blob: 2f4c59f8acf8b8de45f6e1791098e38f0d858a15 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
|
- name: Install host requisites
dnf:
name: cgit,gitolite3,python3-pygments,python3-docutils,nodejs-markdown,python3-markdown
state: latest
- name: Copy cgit logo
copy:
src: cgit-logo.png
dest: /var/www/git.jaseg.de/cgit.png
- name: Copy cgit favicon
copy:
src: cgit-favicon.ico
dest: /var/www/git.jaseg.de/favicon.ico
- name: Create cgit instance config dir
file:
path: /var/lib/cgit
state: directory
mode: 0755
- name: Copy cgit rc
copy:
src: cgitrc
dest: /var/lib/cgit/cgitrc-gitolite-public
mode: 0644
- name: Create uwsgi worker user and group
user:
name: uwsgi-cgit
create_home: no
group: uwsgi
password: '!'
shell: /sbin/nologin
system: yes
- name: Copy uwsgi config
copy:
src: uwsgi-cgit.ini
dest: /etc/uwsgi.d/cgit.ini
owner: uwsgi-cgit
group: uwsgi
mode: 0440
- name: Enable uwsgi systemd socket
systemd:
daemon-reload: yes
name: uwsgi-app@cgit.socket
enabled: yes
- name: Check if gitolite ssh config exists
stat:
path: /var/lib/gitolite3/.ssh/authorized_keys
register: gitolite_ssh_keys_stat
- name: Gitolite admin key setup
block:
- name: Copy gitolite admin pubkey
copy:
src: ~/.ssh/id_ed25519.gitolite.pub
dest: /tmp/jaseg-gitolite.pub
owner: gitolite3
group: gitolite3
- name: Run gitolite initialization
command: gitolite setup -pk /tmp/jaseg-gitolite.pub
become: true
become_method: su
become_user: gitolite3
become_flags: '-s /bin/sh'
args:
creates: /var/lib/gitolite3/projects.list
- name: Remove leftover admin pubkey
file:
state: absent
path: /tmp/jaseg-gitolite.pub
when: not gitolite_ssh_keys_stat.stat.exists
- name: Allow uwsgi group to access gitolite repo dir
file:
path: /var/lib/gitolite3
state: directory
owner: gitolite3
group: uwsgi
- name: Add cgit uwsgi user to gitolite group
user:
name: uwsgi-cgit
groups: gitolite3
append: yes
- name: Allow cgit uwsgi user to access gitolite repos
file:
path: /var/lib/gitolite3/repositories
mode: 0750
- name: Allow cgit uwsgi user to gitolite repo list
file:
path: /var/lib/gitolite3/projects.list
mode: 0640
- name: Copy gitolite rc
copy:
src: gitolite.rc
dest: /var/lib/gitolite3/.gitolite.rc
owner: gitolite3
group: gitolite3
mode: 0600
- name: Query system user account info
getent:
database: passwd
key: gitolite3
- name: Create git alias user
user:
name: git
create_home: no
group: gitolite3
password: '!'
comment: Alias for gitolite3 user
shell: "{{ getent_passwd['gitolite3'][5] }}"
system: yes
non_unique: yes
home: "{{ getent_passwd['gitolite3'][4] }}"
uid: "{{ getent_passwd['gitolite3'][1] }}"
- name: Hack to fix cgit handling for restructuredtext readmes
file:
src: /usr/bin/rst2html
dest: /usr/bin/rst2html.py
state: link
|
