust the location +# - consider putting all this into a VirtualHost +# - strongly consider setting up TLS support +# +# For all of the above, please read the respective +# Apache documentation. +# +<Location "/taler-cyclos/"> + ProxyPass "unix:/var/run/taler-cyclos/httpd/cyclos-http.sock|http://example.com/" + + # NOTE: + # - Uncomment this line if you use TLS/HTTPS + RequestHeader add "X-Forwarded-Proto" "https" +</Location> diff --git a/debian/etc/nginx/sites-available/taler-cyclos b/debian/etc/nginx/sites-available/taler-cyclos @@ -0,0 +1,31 @@ +server { + # NOTE: + # - urgently consider configuring TLS instead + # - maybe keep a forwarder from HTTP to HTTPS + listen 80; + + # NOTE: + # - Comment out this line if you have no IPv6 + listen [::]:80; + + # NOTE: + # - replace with your actual server name + server_name localhost; + + access_log /var/log/nginx/taler-cyclos.log; + error_log /var/log/nginx/taler-cyclos.err; + + location /taler-cyclos/ { + proxy_pass http://unix:/var/run/taler-cyclos/httpd/cyclos-http.sock:/; + proxy_redirect off; + proxy_set_header Host $host; + + # NOTE: + # - put your actual DNS name here + proxy_set_header X-Forwarded-Host "localhost"; + + # NOTE: + # - uncomment the following line if you are using HTTPS + # proxy_set_header X-Forwarded-Proto "https"; + } +} +\ No newline at end of file diff --git a/debian/etc/taler-cyclos/conf.d/cyclos-htppd.conf b/debian/etc/taler-cyclos/conf.d/cyclos-htppd.conf @@ -0,0 +1,9 @@ +# Configuration the cyclos adapter worker REST API. + +[cyclos-httpd-wire-gateway-api] +# ENABLED = YES +@inline-secret@ cyclos-httpd-wire-gateway-api ../secrets/cyclos-httpd.secret.conf + +[cyclos-httpd-revenue-api] +# ENABLED = YES +@inline-secret@ cyclos-httpd-revenue-api ../secrets/cyclos-httpd.secret.conf diff --git a/debian/etc/taler-cyclos/conf.d/cyclos-system.conf b/debian/etc/taler-cyclos/conf.d/cyclos-system.conf @@ -0,0 +1,5 @@ +# Configuration for system aspects of the cyclos adapter. + +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ cyclosdb-postgres ../secrets/cyclos-db.secret.conf diff --git a/debian/etc/taler-cyclos/conf.d/cyclos-worker.conf b/debian/etc/taler-cyclos/conf.d/cyclos-worker.conf @@ -0,0 +1,4 @@ +# Configuration the cyclos adapter worker. + +[cyclos-worker] +@inline-secret@ cyclos-worker ../secrets/cyclos-worker.secret.conf diff --git a/debian/etc/taler-cyclos/overrides.conf b/debian/etc/taler-cyclos/overrides.conf @@ -0,0 +1 @@ +# This configuration will be changed by tooling. Do not touch it manually. diff --git a/debian/etc/taler-cyclos/secrets/cyclos-db.secret.conf b/debian/etc/taler-cyclos/secrets/cyclos-db.secret.conf @@ -0,0 +1,8 @@ +[cyclosdb-postgres] + +# Typically, there should only be a single line here, of the form: + +CONFIG=postgres:///taler-cyclos + +# The details of the URI depend on where the database lives and how +# access control was configured. diff --git a/debian/etc/taler-cyclos/secrets/cyclos-httpd.secret.conf b/debian/etc/taler-cyclos/secrets/cyclos-httpd.secret.conf @@ -0,0 +1,7 @@ +[cyclos-httpd-wire-gateway-api] +# AUTH_METHOD = bearer +# TOKEN = + +[cyclos-httpd-revenue-api] +# AUTH_METHOD = bearer +# TOKEN = diff --git a/debian/etc/taler-cyclos/secrets/cyclos-worker.secret.conf b/debian/etc/taler-cyclos/secrets/cyclos-worker.secret.conf @@ -0,0 +1,10 @@ +[cyclos-worker] + +# URL of the Cyclos API server +API_URL = + +# Account username +USERNAME = + +# Account password +PASSWORD = +\ No newline at end of file diff --git a/debian/etc/taler-cyclos/taler-cyclos.conf b/debian/etc/taler-cyclos/taler-cyclos.conf @@ -0,0 +1,45 @@ +# Main entry point for the Taler Cyclos Adapter configuration. +# +# Structure: +# - taler-cyclos.conf is the main configuration entry point +# used by all Taler Cyclos Adapter components (the file you are currently +# looking at. +# - overrides.conf contains configuration overrides that are +# set by some tools that help with the configuration, +# and should not be edited by humans. Comments in this file +# are not preserved. +# - conf.d/ contains configuration files for +# Taler Cyclos Adapter components, which can be read by all +# users of the system and are included by the main +# configuration. +# - secrets/ contains configuration snippets +# with secrets for particular services. +# These files should have restrictive permissions +# so that only users of the relevant services +# can read it. All files in it should end with +# ".secret.conf". + +[cyclos] + +# Adapter currency +CURRENCY = + +# IBAN of the Cyclos account to sync +ACCOUNT_ID = + +# Legal entity that is associated with the Cyclos account +NAME = + + +# Inline configurations from all Taler Cyclos Adapter components. +@inline-matching@ conf.d/*.conf + +# Overrides from tools that help with configuration. +@inline@ overrides.conf + + +[paths] + +# Paths for the system-wide installation of the Taler Cyclos Adapter. Do not remove +# or change these unless you are very sure of what you are doing. + diff --git a/debian/rules b/debian/rules @@ -7,7 +7,7 @@ override_dh_auto_configure: rustup default stable override_dh_auto_build: - cargo build --release --bin taler-magnet-bank + cargo build --release --bin taler-magnet-bank --bin taler-cyclos override_dh_auto_test: true @@ -19,4 +19,7 @@ override_dh_installsystemd: dh_installsystemd --no-enable --no-start --no-stop-on-upgrade --name taler-magnet-bank-httpd dh_installsystemd --no-enable --no-start --no-stop-on-upgrade --name taler-magnet-bank-worker dh_installsystemd --no-enable --no-start --no-stop-on-upgrade --name taler-magnet-bank + dh_installsystemd --no-enable --no-start --no-stop-on-upgrade --name taler-cyclos-httpd + dh_installsystemd --no-enable --no-start --no-stop-on-upgrade --name taler-cyclos-worker + dh_installsystemd --no-enable --no-start --no-stop-on-upgrade --name taler-cyclos dh_installsystemd diff --git a/debian/taler-cyclos.conf b/debian/taler-cyclos.conf @@ -0,0 +1,8 @@ +# Create services users +u! taler-cyclos-worker - "Taler Cyclos Adapter worker" /var/lib/taler-cyclos +u! taler-cyclos-httpd - "Taler Cyclos Adapter server" /var/lib/taler-cyclos + +# Create DB access group +g taler-cyclos-db - +m taler-cyclos-worker taler-cyclos-db +m taler-cyclos-httpd taler-cyclos-db +\ No newline at end of file diff --git a/debian/taler-cyclos.install b/debian/taler-cyclos.install @@ -0,0 +1,16 @@ +debian/etc/taler-cyclos etc/taler-cyclos +debian/etc/nginx/sites-available/taler-cyclos etc/nginx/sites-available/ +debian/etc/apache2/sites-available/taler-cyclos.conf etc/apache2/sites-available/ + +target/release/taler-cyclos /usr/bin +contrib/taler-cyclos-dbconfig /usr/bin + +common/taler-common/db/versioning.sql /usr/share/taler-cyclos/sql/ +taler-cyclos/db/cyclos*.sql /usr/share/taler-cyclos/sql/ + +taler-cyclos/cyclos.conf /usr/share/taler-cyclos/config.d/ + +doc/prebuilt/man/taler-cyclos.1 /usr/share/man/man1/ +doc/prebuilt/man/taler-cyclos.conf.5 /usr/share/man/man5/ + +debian/taler-cyclos.conf /usr/lib/sysusers.d/ +\ No newline at end of file diff --git a/debian/taler-cyclos.postinst b/debian/taler-cyclos.postinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then + if [ -x "$(command -v systemd-sysusers)" ]; then + systemd-sysusers + fi +fi + +#DEBHELPER# + +exit 0 +\ No newline at end of file diff --git a/debian/taler-cyclos.taler-cyclos-httpd.service b/debian/taler-cyclos.taler-cyclos-httpd.service @@ -0,0 +1,47 @@ +[Unit] +Description=GNU Taler Cyclos adapter REST API +Requires=taler-cyclos-httpd.socket +After=network.target postgres.service +PartOf=taler-cyclos.target + +[Service] +User=taler-cyclos-httpd +Type=simple + +# Depending on the configuration, the service process kills itself and then +# needs to be restarted. Thus no significant delay on restarts. +Restart=always +RestartMode=direct +RestartSec=1ms +RestartPreventExitStatus=9 + +# Disable the service if more than 5 restarts are encountered within 5s. +# These are usually the systemd defaults, but can be overwritten, thus we set +# them here explicitly, as the exchange code assumes StartLimitInterval +# to be >=5s. +StartLimitBurst=5 +StartLimitInterval=5s + +ExecStart=/usr/bin/taler-cyclos serve -c /etc/taler-cyclos/taler-cyclos.conf +ExecCondition=/usr/bin/taler-cyclos serve -c /etc/taler-cyclos/taler-cyclos.conf --check + +StandardOutput=journal +StandardError=journal + +PrivateTmp=yes +ProtectSystem=full +ProtectHome=yes +ProtectClock=yes +ProtectHostname=yes +ProtectControlGroups=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +PrivateDevices=yes +NoNewPrivileges=yes + +Slice=taler-cyclos.slice + +[Install] +WantedBy=multi-user.target diff --git a/debian/taler-cyclos.taler-cyclos-httpd.socket b/debian/taler-cyclos.taler-cyclos-httpd.socket @@ -0,0 +1,14 @@ +[Unit] +Description=GNU Taler Cyclos adapter socket +PartOf=taler-cyclos-httpd.service + +[Socket] +ListenStream=/run/taler-cyclos/httpd/cyclos-http.sock +Accept=no +Service=taler-cyclos-httpd.service +SocketUser=taler-cyclos-httpd +SocketGroup=www-data +SocketMode=0660 + +[Install] +WantedBy=sockets.target +\ No newline at end of file diff --git a/debian/taler-cyclos.taler-cyclos-worker.service b/debian/taler-cyclos.taler-cyclos-worker.service @@ -0,0 +1,45 @@ +[Unit] +Description=GNU Taler Cyclos adapter worker +After=network.target postgres.service +PartOf=taler-cyclos.target + +[Service] +User=taler-cyclos-worker +Type=simple + +# Depending on the configuration, the service process kills itself and then +# needs to be restarted. Thus no significant delay on restarts. +Restart=always +RestartMode=direct +RestartSec=1ms +RestartPreventExitStatus=9 + +# Disable the service if more than 5 restarts are encountered within 5s. +# These are usually the systemd defaults, but can be overwritten, thus we set +# them here explicitly, as the exchange code assumes StartLimitInterval +# to be >=5s. +StartLimitBurst=5 +StartLimitInterval=5s + +ExecStart=/usr/bin/taler-cyclos worker -c /etc/taler-cyclos/taler-cyclos.conf + +StandardOutput=journal +StandardError=journal + +PrivateTmp=yes +ProtectSystem=full +ProtectHome=yes +ProtectClock=yes +ProtectHostname=yes +ProtectControlGroups=yes +ProtectKernelLogs=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +ProtectProc=invisible +PrivateDevices=yes +NoNewPrivileges=yes + +Slice=taler-cyclos.slice + +[Install] +WantedBy=multi-user.target diff --git a/debian/taler-cyclos.taler-cyclos.slice b/debian/taler-cyclos.taler-cyclos.slice @@ -0,0 +1,3 @@ +[Unit] +Description=Slice for GNU Taler Cyclos adapter processes +Before=slices.target +\ No newline at end of file diff --git a/debian/taler-cyclos.taler-cyclos.target b/debian/taler-cyclos.taler-cyclos.target @@ -0,0 +1,9 @@ +[Unit] +Description=GNU Taler Cyclos adapter +After=postgres.service network.target + +Wants=taler-cyclos-httpd.service +Wants=taler-cyclos-worker.service + +[Install] +WantedBy=multi-user.target +\ No newline at end of file diff --git a/debian/taler-cyclos.tmpfiles b/debian/taler-cyclos.tmpfiles @@ -0,0 +1,7 @@ +# Create home directory +d$ /var/lib/taler-cyclos 0700 taler-cyclos-worker taler-cyclos-worker - - + +# Update secret files permissions +z /etc/taler-cyclos/secrets/cyclos-db.secret.conf 0460 root taler-cyclos-db - - +z /etc/taler-cyclos/secrets/cyclos-httpd.secret.conf 0640 taler-cyclos-httpd root - - +z /etc/taler-cyclos/secrets/cyclos-worker.secret.conf 0640 taler-cyclos-worker root - - diff --git a/debian/taler-magnet-bank.install b/debian/taler-magnet-bank.install @@ -1,7 +1,8 @@ -debian/etc/* /etc +debian/etc/taler-magnet-bank etc/taler-magnet-bank +debian/etc/nginx/sites-available/taler-magnet-bank etc/nginx/sites-available/ +debian/etc/apache2/sites-available/taler-magnet-bank.conf etc/apache2/sites-available/ target/release/taler-magnet-bank /usr/bin - contrib/taler-magnet-bank-dbconfig /usr/bin common/taler-common/db/versioning.sql /usr/share/taler-magnet-bank/sql/ diff --git a/taler-cyclos/src/main.rs b/taler-cyclos/src/main.rs @@ -70,7 +70,7 @@ enum Command { Config(ConfigCmd), } -/// Helpers to integrate taler-magnet-bank with taler-exchange +/// Helpers to integrate taler-cyclos with taler-exchange #[derive(clap::Subcommand, Debug)] enum TalerDeployment { /// Output the exchange payto