ipsilon: Convert oidc config to template

roles/ipsilon/tasks/main.yml

@@ -71,10 +71,10 @@
     group: ipsilon
     setype: _default
 
-- name: Copy OIDC static config
-  ansible.builtin.copy:
+- name: Create OIDC static config
+  ansible.builtin.template:
     dest: /etc/ipsilon/openidc-static.conf
-    src: "{{ ansible_private }}/files/ipsilon/openidc-static.conf"
+    src: openidc-static.conf.j2
     mode: "0600"
     owner: "{{ subuid.stdout }}"
     group: "{{ subgid.stdout }}"

roles/ipsilon/templates/openidc-static.conf.j2

@@ -0,0 +1,26 @@
+[client]
+{% for client in openidc_clients %}
+{{ client["name"] }} application_type="web"
+{{ client["name"] }} client_id=null
+{{ client["name"] }} client_id_issued_at=0
+{{ client["name"] }} client_name="{{ client["name"] }}"
+{{ client["name"] }} client_secret="{{ client["client_secret"] }}"
+{{ client["name"] }} client_secret_expires_at=0
+{{ client["name"] }} client_uri="{{ client["client_uri"] }}"
+{{ client["name"] }} contacts=["adm@foo.sh"]
+{{ client["name"] }} grant_types=["authorization_code"]
+{{ client["name"] }} id_token_signed_response_alg="RS256"
+{{ client["name"] }} ipsilon_internal={"type": "static", "client_id": "{{ client["name"] }}", "trusted": true}
+{{ client["name"] }} jwks=null
+{{ client["name"] }} jwks_uri=null
+{{ client["name"] }} logo_uri=null
+{{ client["name"] }} policy_uri=null
+{{ client["name"] }} redirect_uris=["{{ client["redirect_uri"] }}"]
+{{ client["name"] }} request_uris=[]
+{{ client["name"] }} require_auth_time=null
+{{ client["name"] }} response_types=["code"]
+{{ client["name"] }} subject_type="pairwise"
+{{ client["name"] }} sector_identifier_uri=null
+{{ client["name"] }} token_endpoint_auth_method="client_secret_post"
+{{ client["name"] }} tos_uri=null
+{% endfor %}