commit efc0fce1b93f3c7ab36584dccc1ca05faf61a10d parent 120bf9f14f35f54fa0e945e35bf20e13e9938af0 Author: Christian Grothoff <christian@grothoff.org> Date: Sun, 22 Dec 2024 23:00:15 +0100 install challenger configs with secrets into secrets/ dir Diffstat:
5 files changed, 17 insertions(+), 6 deletions(-)
diff --git a/roles/challenger/files/etc/taler-exchange/conf.d/challenger.conf b/roles/challenger/files/etc/taler-exchange/conf.d/challenger.conf @@ -0,0 +1,6 @@ + +# Credentials to access Challenger KYC providers are in separate +# config files with restricted permissions. +@inline-secret@ kyc-provider-email-challenger ../secrets/challenger-email.secret.conf +@inline-secret@ kyc-provider-postal-challenger ../secrets/challenger-postal.secret.conf +@inline-secret@ kyc-provider-sms-challenger ../secrets/challenger-sms.secret.conf diff --git a/roles/challenger/tasks/main.yml b/roles/challenger/tasks/main.yml @@ -162,28 +162,33 @@ - name: Place SMS challenger exchange config ansible.builtin.template: - src: templates/etc/taler-exchange/conf.d/challenger-sms.conf.j2 - dest: /etc/taler-exchange/conf.d/challenger-sms.conf + src: templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2 + dest: /etc/taler-exchange/secrets/challenger-sms.secret.conf owner: taler-exchange-httpd group: root mode: 0440 - name: Place email challenger exchange config ansible.builtin.template: - src: templates/etc/taler-exchange/conf.d/challenger-email.conf.j2 - dest: /etc/taler-exchange/conf.d/challenger-email.conf + src: templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2 + dest: /etc/taler-exchange/secrets/challenger-email.secret.conf owner: taler-exchange-httpd group: root mode: 0440 - name: Place postal challenger exchange config ansible.builtin.template: - src: templates/etc/taler-exchange/conf.d/challenger-postal.conf.j2 - dest: /etc/taler-exchange/conf.d/challenger-postal.conf + src: templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2 + dest: /etc/taler-exchange/secrets/challenger-postal.secret.conf owner: taler-exchange-httpd group: root mode: 0440 +- name: Place postal challenger exchange config + copy: + src: files/etc/taler-exchange/conf.d/challenger.conf + dest: /etc/taler-exchange/conf.d/challenger.conf + - name: Place sms-challenger systemd service file copy: src: etc/systemd/system/sms-challenger-httpd.service diff --git a/roles/challenger/templates/etc/taler-exchange/conf.d/challenger-email.conf.j2 b/roles/challenger/templates/etc/taler-exchange/secrets/challenger-email.secret.conf.j2 diff --git a/roles/challenger/templates/etc/taler-exchange/conf.d/challenger-postal.conf.j2 b/roles/challenger/templates/etc/taler-exchange/secrets/challenger-postal.secret.conf.j2 diff --git a/roles/challenger/templates/etc/taler-exchange/conf.d/challenger-sms.conf.j2 b/roles/challenger/templates/etc/taler-exchange/secrets/challenger-sms.secret.conf.j2