From 5597dc6f1e8d8b73f906365618ba3922f9dd7660 Mon Sep 17 00:00:00 2001
From: Florian Dold <florian@dold.me>
Date: Fri, 16 Jul 2021 17:16:38 +0200
Subject: debian: new config file structure

---
 debian/etc/taler-auditor.conf                  |  14 --
 debian/etc/taler-exchange-db.conf              |  11 --
 debian/etc/taler-exchange.conf                 |  38 ----
 debian/etc/taler-secmod.conf                   |  38 ----
 debian/etc/taler-wire.conf                     |  10 -
 debian/etc/taler/auditor-service-default.conf  |   1 +
 debian/etc/taler/auditor-system.conf           |  14 ++
 debian/etc/taler/exchange-business.conf        |  48 +++++
 debian/etc/taler/exchange-db.conf              |  10 +
 debian/etc/taler/exchange-service-default.conf |   3 +
 debian/etc/taler/exchange-service-wire.conf    |   4 +
 debian/etc/taler/exchange-system.conf          |  21 ++
 debian/etc/taler/exchange-wire-gateway.conf    |   4 +
 debian/taler-auditor.install                   |   2 +-
 debian/taler-exchange.install                  |   4 +-
 debian/taler-exchange.postinst                 | 255 +++++++++++++------------
 16 files changed, 238 insertions(+), 239 deletions(-)
 delete mode 100644 debian/etc/taler-auditor.conf
 delete mode 100644 debian/etc/taler-exchange-db.conf
 delete mode 100644 debian/etc/taler-exchange.conf
 delete mode 100644 debian/etc/taler-secmod.conf
 delete mode 100644 debian/etc/taler-wire.conf
 create mode 100644 debian/etc/taler/auditor-service-default.conf
 create mode 100644 debian/etc/taler/auditor-system.conf
 create mode 100644 debian/etc/taler/exchange-business.conf
 create mode 100644 debian/etc/taler/exchange-db.conf
 create mode 100644 debian/etc/taler/exchange-service-default.conf
 create mode 100644 debian/etc/taler/exchange-service-wire.conf
 create mode 100644 debian/etc/taler/exchange-system.conf
 create mode 100644 debian/etc/taler/exchange-wire-gateway.conf

diff --git a/debian/etc/taler-auditor.conf b/debian/etc/taler-auditor.conf
deleted file mode 100644
index 50971b2ef..000000000
--- a/debian/etc/taler-auditor.conf
+++ /dev/null
@@ -1,14 +0,0 @@
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-auditor/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
-
-[auditor]
-# Debian package is configured to use a reverse proxy with a UNIX
-# domain socket. See nginx/apache configuration files.
-SERVE = UNIX
-UNIXPATH = /var/lib/taler-auditor/auditor.sock
-
-# Only supported database is Postgres right now.
-DATABASE = postgres
diff --git a/debian/etc/taler-exchange-db.conf b/debian/etc/taler-exchange-db.conf
deleted file mode 100644
index a6217f486..000000000
--- a/debian/etc/taler-exchange-db.conf
+++ /dev/null
@@ -1,11 +0,0 @@
-# This file should contain the access control information to talk to
-# the exchange database.
-
-[exchangedb-postgres]
-
-# Typically, there should only be a single line here, of the form:
-
-# CONFIG=postgres:///DATABASE
-
-# The details of the URI depend on where the database lives and how
-# access control was configured.
diff --git a/debian/etc/taler-exchange.conf b/debian/etc/taler-exchange.conf
deleted file mode 100644
index 34af223d2..000000000
--- a/debian/etc/taler-exchange.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-# First line should be: "INLINE@ taler-exchange-db.conf"
-# 2nd   line should be: "INLINE@ taler-secmod.conf"
-@INLINE@ taler-exchange-db.conf
-@INLINE@ taler-secmod.conf
-# Do not edit this file using 'taler-config', otherwise the line
-# above will be lost!
-#
-# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
-#
-
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
-
-[exchange]
-# Debian package is configured to use a reverse proxy with a UNIX
-# domain socket. See nginx/apache configuration files.
-SERVE = UNIX
-UNIXPATH = /var/lib/taler-exchange/exchange.sock
-
-# Only supported database is Postgres right now.
-DATABASE = postgres
-
-# Here you MUST add the master public key of the offline system
-# which you can get using `taler-exchange-offline setup`.
-# This is just an example, your key will be different!
-# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
-MASTER_PUBLIC_KEY =
-
-# For your terms of service and privacy policy, you should specify
-# an Etag that must be updated whenever there are significant
-# changes to either document.  The format is up to you, what matters
-# is that the value is updated and never re-used. See the HTTP
-# specification on Etags.
-# TERMS_ETAG =
-# PRIVACY_ETAG =
diff --git a/debian/etc/taler-secmod.conf b/debian/etc/taler-secmod.conf
deleted file mode 100644
index 8b3bb34d9..000000000
--- a/debian/etc/taler-secmod.conf
+++ /dev/null
@@ -1,38 +0,0 @@
-[PATHS]
-
-# Move runtime data "tmp" directory to /var/lib/taler-exchange/
-# to possibly provide additional protection from unwarranted access.
-TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
-
-[taler]
-# Here you need to set the currency of your exchange:
-# CURRENCY = KUDOS
-
-
-# You must specify the various denominations to be offered by your exchange
-# in sections called "coin_".
-# What follows is an example.
-
-# [coin_FOO]
-## Actual value of the coin
-#VALUE = KUDOS:1
-
-## How long will one key be used for withdrawals?
-#DURATION_WITHDRAW = 7 days
-
-## How long do users have to spend their coins?
-#DURATION_SPEND = 2 years
-
-## How long does the exchange keep the proofs around for legal disputes?
-#DURATION_LEGAL = 6 years
-
-## Fees charged. Note that for the lowest denomination, the
-## fee must precisely be the lowest denomination, or zero.
-#FEE_WITHDRAW = KUDOS:0
-#FEE_DEPOSIT = KUDOS:0
-#FEE_REFRESH = KUDOS:0
-#FEE_REFUND = KUDOS:0
-
-## How long should the RSA keys be. Do not change unless you really know
-## what you are doing (consult your local cryptographer first!).
-#RSA_KEYSIZE = 2048
diff --git a/debian/etc/taler-wire.conf b/debian/etc/taler-wire.conf
deleted file mode 100644
index d0484381a..000000000
--- a/debian/etc/taler-wire.conf
+++ /dev/null
@@ -1,10 +0,0 @@
-# First line should be: "INLINE@ taler-exchange-db.conf"
-@INLINE@ taler-exchange-db.conf
-# Do not edit this file using 'taler-config', otherwise the line
-# above will be lost!
-
-
-# This file should contain the wire account access information which is needed
-# by the Taler exchange to talk to LibEuFin to interact with the bank.
-# The file SHOULD only be readable for the "taler-exchange-wire" user,
-# as other users/services have no business talking to the bank.
diff --git a/debian/etc/taler/auditor-service-default.conf b/debian/etc/taler/auditor-service-default.conf
new file mode 100644
index 000000000..d57283ea5
--- /dev/null
+++ b/debian/etc/taler/auditor-service-default.conf
@@ -0,0 +1 @@
+@INCLUDE@ /etc/taler/auditor-system.conf
diff --git a/debian/etc/taler/auditor-system.conf b/debian/etc/taler/auditor-system.conf
new file mode 100644
index 000000000..50971b2ef
--- /dev/null
+++ b/debian/etc/taler/auditor-system.conf
@@ -0,0 +1,14 @@
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-auditor/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-auditor/tmp/
+
+[auditor]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-auditor/auditor.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/debian/etc/taler/exchange-business.conf b/debian/etc/taler/exchange-business.conf
new file mode 100644
index 000000000..8b97c6089
--- /dev/null
+++ b/debian/etc/taler/exchange-business.conf
@@ -0,0 +1,48 @@
+TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+
+[taler]
+# Here you need to set the currency of your exchange:
+# CURRENCY = KUDOS
+
+# Here you MUST add the master public key of the offline system
+# which you can get using `taler-exchange-offline setup`.
+# This is just an example, your key will be different!
+# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG
+MASTER_PUBLIC_KEY =
+
+# For your terms of service and privacy policy, you should specify
+# an Etag that must be updated whenever there are significant
+# changes to either document.  The format is up to you, what matters
+# is that the value is updated and never re-used. See the HTTP
+# specification on Etags.
+# TERMS_ETAG =
+# PRIVACY_ETAG =
+
+
+# You must specify the various denominations to be offered by your exchange
+# in sections called "coin_".
+# What follows is an example.
+
+# [coin_FOO]
+## Actual value of the coin
+#VALUE = KUDOS:1
+
+## How long will one key be used for withdrawals?
+#DURATION_WITHDRAW = 7 days
+
+## How long do users have to spend their coins?
+#DURATION_SPEND = 2 years
+
+## How long does the exchange keep the proofs around for legal disputes?
+#DURATION_LEGAL = 6 years
+
+## Fees charged. Note that for the lowest denomination, the
+## fee must precisely be the lowest denomination, or zero.
+#FEE_WITHDRAW = KUDOS:0
+#FEE_DEPOSIT = KUDOS:0
+#FEE_REFRESH = KUDOS:0
+#FEE_REFUND = KUDOS:0
+
+## How long should the RSA keys be. Do not change unless you really know
+## what you are doing (consult your local cryptographer first!).
+#RSA_KEYSIZE = 2048
diff --git a/debian/etc/taler/exchange-db.conf b/debian/etc/taler/exchange-db.conf
new file mode 100644
index 000000000..a7a727b62
--- /dev/null
+++ b/debian/etc/taler/exchange-db.conf
@@ -0,0 +1,10 @@
+# Database configuration for the Taler exchange.
+
+[exchangedb-postgres]
+
+# Typically, there should only be a single line here, of the form:
+
+# CONFIG=postgres:///DATABASE
+
+# The details of the URI depend on where the database lives and how
+# access control was configured.
diff --git a/debian/etc/taler/exchange-service-default.conf b/debian/etc/taler/exchange-service-default.conf
new file mode 100644
index 000000000..0fa198f88
--- /dev/null
+++ b/debian/etc/taler/exchange-service-default.conf
@@ -0,0 +1,3 @@
+@INCLUDE@ /etc/taler/exchange-system.conf
+@INCLUDE@ /etc/taler/exchange-db.conf
+@INCLUDE@ /etc/taler/exchange-business.conf
diff --git a/debian/etc/taler/exchange-service-wire.conf b/debian/etc/taler/exchange-service-wire.conf
new file mode 100644
index 000000000..d6dc0253c
--- /dev/null
+++ b/debian/etc/taler/exchange-service-wire.conf
@@ -0,0 +1,4 @@
+@INCLUDE@ /etc/taler/exchange-system.conf
+@INCLUDE@ /etc/taler/exchange-db.conf
+@INCLUDE@ /etc/taler/exchange-business.conf
+@INCLUDE@ /etc/taler/exchange-wire-gateway.conf
diff --git a/debian/etc/taler/exchange-system.conf b/debian/etc/taler/exchange-system.conf
new file mode 100644
index 000000000..bdf53fce7
--- /dev/null
+++ b/debian/etc/taler/exchange-system.conf
@@ -0,0 +1,21 @@
+# Configuration settings for system parameters of
+# the exchange.  Should be included in all service-specific
+# configuration files for the exchange.
+#
+# Please read the taler-exchange.README.Debian for how to configure a Taler exchange.
+
+[PATHS]
+
+# Move runtime data "tmp" directory to /var/lib/taler-exchange/
+# to possibly provide additional protection from unwarranted access.
+TALER_RUNTIME_DIR = /var/lib/taler-exchange/tmp/
+
+
+[exchange]
+# Debian package is configured to use a reverse proxy with a UNIX
+# domain socket. See nginx/apache configuration files.
+SERVE = UNIX
+UNIXPATH = /var/lib/taler-exchange/exchange.sock
+
+# Only supported database is Postgres right now.
+DATABASE = postgres
diff --git a/debian/etc/taler/exchange-wire-gateway.conf b/debian/etc/taler/exchange-wire-gateway.conf
new file mode 100644
index 000000000..e5c749c88
--- /dev/null
+++ b/debian/etc/taler/exchange-wire-gateway.conf
@@ -0,0 +1,4 @@
+# This file should contain the wire account access information which is needed
+# by the Taler exchange to talk to LibEuFin to interact with the bank.
+# The file SHOULD only be readable for the "taler-exchange-wire" user,
+# as other users/services have no business talking to the bank.
diff --git a/debian/taler-auditor.install b/debian/taler-auditor.install
index b2528c8ae..1f32e5bb3 100644
--- a/debian/taler-auditor.install
+++ b/debian/taler-auditor.install
@@ -13,6 +13,6 @@ usr/share/man/man1/taler-helper-auditor*
 usr/share/info/taler-auditor*
 usr/share/taler/config.d/auditor*
 usr/share/taler/sql/auditor/*
-debian/etc/taler-auditor.conf etc/
+debian/etc/taler/auditor* etc/
 debian/auditor-conf/* etc/taler-auditor/
 usr/share/taler-exchange/auditor-report.tex.j2
diff --git a/debian/taler-exchange.install b/debian/taler-exchange.install
index 7d484cbfe..82a39d46a 100644
--- a/debian/taler-exchange.install
+++ b/debian/taler-exchange.install
@@ -6,7 +6,7 @@ usr/share/man/man1/taler-wire*
 usr/share/info/taler-bank*
 usr/share/info/taler-exchange*
 usr/share/taler/config.d/*
-debian/etc/* etc/
-debian/exchange-conf/* etc/taler-exchange/
+debian/etc/exchange* etc/
+debian/exchange-conf/* usr/share/taler/sample-configs/
 usr/share/taler-exchange/pp/*/*
 usr/share/taler-exchange/tos/*/*
diff --git a/debian/taler-exchange.postinst b/debian/taler-exchange.postinst
index 72f8f6c5d..e8ef11d69 100644
--- a/debian/taler-exchange.postinst
+++ b/debian/taler-exchange.postinst
@@ -2,106 +2,111 @@
 
 set -e
 
-
 . /usr/share/debconf/confmodule
 
+# usage: fixperm user:group perms file
+function fixperm() {
+  chown "$1" "$3"
+  chmod "$2" "$3"
+}
+
+# usage: lncfg user target
+function lncfg() {
+  mkdir ~$1/.config
+  chown $1:$1 ~$1/.config
+  ln -sf $1/.config/taler.conf $2
+}
+
 case "${1}" in
-	configure)
-		db_version 2.0
-
-		db_get taler-exchange/eusername
-		_EUSERNAME="${RET:-taler-exchange-httpd}"
-
-		db_get taler-exchange/rsecusername
-		_RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
-
-		db_get taler-exchange/esecusername
-		_ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
-
-		db_get taler-exchange/wireusername
-		_WIREUSERNAME="${RET:-taler-exchange-wire}"
-
-		db_get taler-exchange/aggrusername
-		_AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
-
-		db_get taler-exchange/groupname
-		_GROUPNAME="${RET:-taler-private}"
-
-   		db_get taler-exchange/dbgroupname
-		_DBGROUPNAME="${RET:-taler-exchange-db}"
-
-		db_stop
-
-		CONFIG_FILE="/etc/default/taler-exchange"
-		TALER_HOME="/var/lib/taler-exchange"
-
-		# Creating taler groups as needed
-		if ! getent group ${_GROUPNAME} > /dev/null
-		then
-			echo -n "Creating new Taler group ${_GROUPNAME}:"
-			addgroup --quiet --system ${_GROUPNAME}
-			echo " done."
-		fi
-		if ! getent group ${_DBGROUPNAME} > /dev/null
-		then
-			echo -n "Creating new Taler group ${_DBGROUPNAME}:"
-			addgroup --quiet --system ${_DBGROUPNAME}
-			echo " done."
-		fi
-
-		# Creating taler users if needed
-		if ! getent passwd ${_EUSERNAME} > /dev/null
-		then
-			echo -n "Creating new Taler user ${_EUSERNAME}:"
-			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
-            adduser ${_EUSERNAME} ${_DBGROUPNAME}
-			echo " done."
-		fi
-		if ! getent passwd ${_RSECUSERNAME} > /dev/null
-		then
-			echo -n "Creating new Taler user ${_RSECUSERNAME}:"
-			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
-			echo " done."
-		fi
-		if ! getent passwd ${_ESECUSERNAME} > /dev/null
-		then
-			echo -n "Creating new Taler user ${_ESECUSERNAME}:"
-			adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
-			echo " done."
-		fi
-		if ! getent passwd ${_WIREUSERNAME} > /dev/null
-		then
-			echo -n "Creating new Taler user ${_WIREUSERNAME}:"
-			adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
-            adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
-			echo " done."
-		fi
-		if ! getent passwd ${_AGGRUSERNAME} > /dev/null
-		then
-			echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
-			adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
-            adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
-			echo " done."
-		fi
-
-        # Writing new values to configuration file
-        echo -n "Writing new configuration file:"
-        CONFIG_NEW=$(tempfile)
-
-cat > "${CONFIG_NEW}" <<EOF
+configure)
+  db_version 2.0
+
+  db_get taler-exchange/eusername
+  _EUSERNAME="${RET:-taler-exchange-httpd}"
+
+  db_get taler-exchange/rsecusername
+  _RSECUSERNAME="${RET:-taler-exchange-secmod-rsa}"
+
+  db_get taler-exchange/esecusername
+  _ESECUSERNAME="${RET:-taler-exchange-secmod-eddsa}"
+
+  db_get taler-exchange/wireusername
+  _WIREUSERNAME="${RET:-taler-exchange-wire}"
+
+  db_get taler-exchange/aggrusername
+  _AGGRUSERNAME="${RET:-taler-exchange-aggregator}"
+
+  db_get taler-exchange/groupname
+  _GROUPNAME="${RET:-taler-private}"
+
+  db_get taler-exchange/dbgroupname
+  _DBGROUPNAME="${RET:-taler-exchange-db}"
+
+  db_stop
+
+  CONFIG_FILE="/etc/default/taler-exchange"
+  TALER_HOME="/var/lib/taler-exchange"
+
+  # Creating taler groups as needed
+  if ! getent group ${_GROUPNAME} >/dev/null; then
+    echo -n "Creating new Taler group ${_GROUPNAME}:"
+    addgroup --quiet --system ${_GROUPNAME}
+    echo " done."
+  fi
+  if ! getent group ${_DBGROUPNAME} >/dev/null; then
+    echo -n "Creating new Taler group ${_DBGROUPNAME}:"
+    addgroup --quiet --system ${_DBGROUPNAME}
+    echo " done."
+  fi
+
+  # Creating taler users if needed
+  if ! getent passwd ${_EUSERNAME} >/dev/null; then
+    echo -n "Creating new Taler user ${_EUSERNAME}:"
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/httpd ${_EUSERNAME}
+    adduser ${_EUSERNAME} ${_DBGROUPNAME}
+    echo " done."
+  fi
+  if ! getent passwd ${_RSECUSERNAME} >/dev/null; then
+    echo -n "Creating new Taler user ${_RSECUSERNAME}:"
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-rsa ${_RSECUSERNAME}
+    echo " done."
+  fi
+  if ! getent passwd ${_ESECUSERNAME} >/dev/null; then
+    echo -n "Creating new Taler user ${_ESECUSERNAME}:"
+    adduser --quiet --system --ingroup ${_GROUPNAME} --home ${TALER_HOME}/secmod-eddsa ${_ESECUSERNAME}
+    echo " done."
+  fi
+  if ! getent passwd ${_WIREUSERNAME} >/dev/null; then
+    echo -n "Creating new Taler user ${_WIREUSERNAME}:"
+    adduser --quiet --system --home ${TALER_HOME}/wire ${_WIREUSERNAME}
+    adduser --quiet ${_WIREUSERNAME} ${_DBGROUPNAME}
+    echo " done."
+  fi
+  if ! getent passwd ${_AGGRUSERNAME} >/dev/null; then
+    echo -n "Creating new Taler user ${_AGGRUSERNAME}:"
+    adduser --quiet --system --home ${TALER_HOME}/aggregator ${_AGGRUSERNAME}
+    adduser --quiet ${_AGGRUSERNAME} ${_DBGROUPNAME}
+    echo " done."
+  fi
+
+  # Writing new values to configuration file
+  echo -n "Writing new configuration file:"
+  CONFIG_NEW=$(tempfile)
+
+  cat >"${CONFIG_NEW}" <<EOF
 # This file controls the behaviour of the Taler init script.
 # It will be parsed as a shell script.
 # please do not edit by hand, use 'dpkg-reconfigure taler-exchange'.
 
 TALER_EUSER=${_EUSERNAME}
-TALER_RSECUSER=${_RESCUSERNAME}
+TALER_RSECUSER=${_RSECUSERNAME}
 TALER_ESECUSER=${_ESECUSERNAME}
 TALER_WIREUSER=${_WIREUSERNAME}
 TALER_AGGRUSER=${_AGGRUSERNAME}
 TALER_GROUP=${_GROUPNAME}
 EOF
 
-cat > "/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-httpd.socket" <<EOF
 [Unit]
 Description=Taler Exchange Socket
 PartOf=taler-exchange-httpd.service
@@ -118,7 +123,7 @@ SocketMode=0660
 WantedBy=sockets.target
 EOF
 
-cat > "/etc/systemd/system/taler-exchange-httpd.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-httpd.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange REST API
 AssertPathExists=/var/lib/taler-exchange/
@@ -131,7 +136,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_EUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler-exchange.conf
+ExecStart=/usr/bin/taler-exchange-httpd -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
@@ -140,7 +145,7 @@ ProtectSystem=full
 WantedBy=multi-user.target
 EOF
 
-cat > "/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-secmod-rsa.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange RSA security module
 
@@ -149,13 +154,13 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_RSECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-rsa -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-secmod-eddsa.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange EdDSA security module
 
@@ -164,13 +169,13 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_ESECUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler-secmod.conf
+ExecStart=/usr/bin/taler-exchange-secmod-eddsa -c /etc/taler/exchange-service-default.conf
 PrivateTmp=no
 PrivateDevices=yes
 ProtectSystem=full
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-wirewatch.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange wirewatch service
 After=network.target
@@ -180,14 +185,14 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_WIREUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-transfer.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-transfer.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange transfer service
 After=network.target
@@ -197,13 +202,13 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_WIREUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler-wire.conf
+ExecStart=/usr/bin/taler-exchange-wirewatch -c /etc/taler/exchange-service-wire.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
 
 EOF
-cat > "/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
+  cat >"/etc/systemd/system/taler-exchange-aggregator.service" <<EOF
 [Unit]
 Description=GNU Taler payment system exchange aggregator service
 
@@ -212,7 +217,7 @@ EnvironmentFile=/etc/default/taler-exchange
 User=${_AGGRUSERNAME}
 Type=simple
 Restart=on-failure
-ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler.conf
+ExecStart=/usr/bin/taler-exchange-aggregator -c /etc/taler/exchange-service-default.conf
 PrivateTmp=yes
 PrivateDevices=yes
 ProtectSystem=full
@@ -220,42 +225,42 @@ ProtectSystem=full
 
 EOF
 
-		cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
-		rm -f "${CONFIG_NEW}"
-		echo " done."
+  cp -f "${CONFIG_NEW}" "${CONFIG_FILE}"
+  rm -f "${CONFIG_NEW}"
+  echo " done."
 
-        echo -n "Setting up system services "
+  echo -n "Setting up system services "
 
-        mkdir -p /var/lib/taler-exchange/tmp
-        chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp
-        chmod 770 /var/lib/taler-exchange/tmp
-        chmod +s /var/lib/taler-exchange/tmp
+  mkdir -p /var/lib/taler-exchange/tmp
+  chown root:${_GROUPNAME} /var/lib/taler-exchange/tmp
+  chmod 770 /var/lib/taler-exchange/tmp
+  chmod +s /var/lib/taler-exchange/tmp
 
-        chown root:${_GROUPNAME} /etc/taler-secmod.conf
-        chmod 640 /etc/taler-secmod.conf
-        chown ${_WIREUSERNAME}:root /etc/taler-wire.conf
-        chmod 460 /etc/taler-wire.conf
-        chown root:${_DBGROUPNAME} /etc/taler-exchange-db.conf
-        chmod 640 /etc/taler-exchange-db.conf
-        chown ${_EUSERNAME}:${_GROUPNAME} /etc/taler-exchange.conf
-        chmod 460 /etc/taler-wire.conf
+  fixperm ${_WIREUSERNAME}:root 460 /etc/taler/exchange-wire-gateway.conf
+  fixperm root:${_DBGROUPNAME} 640 /etc/taler/exchange-db.conf
 
-        systemctl daemon-reload >/dev/null 2>&1  || true
+  systemctl daemon-reload >/dev/null 2>&1 || true
 
+  echo "done."
 
-        echo "done."
+  echo -n "Linking config files"
+  lncfg ${_EUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_RSECUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_ESECUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_AGGRUSERNAME} /etc/taler/exchange-service-default.conf
+  lncfg ${_WIREUSERNAME} /etc/taler/exchange-service-wire.conf
+  echo " done"
 
-		# Cleaning
-		echo "All done."
-		;;
+  # Cleaning
+  echo "All done."
+  ;;
 
-	abort-upgrade|abort-remove|abort-deconfigure)
-		;;
+abort-upgrade | abort-remove | abort-deconfigure) ;;
 
-	*)
-		echo "postinst called with unknown argument \`${1}'" >&2
-		exit 1
-		;;
+*)
+  echo "postinst called with unknown argument \`${1}'" >&2
+  exit 1
+  ;;
 esac
 
 #DEBHELPER#
-- 
cgit v1.2.3