commit 6f35a68586680447db6bef301fd7ca20a9d8bcd1 · pyrox.dev/nixpkgs

nixos/modules/module-list.nix

···

       571
        
         ./services/editors/emacs.nix

     

       572
        
         ./services/editors/haste.nix

     

       573
        
         ./services/editors/infinoted.nix

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       574
        
         ./services/finance/odoo.nix

     

       575
        
         ./services/finance/taler/exchange.nix

     

       576
        
         ./services/finance/taler/merchant.nix

···

       571
        
         ./services/editors/emacs.nix

     

       572
        
         ./services/editors/haste.nix

     

       573
        
         ./services/editors/infinoted.nix

     

       574
       +
         ./services/finance/libeufin/bank.nix

     

       575
       +
         ./services/finance/libeufin/module.nix

     

       576
       +
         ./services/finance/libeufin/nexus.nix

     

       577
        
         ./services/finance/odoo.nix

     

       578
        
         ./services/finance/taler/exchange.nix

     

       579
        
         ./services/finance/taler/merchant.nix

+92

nixos/modules/services/finance/libeufin/bank.nix

···

       1
       +
       {

     

       2
       +
         lib,

     

       3
       +
         config,

     

       4
       +
         options,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
       +
       {

     

       8
       +
         imports = [ (import ./common.nix "bank") ];

     

       9
       +
       

     

       10
       +
         options.services.libeufin.bank = {

     

       11
       +
           initialAccounts = lib.mkOption {

     

       12
       +
             type = lib.types.listOf lib.types.attrs;

     

       13
       +
             description = ''

     

       14
       +
               Accounts to enable before the bank service starts.

     

       15
       +
       

     

       16
       +
               This is mainly needed for the nexus currency conversion

     

       17
       +
               since the exchange's bank account is expected to be already

     

       18
       +
               registered.

     

       19
       +
       

     

       20
       +
               Don't forget to change the account passwords afterwards.

     

       21
       +
             '';

     

       22
       +
             default = [ ];

     

       23
       +
           };

     

       24
       +
       

     

       25
       +
           settings = lib.mkOption {

     

       26
       +
             description = ''

     

       27
       +
               Configuration options for the libeufin bank system config file.

     

       28
       +
       

     

       29
       +
               For a list of all possible options, please see the man page [`libeufin-bank.conf(5)`](https://docs.taler.net/manpages/libeufin-bank.conf.5.html)

     

       30
       +
             '';

     

       31
       +
             type = lib.types.submodule {

     

       32
       +
               inherit (options.services.libeufin.settings.type.nestedTypes) freeformType;

     

       33
       +
               options = {

     

       34
       +
                 libeufin-bank = {

     

       35
       +
                   CURRENCY = lib.mkOption {

     

       36
       +
                     type = lib.types.str;

     

       37
       +
                     description = ''

     

       38
       +
                       The currency under which the libeufin-bank should operate.

     

       39
       +
       

     

       40
       +
                       This defaults to the GNU taler module's currency for convenience

     

       41
       +
                       but if you run libeufin-bank separately from taler, you must set

     

       42
       +
                       this yourself.

     

       43
       +
                     '';

     

       44
       +
                   };

     

       45
       +
                   PORT = lib.mkOption {

     

       46
       +
                     type = lib.types.port;

     

       47
       +
                     default = 8082;

     

       48
       +
                     description = ''

     

       49
       +
                       The port on which libeufin-bank should listen.

     

       50
       +
                     '';

     

       51
       +
                   };

     

       52
       +
                   SUGGESTED_WITHDRAWAL_EXCHANGE = lib.mkOption {

     

       53
       +
                     type = lib.types.str;

     

       54
       +
                     default = "https://exchange.demo.taler.net/";

     

       55
       +
                     description = ''

     

       56
       +
                       Exchange that is suggested to wallets when withdrawing.

     

       57
       +
       

     

       58
       +
                       Note that, in order for withdrawals to work, your libeufin-bank

     

       59
       +
                       must be able to communicate with and send money etc. to the bank

     

       60
       +
                       at which the exchange used for withdrawals has its bank account.

     

       61
       +
       

     

       62
       +
                       If you also have your own bank and taler exchange network, you

     

       63
       +
                       probably want to set one of your exchange's url here instead of

     

       64
       +
                       the demo exchange.

     

       65
       +
       

     

       66
       +
                       This setting must always be set in order for the Android app to

     

       67
       +
                       not crash during the withdrawal process but the exchange to be

     

       68
       +
                       used can always be changed in the app.

     

       69
       +
                     '';

     

       70
       +
                   };

     

       71
       +
                 };

     

       72
       +
                 libeufin-bankdb-postgres = {

     

       73
       +
                   CONFIG = lib.mkOption {

     

       74
       +
                     type = lib.types.str;

     

       75
       +
                     description = ''

     

       76
       +
                       The database connection string for the libeufin-bank database.

     

       77
       +
                     '';

     

       78
       +
                   };

     

       79
       +
                 };

     

       80
       +
               };

     

       81
       +
             };

     

       82
       +
           };

     

       83
       +
         };

     

       84
       +
       

     

       85
       +
         config = {

     

       86
       +
           services.libeufin.bank.settings.libeufin-bank.CURRENCY = lib.mkIf (

     

       87
       +
             config.services.taler.enable && (config.services.taler.settings.taler ? CURRENCY)

     

       88
       +
           ) config.services.taler.settings.taler.CURRENCY;

     

       89
       +
       

     

       90
       +
           services.libeufin.bank.settings.libeufin-bankdb-postgres.CONFIG = lib.mkIf config.services.libeufin.bank.createLocalDatabase "postgresql:///libeufin-bank";

     

       91
       +
         };

     

       92
       +
       }

+157

nixos/modules/services/finance/libeufin/common.nix

···

       1
       +
       # TODO: create a common module generator for Taler and Libeufin?

     

       2
       +
       libeufinComponent:

     

       3
       +
       {

     

       4
       +
         lib,

     

       5
       +
         pkgs,

     

       6
       +
         config,

     

       7
       +
         ...

     

       8
       +
       }:

     

       9
       +
       {

     

       10
       +
         options.services.libeufin.${libeufinComponent} = {

     

       11
       +
           enable = lib.mkEnableOption "libeufin core banking system and web interface";

     

       12
       +
           package = lib.mkPackageOption pkgs "libeufin" { };

     

       13
       +
           debug = lib.mkEnableOption "debug logging";

     

       14
       +
           createLocalDatabase = lib.mkEnableOption "automatic creation of a local postgres database";

     

       15
       +
           openFirewall = lib.mkOption {

     

       16
       +
             type = lib.types.bool;

     

       17
       +
             default = false;

     

       18
       +
             description = "Whether to open ports in the firewall";

     

       19
       +
           };

     

       20
       +
         };

     

       21
       +
       

     

       22
       +
         config =

     

       23
       +
           let

     

       24
       +
             cfg = cfgMain.${libeufinComponent};

     

       25
       +
             cfgMain = config.services.libeufin;

     

       26
       +
       

     

       27
       +
             configFile = config.environment.etc."libeufin/libeufin.conf".source;

     

       28
       +
             serviceName = "libeufin-${libeufinComponent}";

     

       29
       +
             isNexus = libeufinComponent == "nexus";

     

       30
       +
       

     

       31
       +
             # get database name from config

     

       32
       +
             # TODO: should this always be the same db? In which case, should this be an option directly under `services.libeufin`?

     

       33
       +
             dbName =

     

       34
       +
               lib.removePrefix "postgresql:///"

     

       35
       +
                 cfg.settings."libeufin-${libeufinComponent}db-postgres".CONFIG;

     

       36
       +
       

     

       37
       +
             bankPort = cfg.settings."${if isNexus then "nexus-httpd" else "libeufin-bank"}".PORT;

     

       38
       +
           in

     

       39
       +
           lib.mkIf cfg.enable {

     

       40
       +
             services.libeufin.settings = cfg.settings;

     

       41
       +
       

     

       42
       +
             # TODO add system-libeufin.slice?

     

       43
       +
             systemd.services = {

     

       44
       +
               # Main service

     

       45
       +
               "${serviceName}" = {

     

       46
       +
                 serviceConfig = {

     

       47
       +
                   DynamicUser = true;

     

       48
       +
                   ExecStart =

     

       49
       +
                     let

     

       50
       +
                       args = lib.cli.toGNUCommandLineShell { } {

     

       51
       +
                         c = configFile;

     

       52
       +
                         L = if cfg.debug then "debug" else null;

     

       53
       +
                       };

     

       54
       +
                     in

     

       55
       +
                     "${lib.getExe' cfg.package "libeufin-${libeufinComponent}"} serve ${args}";

     

       56
       +
                   Restart = "on-failure";

     

       57
       +
                   RestartSec = "10s";

     

       58
       +
                 };

     

       59
       +
                 requires = [ "libeufin-dbinit.service" ];

     

       60
       +
                 after = [ "libeufin-dbinit.service" ];

     

       61
       +
                 wantedBy = [ "multi-user.target" ];

     

       62
       +
               };

     

       63
       +
       

     

       64
       +
               # Database Initialisation

     

       65
       +
               libeufin-dbinit =

     

       66
       +
                 let

     

       67
       +
                   dbScript = pkgs.writers.writeText "libeufin-db-permissions.sql" ''

     

       68
       +
                     GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA libeufin_bank TO "${serviceName}";

     

       69
       +
                     GRANT SELECT,INSERT,UPDATE,DELETE ON ALL TABLES IN SCHEMA libeufin_nexus TO "${serviceName}";

     

       70
       +
                     GRANT USAGE ON SCHEMA libeufin_bank TO "${serviceName}";

     

       71
       +
                     GRANT USAGE ON SCHEMA libeufin_nexus TO "${serviceName}";

     

       72
       +
                   '';

     

       73
       +
       

     

       74
       +
                   # Accounts to be created after the bank database initialization.

     

       75
       +
                   #

     

       76
       +
                   # For example, if the bank's currency conversion is enabled, it's

     

       77
       +
                   # required that the exchange account is registered before the

     

       78
       +
                   # service starts.

     

       79
       +
                   initialAccountRegistration = lib.concatMapStringsSep "\n" (

     

       80
       +
                     account:

     

       81
       +
                     let

     

       82
       +
                       args = lib.cli.toGNUCommandLineShell { } {

     

       83
       +
                         c = configFile;

     

       84
       +
                         inherit (account) username password name;

     

       85
       +
                         payto_uri = "payto://x-taler-bank/bank:${toString bankPort}/${account.username}?receiver-name=${account.name}";

     

       86
       +
                         exchange = lib.toLower account.username == "exchange";

     

       87
       +
                       };

     

       88
       +
                     in

     

       89
       +
                     "${lib.getExe' cfg.package "libeufin-bank"} create-account ${args}"

     

       90
       +
                   ) cfg.initialAccounts;

     

       91
       +
       

     

       92
       +
                   args = lib.cli.toGNUCommandLineShell { } {

     

       93
       +
                     c = configFile;

     

       94
       +
                     L = if cfg.debug then "debug" else null;

     

       95
       +
                   };

     

       96
       +
                 in

     

       97
       +
                 {

     

       98
       +
                   path = [ config.services.postgresql.package ];

     

       99
       +
                   serviceConfig = {

     

       100
       +
                     Type = "oneshot";

     

       101
       +
                     DynamicUser = true;

     

       102
       +
                     StateDirectory = "libeufin-dbinit";

     

       103
       +
                     StateDirectoryMode = "0750";

     

       104
       +
                     User = dbName;

     

       105
       +
                   };

     

       106
       +
                   script = lib.optionalString cfg.enable ''

     

       107
       +
                     ${lib.getExe' cfg.package "libeufin-${libeufinComponent}"} dbinit ${args}

     

       108
       +
                   '';

     

       109
       +
                   # Grant DB permissions after schemas have been created

     

       110
       +
                   postStart =

     

       111
       +
                     ''

     

       112
       +
                       psql -U "${dbName}" -f "${dbScript}"

     

       113
       +
                     ''

     

       114
       +
                     + lib.optionalString ((!isNexus) && (cfg.initialAccounts != [ ])) ''

     

       115
       +
                       # only register initial accounts once

     

       116
       +
                       if [ ! -e /var/lib/libeufin-dbinit/init ]; then

     

       117
       +
                         ${initialAccountRegistration}

     

       118
       +
       

     

       119
       +
                         touch /var/lib/libeufin-dbinit/init

     

       120
       +
                         echo "Bank initialisation complete"

     

       121
       +
                       fi

     

       122
       +
                     '';

     

       123
       +
                   requires = lib.optionals cfg.createLocalDatabase [ "postgresql.service" ];

     

       124
       +
                   after = [ "network.target" ] ++ lib.optionals cfg.createLocalDatabase [ "postgresql.service" ];

     

       125
       +
                 };

     

       126
       +
             };

     

       127
       +
       

     

       128
       +
             networking.firewall = lib.mkIf cfg.openFirewall {

     

       129
       +
               allowedTCPPorts = [

     

       130
       +
                 bankPort

     

       131
       +
               ];

     

       132
       +
             };

     

       133
       +
       

     

       134
       +
             environment.systemPackages = [ cfg.package ];

     

       135
       +
       

     

       136
       +
             services.postgresql = lib.mkIf cfg.createLocalDatabase {

     

       137
       +
               enable = true;

     

       138
       +
               ensureDatabases = [ dbName ];

     

       139
       +
               ensureUsers = [

     

       140
       +
                 { name = serviceName; }

     

       141
       +
                 {

     

       142
       +
                   name = dbName;

     

       143
       +
                   ensureDBOwnership = true;

     

       144
       +
                 }

     

       145
       +
               ];

     

       146
       +
             };

     

       147
       +
       

     

       148
       +
             assertions = [

     

       149
       +
               {

     

       150
       +
                 assertion =

     

       151
       +
                   cfg.createLocalDatabase || (cfg.settings."libeufin-${libeufinComponent}db-postgres" ? CONFIG);

     

       152
       +
                 message = "Libeufin ${libeufinComponent} database is not configured.";

     

       153
       +
               }

     

       154
       +
             ];

     

       155
       +
       

     

       156
       +
           };

     

       157
       +
       }

+26

nixos/modules/services/finance/libeufin/module.nix

···

       1
       +
       {

     

       2
       +
         lib,

     

       3
       +
         pkgs,

     

       4
       +
         config,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
       +
       

     

       8
       +
       let

     

       9
       +
         cfg = config.services.libeufin;

     

       10
       +
         settingsFormat = pkgs.formats.ini { };

     

       11
       +
         configFile = settingsFormat.generate "generated-libeufin.conf" cfg.settings;

     

       12
       +
       in

     

       13
       +
       

     

       14
       +
       {

     

       15
       +
         options.services.libeufin = {

     

       16
       +
           settings = lib.mkOption {

     

       17
       +
             description = "Global configuration options for the libeufin bank system config file.";

     

       18
       +
             type = lib.types.submodule { freeformType = settingsFormat.type; };

     

       19
       +
             default = { };

     

       20
       +
           };

     

       21
       +
         };

     

       22
       +
       

     

       23
       +
         config = lib.mkIf (cfg.bank.enable || cfg.nexus.enable) {

     

       24
       +
           environment.etc."libeufin/libeufin.conf".source = configFile;

     

       25
       +
         };

     

       26
       +
       }

+131

nixos/modules/services/finance/libeufin/nexus.nix

···

       1
       +
       {

     

       2
       +
         lib,

     

       3
       +
         config,

     

       4
       +
         options,

     

       5
       +
         ...

     

       6
       +
       }:

     

       7
       +
       {

     

       8
       +
         imports = [ (import ./common.nix "nexus") ];

     

       9
       +
       

     

       10
       +
         options.services.libeufin.nexus.settings = lib.mkOption {

     

       11
       +
           description = ''

     

       12
       +
             Configuration options for the libeufin nexus config file.

     

       13
       +
       

     

       14
       +
             For a list of all possible options, please see the man page [`libeufin-nexus.conf(5)`](https://docs.taler.net/manpages/libeufin-nexus.conf.5.html)

     

       15
       +
           '';

     

       16
       +
           type = lib.types.submodule {

     

       17
       +
             inherit (options.services.libeufin.settings.type.nestedTypes) freeformType;

     

       18
       +
             options = {

     

       19
       +
               nexus-ebics = {

     

       20
       +
                 # Mandatory configuration values

     

       21
       +
                 # https://docs.taler.net/libeufin/nexus-manual.html#setting-up-the-ebics-subscriber

     

       22
       +
                 # https://docs.taler.net/libeufin/setup-ebics-at-postfinance.html

     

       23
       +
                 CURRENCY = lib.mkOption {

     

       24
       +
                   description = "Name of the fiat currency.";

     

       25
       +
                   type = lib.types.nonEmptyStr;

     

       26
       +
                   example = "CHF";

     

       27
       +
                 };

     

       28
       +
                 HOST_BASE_URL = lib.mkOption {

     

       29
       +
                   description = "URL of the EBICS server.";

     

       30
       +
                   type = lib.types.nonEmptyStr;

     

       31
       +
                   example = "https://ebics.postfinance.ch/ebics/ebics.aspx";

     

       32
       +
                 };

     

       33
       +
                 BANK_DIALECT = lib.mkOption {

     

       34
       +
                   description = ''

     

       35
       +
                     Name of the following combination: EBICS version and ISO20022

     

       36
       +
                     recommendations that Nexus would honor in the communication with the

     

       37
       +
                     bank.

     

       38
       +
       

     

       39
       +
                     Currently only the "postfinance" or "gls" value is supported.

     

       40
       +
                   '';

     

       41
       +
                   type = lib.types.enum [

     

       42
       +
                     "postfinance"

     

       43
       +
                     "gls"

     

       44
       +
                   ];

     

       45
       +
                   example = "postfinance";

     

       46
       +
                 };

     

       47
       +
                 HOST_ID = lib.mkOption {

     

       48
       +
                   description = "Name of the EBICS host.";

     

       49
       +
                   type = lib.types.nonEmptyStr;

     

       50
       +
                   example = "PFEBICS";

     

       51
       +
                 };

     

       52
       +
                 USER_ID = lib.mkOption {

     

       53
       +
                   description = ''

     

       54
       +
                     User ID of the EBICS subscriber.

     

       55
       +
       

     

       56
       +
                     This value must be assigned by the bank after having activated a new EBICS subscriber.

     

       57
       +
                   '';

     

       58
       +
                   type = lib.types.nonEmptyStr;

     

       59
       +
                   example = "PFC00563";

     

       60
       +
                 };

     

       61
       +
                 PARTNER_ID = lib.mkOption {

     

       62
       +
                   description = ''

     

       63
       +
                     Partner ID of the EBICS subscriber.

     

       64
       +
       

     

       65
       +
                     This value must be assigned by the bank after having activated a new EBICS subscriber.

     

       66
       +
                   '';

     

       67
       +
                   type = lib.types.nonEmptyStr;

     

       68
       +
                   example = "PFC00563";

     

       69
       +
                 };

     

       70
       +
                 IBAN = lib.mkOption {

     

       71
       +
                   description = "IBAN of the bank account that is associated with the EBICS subscriber.";

     

       72
       +
                   type = lib.types.nonEmptyStr;

     

       73
       +
                   example = "CH7789144474425692816";

     

       74
       +
                 };

     

       75
       +
                 BIC = lib.mkOption {

     

       76
       +
                   description = "BIC of the bank account that is associated with the EBICS subscriber.";

     

       77
       +
                   type = lib.types.nonEmptyStr;

     

       78
       +
                   example = "POFICHBEXXX";

     

       79
       +
                 };

     

       80
       +
                 NAME = lib.mkOption {

     

       81
       +
                   description = "Legal entity that is associated with the EBICS subscriber.";

     

       82
       +
                   type = lib.types.nonEmptyStr;

     

       83
       +
                   example = "John Smith S.A.";

     

       84
       +
                 };

     

       85
       +
                 BANK_PUBLIC_KEYS_FILE = lib.mkOption {

     

       86
       +
                   type = lib.types.path;

     

       87
       +
                   default = "/var/lib/libeufin-nexus/bank-ebics-keys.json";

     

       88
       +
                   description = ''

     

       89
       +
                     Filesystem location where Nexus should store the bank public keys.

     

       90
       +
                   '';

     

       91
       +
                 };

     

       92
       +
                 CLIENT_PRIVATE_KEYS_FILE = lib.mkOption {

     

       93
       +
                   type = lib.types.path;

     

       94
       +
                   default = "/var/lib/libeufin-nexus/client-ebics-keys.json";

     

       95
       +
                   description = ''

     

       96
       +
                     Filesystem location where Nexus should store the subscriber private keys.

     

       97
       +
                   '';

     

       98
       +
                 };

     

       99
       +
               };

     

       100
       +
               nexus-httpd = {

     

       101
       +
                 PORT = lib.mkOption {

     

       102
       +
                   type = lib.types.port;

     

       103
       +
                   default = 8084;

     

       104
       +
                   description = ''

     

       105
       +
                     The port on which libeufin-bank should listen.

     

       106
       +
                   '';

     

       107
       +
                 };

     

       108
       +
               };

     

       109
       +
               libeufin-nexusdb-postgres = {

     

       110
       +
                 CONFIG = lib.mkOption {

     

       111
       +
                   type = lib.types.str;

     

       112
       +
                   description = ''

     

       113
       +
                     The database connection string for the libeufin-nexus database.

     

       114
       +
                   '';

     

       115
       +
                 };

     

       116
       +
               };

     

       117
       +
             };

     

       118
       +
           };

     

       119
       +
         };

     

       120
       +
       

     

       121
       +
         config =

     

       122
       +
           let

     

       123
       +
             cfgMain = config.services.libeufin;

     

       124
       +
             cfg = config.services.libeufin.nexus;

     

       125
       +
           in

     

       126
       +
           lib.mkIf cfg.enable {

     

       127
       +
             services.libeufin.nexus.settings.libeufin-nexusdb-postgres.CONFIG = lib.mkIf (

     

       128
       +
               cfgMain.bank.enable && cfgMain.bank.createLocalDatabase

     

       129
       +
             ) "postgresql:///libeufin-bank";

     

       130
       +
           };

     

       131
       +
       }