roles/koji-web: Deploy the Koji Web UI

The *koji-web* role installs and configures the Koji Web GUI front-end
for Koji. It requires Apache and mod_wsgi. A client certificate is
required for authentication to the hub, and must be placed in the
host-specific subdirectory of `certs/koji`.

roles/koji-web/templates/web.conf.j2

@@ -0,0 +1,37 @@
+{#- vim: set ft=jinja : -#}
+[web]
+SiteName = koji
+#KojiTheme = mytheme
+
+# Key urls
+KojiHubURL = {{ kojihub_url }}
+KojiFilesURL = {{ kojifiles_url }}
+
+# Kerberos authentication options
+# WebPrincipal = koji/web@EXAMPLE.COM
+# WebKeytab = /etc/httpd.keytab
+# WebCCache = /var/tmp/kojiweb.ccache
+# The service name of the principal being used by the hub
+# KrbService = host
+
+# SSL authentication options
+WebCert = /etc/kojiweb/kojiweb.pem
+ClientCA = /etc/kojiweb/clientca.crt
+KojiHubCA = /etc/kojiweb/kojihubca.crt
+
+LoginTimeout = 72
+
+# This must be changed and uncommented before deployment
+Secret = {{ kojiweb_secret }}
+
+LibPath = /usr/share/koji-web/lib
+
+# If set to True, then the footer will be included literally.
+# If False, then the footer will be included as another Kid Template.
+# Defaults to True
+LiteralFooter = True
+
+# This can be a space-delimited list of the numeric IDs of users that you want
+# to hide from tasks listed on the front page. You might want to, for instance,
+# hide the activity of an account used for continuous integration.
+#HiddenUsers = 5372 1234