aboutsummaryrefslogtreecommitdiff
path: root/gerboweb/deploy/setup_git.yml
blob: d1789bd5519b1ebd67eee38829983d24ad1231a5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
- name: Install host requisites
  dnf:
      name: cgit,gitolite3,python3-pygments,python3-docutils,nodejs-markdown
      state: latest

- name: Copy cgit favicon
  copy:
      src: cgit-logo.png
      dest: /var/www/git.jaseg.de/cgit.png

- name: Create cgit instance config dir
  file:
    path: /var/lib/cgit
    state: directory
    mode: 0755

- name: Copy cgit rc
  copy:
      src: cgitrc
      dest: /var/lib/cgit/cgitrc-gitolite-public
      mode: 0644

- name: Create uwsgi worker user and group
  user:
      name: uwsgi-cgit
      create_home: no
      group: uwsgi
      password: '!'
      shell: /sbin/nologin
      system: yes

- name: Copy uwsgi config
  copy:
      src: uwsgi-cgit.ini
      dest: /etc/uwsgi.d/cgit.ini
      owner: uwsgi-cgit
      group: uwsgi
      mode: 0440

- name: Enable uwsgi systemd socket
  systemd:
      daemon-reload: yes
      name: uwsgi-app@cgit.socket
      enabled: yes

- name: Check if gitolite ssh config exists
  stat:
      path: /var/lib/gitolite3/.ssh/authorized_keys
  register: gitolite_ssh_keys_stat

- name: Gitolite admin key setup
  block:
    - name: Copy gitolite admin pubkey
      copy:
          src: ~/.ssh/id_ed25519.gitolite.pub
          dest: /tmp/jaseg-gitolite.pub
          owner: gitolite3
          group: gitolite3

    - name: Run gitolite initialization
      command: gitolite setup -pk /tmp/jaseg-gitolite.pub
      become: true
      become_method: su
      become_user: gitolite3
      become_flags: '-s /bin/sh'
      args:
          creates: /var/lib/gitolite3/projects.list

    - name: Remove leftover admin pubkey
      file:
          state: absent
          path: /tmp/jaseg-gitolite.pub
  when: not gitolite_ssh_keys_stat.stat.exists

- name: Allow uwsgi group to access gitolite repo dir
  file:
    path: /var/lib/gitolite3
    state: directory
    owner: gitolite3
    group: uwsgi

- name: Add cgit uwsgi user to gitolite group
  user:
      name: uwsgi-cgit
      groups: gitolite3
      append: yes

- name: Allow cgit uwsgi user to access gitolite repos
  file:
      path: /var/lib/gitolite3/repositories
      mode: 0750

- name: Allow cgit uwsgi user to gitolite repo list
  file:
      path: /var/lib/gitolite3/projects.list
      mode: 0640

- name: Copy gitolite rc
  copy:
      src: gitolite.rc
      dest: /var/lib/gitolite3/.gitolite.rc
      owner: gitolite3
      group: gitolite3
      mode: 0600

- name: Query system user account info
  getent:
      database: passwd
      key: gitolite3

- name: Create git alias user
  user:
      name: git
      create_home: no
      group: gitolite3
      password: '!'
      comment: Alias for gitolite3 user
      shell: "{{ getent_passwd['gitolite3'][5] }}"
      system: yes
      non_unique: yes
      home: "{{ getent_passwd['gitolite3'][4] }}"
      uid: "{{ getent_passwd['gitolite3'][1] }}"

- name: Hack to fix cgit handling for restructuredtext readmes
  file:
      src: /usr/bin/rst2html
      dest: /usr/bin/rst2html.py
      state: link