Add public yubikey stuff

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>

roles/sigul/server/tasks/main.yml

@@ -55,3 +55,11 @@
   copy: src=00-sigul.rules dest=/etc/polkit-1/rules.d/00-sigul.rules
   tags:
   - config
+
+- name: Deploy public yubikey certs
+  copy: src="{{private}}/files/sigul/{{item}}" dest=/etc/sigul/{{item}} mode=0644 owner=root group=root
+  with_items:
+  - yubikey_sv03.pem
+  - yubikey_sv04.pem
+  tags:
+  - config

roles/sigul/server/templates/server.conf.j2

@@ -56,4 +56,13 @@ nss-max-tls: tls1.2
 
 [binding]
 # List of binding modules enabled
-enabled: 
+enabled: pkcs11
+{% if inventory_hostname.startswith('sign-vault03') %}
+pkcs11_tokens: yubikey_sv03
+{% else %}
+pkcs11_tokens: yubikey_sv04
+{% endif %}
+pkcs11_yubikey_sv03_pubkey: /etc/sigul/yubikey_sv03.pem
+pkcs11_yubikey_sv04_pubkey: /etc/sigul/yubikey_sv04.pem
+pkcs11_yubikey_sv03_privkey: pkcs11:serial=8f2a341e00d7a665;id=%03;type=private
+pkcs11_yubikey_sv04_privkey: pkcs11:serial=b38ee13e56b3b987;id=%03;type=private