vars.yml (7242B)
1 # What environment are we deploying? 2 DEPLOYMENT_KIND: "tops" 3 # Public variables for a "test" deployment 4 # Deploy challenger? 5 deploy_challenger: true 6 # Main external domain name. 7 domain_name: "stage.taler-ops.ch" 8 # Our internal hostname 9 TARGET_HOST_NAME: "rusty.taler-ops.ch" 10 # Suite for taler packages. 11 taler_repo_suites: trixie-testing 12 # Deploy EBICS configuration (true/false). 13 use_ebics: false 14 # Our currency. 15 CURRENCY: CHF 16 # Smallest unit of the currency for wire transfers. 17 CURRENCY_ROUND_UNIT: "CHF:0.01" 18 # Sanction list to use, comment out to disable 19 SANCTION_LIST: sanctions-swiss.json 20 # Base URL of the exchange REST API 21 EXCHANGE_BASE_URL: "https://exchange.{{ domain_name }}/" 22 # Base URL of the auditor REST API 23 AUDITOR_BASE_URL: "https://auditor.{{ domain_name }}/" 24 # Exchange offline master public key. 25 EXCHANGE_MASTER_PUB: GT1ZRF6DT4RAETDEGW3KTWRH15RAKH9T0TK6ZJEYFGRX18B54AK0 26 # Auditor offline public key. 27 AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0 28 # URL with merchants accepting this exchange. 29 EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/" 30 # Name of Terms of service resource file 31 EXCHANGE_TERMS_ETAG: "exchange-tos-v0" 32 # Name of Privacy policy resource file 33 EXCHANGE_PP_ETAG: "exchange-pp-v0" 34 # Full BIC of exchange account 35 EXCHANGE_BANK_ACCOUNT_BIC: "MAEBCHZZ" 36 # Full Payto URI of exchange account (for credit and debit) 37 EXCHANGE_BANK_ACCOUNT_IBAN: "CH6808573105529100001" 38 # QR IBAN for prepared transfers 39 exchange_qr_iban: "CH1130000001166556117" 40 # Full Payto URI of exchange account (for credit and debit) 41 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=Taler+Operations+AG" 42 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway 43 LIBEUFIN_PORT: 8082 44 # Name of the exchange account at libeufin-nexus 45 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange" 46 # Name of the bank dialect 47 LIBEUFIN_NEXUS_BANK_DIALECT: "maerki_baumann" 48 # SPA dialect (tops, gls, magnet, ...) 49 EXCHANGE_SPA_DIALECT: "tops" 50 # Business name of the exchange operator 51 EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG" 52 # Where to send people after they passed KYC. 53 KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc 54 # Template to use for identification of individuals with KYCAID 55 KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx 56 # Template to use for identification of businesses with KYCAID 57 KYCAID_TEMPLATE_BUSINESS: tmpl_xxx 58 # Regex specifying allowed phone numbers for the SMS check 59 EXCHANGE_AML_PROGRAM_TOPS_SMS_HINT: "Swiss number required" 60 EXCHANGE_AML_PROGRAM_TOPS_SMS_EXAMPLE: "+41948224521" 61 EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: "\\\\+41[0-9]+" 62 # Regex specifying allowed country names for the postal address check 63 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_HINT: "Swiss address required" 64 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_EXAMPLE: "Max Mustermann\\nBahnhofsplatz 1\\n4201 Biel/Bienne" 65 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch" 66 # Tool to use for sanction list checking 67 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy 68 69 # If set to true, set up an additional user to allow faking wire transfers and 70 # inspecting challenger auth codes. 71 # This setting MUST NOT be enabled in production 72 # deployments under any circumstance. 73 dangerously_enable_devtesting: true 74 75 devtesting_ssh_keys: 76 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINHSjJ/zPwQnqBrKp0qK+OdsZYfQ8DHY2dyJakNozBi7 fdold-work@sapota" 77 - "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAoXKfSbPriOPoFRR+lMAJszH0/7jaPZOxdg85/URlRbe0ljm8fxbVmup1EjGPuKKJkyYqJIqGQCRHPNYeBt05APXYEO+4d5WAuPY6QOiTFGxB5RueWHAjFM5LVKtBH9Ozln+ngjeXlID48ueuBY2LO24hRuZtRmHYKN1AwQNA2XKtjteKINx99ljm3uwVV9IDYAJkRWKllolLrSFfqK6CHDS/IqlMNp3qNNhNXEW+/Vm5kMUPzKvhPXH/OsFr2KyKaO/+zVXptwje9imtaYaD5iEuRbEfP+6OsCKKpIlp6kyfOUPLuxK+RQfDRY3pyHeCKGriv3DGUpCYqtFVZlmsww== stibane@feh.com" 78 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPzMFKrnSNsRwS6eBInPx4WrJipQvsxFKNN48TGwXewb avalos@thinkpad" 79 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDftpehk0olHW7h0z8u401gjEZwAw4gKjfy/WXfr1xP4aUlAmHlEybrwCA1TmLzYiuJ1GiEZC1a8s/pk4EFXDd1/YH/mMKnqb7FkFM78lsmpyF+uj9lWzGE/Ov0y8ypdS/V+54CGymPvpnZ2v9x/bvADrQip8qnDPu49ERbrr0/3xm4zT+s2uWh8878crJpzjcOnR5WxwTSyl/H1/uSC/8sGhK49sscwgyvemVL13tpqy5svVB6/7Epno8Gti/ydmy9bd3gl9CtBZvRqZ/0gMefWFaKrkyqtu7mwn7xpsth4izKCaJ5QKOVFo/7ZpqyuderUT7UEC0Opm72q8GR8bvS9aFXjMf3XlE4yrQ6NtHR8h7GpvqWkFsmKuSC5JdpPCMu2a8QtQ9RfCxoCv7JG2En2zJwg8ugek8Q9mKxC0RXl0IeOokm4SnoZWQ6smgJezTx8w3Jv2zOPkWX0jAwtGpPHnPlOleqLcdIqkYpbre/91K5527Sz2HvzZiyjScY13Q++YEiHBZ6xEhzSvbQ6FmV0k6zPhijayx8OyqHDp+PjFVGGOYRoRrN1vQTAJAgXxKrL/7QzdGb+920aeYdrxcVS1fp9xvnwUSM6nf9QobjYDcyFdbKRGo/Yn9KKpWR86ksGAy8m1dImvzv/mG7JP02cS1KqLmBSonzBh9KLUHs/Q== hernani+clementine@vecirex.net" 80 - "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCeYL0JLzvDQXyUqzEn+QlOsxyVPmSedSK1SZxUzM/mBgGBJLRA6kN9Go9X9YeVLsPRJZjCOeLaZqZE3CbSUtw9m7/QYSHZslm+9ALlCJwqGeurFXeqWZ4HTo6/IqD79D+RJezYfnNI8QlKe/ChoIGSf+OHpuc5I5FkNRlKTWfTr+pq8/VFqziRqTTT/LkrtBhflvRYsLnz7X/7nMRrIHi+16SeOFxmT0kwTkl6cYnoGPtaV/FmZaWDYbE+QV4wxnWYbkBNu9CZei2b6t9ZITAJeB9S3VvHF3cvzes1mwz4lwItckmesQ/IY4E7KGu1QN5l3r1Ug0JC/BoZe8qnVQw5 stefan-kuegel" 81 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGjBjN7/7f7nloHLScOrZwrwe6HYb3MybDTDbmLxyrds hernani+magikoopa@vecirex.net" 82 - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKzazWynkrZY/TFkFrUAR1NUsAQSdcw9bJUmAegW0+g+ sebasjm" 83 84 # Secrets are taken from the vault file and substituted via 85 # the vault_* variables. 86 # 87 # YOU MAY ONLY edit the vault.yml file via 88 # $ ansible-vault edit inventories/host_vars/rusty/vault.yml 89 # to decrease the likelihood of unencrypted secrets ending up in git. 90 HAVE_SECRETS: true 91 92 # Symmetric encryption secret for KYC attribute encryption. 93 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: "{{ vault_exchange_attribute_encryption_key }}" 94 # EBICS access details 95 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.postfinance.ch/ebics/ebics.aspx 96 LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS 97 LIBEUFIN_NEXUS_EBICS_USER_ID: "{{ vault_libeufin_nexus_ebics_user_id }}" 98 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: "{{ vault_libeufin_nexus_ebics_partner_id }}" 99 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: "{{ vault_libeufin_nexus_ebics_system_id }}" 100 101 # Authorization token for the telesign SMS service 102 # "Basic" is pre-pended by the shell script 103 SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: "{{ vault_sms_challenger_telesign_auth_token }}" 104 105 sms_challenger_clicksend_username: "{{ vault_sms_challenger_clicksend_username }}" 106 sms_challenger_clicksend_api_key: "{{ vault_sms_challenger_clicksend_api_key }}" 107 108 # Authorization data for the pingen postal service 109 POSTAL_CHALLENGER_PINGEN_CLIENT_ID: "{{ vault_postal_challenger_pingen_client_id }}" 110 POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: "{{ vault_postal_challenger_pingen_client_secret }}" 111 POSTAL_CHALLENGER_PINGEN_ORG_ID: "{{ vault_postal_challenger_pingen_org_id }}" 112 113 # KYCaid access token 114 EXCHANGE_KYCAID_ACCESS_TOKEN: "{{ vault_exchange_kycaid_access_token }}" 115 116 # Bearer access token for the auditor SPA (set via browser extension to set Authorization HTTP header on auditor.$DOMAIN!) 117 AUDITOR_ACCESS_TOKEN: "{{ vault_auditor_access_token }}" 118 119 # Bearer access token for monitoring.$DOMAIN (must be given to grafana) 120 PROMETHEUS_ACCESS_TOKEN: "{{ vault_prometheus_access_token }}" 121 122 # Bearer access token for loki.taler-systems.com (see that nginx config) 123 LOKI_ACCESS_TOKEN: "{{ vault_loki_access_token }}"