From fdc92345404efc18fafea0590c17ff26f89c0d8e Mon Sep 17 00:00:00 2001 From: nocci Date: Mon, 3 Nov 2025 13:15:46 +0000 Subject: [PATCH] =?UTF-8?q?=E2=9C=A8=20feat(infrastructure):=20introduce?= =?UTF-8?q?=20ansible=20deployment=20for=20taler=20services?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - add ansible playbooks and roles for deploying taler exchange and merchant - configure PostgreSQL, GNU Taler repositories, and services 🔧 chore(config): provide example env and gitignore for sensitive files - create .env-example with placeholders for sensitive info - add .gitignore entries for .env and common editor files --- .env-example | 39 +++++++++++ .gitignore | 7 ++ ansible.cfg | 12 ++++ collections/requirements.yml | 6 ++ group_vars/all.yml | 31 +++++++++ inventories/local/hosts.yml | 12 ++++ playbooks/site.yml | 28 ++++++++ roles/common/tasks/main.yml | 17 +++++ roles/env_config/tasks/main.yml | 66 ++++++++++++++++++ roles/postgres/tasks/main.yml | 53 ++++++++++++++ roles/taler_exchange/handlers/main.yml | 26 +++++++ roles/taler_exchange/tasks/main.yml | 63 +++++++++++++++++ .../taler_exchange/templates/exchange.conf.j2 | 47 +++++++++++++ roles/taler_merchant/handlers/main.yml | 6 ++ roles/taler_merchant/tasks/main.yml | 69 +++++++++++++++++++ .../taler_merchant/templates/merchant.conf.j2 | 25 +++++++ roles/taler_repo/handlers/main.yml | 4 ++ roles/taler_repo/tasks/main.yml | 14 ++++ 18 files changed, 525 insertions(+) create mode 100644 .env-example create mode 100644 .gitignore create mode 100644 ansible.cfg create mode 100644 collections/requirements.yml create mode 100644 group_vars/all.yml create mode 100644 inventories/local/hosts.yml create mode 100644 playbooks/site.yml create mode 100644 roles/common/tasks/main.yml create mode 100644 roles/env_config/tasks/main.yml create mode 100644 roles/postgres/tasks/main.yml create mode 100644 roles/taler_exchange/handlers/main.yml create mode 100644 roles/taler_exchange/tasks/main.yml create mode 100644 roles/taler_exchange/templates/exchange.conf.j2 create mode 100644 roles/taler_merchant/handlers/main.yml create mode 100644 roles/taler_merchant/tasks/main.yml create mode 100644 roles/taler_merchant/templates/merchant.conf.j2 create mode 100644 roles/taler_repo/handlers/main.yml create mode 100644 roles/taler_repo/tasks/main.yml diff --git a/.env-example b/.env-example new file mode 100644 index 0000000..cd2c7fd --- /dev/null +++ b/.env-example @@ -0,0 +1,39 @@ +# Core domain and contact settings +TALER_DOMAIN=demogeld.example +TALER_ADMIN_EMAIL=ops@demogeld.example +LETSENCRYPT_CONTACT=mailto:ops@demogeld.example + +# PostgreSQL access +TALER_DB_HOST=localhost +TALER_DB_PORT=5432 +TALER_DB_ADMIN_USER=postgres +TALER_DB_ADMIN_PASSWORD=CHANGE_ME +TALER_EXCHANGE_DB=talerexchange +TALER_EXCHANGE_DB_USER=taler_exchange +TALER_EXCHANGE_DB_PASSWORD=CHANGE_ME +TALER_MERCHANT_DB=talermerchant +TALER_MERCHANT_DB_USER=taler_merchant +TALER_MERCHANT_DB_PASSWORD=CHANGE_ME + +# Service hostnames +TALER_EXCHANGE_HOST=exchange.demogeld.example +TALER_MERCHANT_HOST=merchant.demogeld.example +TALER_PAY_HOST=pay.demogeld.example +WORDPRESS_HOST=www.demogeld.example + +# Package mirrors / versions +TALER_PACKAGE_REPO=https://deb.taler.net/ +TALER_DISTRIBUTION=stable + +# TLS +ACME_EMAIL=ops@demogeld.example + +# Optional WordPress database details (if managed here) +WORDPRESS_DB_NAME=wp_demogeld +WORDPRESS_DB_USER=wp_demogeld +WORDPRESS_DB_PASSWORD=CHANGE_ME + +# Exchange master public key (never commit the real value) +TALER_MASTER_PUBLIC_KEY=REPLACE_WITH_PUBLIC_KEY +# Currency definition +TALER_CURRENCY=DEMOGELD diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d7a9258 --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +.env +__pycache__/ +*.retry +ansible.log +.vscode/ +.idea/ + diff --git a/ansible.cfg b/ansible.cfg new file mode 100644 index 0000000..6ca8f13 --- /dev/null +++ b/ansible.cfg @@ -0,0 +1,12 @@ +[defaults] +inventory = inventories/local/hosts.yml +roles_path = roles +collections_paths = ./collections +pipelining = True +retry_files_enabled = False +interpreter_python = auto + +[ssh_connection] +ssh_args = -o ControlMaster=auto -o ControlPersist=60s +control_path = ~/.ansible/cp/%%h-%%p-%%r + diff --git a/collections/requirements.yml b/collections/requirements.yml new file mode 100644 index 0000000..234460a --- /dev/null +++ b/collections/requirements.yml @@ -0,0 +1,6 @@ +--- +collections: + - name: community.general + version: ">=9.0.0" + - name: community.postgresql + version: ">=3.0.0" diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..6c9ff3e --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,31 @@ +--- +# Default values that can be overridden via .env +taler_defaults: + TALER_DOMAIN: demogeld.example + TALER_ADMIN_EMAIL: ops@demogeld.example + LETSENCRYPT_CONTACT: mailto:ops@demogeld.example + TALER_PACKAGE_REPO: https://deb.taler.net/ + TALER_DISTRIBUTION: stable + TALER_CURRENCY: DEMOGELD + + TALER_DB_HOST: localhost + TALER_DB_PORT: "5432" + TALER_DB_ADMIN_USER: postgres + TALER_DB_ADMIN_PASSWORD: "" + TALER_EXCHANGE_DB: talerexchange + TALER_EXCHANGE_DB_USER: taler_exchange + TALER_EXCHANGE_DB_PASSWORD: "" + TALER_MERCHANT_DB: talermerchant + TALER_MERCHANT_DB_USER: taler_merchant + TALER_MERCHANT_DB_PASSWORD: "" + + TALER_EXCHANGE_HOST: exchange.demogeld.example + TALER_MERCHANT_HOST: merchant.demogeld.example + TALER_PAY_HOST: pay.demogeld.example + WORDPRESS_HOST: www.demogeld.example + + WORDPRESS_DB_NAME: wp_demogeld + WORDPRESS_DB_USER: wp_demogeld + WORDPRESS_DB_PASSWORD: "" + + TALER_MASTER_PUBLIC_KEY: "" diff --git a/inventories/local/hosts.yml b/inventories/local/hosts.yml new file mode 100644 index 0000000..6bbb3e7 --- /dev/null +++ b/inventories/local/hosts.yml @@ -0,0 +1,12 @@ +--- +all: + children: + taler_exchange: + hosts: + localhost: + ansible_connection: local + taler_merchant: + hosts: + localhost: + ansible_connection: local + diff --git a/playbooks/site.yml b/playbooks/site.yml new file mode 100644 index 0000000..af201b1 --- /dev/null +++ b/playbooks/site.yml @@ -0,0 +1,28 @@ +--- +- name: Bootstrap shared configuration + hosts: all + become: true + gather_facts: true + roles: + - env_config + - common + - taler_repo + +- name: Prepare PostgreSQL for Taler services + hosts: taler_exchange + become: true + roles: + - postgres + +- name: Deploy Taler exchange + hosts: taler_exchange + become: true + roles: + - taler_exchange + +- name: Deploy Taler merchant backend + hosts: taler_merchant + become: true + roles: + - taler_merchant + diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml new file mode 100644 index 0000000..aa813c7 --- /dev/null +++ b/roles/common/tasks/main.yml @@ -0,0 +1,17 @@ +--- +- name: Ensure apt cache is up to date + ansible.builtin.apt: + update_cache: true + cache_valid_time: 3600 + +- name: Install base packages + ansible.builtin.apt: + name: + - gnupg2 + - apt-transport-https + - ca-certificates + - curl + - logrotate + - python3-apt + state: present + diff --git a/roles/env_config/tasks/main.yml b/roles/env_config/tasks/main.yml new file mode 100644 index 0000000..0bf4b30 --- /dev/null +++ b/roles/env_config/tasks/main.yml @@ -0,0 +1,66 @@ +--- +- name: Determine project root + set_fact: + project_root: "{{ (playbook_dir | realpath) | dirname }}" + +- name: Set default .env path + set_fact: + env_file_resolved: "{{ lookup('ansible.builtin.env', 'GNUTALER_ENV_FILE') }}" + +- name: Override .env path with project default when not provided + set_fact: + env_file_resolved: "{{ project_root + '/.env' }}" + when: env_file_resolved | default('') | length == 0 + +- name: Check if .env file exists + ansible.builtin.stat: + path: "{{ env_file_resolved }}" + register: env_file_stat + +- name: Load .env overrides when present + set_fact: + env_overrides: "{{ lookup('community.general.read_env', env_file_resolved) }}" + when: env_file_stat.stat.exists + +- name: Warn when .env file is missing + ansible.builtin.debug: + msg: >- + .env file not found at {{ env_file_resolved }}. + Using defaults from group_vars/all.yml. Create one from .env-example. + when: not env_file_stat.stat.exists + +- name: Merge defaults with .env overrides + set_fact: + taler_env: "{{ taler_defaults | combine(env_overrides | default({}), recursive=True) }}" + +- name: Build structured variables for play consumption + set_fact: + taler_config: + domain: "{{ taler_env.TALER_DOMAIN }}" + admin_email: "{{ taler_env.TALER_ADMIN_EMAIL }}" + acme_contact: "{{ taler_env.LETSENCRYPT_CONTACT }}" + package_repo: "{{ taler_env.TALER_PACKAGE_REPO }}" + distribution: "{{ taler_env.TALER_DISTRIBUTION }}" + currency: "{{ taler_env.TALER_CURRENCY }}" + exchange_host: "{{ taler_env.TALER_EXCHANGE_HOST }}" + merchant_host: "{{ taler_env.TALER_MERCHANT_HOST }}" + pay_host: "{{ taler_env.TALER_PAY_HOST }}" + wordpress_host: "{{ taler_env.WORDPRESS_HOST }}" + exchange_master_key: "{{ taler_env.TALER_MASTER_PUBLIC_KEY }}" + db: + host: "{{ taler_env.TALER_DB_HOST }}" + port: "{{ taler_env.TALER_DB_PORT | int }}" + admin_user: "{{ taler_env.TALER_DB_ADMIN_USER }}" + admin_password: "{{ taler_env.TALER_DB_ADMIN_PASSWORD }}" + exchange: + name: "{{ taler_env.TALER_EXCHANGE_DB }}" + user: "{{ taler_env.TALER_EXCHANGE_DB_USER }}" + password: "{{ taler_env.TALER_EXCHANGE_DB_PASSWORD }}" + merchant: + name: "{{ taler_env.TALER_MERCHANT_DB }}" + user: "{{ taler_env.TALER_MERCHANT_DB_USER }}" + password: "{{ taler_env.TALER_MERCHANT_DB_PASSWORD }}" + wordpress_db: + name: "{{ taler_env.WORDPRESS_DB_NAME }}" + user: "{{ taler_env.WORDPRESS_DB_USER }}" + password: "{{ taler_env.WORDPRESS_DB_PASSWORD }}" diff --git a/roles/postgres/tasks/main.yml b/roles/postgres/tasks/main.yml new file mode 100644 index 0000000..ebfd1fa --- /dev/null +++ b/roles/postgres/tasks/main.yml @@ -0,0 +1,53 @@ +--- +- name: Ensure PostgreSQL server packages are present + ansible.builtin.apt: + name: + - postgresql + - python3-psycopg2 + state: present + +- name: Ensure PostgreSQL service is running + ansible.builtin.service: + name: postgresql + state: started + enabled: true + +- name: Create exchange database user + community.postgresql.postgresql_user: + name: "{{ taler_config.db.exchange.user }}" + password: "{{ taler_config.db.exchange.password | default(omit) }}" + login_user: "{{ taler_config.db.admin_user }}" + login_password: "{{ taler_config.db.admin_password | default(omit) }}" + login_host: "{{ taler_config.db.host }}" + port: "{{ taler_config.db.port }}" + no_log: true + +- name: Create merchant database user + community.postgresql.postgresql_user: + name: "{{ taler_config.db.merchant.user }}" + password: "{{ taler_config.db.merchant.password | default(omit) }}" + login_user: "{{ taler_config.db.admin_user }}" + login_password: "{{ taler_config.db.admin_password | default(omit) }}" + login_host: "{{ taler_config.db.host }}" + port: "{{ taler_config.db.port }}" + no_log: true + +- name: Ensure exchange database exists + community.postgresql.postgresql_db: + name: "{{ taler_config.db.exchange.name }}" + owner: "{{ taler_config.db.exchange.user }}" + encoding: UTF8 + login_user: "{{ taler_config.db.admin_user }}" + login_password: "{{ taler_config.db.admin_password | default(omit) }}" + login_host: "{{ taler_config.db.host }}" + port: "{{ taler_config.db.port }}" + +- name: Ensure merchant database exists + community.postgresql.postgresql_db: + name: "{{ taler_config.db.merchant.name }}" + owner: "{{ taler_config.db.merchant.user }}" + encoding: UTF8 + login_user: "{{ taler_config.db.admin_user }}" + login_password: "{{ taler_config.db.admin_password | default(omit) }}" + login_host: "{{ taler_config.db.host }}" + port: "{{ taler_config.db.port }}" diff --git a/roles/taler_exchange/handlers/main.yml b/roles/taler_exchange/handlers/main.yml new file mode 100644 index 0000000..7fdc2a3 --- /dev/null +++ b/roles/taler_exchange/handlers/main.yml @@ -0,0 +1,26 @@ +--- +- name: Restart taler-exchange-httpd + ansible.builtin.service: + name: taler-exchange-httpd + state: restarted + +- name: Restart taler-exchange-aggregator + ansible.builtin.service: + name: taler-exchange-aggregator + state: restarted + +- name: Restart taler-exchange-closer + ansible.builtin.service: + name: taler-exchange-closer + state: restarted + +- name: Restart taler-exchange-transfer + ansible.builtin.service: + name: taler-exchange-transfer + state: restarted + +- name: Restart taler-exchange-wirewatch + ansible.builtin.service: + name: taler-exchange-wirewatch + state: restarted + diff --git a/roles/taler_exchange/tasks/main.yml b/roles/taler_exchange/tasks/main.yml new file mode 100644 index 0000000..0a56e4a --- /dev/null +++ b/roles/taler_exchange/tasks/main.yml @@ -0,0 +1,63 @@ +- name: Ensure master public key is provided + ansible.builtin.assert: + that: + - taler_config.exchange_master_key is defined + - taler_config.exchange_master_key | length > 0 + fail_msg: "Provide TALER_MASTER_PUBLIC_KEY in .env before running exchange deployment." + +- name: Install GNU Taler exchange packages + ansible.builtin.apt: + name: + - taler-exchange + - taler-exchange-httpd + - taler-exchange-aggregator + - taler-exchange-closer + - taler-exchange-transfer + - taler-exchange-wirewatch + state: present + +- name: Ensure exchange runtime directories exist + ansible.builtin.file: + path: "{{ item }}" + state: directory + owner: taler-exchange-httpd + group: taler-exchange-httpd + mode: "0750" + loop: + - /var/lib/taler/exchange + - /etc/taler/conf.d + +- name: Deploy exchange configuration + ansible.builtin.template: + src: exchange.conf.j2 + dest: /etc/taler/conf.d/exchange.conf + owner: root + group: root + mode: "0640" + notify: + - Restart taler-exchange-httpd + - Restart taler-exchange-aggregator + - Restart taler-exchange-closer + - Restart taler-exchange-transfer + - Restart taler-exchange-wirewatch + +- name: Run taler-exchange-dbinit + ansible.builtin.command: + cmd: taler-exchange-dbinit -c /etc/taler/conf.d/exchange.conf + register: dbinit_result + changed_when: "'already initialized' not in dbinit_result.stdout" + failed_when: dbinit_result.rc not in [0] + become: true + become_user: taler-exchange-httpd + +- name: Validate exchange configuration + ansible.builtin.command: + cmd: taler-config -c /etc/taler/conf.d/exchange.conf -s exchange -o CURRENCY + register: exchange_config_validation + changed_when: false + +- name: Assert exchange currency matches expected + ansible.builtin.assert: + that: + - exchange_config_validation.stdout.strip() == taler_config.currency + fail_msg: "Exchange currency does not match expected value {{ taler_config.currency }}. Check configuration." diff --git a/roles/taler_exchange/templates/exchange.conf.j2 b/roles/taler_exchange/templates/exchange.conf.j2 new file mode 100644 index 0000000..d43f429 --- /dev/null +++ b/roles/taler_exchange/templates/exchange.conf.j2 @@ -0,0 +1,47 @@ +# Generated by Ansible - manual edits will be overwritten. +[exchange] +BASE_URL = https://{{ taler_config.exchange_host }}/ +CURRENCY = {{ taler_config.currency }} +DB = postgres +MASTER_PUBLIC_KEY = {{ taler_config.exchange_master_key }} +IDLE_RESERVE_EXPIRATION_TIME = 4 weeks +RESHARE_RESERVE_EXPIRATION_TIME = 8 weeks + +{% set exchange_user = taler_config.db.exchange.user %} +{% set exchange_pass = taler_config.db.exchange.password %} +{% set exchange_auth = exchange_user if not exchange_pass else exchange_user ~ ':' ~ exchange_pass %} +[exchangedb-postgres] +CONFIG = postgres://{{ exchange_auth }}@{{ taler_config.db.host }}:{{ taler_config.db.port }}/{{ taler_config.db.exchange.name }} + +[coin_{{ taler_config.currency | lower }}_1] +VALUE = {{ taler_config.currency }}:0.50 +DURATION_WITHDRAW = 12 weeks +DURATION_SPEND = 52 weeks +DURATION_DEPOSIT = 104 weeks +DURATION_LEGAL = 208 weeks +FEE_WITHDRAW = 0.00 {{ taler_config.currency }} +FEE_DEPOSIT = 0.00 {{ taler_config.currency }} +FEE_REFRESH = 0.00 {{ taler_config.currency }} +FEE_REFUND = 0.00 {{ taler_config.currency }} + +[coin_{{ taler_config.currency | lower }}_2] +VALUE = {{ taler_config.currency }}:1.00 +DURATION_WITHDRAW = 12 weeks +DURATION_SPEND = 52 weeks +DURATION_DEPOSIT = 104 weeks +DURATION_LEGAL = 208 weeks +FEE_WITHDRAW = 0.00 {{ taler_config.currency }} +FEE_DEPOSIT = 0.00 {{ taler_config.currency }} +FEE_REFRESH = 0.00 {{ taler_config.currency }} +FEE_REFUND = 0.00 {{ taler_config.currency }} + +[coin_{{ taler_config.currency | lower }}_3] +VALUE = {{ taler_config.currency }}:5.00 +DURATION_WITHDRAW = 12 weeks +DURATION_SPEND = 52 weeks +DURATION_DEPOSIT = 104 weeks +DURATION_LEGAL = 208 weeks +FEE_WITHDRAW = 0.00 {{ taler_config.currency }} +FEE_DEPOSIT = 0.00 {{ taler_config.currency }} +FEE_REFRESH = 0.00 {{ taler_config.currency }} +FEE_REFUND = 0.00 {{ taler_config.currency }} diff --git a/roles/taler_merchant/handlers/main.yml b/roles/taler_merchant/handlers/main.yml new file mode 100644 index 0000000..a934adb --- /dev/null +++ b/roles/taler_merchant/handlers/main.yml @@ -0,0 +1,6 @@ +--- +- name: Restart taler-merchant-backend + ansible.builtin.service: + name: taler-merchant-backend + state: restarted + diff --git a/roles/taler_merchant/tasks/main.yml b/roles/taler_merchant/tasks/main.yml new file mode 100644 index 0000000..eb634b0 --- /dev/null +++ b/roles/taler_merchant/tasks/main.yml @@ -0,0 +1,69 @@ +--- +- name: Install GNU Taler merchant packages + ansible.builtin.apt: + name: + - taler-merchant + - taler-merchant-httpd + - taler-merchant-db + state: present + +- name: Ensure merchant runtime paths exist + ansible.builtin.file: + path: "{{ item.path }}" + state: directory + owner: "{{ item.owner }}" + group: "{{ item.group }}" + mode: "{{ item.mode }}" + loop: + - { path: /etc/taler, owner: root, group: root, mode: "0755" } + - { path: /etc/taler/merchant.d, owner: root, group: root, mode: "0750" } + - { path: /run/taler, owner: taler-merchant, group: taler-merchant, mode: "0770" } + +- name: Deploy merchant configuration + ansible.builtin.template: + src: merchant.conf.j2 + dest: /etc/taler/merchant.conf + owner: root + group: taler-merchant + mode: "0640" + notify: + - Restart taler-merchant-backend + +- name: Initialize merchant database + ansible.builtin.command: + cmd: taler-merchant-dbinit + register: merchant_dbinit + changed_when: "'already initialized' not in merchant_dbinit.stdout" + failed_when: merchant_dbinit.rc not in [0] + become: true + become_user: taler-merchant + +- name: Ensure taler-merchant-backend service enabled + ansible.builtin.service: + name: taler-merchant-backend + state: started + enabled: true + +- name: Validate merchant configuration currency + ansible.builtin.command: + cmd: taler-config -c /etc/taler/merchant.conf -s merchant-exchange-{{ taler_config.currency | lower }} -o CURRENCY + register: merchant_config_currency + changed_when: false + +- name: Assert merchant currency matches exchange currency + ansible.builtin.assert: + that: + - merchant_config_currency.stdout.strip() == taler_config.currency + fail_msg: "Merchant currency mismatch. Expected {{ taler_config.currency }}." + +- name: Validate merchant exchange base URL + ansible.builtin.command: + cmd: taler-config -c /etc/taler/merchant.conf -s merchant-exchange-{{ taler_config.currency | lower }} -o EXCHANGE_BASE_URLS + register: merchant_exchange_urls + changed_when: false + +- name: Assert merchant exchange URL matches configuration + ansible.builtin.assert: + that: + - merchant_exchange_urls.stdout.strip().split()[0] == "https://{{ taler_config.exchange_host }}/" + fail_msg: "Merchant exchange URL mismatch. Expected https://{{ taler_config.exchange_host }}/." diff --git a/roles/taler_merchant/templates/merchant.conf.j2 b/roles/taler_merchant/templates/merchant.conf.j2 new file mode 100644 index 0000000..b47ea11 --- /dev/null +++ b/roles/taler_merchant/templates/merchant.conf.j2 @@ -0,0 +1,25 @@ +# Generated by Ansible - manual edits will be overwritten. +[merchant] +SERVE = UNIX +UNIXPATH = /run/taler/merchant.socket +BIND_TO = 127.0.0.1 +PORT = 9966 +DATABASE = postgres +UNIXPATH_MODE = 0660 + +{% set merchant_user = taler_config.db.merchant.user %} +{% set merchant_pass = taler_config.db.merchant.password %} +{% set merchant_auth = merchant_user if not merchant_pass else merchant_user ~ ':' ~ merchant_pass %} +[merchantdb-postgres] +CONFIG = postgres://{{ merchant_auth }}@{{ taler_config.db.host }}:{{ taler_config.db.port }}/{{ taler_config.db.merchant.name }} + +[merchant-exchange-{{ taler_config.currency | lower }}] +MASTER_KEY = {{ taler_config.exchange_master_key }} +EXCHANGE_BASE_URLS = https://{{ taler_config.exchange_host }}/ +CURRENCY = {{ taler_config.currency }} + +[instance-default] +MERCHANT_NAME = Demogeld Shop +PAYTO_URI = payto://x-taler-merchant/{{ taler_config.merchant_host | default(taler_config.exchange_host) }}/demogeld +DEFAULT_WIRE_TRANSFER_DELAY = 1 day +DEFAULT_MAX_DEPOSIT_FEE = 0 diff --git a/roles/taler_repo/handlers/main.yml b/roles/taler_repo/handlers/main.yml new file mode 100644 index 0000000..fe4cbcb --- /dev/null +++ b/roles/taler_repo/handlers/main.yml @@ -0,0 +1,4 @@ +--- +- name: Update apt cache for Taler repo + ansible.builtin.apt: + update_cache: true diff --git a/roles/taler_repo/tasks/main.yml b/roles/taler_repo/tasks/main.yml new file mode 100644 index 0000000..e333389 --- /dev/null +++ b/roles/taler_repo/tasks/main.yml @@ -0,0 +1,14 @@ +- name: Download GNU Taler archive key + ansible.builtin.get_url: + url: "{{ taler_config.package_repo }}taler-archive-keyring.gpg" + dest: /usr/share/keyrings/taler-archive-keyring.gpg + mode: "0644" + owner: root + group: root + +- name: Add GNU Taler apt repository + ansible.builtin.apt_repository: + repo: "deb [signed-by=/usr/share/keyrings/taler-archive-keyring.gpg] {{ taler_config.package_repo }} {{ taler_config.distribution }} main" + filename: taler + state: present + notify: Update apt cache for Taler repo