aboutsummaryrefslogtreecommitdiff
path: root/debian/etc
diff options
context:
space:
mode:
authorFlorian Dold <florian@dold.me>2021-07-29 13:41:49 +0200
committerFlorian Dold <florian@dold.me>2021-07-29 13:41:49 +0200
commita367347a54338641180083573698b1fb48aced55 (patch)
tree4e0310ab335b58e68b9711eb3b33fa1c620b8785 /debian/etc
parent036d4cb71ac1abe1990c936ee1f3b2cbf15d14c1 (diff)
simplify configuration
Diffstat (limited to 'debian/etc')
-rw-r--r--debian/etc/taler/auditor-service-default.conf1
-rw-r--r--debian/etc/taler/conf.d/auditor-system.conf (renamed from debian/etc/taler/auditor-system.conf)8
-rw-r--r--debian/etc/taler/conf.d/exchange-business.conf (renamed from debian/etc/taler/exchange-business.conf)4
-rw-r--r--debian/etc/taler/conf.d/exchange-system.conf (renamed from debian/etc/taler/exchange-system.conf)14
-rw-r--r--debian/etc/taler/exchange-offline.conf8
-rw-r--r--debian/etc/taler/exchange-service-default.conf10
-rw-r--r--debian/etc/taler/exchange-service-secmod.conf9
-rw-r--r--debian/etc/taler/exchange-service-wire.conf12
-rw-r--r--debian/etc/taler/secrets/auditor-db.secret.conf10
-rw-r--r--debian/etc/taler/secrets/exchange-accounts.secret.conf (renamed from debian/etc/taler/exchange-wire-gateway.conf)17
-rw-r--r--debian/etc/taler/secrets/exchange-db.secret.conf (renamed from debian/etc/taler/exchange-db.conf)2
-rw-r--r--debian/etc/taler/taler.conf29
12 files changed, 66 insertions, 58 deletions
diff --git a/debian/etc/taler/auditor-service-default.conf b/debian/etc/taler/auditor-service-default.conf
deleted file mode 100644
index 259c4359d..000000000
--- a/debian/etc/taler/auditor-service-default.conf
+++ /dev/null
@@ -1 +0,0 @@
-@INLINE@ auditor-system.conf
diff --git a/debian/etc/taler/auditor-system.conf b/debian/etc/taler/conf.d/auditor-system.conf
index 50971b2ef..3d3aef33a 100644
--- a/debian/etc/taler/auditor-system.conf
+++ b/debian/etc/taler/conf.d/auditor-system.conf
@@ -1,8 +1,6 @@
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-auditor/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf
[auditor]
# Debian package is configured to use a reverse proxy with a UNIX
diff --git a/debian/etc/taler/exchange-business.conf b/debian/etc/taler/conf.d/exchange-business.conf
index 669ed4546..ecd010da1 100644
--- a/debian/etc/taler/exchange-business.conf
+++ b/debian/etc/taler/conf.d/exchange-business.conf
@@ -1,8 +1,6 @@
# Configuration for business-level aspects of the exchange.
-[taler]
-# Here you need to set the currency of your exchange:
-# CURRENCY = KUDOS
+[exchange]
# Here you MUST add the master public key of the offline system
# which you can get using `taler-exchange-offline setup`.
diff --git a/debian/etc/taler/exchange-system.conf b/debian/etc/taler/conf.d/exchange-system.conf
index 2b7f34304..6df381eef 100644
--- a/debian/etc/taler/exchange-system.conf
+++ b/debian/etc/taler/conf.d/exchange-system.conf
@@ -1,13 +1,9 @@
-# Configuration settings for system parameters of
-# the exchange. Should be included in all service-specific
-# configuration files for the exchange.
-#
-# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
-
-[PATHS]
-
-TALER_RUNTIME_DIR = /run/taler-exchange-private
+# Configuration settings for system parameters of the exchange.
+# Read secret sections into configuration, but only
+# if we have permission to do so.
+@inline-secret@ exchange-account-1 ../secrets/exchange-accounts.secret.conf
+@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf
[exchange]
# Debian package is configured to use a reverse proxy with a UNIX
diff --git a/debian/etc/taler/exchange-offline.conf b/debian/etc/taler/exchange-offline.conf
deleted file mode 100644
index c1c039f91..000000000
--- a/debian/etc/taler/exchange-offline.conf
+++ /dev/null
@@ -1,8 +0,0 @@
-# This configuration file is the entry point for the offline key management.
-#
-# It includes other configuration files, which are applied on top of the
-# read-only base configuration (typically in /usr/share/taler/config.d/).
-
-# This file should be identical to the business configuration of the running
-# online exchange
-@INLINE@ exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-default.conf b/debian/etc/taler/exchange-service-default.conf
deleted file mode 100644
index 4e3981004..000000000
--- a/debian/etc/taler/exchange-service-default.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# This configuration file is the entry point for most
-# Taler exchange services.
-#
-# It includes other configuration files,
-# which are applied on top of the read-only base configuration
-# (typically in /usr/share/taler/config.d/).
-
-@INLINE@ exchange-system.conf
-@INLINE@ exchange-db.conf
-@INLINE@ exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-secmod.conf b/debian/etc/taler/exchange-service-secmod.conf
deleted file mode 100644
index 5f5c012c6..000000000
--- a/debian/etc/taler/exchange-service-secmod.conf
+++ /dev/null
@@ -1,9 +0,0 @@
-# This configuration file is the entry point for the exchange
-# security modules.
-#
-# It includes other configuration files,
-# which are applied on top of the read-only base configuration
-# (typically in /usr/share/taler/config.d/).
-
-@INLINE@ exchange-system.conf
-@INLINE@ exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-wire.conf b/debian/etc/taler/exchange-service-wire.conf
deleted file mode 100644
index ed25e381c..000000000
--- a/debian/etc/taler/exchange-service-wire.conf
+++ /dev/null
@@ -1,12 +0,0 @@
-# This configuration file is the entry point for
-# Taler exchange services that access the wire gateway,
-# i.e. the protocol bridge to core banking functionality.
-#
-# It includes other configuration files,
-# which are applied on top of the read-only base configuration
-# (typically in /usr/share/taler/config.d/).
-
-@INLINE@ exchange-system.conf
-@INLINE@ exchange-db.conf
-@INLINE@ exchange-business.conf
-@INLINE@ exchange-wire-gateway.conf
diff --git a/debian/etc/taler/secrets/auditor-db.secret.conf b/debian/etc/taler/secrets/auditor-db.secret.conf
new file mode 100644
index 000000000..b81bb817f
--- /dev/null
+++ b/debian/etc/taler/secrets/auditor-db.secret.conf
@@ -0,0 +1,10 @@
+# Database configuration for the Taler auditor.
+
+[auditordb-postgres]
+
+# Typically, there should only be a single line here, of the form:
+
+CONFIG=postgres:///DATABASE
+
+# The details of the URI depend on where the database lives and how
+# access control was configured.
diff --git a/debian/etc/taler/exchange-wire-gateway.conf b/debian/etc/taler/secrets/exchange-accounts.secret.conf
index e5c749c88..7b6c649fd 100644
--- a/debian/etc/taler/exchange-wire-gateway.conf
+++ b/debian/etc/taler/secrets/exchange-accounts.secret.conf
@@ -2,3 +2,20 @@
# by the Taler exchange to talk to LibEuFin to interact with the bank.
# The file SHOULD only be readable for the "taler-exchange-wire" user,
# as other users/services have no business talking to the bank.
+
+
+[exchange-account-1]
+enable_credit = yes
+
+enable_debit = yes
+
+wire_gateway_auth_method = basic
+
+password =
+
+username =
+
+wire_gateway_url =
+
+payto_uri =
+
diff --git a/debian/etc/taler/exchange-db.conf b/debian/etc/taler/secrets/exchange-db.secret.conf
index a7a727b62..596dcc92b 100644
--- a/debian/etc/taler/exchange-db.conf
+++ b/debian/etc/taler/secrets/exchange-db.secret.conf
@@ -4,7 +4,7 @@
# Typically, there should only be a single line here, of the form:
-# CONFIG=postgres:///DATABASE
+CONFIG=postgres:///DATABASE
# The details of the URI depend on where the database lives and how
# access control was configured.
diff --git a/debian/etc/taler/taler.conf b/debian/etc/taler/taler.conf
new file mode 100644
index 000000000..27ccf47d2
--- /dev/null
+++ b/debian/etc/taler/taler.conf
@@ -0,0 +1,29 @@
+# Main entry point for the GNU Taler configuration.
+#
+# Structure:
+# - taler.conf is the main configuration entry point
+# used by all Taler components
+# - conf.d/ contains configuration files for
+# Taler components, which can be read by all
+# users of the system and are included by the main
+# configuration
+# - secrets/ contains configuration snippets
+# with secrets for particular services.
+# These files should have restrictive permissions
+# so that only users of the relevant services
+# can read it.
+
+[taler]
+
+# Currency of the Taler deployment. This setting applies to all Taler
+# components that only support a single currency.
+#currency = KUDOS
+
+# Smallest currency unit handled by the underlying bank system. Taler payments
+# can make payments smaller than this units, but interactions with external
+# systems is always rounded to this unit.
+#currency_round_unit = KUDOS:0.01
+
+
+# Inline configurations from all Taler components.
+@inline-matching@ conf.d/*.conf