reverse-proxy-client must include reverse proxy CA

seed/apache/dictionaries/20_web.xml

@@ -2,7 +2,6 @@
 <rougail version="0.10">
   <services>
     <service name="httpd" target="multi-user">
-      <file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
       <file>/etc/httpd/conf/httpd.conf</file>
       <file>/etc/httpd/conf.d/risotto.conf</file>
       <file>/etc/httpd/conf.d/ssl.conf</file>

seed/gitea/dictionaries/31_gitea.xml

@@ -2,7 +2,6 @@
 <rougail version="0.10">
   <services>
     <service name="gitea" target="multi-user" engine="creole">
-      <file>/etc/pki/ca-trust/source/anchors/ca_InternalReverseProxy.crt</file>
       <file engine="none" source="sysuser-gitea.conf">/sysusers.d/0gitea.conf</file>
       <file engine="none" source="tmpfile-gitea.conf">/tmpfiles.d/0gitea.conf</file>
       <file>/etc/gitea/app.ini</file>
@@ -15,6 +14,11 @@
         <value>2222</value>
       </variable>
     </family>
+    <family name="redis" description="Redis">
+      <variable name="redis_client_key_owner" redefine="True">
+        <value>gitea</value>
+      </variable>
+    </family>
     <family name="gitea" description="Gitea" help="Git forge Gitea">
       <variable name="gitea_title" mandatory="True" description="Titre de la forge">
         <value>Gitea: Git avec une tasse de thé</value>

seed/ldap-client/templates/ldap-client.service

@@ -5,4 +5,3 @@ Before=risotto.target
 [Service]
 Type=oneshot
 ExecStart=/usr/bin/timeout 90 bash -c 'while ! 3<> /dev/tcp/%%ldap_server_address/%%ldap_port; do sleep 1; done'
-

seed/nginx-common/dictionaries/21_nginx.xml

@@ -10,7 +10,6 @@
       <file>/var/www/html/error.html</file>
       <file engine="none" source="sysusers.nginx.conf" filelist="nginx_fedora">/sysusers.d/nginx.conf</file>
       <file source="tmpfiles.nginx.conf">/tmpfiles.d/nginx.conf</file>
-      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
       <file file_type="variable" filelist="nginx_default_https" mode="600" source="nginx.crt">revprox_crt_file</file>
       <file file_type="variable" filelist="nginx_default_https" mode="600" source="nginx.key">revprox_key_file</file>
       <file>/tests/nginx-common.yml</file>

seed/nginx-reverse-proxy/dictionaries/20_nginx.xml

@@ -3,6 +3,7 @@
   <services>
     <service name='nginx'>
       <file>/etc/pki/ca-trust/source/anchors/ca_HTTP.crt</file>
+      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_ca_file</file>
     </service>
   </services>
 </rougail>

seed/reverse-proxy-client/dictionaries/21_nginx_client.xml

@@ -4,6 +4,7 @@
     <service name="nginx" manage="False">
       <file file_type="variable" source="revprox.crt">revprox_client_cert_file</file>
       <file file_type="variable" source="revprox.key" owner_type="variable" owner="revprox_client_cert_owner" group_type="variable" group="revprox_client_cert_group" mode="400">revprox_client_key_file</file>
+      <file file_type="variable" source="ca_InternalReverseProxy.crt">revprox_client_ca_file</file>
     </service>
   </services>
   <variables>
@@ -33,6 +34,7 @@
       </variable>
       <variable name="revprox_client_cert_file" type="filename" description="Reverse proxy certificate filename" hidden="True"/>
       <variable name="revprox_client_key_file" type="filename" description="Reverse proxy private key filename" hidden="True"/>
+      <variable name="revprox_client_ca_file" type="filename" description="Reverse proxy CA filename" hidden="True"/>
     </family>
   </variables>
   <constraints>
@@ -58,5 +60,11 @@
       <param name="join">/</param>
       <target>revprox_client_key_file</target>
     </fill>
+    <fill name="calc_value">
+      <param type="variable">tls_ca_directory</param>
+      <param>ca_InternalReverseProxy.crt</param>
+      <param name="join">/</param>
+      <target>revprox_client_ca_file</target>
+    </fill>
   </constraints>
 </rougail>