From 60df08fc1a944e889c6f51dac95378ab00d24f9a Mon Sep 17 00:00:00 2001
From: Nick Bebout <nb@lockbox01.phx2.fedoraproject.org>
Date: Tue, 20 Aug 2013 00:53:10 +0000
Subject: [PATCH] Add /etc/httpd/conf.d/sks.conf to ansible

---
 files/keyserver/sks.conf | 57 ++++++++++++++++++++++++++++++++++++++++
 files/keyserver/sksconf  |  1 +
 tasks/keyserver.yml      |  5 ++++
 3 files changed, 63 insertions(+)
 create mode 100644 files/keyserver/sks.conf

diff --git a/files/keyserver/sks.conf b/files/keyserver/sks.conf
new file mode 100644
index 0000000000..769adbe758
--- /dev/null
+++ b/files/keyserver/sks.conf
@@ -0,0 +1,57 @@
+ServerName keys.fedoraproject.org
+Listen 80.239.156.219:11371
+
+<ifModule !mod_proxy.c>
+    LoadModule proxy_module modules/mod_proxy.so
+</IfModule>
+
+<IfModule !mod_proxy_http.c>
+    LoadModule proxy_http_module modules/mod_proxy_http.so
+</IfModule>
+
+<IfModule !mod_proxy_balancer.c>
+    LoadModule proxy_balancer_module modules/mod_proxy_balancer.so
+</IfModule>
+
+<IfModule !mod_headers.c>
+    LoadModule headers_module modules/mod_headers.so
+</IfModule>
+
+<IfModule !mod_authz_host.c>
+    LoadModule authz_host_module modules/mod_authz_host.so
+</IfModule>
+
+<IfModule !mod_log_config.c>
+    LoadModule log_config_module modules/mod_log_config.so
+</IfModule>
+
+<IfModule !mod_env.c>
+    LoadModule env_module modules/mod_env.so
+</IfModule>
+
+<Directory />
+    Options FollowSymLinks
+    AllowOverride None
+    Order deny,allow
+    Deny from all
+</Directory>
+
+<IfModule mod_ssl.c>
+<VirtualHost *:443>
+        ServerAdmin sysadmin-keys-members@fedoraproject.org
+        ServerName keys.fedoraproject.org
+
+        SSLEngine on
+        SSLCertificateFile /etc/pki/tls/keys_fedoraproject_org.crt.pem
+        SSLCertificateKeyFile /etc/pki/tls/keys_fedoraproject_org.key
+	ProxyPass / http://localhost:11371/
+	ProxyPassReverse / http://localhost:11371/
+</VirtualHost>
+<VirtualHost *:11371>
+	ServerAdmin sysadmin-keys-members@fedoraproject.org
+	ServerName keys.fedoraproject.org
+	ProxyPass / http://127.0.0.1:11371/
+	ProxyPassReverse / http://127.0.0.1:11371/
+	SetEnv proxy-nokeepalive 1
+</VirtualHost>
+</IfModule>
diff --git a/files/keyserver/sksconf b/files/keyserver/sksconf
index 2a29eb3ece..e0cd4899a5 100644
--- a/files/keyserver/sksconf
+++ b/files/keyserver/sksconf
@@ -1,5 +1,6 @@
 basedir: /srv/sks
 hostname: keys.fedoraproject.org
+hkp_address: 127.0.0.1
 hkp_port: 11371
 recon_port: 11370
 gossip_interval: 1440
diff --git a/tasks/keyserver.yml b/tasks/keyserver.yml
index f586be5a78..dbc04752d7 100644
--- a/tasks/keyserver.yml
+++ b/tasks/keyserver.yml
@@ -36,6 +36,11 @@
   tags:
   - config
 
+- name: /etc/httpd/conf.d/sks.conf
+  copy: src=$files/keyserver/sks.conf dest=/etc/httpd/conf.d/sks.conf owner=root group=root mode=0644
+  tags:
+  - config
+
 - cron: name="regenerate stats hourly"
         hour="*"
         minute="5"