diff options
Diffstat (limited to 'roles/gitolite')
-rw-r--r-- | roles/gitolite/base/defaults/main.yml | 2 | ||||
-rw-r--r-- | roles/gitolite/http/tasks/main.yml | 51 | ||||
-rw-r--r-- | roles/gitolite/http/templates/nginx-vhost.conf.j2 | 72 |
3 files changed, 51 insertions, 74 deletions
diff --git a/roles/gitolite/base/defaults/main.yml b/roles/gitolite/base/defaults/main.yml index 1c5962cc..3c2e8fa3 100644 --- a/roles/gitolite/base/defaults/main.yml +++ b/roles/gitolite/base/defaults/main.yml @@ -15,3 +15,5 @@ gitolite_base_path: /srv/git # title: cgit root title # description: this will be shown by cgit below the title # logo: path/to/logo/file/on/ansible/controller.png +# tls: +# certificate_provider: "{{ acme_client }}" diff --git a/roles/gitolite/http/tasks/main.yml b/roles/gitolite/http/tasks/main.yml index a3055902..ee5b226c 100644 --- a/roles/gitolite/http/tasks/main.yml +++ b/roles/gitolite/http/tasks/main.yml @@ -50,12 +50,59 @@ src: "{{ gitolite_instances[gitolite_instance].http.logo }}" dest: "/usr/local/share/cgit/{{ gitolite_instance }}.png" + - name: compute nginx location directive for logo + set_fact: + nginx_locations_logo: + '= /logo.png': + alias: "/usr/local/share/cgit/{{ gitolite_instance }}.png" + +- name: compute nginx locations directives + set_fact: + nginx_locations_base: + '= /': + return: "303 /cgit/" + '/cgit-css/': + alias: "/usr/share/cgit/" + nginx_locations_main: + '/cgit/': + custom: |- + include fastcgi_params; + fastcgi_split_path_info ^(/cgit)(.*)$; + + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc; + + fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; + +- name: compute nginx location directive for git_backend + when: "'enable_git_backend' in gitolite_instances[gitolite_instance].http and gitolite_instances[gitolite_instance].http.enable_git_backend" + set_fact: + nginx_locations_git_backend: + '~ ^.*/git-receive-pack$': + return: "403" + '~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$': + custom: |- + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param PATH_INFO $uri; + fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance }}/repositories; + + fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; + - name: install nginx vhost vars: nginx_vhost: name: "gitolite-{{ gitolite_instance }}" - acme: true + template: generic + tls: "{{ gitolite_instances[gitolite_instance].http.tls }}" hostnames: "{{ gitolite_instances[gitolite_instance].http.hostnames }}" - content: "{{ lookup('template', 'nginx-vhost.conf.j2') }}" + logs: + access: "/var/log/nginx/git-{{ gitolite_instance }}_access.log" + error: "/var/log/nginx/git-{{ gitolite_instance }}_error.log" + locations: "{{ nginx_locations_base | combine(nginx_locations_logo | default({})) | combine(nginx_locations_main) | combine(nginx_locations_git_backend | default({})) }}" include_role: name: nginx/vhost diff --git a/roles/gitolite/http/templates/nginx-vhost.conf.j2 b/roles/gitolite/http/templates/nginx-vhost.conf.j2 deleted file mode 100644 index add7a719..00000000 --- a/roles/gitolite/http/templates/nginx-vhost.conf.j2 +++ /dev/null @@ -1,72 +0,0 @@ - server { - listen 80; - listen [::]:80; - server_name {{ gitolite_instances[gitolite_instance].http.hostnames | join(' ') }}; - - access_log /var/log/nginx/git-{{ gitolite_instance }}_access.log; - error_log /var/log/nginx/git-{{ gitolite_instance }}_error.log; - - include snippets/acmetool.conf; - - location / { - return 301 https://$host$request_uri; - } -} - -server { - listen 443 ssl http2; - listen [::]:443 ssl http2; - server_name {{ gitolite_instances[gitolite_instance].http.hostnames | join(' ') }}; - - access_log /var/log/nginx/git-{{ gitolite_instance }}_access.log; - error_log /var/log/nginx/git-{{ gitolite_instance }}_error.log; - - include snippets/acmetool.conf; - include snippets/tls.conf; - ssl_certificate /var/lib/acme/live/{{ gitolite_instances[gitolite_instance].http.hostnames[0] }}/fullchain; - ssl_certificate_key /var/lib/acme/live/{{ gitolite_instances[gitolite_instance].http.hostnames[0] }}/privkey; - include snippets/hsts.conf; - - location = / { - return 303 /cgit/; - } - - location /cgit-css/ { - alias /usr/share/cgit/; - } -{% if 'logo' in gitolite_instances[gitolite_instance].http %} - - location = /logo.png { - alias /usr/local/share/cgit/{{ gitolite_instance }}.png; - } -{% endif %} - - location /cgit/ { - include fastcgi_params; - fastcgi_split_path_info ^(/cgit)(.*)$; - - fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc; - - fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; - } -{% if 'enable_git_backend' in gitolite_instances[gitolite_instance].http and gitolite_instances[gitolite_instance].http.enable_git_backend %} - - location ~ ^.*/git-receive-pack$ { - return 403; - } - - location ~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$ { - include fastcgi_params; - - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param PATH_INFO $uri; - fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance }}/repositories; - - fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; - } -{% endif %} -} |