ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE

config.yml (4779B)

      1 ---
      2 # Pregenerated dhparam.pem is less secure
      3 # but significantly faster.
      4 USE_PREGENERATED_DHPARAM: true
      5 # No auditor (yet)
      6 deploy_auditor: false
      7 deploy_monitoring: false
      8 # We use EBICS to talk to the bank.
      9 use_ebics: true
     10 # Use externally created EBICS keys.
     11 ebics_keys_external: true
     12 # Main domain name.
     13 domain_name: "gls.de"
     14 exchange_domain: "test.exchange.gls.de"
     15 # High-level kind of deployment.
     16 # Other customizations depend on this.
     17 # Can be "gls" or "tops" (later: "magnet")
     18 DEPLOYMENT_KIND: "gls"
     19 # Our internal hostname
     20 TARGET_HOST_NAME: "test.exchange.gls.de"
     21 # Disable restore from backup? MUST be set to "false" once in production!
     22 # This forces a backup to be provided *if* there is no database on the
     23 # target system already. If such a database exists, we will NOT restore
     24 # any backup even if this is 'false'. If no database exists on the target
     25 # system and this option is 'false', then a backup must have been provided
     26 # at the originating host (you get get it using the 'restore.sh' script).
     27 DISABLE_RESTORE_BACKUP: true
     28 # Use nightly Taler distro (true/false).
     29 USE_NIGHTLY: false
     30 # Our currency.
     31 CURRENCY: EUR
     32 # Smallest unit of the currency for wire transfers.
     33 CURRENCY_ROUND_UNIT: "EUR:0.01"
     34 # Base URL of the exchange REST API
     35 EXCHANGE_BASE_URL: "https://test.exchange.{{ domain_name }}/"
     36 # Exchange offline master public key.
     37 EXCHANGE_MASTER_PUB: ABSERA9GY2RV0G12RZYTZ11WMG81ZRT8S9DTQJ8JNXXE5RXAKBF0
     38 # URL with merchants accepting this exchange.
     39 EXCHANGE_SHOPPING_URL: "https://shops.taler.gls.de/"
     40 # Name of Terms of service resource file
     41 EXCHANGE_TERMS_ETAG: "exchange-gls-tos-test-v3"
     42 # Name of Privacy policy resource file
     43 EXCHANGE_PP_ETAG: "exchange-pp-v0"
     44 # Full BIC of exchange account
     45 EXCHANGE_BANK_ACCOUNT_BIC: "GENODEM1GLS"
     46 # Full Payto URI of exchange account (for credit and debit)
     47 EXCHANGE_BANK_ACCOUNT_IBAN: "DE88430609678937360305"
     48 # Full Payto URI of exchange account (for credit and debit)
     49 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=GLS+Taler+Verrechnungskonto"
     50 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
     51 LIBEUFIN_PORT: 8082
     52 # Name of the exchange account at libeufin-nexus
     53 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
     54 # Which KYC/AML rules to set up.
     55 # Name of the bank dialect
     56 LIBEUFIN_NEXUS_BANK_DIALECT: "gls"
     57 # SPA dialect (tops, gls, magnet, ...)
     58 EXCHANGE_SPA_DIALECT: "gls"
     59 # Business name of the exchange operator
     60 EXCHANGE_OPERATOR_LEGAL_NAME: "GLS Test"
     61 # Where to send people after they passed KYC.
     62 KYC_THANK_YOU_URL: https://taler.gls.de/thank-you-kyc
     63 # Tool to use for sanction list checking
     64 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy
     65 
     66 RESERVE_CLOSING_DELAY: 5d
     67 
     68 # Secrets are inlined in this file.
     69 HAVE_SECRETS: true
     70 
     71 # Symmetric encryption secret for KYC attribute encryption.
     72 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: !vault |
     73   $ANSIBLE_VAULT;1.1;AES256
     74   36663934633134656638303766343335666566656164643031346466653232623163666466653031
     75   3636643034313962613032646636666236333963616131610a336436356132333630626264613638
     76   36323430393931663934366335363334336163333665343332363562376462663961663265306335
     77   3762386231396233620a333430626337376432653739623961366631363836653737393033396230
     78   39313563333135363962656466643166313032303161323236346364306234633265363631343035
     79   3730363664306633323531386335306563373965663830353566
     80 
     81 # EBICS access details (public)
     82 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.multivia-suite.de/ebicsweb/ebicsweb
     83 LIBEUFIN_NEXUS_EBICS_HOST_ID: MULTIVIA
     84 
     85 # EBICS access details (secrets)
     86 LIBEUFIN_NEXUS_EBICS_USER_ID: !vault |
     87   $ANSIBLE_VAULT;1.1;AES256
     88   65333130663361313831656438363264373733363832376338633565653533303239356465636535
     89   6264616437396337323761373631653062393562636135380a386463383537353334333831613763
     90   32363665323539373162386239313133356634303737393766613663346461386136313334613936
     91   6133643261633133630a386332336463343466643535346536323730616163663436356531326463
     92   6562
     93 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: !vault |
     94   $ANSIBLE_VAULT;1.1;AES256
     95   33346334386637393965656534636162633462303838636636616262366531663035323431626637
     96   3533333836353038393361666630376565656433626431320a613930393833343233363362616464
     97   64636633636633336633363466303566623934666634316164336164613731313737353231386337
     98   3438336664313733320a623366643232333666373030306339343766353661336566666531376437
     99   3439
    100 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: !vault |
    101   $ANSIBLE_VAULT;1.1;AES256
    102   62626237303264333130356565386432633261323936353136353335666338636335323763343135
    103   3465356539316430306336346666356535363165643061620a643237653532616262323535366237
    104   30333336326565343463356238333434373265353833626163313866623165376164393734323335
    105   3230623737333230310a333230356439363462623531323339633732353964656439636664653931
    106   6437