diff --git a/playbooks/groups/people.yml b/playbooks/groups/people.yml
index e95f92c2bd..255e5d578b 100644
--- a/playbooks/groups/people.yml
+++ b/playbooks/groups/people.yml
@@ -96,20 +96,6 @@
- role: httpd/certificate
name: planet.fedoraproject.org
- - role: httpd/website
- name: fedorapeople.org
- cert_name: wildcard-2014.fedorapeople.org
- server_aliases:
- - "*.fedorapeople.org"
-
- - role: httpd/website
- cert_name: planet.fedoraproject.org
- name: fedoraplanet.org
-
- - role: httpd/website
- cert_name: planet.fedoraproject.org
- name: planet.fedoraproject.org
-
- people
tasks:
diff --git a/roles/people/files/cgit.conf b/roles/people/files/cgit.conf
new file mode 100644
index 0000000000..791d01bda2
--- /dev/null
+++ b/roles/people/files/cgit.conf
@@ -0,0 +1,2 @@
+Alias /cgit-data /usr/share/cgit
+ScriptAlias /cgit /var/www/cgi-bin/cgit
diff --git a/roles/people/files/people.conf b/roles/people/files/people.conf
new file mode 100644
index 0000000000..ca107800da
--- /dev/null
+++ b/roles/people/files/people.conf
@@ -0,0 +1,360 @@
+NameVirtualHost *:80
+
+
+ ServerName fedorapeople.org
+ ServerAlias *.fedorapeople.org
+ ServerAlias ols.fedoraproject.org
+ ServerAlias people.fedoraproject.org
+ ServerAlias people1.fedoraproject.org
+
+ RewriteEngine on
+ RewriteCond %{SERVER_PORT} !^443$
+ RewriteRule ^/(.*) https://%{HTTP_HOST}/$1 [L,R]
+
+
+# This is particularly ugly - these have to be updated if the box moves.
+NameVirtualHost 152.19.134.196:443
+NameVirtualHost [2610:28:3090:3001:5054:ff:feff:683f]:443
+
+
+ ##
+ # Domain: people.fedoraproject.org fedorapeople.org
+ # Owner: admin@fedoraproject.org
+ #
+ ServerName fedorapeople.org
+ ServerAlias *.fedorapeople.org
+ ServerAlias ols.fedoraproject.org
+ ServerAlias people.fedoraproject.org
+ ServerAlias people1.fedoraproject.org
+ ServerAdmin admin@fedoraproject.org
+
+ DocumentRoot /srv/people
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.cert
+ SSLCertificateKeyFile /etc/pki/tls/private/wildcard-2014.fedorapeople.org.key
+ SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert
+ SSLHonorCipherOrder On
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA
+ SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+
+ Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+ LogFormat "%V %h %l %u %t \"%r\" %s %b" vcommon
+ ErrorLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-error.log-%Y-%m-%d 86400 -l"
+ CustomLog "| /usr/sbin/rotatelogs /var/log/httpd/fedorapeople.org-access.log-%Y-%m-%d 86400 -l" vcommon
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 5 days"
+
+
+
+ Options Indexes FollowSymLinks
+ Require all granted
+
+
+ UserDir public_html
+
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+
+
+ Require all granted
+
+
+
+ Require all granted
+
+
+
+
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes FollowSymLinks IncludesNoExec
+
+ Require all granted
+
+
+
+ Require all granted
+
+
+
+ # uncomment me after the people03 move
+ Alias /groups /project
+
+ Alias /404Error.html /srv/people/site/404Error.html
+ ErrorDocument 404 /404Error.html
+
+ RewriteEngine on
+ RewriteMap lowercase int:tolower
+
+ # redirect all favicons (not just DocRoot-level) to fedoraproject.org
+ # needs to terminate before other rewrite rules start
+ RewriteRule /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico [proxy]
+
+ # ols.fedoraproject.org
+ RewriteCond ${lowercase:%{SERVER_NAME}} ^ols\.fedoraproject\.org$
+ #RewriteRule ^(.*)$ /home/fedora/lockhart/proceedings/$1 [L]
+ # Content moved after lockhart's account was inactive 2011-12-15
+ RewriteRule ^(.*)$ /srv/web/ols/proceedings/$1 [L]
+
+ # skvidal lives on in his code
+ RewriteCond ${lowercase:%{SERVER_NAME}} ^skvidal\.fedorapeople\.org$
+ RewriteRule ^(.*)$ /srv/web/skvidal/public_html/$1 [L]
+ RewriteCond %{REQUEST_URI} /~skvidal/(.*) [OR]
+ RewriteRule ^/~skvidal/(.*)$ /srv/web/skvidal/public_html/$1 [L]
+
+
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ HeaderName /_defaults/HEADER.shtml
+ ReadmeName /_defaults/FOOTER.shtml
+
+ IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort
+ IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble
+ Require all granted
+
+
+ #
+ # AllowOverride FileInfo AuthConfig Limit Indexes
+ # Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ #
+
+ AllowOverride FileInfo AuthConfig Limit Indexes
+ Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
+ Require all granted
+
+
+ # the openstack folks need to symlink to a pkg to work
+
+ Options +FollowSymLinks
+ Require all granted
+
+
+
+
+ # www.fedorapeople.org
+ RewriteCond ${lowercase:%{SERVER_NAME}} ^www\.fedorapeople\.org$
+ RewriteRule ^/(.*)$ https://fedorapeople.org/$1 [R,L]
+ # rdo.fedorapeople.org -> repos.fedorapeople.org/repos/openstack
+ # for the rdo announce day - 2013-04-15 - skvidal
+ RewriteCond ${lowercase:%{SERVER_NAME}} ^rdo\.fedorapeople\.org$
+ RewriteRule ^/(.*)$ https://repos.fedorapeople.org/repos/openstack/$1 [R,L]
+
+ # [username].fedorapeople.org
+ # directory absolute header/readme path must be relative to document root
+ # so fake it with an alias chained to a rewrite before the URI rewrite
+ RewriteRule ^/_defaults/(.*) /_default/$1 [PT]
+ Alias /_default/ /srv/people/site/userdefs/
+
+ RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9-]+\.fedorapeople\.org$
+ RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
+ RewriteRule ^([a-z0-9-]+)\.fedorapeople\.org/(.*) /home/fedora/$1/public_html/$2 [L]
+
+ # Use cgit and redirect (some) old gitweb-caching things
+ RewriteRule ^/cgit-data/(.*)$ /cgit-data/$1 [L,PT]
+ RewriteRule ^/cgit/(.*)$ /cgit/$1 [L,PT]
+
+ # blob
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob/(.+)/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob;h=(.+);hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%5?id=%3;id2=%4 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob;hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%4?id=%3 [R,L,NE]
+
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob;f=(.+);h=(.+);hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%3?id=%4;id2=%5 [R,L,NE]
+
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob;f=(.+);h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%3?id=%4 [R,L,NE]
+
+ # tree
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+)/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=tree;h=(.+);hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%5?id=%4?h=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=tree;hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/%4?id=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+)/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=tree;h=(.+);hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/?id=%4 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=tree;hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/?id=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/tree [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=tree
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tree/? [R,L,NE]
+
+ # commitdiff
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+)/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=blobdiff;h=(.+);hp=(.+);hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/%6?id2=%4;id=%3;id3=%5 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+)/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=commitdiff;h=(.+);hp=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/?id=%4;id2=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/commitdiff/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=commitdiff;h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/diff/?id=%3 [R,L,NE]
+
+ # commit
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/commit/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=commit;h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/commit/?id=%3 [R,L,NE]
+
+ # summary
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/summary [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=summary
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/? [R,L,NE]
+
+ # shortlog
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/shortlog/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=shortlog;h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/shortlog [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=shortlog
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/? [R,L,NE]
+
+ # log
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/log/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=log;h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/log [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=log
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log? [R,L,NE]
+
+ # history
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+)/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=history;h=(.+);hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%5?id=%4 [R,L,NE]
+
+ RewriteCond %{query_string} p=(.+)(\.git);a=history;f=(.+);h=(.+);hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%3?id=%4;id2=%5 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+):/(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%4?id=%3 [R,L,NE]
+
+ RewriteCond %{query_string} p=(.+)(\.git);a=history;f=(.+);h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%3?id=%4 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+)/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=history;h=(.+);hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%4 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=history;hb=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/%4?id=%3 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/history/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=history;hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/log/?id=%3 [R,L,NE]
+
+ # tag
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/tag/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=tag;h=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/tag/?id=%3 [R,L,NE]
+
+ # blob_plain
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob_plain/(.+):/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;h=(.+);f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%4?id=%3 [R,L,NE]
+
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;f=(.+);hb=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%3?id2=%4 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/blob_plain/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=blob_plain;f=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/plain/%3 [R,L,NE]
+
+ # rss|atom
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/(rss|atom)/refs/heads/(.+) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=(rss|atom);h=refsheads/(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/atom?h=%4 [R,L,NE]
+
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/(rss|atom) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=(rss|atom)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/atom? [R,L,NE]
+
+ # snapshot
+ RewriteCond %{REQUEST_URI} /(.+)(\.git)/snapshot/(.+)(\.tar\.gz|\.tar\.bz2) [OR]
+ RewriteCond %{query_string} p=(.+)(\.git);a=snapshot;h=(.+);sf=(.+)
+ RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/snapshot/%3.tar.gz [R,L,NE]
+
+ # Fail safes incase nothing above matches, try at least to put the person in the project
+ #RewriteCond %{REQUEST_URI} /([^/]+)\.git.* [OR]
+ #RewriteCond %{query_string} p=(.+)\.git.*
+ #RewriteRule ^/.*$ https://fedorapeople.org/cgit/%1.git/? [R,L,NE]
+
+ # Or else in the root of cgit
+ RewriteRule ^/git/(.+)\.git$ /cgit/$1.git [L,PT]
+ RewriteRule ^/git/(.*)/$ /cgit/$1.git [L,PT]
+ RewriteRule ^/git/([^/]*)$ /cgit/$1.git [L,PT]
+ RewriteRule ^/gitweb /cgit/ [L,PT]
+
+ # for cgit clone repos
+ RewriteRule ^/gitrepos/(.*)/public_git/(.*)$ /~$1/git/$2 [L,PT]
+
+
+ Options IncludesNoExec
+
+
+ HeaderName /_defaults/HEADER.shtml
+ ReadmeName /_defaults/FOOTER.shtml
+
+ IndexOptions +FoldersFirst +IgnoreCase +NameWidth=* +SuppressIcon +VersionSort
+ IndexOptions +XHTML +SuppressRules +SuppressHTMLPreamble
+ ServerSignature Off
+ AddOutputFilter INCLUDES .html
+
+
+LoadModule deflate_module modules/mod_deflate.so
+SetOutputFilter DEFLATE
+
+# need this type
+AddType video/webm .webm
+AddType text/plain .spec
+AddType application/vnd.android.package-archive .apk
+
+
+ # Insert filter
+ SetOutputFilter DEFLATE
+
+ # Netscape 4.x has some problems...
+ BrowserMatch ^Mozilla/4 gzip-only-text/html
+
+ # Netscape 4.06-4.08 have some more problems
+ BrowserMatch ^Mozilla/4\.0[678] no-gzip
+
+ # MSIE masquerades as Netscape, but it is fine
+ # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+
+ # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
+ # the above regex won't work. You can use the following
+ # workaround to get the desired effect:
+ BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+
+ # Don't compress images or already compressed files.
+ SetEnvIfNoCase Request_URI \
+ \.(?:gif|jpe?g|png|gz|bz2|tgz|xz|iso|rpm|sqlite|pdf)$ no-gzip dont-vary
+
+ # Make sure proxies don't deliver the wrong content
+ Header append Vary User-Agent env=!dont-vary
+
+
+
+ Header set Cache-Control "must-revalidate"
+ ExpiresActive On
+ ExpiresDefault "now"
+
+
+FileETag MTime Size
diff --git a/roles/people/files/planet.conf b/roles/people/files/planet.conf
new file mode 100644
index 0000000000..5aeaeb89c5
--- /dev/null
+++ b/roles/people/files/planet.conf
@@ -0,0 +1,80 @@
+
+ ##
+ # Domain: planet.fedoraproject.org
+ # Owner: admin@fedoraproject.org
+ #
+ ServerAdmin admin@fedoraproject.org
+ ServerName planet.fedoraproject.org
+ ServerName fedoraplanet.org
+
+ DocumentRoot "/srv/planet/site/"
+
+ ErrorLog logs/planet-error.log
+ CustomLog logs/planet.fedoraproject.org-access.log common
+
+ UserDir disable
+ AddCharset UTF-8 .xml
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 5 days"
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 5 days"
+
+
+
+ Options Indexes FollowSymLinks
+
+
+ RedirectMatch 301 /favicon\.ico$ http://fedoraproject.org/static/images/favicon.ico
+ Redirect /ldc http://fedoraldc.wordpress.com/feed/
+ Alias /justfedora /srv/planet/site/edited
+
+
+
+ ##
+ # Domain: planet.fedoraproject.org
+ # Owner: admin@fedoraproject.org
+ #
+ ServerAdmin admin@fedoraproject.org
+ ServerName planet.fedoraproject.org
+ ServerName fedoraplanet.org
+
+ SSLEngine on
+ SSLCertificateFile /etc/pki/tls/certs/planet.fedoraproject.org.cert
+ SSLCertificateKeyFile /etc/pki/tls/private/planet.fedoraproject.org.key
+ SSLCertificateChainFile /etc/pki/tls/certs/wildcard-2014.fedorapeople.org.intermediate.cert
+ SSLHonorCipherOrder On
+ SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK
+ SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
+
+ DocumentRoot "/srv/planet/site/"
+
+ ErrorLog logs/planet-error.log
+ CustomLog logs/planet.fedoraproject.org-access.log common
+
+ UserDir disable
+ AddCharset UTF-8 .xml
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 5 days"
+
+
+
+ ExpiresActive On
+ ExpiresDefault "access plus 5 days"
+
+
+
+ Options Indexes FollowSymLinks
+
+
+ RedirectMatch 301 /favicon\.ico$ https://fedoraproject.org/static/images/favicon.ico
+ Redirect /ldc http://fedoraldc.wordpress.com/feed/
+ Alias /justfedora /srv/planet/site/edited
+
+
diff --git a/roles/people/tasks/main.yml b/roles/people/tasks/main.yml
index b6aa04f536..9d2e3cba24 100644
--- a/roles/people/tasks/main.yml
+++ b/roles/people/tasks/main.yml
@@ -16,6 +16,13 @@
tags:
- packages
+- name: install httpd config
+ copy: src={{item}} dest=/etc/httpd/conf.d/{{item}}
+ with_items:
+ - cgit.conf
+ - people.conf
+ - planet.conf
+
- name: set selinux booleans needed for people
seboolean: name=httpd_enable_homedirs state=true persistent=true
with_items: