commit 126742c2cd42047dce20f6e9a6549017f92dd22b
parent edb0bb78bf3deff5a5b4a3f59fab38c3961a7810
Author: Florian Dold <florian@dold.me>
Date: Fri, 20 Jun 2025 13:54:30 +0200
EBICS for spec
Diffstat:
4 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/inventories/group_vars/all/defaults.yml b/inventories/group_vars/all/defaults.yml
@@ -17,3 +17,10 @@ ebics_keys_external: false
# This setting MUST NOT be enabled in production
# deployments under any circumstance.
dangerously_enable_devtesting: false
+
+# Configure EBICS.
+# When only this setting is enabled,
+# the EBICS config is only deployed,
+# but EBICS services are not started
+# and key setup isn't attempted.
+configure_ebics: false
+\ No newline at end of file
diff --git a/inventories/host_vars/spec/prod-secrets.yml.gpg b/inventories/host_vars/spec/prod-secrets.yml.gpg
Binary files differ.
diff --git a/inventories/host_vars/spec/tops-public.yml b/inventories/host_vars/spec/tops-public.yml
@@ -12,6 +12,8 @@ DEPLOYMENT_KIND: "tops"
DISABLE_RESTORE_BACKUP: false
# Use EBICS? (starts libeufin-nexus-fetch/submit services)
USE_EBICS: false
+# Write EBICS configuration (with values in secret config)
+configure_ebics: true
# Main domain name.
DOMAIN_NAME: "taler-ops.ch"
# Our internal hostname
diff --git a/roles/libeufin-nexus/tasks/main.yml b/roles/libeufin-nexus/tasks/main.yml
@@ -66,7 +66,7 @@
owner: root
group: libeufin-nexus
mode: "0640"
- when: use_ebics
+ when: use_ebics or configure_ebics
- name: Setup libeufin database
ansible.builtin.command:
