ansible-taler-exchange

vars.yml (5617B)

---

 # Public variables for the Taler Operations AG (TOPS) deployment
 # Deploy challenger?
 deploy_challenger: true
 # What kind of environment are we deploying?
 DEPLOYMENT_KIND: "tops"
 # Disable restore from backup? MUST be set to "false" once in production!
 # This forces a backup to be provided *if* there is no database on the
 # target system already. If such a database exists, we will NOT restore
 # any backup even if this is 'false'. If no database exists on the target
 # system and this option is 'false', then a backup must have been provided
 # at the originating host (you get get it using the 'restore.sh' script).
 DISABLE_RESTORE_BACKUP: false
 # Use EBICS? (starts libeufin-nexus-fetch/submit services)
 USE_EBICS: false
 # Write EBICS configuration (with values in secret config)
 configure_ebics: true
 # Main domain name.
 domain_name: "taler-ops.ch"
 exchange_domain: "exchange.{{ domain_name }}"
 # Our internal hostname
 TARGET_HOST_NAME: "spec.taler-ops.ch"
 # Suite for taler packages.
 taler_repo_suites: trixie
 # Deploy EBICS configuration (true/false).
 use_ebics: false
 # Our currency.
 CURRENCY: CHF
 # Smallest unit of the currency for wire transfers.
 CURRENCY_ROUND_UNIT: "CHF:0.01"
 # Sanction list to use, comment out to disable
 # SANCTION_LIST: sanctions-swiss.json
 # Base URL of the exchange REST API
 EXCHANGE_BASE_URL: "https://exchange.{{ domain_name }}/"
 # Base URL of the auditor REST API
 AUDITOR_BASE_URL: "https://auditor.{{ domain_name }}/"
 # Exchange offline master public key.
 EXCHANGE_MASTER_PUB: 9V0G82S7JQW2ZRYF7BMGKKQ1TNR1VNVXZJSNQ2VSDGWC80D9W0YG
 # Auditor offline public key.
 AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
 # URL with merchants accepting this exchange.
 EXCHANGE_SHOPPING_URL: "https://map.taler-ops.ch/"
 # Name of Terms of service resource file
 EXCHANGE_TERMS_ETAG: "exchange-tos-tops-v0"
 # Name of Privacy policy resource file
 EXCHANGE_PP_ETAG: "exchange-pp-v0"
 # Full BIC of exchange account
 EXCHANGE_BANK_ACCOUNT_BIC: "POFICHBEXXX"
 # Full Payto URI of exchange account (for credit and debit)
 EXCHANGE_BANK_ACCOUNT_IBAN: "CH9709000000166556130"
 # Full Payto URI of exchange account (for credit and debit)
 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=Taler+Operations+AG"
 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
 LIBEUFIN_PORT: 8082
 # Name of the exchange account at libeufin-nexus
 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
 # Name of the bank dialect
 LIBEUFIN_NEXUS_BANK_DIALECT: "postfinance"
 # SPA dialect (tops, gls, magnet, ...)
 EXCHANGE_SPA_DIALECT: "tops"
 # Business name of the exchange operator
 EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG"
 # Where to send people after they passed KYC.
 KYC_THANK_YOU_URL: https://taler-ops.ch/en/thank-you-kyc.html
 # Template to use for identification of individuals with KYCAID
 KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
 # Template to use for identification of businesses with KYCAID
 KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
 # Regex specifying allowed phone numbers for the SMS check
 EXCHANGE_AML_PROGRAM_TOPS_SMS_HINT: "Swiss number required"
 EXCHANGE_AML_PROGRAM_TOPS_SMS_EXAMPLE: "+41948224521"
 EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: "\\\\+41[0-9]+"
 # Regex specifying allowed country names for the postal address check
 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_HINT: "Swiss address required"
 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_EXAMPLE: "Max Mustermann\\nBahnhofsplatz 1\\n4201 Biel/Bienne"
 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch"
 # Tool to use for sanction list checking
 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy
 
 # Secrets are taken from the vault file and substituted via
 # the vault_* variables.
 #
 # YOU MAY ONLY edit the vault.yml file via
 # $ ansible-vault edit inventories/host_vars/spec/vault.yml
 # to decrease the likelihood of unencrypted secrets ending up in git.
 HAVE_SECRETS: true
 
 # Symmetric encryption secret for KYC attribute encryption.
 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: "{{ vault_exchange_attribute_encryption_key }}"
 # EBICS access details
 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.postfinance.ch/ebics/ebics.aspx
 LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS
 LIBEUFIN_NEXUS_EBICS_USER_ID: "{{ vault_libeufin_nexus_ebics_user_id }}"
 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: "{{ vault_libeufin_nexus_ebics_partner_id }}"
 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: "{{ vault_libeufin_nexus_ebics_system_id }}"
 
 # Authorization token for the telesign SMS service
 # "Basic" is pre-pended by the shell script
 SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: "{{ vault_sms_challenger_telesign_auth_token }}"
 
 sms_challenger_clicksend_username: "{{ vault_sms_challenger_clicksend_username }}"
 vault_sms_challenger_clicksend_api_key: "{{ vault_sms_challenger_clicksend_api_key }}"
 
 # Authorization data for the pingen postal service
 POSTAL_CHALLENGER_PINGEN_CLIENT_ID: "{{ vault_postal_challenger_pingen_client_id }}"
 POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: "{{ vault_postal_challenger_pingen_client_secret }}"
 POSTAL_CHALLENGER_PINGEN_ORG_ID: "{{ vault_postal_challenger_pingen_org_id }}"
 
 # KYCaid access token
 EXCHANGE_KYCAID_ACCESS_TOKEN: "{{ vault_exchange_kycaid_access_token }}"
 
 # Bearer access token for the auditor SPA (set via browser extension to set Authorization HTTP header on auditor.$DOMAIN!)
 AUDITOR_ACCESS_TOKEN: "{{ vault_auditor_access_token }}"
 
 # Bearer access token for monitoring.$DOMAIN (must be given to grafana)
 PROMETHEUS_ACCESS_TOKEN: "{{ vault_prometheus_access_token }}"
 
 # Bearer access token for loki.taler-systems.com (see that nginx config)
 LOKI_ACCESS_TOKEN: "{{ vault_loki_access_token }}"