aboutsummaryrefslogtreecommitdiff
path: root/setup_git.yml
blob: 6e7d621ca807f603a439f47168e8329304b3524e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
- name: Install host requisites
  dnf:
      name: cgit,gitolite3,python3-pygments,python3-docutils,nodejs-markdown
      state: latest

- name: Copy cgit favicon
  copy:
      src: cgit-logo.png
      dest: /var/www/git.jaseg.de/cgit.png

- name: Create cgit instance config dir
  file:
    path: /var/lib/cgit
    state: directory
    mode: 0755

- name: Copy cgit rc
  copy:
      src: cgitrc
      dest: /var/lib/cgit/cgitrc-gitolite-public
      mode: 0644

- name: Create uwsgi worker user and group
  user:
      name: uwsgi-cgit
      create_home: no
      group: uwsgi
      password: '!'
      shell: /sbin/nologin
      system: yes

- name: Copy uwsgi config
  copy:
      src: uwsgi-cgit.ini
      dest: /etc/uwsgi.d/cgit.ini
      owner: uwsgi-cgit
      group: uwsgi
      mode: 0440

- name: Enable uwsgi systemd socket
  systemd:
      daemon-reload: yes
      name: uwsgi-app@cgit.socket
      enabled: yes

- name: Copy gitolite admin pubkey
  copy:
      src: ~/.ssh/id_ed25519.gitolite.pub
      dest: /tmp/jaseg-gitolite.pub
      owner: gitolite3
      group: gitolite3

- name: Run gitolite initialization
  command: gitolite setup -pk /tmp/jaseg-gitolite.pub
  become: true
  become_method: su
  become_user: gitolite3
  become_flags: '-s /bin/sh'
  args:
      creates: /var/lib/gitolite3/projects.list

- name: Remove leftover admin pubkey
  file:
      state: absent
      path: /tmp/jaseg-gitolite.pub

- name: Allow uwsgi group to access gitolite repo dir
  file:
    path: /var/lib/gitolite3
    state: directory
    owner: gitolite3
    group: uwsgi

- name: Add cgit uwsgi user to gitolite group
  user:
      name: uwsgi-cgit
      groups: gitolite3
      append: yes

- name: Allow cgit uwsgi user to access gitolite repos
  file:
      path: /var/lib/gitolite3/repositories
      mode: 0750

- name: Allow cgit uwsgi user to gitolite repo list
  file:
      path: /var/lib/gitolite3/projects.list
      mode: 0640

- name: Copy gitolite rc
  copy:
      src: gitolite.rc
      dest: /var/lib/gitolite3/.gitolite.rc
      owner: gitolite3
      group: gitolite3
      mode: 0600

- name: Query system user account info
  getent:
      database: passwd
      key: gitolite3

- name: Create git alias user
  user:
      name: git
      create_home: no
      group: gitolite3
      password: '!'
      comment: Alias for gitolite3 user
      shell: "{{ getent_passwd['gitolite3'][5] }}"
      system: yes
      non_unique: yes
      home: "{{ getent_passwd['gitolite3'][4] }}"
      uid: "{{ getent_passwd['gitolite3'][1] }}"