ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE

config.yml (4842B)

      1 ---
      2 # Pregenerated dhparam.pem is less secure
      3 # but significantly faster.
      4 USE_PREGENERATED_DHPARAM: true
      5 # No auditor (yet)
      6 deploy_auditor: false
      7 deploy_monitoring: false
      8 # We use EBICS to talk to the bank.
      9 use_ebics: true
     10 # Use externally created EBICS keys.
     11 ebics_keys_external: true
     12 # Main domain name.
     13 domain_name: "gls.de"
     14 exchange_domain: "test.exchange.gls.de"
     15 # We bring our own certificates
     16 exchange_use_letsencrypt: true
     17 # High-level kind of deployment.
     18 # Other customizations depend on this.
     19 # Can be "gls" or "tops" (later: "magnet")
     20 DEPLOYMENT_KIND: "gls"
     21 # Our internal hostname
     22 TARGET_HOST_NAME: "test.exchange.gls.de"
     23 # Disable restore from backup? MUST be set to "false" once in production!
     24 # This forces a backup to be provided *if* there is no database on the
     25 # target system already. If such a database exists, we will NOT restore
     26 # any backup even if this is 'false'. If no database exists on the target
     27 # system and this option is 'false', then a backup must have been provided
     28 # at the originating host (you get get it using the 'restore.sh' script).
     29 DISABLE_RESTORE_BACKUP: true
     30 # Use nightly Taler distro (true/false).
     31 USE_NIGHTLY: false
     32 # Our currency.
     33 CURRENCY: EUR
     34 # Smallest unit of the currency for wire transfers.
     35 CURRENCY_ROUND_UNIT: "EUR:0.01"
     36 # Base URL of the exchange REST API
     37 EXCHANGE_BASE_URL: "https://test.exchange.{{ domain_name }}/"
     38 # Exchange offline master public key.
     39 EXCHANGE_MASTER_PUB: ABSERA9GY2RV0G12RZYTZ11WMG81ZRT8S9DTQJ8JNXXE5RXAKBF0
     40 # URL with merchants accepting this exchange.
     41 EXCHANGE_SHOPPING_URL: "https://shops.taler.gls.de/"
     42 # Name of Terms of service resource file
     43 EXCHANGE_TERMS_ETAG: "exchange-gls-tos-test-v3"
     44 # Name of Privacy policy resource file
     45 EXCHANGE_PP_ETAG: "exchange-pp-v0"
     46 # Full BIC of exchange account
     47 EXCHANGE_BANK_ACCOUNT_BIC: "GENODEM1GLS"
     48 # Full Payto URI of exchange account (for credit and debit)
     49 EXCHANGE_BANK_ACCOUNT_IBAN: "DE88430609678937360305"
     50 # Full Payto URI of exchange account (for credit and debit)
     51 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=GLS+Taler+Verrechnungskonto"
     52 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
     53 LIBEUFIN_PORT: 8082
     54 # Name of the exchange account at libeufin-nexus
     55 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
     56 # Which KYC/AML rules to set up.
     57 # Name of the bank dialect
     58 LIBEUFIN_NEXUS_BANK_DIALECT: "gls"
     59 # SPA dialect (tops, gls, magnet, ...)
     60 EXCHANGE_SPA_DIALECT: "gls"
     61 # Business name of the exchange operator
     62 EXCHANGE_OPERATOR_LEGAL_NAME: "GLS Test"
     63 # Where to send people after they passed KYC.
     64 KYC_THANK_YOU_URL: https://taler.gls.de/thank-you-kyc
     65 # Tool to use for sanction list checking
     66 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy
     67 
     68 RESERVE_CLOSING_DELAY: 5d
     69 
     70 # Secrets are inlined in this file.
     71 HAVE_SECRETS: true
     72 
     73 # Symmetric encryption secret for KYC attribute encryption.
     74 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: !vault |
     75   $ANSIBLE_VAULT;1.1;AES256
     76   36663934633134656638303766343335666566656164643031346466653232623163666466653031
     77   3636643034313962613032646636666236333963616131610a336436356132333630626264613638
     78   36323430393931663934366335363334336163333665343332363562376462663961663265306335
     79   3762386231396233620a333430626337376432653739623961366631363836653737393033396230
     80   39313563333135363962656466643166313032303161323236346364306234633265363631343035
     81   3730363664306633323531386335306563373965663830353566
     82 
     83 # EBICS access details (public)
     84 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.multivia-suite.de/ebicsweb/ebicsweb
     85 LIBEUFIN_NEXUS_EBICS_HOST_ID: MULTIVIA
     86 
     87 # EBICS access details (secrets)
     88 LIBEUFIN_NEXUS_EBICS_USER_ID: !vault |
     89   $ANSIBLE_VAULT;1.1;AES256
     90   65333130663361313831656438363264373733363832376338633565653533303239356465636535
     91   6264616437396337323761373631653062393562636135380a386463383537353334333831613763
     92   32363665323539373162386239313133356634303737393766613663346461386136313334613936
     93   6133643261633133630a386332336463343466643535346536323730616163663436356531326463
     94   6562
     95 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: !vault |
     96   $ANSIBLE_VAULT;1.1;AES256
     97   33346334386637393965656534636162633462303838636636616262366531663035323431626637
     98   3533333836353038393361666630376565656433626431320a613930393833343233363362616464
     99   64636633636633336633363466303566623934666634316164336164613731313737353231386337
    100   3438336664313733320a623366643232333666373030306339343766353661336566666531376437
    101   3439
    102 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: !vault |
    103   $ANSIBLE_VAULT;1.1;AES256
    104   62626237303264333130356565386432633261323936353136353335666338636335323763343135
    105   3465356539316430306336346666356535363165643061620a643237653532616262323535366237
    106   30333336326565343463356238333434373265353833626163313866623165376164393734323335
    107   3230623737333230310a333230356439363462623531323339633732353964656439636664653931
    108   6437