taler-exchange/doinst.sh


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146

config() {
  NEW="$1"
  OLD="$(dirname $NEW)/$(basename $NEW .new)"
  # If there's no config file by that name, mv it over:
  if [ ! -r $OLD ]; then
    mv $NEW $OLD
  elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then
    # toss the redundant copy
    rm $NEW
  fi
  # Otherwise, we leave the .new copy for the admin to consider...
}

# Group for all taler exchange users.
if ! getent group taler >/dev/null; then
  groupadd taler \
    --system \
    || true
fi

# Group for all Taler users with direct database access.
if ! getent group taler-exchange-db >/dev/null; then
  groupadd taler-exchange-db \
    --system \
    || true
fi

# Group for processes with access to online signing keys.
if ! getent group taler-exchange-secmod >/dev/null; then
  groupadd taler-exchange-secmod \
    --system \
    || true
fi

# Group for the access to the offline private key.
if ! getent group taler-exchange-offline >/dev/null; then
  groupadd taler-exchange-offline \
    --system \
    || true
fi

if ! getent passwd taler-exchange-offline >/dev/null; then
  useradd taler-exchange-offline \
    --comment 'Runs the HTTP daemon with the core business logic' \
    --groups taler-exchange-db \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-secmod-rsa >/dev/null; then
  useradd taler-exchange-secmod-rsa \
    --comment 'Manages the RSA private online signing keys' \
    --gid taler \
    --groups taler-exchange-secmod \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-secmod-cs >/dev/null; then
  useradd taler-exchange-secmod-cs \
    --comment 'Manages the CS private online signing keys' \
    --gid taler \
    --groups taler-exchange-secmod \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-secmod-eddsa >/dev/null; then
  useradd taler-exchange-secmod-eddsa \
    --comment 'Manages the EdDSA private online signing keys' \
    --gid taler \
    --groups taler-exchange-secmod \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-closer >/dev/null; then
  useradd taler-exchange-closer \
    --comment 'Closes idle reserves by triggering wire transfers that refund the originator' \
    --gid taler \
    --groups taler-exchange-db \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-aggregator >/dev/null; then
  useradd taler-exchange-aggregator \
    --comment 'Aggregates deposits into larger wire transfer requests' \
    --gid taler \
    --groups taler-exchange-db \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-transfer >/dev/null; then
  useradd taler-exchange-transfer \
    --comment 'Performs wire transfers with the bank (via LibEuFin/Nexus)' \
    --gid taler \
    --groups taler-exchange-db \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-wirewatch >/dev/null; then
  useradd taler-exchange-wirewatch \
    --comment 'Checks for incoming wire transfers with the bank (via LibEuFin/Nexus)' \
    --gid taler \
    --groups taler-exchange-db \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

if ! getent passwd taler-exchange-offline >/dev/null; then
  useradd taler-exchange-offline \
    --comment 'User for the access to the offline private key.' \
    --gid taler \
    --groups taler-exchange-offline \
    --system \
    --home-dir /var/lib/taler \
    || true
fi

config etc/httpd/sites-available/taler-exchange.conf.new
config etc/rc.d/rc.taler-exchange.new
config etc/taler/conf.d/exchange-business.conf.new
config etc/taler/conf.d/exchange-coins.conf.new
config etc/taler/conf.d/exchange-system.conf.new
config etc/taler/secrets/exchange-accountcredentials-1.secret.conf.new
config etc/taler/secrets/exchange-db.secret.conf.new

chown root:taler etc/taler/secrets
chown root:taler var/cache/taler
chown root:taler var/lib/taler
chown root:taler var/log/taler

chown :taler etc/taler/secrets/exchange-accountcredentials-1.secret.conf.new
chown :taler-exchange-db etc/taler/secrets/exchange-db.secret.conf.new
chown :taler-exchange-db etc/taler/secrets/exchange-db.secret.conf.new