aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjaseg <code@jaseg.net>2020-12-30 11:38:27 +0100
committerjaseg <code@jaseg.net>2020-12-30 11:38:27 +0100
commita62a4e1e11896568550d98854060c56343cf72d7 (patch)
tree5cc8e08413307d57f98f9ff4bebc724456954ab7
parentd95759c23e89365ab49bbb92f96e3d3c631ffe04 (diff)
downloadinfra-a62a4e1e11896568550d98854060c56343cf72d7.tar.gz
infra-a62a4e1e11896568550d98854060c56343cf72d7.tar.bz2
infra-a62a4e1e11896568550d98854060c56343cf72d7.zip
Tag git setup foo
-rw-r--r--cgit-logo-orig.pngbin0 -> 104376 bytes
-rw-r--r--cgit-logo.pngbin104376 -> 42197 bytes
-rw-r--r--cgitrc23
-rw-r--r--playbook.yml74
-rw-r--r--setup_git.yml54
5 files changed, 119 insertions, 32 deletions
diff --git a/cgit-logo-orig.png b/cgit-logo-orig.png
new file mode 100644
index 0000000..f781fdd
--- /dev/null
+++ b/cgit-logo-orig.png
Binary files differ
diff --git a/cgit-logo.png b/cgit-logo.png
index f781fdd..b1c0322 100644
--- a/cgit-logo.png
+++ b/cgit-logo.png
Binary files differ
diff --git a/cgitrc b/cgitrc
index d77778b..9b5a651 100644
--- a/cgitrc
+++ b/cgitrc
@@ -1,11 +1,24 @@
css=/cgit.css
-logo= /cgit.png
+logo=/cgit.png
enable-http-clone=1
robots=noindex, nofollow
virtual-root=/
readme=:README.rst
+readme=:readme.rst
+readme=:README.md
+readme=:readme.md
+readme=:README.txt
+readme=:readme.txt
+readme=:README.mkd
+readme=:readme.mkd
+readme=:README.htm
+readme=:readme.htm
+readme=:README.html
+readme=:readme.html
+readme=:README
+readme=:readme
about-filter=/usr/libexec/cgit/filters/about-formatting.sh
enable-index-links=1
@@ -18,3 +31,11 @@ source-filter=/usr/libexec/cgit/filters/syntax-highlighting.py
project-list=/var/lib/gitolite3/projects.list
scan-path=/var/lib/gitolite3/repositories
+
+mimetype.gif=image/gif
+mimetype.html=text/html
+mimetype.jpg=image/jpeg
+mimetype.jpeg=image/jpeg
+mimetype.pdf=application/pdf
+mimetype.png=image/png
+mimetype.svg=image/svg+xml
diff --git a/playbook.yml b/playbook.yml
index 72beb91..a34e8fe 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -35,20 +35,24 @@
hosts: wendelstein
tasks:
- name: Set hostname
+ tags: setup
hostname:
name: wendelstein.jaseg.net
- name: Install common admin tools
+ tags: setup
dnf:
name: htop,tmux,fish,mosh,neovim,sqlite
state: latest
- name: Install host requisites
+ tags: setup
dnf:
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
state: latest
- name: Disable password-based root login
+ tags: setup
lineinfile:
path: /etc/ssh/sshd_config
regexp: '^PermitRootLogin'
@@ -56,12 +60,14 @@
register: disable_root_pw_ssh
- name: Restart sshd
+ tags: setup
systemd:
name: sshd
state: restarted
when: disable_root_pw_ssh is changed
- name: Configure iptables firewall service
+ tags: setup
copy:
src: iptables.rules
dest: /etc/sysconfig/iptables
@@ -70,13 +76,18 @@
mode: 0664
- name: Enable iptables firewall service
+ tags: setup
systemd:
name: iptables
enabled: yes
state: started
- name: Create containers
- include_tasks: setup_containers.yml
+ tags: setup
+ include_tasks:
+ file: setup_containers.yml
+ apply:
+ tags: setup
vars:
containers:
- gerboweb
@@ -84,31 +95,72 @@
- pogojig
- name: Setup web server
- include_tasks: setup_webserver.yml
+ tags: www
+ include_tasks:
+ file: setup_webserver.yml
+ apply:
+ tags: www
- name: Setup gerboweb
- include_tasks: setup_gerboweb.yml
+ tags: gerboweb
+ include_tasks:
+ file: setup_gerboweb.yml
+ apply:
+ tags: gerboweb
- name: Setup clippy
- include_tasks: setup_clippy.yml
+ tags: clippy
+ include_tasks:
+ file: setup_clippy.yml
+ apply:
+ tags: clippy
- name: Setup secure download
- include_tasks: setup_secure_download.yml
+ tags: secure-download
+ include_tasks:
+ file: setup_secure_download.yml
+ apply:
+ tags: secure-download
- name: Setup tracespace
- include_tasks: setup_tracespace.yml
+ tags: pogojig
+ include_tasks:
+ file: setup_tracespace.yml
+ apply:
+ tags: pogojig
- name: Setup openjscad
- include_tasks: setup_openjscad.yml
+ tags: pogojig
+ include_tasks:
+ file: setup_openjscad.yml
+ apply:
+ tags: pogojig
- name: Setup pogojig
- include_tasks: setup_pogojig.yml
+ tags: pogojig
+ include_tasks:
+ file: setup_pogojig.yml
+ apply:
+ tags: pogojig
- name: Setup notification proxy
- include_tasks: setup_notification_proxy.yml
+ tags: notification-proxy
+ include_tasks:
+ file: setup_notification_proxy.yml
+ apply:
+ tags:
+ notification-proxy
- name: Setup semi-public git server
- include_tasks: setup_git.yml
+ tags: git
+ include_tasks:
+ file: setup_git.yml
+ apply:
+ tags: git
- name: Setup private DynDNS service
- include_tasks: setup_dyndns.yml
+ tags: dyndns
+ include_tasks:
+ file: setup_dyndns.yml
+ apply:
+ tags: dyndns
diff --git a/setup_git.yml b/setup_git.yml
index 6e7d621..d1789bd 100644
--- a/setup_git.yml
+++ b/setup_git.yml
@@ -43,26 +43,34 @@
name: uwsgi-app@cgit.socket
enabled: yes
-- name: Copy gitolite admin pubkey
- copy:
- src: ~/.ssh/id_ed25519.gitolite.pub
- dest: /tmp/jaseg-gitolite.pub
- owner: gitolite3
- group: gitolite3
-
-- name: Run gitolite initialization
- command: gitolite setup -pk /tmp/jaseg-gitolite.pub
- become: true
- become_method: su
- become_user: gitolite3
- become_flags: '-s /bin/sh'
- args:
- creates: /var/lib/gitolite3/projects.list
-
-- name: Remove leftover admin pubkey
- file:
- state: absent
- path: /tmp/jaseg-gitolite.pub
+- name: Check if gitolite ssh config exists
+ stat:
+ path: /var/lib/gitolite3/.ssh/authorized_keys
+ register: gitolite_ssh_keys_stat
+
+- name: Gitolite admin key setup
+ block:
+ - name: Copy gitolite admin pubkey
+ copy:
+ src: ~/.ssh/id_ed25519.gitolite.pub
+ dest: /tmp/jaseg-gitolite.pub
+ owner: gitolite3
+ group: gitolite3
+
+ - name: Run gitolite initialization
+ command: gitolite setup -pk /tmp/jaseg-gitolite.pub
+ become: true
+ become_method: su
+ become_user: gitolite3
+ become_flags: '-s /bin/sh'
+ args:
+ creates: /var/lib/gitolite3/projects.list
+
+ - name: Remove leftover admin pubkey
+ file:
+ state: absent
+ path: /tmp/jaseg-gitolite.pub
+ when: not gitolite_ssh_keys_stat.stat.exists
- name: Allow uwsgi group to access gitolite repo dir
file:
@@ -113,3 +121,9 @@
home: "{{ getent_passwd['gitolite3'][4] }}"
uid: "{{ getent_passwd['gitolite3'][1] }}"
+- name: Hack to fix cgit handling for restructuredtext readmes
+ file:
+ src: /usr/bin/rst2html
+ dest: /usr/bin/rst2html.py
+ state: link
+