commit c22f78e245472bbf3bd13c8017096626601534b3
parent 5bac3f6739372a1fd0242a078f5a09ce0572b67c
Author: Devan Carpenter <devan@taler.net>
Date: Mon, 28 Oct 2024 11:24:28 +0000
roles: add configuration role
Diffstat:
9 files changed, 148 insertions(+), 1 deletion(-)
diff --git a/playbooks/play.yml b/playbooks/play.yml
@@ -7,3 +7,4 @@
- database
- taler-libeufin-nexus
- taler-exchange
+ - configuration
diff --git a/roles/common_packages/tasks/main.yml b/roles/common_packages/tasks/main.yml
@@ -38,7 +38,7 @@
shell:
cmd: curl -sS https://deb.taler.net/apt-nightly/taler-bookworm-ci.sources -o /etc/apt/sources.list.d/taler.sources
-- name: Set taler repo to lowest priority so they don't auto upgrade
+- name: Pin taler repo to lowest priority so they don't auto upgrade
copy:
src: etc/apt/preferences.d/limit-taler-repo
dest: /etc/apt/preferences.d/limit-taler-repo
diff --git a/roles/configuration/files/etc/libeufin/libeufin-nexus.conf b/roles/configuration/files/etc/libeufin/libeufin-nexus.conf
@@ -0,0 +1,40 @@
+# This is the main configuration entrypoint for the libeufin-nexus.
+
+[nexus-postgres]
+CONFIG = postgres:///libeufin
+
+[nexus-ebics]
+
+# Currency used by the bank where Nexus is client.
+CURRENCY = KUDOS
+
+# Base URL of the bank server.
+HOST_BASE_URL = http://ebics.bank.com/
+
+# EBICS host ID.
+HOST_ID = mybank
+
+# EBICS user ID, as assigned by the bank.
+USER_ID = myuser
+
+
+# EBICS partner ID, as assigned by the bank.
+PARTNER_ID = myorg
+
+# EBICS partner ID, as assigned by the bank.
+SYSTEM_ID = banksys
+
+IBAN =
+BIC =
+NAME = LibEuFin
+
+
+[nexus-fetch]
+FREQUENCY = 30s
+
+[nexus-submit]
+FREQUENCY = 30s
+
+[nexus-postgres]
+CONFIG=postgres:///libeufin
+
diff --git a/roles/configuration/files/etc/taler/taler.conf b/roles/configuration/files/etc/taler/taler.conf
@@ -0,0 +1,49 @@
+# Main entry point for the GNU Taler configuration.
+#
+# Structure:
+# - taler.conf is the main configuration entry point
+# used by all Taler components (the file you are currently
+# looking at.
+# - overrides.conf contains configuration overrides that are
+# set by some tools that help with the configuration,
+# and should not be edited by humans. Comments in this file
+# are not preserved.
+# - conf.d/ contains configuration files for
+# Taler components, which can be read by all
+# users of the system and are included by the main
+# configuration.
+# - secrets/ contains configuration snippets
+# with secrets for particular services.
+# These files should have restrictive permissions
+# so that only users of the relevant services
+# can read it. All files in it should end with
+# ".secret.conf".
+
+[taler]
+
+# Currency of the Taler deployment. This setting applies to all Taler
+# components that only support a single currency.
+#currency = KUDOS
+
+# Smallest currency unit handled by the underlying bank system. Taler payments
+# can make payments smaller than this units, but interactions with external
+# systems is always rounded to this unit.
+#currency_round_unit = KUDOS:0.01
+
+# Monthly amount that mandatorily triggers an AML check
+#AML_THRESHOLD = KUDOS:10000000
+
+[paths]
+
+TALER_HOME = /var/lib/taler/
+TALER_RUNTIME_DIR = /run/taler/
+TALER_CACHE_HOME = /var/cache/taler/
+TALER_CONFIG_HOME = /etc/taler/
+TALER_DATA_HOME = /var/lib/taler/
+
+
+# Inline configurations from all Taler components.
+@inline-matching@ conf.d/*.conf
+
+# Overrides from tools that help with configuration.
+@inline@ overrides.conf
diff --git a/roles/configuration/tasks/main.yml b/roles/configuration/tasks/main.yml
@@ -0,0 +1,42 @@
+---
+- name: Ensure taler config dir exists from installation
+ file:
+ path: "/etc/taler"
+ state: directory
+
+- name: Ensure libeufin config dir exists from installation
+ file:
+ path: "/etc/libeufin"
+ state: directory
+
+- name: Place libeufin-nexus config
+ copy:
+ src: etc/libeufin/libeufin-nexus.conf
+ dest: "/etc/libeufin/libeufin-nexus.conf"
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Place taler config
+ copy:
+ src: etc/taler/taler.conf
+ dest: "/etc/taler/taler.conf"
+ owner: root
+ group: root
+ mode: 0644
+
+- name: Setup libeufin database
+ shell:
+ cmd: libeufin-dbconfig --only-nexus
+ chdir: /tmp
+
+- name: Setup Taler Exchange database
+ shell:
+ cmd: taler-exchange-dbconfig
+ chdir: /tmp
+
+- name: EBICS setup
+ become: yes
+ become_user: libeufin-nexus
+ shell:
+ cmd: libeufin-nexus ebics-setup
diff --git a/roles/configuration/templates/merchant-db.secret.conf b/roles/configuration/templates/merchant-db.secret.conf
@@ -0,0 +1,2 @@
+[merchantdb-postgres]
+CONFIG=postgres:///${MERCHANT_DB}
diff --git a/roles/configuration/templates/merchant-exchanges.conf b/roles/configuration/templates/merchant-exchanges.conf
@@ -0,0 +1,4 @@
+[merchant-exchange-$NAME]
+EXCHANGE_BASE_URL = https://$EXCHANGE_DOMAIN/
+MASTER_KEY = $MASTER_PUBLIC_KEY
+CURRENCY = $CURRENCY
diff --git a/roles/configuration/templates/taler-auditor.conf b/roles/configuration/templates/taler-auditor.conf
@@ -0,0 +1,2 @@
+[auditor]
+PUBLIC_KEY = $AUDITOR_PUB
diff --git a/roles/configuration/vars/main.yml b/roles/configuration/vars/main.yml
@@ -0,0 +1,7 @@
+BANK_EXCHANGE_PASSWORD: xxxx
+BANK_ADMIN_PASSWORD: xxxx
+BANK_PORT: xxxx
+CURRENCY_NAME: xxxx
+IBAN: xxx
+HOSTNAME: XXXX
+TOS: yes/no
