Ipsilon in staging: deploy config files

Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

roles/ipsilon/tasks/main.yml

@@ -150,31 +150,31 @@
   tags:
   - ipsilon
 
-## - name: copy ipsilon configuration
+- name: copy ipsilon configuration
-##   template:
+  template:
-##     src: "ipsilon.conf"
+    src: "ipsilon.conf.{{ env }}"
-##     dest: "/etc/ipsilon/root/ipsilon.conf"
+    dest: "/etc/ipsilon/root/ipsilon.conf"
-##     owner: ipsilon
+    owner: ipsilon
-##     group: ipsilon
+    group: ipsilon
-##     mode: 0600
+    mode: 0600
-##   tags:
+  tags:
-##   - ipsilon
+  - ipsilon
-##   - config
+  - config
-##   notify:
+  notify:
-##   - restart apache
+  - restart apache
-## 
+
-## - name: copy ipsilon admin configuration
+- name: copy ipsilon admin configuration
-##   template:
+  template:
-##     src: "configuration.conf"
+    src: "configuration.conf"
-##     dest: "/etc/ipsilon/root/configuration.conf"
+    dest: "/etc/ipsilon/root/configuration.conf"
-##     owner: ipsilon
+    owner: ipsilon
-##     group: ipsilon
+    group: ipsilon
-##     mode: 0600
+    mode: 0600
-##   tags:
+  tags:
-##   - ipsilon
+  - ipsilon
-##   - config
+  - config
-##   notify:
+  notify:
-##   - restart apache
+  - restart apache
 
 - name: copy ipsilon OIDC client config
   copy:
@@ -189,12 +189,13 @@
   notify:
   - restart apache
 
-## - name: copy ipsilon httpd config
+- name: copy ipsilon httpd config
-##   template:
+  template:
-##     src: "httpd.conf.{{ env }}.j2"
+    src: "httpd.conf.{{ env }}.j2"
-##     dest: /etc/ipsilon/root/idp.conf
+    dest: /etc/ipsilon/root/idp.conf
-##   tags:
+  tags:
-##   - ipsilon
+  - ipsilon
+  - config
 
 # - name: Create Ipsilon config symlink
 #   file:

roles/ipsilon/templates/configmap.yml

@@ -96,7 +96,7 @@ data:
     # Ipsilon stuff
     {{ load_file('httpd.conf.production.j2') | indent() }}
   ipsilon.conf: |-
-    {{ load_file('ipsilon.conf') | indent() }}
+    {{ load_file('ipsilon.conf.production') | indent() }}
   configuration.conf: |-
     {{ load_file('configuration.conf') | indent() }}
   openidc.static.cfg: |-

roles/ipsilon/templates/ipsilon.conf.production

@@ -1,5 +1,5 @@
 [global]
-debug = True
+debug = {{ (env == 'production')|ternary('False', 'True') }}
 tools.log_request_response.on = False
 theme_dir = "/usr/share/ipsilon/themes/Fedora"
 template_dir = "/usr/share/ipsilon/templates"
@@ -24,9 +24,5 @@ tools.sessions.secure = True
 tools.sessions.locking = 'explicit'
 
 tools.proxy.on = True
-{% if env == 'staging' %}
+tools.proxy.base = "https://id{{ env_suffix }}.fedoraproject.org"
-tools.proxy.base = "https://id.stg.fedoraproject.org"
-{% else %}
-tools.proxy.base = "https://id.fedoraproject.org"
-{% endif %}
 

roles/ipsilon/templates/ipsilon.conf.staging

@@ -0,0 +1,28 @@
+[global]
+debug = {{ (env == 'production')|ternary('False', 'True') }}
+tools.log_request_response.on = False
+template_dir = "/usr/share/ipsilon/templates"
+theme_dir = "/usr/share/ipsilon/themes/Fedora"
+cache_dir = "/var/cache/ipsilon"
+cleanup_interval = 30
+db.conn.log = False
+db.echo = False
+
+# base.mount = ""
+base.dir = "/usr/share/ipsilon"
+admin.config.db = "configfile:///etc/ipsilon/root/configuration.conf"
+user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_prefs_name }}"
+transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}"
+
+tools.sessions.on = True
+tools.sessions.name = "fedora_ipsilon_session_id"
+tools.sessions.storage_type = "sql"
+tools.sessions.storage_dburi = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_sessions_name }}"
+tools.sessions.timeout = 15
+tools.sessions.httponly = True
+tools.sessions.secure = True
+tools.sessions.locking = 'explicit'
+
+tools.proxy.on = True
+tools.proxy.base = "https://id{{ env_suffix }}.fedoraproject.org"
+