ansible-taler-exchange

Ansible playbook to deploy a production Taler Exchange
Log | Files | Refs | Submodules | README | LICENSE

vars.yml (5089B)


      1 # Public variables for the Taler Operations AG (TOPS) deployment
      2 # Deploy challenger?
      3 deploy_challenger: true
      4 # What kind of environment are we deploying?
      5 DEPLOYMENT_KIND: "tops"
      6 # Write EBICS configuration (with values in secret config)
      7 configure_ebics: true
      8 # Main domain name.
      9 domain_name: "taler-ops.ch"
     10 exchange_domain: "exchange.{{ domain_name }}"
     11 # Our internal hostname
     12 TARGET_HOST_NAME: "spec.taler-ops.ch"
     13 # Suite for taler packages.
     14 taler_repo_suites: trixie
     15 # Deploy EBICS configuration (true/false).
     16 use_ebics: false
     17 # Our currency.
     18 CURRENCY: CHF
     19 # Smallest unit of the currency for wire transfers.
     20 CURRENCY_ROUND_UNIT: "CHF:0.01"
     21 # Sanction list to use, comment out to disable
     22 # SANCTION_LIST: sanctions-swiss.json
     23 # Base URL of the exchange REST API
     24 EXCHANGE_BASE_URL: "https://exchange.{{ domain_name }}/"
     25 # Base URL of the auditor REST API
     26 AUDITOR_BASE_URL: "https://auditor.{{ domain_name }}/"
     27 # Exchange offline master public key.
     28 EXCHANGE_MASTER_PUB: 9V0G82S7JQW2ZRYF7BMGKKQ1TNR1VNVXZJSNQ2VSDGWC80D9W0YG
     29 # Auditor offline public key.
     30 AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
     31 # URL with merchants accepting this exchange.
     32 EXCHANGE_SHOPPING_URL: "https://map.taler-ops.ch/"
     33 # Name of Terms of service resource file
     34 EXCHANGE_TERMS_ETAG: "exchange-tos-tops-v0"
     35 # Name of Privacy policy resource file
     36 EXCHANGE_PP_ETAG: "exchange-pp-v0"
     37 # Full BIC of exchange account
     38 EXCHANGE_BANK_ACCOUNT_BIC: "POFICHBEXXX"
     39 # Full Payto URI of exchange account (for credit and debit)
     40 EXCHANGE_BANK_ACCOUNT_IBAN: "CH9709000000166556130"
     41 # Full Payto URI of exchange account (for credit and debit)
     42 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=Taler+Operations+AG"
     43 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
     44 LIBEUFIN_PORT: 8082
     45 # Name of the exchange account at libeufin-nexus
     46 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
     47 # Name of the bank dialect
     48 LIBEUFIN_NEXUS_BANK_DIALECT: "postfinance"
     49 # SPA dialect (tops, gls, magnet, ...)
     50 EXCHANGE_SPA_DIALECT: "tops"
     51 # Business name of the exchange operator
     52 EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG"
     53 # Where to send people after they passed KYC.
     54 KYC_THANK_YOU_URL: https://taler-ops.ch/en/thank-you-kyc.html
     55 # Template to use for identification of individuals with KYCAID
     56 KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
     57 # Template to use for identification of businesses with KYCAID
     58 KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
     59 # Regex specifying allowed phone numbers for the SMS check
     60 EXCHANGE_AML_PROGRAM_TOPS_SMS_HINT: "Swiss mobile number (+417...) required"
     61 EXCHANGE_AML_PROGRAM_TOPS_SMS_EXAMPLE: "+41748224521"
     62 EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: "\\\\+417[0-9]+"
     63 # Regex specifying allowed country names for the postal address check
     64 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_HINT: "Swiss address required"
     65 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_EXAMPLE: "Max Mustermann\\nBahnhofsplatz 1\\n4201 Biel/Bienne"
     66 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch"
     67 # Tool to use for sanction list checking
     68 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy
     69 
     70 # Secrets are taken from the vault file and substituted via
     71 # the vault_* variables.
     72 #
     73 # YOU MAY ONLY edit the vault.yml file via
     74 # $ ansible-vault edit inventories/host_vars/spec/vault.yml
     75 # to decrease the likelihood of unencrypted secrets ending up in git.
     76 HAVE_SECRETS: true
     77 
     78 # Symmetric encryption secret for KYC attribute encryption.
     79 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: "{{ vault_exchange_attribute_encryption_key }}"
     80 # EBICS access details
     81 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.postfinance.ch/ebics/ebics.aspx
     82 LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS
     83 LIBEUFIN_NEXUS_EBICS_USER_ID: "{{ vault_libeufin_nexus_ebics_user_id }}"
     84 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: "{{ vault_libeufin_nexus_ebics_partner_id }}"
     85 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: "{{ vault_libeufin_nexus_ebics_system_id }}"
     86 
     87 # Authorization token for the telesign SMS service
     88 # "Basic" is pre-pended by the shell script
     89 SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: "{{ vault_sms_challenger_telesign_auth_token }}"
     90 
     91 sms_challenger_clicksend_username: "{{ vault_sms_challenger_clicksend_username }}"
     92 vault_sms_challenger_clicksend_api_key: "{{ vault_sms_challenger_clicksend_api_key }}"
     93 
     94 # Authorization data for the pingen postal service
     95 POSTAL_CHALLENGER_PINGEN_CLIENT_ID: "{{ vault_postal_challenger_pingen_client_id }}"
     96 POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: "{{ vault_postal_challenger_pingen_client_secret }}"
     97 POSTAL_CHALLENGER_PINGEN_ORG_ID: "{{ vault_postal_challenger_pingen_org_id }}"
     98 
     99 # KYCaid access token
    100 EXCHANGE_KYCAID_ACCESS_TOKEN: "{{ vault_exchange_kycaid_access_token }}"
    101 
    102 # Bearer access token for the auditor SPA (set via browser extension to set Authorization HTTP header on auditor.$DOMAIN!)
    103 AUDITOR_ACCESS_TOKEN: "{{ vault_auditor_access_token }}"
    104 
    105 # Bearer access token for monitoring.$DOMAIN (must be given to grafana)
    106 PROMETHEUS_ACCESS_TOKEN: "{{ vault_prometheus_access_token }}"
    107 
    108 # Bearer access token for loki.taler-systems.com (see that nginx config)
    109 LOKI_ACCESS_TOKEN: "{{ vault_loki_access_token }}"