gitolite: allow custom user to be defined and refactor handling of http role

3 files changed, 22 insertions, 23 deletions

diff --git a/roles/gitolite/base/defaults/main.yml b/roles/gitolite/base/defaults/main.yml
index 3c2e8fa3..507c8c00 100644
--- a/roles/gitolite/base/defaults/main.yml
+++ b/roles/gitolite/base/defaults/main.yml
@@ -6,6 +6,7 @@ gitolite_base_path: /srv/git
 
 # gitolite_instances:
 #   example:
+#     user: git
 #     umask: '0077'
 #     primary_admin_key: "ssh-ed25519 ..."
 #     http:
diff --git a/roles/gitolite/base/tasks/main.yml b/roles/gitolite/base/tasks/main.yml
index 9bcdc0c1..7b4600d8 100644
--- a/roles/gitolite/base/tasks/main.yml
+++ b/roles/gitolite/base/tasks/main.yml
@@ -13,21 +13,25 @@
     name: "storage/{{ gitolite_storage.type }}/volume"
 
 - name: create gitolite instance user
-  loop: "{{ gitolite_instances | list }}"
+  loop: "{{ gitolite_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
   user:
-    name: "git-{{ item }}"
-    home: "{{ gitolite_base_path }}/{{ item }}"
+    name: "{{ item.value.user | default('git-' + item.key) }}"
+    home: "{{ gitolite_base_path }}/{{ item.key }}"
     shell: /bin/sh
     system: yes
     state: present
 
 - name: make sure base dir is owned by gitolite user
-  loop: "{{ gitolite_instances | list }}"
+  loop: "{{ gitolite_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
   file:
-    path: "{{ gitolite_base_path }}/{{ item }}"
+    path: "{{ gitolite_base_path }}/{{ item.key }}"
     mode: 0750
-    owner: "git-{{ item }}"
-    group: "git-{{ item }}"
+    owner: "{{ item.value.user | default('git-' + item.key) }}"
+    group: "{{ item.value.user | default('git-' + item.key) }}"
 
 - name: deploy primary admin key
   loop: "{{ gitolite_instances | dict2items }}"
@@ -38,23 +42,25 @@
     dest: "{{ gitolite_base_path }}/{{ item.key }}/primary-admin.pub"
 
 - name: run initial gitolite setup
-  loop: "{{ gitolite_instances | list }}"
+  loop: "{{ gitolite_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
   become: yes
   become_method: su
-  become_user: "git-{{ item }}"
+  become_user: "{{ item.value.user | default('git-' + item.key) }}"
   args:
-    creates: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc"
-    chdir: "{{ gitolite_base_path }}/{{ item }}"
-  command: gitolite setup -pk "{{ gitolite_base_path }}/{{ item }}/primary-admin.pub"
+    creates: "{{ gitolite_base_path }}/{{ item.key }}/.gitolite.rc"
+    chdir: "{{ gitolite_base_path }}/{{ item.key }}"
+  command: gitolite setup -pk "{{ gitolite_base_path }}/{{ item.key }}/primary-admin.pub"
   register: gitolite_instance_initial_setup
 
 - name: remove testing repository
   loop: "{{ gitolite_instance_initial_setup.results }}"
   loop_control:
-    label: "{{ item.item }}"
+    label: "{{ item.item.key }}"
   when: item is changed
   file:
-    path: "{{ gitolite_base_path }}/{{ item.item }}/repositories/testing.git"
+    path: "{{ gitolite_base_path }}/{{ item.item.key }}/repositories/testing.git"
     state: absent
 
 - name: configure umask
@@ -91,14 +97,6 @@
     regexp: "^(\\s*)#?\\s*('daemon'.*)$"
     line: '\1\2'
 
-- name: enable http
-  loop: "{{ gitolite_instances | list }}"
-  loop_control:
-    loop_var: gitolite_instance
-  when: "'http' in gitolite_instances[gitolite_instance]"
-  include_role:
-    name: gitolite/http
-
 
 - name: install git-fsck script
   template:
diff --git a/roles/gitolite/base/templates/git-fsck@.service.j2 b/roles/gitolite/base/templates/git-fsck@.service.j2
index 51bf43d9..ce5b7373 100644
--- a/roles/gitolite/base/templates/git-fsck@.service.j2
+++ b/roles/gitolite/base/templates/git-fsck@.service.j2
@@ -21,7 +21,7 @@ ProtectHome=yes
 ProtectKernelModules=true
 ProtectKernelTunables=true
 ProtectSystem=strict
-ReadWritePaths=/var/lib/prometheus-node-exporter/textfile-collector
+ReadWritePaths=-/var/lib/prometheus-node-exporter/textfile-collector
 RemoveIPC=true
 RestrictNamespaces=true
 RestrictRealtime=true