✨ feat(infrastructure): introduce ansible deployment for taler services

- add ansible playbooks and roles for deploying taler exchange and merchant
- configure PostgreSQL, GNU Taler repositories, and services

🔧 chore(config): provide example env and gitignore for sensitive files

- create .env-example with placeholders for sensitive info
- add .gitignore entries for .env and common editor files

roles/taler_merchant/handlers/main.yml

@@ -0,0 +1,6 @@
+---
+- name: Restart taler-merchant-backend
+  ansible.builtin.service:
+    name: taler-merchant-backend
+    state: restarted
+

roles/taler_merchant/tasks/main.yml

@@ -0,0 +1,69 @@
+---
+- name: Install GNU Taler merchant packages
+  ansible.builtin.apt:
+    name:
+      - taler-merchant
+      - taler-merchant-httpd
+      - taler-merchant-db
+    state: present
+
+- name: Ensure merchant runtime paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - { path: /etc/taler, owner: root, group: root, mode: "0755" }
+    - { path: /etc/taler/merchant.d, owner: root, group: root, mode: "0750" }
+    - { path: /run/taler, owner: taler-merchant, group: taler-merchant, mode: "0770" }
+
+- name: Deploy merchant configuration
+  ansible.builtin.template:
+    src: merchant.conf.j2
+    dest: /etc/taler/merchant.conf
+    owner: root
+    group: taler-merchant
+    mode: "0640"
+  notify:
+    - Restart taler-merchant-backend
+
+- name: Initialize merchant database
+  ansible.builtin.command:
+    cmd: taler-merchant-dbinit
+  register: merchant_dbinit
+  changed_when: "'already initialized' not in merchant_dbinit.stdout"
+  failed_when: merchant_dbinit.rc not in [0]
+  become: true
+  become_user: taler-merchant
+
+- name: Ensure taler-merchant-backend service enabled
+  ansible.builtin.service:
+    name: taler-merchant-backend
+    state: started
+    enabled: true
+
+- name: Validate merchant configuration currency
+  ansible.builtin.command:
+    cmd: taler-config -c /etc/taler/merchant.conf -s merchant-exchange-{{ taler_config.currency | lower }} -o CURRENCY
+  register: merchant_config_currency
+  changed_when: false
+
+- name: Assert merchant currency matches exchange currency
+  ansible.builtin.assert:
+    that:
+      - merchant_config_currency.stdout.strip() == taler_config.currency
+    fail_msg: "Merchant currency mismatch. Expected {{ taler_config.currency }}."
+
+- name: Validate merchant exchange base URL
+  ansible.builtin.command:
+    cmd: taler-config -c /etc/taler/merchant.conf -s merchant-exchange-{{ taler_config.currency | lower }} -o EXCHANGE_BASE_URLS
+  register: merchant_exchange_urls
+  changed_when: false
+
+- name: Assert merchant exchange URL matches configuration
+  ansible.builtin.assert:
+    that:
+      - merchant_exchange_urls.stdout.strip().split()[0] == "https://{{ taler_config.exchange_host }}/"
+    fail_msg: "Merchant exchange URL mismatch. Expected https://{{ taler_config.exchange_host }}/."

roles/taler_merchant/templates/merchant.conf.j2

@@ -0,0 +1,25 @@
+# Generated by Ansible - manual edits will be overwritten.
+[merchant]
+SERVE = UNIX
+UNIXPATH = /run/taler/merchant.socket
+BIND_TO = 127.0.0.1
+PORT = 9966
+DATABASE = postgres
+UNIXPATH_MODE = 0660
+
+{% set merchant_user = taler_config.db.merchant.user %}
+{% set merchant_pass = taler_config.db.merchant.password %}
+{% set merchant_auth = merchant_user if not merchant_pass else merchant_user ~ ':' ~ merchant_pass %}
+[merchantdb-postgres]
+CONFIG = postgres://{{ merchant_auth }}@{{ taler_config.db.host }}:{{ taler_config.db.port }}/{{ taler_config.db.merchant.name }}
+
+[merchant-exchange-{{ taler_config.currency | lower }}]
+MASTER_KEY = {{ taler_config.exchange_master_key }}
+EXCHANGE_BASE_URLS = https://{{ taler_config.exchange_host }}/
+CURRENCY = {{ taler_config.currency }}
+
+[instance-default]
+MERCHANT_NAME = Demogeld Shop
+PAYTO_URI = payto://x-taler-merchant/{{ taler_config.merchant_host | default(taler_config.exchange_host) }}/demogeld
+DEFAULT_WIRE_TRANSFER_DELAY = 1 day
+DEFAULT_MAX_DEPOSIT_FEE = 0