blob: 4b881011fa9692670e0d6b7e99c6f9413a4b97c8 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
|
- name: Set local facts
set_fact:
gitolite_ssh_key: ~/.ssh/id_ed25519.gitolite
- name: Install host requisites
dnf:
name: cgit,gitolite3,python3-pygments,python3-docutils,python3-markdown
state: latest
- name: Copy cgit logo
copy:
src: cgit-logo.png
dest: /var/www/git.jaseg.de/cgit.png
- name: Copy cgit favicon
copy:
src: cgit-favicon.ico
dest: /var/www/git.jaseg.de/favicon.ico
- name: Create cgit instance config dir
file:
path: /var/lib/cgit
state: directory
mode: 0755
- name: Copy cgit rc
copy:
src: cgitrc
dest: /var/lib/cgit/cgitrc-gitolite-public
mode: 0644
- name: Create uwsgi worker user and group
user:
name: uwsgi-cgit
create_home: no
group: uwsgi
password: '!'
shell: /sbin/nologin
system: yes
- name: Copy uwsgi config
copy:
src: uwsgi-cgit.ini
dest: /etc/uwsgi.d/cgit.ini
owner: uwsgi-cgit
group: uwsgi
mode: 0440
- name: Enable uwsgi systemd socket
systemd:
daemon-reload: yes
name: uwsgi-app@cgit.socket
enabled: yes
state: started
- name: Check if gitolite ssh config exists
stat:
path: /var/lib/gitolite3/.ssh/authorized_keys
register: gitolite_ssh_keys_stat
- name: Gitolite admin key setup
block:
- name: Copy gitolite admin pubkey
copy:
src: "{{gitolite_ssh_key}}.pub"
dest: /tmp/jaseg-gitolite.pub
owner: gitolite3
group: gitolite3
- name: Run gitolite initialization
command: gitolite setup -pk /tmp/jaseg-gitolite.pub
become: true
become_method: su
become_user: gitolite3
become_flags: '-s /bin/sh'
args:
creates: /var/lib/gitolite3/projects.list
- name: Remove leftover admin pubkey
file:
state: absent
path: /tmp/jaseg-gitolite.pub
when: not gitolite_ssh_keys_stat.stat.exists
- name: Allow uwsgi group to access gitolite repo dir
file:
path: /var/lib/gitolite3
state: directory
owner: gitolite3
group: uwsgi
- name: Add cgit uwsgi user to gitolite group
user:
name: uwsgi-cgit
groups: gitolite3
append: yes
- name: Copy gitolite rc
copy:
src: gitolite.rc
dest: /var/lib/gitolite3/.gitolite.rc
owner: gitolite3
group: gitolite3
mode: 0600
- name: Query system user account info
getent:
database: passwd
key: gitolite3
- name: Create git alias user
user:
name: git
create_home: no
group: gitolite3
password: '!'
comment: Alias for gitolite3 user
shell: "{{ getent_passwd['gitolite3'][5] }}"
system: yes
non_unique: yes
home: "{{ getent_passwd['gitolite3'][4] }}"
uid: "{{ getent_passwd['gitolite3'][1] }}"
- name: Upload gitolite-admin repo
command: env "GIT_SSH_COMMAND=ssh -i {{gitolite_ssh_key}}" git push --force git@{{ansible_hostname}}:gitolite-admin.git master
args:
chdir: checkouts/gitolite-admin
delegate_to: localhost
- name: Create gitolite hook dir
file:
path: /var/lib/gitolite3/local/hooks/repo-specific
state: directory
owner: gitolite3
group: gitolite3
mode: 0755
- name: Copy blog.jaseg.de git deployment script
copy:
src: gitolite-site-deploy-hook.sh
dest: /var/lib/gitolite3/local/hooks/repo-specific
owner: gitolite3
group: gitolite3
mode: 0755
- name: Create blog content dir
file:
path: /var/www/blog.jaseg.de
state: directory
owner: nginx
group: gitolite3
mode: 0570
- name: Hack to fix cgit handling for restructuredtext readmes
file:
src: /usr/bin/rst2html
dest: /usr/bin/rst2html.py
state: link
- name: Allow cgit uwsgi user to access gitolite repos
file:
path: /var/lib/gitolite3/repositories
mode: 0750
- name: Allow cgit uwsgi user to gitolite repo list
file:
path: /var/lib/gitolite3/projects.list
mode: 0640
|