Add sigul configuration for autosign

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/robosignatory/files/sigul.production.conf

@@ -0,0 +1,20 @@
+[client]
+bridge-hostname: sign-bridge1
+server-hostname: sign-vault1
+client-cert-nickname: sigul-client-cert
+user-name: autopen
+
+[koji]
+koji-config: /etc/sigul/koji.conf
+koji-instances: primary
+koji-config-primary: /etc/sigul/koji.conf
+
+[nss]
+nss-dir: /etc/sigul
+nss-password:
+nss-min-tls: tls1.2
+nss-max-tls: tls1.2
+
+[binding]
+enabled: tpm
+tpm_nosrk: true

roles/robosignatory/tasks/main.yml

@@ -20,6 +20,12 @@
   - config
   - robosignatory
 
+- name: Install sigul configuration
+  copy: src=sigul.{{env}}.conf dest=/etc/sigul/client.conf owner=fedmsg group=fedmsg mode=0640
+  tags:
+  - config
+  - robosignatory
+
 - name: Install koji certificate and key
   copy: src="{{ private }}/files/koji/autopen.pem" dest=/etc/robosignatory/koji.cert
         owner=fedmsg group=fedmsg mode=0640