diff options
Diffstat (limited to 'gerboweb')
-rw-r--r-- | gerboweb/deploy/cgit-logo-orig.png | bin | 0 -> 104376 bytes | |||
-rw-r--r-- | gerboweb/deploy/cgit-logo.png | bin | 104376 -> 42197 bytes | |||
-rw-r--r-- | gerboweb/deploy/cgitrc | 23 | ||||
-rw-r--r-- | gerboweb/deploy/playbook.yml | 74 | ||||
-rw-r--r-- | gerboweb/deploy/setup_git.yml | 54 |
5 files changed, 119 insertions, 32 deletions
diff --git a/gerboweb/deploy/cgit-logo-orig.png b/gerboweb/deploy/cgit-logo-orig.png Binary files differnew file mode 100644 index 0000000..f781fdd --- /dev/null +++ b/gerboweb/deploy/cgit-logo-orig.png diff --git a/gerboweb/deploy/cgit-logo.png b/gerboweb/deploy/cgit-logo.png Binary files differindex f781fdd..b1c0322 100644 --- a/gerboweb/deploy/cgit-logo.png +++ b/gerboweb/deploy/cgit-logo.png diff --git a/gerboweb/deploy/cgitrc b/gerboweb/deploy/cgitrc index d77778b..9b5a651 100644 --- a/gerboweb/deploy/cgitrc +++ b/gerboweb/deploy/cgitrc @@ -1,11 +1,24 @@ css=/cgit.css -logo= /cgit.png +logo=/cgit.png enable-http-clone=1 robots=noindex, nofollow virtual-root=/ readme=:README.rst +readme=:readme.rst +readme=:README.md +readme=:readme.md +readme=:README.txt +readme=:readme.txt +readme=:README.mkd +readme=:readme.mkd +readme=:README.htm +readme=:readme.htm +readme=:README.html +readme=:readme.html +readme=:README +readme=:readme about-filter=/usr/libexec/cgit/filters/about-formatting.sh enable-index-links=1 @@ -18,3 +31,11 @@ source-filter=/usr/libexec/cgit/filters/syntax-highlighting.py project-list=/var/lib/gitolite3/projects.list scan-path=/var/lib/gitolite3/repositories + +mimetype.gif=image/gif +mimetype.html=text/html +mimetype.jpg=image/jpeg +mimetype.jpeg=image/jpeg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml diff --git a/gerboweb/deploy/playbook.yml b/gerboweb/deploy/playbook.yml index 72beb91..a34e8fe 100644 --- a/gerboweb/deploy/playbook.yml +++ b/gerboweb/deploy/playbook.yml @@ -35,20 +35,24 @@ hosts: wendelstein tasks: - name: Set hostname + tags: setup hostname: name: wendelstein.jaseg.net - name: Install common admin tools + tags: setup dnf: name: htop,tmux,fish,mosh,neovim,sqlite state: latest - name: Install host requisites + tags: setup dnf: name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd state: latest - name: Disable password-based root login + tags: setup lineinfile: path: /etc/ssh/sshd_config regexp: '^PermitRootLogin' @@ -56,12 +60,14 @@ register: disable_root_pw_ssh - name: Restart sshd + tags: setup systemd: name: sshd state: restarted when: disable_root_pw_ssh is changed - name: Configure iptables firewall service + tags: setup copy: src: iptables.rules dest: /etc/sysconfig/iptables @@ -70,13 +76,18 @@ mode: 0664 - name: Enable iptables firewall service + tags: setup systemd: name: iptables enabled: yes state: started - name: Create containers - include_tasks: setup_containers.yml + tags: setup + include_tasks: + file: setup_containers.yml + apply: + tags: setup vars: containers: - gerboweb @@ -84,31 +95,72 @@ - pogojig - name: Setup web server - include_tasks: setup_webserver.yml + tags: www + include_tasks: + file: setup_webserver.yml + apply: + tags: www - name: Setup gerboweb - include_tasks: setup_gerboweb.yml + tags: gerboweb + include_tasks: + file: setup_gerboweb.yml + apply: + tags: gerboweb - name: Setup clippy - include_tasks: setup_clippy.yml + tags: clippy + include_tasks: + file: setup_clippy.yml + apply: + tags: clippy - name: Setup secure download - include_tasks: setup_secure_download.yml + tags: secure-download + include_tasks: + file: setup_secure_download.yml + apply: + tags: secure-download - name: Setup tracespace - include_tasks: setup_tracespace.yml + tags: pogojig + include_tasks: + file: setup_tracespace.yml + apply: + tags: pogojig - name: Setup openjscad - include_tasks: setup_openjscad.yml + tags: pogojig + include_tasks: + file: setup_openjscad.yml + apply: + tags: pogojig - name: Setup pogojig - include_tasks: setup_pogojig.yml + tags: pogojig + include_tasks: + file: setup_pogojig.yml + apply: + tags: pogojig - name: Setup notification proxy - include_tasks: setup_notification_proxy.yml + tags: notification-proxy + include_tasks: + file: setup_notification_proxy.yml + apply: + tags: + notification-proxy - name: Setup semi-public git server - include_tasks: setup_git.yml + tags: git + include_tasks: + file: setup_git.yml + apply: + tags: git - name: Setup private DynDNS service - include_tasks: setup_dyndns.yml + tags: dyndns + include_tasks: + file: setup_dyndns.yml + apply: + tags: dyndns diff --git a/gerboweb/deploy/setup_git.yml b/gerboweb/deploy/setup_git.yml index 6e7d621..d1789bd 100644 --- a/gerboweb/deploy/setup_git.yml +++ b/gerboweb/deploy/setup_git.yml @@ -43,26 +43,34 @@ name: uwsgi-app@cgit.socket enabled: yes -- name: Copy gitolite admin pubkey - copy: - src: ~/.ssh/id_ed25519.gitolite.pub - dest: /tmp/jaseg-gitolite.pub - owner: gitolite3 - group: gitolite3 - -- name: Run gitolite initialization - command: gitolite setup -pk /tmp/jaseg-gitolite.pub - become: true - become_method: su - become_user: gitolite3 - become_flags: '-s /bin/sh' - args: - creates: /var/lib/gitolite3/projects.list - -- name: Remove leftover admin pubkey - file: - state: absent - path: /tmp/jaseg-gitolite.pub +- name: Check if gitolite ssh config exists + stat: + path: /var/lib/gitolite3/.ssh/authorized_keys + register: gitolite_ssh_keys_stat + +- name: Gitolite admin key setup + block: + - name: Copy gitolite admin pubkey + copy: + src: ~/.ssh/id_ed25519.gitolite.pub + dest: /tmp/jaseg-gitolite.pub + owner: gitolite3 + group: gitolite3 + + - name: Run gitolite initialization + command: gitolite setup -pk /tmp/jaseg-gitolite.pub + become: true + become_method: su + become_user: gitolite3 + become_flags: '-s /bin/sh' + args: + creates: /var/lib/gitolite3/projects.list + + - name: Remove leftover admin pubkey + file: + state: absent + path: /tmp/jaseg-gitolite.pub + when: not gitolite_ssh_keys_stat.stat.exists - name: Allow uwsgi group to access gitolite repo dir file: @@ -113,3 +121,9 @@ home: "{{ getent_passwd['gitolite3'][4] }}" uid: "{{ getent_passwd['gitolite3'][1] }}" +- name: Hack to fix cgit handling for restructuredtext readmes + file: + src: /usr/bin/rst2html + dest: /usr/bin/rst2html.py + state: link + |