aboutsummaryrefslogtreecommitdiff
path: root/setup_git.yml
blob: 2f4c59f8acf8b8de45f6e1791098e38f0d858a15 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
- name: Install host requisites
  dnf:
      name: cgit,gitolite3,python3-pygments,python3-docutils,nodejs-markdown,python3-markdown
      state: latest

- name: Copy cgit logo
  copy:
      src: cgit-logo.png
      dest: /var/www/git.jaseg.de/cgit.png

- name: Copy cgit favicon
  copy:
      src: cgit-favicon.ico
      dest: /var/www/git.jaseg.de/favicon.ico

- name: Create cgit instance config dir
  file:
    path: /var/lib/cgit
    state: directory
    mode: 0755

- name: Copy cgit rc
  copy:
      src: cgitrc
      dest: /var/lib/cgit/cgitrc-gitolite-public
      mode: 0644

- name: Create uwsgi worker user and group
  user:
      name: uwsgi-cgit
      create_home: no
      group: uwsgi
      password: '!'
      shell: /sbin/nologin
      system: yes

- name: Copy uwsgi config
  copy:
      src: uwsgi-cgit.ini
      dest: /etc/uwsgi.d/cgit.ini
      owner: uwsgi-cgit
      group: uwsgi
      mode: 0440

- name: Enable uwsgi systemd socket
  systemd:
      daemon-reload: yes
      name: uwsgi-app@cgit.socket
      enabled: yes

- name: Check if gitolite ssh config exists
  stat:
      path: /var/lib/gitolite3/.ssh/authorized_keys
  register: gitolite_ssh_keys_stat

- name: Gitolite admin key setup
  block:
    - name: Copy gitolite admin pubkey
      copy:
          src: ~/.ssh/id_ed25519.gitolite.pub
          dest: /tmp/jaseg-gitolite.pub
          owner: gitolite3
          group: gitolite3

    - name: Run gitolite initialization
      command: gitolite setup -pk /tmp/jaseg-gitolite.pub
      become: true
      become_method: su
      become_user: gitolite3
      become_flags: '-s /bin/sh'
      args:
          creates: /var/lib/gitolite3/projects.list

    - name: Remove leftover admin pubkey
      file:
          state: absent
          path: /tmp/jaseg-gitolite.pub
  when: not gitolite_ssh_keys_stat.stat.exists

- name: Allow uwsgi group to access gitolite repo dir
  file:
    path: /var/lib/gitolite3
    state: directory
    owner: gitolite3
    group: uwsgi

- name: Add cgit uwsgi user to gitolite group
  user:
      name: uwsgi-cgit
      groups: gitolite3
      append: yes

- name: Allow cgit uwsgi user to access gitolite repos
  file:
      path: /var/lib/gitolite3/repositories
      mode: 0750

- name: Allow cgit uwsgi user to gitolite repo list
  file:
      path: /var/lib/gitolite3/projects.list
      mode: 0640

- name: Copy gitolite rc
  copy:
      src: gitolite.rc
      dest: /var/lib/gitolite3/.gitolite.rc
      owner: gitolite3
      group: gitolite3
      mode: 0600

- name: Query system user account info
  getent:
      database: passwd
      key: gitolite3

- name: Create git alias user
  user:
      name: git
      create_home: no
      group: gitolite3
      password: '!'
      comment: Alias for gitolite3 user
      shell: "{{ getent_passwd['gitolite3'][5] }}"
      system: yes
      non_unique: yes
      home: "{{ getent_passwd['gitolite3'][4] }}"
      uid: "{{ getent_passwd['gitolite3'][1] }}"

- name: Hack to fix cgit handling for restructuredtext readmes
  file:
      src: /usr/bin/rst2html
      dest: /usr/bin/rst2html.py
      state: link