From ac9829aad8a0e2266eca9132f26ef541b80bf7f3 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Wed, 30 Aug 2023 15:07:28 +0200 Subject: gitolite: allow custom user to be defined and refactor handling of http role --- roles/gitolite/http/tasks/main.yml | 103 +++++++++--------------------- roles/gitolite/http/tasks/nginx-vhost.yml | 60 +++++++++++++++++ 2 files changed, 90 insertions(+), 73 deletions(-) create mode 100644 roles/gitolite/http/tasks/nginx-vhost.yml (limited to 'roles/gitolite/http/tasks') diff --git a/roles/gitolite/http/tasks/main.yml b/roles/gitolite/http/tasks/main.yml index ee5b226c..afd3dd8d 100644 --- a/roles/gitolite/http/tasks/main.yml +++ b/roles/gitolite/http/tasks/main.yml @@ -18,91 +18,48 @@ masked: yes - name: install fcgiwrap systemd units - loop: - - socket - - service + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') | product(['socket', 'service']) }}" + loop_control: + label: "{{ item.0.key }}.{{ item.1 }}" template: - src: "fcgiwrap.{{ item }}.j2" - dest: "/etc/systemd/system/fcgiwrap-gitolite-{{ gitolite_instance }}.{{ item }}" + src: "fcgiwrap.{{ item.1 }}.j2" + dest: "/etc/systemd/system/fcgiwrap-gitolite-{{ item.0.key }}.{{ item.1 }}" - name: make sure fcgiwrap systemd socket unit is enabled and started + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') }}" + loop_control: + label: "{{ item.key }}" systemd: daemon_reload: yes - name: "fcgiwrap-gitolite-{{ gitolite_instance }}.socket" + name: "fcgiwrap-gitolite-{{ item.key }}.socket" state: started enabled: yes - name: generate cgitrc + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') }}" + loop_control: + label: "{{ item.key }}" template: src: cgitrc.j2 - dest: "{{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc" - -- name: install custom logo - when: "'logo' in gitolite_instances[gitolite_instance].http" - block: - - name: create logo base directory - file: - path: /usr/local/share/cgit - state: directory - - - name: copy logo file - copy: - src: "{{ gitolite_instances[gitolite_instance].http.logo }}" - dest: "/usr/local/share/cgit/{{ gitolite_instance }}.png" - - - name: compute nginx location directive for logo - set_fact: - nginx_locations_logo: - '= /logo.png': - alias: "/usr/local/share/cgit/{{ gitolite_instance }}.png" - -- name: compute nginx locations directives - set_fact: - nginx_locations_base: - '= /': - return: "303 /cgit/" - '/cgit-css/': - alias: "/usr/share/cgit/" - nginx_locations_main: - '/cgit/': - custom: |- - include fastcgi_params; - fastcgi_split_path_info ^(/cgit)(.*)$; - - fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; - fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param QUERY_STRING $args; - fastcgi_param HTTP_HOST $server_name; - fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance }}/cgitrc; - - fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; - -- name: compute nginx location directive for git_backend - when: "'enable_git_backend' in gitolite_instances[gitolite_instance].http and gitolite_instances[gitolite_instance].http.enable_git_backend" - set_fact: - nginx_locations_git_backend: - '~ ^.*/git-receive-pack$': - return: "403" - '~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$': - custom: |- - include fastcgi_params; + dest: "{{ gitolite_base_path }}/{{ item.key }}/cgitrc" - fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; - fastcgi_param PATH_INFO $uri; - fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance }}/repositories; +- name: create base directory for custom logos + when: (gitolite_instances | dict2items | selectattr('value.http.logo', 'defined') | length) > 0 + file: + path: /usr/local/share/cgit + state: directory - fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance }}.sock; +- name: copy logo file + loop: "{{ gitolite_instances | dict2items | selectattr('value.http.logo', 'defined') }}" + loop_control: + label: "{{ item.key }}" + copy: + src: "{{ item.value.http.logo }}" + dest: "/usr/local/share/cgit/{{ item.key }}.png" - name: install nginx vhost - vars: - nginx_vhost: - name: "gitolite-{{ gitolite_instance }}" - template: generic - tls: "{{ gitolite_instances[gitolite_instance].http.tls }}" - hostnames: "{{ gitolite_instances[gitolite_instance].http.hostnames }}" - logs: - access: "/var/log/nginx/git-{{ gitolite_instance }}_access.log" - error: "/var/log/nginx/git-{{ gitolite_instance }}_error.log" - locations: "{{ nginx_locations_base | combine(nginx_locations_logo | default({})) | combine(nginx_locations_main) | combine(nginx_locations_git_backend | default({})) }}" - include_role: - name: nginx/vhost + loop: "{{ gitolite_instances | dict2items | selectattr('value.http', 'defined') }}" + loop_control: + loop_var: gitolite_instance + label: "{{ gitolite_instance.key }}" + include_tasks: nginx-vhost.yml diff --git a/roles/gitolite/http/tasks/nginx-vhost.yml b/roles/gitolite/http/tasks/nginx-vhost.yml new file mode 100644 index 00000000..6b7d2bd0 --- /dev/null +++ b/roles/gitolite/http/tasks/nginx-vhost.yml @@ -0,0 +1,60 @@ +--- +- name: compute nginx locations directives + set_fact: + nginx_locations_base: + '= /': + return: "303 /cgit/" + '/cgit-css/': + alias: "/usr/share/cgit/" + nginx_locations_logo: {} + nginx_locations_main: + '/cgit/': + custom: |- + include fastcgi_params; + fastcgi_split_path_info ^(/cgit)(.*)$; + + fastcgi_param SCRIPT_FILENAME /usr/lib/cgit/cgit.cgi; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param QUERY_STRING $args; + fastcgi_param HTTP_HOST $server_name; + fastcgi_param CGIT_CONFIG {{ gitolite_base_path }}/{{ gitolite_instance.key }}/cgitrc; + + fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance.key }}.sock; + nginx_locations_git_backend: {} + +- name: compute nginx extra location directive for logo + when: "'logo' in gitolite_instance.value.http" + set_fact: + nginx_locations_logo: + '= /logo.png': + alias: "/usr/local/share/cgit/{{ gitolite_instance.key }}.png" + +- name: compute nginx extra location directive for git_backend + when: "'enable_git_backend' in gitolite_instance.value.http and gitolite_instance.value.http.enable_git_backend" + set_fact: + nginx_locations_git_backend: + '~ ^.*/git-receive-pack$': + return: "403" + '~ ^.*/(HEAD|info/refs|objects/(info/.*|[0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))|git-upload-pack)$': + custom: |- + include fastcgi_params; + + fastcgi_param SCRIPT_FILENAME /usr/lib/git-core/git-http-backend; + fastcgi_param PATH_INFO $uri; + fastcgi_param GIT_PROJECT_ROOT {{ gitolite_base_path }}/{{ gitolite_instance.key }}/repositories; + + fastcgi_pass unix:/run/fcgiwrap/gitolite-{{ gitolite_instance.key }}.sock; + +- name: install nginx vhost + vars: + nginx_vhost: + name: "gitolite-{{ gitolite_instance.key }}" + template: generic + tls: "{{ gitolite_instance.value.http.tls }}" + hostnames: "{{ gitolite_instance.value.http.hostnames }}" + logs: + access: "/var/log/nginx/git-{{ gitolite_instance.key }}_access.log" + error: "/var/log/nginx/git-{{ gitolite_instance.key }}_error.log" + locations: "{{ nginx_locations_base | combine(nginx_locations_logo) | combine(nginx_locations_main) | combine(nginx_locations_git_backend) }}" + include_role: + name: nginx/vhost -- cgit v1.2.3