diff options
| author | Christian Grothoff <christian@grothoff.org> | 2021-04-18 02:21:03 +0200 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2021-04-18 02:21:03 +0200 |
| commit | 294730cf014e3ce74f16d886516e8fc02df3bd18 (patch) | |
| tree | a4bd4ad27525aac70f21722ece322e549a787fb1 /debian/taler-exchange.postinst | |
| parent | a98e13122657c22781f248b48d33088f906e47d0 (diff) | |
fix #6769, plus some related configuration issues and better documentation
Diffstat (limited to 'debian/taler-exchange.postinst')
| -rw-r--r-- | debian/taler-exchange.postinst | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst index b09550e51..72f8f6c5d 100644 --- a/debian/taler-exchange.postinst +++ b/debian/taler-exchange.postinst @@ -101,11 +101,29 @@ TALER_AGGRUSER=${_AGGRUSERNAME} TALER_GROUP=${_GROUPNAME} EOF +cat > "/etc/systemd/system/taler-exchange-httpd.socket" <<EOF +[Unit] +Description=Taler Exchange Socket +PartOf=taler-exchange-httpd.service + +[Socket] +ListenStream=/var/lib/taler-exchange/exchange.sock +Accept=no +Service=taler-exchange-httpd.service +SocketUser=${_EUSERNAME} +SocketGroup=www-data +SocketMode=0660 + +[Install] +WantedBy=sockets.target +EOF + cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF [Unit] Description=GNU Taler payment system exchange REST API -Requires=taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service -Wants=taler-exchange-wirewatch taler-exchange-aggregator taler-exchange-transfer +AssertPathExists=/var/lib/taler-exchange/ +Requires=taler-exchange-httpd.socket taler-exchange-secmod-rsa.service taler-exchange-secmod-eddsa.service +Wants=taler-exchange-wirewatch.service taler-exchange-aggregator.service taler-exchange-transfer.service After=postgres.service network.target [Service] @@ -131,7 +149,7 @@ EnvironmentFile=/etc/default/taler-exchange User=${_RSECUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-exchange.conf +ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-secmod.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full @@ -146,7 +164,7 @@ EnvironmentFile=/etc/default/taler-exchange User=${_ESECUSERNAME} Type=simple Restart=on-failure -ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-exchange.conf +ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-secmod.conf PrivateTmp=no PrivateDevices=yes ProtectSystem=full @@ -213,6 +231,8 @@ EOF chmod 770 /var/lib/taler-exchange/tmp chmod +s /var/lib/taler-exchange/tmp + chown root:${_GROUPNAME} /etc/taler-secmod.conf + chmod 640 /etc/taler-secmod.conf chown ${_WIREUSERNAME}:root /etc/taler-wire.conf chmod 460 /etc/taler-wire.conf chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf @@ -222,6 +242,7 @@ EOF systemctl daemon-reload >/dev/null 2>&1 || true + echo "done." # Cleaning |