[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[taler-docs] branch master updated: work on #8602
|
From: |
gnunet |
|
Subject: |
[taler-docs] branch master updated: work on #8602 |
|
Date: |
Sun, 10 Mar 2024 12:12:58 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository docs.
The following commit(s) were added to refs/heads/master by this push:
new 72dcd025 work on #8602
72dcd025 is described below
commit 72dcd025f7f036812125573d91ed92ab1625a307
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sun Mar 10 12:12:52 2024 +0100
work on #8602
---
frags/deploying-tos.rst | 45 ++++++++++++++
frags/regional-system-on.rst | 28 +++++++++
libeufin/regional-automated-manual.rst | 76 +++++++----------------
libeufin/regional-custom-manual.rst | 108 +++++++++++++++++++--------------
4 files changed, 158 insertions(+), 99 deletions(-)
diff --git a/frags/deploying-tos.rst b/frags/deploying-tos.rst
new file mode 100644
index 00000000..5b389f44
--- /dev/null
+++ b/frags/deploying-tos.rst
@@ -0,0 +1,45 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014-2024 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free
Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
details.
+
+ You should have received a copy of the GNU Affero General Public License
along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+
+Configuring exchange terms
+==========================
+
+You can use your own terms of service and privacy policy. You can use the
default templates in ``/usr/share/taler/terms`` as a guide.
+Assuming you have custom terms of service and privacy policy ``rst`` teamplte
files at ``TOS_PATH`` and ``PRIVACY_PATH``, the following commands generate the
terms files:
+
+.. code-block:: console
+
+ # taler-terms-generator -i "$TOS_PATH"
+ # taler-terms-generator -i "$PRIVACY_PATH"
+
+You now have to specify the terms file names in the exchange config:
+
+.. code-block:: console
+
+ # TERMS_ETAG="$(basename "$TOS_PATH" .rst)"
+ # PRIVACY_ETAG="$(basename "$PRIVACY_PATH" .rst)"
+
+.. code-block:: ini
+
+ [exchange]
+ TERMS_ETAG=${TERMS_ETAG}
+ PRIVACY_ETAG=${PRIVACY_ETAG}
+
+Make sure to restart taler-exchange after changing these configuration options:
+
+.. code-block:: console
+
+ # systemctl restart taler-exchange.target
diff --git a/frags/regional-system-on.rst b/frags/regional-system-on.rst
new file mode 100644
index 00000000..7a150cbf
--- /dev/null
+++ b/frags/regional-system-on.rst
@@ -0,0 +1,28 @@
+..
+ This file is part of GNU TALER.
+ Copyright (C) 2014-2024 Taler Systems SA
+
+ TALER is free software; you can redistribute it and/or modify it under the
+ terms of the GNU Affero General Public License as published by the Free
Software
+ Foundation; either version 2.1, or (at your option) any later version.
+
+ TALER is distributed in the hope that it will be useful, but WITHOUT ANY
+ WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR
+ A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
details.
+
+ You should have received a copy of the GNU Affero General Public License
along with
+ TALER; see the file COPYING. If not, see <http://www.gnu.org/licenses/>
+
+
+System ON!
+==========
+
+The last step is to enable libeufin-nexus to :ref:`import incoming bank
+transactions <receive-transaction-data>` (cash in) and to :ref:`trigger
+outgoing bank transactions <sending-payments>` (cash out).
+
+.. code-block:: console
+
+ # systemctl enable --now libeufin-nexus.target
+
+.. FIXME: explain how to test if libeufin is working!
diff --git a/libeufin/regional-automated-manual.rst
b/libeufin/regional-automated-manual.rst
index b199aa92..645e000f 100644
--- a/libeufin/regional-automated-manual.rst
+++ b/libeufin/regional-automated-manual.rst
@@ -105,8 +105,8 @@ The script will start by installing the required packages
and then asking you fu
#. Whether to use TLS or not. You should answer ``y`` in most cases.
#. Whether to setup SMS two-factor authentication using `Telesign
<https://www.telesign.com>`_, multi-factor authentication is strongly
recommended, especially when regional currency can be converted to fiat
currency. This requires `a Customer ID and an API Key
<https://developer.telesign.com/enterprise/docs/authentication#basic-authentication>`_.
You should answer ``y`` in most cases.
#. The admin password for the bank. Be absolutely sure to enter a very, very
long and high-entropy password, preferably using the autogenerated one.
-#. Whether to generate terms of service (ToS) for the exchange from default
templates.
-#. Whether to generate a privacy policy for the exchange from default
templates.
+#. Whether to generate terms of service (ToS) for the exchange from default
templates.
+#. Whether to generate a privacy policy for the exchange from default
templates.
The information you entered as well as the generated bank admin password will
be stored in a file called ``config/user.conf``. If you run the script in
@@ -230,62 +230,30 @@ The EBICS setup is finished once the bank keys have been
accepted.
Configuring the Exchange for Conversion
+++++++++++++++++++++++++++++++++++++++
-By default, the exchange is setup to perform conversion without any
restrictions. You may configure restrictions on the bank accounts that may
originate the funds, for example, to prevent international wire transfers that
may expose you to additional compliance risks:
+In our automated setup the second account is automatically set up correctly
+without fees or special restrictions. However, various additional
+*restrictions* and *options* could be configured. Details are explained in
+the :ref:`regional conversion setup <regional-conversion-setup>` section for
the
+manual setup and in the the manpage of ``taler-exchange-offline``.
-.. code-block:: console
-
- # Make sure environment variables are available
- $ source config/user.conf
-
- $ sudo -u taler-exchange-offline taler-exchange-offline \
- enable-account \
- "${CONVERSION_PAYTO}" \
- conversion-url "${PROTO}://bank.$DOMAIN_NAME/conversion-info/" \
- # restrictions ...
- upload
-
-.. note::
- Refer to the manpage ``taler-exchange-offline`` for a full array of possible
restrictions.
-
-System ON!
-++++++++++
-
-The last step is to enable libeufin-nexus to :ref:`import incoming bank
-transactions <receive-transaction-data>` (cash in) and to :ref:`trigger
-outgoing bank transactions <sending-payments>` (cash out).
-
-.. code-block:: console
-
- # systemctl enable --now libeufin-nexus.target
-
-Configuring exchange terms
-++++++++++++++++++++++++++
-
-You can use your own terms of service and privacy policy. You can use the
default templates in ``/usr/share/taler/terms`` as a guide.
-Assuming you have custom terms of service and privacy policy ``rst`` teamplte
files at ``TOS_PATH`` and ``PRIVACY_PATH``, the following commands generate the
terms files:
-.. code-block:: console
-
- # taler-terms-generator -i "$TOS_PATH"
- # taler-terms-generator -i "$PRIVACY_PATH"
-
-You now have to specify the terms file names in the exchange config:
-
-.. code-block:: console
-
- # TERMS_ETAG="$(basename "$TOS_PATH" .rst)"
- # PRIVACY_ETAG="$(basename "$PRIVACY_PATH" .rst)"
+.. include:: ../frags/regional-system-on.rst
+.. include:: ../frags/deploying-tos.rst
+.. include:: ../frags/regional-manual-use.rst
-.. code-block:: ini
- [exchange]
- TERMS_ETAG=${TERMS_ETAG}
- PRIVACY_ETAG=${PRIVACY_ETAG}
+Installing Updates
+++++++++++++++++++
-Make sure to restart taler-exchange after changing these configuration options:
+The standard procedure for installing updates is to:
-.. code-block:: console
+ * First, make a backup (!)
+ * Stop Taler services
+ * Install new version
+ * Upgrade databases
+ * Start Taler services
- # systemctl restart taler-exchange.target
-
-.. include:: ../frags/regional-manual-use.rst
+The "upgrade.sh" script in the "regional-currency/" folder of "deployment.git"
+shows how to do the above steps *except* for the backup. For the backup, all
+critical bits of data will be in the Postgresql databases. Thus, we recommend
+following the database manual on making backups.
diff --git a/libeufin/regional-custom-manual.rst
b/libeufin/regional-custom-manual.rst
index 8477c18d..fcd1229e 100644
--- a/libeufin/regional-custom-manual.rst
+++ b/libeufin/regional-custom-manual.rst
@@ -72,6 +72,11 @@ Now you have to set the conversion rates and the ``admin``
debt limit via the ba
Configuring the Exchange for Conversion
+++++++++++++++++++++++++++++++++++++++
+An exchange that supports currency conversion needs to advertise two bank
+accounts, one in the regional currency and a second in the fiat currency. The
+conversion logic ensures that wire transfers in either account are
+immediately reflected in the other account.
+
This section explains how to enable currency conversion at the exchange,
which is critical for wallets to know how to wire fiat currency to an
exchange to obtain regional currency.
@@ -90,75 +95,88 @@ the possibility of currency conversion (cash in):
.. code-block:: console
- # taler-exchange-offline \
+ # source config/user.conf
+ # sudo -u taler-exchange-offline \
+ taler-exchange-offline \
+ wire-fee now iban "${CURRENCY}":0 "${CURRENCY}":0 \
enable-account \
- payto://iban/$IBAN?receiver-name=$NAME \
- conversion-url "$CONVERSION_URL" \
- debit-restriction \
- deny \
+ "${CONVERSION_PAYTO}" \
+ conversion-url "${PROTO}://bank.$DOMAIN_NAME/conversion-info/" \
+ display-hint 10 "CHF" \
+ debit-restriction deny \
credit-restriction \
regex \
'payto://iban/.*/CH.*?receiver-name=.*' \
'Swiss only' \
'{ "de" : "nur Schweiz", \
- "fr" : "Suisse uniquement" }'
+ "fr" : "Suisse uniquement" }' \
upload
Here, the ``$CONVERSION_URL`` must be set to the base URL of the conversion
endpoint of the bank, which should be
-``https://bank.$DOMAIN/conversion-info/`` in our setup. Note that you can
-leave out the "credit-restriction" if you want to allow international inbound
-wire transfers. The "debit-restriction" is largely mandatory as in this setup
-the taler-exchange-transfer is only configured to deal with the regional
+``https://bank.$DOMAIN/conversion-info/`` in our setup.
+
+The above commands set up the exchange to perform conversion with a
+restriction to only accept credit transfers from Swiss bank accounts. You may
+want to configure such restrictions on the bank accounts that may originate
+funds to prevent international wire transfers that may expose you to
+additional compliance risks.
+
+You can leave out the "credit-restriction" if you want to allow international
+inbound wire transfers.
+
+The "debit-restriction" is largely mandatory as in this setup the
+``taler-exchange-transfer`` is only configured to deal with the regional
currency bank. Crediting fiat bank accounts must thus be done via the
cash-out functionality of the regional currency bank account.
+The "display-hint" gives priority (10) for the fiat cash-in account over the
+regional currency account in the withdraw dialog of the wallets and labels the
+account with "CHF".
+
.. note::
The above command adds a **second** bank account to the exchange.
You (or the guided setup script) should have already enabled the
regional currency bank account (without any "conversion-url").
-System ON!
-++++++++++
-
-The last step is to enable libeufin-nexus to :ref:`import incoming bank
-transactions <receive-transaction-data>` (cash in) and to :ref:`trigger
-outgoing bank transactions <sending-payments>` (cash out).
-
-.. code-block:: console
-
- # systemctl enable --now libeufin-nexus.target
-
-
-Configuring exchange terms
-++++++++++++++++++++++++++
-
-You can use your own terms of service and privacy policy. You can use the
default templates in ``/usr/share/taler/terms`` as a guide.
-Assuming you have custom terms of service and privacy policy ``rst`` teamplte
files at ``TOS_PATH`` and ``PRIVACY_PATH``, the following commands generate the
terms files:
+.. include:: ../frags/regional-system-on.rst
+.. include:: ../frags/deploying-tos.rst
+.. include:: ../frags/regional-manual-use.rst
-.. code-block:: console
- # taler-terms-generator -i "$TOS_PATH"
- # taler-terms-generator -i "$PRIVACY_PATH"
+Maintenance
++++++++++++
-You now have to specify the terms file names in the exchange config:
+The ``taler-exchange-offline`` commands given above set fees only for the
+current year (``now``). Thus, before January 1st of each year, you must to set
+up new fees for the new calendar year. In a regional currency setup, this
+typically requires up to three annual settings:
.. code-block:: console
- # TERMS_ETAG="$(basename "$TOS_PATH" .rst)"
- # PRIVACY_ETAG="$(basename "$PRIVACY_PATH" .rst)"
-
-.. code-block:: ini
-
- [exchange]
- TERMS_ETAG=${TERMS_ETAG}
- PRIVACY_ETAG=${PRIVACY_ETAG}
+ # YEAR=2025 # edit if necessary
+ # FIAT_CURRENCY=CHF # edit if necessary
+ # REGIO_CURRENCY=NETZBON # edit if necessary
+ # sudo -u taler-exchange-offline \
+ taler-exchange-offline \
+ wire-fee "$YEAR" \
+ iban "${FIAT_CURRENCY}":0 "${FIAT_CURRENCY}":0 \
+ wire-fee "$YEAR" \
+ x-taler-bank "${REGIO_CURRENCY}":0 "${REGIO_CURRENCY}":0 \
+ global-fee $YEAR \
+ "${REGIO_CURRENCY}:0" \
+ "${REGIO_CURRENCY}:0" \
+ "${REGIO_CURRENCY}:0"
+ 4w 6y 4 \
+ upload
+
+If the fees are not all zero, simply change the respective place to specify
+a non-zero fee.
-Make sure to restart taler-exchange after changing these configuration options:
-
-.. code-block:: console
-
- # systemctl restart taler-exchange.target
+.. note::
-.. include:: ../frags/regional-manual-use.rst
+ Additionally, the denomination signing keys will only have been
+ pre-generated for some time, depending on your ``LOOKAHEAD_SIGN``
+ configuration option. Thus, you may need to periodically run
+ the "taler-exchange-offline download sign upload" sequence as well!
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [taler-docs] branch master updated: work on #8602,
gnunet <=