✨ feat(infrastructure): introduce ansible deployment for taler services

- add ansible playbooks and roles for deploying taler exchange and merchant - configure PostgreSQL, GNU Taler repositories, and services 🔧 chore(config): provide example env and gitignore for sensitive files - create .env-example with placeholders for sensitive info - add .gitignore entries for .env and common editor files
2025-11-03 13:15:46 +00:00 · 2025-11-03 13:15:46 +00:00 · fdc9234540
commit fdc9234540
parent ca89a06864
18 changed files with 525 additions and 0 deletions
--- a/roles/taler_merchant/tasks/main.yml
+++ b/roles/taler_merchant/tasks/main.yml
@ -0,0 +1,69 @@
+---
+- name: Install GNU Taler merchant packages
+  ansible.builtin.apt:
+    name:
+      - taler-merchant
+      - taler-merchant-httpd
+      - taler-merchant-db
+    state: present
+
+- name: Ensure merchant runtime paths exist
+  ansible.builtin.file:
+    path: "{{ item.path }}"
+    state: directory
+    owner: "{{ item.owner }}"
+    group: "{{ item.group }}"
+    mode: "{{ item.mode }}"
+  loop:
+    - { path: /etc/taler, owner: root, group: root, mode: "0755" }
+    - { path: /etc/taler/merchant.d, owner: root, group: root, mode: "0750" }
+    - { path: /run/taler, owner: taler-merchant, group: taler-merchant, mode: "0770" }
+
+- name: Deploy merchant configuration
+  ansible.builtin.template:
+    src: merchant.conf.j2
+    dest: /etc/taler/merchant.conf
+    owner: root
+    group: taler-merchant
+    mode: "0640"
+  notify:
+    - Restart taler-merchant-backend
+
+- name: Initialize merchant database
+  ansible.builtin.command:
+    cmd: taler-merchant-dbinit
+  register: merchant_dbinit
+  changed_when: "'already initialized' not in merchant_dbinit.stdout"
+  failed_when: merchant_dbinit.rc not in [0]
+  become: true
+  become_user: taler-merchant
+
+- name: Ensure taler-merchant-backend service enabled
+  ansible.builtin.service:
+    name: taler-merchant-backend
+    state: started
+    enabled: true
+
+- name: Validate merchant configuration currency
+  ansible.builtin.command:
+    cmd: taler-config -c /etc/taler/merchant.conf -s merchant-exchange-{{ taler_config.currency | lower }} -o CURRENCY
+  register: merchant_config_currency
+  changed_when: false
+
+- name: Assert merchant currency matches exchange currency
+  ansible.builtin.assert:
+    that:
+      - merchant_config_currency.stdout.strip() == taler_config.currency
+    fail_msg: "Merchant currency mismatch. Expected {{ taler_config.currency }}."
+
+- name: Validate merchant exchange base URL
+  ansible.builtin.command:
+    cmd: taler-config -c /etc/taler/merchant.conf -s merchant-exchange-{{ taler_config.currency | lower }} -o EXCHANGE_BASE_URLS
+  register: merchant_exchange_urls
+  changed_when: false
+
+- name: Assert merchant exchange URL matches configuration
+  ansible.builtin.assert:
+    that:
+      - merchant_exchange_urls.stdout.strip().split()[0] == "https://{{ taler_config.exchange_host }}/"
+    fail_msg: "Merchant exchange URL mismatch. Expected https://{{ taler_config.exchange_host }}/."