[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ansible-taler-exchange] 19/19: unified repo
|
From: |
gnunet |
|
Subject: |
[ansible-taler-exchange] 19/19: unified repo |
|
Date: |
Sat, 01 Feb 2025 19:53:00 +0100 |
This is an automated email from the git hooks/post-receive script.
grothoff pushed a commit to branch master
in repository ansible-taler-exchange.
commit 606bcef1bc2217913bf018a813c1dc6e66aad79e
Author: Christian Grothoff <christian@grothoff.org>
AuthorDate: Sat Feb 1 19:52:31 2025 +0100
unified repo
---
README | 4 +--
deploy-tops.sh | 10 ------
deploy.sh | 18 +++++++++++
extract-borg-key.sh | 5 ++-
playbooks/setup.yml | 77 ++++++-----------------------------------------
playbooks/test-public.yml | 57 +++++++++++++++++++++++++++++++++++
playbooks/tops-public.yml | 57 +++++++++++++++++++++++++++++++++++
test.sh | 10 ++++--
8 files changed, 156 insertions(+), 82 deletions(-)
diff --git a/README b/README
index 4cc2cdd..bd72fd2 100644
--- a/README
+++ b/README
@@ -24,7 +24,7 @@ you can pass an inventory file. See `inventories/`, and
update accordingly.
For example, if you are root@taler-ops.ch, you may be able to:
```
-$ ./deploy-tops tops
+$ ./deploy.sh tops
```
For TOPS production, replace the "test" with "tops" to use the actual secrets
@@ -41,7 +41,7 @@ $ cat playbooks/tops-secrets.yml | gpg --encrypt \
--recipient me@fdold.eu > playbooks/tops-secrets.yml.gpg
-## Setting up backups
+## Setting up backups (TOPS-only for now)
First run:
diff --git a/deploy-tops.sh b/deploy-tops.sh
deleted file mode 100755
index 673adcc..0000000
--- a/deploy-tops.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/bin/sh
-set -eu
-
-if [ -z ${1:-} ]
-then
- echo "Call with 'test' or 'prod' to select which secrets to use"
- exit 1
-fi
-
-ansible-playbook --verbose --inventory inventories/tops --user root
playbooks/setup.yml --extra-vars "@playbooks/$1-secrets.yml"
diff --git a/deploy.sh b/deploy.sh
new file mode 100755
index 0000000..72ad852
--- /dev/null
+++ b/deploy.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -eu
+
+if [ -z ${1:-} ]
+then
+ echo "Call with 'test' or 'prod' to select which secrets to use"
+ exit 1
+fi
+
+ansible-playbook \
+ --verbose \
+ --inventory inventories/tops \
+ --user root \
+ playbooks/setup.yml \
+ --extra-vars "@playbooks/$1-secrets.yml" \
+ --extra-vars "@playbooks/$1-public.yml"
+
+exit 0
diff --git a/extract-borg-key.sh b/extract-borg-key.sh
index 2a28bd9..7b26381 100755
--- a/extract-borg-key.sh
+++ b/extract-borg-key.sh
@@ -2,7 +2,10 @@
set -eu
-ansible-playbook --inventory inventories/tops --user root
playbooks/borg-ssh-export.yml
+ansible-playbook \
+ --inventory inventories/tops \
+ --user root \
+ playbooks/borg-ssh-export.yml
cat borg.pub/*/root/.ssh/borg.pub
rm -rf borg.pub/
exit 0
diff --git a/playbooks/setup.yml b/playbooks/setup.yml
index 3fa73ea..e99e36a 100644
--- a/playbooks/setup.yml
+++ b/playbooks/setup.yml
@@ -2,70 +2,13 @@
- name: Deploy GNU Taler
hosts: all
roles:
- - common_packages
- - ansible-pull
- - webserver
- - database
- - libeufin-nexus
- - challenger
- - exchange
- - challenger
- - auditor
- - monitoring
-# Note that we ONLY define those variables here that are NOT
-# secrets. For secrets, test-secrets.yml contains a template.
- vars:
-# Main domain name.
- DOMAIN_NAME: "taler-ops.ch"
-# Use nightly Taler distro (true/false).
- USE_NIGHTLY: true
-# Deploy EBICS configuration (true/false).
- use_ebics: false
-# Our currency.
- CURRENCY: CHF
-# Smallest unit of the currency for wire transfers.
- CURRENCY_ROUND_UNIT: "CHF:0.01"
-# Base URL of the exchange REST API
- EXCHANGE_BASE_URL: "https://exchange.{{ DOMAIN_NAME }}/"
-# Base URL of the auditor REST API
- AUDITOR_BASE_URL: "https://auditor.{{ DOMAIN_NAME }}/"
-# Exchange offline master public key.
- EXCHANGE_MASTER_PUB: W91R2NPHGP9TD36EXCAWNTW63QHEED4P12SNTKPE1WD5YM6MVA40
-# Auditor offline public key.
- AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
-# URL with merchants accepting this exchange.
- EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/";
-# Name of Terms of service resource file
- EXCHANGE_TERMS_ETAG: "exchange-tos-v0"
-# Name of Privacy policy resource file
- EXCHANGE_PP_ETAG: "exchange-pp-v0"
-# Full BIC of exchange account
- EXCHANGE_BANK_ACCOUNT_BIC: "MAEBCHZZ"
-# Full Payto URI of exchange account (for credit and debit)
- EXCHANGE_BANK_ACCOUNT_IBAN: "CH6808573105529100001"
-# Full Payto URI of exchange account (for credit and debit)
- EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN
}}?receiver-name=Taler+Operations+AG"
-# Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
- LIBEUFIN_PORT: 8082
-# Name of the exchange account at libeufin-nexus
- LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
-# Name of the bank dialect
- LIBEUFIN_NEXUS_BANK_DIALECT: "maerki_baumann"
-# SPA dialect (tops, gls, magnet, ...)
- EXCHANGE_SPA_DIALECT: "tops"
-# Business name of the exchange operator
- EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG"
-# Where to send people after they passed KYC.
- KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc
-# Template to use for identification of individuals with KYCAID
- KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
-# Template to use for identification of businesses with KYCAID
- KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
-# Regex specifying allowed phone numbers for the SMS check
- EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: \+41[0-9]+
-# Limit to lift for withdraw upon SMS registration
- EXCHANGE_AML_PROGRAM_TOPS_SMS_WITHDRAW_THRESHOLD: CHF:200
-# Limit to lift for merge upon SMS registration
- EXCHANGE_AML_PROGRAM_TOPS_SMS_MERGE_THRESHOLD: CHF:0
-# Regex specifying allowed country names for the postal address check
- EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch"
+ - role: common_packages
+ - role: ansible-pull
+ - role: webserver
+ - role: database
+ - role: libeufin-nexus
+ - role: challenger
+ when: DEPLOY_CHALLENGER | bool
+ - role: exchange
+ - role: auditor
+ - role: monitoring
diff --git a/playbooks/test-public.yml b/playbooks/test-public.yml
new file mode 100644
index 0000000..817bd2d
--- /dev/null
+++ b/playbooks/test-public.yml
@@ -0,0 +1,57 @@
+# Public variables for a "test" deployment
+# Deploy challenger?
+DEPLOY_CHALLENGER: true
+# Main domain name.
+DOMAIN_NAME: "taler-ops.ch"
+# Use nightly Taler distro (true/false).
+USE_NIGHTLY: true
+# Deploy EBICS configuration (true/false).
+use_ebics: false
+# Our currency.
+CURRENCY: CHF
+# Smallest unit of the currency for wire transfers.
+CURRENCY_ROUND_UNIT: "CHF:0.01"
+# Base URL of the exchange REST API
+EXCHANGE_BASE_URL: "https://exchange.{{ DOMAIN_NAME }}/"
+# Base URL of the auditor REST API
+AUDITOR_BASE_URL: "https://auditor.{{ DOMAIN_NAME }}/"
+# Exchange offline master public key.
+EXCHANGE_MASTER_PUB: W91R2NPHGP9TD36EXCAWNTW63QHEED4P12SNTKPE1WD5YM6MVA40
+# Auditor offline public key.
+AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
+# URL with merchants accepting this exchange.
+EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/";
+# Name of Terms of service resource file
+EXCHANGE_TERMS_ETAG: "exchange-tos-v0"
+# Name of Privacy policy resource file
+EXCHANGE_PP_ETAG: "exchange-pp-v0"
+# Full BIC of exchange account
+EXCHANGE_BANK_ACCOUNT_BIC: "MAEBCHZZ"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_IBAN: "CH6808573105529100001"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN
}}?receiver-name=Taler+Operations+AG"
+# Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
+LIBEUFIN_PORT: 8082
+# Name of the exchange account at libeufin-nexus
+LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
+# Name of the bank dialect
+LIBEUFIN_NEXUS_BANK_DIALECT: "maerki_baumann"
+# SPA dialect (tops, gls, magnet, ...)
+EXCHANGE_SPA_DIALECT: "tops"
+# Business name of the exchange operator
+EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG"
+# Where to send people after they passed KYC.
+KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc
+# Template to use for identification of individuals with KYCAID
+KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
+# Template to use for identification of businesses with KYCAID
+KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
+# Regex specifying allowed phone numbers for the SMS check
+EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: \+41[0-9]+
+# Limit to lift for withdraw upon SMS registration
+EXCHANGE_AML_PROGRAM_TOPS_SMS_WITHDRAW_THRESHOLD: CHF:200
+# Limit to lift for merge upon SMS registration
+EXCHANGE_AML_PROGRAM_TOPS_SMS_MERGE_THRESHOLD: CHF:0
+# Regex specifying allowed country names for the postal address check
+EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch"
diff --git a/playbooks/tops-public.yml b/playbooks/tops-public.yml
new file mode 100644
index 0000000..00d66b5
--- /dev/null
+++ b/playbooks/tops-public.yml
@@ -0,0 +1,57 @@
+# Public variables for the Taler Operations AG (TOPS) deployment
+# Deploy challenger?
+DEPLOY_CHALLENGER: true
+# Main domain name.
+DOMAIN_NAME: "taler-ops.ch"
+# Use nightly Taler distro (true/false).
+USE_NIGHTLY: true
+# Deploy EBICS configuration (true/false).
+use_ebics: false
+# Our currency.
+CURRENCY: CHF
+# Smallest unit of the currency for wire transfers.
+CURRENCY_ROUND_UNIT: "CHF:0.01"
+# Base URL of the exchange REST API
+EXCHANGE_BASE_URL: "https://exchange.{{ DOMAIN_NAME }}/"
+# Base URL of the auditor REST API
+AUDITOR_BASE_URL: "https://auditor.{{ DOMAIN_NAME }}/"
+# Exchange offline master public key.
+EXCHANGE_MASTER_PUB: W91R2NPHGP9TD36EXCAWNTW63QHEED4P12SNTKPE1WD5YM6MVA40
+# Auditor offline public key.
+AUDITOR_PUB: P6B7ZS7Y1Y12S0VP0PAJ1GQGSHW8RE4NSBTP8PR254J18SK24MH0
+# URL with merchants accepting this exchange.
+EXCHANGE_SHOPPING_URL: "https://shops.taler-ops.ch/";
+# Name of Terms of service resource file
+EXCHANGE_TERMS_ETAG: "exchange-tos-v0"
+# Name of Privacy policy resource file
+EXCHANGE_PP_ETAG: "exchange-pp-v0"
+# Full BIC of exchange account
+EXCHANGE_BANK_ACCOUNT_BIC: "MAEBCHZZ"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_IBAN: "CH6808573105529100001"
+# Full Payto URI of exchange account (for credit and debit)
+EXCHANGE_BANK_ACCOUNT_PAYTO: "payto://iban/{{ EXCHANGE_BANK_ACCOUNT_IBAN
}}?receiver-name=Taler+Operations+AG"
+# Port to be used by libeufin-nexus for the taler-exchange-wire-gateway
+LIBEUFIN_PORT: 8082
+# Name of the exchange account at libeufin-nexus
+LIBEUFIN_EXCHANGE_ACCOUNT: "exchange"
+# Name of the bank dialect
+LIBEUFIN_NEXUS_BANK_DIALECT: "maerki_baumann"
+# SPA dialect (tops, gls, magnet, ...)
+EXCHANGE_SPA_DIALECT: "tops"
+# Business name of the exchange operator
+EXCHANGE_OPERATOR_LEGAL_NAME: "Taler Operations AG"
+# Where to send people after they passed KYC.
+KYC_THANK_YOU_URL: https://taler-ops.ch/thank-you-kyc
+# Template to use for identification of individuals with KYCAID
+KYCAID_TEMPLATE_INDIVIDUAL: tmpl_xxx
+# Template to use for identification of businesses with KYCAID
+KYCAID_TEMPLATE_BUSINESS: tmpl_xxx
+# Regex specifying allowed phone numbers for the SMS check
+EXCHANGE_AML_PROGRAM_TOPS_SMS_REGEX: \+41[0-9]+
+# Limit to lift for withdraw upon SMS registration
+EXCHANGE_AML_PROGRAM_TOPS_SMS_WITHDRAW_THRESHOLD: CHF:200
+# Limit to lift for merge upon SMS registration
+EXCHANGE_AML_PROGRAM_TOPS_SMS_MERGE_THRESHOLD: CHF:0
+# Regex specifying allowed country names for the postal address check
+EXCHANGE_AML_PROGRAM_TOPS_POSTAL_COUNTRY_REGEX: "CH|Ch|ch"
diff --git a/test.sh b/test.sh
index c6b36f5..d91a865 100755
--- a/test.sh
+++ b/test.sh
@@ -10,7 +10,7 @@ podman run \
--name ansible-taler-test \
-p 127.0.0.1:8022:22 \
--systemd=always \
- -d localhost/ansible-taler-test sh -c "exec /usr/sbin/init
--show-status"
+ -d localhost/ansible-taler-test sh -c "exec /usr/sbin/init
--show-status"
# Print to log that container is running
podman ps
@@ -20,4 +20,10 @@ ssh-keygen -f "$HOME/.ssh/known_hosts" -R "[127.0.0.1]:8022"
# Run our playbook(s)
# NOTE: Trailing comma is correct (and required) in agument for -i flag
-ansible-playbook --verbose -i 127.0.0.1:8022, --user root playbooks/setup.yml
--extra-vars "@playbooks/test-secrets.yml"
+ansible-playbook \
+ --verbose \
+ -i 127.0.0.1:8022, \
+ --user root \
+ playbooks/setup.yml \
+ --extra-vars "@playbooks/test-secrets.yml" \
+ --extra-vars "@playbooks/test-public.yml"
--
To stop receiving notification emails like this one, please contact
gnunet@gnunet.org.
- [ansible-taler-exchange] 04/19: -remove redundant rules, (continued)
- [ansible-taler-exchange] 04/19: -remove redundant rules, gnunet, 2025/02/01
- [ansible-taler-exchange] 02/19: -fix check, gnunet, 2025/02/01
- [ansible-taler-exchange] 03/19: add test rule, gnunet, 2025/02/01
- [ansible-taler-exchange] 06/19: -fix form names, gnunet, 2025/02/01
- [ansible-taler-exchange] 09/19: fix rules, gnunet, 2025/02/01
- [ansible-taler-exchange] 08/19: more KYC rules cleanup, gnunet, 2025/02/01
- [ansible-taler-exchange] 01/19: clean TOPS branch with just KYC config patch, gnunet, 2025/02/01
- [ansible-taler-exchange] 15/19: -fix syntax, gnunet, 2025/02/01
- [ansible-taler-exchange] 16/19: update TODOs, gnunet, 2025/02/01
- [ansible-taler-exchange] 05/19: -remove more stuff that causes failures and does not belong into prod, gnunet, 2025/02/01
- [ansible-taler-exchange] 19/19: unified repo,
gnunet <=
- [ansible-taler-exchange] 11/19: add convenience script, gnunet, 2025/02/01
- [ansible-taler-exchange] 12/19: -use our BIC/IBAN, gnunet, 2025/02/01
- [ansible-taler-exchange] 07/19: -fix form output, gnunet, 2025/02/01
- [ansible-taler-exchange] 18/19: -fix monitoring deployment, gnunet, 2025/02/01
- [ansible-taler-exchange] 14/19: -fix name, gnunet, 2025/02/01
- [ansible-taler-exchange] 17/19: setup production secrets, gnunet, 2025/02/01
- [ansible-taler-exchange] 10/19: -fix kyc rules, gnunet, 2025/02/01