diff options
author | Christian Pointner <equinox@spreadspace.org> | 2023-08-30 15:07:28 +0200 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2023-08-30 15:07:28 +0200 |
commit | ac9829aad8a0e2266eca9132f26ef541b80bf7f3 (patch) | |
tree | 0e74d59267e93f9258da0e3e5ae60dd9f6299880 /roles/gitolite/http/tasks/main.yml | |
parent | prometheus/smartmon textfile collector: since this unit needs CAP_SYS_ADMIN w... (diff) |
gitolite: allow custom user to be defined and refactor handling of http role
Diffstat (limited to 'roles/gitolite/http/tasks/main.yml')
-rw-r--r-- | roles/gitolite/http/tasks/main.yml | 103 |
1 files changed, 30 insertions, 73 deletions
diff --git a/roles/gitolite/http/tasks/main.yml b/roles/gitolite/http/tasks/main.yml index ee5b226c..afd3dd8d 100644 --- a/roles/gitolite/http/tasks/main.yml +++ b/roles/gitolite/http/tasks/main.yml @@ -18,91 +18,48 @@ masked: yes - name: install fcgiwrap systemd units - loop: - - socket - - service + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') | product(['socket', 'service']) }}" + loop_control: + label: "{{ item.0.key }}.{{ item.1 }}" template: - src: "fcgiwrap.{{ item }}.j2" - dest: "/etc/systemd/system/fcgiwrap-gitolite-{{ gitolite_instance }}.{{ item }}" + src: "fcgiwrap.{{ item.1 }}.j2" + dest: "/etc/systemd/system/fcgiwrap-gitolite-{{ item.0.key }}.{{ item.1 }}" - name: make sure fcgiwrap systemd socket unit is enabled and started + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') }}" + loop_control: + label: "{{ item.key }}" systemd: daemon_reload: yes - name: "fcgiwrap-gitolite-{{ gitolite_instance }}.socket" + name: "fcgiwrap-gitolite-{{ item.key }}.socket" state: started enabled: yes - name: generate cgitrc + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') }}" + loop_control: + label: "{{ item.key }}" template: src: cgitrc.j2 - dest: "{{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc" - -- name: install custom logo - when: "'logo' in gitolite_instances[gitolite_instance].http" - block: - - name: create logo base directory - file: - path: /usr/local/share/cgit - state: directory - - - name: copy logo file - copy: - src: "{{ gitolite_instances[gitolite_instance].http.logo }}" - dest: "/usr/local/share/cgit/{{ gitolite_instance }}.png" - - - name: compute nginx location directive for logo - set_fact: - nginx_locations_logo: - '= /logo.png': - alias: "/usr/local/share/cgit/{{ gitolite_instance }}.png" - -- name: compute nginx locations directives - set_fact: - nginx_locations_base: - '= /': - return: "303 /cgit/" - '/cgit-css/': - alias: "/usr/share/cgit/" - nginx_locations_main: - '/cgit/': - custom: |- - include fastcgi_params; - fastcgi_split_path_info ^(/cgit)(.*)$; - - fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc; - - fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; - -- name: compute nginx location directive for git_backend - when: "'enable_git_backend' in gitolite_instances[gitolite_instance].http and gitolite_instances[gitolite_instance].http.enable_git_backend" - set_fact: - nginx_locations_git_backend: - '~ ^.*/git-receive-pack$': - return: "403" - '~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$': - custom: |- - include fastcgi_params; + dest: "{{ gitolite_base_path }}/{{ item.key }}/cgitrc" - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param PATH_INFO $uri; - fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance }}/repositories; +- name: create base directory for custom logos + when: (gitolite_instances | dict2items | selectattr('value.http.logo', 'defined') | length) > 0 + file: + path: /usr/local/share/cgit + state: directory - fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; +- name: copy logo file + loop: "{{ gitolite_instances | dict2items | selectattr('value.http.logo', 'defined') }}" + loop_control: + label: "{{ item.key }}" + copy: + src: "{{ item.value.http.logo }}" + dest: "/usr/local/share/cgit/{{ item.key }}.png" - name: install nginx vhost - vars: - nginx_vhost: - name: "gitolite-{{ gitolite_instance }}" - template: generic - tls: "{{ gitolite_instances[gitolite_instance].http.tls }}" - hostnames: "{{ gitolite_instances[gitolite_instance].http.hostnames }}" - logs: - access: "/var/log/nginx/git-{{ gitolite_instance }}_access.log" - error: "/var/log/nginx/git-{{ gitolite_instance }}_error.log" - locations: "{{ nginx_locations_base | combine(nginx_locations_logo | default({})) | combine(nginx_locations_main) | combine(nginx_locations_git_backend | default({})) }}" - include_role: - name: nginx/vhost + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') }}" + loop_control: + loop_var: gitolite_instance + label: "{{ gitolite_instance.key }}" + include_tasks: nginx-vhost.yml |