websites: Add role for darkchestofwonders.us

The *websites/darkchestofwonders.us* role prepares a machine to host
http://darkchestofwonders.us/. The website itself is published via rsync
by Jenkins.

roles/websites/darkchestofwonders.us/templates/darkchestofwonders.us.httpd.conf.j2

@@ -0,0 +1,47 @@
+WSGIDaemonProcess dcow \
+	user=webapp.dcow \
+	group=webapp.dcow \
+	python-home=/srv/www/darkchestofwonders.us/venv \
+	lang=en_US.UTF-8 \
+	display-name=%{GROUP}
+
+<VirtualHost _default_:80>
+ServerName darkchestofwonders.us
+
+RewriteEngine On
+RewriteRule (.*) https://%{SERVER_NAME}$1 [R=301,L]
+</VirtualHost>
+
+<VirtualHost _default_:443>
+ServerName darkchestofwonders.us
+
+Include conf.d/ssl.include
+SSLCertificateKeyFile /var/lib/letsencrypt/live/darkchestofwonders.us/privkey.pem
+SSLCertificateFile /var/lib/letsencrypt/live/darkchestofwonders.us/fullchain.pem
+
+<IfModule mod_headers.c>
+	Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains"
+</IfModule>
+
+WSGIScriptAlias / /srv/www/darkchestofwonders.us/dcow.wsgi \
+	process-group=dcow
+Alias /screenshots /srv/www/darkchestofwonders.us/screenshots
+
+<Location />
+	Require all granted
+</Location>
+
+<Location /upload>
+<IfModule auth_gssapi_module>
+	AuthType GSSAPI
+	AuthName "{{ krb5_realm|lower }} Domain Authentication"
+	#KrbServiceName HTTP/{{ ansible_fqdn }}@{{ krb5_realm }}
+	GssapiCredStore keytab:/etc/httpd/httpd.keytab
+	GssapiBasicAuth On
+	Require valid-user
+</IfModule>
+<IfModule !auth_kerb_module>
+	Require all denied
+</IfModule>
+</Location>	
+</VirtualHost>