diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index 5db6822276..0f7954219c 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -39,24 +39,15 @@ openidc subject salt={{ ipsilon_stg_openidc_subject_salt }}
 openidc subject salt={{ ipsilon_openidc_subject_salt }}
 {% endif %}
 openidc endpoint url=https://id{{env_suffix}}.fedoraproject.org/openidc/
-{% if env == 'staging' %}
 openidc idp key file=/etc/ipsilon/root/openidc.key
 openidc static database url=configfile:///etc/ipsilon/root/openidc.static.cfg
-{% else %}
-openidc idp key file=/etc/ipsilon/openidc.key
-openidc static database url=configfile:///etc/ipsilon/openidc.static.cfg
-{% endif %}
 openidc database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openidc documentation url=https://fedoraproject.org/wiki/Infrastructure/Authentication
 openidc policy url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
 openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
 openidc idp sig key id=20161031-sig
 openidc allow dynamic client registration=False
-{% if env == 'staging' %}
 openidc default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasWebsiteURL", "website"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"]]
-{% else %}
-openidc default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]
-{% endif %}
 
 openid endpoint url=https://id{{env_suffix}}.fedoraproject.org/openid/
 openid identity url template=http://%(username)s.id{{env_suffix}}.fedoraproject.org/
@@ -68,25 +59,17 @@ openid trusted roots=https://ask.fedoraproject.org/,https://fedorahosted.org/,ht
 openid database url=postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_openid_name }}
 openid untrusted roots=
 openid enabled extensions=Fedora Teams,Attribute Exchange,CLAs,Simple Registration,API
-{% if env == 'staging' %}
 openid default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasWebsiteURL", "website"], ["fasGPGKeyId", "gpg_keyid"], ["ipaSshPubKey", "ssh_key"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"]]
-{% else %}
-openid default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]
-{% endif %}
 
-{% if env == 'staging' %}
 saml2 idp metadata file=metadata.xml
 saml2 idp storage path=/etc/ipsilon/root/saml2
+{% if env == 'staging' %}
 saml2 idp nameid salt={{ ipsilon_stg_saml2_nameid_salt }}
+{% else %}
+saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
+{% endif %}
 saml2 idp certificate file=idp.crt
 saml2 idp key file=idp.key
-{% else %}
-saml2 idp metadata file=/httpdir/metadata.xml
-saml2 idp storage path=/etc/ipsilon
-saml2 idp nameid salt={{ ipsilon_saml2_nameid_salt }}
-saml2 idp certificate file=saml2_idp.crt
-saml2 idp key file=saml2_idp.key
-{% endif %}
 saml2 allow self registration=False
 saml2 default nameid=transient
 saml2 default email domain=fedoraproject.org
diff --git a/roles/ipsilon/templates/httpd.conf.j2 b/roles/ipsilon/templates/httpd.conf.j2
index db5293aa6b..ba5ce263c3 100644
--- a/roles/ipsilon/templates/httpd.conf.j2
+++ b/roles/ipsilon/templates/httpd.conf.j2
@@ -2,11 +2,9 @@ RewriteEngine on
 RewriteRule /.well-known/openid-configuration /openidc/.well-known/openid-configuration [PT]
 #Alias /ui /usr/share/ipsilon/ui
 Alias /ui /usr/share/ipsilon/themes/Fedora
-{% if env == "staging" %}
 Alias /.well-known /var/lib/ipsilon/root/public/well-known
 Alias /cache /var/cache/ipsilon
 Redirect /.well-known/webfinger /webfinger
-{% endif %}
 
 # This is for mapping $username.id.fp.o -> id.fp.o/id/$username
 RewriteEngine on
@@ -23,15 +21,10 @@ RewriteRule ^([a-z0-9_-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 
 
 WSGIScriptAlias / /usr/libexec/ipsilon
-{% if env == "staging" %}
 WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon/root display-name=ipsilon processes=2 threads=2 maximum-requests=1000
 WSGISocketPrefix run/wsgi
-{% else %}
-WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
-WSGISocketPrefix /httpdir/run/wsgi
-WSGIRestrictStdout Off
-WSGIRestrictSignal Off
-{% endif %}
+#WSGIRestrictStdout Off
+#WSGIRestrictSignal Off
 # This header is required to be passed for OIDC client_secret_basic
 WSGIPassAuthorization On
 # Without this, getting the private key in jwcrypto/jwk.py, line 430, fails
@@ -52,11 +45,7 @@ WSGIApplicationGroup %{GLOBAL}
     Require all granted
 </Directory>
 
-{% if env == "staging" %}
 <Directory /var/lib/ipsilon/root/public/well-known>
-{% else %}
-<Directory /etc/ipsilon/wellknown>
-{% endif %}
     Require all granted
 </Directory>
 
@@ -66,11 +55,7 @@ WSGIApplicationGroup %{GLOBAL}
 
 <Location /login/gssapi/negotiate>
     AuthName "GSSAPI Single Sign On Login"
-{% if env == "staging" %}
     GssapiCredStore keytab:/etc/httpd/conf/http.keytab
-{% else %}
-    GssapiCredStore keytab:/etc/keytabs/service.keytab
-{% endif %}
     AuthType GSSAPI
     # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
     GssapiSSLonly Off
@@ -80,7 +65,6 @@ WSGIApplicationGroup %{GLOBAL}
     ErrorDocument 500 /login/gssapi/failed
 </Location>
 
-{% if env == "staging" %}
 LoadModule intercept_form_submit_module modules/mod_intercept_form_submit.so
 LoadModule authnz_pam_module modules/mod_authnz_pam.so
 
@@ -104,4 +88,3 @@ LoadModule authnz_pam_module modules/mod_authnz_pam.so
     Allow from All
   </IfModule>
 </Directory>
-{% endif %}
diff --git a/roles/ipsilon/templates/httpd.conf.staging.j2 b/roles/ipsilon/templates/httpd.conf.staging.j2
deleted file mode 100644
index db5293aa6b..0000000000
--- a/roles/ipsilon/templates/httpd.conf.staging.j2
+++ /dev/null
@@ -1,107 +0,0 @@
-RewriteEngine on
-RewriteRule /.well-known/openid-configuration /openidc/.well-known/openid-configuration [PT]
-#Alias /ui /usr/share/ipsilon/ui
-Alias /ui /usr/share/ipsilon/themes/Fedora
-{% if env == "staging" %}
-Alias /.well-known /var/lib/ipsilon/root/public/well-known
-Alias /cache /var/cache/ipsilon
-Redirect /.well-known/webfinger /webfinger
-{% endif %}
-
-# This is for mapping $username.id.fp.o -> id.fp.o/id/$username
-RewriteEngine on
-RewriteMap lowercase int:tolower
-{% if env == "staging" %}
-RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9_-]+\.id\.stg\.fedoraproject\.org$
-RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
-RewriteRule ^([a-z0-9_-]+)\.id\.stg\.fedoraproject\.org/.* /openid/id/$1/ [PT]
-{% else %}
-RewriteCond ${lowercase:%{SERVER_NAME}} ^[a-z0-9_-]+\.id\.fedoraproject\.org$
-RewriteRule ^(.+) ${lowercase:%{SERVER_NAME}}$1 [C]
-RewriteRule ^([a-z0-9_-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
-{% endif %}
-
-
-WSGIScriptAlias / /usr/libexec/ipsilon
-{% if env == "staging" %}
-WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon/root display-name=ipsilon processes=2 threads=2 maximum-requests=1000
-WSGISocketPrefix run/wsgi
-{% else %}
-WSGIDaemonProcess ipsilon home=/var/lib/ipsilon processes=2 threads=2 maximum-requests=1000
-WSGISocketPrefix /httpdir/run/wsgi
-WSGIRestrictStdout Off
-WSGIRestrictSignal Off
-{% endif %}
-# This header is required to be passed for OIDC client_secret_basic
-WSGIPassAuthorization On
-# Without this, getting the private key in jwcrypto/jwk.py, line 430, fails
-# Fix from https://github.com/pyca/cryptography/issues/2299#issuecomment-197075190
-WSGIApplicationGroup %{GLOBAL}
-
-
-<Location />
-    WSGIProcessGroup ipsilon
-</Location>
-
-<Directory /usr/libexec>
-    Require all granted
-</Directory>
-
-<Directory /usr/share/ipsilon>
-    Options +SymLinksIfOwnerMatch
-    Require all granted
-</Directory>
-
-{% if env == "staging" %}
-<Directory /var/lib/ipsilon/root/public/well-known>
-{% else %}
-<Directory /etc/ipsilon/wellknown>
-{% endif %}
-    Require all granted
-</Directory>
-
-<Location /.well-known/browserid>
-    ForceType application/json
-</Location>
-
-<Location /login/gssapi/negotiate>
-    AuthName "GSSAPI Single Sign On Login"
-{% if env == "staging" %}
-    GssapiCredStore keytab:/etc/httpd/conf/http.keytab
-{% else %}
-    GssapiCredStore keytab:/etc/keytabs/service.keytab
-{% endif %}
-    AuthType GSSAPI
-    # This is off because Apache (and thus mod_auth_gssapi) doesn't know this is proxied over TLS
-    GssapiSSLonly Off
-    GssapiLocalName on
-    Require valid-user
-    ErrorDocument 401 /login/gssapi/unauthorized
-    ErrorDocument 500 /login/gssapi/failed
-</Location>
-
-{% if env == "staging" %}
-LoadModule intercept_form_submit_module modules/mod_intercept_form_submit.so
-LoadModule authnz_pam_module modules/mod_authnz_pam.so
-
-<Location /login/form>
-  InterceptFormPAMService ipsilon
-  InterceptFormLogin login_name
-  InterceptFormPassword login_password
-  # InterceptFormLoginSkip admin
-  # InterceptFormClearRemoteUserForSkipped on
-  InterceptFormPasswordRedact on
-</Location>
-
-<Directory "/var/cache/ipsilon">
-  SetHandler None
-  AllowOverride None
-  <IfModule mod_authz_core.c>
-    Require all granted
-  </IfModule>
-  <IfModule !mod_authz_core.c>
-    Order Allow,Deny
-    Allow from All
-  </IfModule>
-</Directory>
-{% endif %}
diff --git a/roles/ipsilon/templates/ipsilon.conf b/roles/ipsilon/templates/ipsilon.conf
index bcb7c3261a..a10c7b66cc 100644
--- a/roles/ipsilon/templates/ipsilon.conf
+++ b/roles/ipsilon/templates/ipsilon.conf
@@ -4,17 +4,12 @@ tools.log_request_response.on = False
 theme_dir = "/usr/share/ipsilon/themes/Fedora"
 template_dir = "/usr/share/ipsilon/templates"
 base.dir = "/usr/share/ipsilon"
-{% if env == 'staging' %}
 cache_dir = "/var/cache/ipsilon"
 cleanup_interval = 30
 db.conn.log = False
 db.echo = False
 # base.mount = ""
 admin.config.db = "configfile:///etc/ipsilon/root/configuration.conf"
-{% else %}
-admin.config.db = "configfile:///etc/ipsilon/configuration.conf"
-log.screen = True
-{% endif %}
 user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_prefs_name }}"
 transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}"
 
diff --git a/roles/ipsilon/templates/ipsilon.conf.production b/roles/ipsilon/templates/ipsilon.conf.production
deleted file mode 100644
index bcb7c3261a..0000000000
--- a/roles/ipsilon/templates/ipsilon.conf.production
+++ /dev/null
@@ -1,32 +0,0 @@
-[global]
-debug = {{ (env == 'production')|ternary('False', 'True') }}
-tools.log_request_response.on = False
-theme_dir = "/usr/share/ipsilon/themes/Fedora"
-template_dir = "/usr/share/ipsilon/templates"
-base.dir = "/usr/share/ipsilon"
-{% if env == 'staging' %}
-cache_dir = "/var/cache/ipsilon"
-cleanup_interval = 30
-db.conn.log = False
-db.echo = False
-# base.mount = ""
-admin.config.db = "configfile:///etc/ipsilon/root/configuration.conf"
-{% else %}
-admin.config.db = "configfile:///etc/ipsilon/configuration.conf"
-log.screen = True
-{% endif %}
-user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_prefs_name }}"
-transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}"
-
-tools.sessions.on = True
-tools.sessions.name = "fedora_ipsilon_session_id"
-tools.sessions.storage_type = "sql"
-tools.sessions.storage_dburi = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_sessions_name }}"
-tools.sessions.timeout = 15
-tools.sessions.httponly = True
-tools.sessions.secure = True
-tools.sessions.locking = 'explicit'
-
-tools.proxy.on = True
-tools.proxy.base = "https://id{{ env_suffix }}.fedoraproject.org"
-
diff --git a/roles/ipsilon/templates/ipsilon.conf.staging b/roles/ipsilon/templates/ipsilon.conf.staging
deleted file mode 100644
index bcb7c3261a..0000000000
--- a/roles/ipsilon/templates/ipsilon.conf.staging
+++ /dev/null
@@ -1,32 +0,0 @@
-[global]
-debug = {{ (env == 'production')|ternary('False', 'True') }}
-tools.log_request_response.on = False
-theme_dir = "/usr/share/ipsilon/themes/Fedora"
-template_dir = "/usr/share/ipsilon/templates"
-base.dir = "/usr/share/ipsilon"
-{% if env == 'staging' %}
-cache_dir = "/var/cache/ipsilon"
-cleanup_interval = 30
-db.conn.log = False
-db.echo = False
-# base.mount = ""
-admin.config.db = "configfile:///etc/ipsilon/root/configuration.conf"
-{% else %}
-admin.config.db = "configfile:///etc/ipsilon/configuration.conf"
-log.screen = True
-{% endif %}
-user.prefs.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_prefs_name }}"
-transactions.db = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_transactions_name }}"
-
-tools.sessions.on = True
-tools.sessions.name = "fedora_ipsilon_session_id"
-tools.sessions.storage_type = "sql"
-tools.sessions.storage_dburi = "postgresql://{{ ipsilon_db_user }}:{{ ipsilon_db_pass }}@{{ ipsilon_db_host }}/{{ ipsilon_db_sessions_name }}"
-tools.sessions.timeout = 15
-tools.sessions.httponly = True
-tools.sessions.secure = True
-tools.sessions.locking = 'explicit'
-
-tools.proxy.on = True
-tools.proxy.base = "https://id{{ env_suffix }}.fedoraproject.org"
-