aboutsummaryrefslogtreecommitdiff
path: root/debian/etc-taler-exchange
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-30 13:22:45 +0200
committerFlorian Dold <florian@dold.me>2021-07-30 13:22:54 +0200
commit05bc00b5f226e6e6695ef00609a02549284c8f55 (patch)
tree7ca6ca6faeefc25e5eb932f96b15b806ba4ca742 /debian/etc-taler-exchange
parentbd603ca7c14315d333e2dac0509f6b1226fb946e (diff)
debian: better config split by package
Diffstat (limited to 'debian/etc-taler-exchange')
-rw-r--r--debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf4
-rw-r--r--debian/etc-taler-exchange/nginx/sites-available/taler-exchange7
-rw-r--r--debian/etc-taler-exchange/taler/conf.d/exchange-business.conf50
-rw-r--r--debian/etc-taler-exchange/taler/conf.d/exchange-system.conf11
-rw-r--r--debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf21
-rw-r--r--debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf10
6 files changed, 103 insertions, 0 deletions
diff --git a/debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf b/debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf
new file mode 100644
index 000000000..3cfbf9edb
--- /dev/null
+++ b/debian/etc-taler-exchange/apache2/sites-available/taler-exchange.conf
@@ -0,0 +1,4 @@
+<Location "/taler-exchange/">
+ProxyPass "unix:/var/lib/taler-exchange/exchange.sock|http://example.com/"
+RequestHeader add "X-Forwarded-Proto" "https"
+</Location>
diff --git a/debian/etc-taler-exchange/nginx/sites-available/taler-exchange b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
new file mode 100644
index 000000000..6737d9129
--- /dev/null
+++ b/debian/etc-taler-exchange/nginx/sites-available/taler-exchange
@@ -0,0 +1,7 @@
+location /taler-exchange/ {
+ proxy_pass http://unix:/run/taler/exchange/exchange-http.sock;
+ proxy_redirect off;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-Host "example.com";
+ proxy_set_header X-Forwarded-Proto "https";
+}
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
new file mode 100644
index 000000000..92d968f4d
--- /dev/null
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-business.conf
@@ -0,0 +1,50 @@
+# Configuration for business-level aspects of the exchange.
+
+[exchange]
+
+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY =
+
+# Publicly visible base URL of the exchange.
+# BASE_URL = https://example.com/
+BASE_URL =
+
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document. The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
+
+
+# You must specify the various denominations to be offered by your exchange
+# in sections called "coin_".
+# What follows is an example.
+
+# [coin_FOO]
+## Actual value of the coin
+#VALUE = KUDOS:1
+
+## How long will one key be used for withdrawals?
+#DURATION_WITHDRAW = 7 days
+
+## How long do users have to spend their coins?
+#DURATION_SPEND = 2 years
+
+## How long does the exchange keep the proofs around for legal disputes?
+#DURATION_LEGAL = 6 years
+
+## Fees charged. Note that for the lowest denomination, the
+## fee must precisely be the lowest denomination, or zero.
+#FEE_WITHDRAW = KUDOS:0
+#FEE_DEPOSIT = KUDOS:0
+#FEE_REFRESH = KUDOS:0
+#FEE_REFUND = KUDOS:0
+
+## How long should the RSA keys be. Do not change unless you really know
+## what you are doing (consult your local cryptographer first!).
+#RSA_KEYSIZE = 2048
diff --git a/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf
new file mode 100644
index 000000000..7fb65d983
--- /dev/null
+++ b/debian/etc-taler-exchange/taler/conf.d/exchange-system.conf
@@ -0,0 +1,11 @@
+# Configuration settings for system parameters of the exchange.
+
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ exchange-account-1 ../secrets/exchange-accounts.secret.conf
+@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
+
+[exchange]
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf
new file mode 100644
index 000000000..7b6c649fd
--- /dev/null
+++ b/debian/etc-taler-exchange/taler/secrets/exchange-accounts.secret.conf
@@ -0,0 +1,21 @@
+# This file should contain the wire account access information which is needed
+# by the Taler exchange to talk to LibEuFin to interact with the bank.
+# The file SHOULD only be readable for the "taler-exchange-wire" user,
+# as other users/services have no business talking to the bank.
+
+
+[exchange-account-1]
+enable_credit = yes
+
+enable_debit = yes
+
+wire_gateway_auth_method = basic
+
+password =
+
+username =
+
+wire_gateway_url =
+
+payto_uri =
+
diff --git a/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
new file mode 100644
index 000000000..596dcc92b
--- /dev/null
+++ b/debian/etc-taler-exchange/taler/secrets/exchange-db.secret.conf
@@ -0,0 +1,10 @@
+# Database configuration for the Taler exchange.
+
+[exchangedb-postgres]
+
+# Typically, there should only be a single line here, of the form:
+
+CONFIG=postgres:///DATABASE
+
+# The details of the URI depend on where the database lives and how
+# access control was configured.