From 8df1499ee96f947061c5d96ad9cd21b2a41b176e Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 1 Oct 2018 23:35:05 +0000
Subject: [PATCH] Rename these to be more clear

---
 roles/totpcgi/tasks/main.yml                  |  8 ++--
 roles/totpcgi/templates/totpcgi-httpd.conf.j2 | 37 +++++++++++++++++++
 .../templates/totpcgi-httpd.conf.stg.j2       | 37 +++++++++++++++++++
 .../templates/totpcgi-httpd.conf.vpn.j2       | 36 ++++++++++++++++++
 4 files changed, 114 insertions(+), 4 deletions(-)
 create mode 100644 roles/totpcgi/templates/totpcgi-httpd.conf.j2
 create mode 100644 roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
 create mode 100644 roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2

diff --git a/roles/totpcgi/tasks/main.yml b/roles/totpcgi/tasks/main.yml
index 2020ba5114..3939fe8fb4 100644
--- a/roles/totpcgi/tasks/main.yml
+++ b/roles/totpcgi/tasks/main.yml
@@ -115,8 +115,8 @@
   when: env == "staging"
 
 - name: copy staging server conf file over
-  copy: >
-   src=totpcgi-httpd.conf.stg
+  template: >
+   src=totpcgi-httpd.conf.stg.j2
    dest=/etc/httpd/conf.d/totpcgi.conf
    owner=root
    group=root
@@ -158,7 +158,7 @@
 
 - name: copy totpcgi httpd config
   template: >
-   src=totpcgi-httpd.conf
+   src=totpcgi-httpd.conf.j2
    dest=/etc/httpd/conf.d/totpcgi.conf
    owner=root
    group=root
@@ -200,7 +200,7 @@
 
 - name: copy VPN server cert file over
   template: >
-   src=totpcgi-httpd.conf.vpn
+   src=totpcgi-httpd.conf.vpn.j2
    dest=/etc/httpd/conf.d/totpcgi-vpn.conf
    owner=root
    group=root
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.j2
new file mode 100644
index 0000000000..caa1c6767f
--- /dev/null
+++ b/roles/totpcgi/templates/totpcgi-httpd.conf.j2
@@ -0,0 +1,37 @@
+Listen 8443
+<VirtualHost 10.5.126.30:8443 10.5.126.25:8443 10.5.126.26:8443>
+        # Load this module locally here.
+        LoadModule suexec_module modules/mod_suexec.so
+
+	ServerAdmin admin@fedoraproject.org
+	DocumentRoot /var/www/totpcgi
+	ServerName fas-all.phx2.fedoraproject.org:8443
+	ErrorLog /var/log/httpd/totpcgi-error.log
+	SuexecUserGroup totpcgi totpcgi
+
+	# Use this for totp.cgi
+	AddHandler cgi-script .cgi
+	DirectoryIndex index.cgi
+
+	# Or use this for totp.fcgi:
+	#AddHandler fcgid-script .fcgi
+	#DirectoryIndex index.fcgi
+
+	SSLEngine on
+	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
+	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
+	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
+
+	SSLVerifyClient require
+	SSLVerifyDepth 10
+
+	CustomLog /var/log/httpd/totpcgi-ssl-request-log \
+		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+	<Directory "/var/www/totpcgi">
+		Options ExecCGI
+	</Directory>
+</VirtualHost>
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
new file mode 100644
index 0000000000..4bd0243d91
--- /dev/null
+++ b/roles/totpcgi/templates/totpcgi-httpd.conf.stg.j2
@@ -0,0 +1,37 @@
+Listen 8443
+<VirtualHost *:8443>
+        # Load this module locally here.
+        LoadModule suexec_module modules/mod_suexec.so
+
+	ServerAdmin admin@fedoraproject.org
+	DocumentRoot /var/www/totpcgi
+	ServerName fas-all.stg.phx2.fedoraproject.org:8443
+	ErrorLog /var/log/httpd/totpcgi-error.log
+	SuexecUserGroup totpcgi totpcgi
+
+	# Use this for totp.cgi
+	AddHandler cgi-script .cgi
+	DirectoryIndex index.cgi
+
+	# Or use this for totp.fcgi:
+	#AddHandler fcgid-script .fcgi
+	#DirectoryIndex index.fcgi
+
+	SSLEngine on
+	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server.crt
+	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server.key
+	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
+
+	SSLVerifyClient require
+	SSLVerifyDepth 10
+
+	CustomLog /var/log/httpd/totpcgi-ssl-request-log \
+		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+	<Directory "/var/www/totpcgi">
+		Options ExecCGI
+	</Directory>
+</VirtualHost>
diff --git a/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2 b/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
new file mode 100644
index 0000000000..eb88528e3f
--- /dev/null
+++ b/roles/totpcgi/templates/totpcgi-httpd.conf.vpn.j2
@@ -0,0 +1,36 @@
+<VirtualHost 192.168.1.38:8443 192.168.1.39:8443 192.168.1.49:8443>
+        # Load this module locally here.
+        LoadModule suexec_module modules/mod_suexec.so
+
+	ServerAdmin admin@fedoraproject.org
+	DocumentRoot /var/www/totpcgi
+	ServerName fas-all.vpn.fedoraproject.org:8443
+	ErrorLog /var/log/httpd/totpcgi-error.log
+	SuexecUserGroup totpcgi totpcgi
+
+	# Use this for totp.cgi
+	AddHandler cgi-script .cgi
+	DirectoryIndex index.cgi
+
+	# Or use this for totp.fcgi:
+	#AddHandler fcgid-script .fcgi
+	#DirectoryIndex index.fcgi
+
+	SSLEngine on
+	SSLCertificateFile /etc/pki/totpcgi/totpcgi-server-vpn.crt
+	SSLCertificateKeyFile /etc/pki/totpcgi/totpcgi-server-vpn.key
+	SSLCACertificateFile /etc/pki/totpcgi/totpcgi-ca.crt
+        SSLHonorCipherOrder On
+        SSLCipherSuite {{ ssl_ciphers }}
+        SSLProtocol {{ ssl_protocols }}
+
+	SSLVerifyClient require
+	SSLVerifyDepth 10
+
+	CustomLog /var/log/httpd/totpcgi-ssl-request-log \
+		"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
+
+	<Directory "/var/www/totpcgi">
+		Options ExecCGI
+	</Directory>
+</VirtualHost>