1 files changed, 14 insertions, 1 deletions

diff --git a/roles/nginx/auth/whawty-sso/auth/tasks/main.yml b/roles/nginx/auth/whawty-sso/auth/tasks/main.yml
index fa6048dd..5ae64b9b 100644
--- a/roles/nginx/auth/whawty-sso/auth/tasks/main.yml
+++ b/roles/nginx/auth/whawty-sso/auth/tasks/main.yml
@@ -4,6 +4,15 @@
     path: /etc/nginx/auth/whawty-sso
     state: directory
 
+- name: make sure store backend directories exist
+  loop: "{{ whawty_nginx_sso_auths | dict2items | selectattr('value.config.cookie.backend.bolt', 'defined') }}"
+  loop_control:
+    label: "{{ item.key }}"
+  file:
+    path: "{{ item.value.config.cookie.backend.bolt.path | default('/var/lib/whawty/nginx-sso/'~item.key~'.bolt') | dirname }}"
+    state: directory
+    mode: 0700
+
 - name: generate configuration file
   loop: "{{ whawty_nginx_sso_auths | dict2items }}"
   loop_control:
@@ -11,7 +20,11 @@
   copy:
     content: |
       # ansible generated
-      {{ item.value.config | to_nice_yaml(indent=2) }}
+      {% set ssoconf = item.value.config %}
+      {% if 'bolt' in ssoconf.cookie.backend and 'path' not in ssoconf.cookie.backend.bolt %}
+      {%   set _dummy = ssoconf.cookie.backend.bolt.update({'path': '/var/lib/whawty/nginx-sso/'~item.key~'.bolt'}) %}
+      {% endif %}
+      {{ ssoconf | to_nice_yaml(indent=2) }}
     dest: "/etc/nginx/auth/whawty-sso/{{ item.key }}.yml"
     mode: 0400
   notify: restart whawty-nginx-sso