Add custom httpd config for Koschei in OpenShift

playbooks/openshift-apps/koschei.yml

@@ -13,10 +13,9 @@
   roles:
   - openshift/project
 
-  - role: openshift/secret-file
-    secret_name: frontend-config
-    key: config-frontend.cfg
-    template: config-frontend.cfg.j2
+  - role: openshift/object
+    template: frontend-config.yml
+    objectname: frontend-config.yml
 
   - role: openshift/object
     template: frontend-deployment.yml

roles/openshift-apps/koschei/templates/frontend-config.yml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: frontend-config
+stringData:
+  config-frontend.cfg: "{{ lookup('template', roles_path + '/openshift-apps/koschei/templates/config-frontend.cfg.j2') }}"
+  httpd.conf: "{{ lookup('template', roles_path + '/openshift-apps/koschei/templates/httpd.conf.j2') }}"

roles/openshift-apps/koschei/templates/httpd.conf.j2

@@ -0,0 +1,20 @@
+<VirtualHost *>
+    RewriteEngine on
+    RewriteRule ^/documentation/?$ https://fedoraproject.org/wiki/Koschei [R=301,L]
+
+    OIDCRedirectURI "{{ koschei_topurl }}/login/redirect_uri"
+    OIDCProviderMetadataURL "https://{{ koschei_oidc_provider }}/openidc/wellknown_openid_configuration"
+    OIDCClientID "koschei"
+    OIDCClientSecret "{{ koschei_oidc_client_secret }}"
+    OIDCCryptoPassphrase "{{ koschei_oidc_crypto_secret }}"
+    OIDCSSLValidateServer On
+    OIDCResponseType "code"
+    OIDCSessionType client-cookie
+
+    OIDCScope "openid profile"
+
+    <Location /login>
+        AuthType openid-connect
+        Require valid-user
+    </Location>
+</VirtualHost>