16.10. libeufin-nexus.conf(5)

16.10.1. Name

libeufin-nexus.conf - LibEuFin Nexus configuration file

16.10.2. Description

The configuration file is line-oriented. Blank lines and whitespace at the beginning and end of a line are ignored. Comments start with # or % in the first column (after any beginning-of-line whitespace) and go to the end of the line.

The file is split into sections. Every section begins with [SECTIONNAME] and contains a number of options of the form OPTION=VALUE. There may be whitespace around the = (equal sign). Section names and options are case-insensitive.

The values, however, are case-sensitive. In particular, boolean values are one of YES or NO. Values can include whitespace by surrounding the entire value with " (double quote). Note, however, that there are no escape characters in such strings; all characters between the double quotes (including other double quotes) are taken verbatim.

Values that represent a time duration are represented as a series of one or more NUMBER UNIT pairs, e.g. 60 s, 4 weeks 1 day, 5 years 2 minutes.

Values that represent an amount are in the usual amount syntax: CURRENCY:VALUE.FRACTION, e.g. EUR:1.50. The FRACTION portion may extend up to 8 places.

Values that represent filenames can begin with a /bin/sh-like variable reference. This can be simple, such as $TMPDIR/foo, or complex, such as ${TMPDIR:-${TMP:-/tmp}}/foo. The variables are expanded either using key-values from the [PATHS] section (see below) or from the environment (getenv()). The values from [PATHS] take precedence over those from the environment. If the variable name is found in neither [PATHS] nor the environment, a warning is printed and the value is left unchanged. Variables (including those from the environment) are expanded recursively, so if FOO=$BAR and BAR=buzz then the result is FOO=buzz. Recursion is bounded to at most 128 levels to avoid undefined behavior for mutually recursive expansions like if BAR=$FOO in the example above.

The [PATHS] section is special in that it contains paths that can be referenced using $ in other configuration values that specify filenames. Note that configuration options that are not specifically retrieved by the application as filenames will not see “$”-expressions expanded. To expand $-expressions when using taler-config, you must pass the -f command-line option.

The system automatically pre-populates the [PATHS] section with a few values at run-time (in addition to the values that are in the actual configuration file and automatically overwriting those values if they are present). These automatically generated values refer to installation properties from GNU autoconf. The values are usually dependent on an INSTALL_PREFIX which is determined by the --prefix option given to configure. The canonical values are:

  • LIBEXECDIR = $INSTALL_PREFIX/taler/libexec/

  • DOCDIR = $INSTALL_PREFIX/share/doc/taler/

  • ICONDIR = $INSTALL_PREFIX/share/icons/

  • LOCALEDIR = $INSTALL_PREFIX/share/locale/

  • PREFIX = $INSTALL_PREFIX/

  • BINDIR = $INSTALL_PREFIX/bin/

  • LIBDIR = $INSTALL_PREFIX/lib/taler/

  • DATADIR = $INSTALL_PREFIX/share/taler/

Note that on some platforms, the given paths may differ depending on how the system was compiled or installed, the above are just the canonical locations of the various resources. These automatically generated values are never written to disk.

Files containing default values for many of the options described below are installed under $TALER_PREFIX/share/libeufin-nexus/config.d/. The configuration file given with -c to Taler binaries overrides these defaults.

A configuration file may include another, by using the @INLINE@ directive, for example, in main.conf, you could write @INLINE@ sub.conf to include the entirety of sub.conf at that point in main.conf.

Be extra careful when using taler-config -V VALUE to change configuration values: it will destroy all uses of @INLINE@ and furthermore remove all comments from the configuration file!

16.10.2.1. EBICS OPTIONS

The following options are from the “[nexus-ebics]” section.

CURRENCY

Name of the currency, e.g. “EUR” for Euro.

HOST_BASE_URL

URL of the EBICS server

HOST_ID

EBICS specific: name of the EBICS host

USER_ID

EBICS specific: user ID of the EBICS subscriber. This value must be assigned by the bank after having activated a new EBICS subscriber.

PARTNER_ID

EBICS specific: partner ID of the EBICS subscriber. This value must be assigned by the bank after having activated a new EBICS subscriber.

IBAN

IBAN of the bank account that is associated with the EBICS subscriber.

BIC

BIC of the bank account that is associated with the EBICS subscriber.

NAME

Legal entity that is associated with the EBICS subscriber.

BANK_PUBLIC_KEYS_FILE

Filesystem location where Nexus should store the bank public keys.

CLIENT_PRIVATE_KEYS_FILE

Filesystem location where Nexus should store the subscriber private keys.

BANK_DIALECT

Name of the following combination: EBICS version and ISO20022 recommendations that Nexus would honor in the communication with the bank. Currently only the postfinance or gls value is supported.

ACCOUNT_TYPE

Specify the account type and therefore the indexing behavior. This can either can be normal or exchange. Exchange accounts bounce invalid incoming Taler transactions.

16.10.2.2. EBICS SUBMIT OPTIONS

The following configuration value(s) belong to the “[nexus-submit]” section.

FREQUENCY

Duration value to instruct the ebics-submit subcommand how much to wait before checking the database again to find new unsubmitted payments.

16.10.2.3. EBICS FETCH OPTIONS

The following configuration value(s) belong to the “[nexus-fetch]” section.

FREQUENCY

Duration value to instruct the ebics-fetch subcommand how often it should download from the bank.

IGNORE_TRANSACTIONS_BEFORE

Ignore all transactions before a certain YYYY-MM-DD date, useful when you want to use an existing account with old transactions that should not be bounced.

IGNORE_BOUNCES_BEFORE

Ignore all malformed transactions prior to a certain YYYY-MM-DD date, useful when you want to import old transactions without bouncing the malformed ones a second time.

16.10.2.4. HTTP SERVER OPTIONS

The following configuration value(s) belong to the “[nexus-httpd]” section.

SERVE

This can either be tcp or unix.

PORT

Port on which the HTTP server listens, e.g. 9967. Only used if SERVE is tcp.

BIND_TO

Which IP address should we bind to? E.g. 127.0.0.1 or ::1``for loopback.  Can also be given as a hostname. Only used if ``SERVE is tcp.

UNIXPATH

Which unix domain path should we bind to? Only used if SERVE is unix.

UNIXPATH_MODE

What should be the file access permissions for UNIXPATH? Only used if SERVE is unix.

16.10.2.5. HTTP WIRE GATEWAY API OPTIONS

The following configuration value(s) belong to the “[nexus-httpd-wire-gateway-api]” section.

ENABLED

Whether to serve the Wire Gateway API.

AUTH_METHOD

How to authenticate this API. This can either be none or bearer-token.

AUTH_BEARER_TOKEN

The expected token. Only used if AUTH_METHOD is bearer-token.

16.10.2.6. HTTP REVENUE API OPTIONS

The following configuration value(s) belong to the “[nexus-httpd-revenue-api]” section.

ENABLED

Whether to serve the Revenue API.

AUTH_METHOD

How to authenticate this API. This can either be none or bearer-token.

AUTH_BEARER_TOKEN

The expected token. Only used if AUTH_METHOD is bearer-token.

16.10.2.7. DATABASE OPTIONS

Setting the database belongs to the “[libeufin-nexusdb-postgres]” section and the following value.

CONFIG

PostgreSQL connection string.

SQL_DIR

Where are the SQL files to setup our tables?

16.10.3. SEE ALSO

libeufin-nexus(1)

16.10.4. BUGS

Report bugs by using https://bugs.taler.net/ or by sending electronic mail to <taler@gnu.org>.