add gitolite/base role

author: Christian Pointner <equinox@spreadspace.org> 2022-11-13 21:21:56 +0100
committer: Christian Pointner <equinox@spreadspace.org> 2022-11-13 21:21:56 +0100
commit: 38d25b2dda10f1c6d1c827e1688941ee37cde10e (patch)
tree: 594c42a09cec0f4c2be99dae436d57058cc78ac3 /roles/gitolite/base
parent: ch-atlas: add to prometheus monitoring (diff)
2 files changed, 120 insertions, 0 deletions
diff --git a/roles/gitolite/base/defaults/main.yml b/roles/gitolite/base/defaults/main.yml
new file mode 100644
index 00000000..8016135a
--- /dev/null
+++ b/roles/gitolite/base/defaults/main.yml
@@ -0,0 +1,20 @@
+---
+gitolite_base_path: /srv/git
+
+# gitolite_storage:
+#   ...
+
+# gitolite_instances:
+#   example:
+#     umask: '0077'
+#     primary_admin_key: "ssh-ed25519 ..."
+#     http:
+#       hostnames:
+#       - git.example.com
+#       authentication: basic
+#       users:
+#         user1: password
+#       enable_git_backend: yes
+#       title: cgit root title
+#       description: this will be shown by cgit below the title
+#       logo: path/to/logo/file/on/ansible/controller.png
diff --git a/roles/gitolite/base/tasks/main.yml b/roles/gitolite/base/tasks/main.yml
new file mode 100644
index 00000000..440d9f52
--- /dev/null
+++ b/roles/gitolite/base/tasks/main.yml
@@ -0,0 +1,100 @@
+---
+- name: install gitolite
+  apt:
+    name:
+    - git
+    - gitolite3
+
+- name: prepare storage volume for /srv/git
+  when: gitolite_storage is defined
+  vars:
+    storage_volume: "{{ gitolite_storage | combine({'dest': gitolite_base_path}) }}"
+  include_role:
+    name: "storage/{{ gitolite_storage.type }}/volume"
+
+- name: create gitolite instance user
+  loop: "{{ gitolite_instances | list }}"
+  user:
+    name: "git-{{ item }}"
+    home: "{{ gitolite_base_path }}/{{ item }}"
+    shell: /bin/sh
+    system: yes
+    state: present
+
+- name: make sure base dir is owned by gitolite user
+  loop: "{{ gitolite_instances | list }}"
+  file:
+    path: "{{ gitolite_base_path }}/{{ item }}"
+    mode: 0750
+    owner: "git-{{ item }}"
+    group: "git-{{ item }}"
+
+- name: deploy primary admin key
+  loop: "{{ gitolite_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  copy:
+    content: "{{ item.value.primary_admin_key }}"
+    dest: "{{ gitolite_base_path }}/{{ item.key }}/primary-admin.pub"
+
+- name: run initial gitolite setup
+  loop: "{{ gitolite_instances | list }}"
+  become: yes
+  become_method: su
+  become_user: "git-{{ item }}"
+  args:
+    creates: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc"
+    chdir: "{{ gitolite_base_path }}/{{ item }}"
+  command: gitolite setup -pk "{{ gitolite_base_path }}/{{ item }}/primary-admin.pub"
+  register: gitolite_instance_initial_setup
+
+- name: remove testing repository
+  loop: "{{ gitolite_instance_initial_setup.results }}"
+  loop_control:
+    label: "{{ item.item }}"
+  when: item is changed
+  file:
+    path: "{{ gitolite_base_path }}/{{ item.item }}/repositories/testing.git"
+    state: absent
+
+- name: configure umask
+  loop: "{{ gitolite_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  lineinfile:
+    path: "{{ gitolite_base_path }}/{{ item.key }}/.gitolite.rc"
+    backrefs: yes
+    regexp: "^(\\s*UMASK\\s*=>\\s*).*(,.*)$"
+    line: '\g<1>{{ item.value.umask | default("0077") }}\2'
+
+- name: configure GIT_CONFIG_KEYS to allow gitweb settings
+  loop: "{{ gitolite_instances | list }}"
+  lineinfile:
+    path: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc"
+    backrefs: yes
+    regexp: "^(\\s*GIT_CONFIG_KEYS\\s*=>\\s*').*('.*)$"
+    line: '\1cgit.*\2'
+
+- name: disable gitweb gitolite command
+  loop: "{{ gitolite_instances | list }}"
+  lineinfile:
+    path: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc"
+    backrefs: yes
+    regexp: "^(\\s*)('gitweb'.*)$"
+    line: '\1# \2'
+
+- name: enable daemon gitolite command
+  loop: "{{ gitolite_instances | list }}"
+  lineinfile:
+    path: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc"
+    backrefs: yes
+    regexp: "^(\\s*)#?\\s*('daemon'.*)$"
+    line: '\1\2'
+
+## TODO:
+# - name: enable http
+#   when: "'http' in gitolite_instance"
+#   include_role:
+#     name: gitolite/http
+
+## TODO: add systemd-timer for `git fsck`
author	Christian Pointner <equinox@spreadspace.org>	2022-11-13 21:21:56 +0100
committer	Christian Pointner <equinox@spreadspace.org>	2022-11-13 21:21:56 +0100
commit	38d25b2dda10f1c6d1c827e1688941ee37cde10e (patch)
tree	594c42a09cec0f4c2be99dae436d57058cc78ac3 /roles/gitolite/base
parent	ch-atlas: add to prometheus monitoring (diff)