From ad066cf408cd837b17e6807eeb02f41b38775c78 Mon Sep 17 00:00:00 2001
From: Ricky Elrod <codeblock@fedoraproject.org>
Date: Fri, 27 May 2016 18:51:35 +0000
Subject: [PATCH] first attempt to ansibleize piwik httpd config

Signed-off-by: Ricky Elrod <codeblock@fedoraproject.org>
---
 roles/piwik/files/piwik-httpd.conf | 25 +++++++++++++++++++++++++
 roles/piwik/tasks/main.yml         | 25 ++++++++++++++++++++++++-
 2 files changed, 49 insertions(+), 1 deletion(-)
 create mode 100644 roles/piwik/files/piwik-httpd.conf

diff --git a/roles/piwik/files/piwik-httpd.conf b/roles/piwik/files/piwik-httpd.conf
new file mode 100644
index 0000000000..11a04ab864
--- /dev/null
+++ b/roles/piwik/files/piwik-httpd.conf
@@ -0,0 +1,25 @@
+<Directory /srv/piwik>
+  Require all granted
+</Directory>
+
+<VirtualHost *:80>
+  ServerName piwik.fedorainfracloud.org
+  Redirect permanent / https://piwik.fedorainfracloud.org/piwik
+</VirtualHost>
+
+<VirtualHost *:443>
+  ServerName piwik.fedorainfracloud.org
+
+  SSLEngine on
+  SSLProtocol all -SSLv2 -SSLv3
+  # Use secure TLSv1.1 and TLSv1.2 ciphers
+  Header always add Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+
+  SSLCertificateFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.cert
+  SSLCertificateChainFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.intermediate.cert
+  SSLCertificateKeyFile /etc/pki/tls/certs/piwik.fedorainfracloud.org.key
+
+  Alias /piwik /srv/piwik
+
+  Redirect / /piwik
+</VirtualHost>
diff --git a/roles/piwik/tasks/main.yml b/roles/piwik/tasks/main.yml
index 908094ca21..3d758aef6b 100644
--- a/roles/piwik/tasks/main.yml
+++ b/roles/piwik/tasks/main.yml
@@ -5,4 +5,27 @@
   - packages
   - piwik
 
-#- name: set up http configs for piwik
+- name: set up http configs for piwik
+  template: src={{ item }} dest=/etc/httpd/conf.d/{{ item }}
+            owner=root group=root mode=0644
+  with_items:
+  - piwik-httpd.conf
+  tags:
+  - files
+  - config
+  - piwik
+  notify:
+  - restart apache
+
+- name: Install the SSL cert so that we can use https
+  copy: >
+      src={{ private}}/files/httpd/{{ item }} dest=/etc/pki/tls/certs/{{ item }}
+      owner=root group=root mode=0600
+  notify: restart stunnel
+  with_items:
+  - piwik.fedorainfracloud.org.cert
+  - piwik.fedorainfracloud.org.key
+  - piwik.fedorainfracloud.org.intermediate.cert
+  tags:
+  - config
+  - piwik