diff options
author | Florian Dold <florian@dold.me> | 2021-07-29 13:41:49 +0200 |
---|---|---|
committer | Florian Dold <florian@dold.me> | 2021-07-29 13:41:49 +0200 |
commit | a367347a54338641180083573698b1fb48aced55 (patch) | |
tree | 4e0310ab335b58e68b9711eb3b33fa1c620b8785 /debian/etc | |
parent | 036d4cb71ac1abe1990c936ee1f3b2cbf15d14c1 (diff) |
simplify configuration
Diffstat (limited to 'debian/etc')
-rw-r--r-- | debian/etc/taler/auditor-service-default.conf | 1 | ||||
-rw-r--r-- | debian/etc/taler/conf.d/auditor-system.conf (renamed from debian/etc/taler/auditor-system.conf) | 8 | ||||
-rw-r--r-- | debian/etc/taler/conf.d/exchange-business.conf (renamed from debian/etc/taler/exchange-business.conf) | 4 | ||||
-rw-r--r-- | debian/etc/taler/conf.d/exchange-system.conf (renamed from debian/etc/taler/exchange-system.conf) | 14 | ||||
-rw-r--r-- | debian/etc/taler/exchange-offline.conf | 8 | ||||
-rw-r--r-- | debian/etc/taler/exchange-service-default.conf | 10 | ||||
-rw-r--r-- | debian/etc/taler/exchange-service-secmod.conf | 9 | ||||
-rw-r--r-- | debian/etc/taler/exchange-service-wire.conf | 12 | ||||
-rw-r--r-- | debian/etc/taler/secrets/auditor-db.secret.conf | 10 | ||||
-rw-r--r-- | debian/etc/taler/secrets/exchange-accounts.secret.conf (renamed from debian/etc/taler/exchange-wire-gateway.conf) | 17 | ||||
-rw-r--r-- | debian/etc/taler/secrets/exchange-db.secret.conf (renamed from debian/etc/taler/exchange-db.conf) | 2 | ||||
-rw-r--r-- | debian/etc/taler/taler.conf | 29 |
12 files changed, 66 insertions, 58 deletions
diff --git a/debian/etc/taler/auditor-service-default.conf b/debian/etc/taler/auditor-service-default.conf deleted file mode 100644 index 259c4359d..000000000 --- a/debian/etc/taler/auditor-service-default.conf +++ /dev/null @@ -1 +0,0 @@ -@INLINE@ auditor-system.conf diff --git a/debian/etc/taler/auditor-system.conf b/debian/etc/taler/conf.d/auditor-system.conf index 50971b2ef..3d3aef33a 100644 --- a/debian/etc/taler/auditor-system.conf +++ b/debian/etc/taler/conf.d/auditor-system.conf @@ -1,8 +1,6 @@ -[PATHS] - -# Move runtime data "tmp" directory to /var/lib/taler-auditor/ -# to possibly provide additional protection from unwarranted access. -TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/ +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ auditordb-postgres ../secrets/auditor-db.secret.conf [auditor] # Debian package is configured to use a reverse proxy with a UNIX diff --git a/debian/etc/taler/exchange-business.conf b/debian/etc/taler/conf.d/exchange-business.conf index 669ed4546..ecd010da1 100644 --- a/debian/etc/taler/exchange-business.conf +++ b/debian/etc/taler/conf.d/exchange-business.conf @@ -1,8 +1,6 @@ # Configuration for business-level aspects of the exchange. -[taler] -# Here you need to set the currency of your exchange: -# CURRENCY = KUDOS +[exchange] # Here you MUST add the master public key of the offline system # which you can get using `taler-exchange-offline setup`. diff --git a/debian/etc/taler/exchange-system.conf b/debian/etc/taler/conf.d/exchange-system.conf index 2b7f34304..6df381eef 100644 --- a/debian/etc/taler/exchange-system.conf +++ b/debian/etc/taler/conf.d/exchange-system.conf @@ -1,13 +1,9 @@ -# Configuration settings for system parameters of -# the exchange. Should be included in all service-specific -# configuration files for the exchange. -# -# Please read the taler-exchange.README.Debian for how to configure a Taler exchange. - -[PATHS] - -TALER_RUNTIME_DIR = /run/taler-exchange-private +# Configuration settings for system parameters of the exchange. +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ exchange-account-1 ../secrets/exchange-accounts.secret.conf +@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf [exchange] # Debian package is configured to use a reverse proxy with a UNIX diff --git a/debian/etc/taler/exchange-offline.conf b/debian/etc/taler/exchange-offline.conf deleted file mode 100644 index c1c039f91..000000000 --- a/debian/etc/taler/exchange-offline.conf +++ /dev/null @@ -1,8 +0,0 @@ -# This configuration file is the entry point for the offline key management. -# -# It includes other configuration files, which are applied on top of the -# read-only base configuration (typically in /usr/share/taler/config.d/). - -# This file should be identical to the business configuration of the running -# online exchange -@INLINE@ exchange-business.conf diff --git a/debian/etc/taler/exchange-service-default.conf b/debian/etc/taler/exchange-service-default.conf deleted file mode 100644 index 4e3981004..000000000 --- a/debian/etc/taler/exchange-service-default.conf +++ /dev/null @@ -1,10 +0,0 @@ -# This configuration file is the entry point for most -# Taler exchange services. -# -# It includes other configuration files, -# which are applied on top of the read-only base configuration -# (typically in /usr/share/taler/config.d/). - -@INLINE@ exchange-system.conf -@INLINE@ exchange-db.conf -@INLINE@ exchange-business.conf diff --git a/debian/etc/taler/exchange-service-secmod.conf b/debian/etc/taler/exchange-service-secmod.conf deleted file mode 100644 index 5f5c012c6..000000000 --- a/debian/etc/taler/exchange-service-secmod.conf +++ /dev/null @@ -1,9 +0,0 @@ -# This configuration file is the entry point for the exchange -# security modules. -# -# It includes other configuration files, -# which are applied on top of the read-only base configuration -# (typically in /usr/share/taler/config.d/). - -@INLINE@ exchange-system.conf -@INLINE@ exchange-business.conf diff --git a/debian/etc/taler/exchange-service-wire.conf b/debian/etc/taler/exchange-service-wire.conf deleted file mode 100644 index ed25e381c..000000000 --- a/debian/etc/taler/exchange-service-wire.conf +++ /dev/null @@ -1,12 +0,0 @@ -# This configuration file is the entry point for -# Taler exchange services that access the wire gateway, -# i.e. the protocol bridge to core banking functionality. -# -# It includes other configuration files, -# which are applied on top of the read-only base configuration -# (typically in /usr/share/taler/config.d/). - -@INLINE@ exchange-system.conf -@INLINE@ exchange-db.conf -@INLINE@ exchange-business.conf -@INLINE@ exchange-wire-gateway.conf diff --git a/debian/etc/taler/secrets/auditor-db.secret.conf b/debian/etc/taler/secrets/auditor-db.secret.conf new file mode 100644 index 000000000..b81bb817f --- /dev/null +++ b/debian/etc/taler/secrets/auditor-db.secret.conf @@ -0,0 +1,10 @@ +# Database configuration for the Taler auditor. + +[auditordb-postgres] + +# Typically, there should only be a single line here, of the form: + +CONFIG=postgres:///DATABASE + +# The details of the URI depend on where the database lives and how +# access control was configured. diff --git a/debian/etc/taler/exchange-wire-gateway.conf b/debian/etc/taler/secrets/exchange-accounts.secret.conf index e5c749c88..7b6c649fd 100644 --- a/debian/etc/taler/exchange-wire-gateway.conf +++ b/debian/etc/taler/secrets/exchange-accounts.secret.conf @@ -2,3 +2,20 @@ # by the Taler exchange to talk to LibEuFin to interact with the bank. # The file SHOULD only be readable for the "taler-exchange-wire" user, # as other users/services have no business talking to the bank. + + +[exchange-account-1] +enable_credit = yes + +enable_debit = yes + +wire_gateway_auth_method = basic + +password = + +username = + +wire_gateway_url = + +payto_uri = + diff --git a/debian/etc/taler/exchange-db.conf b/debian/etc/taler/secrets/exchange-db.secret.conf index a7a727b62..596dcc92b 100644 --- a/debian/etc/taler/exchange-db.conf +++ b/debian/etc/taler/secrets/exchange-db.secret.conf @@ -4,7 +4,7 @@ # Typically, there should only be a single line here, of the form: -# CONFIG=postgres:///DATABASE +CONFIG=postgres:///DATABASE # The details of the URI depend on where the database lives and how # access control was configured. diff --git a/debian/etc/taler/taler.conf b/debian/etc/taler/taler.conf new file mode 100644 index 000000000..27ccf47d2 --- /dev/null +++ b/debian/etc/taler/taler.conf @@ -0,0 +1,29 @@ +# Main entry point for the GNU Taler configuration. +# +# Structure: +# - taler.conf is the main configuration entry point +# used by all Taler components +# - conf.d/ contains configuration files for +# Taler components, which can be read by all +# users of the system and are included by the main +# configuration +# - secrets/ contains configuration snippets +# with secrets for particular services. +# These files should have restrictive permissions +# so that only users of the relevant services +# can read it. + +[taler] + +# Currency of the Taler deployment. This setting applies to all Taler +# components that only support a single currency. +#currency = KUDOS + +# Smallest currency unit handled by the underlying bank system. Taler payments +# can make payments smaller than this units, but interactions with external +# systems is always rounded to this unit. +#currency_round_unit = KUDOS:0.01 + + +# Inline configurations from all Taler components. +@inline-matching@ conf.d/*.conf |