commit 3d5586554072e056d2cb09f18c0510dcb21f3b8f parent 0d37b788e4524b98c8ce9152e0476988dd587d67 Author: Christian Grothoff <christian@grothoff.org> Date: Sun, 22 Dec 2024 18:01:55 +0100 work on challenger role Diffstat:
8 files changed, 50 insertions(+), 37 deletions(-)
diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml @@ -30,19 +30,28 @@ state: latest when: ansible_os_family == 'Debian' -- name: Ensure group "challenger-sms" exists - ansible.builtin.group: +- name: Ensure user "challenger-sms" exists + ansible.builtin.user: name: challenger-sms + group: challenger-sms + password: ! + system: true state: present -- name: Ensure group "challenger-postal" exists - ansible.builtin.group: +- name: Ensure user "challenger-postal" exists + ansible.builtin.user: name: challenger-postal + group: challenger-postal + password: ! + system: true state: present -- name: Ensure group "challenger-email" exists - ansible.builtin.group: +- name: Ensure user "challenger-email" exists + ansible.builtin.user: name: challenger-email + group: challenger-email + password: ! + system: true state: present - name: Ensure Ansible facts directory exists @@ -52,17 +61,17 @@ - name: sms-challenger access secret setup ansible.builtin.shell: - cmd: echo "[sms-challenger]\nCLIENT_SECRET=$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/sms-challenger-client-secret.fact + cmd: echo "[sms-challenger]\nCLIENT_SECRET=secret-token:$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/sms-challenger-client-secret.fact creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact - name: email-challenger access secret setup ansible.builtin.shell: - cmd: echo "[email-challenger]\nCLIENT_SECRET=$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/email-challenger-client-secret.fact + cmd: echo "[email-challenger]\nCLIENT_SECRET=secret-token:$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/email-challenger-client-secret.fact creates: /etc/ansible/facts.d/email-challenger-client-secret.fact - name: postal-challenger access secret setup ansible.builtin.shell: - cmd: echo "[postal-challenger]\nCLIENT_SECRET=$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/postal-challenger-client-secret.fact + cmd: echo "[postal-challenger]\nCLIENT_SECRET=secret-token:$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/postal-challenger-client-secret.fact creates: /etc/ansible/facts.d/postal-challenger-client-secret.fact - name: sms-challenger force ansible to regather just created fact(s) @@ -129,59 +138,51 @@ - name: sms-challenger force ansible to regather just created fact(s) ansible.builtin.setup: - filter: - - 'sms-challenger-client-secret' - - 'email-challenger-client-secret' - - 'postal-challenger-client-secret' - name: Setup SMS Challenger exchange account shell: - cmd: challenger-admin -c /etc/challenger/challenger-sms.conf --quiet --add={{ ansible_facts['ansible_local']['sms-challenger-client-secret']['sms-challenger']['client_secret'] }} {{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger | awk '{print "[sms-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/sms-challenger-client-id.fact + cmd: sudo -u challenger-sms challenger-admin -c /etc/challenger/challenger-sms.conf --quiet --add={{ ansible_facts['ansible_local']['sms-challenger-client-secret']['sms-challenger']['client_secret'] }} {{ EXCHANGE_BASE_URL }}kyc-proof/sms-challenger | awk '{print "[sms-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/sms-challenger-client-id.fact chdir: /tmp creates: /etc/ansible/facts.d/sms-challenger-client-id.fact - name: Setup Email Challenger exchange account shell: - cmd: challenger-admin -c /etc/challenger/challenger-email.conf --quiet --add={{ ansible_facts['ansible_local']['email-challenger-client-secret']['email-challenger']['client_secret'] }} {{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger | awk '{print "[email-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/email-challenger-client-id.fact + cmd: sudo -u challenger-email challenger-admin -c /etc/challenger/challenger-email.conf --quiet --add={{ ansible_facts['ansible_local']['email-challenger-client-secret']['email-challenger']['client_secret'] }} {{ EXCHANGE_BASE_URL }}kyc-proof/email-challenger | awk '{print "[email-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/email-challenger-client-id.fact chdir: /tmp creates: /etc/ansible/facts.d/email-challenger-client-id.fact - name: Setup Postal Challenger exchange account shell: - cmd: challenger-admin -c /etc/challenger/challenger-postal.conf --quiet --add={{ ansible_facts['ansible_local']['postal-challenger-client-secret']['postal-challenger']['client_secret'] }} {{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger | awk '{print "[postal-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/postal-challenger-client-id.fact + cmd: sudo -u challenger-postal challenger-admin -c /etc/challenger/challenger-postal.conf --quiet --add={{ ansible_facts['ansible_local']['postal-challenger-client-secret']['postal-challenger']['client_secret'] }} {{ EXCHANGE_BASE_URL }}kyc-proof/postal-challenger | awk '{print "[postal-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/postal-challenger-client-id.fact chdir: /tmp creates: /etc/ansible/facts.d/postal-challenger-client-id.fact - name: sms-challenger force ansible to regather just created fact(s) ansible.builtin.setup: - filter: - - 'sms-challenger-client-id' - - 'email-challenger-client-id' - - 'postal-challenger-client-id' - name: Place SMS challenger exchange config ansible.builtin.template: - src: templates/etc/taler-exchange/config.d/challenger-sms.conf.j2 - dest: /etc/taler-exchange/config.d/challenger-sms.conf - owner: root - group: challenger-sms - mode: 0640 + src: templates/etc/taler-exchange/conf.d/challenger-sms.conf.j2 + dest: /etc/taler-exchange/conf.d/challenger-sms.conf + owner: taler-exchange-httpd + group: root + mode: 0440 - name: Place email challenger exchange config ansible.builtin.template: - src: templates/etc/taler-exchange/config.d/challenger-email.conf.j2 - dest: /etc/taler-exchange/config.d/challenger-email.conf - owner: root - group: challenger-email - mode: 0640 + src: templates/etc/taler-exchange/conf.d/challenger-email.conf.j2 + dest: /etc/taler-exchange/conf.d/challenger-email.conf + owner: taler-exchange-httpd + group: root + mode: 0440 - name: Place postal challenger exchange config ansible.builtin.template: - src: templates/etc/taler-exchange/config.d/challenger-postal.conf.j2 - dest: /etc/taler-exchange/config.d/challenger-postal.conf - owner: root - group: challenger-postal - mode: 0640 + src: templates/etc/taler-exchange/conf.d/challenger-postal.conf.j2 + dest: /etc/taler-exchange/conf.d/challenger-postal.conf + owner: taler-exchange-httpd + group: root + mode: 0440 - name: Place sms-challenger systemd service file copy: diff --git a/roles/challenger/templates/etc/challenger/challenger-email.conf.j2 b/roles/challenger/templates/etc/challenger/challenger-email.conf.j2 @@ -20,3 +20,7 @@ AUTH_COMMAND = challenger-send-email.sh # AUTH_COMMAND. # ADDRESS_TYPE = email + +[challengerdb-postgres] +#The connection string the plugin has to use for connecting to the database +CONFIG = postgres:///challenger-email diff --git a/roles/challenger/templates/etc/challenger/challenger-postal.conf.j2 b/roles/challenger/templates/etc/challenger/challenger-postal.conf.j2 @@ -20,3 +20,7 @@ AUTH_COMMAND = challenger-send-post.sh # AUTH_COMMAND. # ADDRESS_TYPE = address + +[challengerdb-postgres] +#The connection string the plugin has to use for connecting to the database +CONFIG = postgres:///challenger-postal diff --git a/roles/challenger/templates/etc/challenger/challenger-sms.conf.j2 b/roles/challenger/templates/etc/challenger/challenger-sms.conf.j2 @@ -20,3 +20,7 @@ AUTH_COMMAND = challenger-send-sms.sh # AUTH_COMMAND. # ADDRESS_TYPE = phone + +[challengerdb-postgres] +#The connection string the plugin has to use for connecting to the database +CONFIG = postgres:///challenger-sms diff --git a/roles/challenger/templates/etc/taler-exchange/config.d/challenger-email.conf.j2 b/roles/challenger/templates/etc/taler-exchange/conf.d/challenger-email.conf.j2 diff --git a/roles/challenger/templates/etc/taler-exchange/config.d/challenger-postal.conf.j2 b/roles/challenger/templates/etc/taler-exchange/conf.d/challenger-postal.conf.j2 diff --git a/roles/challenger/templates/etc/taler-exchange/config.d/challenger-sms.conf.j2 b/roles/challenger/templates/etc/taler-exchange/conf.d/challenger-sms.conf.j2 diff --git a/roles/libeufin-nexus/tasks/main.yml b/roles/libeufin-nexus/tasks/main.yml @@ -26,11 +26,11 @@ - name: libeufin-nexus access secret setup ansible.builtin.shell: - cmd: echo "[libeufin-nexus]\nAUTH_BEARER_TOKEN=$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/libeufin-nexus-access-token.fact + cmd: echo "[libeufin-nexus]\nAUTH_BEARER_TOKEN=secret-token:$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/libeufin-nexus-access-token.fact creates: /etc/ansible/facts.d/libeufin-nexus-access-token.fact - name: libeufin-nexus force ansible to regather just created fact(s) - setup: filter='libeufin-nexus-access-token' + ansible.builtin.setup: - name: Place libeufin-nexus config ansible.builtin.template: