diff options
| -rw-r--r-- | chaos-at-home/ch-mimas.yml | 1 | ||||
| -rw-r--r-- | inventory/host_vars/ch-mimas.yml | 15 | ||||
| -rw-r--r-- | roles/gitolite/base/defaults/main.yml | 20 | ||||
| -rw-r--r-- | roles/gitolite/base/tasks/main.yml | 100 |
4 files changed, 136 insertions, 0 deletions
diff --git a/chaos-at-home/ch-mimas.yml b/chaos-at-home/ch-mimas.yml index db661b0a..c25bf1d2 100644 --- a/chaos-at-home/ch-mimas.yml +++ b/chaos-at-home/ch-mimas.yml @@ -15,3 +15,4 @@ - role: apt-repo/spreadspace - role: nginx/base - role: monitoring/prometheus/exporter + - role: gitolite/base diff --git a/inventory/host_vars/ch-mimas.yml b/inventory/host_vars/ch-mimas.yml index 1b3525a8..8189958e 100644 --- a/inventory/host_vars/ch-mimas.yml +++ b/inventory/host_vars/ch-mimas.yml @@ -12,6 +12,9 @@ spreadspace_apt_repo_components: - prometheus +sshd_allowusers_host: "{{ admin_users_host + (['git'] | product(gitolite_instances | list) | map('join', '-')) }}" + + ntp_variant: systemd-timesyncd @@ -86,3 +89,15 @@ prometheus_job_multitarget_blackbox__probe: - instance: "https-mimas.chaos-at-home.org" target: "https://mimas.chaos-at-home.org" module: http_tls_2xx + + +gitolite_storage: + type: lvm + vg: "{{ host_name }}" + lv: git + size: 1G + fs: ext4 + +gitolite_instances: + spreadspace: + primary_admin_key: "{{ users.equinox.ssh | first }}" diff --git a/roles/gitolite/base/defaults/main.yml b/roles/gitolite/base/defaults/main.yml new file mode 100644 index 00000000..8016135a --- /dev/null +++ b/roles/gitolite/base/defaults/main.yml @@ -0,0 +1,20 @@ +--- +gitolite_base_path: /srv/git + +# gitolite_storage: +# ... + +# gitolite_instances: +# example: +# umask: '0077' +# primary_admin_key: "ssh-ed25519 ..." +# http: +# hostnames: +# - git.example.com +# authentication: basic +# users: +# user1: password +# enable_git_backend: yes +# title: cgit root title +# description: this will be shown by cgit below the title +# logo: path/to/logo/file/on/ansible/controller.png diff --git a/roles/gitolite/base/tasks/main.yml b/roles/gitolite/base/tasks/main.yml new file mode 100644 index 00000000..440d9f52 --- /dev/null +++ b/roles/gitolite/base/tasks/main.yml @@ -0,0 +1,100 @@ +--- +- name: install gitolite + apt: + name: + - git + - gitolite3 + +- name: prepare storage volume for /srv/git + when: gitolite_storage is defined + vars: + storage_volume: "{{ gitolite_storage | combine({'dest': gitolite_base_path}) }}" + include_role: + name: "storage/{{ gitolite_storage.type }}/volume" + +- name: create gitolite instance user + loop: "{{ gitolite_instances | list }}" + user: + name: "git-{{ item }}" + home: "{{ gitolite_base_path }}/{{ item }}" + shell: /bin/sh + system: yes + state: present + +- name: make sure base dir is owned by gitolite user + loop: "{{ gitolite_instances | list }}" + file: + path: "{{ gitolite_base_path }}/{{ item }}" + mode: 0750 + owner: "git-{{ item }}" + group: "git-{{ item }}" + +- name: deploy primary admin key + loop: "{{ gitolite_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + copy: + content: "{{ item.value.primary_admin_key }}" + dest: "{{ gitolite_base_path }}/{{ item.key }}/primary-admin.pub" + +- name: run initial gitolite setup + loop: "{{ gitolite_instances | list }}" + become: yes + become_method: su + become_user: "git-{{ item }}" + args: + creates: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc" + chdir: "{{ gitolite_base_path }}/{{ item }}" + command: gitolite setup -pk "{{ gitolite_base_path }}/{{ item }}/primary-admin.pub" + register: gitolite_instance_initial_setup + +- name: remove testing repository + loop: "{{ gitolite_instance_initial_setup.results }}" + loop_control: + label: "{{ item.item }}" + when: item is changed + file: + path: "{{ gitolite_base_path }}/{{ item.item }}/repositories/testing.git" + state: absent + +- name: configure umask + loop: "{{ gitolite_instances | dict2items }}" + loop_control: + label: "{{ item.key }}" + lineinfile: + path: "{{ gitolite_base_path }}/{{ item.key }}/.gitolite.rc" + backrefs: yes + regexp: "^(\\s*UMASK\\s*=>\\s*).*(,.*)$" + line: '\g<1>{{ item.value.umask | default("0077") }}\2' + +- name: configure GIT_CONFIG_KEYS to allow gitweb settings + loop: "{{ gitolite_instances | list }}" + lineinfile: + path: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc" + backrefs: yes + regexp: "^(\\s*GIT_CONFIG_KEYS\\s*=>\\s*').*('.*)$" + line: '\1cgit.*\2' + +- name: disable gitweb gitolite command + loop: "{{ gitolite_instances | list }}" + lineinfile: + path: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc" + backrefs: yes + regexp: "^(\\s*)('gitweb'.*)$" + line: '\1# \2' + +- name: enable daemon gitolite command + loop: "{{ gitolite_instances | list }}" + lineinfile: + path: "{{ gitolite_base_path }}/{{ item }}/.gitolite.rc" + backrefs: yes + regexp: "^(\\s*)#?\\s*('daemon'.*)$" + line: '\1\2' + +## TODO: +# - name: enable http +# when: "'http' in gitolite_instance" +# include_role: +# name: gitolite/http + +## TODO: add systemd-timer for `git fsck` |