blob: d1789bd5519b1ebd67eee38829983d24ad1231a5 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
|
- name: Install host requisites
dnf:
name: cgit,gitolite3,python3-pygments,python3-docutils,nodejs-markdown
state: latest
- name: Copy cgit favicon
copy:
src: cgit-logo.png
dest: /var/www/git.jaseg.de/cgit.png
- name: Create cgit instance config dir
file:
path: /var/lib/cgit
state: directory
mode: 0755
- name: Copy cgit rc
copy:
src: cgitrc
dest: /var/lib/cgit/cgitrc-gitolite-public
mode: 0644
- name: Create uwsgi worker user and group
user:
name: uwsgi-cgit
create_home: no
group: uwsgi
password: '!'
shell: /sbin/nologin
system: yes
- name: Copy uwsgi config
copy:
src: uwsgi-cgit.ini
dest: /etc/uwsgi.d/cgit.ini
owner: uwsgi-cgit
group: uwsgi
mode: 0440
- name: Enable uwsgi systemd socket
systemd:
daemon-reload: yes
name: uwsgi-app@cgit.socket
enabled: yes
- name: Check if gitolite ssh config exists
stat:
path: /var/lib/gitolite3/.ssh/authorized_keys
register: gitolite_ssh_keys_stat
- name: Gitolite admin key setup
block:
- name: Copy gitolite admin pubkey
copy:
src: ~/.ssh/id_ed25519.gitolite.pub
dest: /tmp/jaseg-gitolite.pub
owner: gitolite3
group: gitolite3
- name: Run gitolite initialization
command: gitolite setup -pk /tmp/jaseg-gitolite.pub
become: true
become_method: su
become_user: gitolite3
become_flags: '-s /bin/sh'
args:
creates: /var/lib/gitolite3/projects.list
- name: Remove leftover admin pubkey
file:
state: absent
path: /tmp/jaseg-gitolite.pub
when: not gitolite_ssh_keys_stat.stat.exists
- name: Allow uwsgi group to access gitolite repo dir
file:
path: /var/lib/gitolite3
state: directory
owner: gitolite3
group: uwsgi
- name: Add cgit uwsgi user to gitolite group
user:
name: uwsgi-cgit
groups: gitolite3
append: yes
- name: Allow cgit uwsgi user to access gitolite repos
file:
path: /var/lib/gitolite3/repositories
mode: 0750
- name: Allow cgit uwsgi user to gitolite repo list
file:
path: /var/lib/gitolite3/projects.list
mode: 0640
- name: Copy gitolite rc
copy:
src: gitolite.rc
dest: /var/lib/gitolite3/.gitolite.rc
owner: gitolite3
group: gitolite3
mode: 0600
- name: Query system user account info
getent:
database: passwd
key: gitolite3
- name: Create git alias user
user:
name: git
create_home: no
group: gitolite3
password: '!'
comment: Alias for gitolite3 user
shell: "{{ getent_passwd['gitolite3'][5] }}"
system: yes
non_unique: yes
home: "{{ getent_passwd['gitolite3'][4] }}"
uid: "{{ getent_passwd['gitolite3'][1] }}"
- name: Hack to fix cgit handling for restructuredtext readmes
file:
src: /usr/bin/rst2html
dest: /usr/bin/rst2html.py
state: link
|