---
- name: install sks
  yum: name=sks state=installed
  tags:
  - packages

- name: install mod_ssl
  yum: name=mod_ssl state=installed
  tags:
  - packages

- name: /srv/sks
  file: >
    path=/srv/sks
    state=directory
    owner=sks group=sks mode=0755

- name: /srv/sks/membership
  copy: src="{{ files }}/keyserver/membership" dest=/srv/sks/membership owner=sks group=sks mode=0644
  tags:
  - config

- name: /srv/sks/sksconf
  copy: src="{{ files }}/keyserver/sksconf" dest=/srv/sks/sksconf owner=sks group=sks mode=0644
  tags:
  - config

- name: /srv/sks/web
  file: >
    path=/srv/sks/web
    state=directory
    owner=sks group=sks mode=0755

- name: /srv/sks/web/index.html
  copy: src="{{ files }}/keyserver/index.html" dest=/srv/sks/web/index.html owner=sks group=sks mode=0644
  tags:
  - config

- name: /srv/sks/web/css.css
  copy: src="{{ files }}/keyserver/css.css" dest=/srv/sks/web/css.css owner=sks group=sks mode=0644
  tags:
  - config

- name: /etc/httpd/conf.d/sks.conf
  copy: src="{{ files }}/keyserver/sks.conf" dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
  tags:
  - config

- name: /etc/httpd/conf.d/ssl.conf
  copy: src="{{ files }}/keyserver/ssl.conf" dest=/etc/httpd/conf.d/ssl.conf owner=root group=root mode=0644
  tags:
  - config

- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
  tags:
  - config

- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.key" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
  tags:
  - config

- name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
  copy: src="{{ puppet_private }}/httpd/wildcard-2013.fedoraproject.org.intermediate.cert" dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
  tags:
  - config

- name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
  copy: src="{{ puppet_private }}/keys_fedoraproject_org.crt.pem" dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
  tags:
  - config

- name: /etc/pki/tls/keys_fedoraproject_org.key
  copy: src="{{ puppet_private }}/keys_fedoraproject_org.key" dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
  tags:
  - config

- cron: name="regenerate stats hourly"
        hour="*"
        minute="5"
        job="killall -SIGUSR2 sks-db"
        state=present

- name: Set sks-db to run on boot
  service: name=sks-db enabled=yes
  ignore_errors: true
  notify:
  - restart sks-db
  tags:
  - service

- name: Set sks-recon to run on boot
  service: name=sks-recon enabled=yes
  ignore_errors: true
  notify:
  - restart sks-recon
  tags:
  - service