mirror of
https://pagure.io/fedora-infra/ansible.git
synced 2026-04-27 12:03:38 +08:00
234 lines
4.6 KiB
YAML
234 lines
4.6 KiB
YAML
- name: add totpcgi user
|
|
user: name=totpcgi uid=501 state=present home=/var/lib/totpcgi createhome=yes system=yes
|
|
tags:
|
|
- config
|
|
|
|
- name: install needed packages
|
|
yum: pkg={{ item }} state=present
|
|
with_items:
|
|
- mod_auth_pgsql
|
|
- totpcgi
|
|
- totpcgi-selinux
|
|
- totpcgi-provisioning
|
|
- python-qrcode
|
|
- httpd
|
|
- mod_ssl
|
|
tags:
|
|
- packages
|
|
|
|
- name: Install the cgi apache configuration files
|
|
template: >
|
|
src={{ item.file }}.j2 dest=/etc/httpd/conf.d/{{ item.dest }}
|
|
owner=root group=root mode=0444
|
|
with_items:
|
|
- {file: provisioning-httpd.conf, dest: totpcgi-provisioning.conf }
|
|
tags:
|
|
- files
|
|
- config
|
|
notify:
|
|
- restart apache
|
|
|
|
- name: create directories
|
|
file: path=/etc/{{ item }} state=directory owner=root group=totpcgi mode=750
|
|
with_items:
|
|
- pki/totpcgi
|
|
- totpcgi/totp
|
|
|
|
- name: create template directory for totpcgiprov
|
|
file: path=/etc/{{ item }} state=directory owner=root group=totpcgiprov mode=750
|
|
with_items:
|
|
- totpcgi/templates
|
|
|
|
- name: create /etc/totpcgi with the proper rights and owners
|
|
file: path=/etc/{{ item }} state=directory owner=totpcgiprov group=totpcgi mode=750
|
|
with_items:
|
|
- totpcgi
|
|
|
|
- name: copy html files over
|
|
copy: >
|
|
src=html
|
|
dest=/etc/totpcgi/templates/html
|
|
owner=root
|
|
group=totpcgiprov
|
|
mode=0750
|
|
tags:
|
|
- files
|
|
- config
|
|
|
|
- name: copy provisioning index file over
|
|
copy: >
|
|
src=provisioning.cgi
|
|
dest=/var/www/totpcgi-provisioning/index.cgi
|
|
owner=totpcgiprov
|
|
group=totpcgiprov
|
|
mode=0550
|
|
tags:
|
|
- files
|
|
- config
|
|
|
|
- name: copy index file over
|
|
copy: >
|
|
src=index.cgi
|
|
dest=/var/www/totpcgi/index.cgi
|
|
owner=totpcgi
|
|
group=totpcgi
|
|
mode=0550
|
|
tags:
|
|
- files
|
|
- config
|
|
|
|
- name: copy totpcgi.conf file over
|
|
template: >
|
|
src=totpcgi.conf.j2
|
|
dest=/etc/totpcgi/totpcgi.conf
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
|
|
# staging certs
|
|
|
|
- name: copy staging server cert file over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.crt
|
|
dest=/etc/pki/tls/certs/totpcgi-server.crt
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
when: env == "staging"
|
|
|
|
- name: copy staging server key file over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/fas-all.stg.phx2.fedoraproject.org.key
|
|
dest=/etc/pki/totpcgi/totpcgi-server.key
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
when: env == "staging"
|
|
|
|
- name: copy staging server conf file over
|
|
copy: >
|
|
src=totpcgi-httpd.conf.stg
|
|
dest=/etc/httpd/conf.d/totpcgi.conf
|
|
owner=root
|
|
group=root
|
|
mode=0444
|
|
tags:
|
|
- files
|
|
- config
|
|
when: env == "staging"
|
|
|
|
# prod certs
|
|
|
|
- name: copy server cert file over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.crt
|
|
dest=/etc/pki/totpcgi/totpcgi-server.crt
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
when: env == "production"
|
|
|
|
- name: copy server cert file over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/fas-all.phx2.fedoraproject.org.key
|
|
dest=/etc/pki/totpcgi/totpcgi-server.key
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
when: env == "production"
|
|
|
|
- name: copy totpcgi httpd config
|
|
copy: >
|
|
src=totpcgi-httpd.conf
|
|
dest=/etc/httpd/conf.d/totpcgi.conf
|
|
owner=root
|
|
group=root
|
|
mode=0444
|
|
tags:
|
|
- files
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
when: env == "production"
|
|
|
|
# vpn certs
|
|
|
|
- name: copy VPN server cert file over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.crt
|
|
dest=/etc/pki/totpcgi/totpcgi-server-vpn.crt
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
notify:
|
|
- reload httpd
|
|
when: env == "production"
|
|
|
|
- name: copy VPN server cert file over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/fas-all.vpn.fedoraproject.org.key
|
|
dest=/etc/pki/totpcgi/totpcgi-server-vpn.key
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
when: env == "production"
|
|
|
|
- name: copy VPN server cert file over
|
|
copy: >
|
|
src=totpcgi-httpd.conf.vpn
|
|
dest=/etc/httpd/conf.d/totpcgi-vpn.conf
|
|
owner=root
|
|
group=root
|
|
mode=0444
|
|
tags:
|
|
- files
|
|
- config
|
|
when: env == "production"
|
|
|
|
- name: copy ca cert over
|
|
copy: >
|
|
src={{ private }}/files/2fa-certs/keys/ca.crt
|
|
dest=/etc/pki/totpcgi/totpcgi-ca.crt
|
|
owner=root
|
|
group=totpcgi
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|
|
|
|
- name: copy provisioning.conf over
|
|
template: >
|
|
src=provisioning.conf.j2
|
|
dest=/etc/totpcgi/provisioning.conf
|
|
owner=root
|
|
group=totpcgiprov
|
|
mode=0640
|
|
tags:
|
|
- files
|
|
- config
|