commit c6731e91c03b253772e15e4190900ac33511824b parent ee3f9300ce2bb8a83c0b247bc4455d0a813b5025 Author: Christian Grothoff <christian@grothoff.org> Date: Wed, 20 Nov 2024 10:00:36 +0100 configuration task is now obsolete Diffstat:
14 files changed, 70 insertions(+), 234 deletions(-)
diff --git a/.gitignore b/.gitignore @@ -1,2 +1,3 @@ ./inventories/production/hosts ./inventories/staging/hosts +*~ diff --git a/roles/configuration/files/etc/libeufin/libeufin-nexus.conf b/roles/configuration/files/etc/libeufin/libeufin-nexus.conf @@ -1,49 +0,0 @@ -# This is the main configuration entrypoint for the libeufin-nexus. - -[nexus-postgres] -CONFIG = postgres:///libeufin - -[nexus-ebics] - -# Currency used by the bank where Nexus is client. -CURRENCY = CHF - -# Base URL of the bank server. -HOST_BASE_URL = https://isotest.postfinance.ch/ebicsweb/ebicsweb - -# EBICS host ID. -HOST_ID = PFEBICS - -# EBICS user ID, as assigned by the bank. -USER_ID = PFC00664 - -# EBICS partner ID, as assigned by the bank. -PARTNER_ID = PFC00664 - -# EBICS partner ID, as assigned by the bank. # ??? -SYSTEM_ID = PFC00664 - -# IBAN of the bank account that is associated with the EBICS subscriber. -IBAN = CH9889144237951612671 - -# BIC of the bank account that is associated with the EBICS subscriber -BIC = POFICHBEXXX - -# Legal entity that is associated with the EBICS subscriber. -NAME = "Taler Exchange Operator Legal Name" - -# EBICS version and ISO20022 recommendations that -# Nexus would honor in the communication with the bank. -BANK_DIALECT = "postfinance" - -# Exchange accounts bounce invalid incoming transactions. -ACCOUNT_TYPE = exchange - -[nexus-fetch] -FREQUENCY = 30s - -[nexus-submit] -FREQUENCY = 30s - -[nexus-postgres] -CONFIG=postgres:///libeufin diff --git a/roles/configuration/files/etc/taler-exchange/taler-exchange.conf b/roles/configuration/files/etc/taler-exchange/taler-exchange.conf @@ -1,45 +0,0 @@ -# Main entry point for the GNU Taler configuration. -# -# Structure: -# - taler.conf is the main configuration entry point -# used by all Taler components (the file you are currently -# looking at. -# - overrides.conf contains configuration overrides that are -# set by some tools that help with the configuration, -# and should not be edited by humans. Comments in this file -# are not preserved. -# - conf.d/ contains configuration files for -# Taler components, which can be read by all -# users of the system and are included by the main -# configuration. -# - secrets/ contains configuration snippets -# with secrets for particular services. -# These files should have restrictive permissions -# so that only users of the relevant services -# can read it. All files in it should end with -# ".secret.conf". - -[paths] - -TALER_HOME = /var/lib/taler-exchange/ -TALER_RUNTIME_DIR = /run/taler-exchange/ -TALER_CACHE_HOME = /var/cache/taler-exchange/ -TALER_CONFIG_HOME = /etc/taler-exchange/ -TALER_DATA_HOME = /var/lib/taler-exchange/ - -[exchange] - -# Currency of the Taler deployment. This setting applies to all Taler -# components that only support a single currency. -currency = CHF - -# Smallest currency unit handled by the underlying bank system. Taler payments -# can make payments smaller than this units, but interactions with external -# systems is always rounded to this unit. -currency_round_unit = CHF:0.01 - -# Inline configurations from all Taler components. -@inline-matching@ conf.d/*.conf - -# Overrides from tools that help with configuration. -@inline@ overrides.conf diff --git a/roles/configuration/tasks/main.yml b/roles/configuration/tasks/main.yml @@ -1,42 +0,0 @@ ---- -- name: Ensure taler exchange config dir exists from installation - file: - path: "/etc/taler-exchange" - state: directory - -- name: Ensure libeufin config dir exists from installation - file: - path: "/etc/libeufin" - state: directory - -- name: Place libeufin-nexus config - copy: - src: etc/libeufin/libeufin-nexus.conf - dest: "/etc/libeufin/libeufin-nexus.conf" - owner: root - group: root - mode: 0644 - -- name: Place taler-exchange config - copy: - src: etc/taler-exchange/taler-exchange.conf - dest: "/etc/taler-exchange/taler-exchange.conf" - owner: root - group: root - mode: 0644 - -- name: Setup libeufin database - shell: - cmd: libeufin-dbconfig --only-nexus - chdir: /tmp - -- name: Setup Taler Exchange database - shell: - cmd: taler-exchange-dbconfig - chdir: /tmp - -- name: EBICS setup - become: yes - become_user: libeufin-nexus - shell: - cmd: libeufin-nexus ebics-setup diff --git a/roles/configuration/templates/merchant-db.secret.conf b/roles/configuration/templates/merchant-db.secret.conf @@ -1,2 +0,0 @@ -[merchantdb-postgres] -CONFIG=postgres:///${MERCHANT_DB} diff --git a/roles/configuration/templates/merchant-exchanges.conf b/roles/configuration/templates/merchant-exchanges.conf @@ -1,4 +0,0 @@ -[merchant-exchange-$NAME] -EXCHANGE_BASE_URL = https://$EXCHANGE_DOMAIN/ -MASTER_KEY = $MASTER_PUBLIC_KEY -CURRENCY = $CURRENCY diff --git a/roles/configuration/templates/taler-auditor.conf b/roles/configuration/templates/taler-auditor.conf @@ -1,2 +0,0 @@ -[auditor] -PUBLIC_KEY = $AUDITOR_PUB diff --git a/roles/email-challenger/tasks/main.yml b/roles/email-challenger/tasks/main.yml @@ -1,42 +1,13 @@ --- -- name: Ensure taler exchange config dir exists from installation - file: - path: "/etc/taler-exchange" - state: directory - -- name: Ensure libeufin config dir exists from installation - file: - path: "/etc/libeufin" - state: directory - -- name: Place libeufin-nexus config - copy: - src: etc/libeufin/libeufin-nexus.conf - dest: "/etc/libeufin/libeufin-nexus.conf" - owner: root - group: root - mode: 0644 - -- name: Place taler-exchange config +- name: Place email challenger config copy: - src: etc/taler-exchange/taler-exchange.conf - dest: "/etc/taler-exchange/taler-exchange.conf" + src: etc/challenger/challenger-email.conf + dest: "/etc/challenger/challenger-email.conf" owner: root - group: root - mode: 0644 + group: challenger-email + mode: 0640 -- name: Setup libeufin database +- name: Setup email Challenger database shell: - cmd: libeufin-dbconfig --only-nexus + cmd: challenger-dbconfig -c /etc/challenger/email-challenger.conf chdir: /tmp - -- name: Setup Taler Exchange database - shell: - cmd: taler-exchange-dbconfig - chdir: /tmp - -- name: EBICS setup - become: yes - become_user: libeufin-nexus - shell: - cmd: libeufin-nexus ebics-setup diff --git a/roles/email-challenger/templates/email-challenger-nginx.conf b/roles/email-challenger/templates/email-challenger-nginx.conf @@ -0,0 +1,16 @@ +server { + + listen 80; + listen [::]:80; + + server_name email.challenger.{{ DOMAIN_NAME }}; + + # Bigger than default timeout to support long polling + proxy_read_timeout 650s; + keepalive_requests 10000; + keepalive_timeout 650s; + + location / { + proxy_pass http://unix:/var/run/challenger-email/challenger-http.sock; + } +} diff --git a/roles/configuration/vars/main.yml b/roles/libeufin-nexus/vars/main.yml diff --git a/roles/postal-challenger/tasks/main.yml b/roles/postal-challenger/tasks/main.yml @@ -1,24 +1,13 @@ --- -- name: Place taler-exchange config +- name: Place Postal challenger config copy: - src: etc/taler-exchange/taler-exchange.conf - dest: "/etc/taler-exchange/taler-exchange.conf" + src: etc/challenger/challenger-postal.conf + dest: "/etc/challenger/challenger-postal.conf" owner: root - group: root - mode: 0644 + group: challenger-postal + mode: 0640 -- name: Setup libeufin database +- name: Setup Postal Challenger database shell: - cmd: libeufin-dbconfig --only-nexus + cmd: challenger-dbconfig -c /etc/challenger/postal-challenger.conf chdir: /tmp - -- name: Setup Taler Exchange database - shell: - cmd: taler-exchange-dbconfig - chdir: /tmp - -- name: EBICS setup - become: yes - become_user: libeufin-nexus - shell: - cmd: libeufin-nexus ebics-setup diff --git a/roles/postal-challenger/templates/postal-challenger-nginx.conf b/roles/postal-challenger/templates/postal-challenger-nginx.conf @@ -0,0 +1,16 @@ +server { + + listen 80; + listen [::]:80; + + server_name postal.challenger.{{ DOMAIN_NAME }}; + + # Bigger than default timeout to support long polling + proxy_read_timeout 650s; + keepalive_requests 10000; + keepalive_timeout 650s; + + location / { + proxy_pass http://unix:/var/run/challenger-postal/challenger-http.sock; + } +} diff --git a/roles/sms-challenger/tasks/main.yml b/roles/sms-challenger/tasks/main.yml @@ -1,42 +1,13 @@ --- -- name: Ensure taler exchange config dir exists from installation - file: - path: "/etc/taler-exchange" - state: directory - -- name: Ensure libeufin config dir exists from installation - file: - path: "/etc/libeufin" - state: directory - -- name: Place libeufin-nexus config - copy: - src: etc/libeufin/libeufin-nexus.conf - dest: "/etc/libeufin/libeufin-nexus.conf" - owner: root - group: root - mode: 0644 - -- name: Place taler-exchange config +- name: Place SMS challenger config copy: - src: etc/taler-exchange/taler-exchange.conf - dest: "/etc/taler-exchange/taler-exchange.conf" + src: etc/challenger/challenger-sms.conf + dest: "/etc/challenger/challenger-sms.conf" owner: root - group: root - mode: 0644 + group: challenger-sms + mode: 0640 -- name: Setup libeufin database +- name: Setup SMS Challenger database shell: - cmd: libeufin-dbconfig --only-nexus + cmd: challenger-dbconfig -c /etc/challenger/sms-challenger.conf chdir: /tmp - -- name: Setup Taler Exchange database - shell: - cmd: taler-exchange-dbconfig - chdir: /tmp - -- name: EBICS setup - become: yes - become_user: libeufin-nexus - shell: - cmd: libeufin-nexus ebics-setup diff --git a/roles/sms-challenger/templates/sms-challenger-nginx.conf b/roles/sms-challenger/templates/sms-challenger-nginx.conf @@ -0,0 +1,16 @@ +server { + + listen 80; + listen [::]:80; + + server_name sms.challenger.{{ DOMAIN_NAME }}; + + # Bigger than default timeout to support long polling + proxy_read_timeout 650s; + keepalive_requests 10000; + keepalive_timeout 650s; + + location / { + proxy_pass http://unix:/var/run/challenger-sms/challenger-http.sock; + } +}