1 files changed, 146 insertions, 0 deletions
diff --git a/taler-exchange/doinst.sh b/taler-exchange/doinst.sh
new file mode 100644
index 0000000..e9cbe05
--- /dev/null
+++ b/taler-exchange/doinst.sh
@@ -0,0 +1,146 @@
+config() {
+  NEW="$1"
+  OLD="$(dirname $NEW)/$(basename $NEW .new)"
+  # If there's no config file by that name, mv it over:
+  if [ ! -r $OLD ]; then
+    mv $NEW $OLD
+  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
+    # toss the redundant copy
+    rm $NEW
+  fi
+  # Otherwise, we leave the .new copy for the admin to consider...
+}
+
+# Group for all taler exchange users.
+if ! getent group taler >/dev/null; then
+  groupadd taler \
+    --system \
+    || true
+fi
+
+# Group for all Taler users with direct database access.
+if ! getent group taler-exchange-db >/dev/null; then
+  groupadd taler-exchange-db \
+    --system \
+    || true
+fi
+
+# Group for processes with access to online signing keys.
+if ! getent group taler-exchange-secmod >/dev/null; then
+  groupadd taler-exchange-secmod \
+    --system \
+    || true
+fi
+
+# Group for the access to the offline private key.
+if ! getent group taler-exchange-offline >/dev/null; then
+  groupadd taler-exchange-offline \
+    --system \
+    || true
+fi
+
+if ! getent passwd taler-exchange-offline >/dev/null; then
+  useradd taler-exchange-offline \
+    --comment 'Runs the HTTP daemon with the core business logic' \
+    --groups taler-exchange-db \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-secmod-rsa >/dev/null; then
+  useradd taler-exchange-secmod-rsa \
+    --comment 'Manages the RSA private online signing keys' \
+    --gid taler \
+    --groups taler-exchange-secmod \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-secmod-cs >/dev/null; then
+  useradd taler-exchange-secmod-cs \
+    --comment 'Manages the CS private online signing keys' \
+    --gid taler \
+    --groups taler-exchange-secmod \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-secmod-eddsa >/dev/null; then
+  useradd taler-exchange-secmod-eddsa \
+    --comment 'Manages the EdDSA private online signing keys' \
+    --gid taler \
+    --groups taler-exchange-secmod \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-closer >/dev/null; then
+  useradd taler-exchange-closer \
+    --comment 'Closes idle reserves by triggering wire transfers that refund the originator' \
+    --gid taler \
+    --groups taler-exchange-db \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-aggregator >/dev/null; then
+  useradd taler-exchange-aggregator \
+    --comment 'Aggregates deposits into larger wire transfer requests' \
+    --gid taler \
+    --groups taler-exchange-db \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-transfer >/dev/null; then
+  useradd taler-exchange-transfer \
+    --comment 'Performs wire transfers with the bank (via LibEuFin/Nexus)' \
+    --gid taler \
+    --groups taler-exchange-db \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-wirewatch >/dev/null; then
+  useradd taler-exchange-wirewatch \
+    --comment 'Checks for incoming wire transfers with the bank (via LibEuFin/Nexus)' \
+    --gid taler \
+    --groups taler-exchange-db \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+if ! getent passwd taler-exchange-offline >/dev/null; then
+  useradd taler-exchange-offline \
+    --comment 'User for the access to the offline private key.' \
+    --gid taler \
+    --groups taler-exchange-offline \
+    --system \
+    --home-dir /var/lib/taler \
+    || true
+fi
+
+config etc/httpd/sites-available/taler-exchange.conf.new
+config etc/rc.d/rc.taler-exchange.new
+config etc/taler/conf.d/exchange-business.conf.new
+config etc/taler/conf.d/exchange-coins.conf.new
+config etc/taler/conf.d/exchange-system.conf.new
+config etc/taler/secrets/exchange-accountcredentials-1.secret.conf.new
+config etc/taler/secrets/exchange-db.secret.conf.new
+
+chown root:taler etc/taler/secrets
+chown root:taler var/cache/taler
+chown root:taler var/lib/taler
+chown root:taler var/log/taler
+
+chown :taler etc/taler/secrets/exchange-accountcredentials-1.secret.conf.new
+chown :taler-exchange-db etc/taler/secrets/exchange-db.secret.conf.new
+chown :taler-exchange-db etc/taler/secrets/exchange-db.secret.conf.new