vars.yml (7622B)
1 # What environment are we deploying? 2 DEPLOYMENT_KIND: "tops" 3 # Public variables for a "test" deployment 4 # Deploy challenger? 5 deploy_challenger: true 6 # Disable restore from backup? MUST be set to "false" once in production! 7 # This forces a backup to be provided *if* there is no database on the 8 # target system already. If such a database exists, we will NOT restore 9 # any backup even if this is 'false'. If no database exists on the target 10 # system and this option is 'false', then a backup must have been provided 11 # at the originating host (you get get it using the 'restore.sh' script). 12 DISABLE_RESTORE_BACKUP: true 13 # Main external domain name. 14 domain_name: "stage.taler-ops.ch" 15 # Our internal hostname 16 TARGET_HOST_NAME: "rusty.taler-ops.ch" 17 # Suite for taler packages. 18 taler_repo_suites: trixie-testing 19 # Deploy EBICS configuration (true/false). 20 use_ebics: false 21 # Our currency. 22 CURRENCY: CHF 23 # Smallest unit of the currency for wire transfers. 24 CURRENCY_ROUND_UNIT: "CHF:0.01" 25 # Sanction list to use, comment out to disable 26 SANCTION_LIST: sanctions-swiss.json 27 # Base URL of the exchange REST API 28 EXCHANGE_BASE_URL: "https://exchange.{{ domain_name }}/" 29 # Base URL of the auditor REST API 30 AUDITOR_BASE_URL: "https://auditor.{{ domain_name }}/" 31 # Exchange offline master public key. 32 EXCHANGE_MASTER_PUB: GT1ZRF6DT4RAETDEGW3KTWRH15RAKH9T0TK6ZJEYFGRX18B54AK0 33 # Auditor offline public key. 34 AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0 35 # URL with merchants accepting this exchange. 36 EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/" 37 # Name of Terms of service resource file 38 EXCHANGE_TERMS_ETAG: "exchange-tos-v0" 39 # Name of Privacy policy resource file 40 EXCHANGE_PP_ETAG: "exchange-pp-v0" 41 # Full BIC of exchange account 42 EXCHANGE_BANK_ACCOUNT_BIC: "MAEBCHZZ" 43 # Full Payto URI of exchange account (for credit and debit) 44 EXCHANGE_BANK_ACCOUNT_IBAN: "CH6808573105529100001" 45 # QR IBAN for prepared transfers 46 exchange_qr_iban: "CH1130000001166556117" 47 # Full Payto URI of exchange account (for credit and debit) 48 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=Taler+Operations+AG" 49 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway 50 LIBEUFIN_PORT: 8082 51 # Name of the exchange account at libeufin-nexus 52 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange" 53 # Name of the bank dialect 54 LIBEUFIN_NEXUS_BANK_DIALECT: "maerki_baumann" 55 # SPA dialect (tops, gls, magnet, ...) 56 EXCHANGE_SPA_DIALECT: "tops" 57 # Business name of the exchange operator 58 EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG" 59 # Where to send people after they passed KYC. 60 KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc 61 # Template to use for identification of individuals with KYCAID 62 KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx 63 # Template to use for identification of businesses with KYCAID 64 KYCAID_TEMPLATE_BUSINESS: tmpl_xxx 65 # Regex specifying allowed phone numbers for the SMS check 66 EXCHANGE_AML_PROGRAM_TOPS_SMS_HINT: "Swiss number required" 67 EXCHANGE_AML_PROGRAM_TOPS_SMS_EXAMPLE: "+41948224521" 68 EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: "\\\\+41[0-9]+" 69 # Regex specifying allowed country names for the postal address check 70 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_HINT: "Swiss address required" 71 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_EXAMPLE: "Max Mustermann\\nBahnhofsplatz 1\\n4201 Biel/Bienne" 72 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch" 73 # Tool to use for sanction list checking 74 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy 75 76 # If set to true, set up an additional user to allow faking wire transfers and 77 # inspecting challenger auth codes. 78 # This setting MUST NOT be enabled in production 79 # deployments under any circumstance. 80 dangerously_enable_devtesting: true 81 82 devtesting_ssh_keys: 83 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHSjJ/zPwQnqBrKp0qK+OdsZYfQ8DHY2dyJakNozBi7 fdold-work@sapota" 84 - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoXKfSbPriOPoFRR+lMAJszH0/7jaPZOxdg85/URlRbe0ljm8fxbVmup1EjGPuKKJkyYqJIqGQCRHPNYeBt05APXYEO+4d5WAuPY6QOiTFGxB5RueWHAjFM5LVKtBH9Ozln+ngjeXlID48ueuBY2LO24hRuZtRmHYKN1AwQNA2XKtjteKINx99ljm3uwVV9IDYAJkRWKllolLrSFfqK6CHDS/IqlMNp3qNNhNXEW+/Vm5kMUPzKvhPXH/OsFr2KyKaO/+zVXptwje9imtaYaD5iEuRbEfP+6OsCKKpIlp6kyfOUPLuxK+RQfDRY3pyHeCKGriv3DGUpCYqtFVZlmsww== stibane@feh.com" 85 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzMFKrnSNsRwS6eBInPx4WrJipQvsxFKNN48TGwXewb avalos@thinkpad" 86 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDftpehk0olHW7h0z8u401gjEZwAw4gKjfy/WXfr1xP4aUlAmHlEybrwCA1TmLzYiuJ1GiEZC1a8s/pk4EFXDd1/YH/mMKnqb7FkFM78lsmpyF+uj9lWzGE/Ov0y8ypdS/V+54CGymPvpnZ2v9x/bvADrQip8qnDPu49ERbrr0/3xm4zT+s2uWh8878crJpzjcOnR5WxwTSyl/H1/uSC/8sGhK49sscwgyvemVL13tpqy5svVB6/7Epno8Gti/ydmy9bd3gl9CtBZvRqZ/0gMefWFaKrkyqtu7mwn7xpsth4izKCaJ5QKOVFo/7ZpqyuderUT7UEC0Opm72q8GR8bvS9aFXjMf3XlE4yrQ6NtHR8h7GpvqWkFsmKuSC5JdpPCMu2a8QtQ9RfCxoCv7JG2En2zJwg8ugek8Q9mKxC0RXl0IeOokm4SnoZWQ6smgJezTx8w3Jv2zOPkWX0jAwtGpPHnPlOleqLcdIqkYpbre/91K5527Sz2HvzZiyjScY13Q++YEiHBZ6xEhzSvbQ6FmV0k6zPhijayx8OyqHDp+PjFVGGOYRoRrN1vQTAJAgXxKrL/7QzdGb+920aeYdrxcVS1fp9xvnwUSM6nf9QobjYDcyFdbKRGo/Yn9KKpWR86ksGAy8m1dImvzv/mG7JP02cS1KqLmBSonzBh9KLUHs/Q== hernani+clementine@vecirex.net" 87 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeYL0JLzvDQXyUqzEn+QlOsxyVPmSedSK1SZxUzM/mBgGBJLRA6kN9Go9X9YeVLsPRJZjCOeLaZqZE3CbSUtw9m7/QYSHZslm+9ALlCJwqGeurFXeqWZ4HTo6/IqD79D+RJezYfnNI8QlKe/ChoIGSf+OHpuc5I5FkNRlKTWfTr+pq8/VFqziRqTTT/LkrtBhflvRYsLnz7X/7nMRrIHi+16SeOFxmT0kwTkl6cYnoGPtaV/FmZaWDYbE+QV4wxnWYbkBNu9CZei2b6t9ZITAJeB9S3VvHF3cvzes1mwz4lwItckmesQ/IY4E7KGu1QN5l3r1Ug0JC/BoZe8qnVQw5 stefan-kuegel" 88 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjBjN7/7f7nloHLScOrZwrwe6HYb3MybDTDbmLxyrds hernani+magikoopa@vecirex.net" 89 90 # Secrets are taken from the vault file and substituted via 91 # the vault_* variables. 92 # 93 # YOU MAY ONLY edit the vault.yml file via 94 # $ ansible-vault edit inventories/host_vars/rusty/vault.yml 95 # to decrease the likelihood of unencrypted secrets ending up in git. 96 HAVE_SECRETS: true 97 98 # Symmetric encryption secret for KYC attribute encryption. 99 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: "{{ vault_exchange_attribute_encryption_key }}" 100 # EBICS access details 101 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.postfinance.ch/ebics/ebics.aspx 102 LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS 103 LIBEUFIN_NEXUS_EBICS_USER_ID: "{{ vault_libeufin_nexus_ebics_user_id }}" 104 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: "{{ vault_libeufin_nexus_ebics_partner_id }}" 105 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: "{{ vault_libeufin_nexus_ebics_system_id }}" 106 107 # Authorization token for the telesign SMS service 108 # "Basic" is pre-pended by the shell script 109 SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: "{{ vault_sms_challenger_telesign_auth_token }}" 110 111 sms_challenger_clicksend_username: "{{ vault_sms_challenger_clicksend_username }}" 112 vault_sms_challenger_clicksend_api_key: "{{ vault_sms_challenger_clicksend_api_key }}" 113 114 # Authorization data for the pingen postal service 115 POSTAL_CHALLENGER_PINGEN_CLIENT_ID: "{{ vault_postal_challenger_pingen_client_id }}" 116 POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: "{{ vault_postal_challenger_pingen_client_secret }}" 117 POSTAL_CHALLENGER_PINGEN_ORG_ID: "{{ vault_postal_challenger_pingen_org_id }}" 118 119 # KYCaid access token 120 EXCHANGE_KYCAID_ACCESS_TOKEN: "{{ vault_exchange_kycaid_access_token }}" 121 122 # Bearer access token for the auditor SPA (set via browser extension to set Authorization HTTP header on auditor.$DOMAIN!) 123 AUDITOR_ACCESS_TOKEN: "{{ vault_auditor_access_token }}" 124 125 # Bearer access token for monitoring.$DOMAIN (must be given to grafana) 126 PROMETHEUS_ACCESS_TOKEN: "{{ vault_prometheus_access_token }}" 127 128 # Bearer access token for loki.taler-systems.com (see that nginx config) 129 LOKI_ACCESS_TOKEN: "{{ vault_loki_access_token }}"