diff options
author | Lars Wirzenius <liw@liw.fi> | 2017-04-24 12:57:57 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2017-04-24 12:57:57 +0300 |
commit | 8d7be2a4659f20af0386048b2444f6d0adc59c41 (patch) | |
tree | d5e8664ad20a66054529f680b661f64851b060c3 /roles/gitano_server | |
parent | bc0d7897d1f4a88d5d60b9460a3fd52a3fc196bc (diff) | |
download | debian-ansible-8d7be2a4659f20af0386048b2444f6d0adc59c41.tar.gz |
Rename roles to be more specific
Suggested by Ivan Dolgov.
Diffstat (limited to 'roles/gitano_server')
-rw-r--r-- | roles/gitano_server/README | 3 | ||||
-rw-r--r-- | roles/gitano_server/defaults/main.yml | 9 | ||||
-rw-r--r-- | roles/gitano_server/files/git-daemon.service | 11 | ||||
-rw-r--r-- | roles/gitano_server/files/git-daemon.socket | 9 | ||||
-rw-r--r-- | roles/gitano_server/tasks/cgit.yml | 50 | ||||
-rw-r--r-- | roles/gitano_server/tasks/git-daemon.yml | 22 | ||||
-rw-r--r-- | roles/gitano_server/tasks/gitano.yml | 43 | ||||
-rw-r--r-- | roles/gitano_server/tasks/main.yml | 3 | ||||
-rw-r--r-- | roles/gitano_server/templates/apache-cgit-host.j2 | 37 | ||||
-rw-r--r-- | roles/gitano_server/templates/cgitrc.j2 | 49 | ||||
-rw-r--r-- | roles/gitano_server/templates/gitano-setup.answers | 11 |
11 files changed, 247 insertions, 0 deletions
diff --git a/roles/gitano_server/README b/roles/gitano_server/README new file mode 100644 index 0000000..209a088 --- /dev/null +++ b/roles/gitano_server/README @@ -0,0 +1,3 @@ +This role sets up a host as a git server. Git access is controlled by +Gitano. Cgit (via Apache) provides web browsing of public +repositories. The git protocol (read-only) is also supported. diff --git a/roles/gitano_server/defaults/main.yml b/roles/gitano_server/defaults/main.yml new file mode 100644 index 0000000..cefb0c5 --- /dev/null +++ b/roles/gitano_server/defaults/main.yml @@ -0,0 +1,9 @@ +gitano_bypass_pub: /path/to/your/gitano/bypass/ssh/public/key +gitano_admin_pub: /path/to/your/gitano/admin/public/key +gitano_site_name: my.git.server +gitano_log_prefix: gitano +cgit_hosts: + - add + - your + - hosts + - here diff --git a/roles/gitano_server/files/git-daemon.service b/roles/gitano_server/files/git-daemon.service new file mode 100644 index 0000000..0b95597 --- /dev/null +++ b/roles/gitano_server/files/git-daemon.service @@ -0,0 +1,11 @@ +[Unit] +Description=Git Daemon +Documentation=man:git-daemon(1) + +[Service] +User=nobody +Group=nogroup +ExecStart=-/usr/lib/git-core/git-daemon --inetd --base-path=/home/git/repos --verbose +StandardInput=socket +StandardOutput=inherit +StandardError=journal diff --git a/roles/gitano_server/files/git-daemon.socket b/roles/gitano_server/files/git-daemon.socket new file mode 100644 index 0000000..3dec01d --- /dev/null +++ b/roles/gitano_server/files/git-daemon.socket @@ -0,0 +1,9 @@ +[Unit] +Description=Git Activation Socket + +[Socket] +ListenStream=9418 +Accept=true + +[Install] +WantedBy=sockets.target diff --git a/roles/gitano_server/tasks/cgit.yml b/roles/gitano_server/tasks/cgit.yml new file mode 100644 index 0000000..fff0d93 --- /dev/null +++ b/roles/gitano_server/tasks/cgit.yml @@ -0,0 +1,50 @@ +- name: install cgit + apt: name=cgit + +- name: enable modules for Apache + shell: + "a2enmod {{ item }}" + with_items: + - cgi + - rewrite + +- name: create empty dir as cgi docroot + file: + state: directory + path: /var/lib/misc/cgit-docroot + owner: root + group: root + mode: 0755 + +- name: create directories for Apache log files + file: + state: directory + path: "/var/log/apache2/{{ item }}" + owner: root + group: root + mode: 0755 + with_items: "{{ cgit_hosts }}" + +# This only works with exactly one item in cgit_hosts. To be fixed if +# there's need for more someday. +- name: install cgitrc + template: + src: cgitrc.j2 + dest: /etc/cgitrc + owner: root + group: root + mode: 0755 + with_items: "{{ cgit_hosts }}" + +- name: install apache virtualhosts + template: + src: apache-cgit-host.j2 + dest: "/etc/apache2/sites-available/{{ item }}.conf" + owner: root + group: root + mode: 0755 + with_items: "{{ cgit_hosts }}" + +- name: enable virtualhosts + shell: "a2ensite {{ item }}" + with_items: "{{ cgit_hosts }}" diff --git a/roles/gitano_server/tasks/git-daemon.yml b/roles/gitano_server/tasks/git-daemon.yml new file mode 100644 index 0000000..e3e15f1 --- /dev/null +++ b/roles/gitano_server/tasks/git-daemon.yml @@ -0,0 +1,22 @@ +- name: copy over git-daemon.service + copy: + src: git-daemon.service + dest: /lib/systemd/system/git-daemon@.service + owner: root + group: root + mode: 0644 + +- name: copy over git-daemon.socket + copy: + src: git-daemon.socket + dest: /lib/systemd/system/git-daemon.socket + owner: root + group: root + mode: 0644 + +- name: start git-daemon.socket + systemd: + name: git-daemon.socket + daemon_reload: yes + state: started + enabled: yes diff --git a/roles/gitano_server/tasks/gitano.yml b/roles/gitano_server/tasks/gitano.yml new file mode 100644 index 0000000..7d7b4fb --- /dev/null +++ b/roles/gitano_server/tasks/gitano.yml @@ -0,0 +1,43 @@ +- name: install gitano + apt: name=gitano + +- name: create Unix user git + user: + name: git + comment: "Gitano server" + system: yes + +- name: install bypass ssh key to git user auth keys + authorized_key: + user: git + state: present + key: "{{ lookup('file', gitano_bypass_pub) }}" + +- name: copy over gitano admin public key + copy: + src: "{{ gitano_admin_pub }}" + dest: /home/git/admin.pub + owner: git + group: git + mode: 0644 + +- name: copy over gitano bypass public key + copy: + src: "{{ gitano_bypass_pub }}" + dest: /home/git/bypass.pub + owner: git + group: git + mode: 0644 + +- name: "copy over gitano-setup.answers" + template: + src: gitano-setup.answers + dest: /home/git/gitano-setup.answers + owner: git + group: git + mode: 0644 + +- name: run gitano-setup + shell: sudo -i -u git gitano-setup /home/git/gitano-setup.answers + args: + creates: /home/git/repos diff --git a/roles/gitano_server/tasks/main.yml b/roles/gitano_server/tasks/main.yml new file mode 100644 index 0000000..08486fa --- /dev/null +++ b/roles/gitano_server/tasks/main.yml @@ -0,0 +1,3 @@ +- include: gitano.yml +- include: git-daemon.yml +- include: cgit.yml diff --git a/roles/gitano_server/templates/apache-cgit-host.j2 b/roles/gitano_server/templates/apache-cgit-host.j2 new file mode 100644 index 0000000..2f9eeb0 --- /dev/null +++ b/roles/gitano_server/templates/apache-cgit-host.j2 @@ -0,0 +1,37 @@ +<VirtualHost *:80> + ServerName {{ item }} + ServerAdmin root@localhost + DocumentRoot /var/lib/misc/cgit-docroot + ErrorLog /var/log/apache2/{{ item }}/error.log + CustomLog /var/log/apache2/{{ item }}/access.log combined + + ScriptAlias /cgi-bin/cgit/ /usr/lib/cgit/ + ScriptAlias /cgi-bin/ /usr/lib/cgit/ + + <Directory "/usr/lib/cgit"> + AllowOverride None + Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch + Require all granted + </Directory> + + # CGIT stuff + DirectoryIndex /cgi-bin/cgit.cgi + Alias /cgit.png /usr/share/cgit/cgit.png + Alias /cgit.css /usr/share/cgit/cgit.css + <Directory "/home/git/repos"> + Options FollowSymlinks Indexes + AllowOverride none + Require all granted + </Directory> + + <Location /> + Require all granted + </Location> + + RewriteEngine on + RewriteCond %{REQUEST_FILENAME} !-f + RewriteCond %{REQUEST_FILENAME} !-d + RewriteCond %{REQUEST_FILENAME} !cgit + RewriteRule ^.* /cgi-bin/cgit.cgi/$0 [L,PT] + +</VirtualHost> diff --git a/roles/gitano_server/templates/cgitrc.j2 b/roles/gitano_server/templates/cgitrc.j2 new file mode 100644 index 0000000..4e518cf --- /dev/null +++ b/roles/gitano_server/templates/cgitrc.j2 @@ -0,0 +1,49 @@ +# Enable caching of up to 1000 output entriess +cache-size=1000 + +# Specify some default clone prefixes +clone-prefix=git://{{ item }} + +# Specify the css url +css=/cgit.css + +# Specify the logo url +logo=/cgit.png + +# Show extra links for each repository on the index page +enable-index-links=1 + +# Show number of affected files per commit on the log pages +enable-log-filecount=1 + +# Show number of added/removed lines per commit on the log pages +enable-log-linecount=1 + +# Set the title and heading of the repository index page +root-title={{ item }} +root-desc=git repositories for {{ item }} + +# Allow download of tar.gz, tar.bz2 and zip-files +snapshots=tar.gz + +#source-filter=/usr/lib/cgit/filters/syntax-highlighting.sh + +remove-suffix=1 + +enable-git-config=1 + +strict-export=git-daemon-export-ok + +scan-path=/home/git/repos + +virtual-root=/ + +## +## List of common mimetypes +## +mimetype.git=image/git +mimetype.html=text/html +mimetype.jpg=image/jpeg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml diff --git a/roles/gitano_server/templates/gitano-setup.answers b/roles/gitano_server/templates/gitano-setup.answers new file mode 100644 index 0000000..9c7711e --- /dev/null +++ b/roles/gitano_server/templates/gitano-setup.answers @@ -0,0 +1,11 @@ +setup.batch "yes" +paths.bypasskey "/home/git/bypass.pub" +paths.home "/home/git" +paths.ssh "/home/git/.ssh" +paths.pubkey "/home/git/admin.pub" +paths.repos "/home/git/repos" +admin.username "admin" +admin.realname "Administrator" +admin.email "admin@administrator.local" +site.name "{{ gitano_site_name }}" +log.prefix "{{ gitano_log_prefix }}" |