ipsilon: Add OIDC key

roles/ipsilon/tasks/main.yml

@@ -27,6 +27,15 @@
     group: ipsilon
     remote_src: true
 
+- name: Copy OIDC key
+  ansible.builtin.copy:
+    dest: "{{ tls_private }}/openidc.key"
+    src: "{{ ansible_private }}/files/ipsilon/openidc.key"
+    mode: "0640"
+    owner: root
+    group: ipsilon
+  notify: Restart ipsilon-container
+
 - name: Get container source
   ansible.builtin.git:
     dest: /usr/local/src/docker-ipsilon

roles/ipsilon/templates/ipsilon-container.service.j2

@@ -13,6 +13,7 @@ ExecStart=/usr/bin/podman run \
     --volume={{ tls_certs }}/ca.crt:/etc/ssl/certs/ca.crt:ro \
     --volume={{ tls_certs }}/{{ inventory_hostname }}.crt:/etc/ssl/certs/{{ inventory_hostname }}.crt:ro \
     --volume={{ tls_private }}/ipsilon.key:/etc/ssl/private/{{ inventory_hostname }}.key:ro \
+    --volume={{ tls_private }}/openidc.key:/etc/ipsilon/openidc.key:ro \
     ipsilon:latest
 ExecStop=/usr/bin/podman stop --ignore ipsilon
 ExecStopPost=/usr/bin/podman rm -f --ignore ipsilon

roles/ipsilon/templates/ipsilon-container.sysconfig.j2

@@ -5,3 +5,6 @@ IPSILON_DB_HOST="sqldb02.home.foo.sh"
 IPSILON_DB_CA="/etc/ssl/certs/ca.crt"
 IPSILON_DB_KEY="/etc/ssl/private/{{ inventory_hostname }}.key"
 IPSILON_DB_CERT="/etc/ssl/certs/{{ inventory_hostname}}.crt"
+IPSILON_HOSTNAME="idp.foo.sh"
+IPSILON_OPENIDC_KEYID="{{ ipsilon_openidc_keyid }}"
+IPSILON_OPENIDC_SALT="{{ ipsilon_openidc_salt }}"