vars.yml (5089B)
1 # Public variables for the Taler Operations AG (TOPS) deployment 2 # Deploy challenger? 3 deploy_challenger: true 4 # What kind of environment are we deploying? 5 DEPLOYMENT_KIND: "tops" 6 # Write EBICS configuration (with values in secret config) 7 configure_ebics: true 8 # Main domain name. 9 domain_name: "taler-ops.ch" 10 exchange_domain: "exchange.{{ domain_name }}" 11 # Our internal hostname 12 TARGET_HOST_NAME: "spec.taler-ops.ch" 13 # Suite for taler packages. 14 taler_repo_suites: trixie 15 # Deploy EBICS configuration (true/false). 16 use_ebics: false 17 # Our currency. 18 CURRENCY: CHF 19 # Smallest unit of the currency for wire transfers. 20 CURRENCY_ROUND_UNIT: "CHF:0.01" 21 # Sanction list to use, comment out to disable 22 # SANCTION_LIST: sanctions-swiss.json 23 # Base URL of the exchange REST API 24 EXCHANGE_BASE_URL: "https://exchange.{{ domain_name }}/" 25 # Base URL of the auditor REST API 26 AUDITOR_BASE_URL: "https://auditor.{{ domain_name }}/" 27 # Exchange offline master public key. 28 EXCHANGE_MASTER_PUB: 9V0G82S7JQW2ZRYF7BMGKKQ1TNR1VNVXZJSNQ2VSDGWC80D9W0YG 29 # Auditor offline public key. 30 AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0 31 # URL with merchants accepting this exchange. 32 EXCHANGE_SHOPPING_URL: "https://map.taler-ops.ch/" 33 # Name of Terms of service resource file 34 EXCHANGE_TERMS_ETAG: "exchange-tos-tops-v0" 35 # Name of Privacy policy resource file 36 EXCHANGE_PP_ETAG: "exchange-pp-v0" 37 # Full BIC of exchange account 38 EXCHANGE_BANK_ACCOUNT_BIC: "POFICHBEXXX" 39 # Full Payto URI of exchange account (for credit and debit) 40 EXCHANGE_BANK_ACCOUNT_IBAN: "CH9709000000166556130" 41 # Full Payto URI of exchange account (for credit and debit) 42 EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN }}?receiver-name=Taler+Operations+AG" 43 # Port to be used by libeufin-nexus for the taler-exchange-wire-gateway 44 LIBEUFIN_PORT: 8082 45 # Name of the exchange account at libeufin-nexus 46 LIBEUFIN_EXCHANGE_ACCOUNT: "exchange" 47 # Name of the bank dialect 48 LIBEUFIN_NEXUS_BANK_DIALECT: "postfinance" 49 # SPA dialect (tops, gls, magnet, ...) 50 EXCHANGE_SPA_DIALECT: "tops" 51 # Business name of the exchange operator 52 EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG" 53 # Where to send people after they passed KYC. 54 KYC_THANK_YOU_URL: https://taler-ops.ch/en/thank-you-kyc.html 55 # Template to use for identification of individuals with KYCAID 56 KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx 57 # Template to use for identification of businesses with KYCAID 58 KYCAID_TEMPLATE_BUSINESS: tmpl_xxx 59 # Regex specifying allowed phone numbers for the SMS check 60 EXCHANGE_AML_PROGRAM_TOPS_SMS_HINT: "Swiss mobile number (+417...) required" 61 EXCHANGE_AML_PROGRAM_TOPS_SMS_EXAMPLE: "+41748224521" 62 EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: "\\\\+417[0-9]+" 63 # Regex specifying allowed country names for the postal address check 64 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_HINT: "Swiss address required" 65 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_EXAMPLE: "Max Mustermann\\nBahnhofsplatz 1\\n4201 Biel/Bienne" 66 EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch" 67 # Tool to use for sanction list checking 68 EXCHANGE_SANCTION_HELPER: taler-exchange-helper-sanctions-dummy 69 70 # Secrets are taken from the vault file and substituted via 71 # the vault_* variables. 72 # 73 # YOU MAY ONLY edit the vault.yml file via 74 # $ ansible-vault edit inventories/host_vars/spec/vault.yml 75 # to decrease the likelihood of unencrypted secrets ending up in git. 76 HAVE_SECRETS: true 77 78 # Symmetric encryption secret for KYC attribute encryption. 79 EXCHANGE_ATTRIBUTE_ENCRYPTION_KEY: "{{ vault_exchange_attribute_encryption_key }}" 80 # EBICS access details 81 LIBEUFIN_NEXUS_EBICS_HOST_BASE_URL: https://ebics.postfinance.ch/ebics/ebics.aspx 82 LIBEUFIN_NEXUS_EBICS_HOST_ID: PFEBICS 83 LIBEUFIN_NEXUS_EBICS_USER_ID: "{{ vault_libeufin_nexus_ebics_user_id }}" 84 LIBEUFIN_NEXUS_EBICS_PARTNER_ID: "{{ vault_libeufin_nexus_ebics_partner_id }}" 85 LIBEUFIN_NEXUS_EBICS_SYSTEM_ID: "{{ vault_libeufin_nexus_ebics_system_id }}" 86 87 # Authorization token for the telesign SMS service 88 # "Basic" is pre-pended by the shell script 89 SMS_CHALLENGER_TELESIGN_AUTH_TOKEN: "{{ vault_sms_challenger_telesign_auth_token }}" 90 91 sms_challenger_clicksend_username: "{{ vault_sms_challenger_clicksend_username }}" 92 vault_sms_challenger_clicksend_api_key: "{{ vault_sms_challenger_clicksend_api_key }}" 93 94 # Authorization data for the pingen postal service 95 POSTAL_CHALLENGER_PINGEN_CLIENT_ID: "{{ vault_postal_challenger_pingen_client_id }}" 96 POSTAL_CHALLENGER_PINGEN_CLIENT_SECRET: "{{ vault_postal_challenger_pingen_client_secret }}" 97 POSTAL_CHALLENGER_PINGEN_ORG_ID: "{{ vault_postal_challenger_pingen_org_id }}" 98 99 # KYCaid access token 100 EXCHANGE_KYCAID_ACCESS_TOKEN: "{{ vault_exchange_kycaid_access_token }}" 101 102 # Bearer access token for the auditor SPA (set via browser extension to set Authorization HTTP header on auditor.$DOMAIN!) 103 AUDITOR_ACCESS_TOKEN: "{{ vault_auditor_access_token }}" 104 105 # Bearer access token for monitoring.$DOMAIN (must be given to grafana) 106 PROMETHEUS_ACCESS_TOKEN: "{{ vault_prometheus_access_token }}" 107 108 # Bearer access token for loki.taler-systems.com (see that nginx config) 109 LOKI_ACCESS_TOKEN: "{{ vault_loki_access_token }}"