From e0116a88b97bde6a9d7ab425f18268455cfb61ff Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Tue, 4 Jun 2013 17:19:01 +0000
Subject: [PATCH] Add bridge and server config files in

---
 files/sign/bridge.conf.j2 | 29 ++++++++++++++++++++++++
 files/sign/server.conf    | 46 +++++++++++++++++++++++++++++++++++++++
 tasks/sign_setup.yml      |  8 +++++++
 3 files changed, 83 insertions(+)
 create mode 100644 files/sign/bridge.conf.j2
 create mode 100644 files/sign/server.conf

diff --git a/files/sign/bridge.conf.j2 b/files/sign/bridge.conf.j2
new file mode 100644
index 0000000000..c1df21c029
--- /dev/null
+++ b/files/sign/bridge.conf.j2
@@ -0,0 +1,29 @@
+# This is a configuration for the sigul bridge.
+
+[bridge]
+# Nickname of the bridge's certificate in the NSS database specified below
+bridge-cert-nickname: sign-bridge1 - Fedora Project
+# Port on which the bridge expects client connections
+client-listen-port: 44334
+# Port on which the bridge expects server connections
+server-listen-port: 44333
+# A Fedora account system group required for access to the signing server.  If
+# empty, no Fedora account check is done.
+required-fas-group: signers
+# User name and password for an account on the Fedora account system that can
+# be used to verify group memberships
+fas-user-name: {{ fedoraDummyUser }}
+fas-password: {{ fedoraDummyUserPassword }}
+
+[daemon]
+# The user to run as
+unix-user: sigul
+# The group to run as
+unix-group: sigul
+
+[nss]
+# Path to a directory containing a NSS database
+nss-dir: /var/lib/sigul
+# Password for accessing the NSS database.  If not specified, the bridge will
+# ask on startup
+; nss-password:
diff --git a/files/sign/server.conf b/files/sign/server.conf
new file mode 100644
index 0000000000..812057b676
--- /dev/null
+++ b/files/sign/server.conf
@@ -0,0 +1,46 @@
+# This is a configuration for the sigul server.
+
+[server]
+# Host name of the publically acessible bridge to clients
+bridge-hostname: sign-bridge1
+# Port on which the bridge expects server connections
+bridge-port: 44333
+# Maximum accepted size of payload stored on disk
+max-file-payload-size: 2073741824
+# Maximum accepted size of payload stored in server's memory
+max-memory-payload-size: 1048576
+# Nickname of the server's certificate in the NSS database specified below
+server-cert-nickname: sign-vault1 - Fedora Project
+
+[database]
+# Path to a directory containing a SQLite database
+;database-path: /var/lib/sigul
+
+[gnupg]
+# Path to a directory containing GPG configuration and keyrings
+gnupg-home: /var/lib/sigul/gnupg
+# Default primary key type for newly created keys
+gnupg-key-type: RSA
+# Default primary key length for newly created keys
+gnupg-key-length: 4096
+# Default subkey type for newly created keys, empty for no subkey
+gnupg-subkey-type:
+# Default subkey length for newly created keys if gnupg-subkey-type is not empty
+; gnupg-subkey-length: 2048
+# Default key usage flags for newly created keys
+gnupg-key-usage: encrypt, sign
+# Length of key passphrases used for newsly created keys
+passphrase-length: 64
+
+[daemon]
+# The user to run as
+unix-user: sigul
+# The group to run as
+unix-group: sigul
+
+[nss]
+# Path to a directory containing a NSS database
+nss-dir: /var/lib/sigul
+# Password for accessing the NSS database.  If not specified, the server will
+# ask on startup
+; nss-password is not specified by default
diff --git a/tasks/sign_setup.yml b/tasks/sign_setup.yml
index 7c50b58c46..5354b6f583 100644
--- a/tasks/sign_setup.yml
+++ b/tasks/sign_setup.yml
@@ -9,6 +9,14 @@
   tags:
   - packages
 
+- name: setup /etc/sigul/client.conf file
+  action: template src=$files/sign/client.conf.j2 dest=/etc/sigul/client.conf owner=root group=sigul mode=640
+  tags:
+  - config
+
+- name: setup /etc/sigul/server.conf file
+  action: copy src=$files/sign/server.conf dest=/etc/sigul/server.conf owner=root group=sigul mode=640
+
 - name: ntp steptickers
   action: copy src=$files/common/step-tickers dest=/etc/ntp/step-tickers