blob: 86d7e2f98bcadf971168aadc833d5ee25a6748f1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
config() {
NEW="$1"
OLD="$(dirname $NEW)/$(basename $NEW .new)"
# If there's no config file by that name, mv it over:
if [ ! -r $OLD ]; then
mv $NEW $OLD
elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
# toss the redundant copy
rm $NEW
fi
# Otherwise, we leave the .new copy for the admin to consider...
}
# Group for all taler exchange users.
if ! getent group taler >/dev/null; then
groupadd taler \
--system \
|| true
fi
# Group for all Taler users with direct database access.
if ! getent group taler-exchange-db >/dev/null; then
groupadd taler-exchange-db \
--system \
|| true
fi
# Group for processes with access to online signing keys.
if ! getent group taler-exchange-secmod >/dev/null; then
groupadd taler-exchange-secmod \
--system \
|| true
fi
# Group for the access to the offline private key.
if ! getent group taler-exchange-offline >/dev/null; then
groupadd taler-exchange-offline \
--system \
|| true
fi
if ! getent passwd taler-exchange-offline >/dev/null; then
useradd taler-exchange-offline \
--comment 'Runs the HTTP daemon with the core business logic' \
--groups taler-exchange-db \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-secmod-rsa >/dev/null; then
useradd taler-exchange-secmod-rsa \
--comment 'Manages the RSA private online signing keys' \
--gid taler \
--groups taler-exchange-secmod \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-secmod-cs >/dev/null; then
useradd taler-exchange-secmod-cs \
--comment 'Manages the CS private online signing keys' \
--gid taler \
--groups taler-exchange-secmod \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-secmod-eddsa >/dev/null; then
useradd taler-exchange-secmod-eddsa \
--comment 'Manages the EdDSA private online signing keys' \
--gid taler \
--groups taler-exchange-secmod \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-closer >/dev/null; then
useradd taler-exchange-closer \
--comment 'Closes idle reserves by triggering wire transfers that refund the originator' \
--gid taler \
--groups taler-exchange-db \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-aggregator >/dev/null; then
useradd taler-exchange-aggregator \
--comment 'Aggregates deposits into larger wire transfer requests' \
--gid taler \
--groups taler-exchange-db \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-transfer >/dev/null; then
useradd taler-exchange-transfer \
--comment 'Performs wire transfers with the bank (via LibEuFin/Nexus)' \
--gid taler \
--groups taler-exchange-db \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-wirewatch >/dev/null; then
useradd taler-exchange-wirewatch \
--comment 'Checks for incoming wire transfers with the bank (via LibEuFin/Nexus)' \
--gid taler \
--groups taler-exchange-db \
--system \
--home-dir /var/lib/taler \
|| true
fi
if ! getent passwd taler-exchange-offline >/dev/null; then
useradd taler-exchange-offline \
--comment 'User for the access to the offline private key.' \
--gid taler \
--groups taler-exchange-offline \
--system \
--home-dir /var/lib/taler \
|| true
fi
config etc/httpd/sites-available/taler-exchange.conf.new
config etc/rc.d/rc.taler-exchange.new
config etc/taler/conf.d/exchange-business.conf.new
config etc/taler/conf.d/exchange-coins.conf.new
config etc/taler/conf.d/exchange-system.conf.new
config etc/taler/secrets/exchange-accountcredentials-1.secret.conf.new
config etc/taler/secrets/exchange-db.secret.conf.new
chown root:taler etc/taler/secrets
chown root:taler var/cache/taler
chown root:taler var/lib/taler
chown root:taler var/log/taler
chown :taler etc/taler/secrets/exchange-accountcredentials-1.secret.conf.new
chown :taler-exchange-db etc/taler/secrets/exchange-db.secret.conf.new
|
