add workable public keys, fix exchange configuration - ansible-taler-exchange - Ansible playbook to deploy a production Taler Exchange

commit 84779e778971786f8275a4e839f98a36e6fef7ca
parent 252cfaa3cf925dff58754b50ee72757a4d868990
Author: Christian Grothoff <christian@grothoff.org>
Date:   Sun, 22 Dec 2024 21:34:21 +0100

add workable public keys, fix exchange configuration

Diffstat:
M playbooks/setup.yml  | 6 ++++--
M roles/exchange/tasks/main.yml  | 12 ++++++++++--
M roles/exchange/templates/etc/taler-exchange/conf.d/exchange-business.conf.j2  | 7 +++++--
A roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2  | 8 ++++++++
D roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf.j2  | 17 -----------------

5 files changed, 27 insertions(+), 23 deletions(-)
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
@@ -28,9 +28,11 @@
 # Base URL of the auditor REST API
     AUDITOR_BASE_URL: "https://auditor.{{ DOMAIN_NAME }}/"
 # Exchange offline master public key.
-    EXCHANGE_MASTER_PUB:
+    EXCHANGE_MASTER_PUB: W91R2NPHGP9TD36EXCAWNTW63QHEED4P12SNTKPE1WD5YM6MVA40
 # Auditor offline public key.
-    AUDITOR_PUB:
+    AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
+# URL with merchants accepting this exchange.
+    EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/"
 # Name of Terms of service resource file
     EXCHANGE_TERMS_ETAG: "exchange-tos-v0"
 # Name of Privacy policy resource file
diff --git a/roles/exchange/tasks/main.yml b/roles/exchange/tasks/main.yml
@@ -99,10 +99,18 @@
     group: root
     mode: 0400
 
+- name: Place taler-exchange external individual KYC provider configuration
+  ansible.builtin.template:
+    src: templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2
+    dest: /etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf
+    owner: taler-exchange-httpd
+    group: root
+    mode: 0400
+
 - name: Place taler-exchange external KYC provider configuration
   ansible.builtin.template:
-    src: templates/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf.j2
-    dest: /etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf
+    src: templates/etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf.j2
+    dest: /etc/taler-exchange/secrets/exchange-kyc-provider-business.secret.conf
     owner: taler-exchange-httpd
     group: root
     mode: 0400
diff --git a/roles/exchange/templates/etc/taler-exchange/conf.d/exchange-business.conf.j2 b/roles/exchange/templates/etc/taler-exchange/conf.d/exchange-business.conf.j2
@@ -17,6 +17,9 @@ MASTER_PUBLIC_KEY = {{ EXCHANGE_MASTER_PUB }}
 # BASE_URL = https://example.com/
 BASE_URL = {{ EXCHANGE_BASE_URL }}
 
+# Where to find accepting shops?
+SHOPPING_URL = {{ EXCHANGE_SHOPPING_URL }}
+
 # Attribute encryption key for storing attributes encrypted
 # in the database. Should be a high-entropy nonce.
 ATTRIBUTE_ENCRYPTION_KEY = {{ EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY }}
@@ -46,5 +49,5 @@ PAYTO_URI = {{ EXCHANGE_BANK_ACCOUNT_PAYTO }}
 
 # Credentials to access KYC providers are in separate
 # config files with restricted permissions.
-@inline-secret@ kyc-provider-kycaid-individual ../secrets/exchange-kyc-providers.conf.j2
-@inline-secret@ kyc-provider-kycaid-business ../secrets/exchange-kyc-providers.conf.j2
+@inline-secret@ kyc-provider-kycaid-individual ../secrets/exchange-kyc-provider-individual.secret.conf
+@inline-secret@ kyc-provider-kycaid-business ../secrets/exchange-kyc-provider-business.secret.conf
diff --git a/roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2 b/roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2
@@ -0,0 +1,8 @@
+[kyc-provider-kycaid-individual]
+LOGIC = kycaid
+KYC_KYCAID_VALIDITY = forever
+KYC_KYCAID_AUTH_TOKEN = {{ EXCHANGE_KYCAID_ACCESS_TOKEN }}
+# FIXME: correct converter?
+KYC_KYCAID_CONVERTER_HELPER = taler-exchange-kyc-kycaid-converter.sh
+KYC_KYCAID_FORM_ID = {{ KYCAID_TEMPLATE_INDIVIDUAL }}
+KYC_KYCAID_POST_URL = {{ KYC_THANK_YOU_URL }}
diff --git a/roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf.j2 b/roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf.j2
@@ -1,17 +0,0 @@
-[kyc-provider-kycaid-individual]
-LOGIC = kycaid
-KYC_KYCAID_VALIDITY = forever
-KYC_KYCAID_AUTH_TOKEN = {{ EXCHANGE_KYCAID_ACCESS_TOKEN }}
-# FIXME: correct converter?
-KYC_KYCAID_CONVERTER_HELPER = taler-exchange-kyc-kycaid-converter.sh
-KYC_KYCAID_FORM_ID = {{ KYCAID_TEMPLATE_INDIVIDUAL }}
-KYC_KYCAID_POST_URL = {{ KYC_THANK_YOU_URL }}
-
-[kyc-provider-kycaid-business]
-LOGIC = kycaid
-KYC_KYCAID_VALIDITY = forever
-KYC_KYCAID_AUTH_TOKEN = {{ EXCHANGE_KYCAID_ACCESS_TOKEN }}
-# FIXME: correct converter? business should differ!
-KYC_KYCAID_CONVERTER_HELPER = taler-exchange-kyc-kycaid-converter.sh
-KYC_KYCAID_FORM_ID = {{ KYCAID_TEMPLATE_INDIVIDUAL }}
-KYC_KYCAID_POST_URL = {{ KYC_THANK_YOU_URL }}

	ansible-taler-exchange Ansible playbook to deploy a production Taler Exchange
	Log \| Files \| Refs \| Submodules \| README \| LICENSE

M	playbooks/setup.yml	\|	6	++++--
M	roles/exchange/tasks/main.yml	\|	12	++++++++++--
M	roles/exchange/templates/etc/taler-exchange/conf.d/exchange-business.conf.j2	\|	7	+++++--
A	roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-provider-individual.secret.conf.j2	\|	8	++++++++
D	roles/exchange/templates/etc/taler-exchange/secrets/exchange-kyc-providers.secret.conf.j2	\|	17	-----------------