From 689fd46a60863f9a5b025cec79f5a03be1bddbab Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Thu, 18 May 2023 22:15:29 +0200 Subject: Add a packaging folder to contrib and place systemd/etc files from debian folder. Also adds the packaging folder to the tarball. --- .../apache2/sites-available/taler-exchange.conf | 4 ++ .../nginx/sites-available/taler-exchange | 17 ++++++++ .../taler/conf.d/exchange-business.conf | 50 ++++++++++++++++++++++ .../taler/conf.d/exchange-coins.conf | 33 ++++++++++++++ .../taler/conf.d/exchange-system.conf | 13 ++++++ .../exchange-accountcredentials-1.secret.conf | 17 ++++++++ .../taler/secrets/exchange-db.secret.conf | 10 +++++ 7 files changed, 144 insertions(+) create mode 100644 contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf create mode 100644 contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf (limited to 'contrib/packages/fedora/etc-taler-exchange') diff --git a/contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf b/contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf new file mode 100644 index 000000000..3ec14feb2 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/apache2/sites-available/taler-exchange.conf @@ -0,0 +1,4 @@ + +ProxyPass "unix:/run/taler/exchange-httpd/exchange-http.sock|http://example.com/" +RequestHeader add "X-Forwarded-Proto" "https" + diff --git a/contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange b/contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange new file mode 100644 index 000000000..9b61a32df --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/nginx/sites-available/taler-exchange @@ -0,0 +1,17 @@ +server { + listen 80; + listen [::]:80; + + server_name localhost; + + access_log /var/log/nginx/exchange.log; + error_log /var/log/nginx/exchange.err; + + location /taler-exchange/ { + proxy_pass http://unix:/run/taler/exchange-httpd/exchange-http.sock:/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Forwarded-Host "localhost"; + #proxy_set_header X-Forwarded-Proto "https"; + } +} diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf new file mode 100644 index 000000000..d5938f2b1 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-business.conf @@ -0,0 +1,50 @@ +# Configuration for business-level aspects of the exchange. + +[exchange] + +# Here you MUST add the master public key of the offline system +# which you can get using `taler-exchange-offline setup`. +# This is just an example, your key will be different! +# MASTER_PUBLIC_KEY = YE6Q6TR1EDB7FD0S68TGDZGF1P0GHJD2S0XVV8R2S62MYJ6HJ4ZG +# MASTER_PUBLIC_KEY = + +# Publicly visible base URL of the exchange. +# BASE_URL = https://example.com/ +# BASE_URL = + +# Here you MUST configure the amount above which transactions are +# always subject to manual AML review. +# AML_THRESHOLD = + +# Attribute encryption key for storing attributes encrypted +# in the database. Should be a high-entropy nonce. +ATTRIBUTE_ENCRYPTION_KEY = SET_ME_PLEASE + +# For your terms of service and privacy policy, you should specify +# an Etag that must be updated whenever there are significant +# changes to either document. The format is up to you, what matters +# is that the value is updated and never re-used. See the HTTP +# specification on Etags. +# TERMS_ETAG = +# PRIVACY_ETAG = + +SERVE = unix +UNIXPATH_MODE = 666 + +# Bank accounts used by the exchange should be specified here: +[exchange-account-1] + +ENABLE_CREDIT = NO +ENABLE_DEBIT = NO + +# Account identifier in the form of an RFC-8905 payto:// URI. +# For SEPA, looks like payto://sepa/$IBAN?receiver-name=$NAME +# Make sure to URL-encode spaces in $NAME! +PAYTO_URI = + +# Credentials to access the account are in a separate +# config file with restricted permissions. +@inline-secret@ exchange-accountcredentials-1 ../secrets/exchange-accountcredentials-1.secret.conf + + + diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf new file mode 100644 index 000000000..8294525cb --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-coins.conf @@ -0,0 +1,33 @@ +# +# This configuration file specifies the various denominations offered by your +# exchange. +# +# Each denomination must be specified in a sections starting with +# "coin_". +# +# What follows is an example. +# + +# [coin_FOO] +## Actual value of the coin +#VALUE = KUDOS:1 + +## How long will one key be used for withdrawals? +#DURATION_WITHDRAW = 7 days + +## How long do users have to spend their coins? +#DURATION_SPEND = 2 years + +## How long does the exchange keep the proofs around for legal disputes? +#DURATION_LEGAL = 6 years + +## Fees charged. Note that for the lowest denomination, the +## fee must precisely be the lowest denomination, or zero. +#FEE_WITHDRAW = KUDOS:0 +#FEE_DEPOSIT = KUDOS:0 +#FEE_REFRESH = KUDOS:0 +#FEE_REFUND = KUDOS:0 + +## How long should the RSA keys be. Do not change unless you really know +## what you are doing (consult your local cryptographer first!). +#RSA_KEYSIZE = 2048 diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf new file mode 100644 index 000000000..4ad7e06f6 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/conf.d/exchange-system.conf @@ -0,0 +1,13 @@ +# Configuration settings for system parameters of the exchange. + +# Read secret sections into configuration, but only +# if we have permission to do so. +@inline-secret@ exchangedb-postgres ../secrets/exchange-db.secret.conf + +[exchange] + +# Only supported database is Postgres right now. +DATABASE = postgres + + + diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf new file mode 100644 index 000000000..8c8d14320 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-accountcredentials-1.secret.conf @@ -0,0 +1,17 @@ +# This file contains the secret credentials +# to access the Taler Wire Gateway API (usually +# provided by LibEuFin) for the exchange accounts. +# +# Each exchange-account-* section should have a matching +# exchange-accountcredentials-* section here. +# +# Each of those sections must be imported via @inline-secret@, +# usually in conf.d/exchange-business.conf. + +[exchange-accountcredentials-1] + +wire_gateway_auth_method = basic +password = +username = +wire_gateway_url = + diff --git a/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf new file mode 100644 index 000000000..a7a727b62 --- /dev/null +++ b/contrib/packages/fedora/etc-taler-exchange/taler/secrets/exchange-db.secret.conf @@ -0,0 +1,10 @@ +# Database configuration for the Taler exchange. + +[exchangedb-postgres] + +# Typically, there should only be a single line here, of the form: + +# CONFIG=postgres:///DATABASE + +# The details of the URI depend on where the database lives and how +# access control was configured. -- cgit v1.2.3