---
# Configuration for the ipsilon webapp

- name: clean yum metadata
  command: yum clean all
  tags:
  - packages

- name: install needed packages
  yum: pkg={{ item }} state=present
  with_items:
  - ipsilon
  - ipsilon-authfas
  - ipsilon-openid
  - ipsilon-saml2
  - ipsilon-persona
  - python-psycopg2
  - libsemanage-python
  tags:
  - packages

- name: Copy OpenID API extension
  copy: src=api.py
        dest=/usr/lib/python2.7/site-packages/ipsilon/providers/openid/extensions/api.py
        owner=root group=root mode=0644

- name: Apply hotfix for taiga to get POST results
  copy: src=openid_server.py
        dest=/usr/lib/python2.7/site-packages/openid/server/server.py
        owner=root group=root mode=0644

- name: copy ipsilon templates
  copy: src=templates/
        dest=/usr/share/ipsilon/templates-fedora
        owner=ipsilon group=ipsilon mode=0666 

- name: copy ipsilon ui assets
  copy: src=ui-fedora/
        dest=/usr/share/ipsilon/ui/fedora
        owner=ipsilon group=ipsilon mode=0666 

- name: copy ipsilon configuration
  template: src={{ item }}.conf
            dest=/etc/ipsilon/{{ item }}.conf
            owner=ipsilon group=ipsilon mode=0600
  with_items:
  - ipsilon
  - configuration
  tags:
  - config
  notify:
  - restart apache

- name: copy ipsilon httpd config
  copy: src=ipsilon-httpd.conf
        dest=/etc/httpd/conf.d/ipsilon.conf

- name: create wellknown directory
  file: path=/etc/ipsilon/wellknown state=directory
        owner=ipsilon group=ipsilon mode=0755

- name: copy persona private key
  copy: src={{ private }}/files/ipsilon/persona.key dest=/etc/ipsilon/persona.key
        owner=ipsilon group=ipsilon mode=0600
  when: env != "staging"

- name: copy persona public key
  copy: src=browserid dest=/etc/ipsilon/wellknown/browserid
        owner=ipsilon group=ipsilon mode=0644
  when: env != "staging"

- name: copy persona STG private key
  copy: src={{ private }}/files/ipsilon/persona.stg.key dest=/etc/ipsilon/persona.stg.key
        owner=ipsilon group=ipsilon mode=0600
  when: env == "staging"

- name: copy persona STG public key
  copy: src=browserid.stg dest=/etc/ipsilon/wellknown/browserid
        owner=ipsilon group=ipsilon mode=0644
  when: env == "staging"

- name: create SAML2 dir
  file: path=/etc/ipsilon/saml2 state=directory mode=0700
        owner=ipsilon group=ipsilon setype=httpd_var_lib_t

- name: copy SAML2 private key
  copy: src={{ private }}/files/ipsilon/saml2.key dest=/etc/ipsilon/saml2/certificate.key
        owner=ipsilon group=ipsilon mode=0600
  when: env != "staging"

- name: copy SAML2 public key
  copy: src=saml2.pem dest=/etc/ipsilon/saml2/certificate.pem
        owner=ipsilon group=ipsilon mode=0644
  when: env != "staging"

- name: copy SAML2 STG private key
  copy: src={{ private }}/files/ipsilon/saml2.stg.key dest=/etc/ipsilon/saml2/certificate.stg.key
        owner=ipsilon group=ipsilon mode=0600
  when: env == "staging"

- name: copy SAML STG public key
  copy: src=saml2.stg.pem dest=/etc/ipsilon/saml2/certificate.stg.pem
        owner=ipsilon group=ipsilon mode=0644
  when: env == "staging"

- name: set sebooleans so ipsilon can talk to the db
  action: seboolean name=httpd_can_network_connect_db
                    state=true
                    persistent=true

- name: apply selinux type to the wsgi file
  file: >
    dest=/usr/libexec/ipsilon
    setype=httpd_sys_content_t