commit 6f5f1f15a0171aafee5a78223cba5d9f8c5c9a61 parent 175e032cfcc3e60c09ac33c98260ebe6966f8f6d Author: Christian Grothoff <christian@grothoff.org> Date: Sat, 23 Nov 2024 22:56:32 +0100 must combine challenger tasks Diffstat:
14 files changed, 124 insertions(+), 145 deletions(-)
diff --git a/roles/sms-challenger/files/etc/systemd/system/sms-challenger-httpd.service b/roles/challenger/files/etc/systemd/system/sms-challenger-httpd.service diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml @@ -0,0 +1,119 @@ +--- +- name: Ensure SMS challenger service is stopped before we upgrade + ansible.builtin.systemd_service: + name: sms-challenger + state: stopped + enabled: false + +- name: Install Challenger package + apt: + name: + - challenger + state: latest + when: ansible_os_family == 'Debian' + +- name: Ensure group "challenger-sms" exists + ansible.builtin.group: + name: challenger-sms + state: present + +- name: Place SMS challenger config + ansible.builtin.template: + src: templates/etc/challenger/challenger-sms.conf.j2 + dest: "/etc/challenger/challenger-sms.conf" + owner: root + group: challenger-sms + mode: 0640 + +- name: Place Postal challenger config + copy: + src: etc/challenger/challenger-postal.conf + dest: "/etc/challenger/challenger-postal.conf" + owner: root + group: challenger-postal + mode: 0640 + +- name: Place email challenger config + copy: + src: etc/challenger/challenger-email.conf + dest: "/etc/challenger/challenger-email.conf" + owner: root + group: challenger-email + mode: 0640 + +- name: Setup SMS Challenger database + shell: + cmd: challenger-dbconfig -c /etc/challenger/sms-challenger.conf + chdir: /tmp + +- name: Setup Postal Challenger database + shell: + cmd: challenger-dbconfig -c /etc/challenger/postal-challenger.conf + chdir: /tmp + +- name: Setup email Challenger database + shell: + cmd: challenger-dbconfig -c /etc/challenger/email-challenger.conf + chdir: /tmp + +- name: Ensure Ansible facts directory dir exists + file: + path: "/etc/ansible/facts.d/" + state: directory + +- name: sms-challenger access secret setup + command: echo -e "[sms-challenger]\nCLIENT_SECRET=$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/sms-challenger-client-secret.fact + args: +# Ensures we only run when the file does not yet exist + creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact + +- name: sms-challenger: force ansible to regather just created fact(s) + setup: filter='sms-challenger-client-secret' + +- name: Setup SMS Challenger exchange account + shell: + cmd: challenger-admin -c /etc/challenger/sms-challenger.conf --quiet --add={{ ansible_local['sms-challenger-client-secret']['sms-challenger']['CLIENT_SECRET'] }} {{ EXCHANGE_BASE_URL }}kyc-proof | awk '{print "[sms-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/sms-challenger-client-id.fact + chdir: /tmp + +- name: Place SMS challenger exchange config + ansible.builtin.template: + src: templates/etc/taler-exchange/config.d/sms-challenger.conf.j2 + dest: "/etc/taler-exchange/config.d/sms-challenger.conf" + owner: root + group: challenger-sms + mode: 0640 + +- name: Place SMS challenger environment data + ansible.builtin.template: + src: templates/etc/challenger/sms-challenger.env.j2 + dest: "/etc/challenger/sms-challenger.env + owner: root + group: challenger-sms + mode: 0640 + +- name: Place sms-challenger systemd service file + copy: + src: etc/systemd/system/sms-challenger-httpd.service + dest: "/etc/systemd/system/sms-challenger-httpd.service + +- name: Ensure SMS challenger service is enabled and started + ansible.builtin.systemd_service: + deamon_reload: true + name: sms-challenger + state: started + enabled: true + +- name: Place SMS challenger Nginx configuration + ansible.builtin.template: + src: templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 + dest: "/etc/nginx/sites-available/sms-challenger-nginx.conf + owner: root + group: root + mode: 0644 + +- name: Enable SMS challenger reverse proxy configuration + file: + src: /etc/nginx/sites-available/sms-challenger-nginx.conf + dest: /etc/nginx/sites-enabled/sms-challenger-nginx.conf + state: link + notify: restart nginx diff --git a/roles/email-challenger/files/etc/challenger/email-challenger.conf b/roles/challenger/templates/etc/challenger/email-challenger.conf.j2 diff --git a/roles/postal-challenger/files/etc/challenger/postal-challenger.conf b/roles/challenger/templates/etc/challenger/postal-challenger.conf.j2 diff --git a/roles/sms-challenger/templates/etc/challenger/sms-challenger.conf.j2 b/roles/challenger/templates/etc/challenger/sms-challenger.conf.j2 diff --git a/roles/sms-challenger/templates/etc/challenger/sms-challenger.env b/roles/challenger/templates/etc/challenger/sms-challenger.env diff --git a/roles/email-challenger/templates/email-challenger-nginx.conf b/roles/challenger/templates/etc/nginx/sites-available/email-challenger-nginx.conf.j2 diff --git a/roles/postal-challenger/templates/postal-challenger-nginx.conf b/roles/challenger/templates/etc/nginx/sites-available/postal-challenger-nginx.conf diff --git a/roles/sms-challenger/templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 b/roles/challenger/templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 diff --git a/roles/sms-challenger/templates/etc/taler-exchange/config.d/sms-challenger.conf.j2 b/roles/challenger/templates/etc/taler-exchange/config.d/sms-challenger.conf.j2 diff --git a/roles/email-challenger/tasks/main.yml b/roles/email-challenger/tasks/main.yml @@ -1,26 +0,0 @@ ---- -- name: Install Challenger package - apt: - name: - - challenger - state: latest - update_cache: true - -- name: Place email challenger config - copy: - src: etc/challenger/challenger-email.conf - dest: "/etc/challenger/challenger-email.conf" - owner: root - group: challenger-email - mode: 0640 - -- name: Setup email Challenger database - shell: - cmd: challenger-dbconfig -c /etc/challenger/email-challenger.conf - chdir: /tmp - -- name: Ensure email challenger service is enabled and started - service: - name: email-challenger - state: started - enabled: yes diff --git a/roles/exchange/templates/etc/taler-exchange/secrets/exchange-accountcredentials-primary.secret.conf.j2 b/roles/exchange/templates/etc/taler-exchange/secrets/exchange-accountcredentials-primary.secret.conf.j2 @@ -1,4 +1,9 @@ [exchange-accountcredentials-primary] +PAYTO_URI = {{ EXCHANGE_BANK_ACCOUNT_PAYTO }} +WIRE_METHOD = iban +ENABLE_DEBIT = YES +ENABLE_CREDIT = YES + WIRE_GATEWAY_AUTH_METHOD = token WIRE_GATEWAY_URL = "http://localhost:{{ LIBEUFIN_PORT }}/taler-wire-gateway/" TOKEN = {{ EXCHANGE_WIRE_GATEWAY_ACCESS_TOKEN }} diff --git a/roles/postal-challenger/tasks/main.yml b/roles/postal-challenger/tasks/main.yml @@ -1,26 +0,0 @@ ---- -- name: Install Challenger package - apt: - name: - - challenger - state: latest - update_cache: true - -- name: Place Postal challenger config - copy: - src: etc/challenger/challenger-postal.conf - dest: "/etc/challenger/challenger-postal.conf" - owner: root - group: challenger-postal - mode: 0640 - -- name: Setup Postal Challenger database - shell: - cmd: challenger-dbconfig -c /etc/challenger/postal-challenger.conf - chdir: /tmp - -- name: Ensure postal challenger service is enabled and started - service: - name: postal-challenger - state: started - enabled: yes diff --git a/roles/sms-challenger/tasks/main.yml b/roles/sms-challenger/tasks/main.yml @@ -1,93 +0,0 @@ ---- -- name: Ensure SMS challenger service is stopped before we upgrade - ansible.builtin.systemd_service: - name: sms-challenger - state: stopped - enabled: false - -- name: Install Challenger package - apt: - name: - - challenger - state: latest - when: ansible_os_family == 'Debian' - -- name: Ensure group "challenger-sms" exists - ansible.builtin.group: - name: challenger-sms - state: present - -- name: Place SMS challenger config - ansible.builtin.template: - src: templates/etc/challenger/challenger-sms.conf.j2 - dest: "/etc/challenger/challenger-sms.conf" - owner: root - group: challenger-sms - mode: 0640 - -- name: Setup SMS Challenger database - shell: - cmd: challenger-dbconfig -c /etc/challenger/sms-challenger.conf - chdir: /tmp - -- name: Ensure Ansible facts directory dir exists - file: - path: "/etc/ansible/facts.d/" - state: directory - -- name: sms-challenger access secret setup - command: echo -e "[sms-challenger]\nCLIENT_SECRET=$(dd if=/dev/random count=1 bs=32 status=none | gnunet-base32)" > /etc/ansible/facts.d/sms-challenger-client-secret.fact - args: -# Ensures we only run when the file does not yet exist - creates: /etc/ansible/facts.d/sms-challenger-client-secret.fact - -- name: sms-challenger: force ansible to regather just created fact(s) - setup: filter='sms-challenger-client-secret' - -- name: Setup SMS Challenger exchange account - shell: - cmd: challenger-admin -c /etc/challenger/sms-challenger.conf --quiet --add={{ ansible_local['sms-challenger-client-secret']['sms-challenger']['CLIENT_SECRET'] }} {{ EXCHANGE_BASE_URL }}kyc-proof | awk '{print "[sms-challenger]\nCLIENT_ID="$1"\n\n"}' > /etc/ansible/facts.d/sms-challenger-client-id.fact - chdir: /tmp - -- name: Place SMS challenger exchange config - ansible.builtin.template: - src: templates/etc/taler-exchange/config.d/sms-challenger.conf.j2 - dest: "/etc/taler-exchange/config.d/sms-challenger.conf" - owner: root - group: challenger-sms - mode: 0640 - -- name: Place SMS challenger environment data - ansible.builtin.template: - src: templates/etc/challenger/sms-challenger.env.j2 - dest: "/etc/challenger/sms-challenger.env - owner: root - group: challenger-sms - mode: 0640 - -- name: Place sms-challenger systemd service file - copy: - src: etc/systemd/system/sms-challenger-httpd.service - dest: "/etc/systemd/system/sms-challenger-httpd.service - -- name: Ensure SMS challenger service is enabled and started - ansible.builtin.systemd_service: - deamon_reload: true - name: sms-challenger - state: started - enabled: true - -- name: Place SMS challenger Nginx configuration - ansible.builtin.template: - src: templates/etc/nginx/sites-available/sms-challenger-nginx.conf.j2 - dest: "/etc/nginx/sites-available/sms-challenger-nginx.conf - owner: root - group: root - mode: 0644 - -- name: Enable SMS challenger reverse proxy configuration - file: - src: /etc/nginx/sites-available/sms-challenger-nginx.conf - dest: /etc/nginx/sites-enabled/sms-challenger-nginx.conf - state: link - notify: restart nginx