From 1b4e469a969e48dfa5b86d5d610c5c2902c489c7 Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Mon, 17 Oct 2016 09:37:36 +0000
Subject: [PATCH] Add sigul configuration for autosign

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 .../robosignatory/files/sigul.production.conf | 20 +++++++++++++++++++
 roles/robosignatory/tasks/main.yml            |  6 ++++++
 2 files changed, 26 insertions(+)
 create mode 100644 roles/robosignatory/files/sigul.production.conf

diff --git a/roles/robosignatory/files/sigul.production.conf b/roles/robosignatory/files/sigul.production.conf
new file mode 100644
index 0000000000..6524668d2b
--- /dev/null
+++ b/roles/robosignatory/files/sigul.production.conf
@@ -0,0 +1,20 @@
+[client]
+bridge-hostname: sign-bridge1
+server-hostname: sign-vault1
+client-cert-nickname: sigul-client-cert
+user-name: autopen
+
+[koji]
+koji-config: /etc/sigul/koji.conf
+koji-instances: primary
+koji-config-primary: /etc/sigul/koji.conf
+
+[nss]
+nss-dir: /etc/sigul
+nss-password:
+nss-min-tls: tls1.2
+nss-max-tls: tls1.2
+
+[binding]
+enabled: tpm
+tpm_nosrk: true
diff --git a/roles/robosignatory/tasks/main.yml b/roles/robosignatory/tasks/main.yml
index 851d3ef229..486e2a4839 100644
--- a/roles/robosignatory/tasks/main.yml
+++ b/roles/robosignatory/tasks/main.yml
@@ -20,6 +20,12 @@
   - config
   - robosignatory
 
+- name: Install sigul configuration
+  copy: src=sigul.{{env}}.conf dest=/etc/sigul/client.conf owner=fedmsg group=fedmsg mode=0640
+  tags:
+  - config
+  - robosignatory
+
 - name: Install koji certificate and key
   copy: src="{{ private }}/files/koji/autopen.pem" dest=/etc/robosignatory/koji.cert
         owner=fedmsg group=fedmsg mode=0640