ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE
commit 0171854a91e6c43af612988f999021999dae8a0d
parent 6b568d19c1658758ae8a81e990dabb8825f208fc
Author: Florian Dold <florian@dold.me>
Date:   Mon, 24 Feb 2025 00:34:50 +0100

host group variables

Diffstat:

Ainventories/host_vars/testing/test-public.yml | 62++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


Ainventories/host_vars/testing/test-secrets.yml | 29+++++++++++++++++++++++++++++


2 files changed, 91 insertions(+), 0 deletions(-)

diff --git a/inventories/host_vars/testing/test-public.yml b/inventories/host_vars/testing/test-public.yml
@@ -0,0 +1,62 @@
+---
+# Public variables for a "test" deployment
+# Deploy challenger?
+DEPLOY_CHALLENGER: true
+# Main domain name.
+DOMAIN_NAME: "topstest.fdold.eu"
+# Use nightly Taler distro (true/false).
+USE_NIGHTLY: true
+# Deploy EBICS configuration (true/false).
+use_ebics: false
+# Our currency.
+CURRENCY: CHF
+# Smallest unit of the currency for wire transfers.
+CURRENCY_ROUND_UNIT: "CHF:0.01"
+# Base URL of the exchange REST API
+EXCHANGE_BASE_URL: "https://exchange.{{ DOMAIN_NAME }}/"
+# Base URL of the auditor REST API
+AUDITOR_BASE_URL: "https://auditor.{{ DOMAIN_NAME }}/"
+# Exchange offline master public key.
+EXCHANGE_MASTER_PUB: GT1ZRF6DT4RAETDEGW3KTWRH15RAKH9T0TK6ZJEYFGRX18B54AK0
+# Auditor offline public key.
+AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
+# URL with merchants accepting this exchange.
+EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/"
+# Name of Terms of service resource file
+EXCHANGE_TERMS_ETAG: "exchange-tos-v0"
+# Name of Privacy policy resource file
+EXCHANGE_PP_ETAG: "exchange-pp-v0"
+# Full BIC of exchange account
+EXCHANGE_BANK_ACCOUNT_BIC: "MAEBCHZZ"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_IBAN: "CH6808573105529100001"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=Taler+Operations+AG"
+# Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
+LIBEUFIN_PORT: 8082
+# Name of the exchange account at libeufin-nexus
+LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
+# Name of the bank dialect
+LIBEUFIN_NEXUS_BANK_DIALECT: "maerki_baumann"
+# SPA dialect (tops, gls, magnet, ...)
+EXCHANGE_SPA_DIALECT: "tops"
+# Business name of the exchange operator
+EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG"
+# Where to send people after they passed KYC.
+KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc
+# Template to use for identification of individuals with KYCAID
+KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
+# Template to use for identification of businesses with KYCAID
+KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
+# Regex specifying allowed phone numbers for the SMS check
+EXCHANGE_AML_PROGRAM_TOPS_SMS_HINT: "Swiss number required"
+EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: "\\\\+41[0-9]+"
+# Limit to lift for withdraw upon SMS registration
+EXCHANGE_AML_PROGRAM_TOPS_SMS_WITHDRAW_THRESHOLD: CHF:200
+# Limit to lift for merge upon SMS registration
+EXCHANGE_AML_PROGRAM_TOPS_SMS_MERGE_THRESHOLD: CHF:0
+# Regex specifying allowed country names for the postal address check
+EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_HINT: "Swiss address required"
+EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch"
+# Tool to use for sanction list checking
+EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy
diff --git a/inventories/host_vars/testing/test-secrets.yml b/inventories/host_vars/testing/test-secrets.yml
@@ -0,0 +1,29 @@
+---
+# Symmetric encryption secret for KYC attribute encryption.
+EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: SECRET2
+# EBICS access details
+LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://isotest.postfinance.ch/ebicsweb/ebicsweb
+LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS
+LIBEUFIN_NEXUS_EBICS_USER_ID: PFC00664
+LIBEUFIN_NEXUS_EBICS_PARTNER_ID: PFC00664
+LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: PFC00664
+
+# Authorization token for the telesign SMS service
+SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: my-auth-token
+
+# Authorization data for the pingen postal service
+POSTAL_CHALLENGER_PINGEN_CLIENT_ID: myid
+POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: mysecret
+POSTAL_CHALLENGER_PINGEN_ORG_ID: orgid
+
+# KYCaid access token
+EXCHANGE_KYCAID_ACCESS_TOKEN: FIXME
+
+# Bearer access token for the auditor
+AUDITOR_ACCESS_TOKEN: secret-token:FIXME
+
+# Bearer access token for monitoring
+PROMETHEUS_ACCESS_TOKEN: secret-token:FIXME
+
+# Bearer access token for loki.taler-systems.com
+LOKI_ACCESS_TOKEN: secret-token:FIXME