From f4684a1f076112372cc53dfe0982f2fe6f071c84 Mon Sep 17 00:00:00 2001
From: Aurélien Bompard <aurelien@bompard.org>
Date: Oct 08 2020 08:11:36 +0000
Subject: Ipsilon: fix config files


Signed-off-by: Aurélien Bompard <aurelien@bompard.org>

---

diff --git a/roles/ipsilon/tasks/main.yml b/roles/ipsilon/tasks/main.yml
index 4666fa0..6a6b00e 100644
--- a/roles/ipsilon/tasks/main.yml
+++ b/roles/ipsilon/tasks/main.yml
@@ -132,7 +132,7 @@
 
 - name: Install ipsilon
   command:
-    cmd: ipsilon-server-install 
+    cmd: ipsilon-server-install
          --root-instance
          --admin-user=admin
          --ipa=yes
@@ -250,7 +250,6 @@
     owner: ipsilon
     group: ipsilon
     mode: 0600
-  when: env != "staging"
   tags:
   - ipsilon
 
diff --git a/roles/ipsilon/templates/configuration.conf b/roles/ipsilon/templates/configuration.conf
index 910cc29..be982f7 100644
--- a/roles/ipsilon/templates/configuration.conf
+++ b/roles/ipsilon/templates/configuration.conf
@@ -53,7 +53,6 @@ openidc tos url=https://fedoraproject.org/wiki/Legal:PrivacyPolicy
 openidc idp sig key id=20161031-sig
 openidc allow dynamic client registration=False
 {% if env == 'staging' %}
-openidc default attribute mapping=[["*", "*"]]
 openidc default attribute mapping=[["*", "*"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "nickname"], ["_username", "preferred_username"], ["fasIRCNick", "ircnick"], ["fasLocale", "locale"], ["fasTimeZone", "zoneinfo"], ["fasTimeZone", "timezone"], ["fasGPGKeyId", "gpgkeyids"], ["fasIsPrivate", "privacy"], ["fullname", "human_name"], ["nsAccountLock", "locked"]]
 {% else %}
 openidc default attribute mapping=[["*", "*"], ["timezone", "zoneinfo"], ["_groups", "groups"], [["_extras", "cla"], "cla"], ["fullname", "name"], ["_username", "preferred_username"]]
diff --git a/roles/ipsilon/templates/httpd.conf.staging.j2 b/roles/ipsilon/templates/httpd.conf.staging.j2
index 9cc81b6..c208c7d 100644
--- a/roles/ipsilon/templates/httpd.conf.staging.j2
+++ b/roles/ipsilon/templates/httpd.conf.staging.j2
@@ -21,7 +21,7 @@ RewriteRule ^([a-z0-9-]+)\.id\.fedoraproject\.org/.* /openid/id/$1/ [PT]
 
 
 WSGIScriptAlias / /usr/libexec/ipsilon
-WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon display-name=ipsilon processes=2 threads=2 maximum-requests=1000
+WSGIDaemonProcess ipsilon user=ipsilon group=ipsilon home=/var/lib/ipsilon/root display-name=ipsilon processes=2 threads=2 maximum-requests=1000
 # This header is required to be passed for OIDC client_secret_basic
 WSGIPassAuthorization On
 # Without this, getting the private key in jwcrypto/jwk.py, line 430, fails