Add cgit configuration for arch linux

author: Tharre <tharre3@gmail.com> 2018-06-15 17:19:24 +0200
committer: Tharre <tharre3@gmail.com> 2018-06-15 17:19:24 +0200
commit: 76a74270c16d916c1bf274ee53d42694874bbf78 (patch)
tree: 81810a8d6279cad87963e59e7532bf6cd2be5d12
parent: c2e93c2370de9a0948b07e5768c7ac572d299c63 (diff)
download: infrastructure-76a74270c16d916c1bf274ee53d42694874bbf78.tar.gz
infrastructure-76a74270c16d916c1bf274ee53d42694874bbf78.tar.xz
infrastructure-76a74270c16d916c1bf274ee53d42694874bbf78.zip
10 files changed, 168 insertions, 5 deletions
diff --git a/group_vars/all/cgit.yml b/group_vars/all/cgit.yml
new file mode 100644
index 0000000..0273da5
--- /dev/null
+++ b/group_vars/all/cgit.yml
@@ -0,0 +1,3 @@
+---
+cgit_subdomain: "git.th73.ovh"
+gitolite_clone: "git@th73.ovh"
diff --git a/playbooks/nyarlathotep.yml b/playbooks/nyarlathotep.yml
index 8f057b5..3f07266 100644
--- a/playbooks/nyarlathotep.yml
+++ b/playbooks/nyarlathotep.yml
@@ -4,3 +4,5 @@
   become: true
   roles:
     - { role: nginx, tags: ['www'] }
+    - { role: gitolite, git_config_keys: ".*", tags: ['git'] }
+    - { role: cgit, tags: ['cgit'] }
diff --git a/roles/cgit/handlers/main.yml b/roles/cgit/handlers/main.yml
new file mode 100644
index 0000000..c167f7b
--- /dev/null
+++ b/roles/cgit/handlers/main.yml
@@ -0,0 +1,4 @@
+---
+
+- name: restart fcgiwrap
+  service: name=fcgiwrap state=restarted
diff --git a/roles/cgit/meta/main.yml b/roles/cgit/meta/main.yml
new file mode 100644
index 0000000..5938332
--- /dev/null
+++ b/roles/cgit/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - { role: nginx }
diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml
new file mode 100644
index 0000000..9e1d47e
--- /dev/null
+++ b/roles/cgit/tasks/main.yml
@@ -0,0 +1,46 @@
+---
+
+- name: Install cgit and dependencies
+  package:
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - cgit
+    - fcgiwrap
+    - python-pygments
+    - python-markdown
+    - python-docutils
+
+- name: Append git group to http user
+  user:
+    name: "http"
+    groups: "git"
+    append: yes
+  notify:
+    - restart fcgiwrap
+
+- name: Enable fcgiwrap
+  service:
+    name: fcgiwrap.socket
+    state: started
+    enabled: yes
+  notify:
+    - restart fcgiwrap
+
+- name: Copy configuration from template
+  template:
+    src: cgitrc.j2
+    dest: /etc/cgitrc
+    mode: 0644
+    owner: "root"
+    group: "root"
+
+- name: Copy nginx conf file
+  template:
+    src: cgit_nginx.conf.j2
+    dest: /etc/nginx/nginx.d/cgit.conf
+    mode: 0644
+    owner: "root"
+    group: "root"
+  notify:
+    - reload nginx
diff --git a/roles/cgit/templates/cgit_nginx.conf.j2 b/roles/cgit/templates/cgit_nginx.conf.j2
new file mode 100644
index 0000000..365daaf
--- /dev/null
+++ b/roles/cgit/templates/cgit_nginx.conf.j2
@@ -0,0 +1,36 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ cgit_subdomain }};
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ cgit_subdomain }};
+
+    root /usr/share/webapps/cgit;
+    index index.html index.htm;
+
+    ssl_certificate         /etc/letsencrypt/live/{{ cgit_subdomain }}/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/{{ cgit_subdomain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ cgit_subdomain }}/chain.pem;
+
+    try_files $uri @cgit;
+    location @cgit {
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root/cgit.cgi;
+        fastcgi_param PATH_INFO $uri;
+        fastcgi_param QUERY_STRING $args;
+        fastcgi_param HTTP_HOST $server_name;
+        fastcgi_pass unix:/run/fcgiwrap.sock;
+    }
+}
diff --git a/roles/cgit/templates/cgitrc.j2 b/roles/cgit/templates/cgitrc.j2
new file mode 100644
index 0000000..562a002
--- /dev/null
+++ b/roles/cgit/templates/cgitrc.j2
@@ -0,0 +1,56 @@
+#
+# cgit config
+# see cgitrc(5) for details
+
+css=/cgit.css
+logo=/cgit.png
+
+# source highlighting
+source-filter=/usr/lib/cgit/filters/syntax-highlighting.py
+
+# Display README.md files (located with your repos) in HTML (like github)
+readme=:README.md
+readme=:README
+about-filter=/usr/lib/cgit/filters/about-formatting.sh
+
+# Specify some default clone urls using macro expansion
+clone-url=https://$HTTP_HOST/$CGIT_REPO_URL git://{{ gitolite_clone }}:$CGIT_REPO_URL ssh://{{ gitolite_clone }}/$CGIT_REPO_URL
+
+# enable git blame
+# not implemented yet in v1.1
+#enable-blame=1
+
+# use information from gitolite
+enable-git-config=1
+
+# Show extra links for each repository on the index page
+enable-index-links=1
+
+# Enable ASCII art commit history graph on the log pages
+enable-commit-graph=1
+
+# Show number of affected files per commit on the log pages
+enable-log-filecount=1
+
+# Show number of added/removed lines per commit on the log pages
+enable-log-linecount=1
+
+# enable mimetypes
+enable-html-serving=1
+
+# enable stats page
+max-stats=year
+
+# no .git suffix please
+remove-suffix=1
+
+# common mimetypes
+mimetype-file=/etc/mime.types
+
+# download repo as tar.*
+snapshots=tar.gz tar.xz zip
+
+project-list=/srv/git/projects.list
+scan-path=/srv/git/repositories
+
+virtual-root=/
diff --git a/roles/gitolite/tasks/main.yml b/roles/gitolite/tasks/main.yml
index fc05006..e017399 100644
--- a/roles/gitolite/tasks/main.yml
+++ b/roles/gitolite/tasks/main.yml
@@ -1,19 +1,28 @@
 ---
+- name: "Load OS specific variables"
+  include_vars: "{{ item }}"
+  with_first_found:
+    - files:
+        - "{{ ansible_distribution|lower }}.yml"
+        - "{{ ansible_os_family|lower }}.yml"
+        - "{{ ansible_system|lower }}.yml"
+      skip: true
+      paths:
+        - ../vars
+
 - name: Add git user
   user:
     name: "{{ git_user }}"
     home: "{{ git_dir }}"
     system: yes
+    shell: "/bin/bash"
     generate_ssh_key: yes
     state: present
 
-- name: Install gitolite (and git)
+- name: Install gitolite
   package:
-    name: "{{ item }}"
+    name: "{{ gitolite_pkg }}"
     state: present
-  with_items:
-    - git-core
-    - gitolite3
 
 - name: Check if this is a new installation
   stat:
@@ -36,5 +45,6 @@
   file:
     path: "{{ git_dir }}"
     recurse: yes
+    mode: "g+rX"
     owner: "{{ git_user }}"
     group: "{{ git_group }}"
diff --git a/roles/gitolite/vars/archlinux.yml b/roles/gitolite/vars/archlinux.yml
new file mode 100644
index 0000000..344f6a3
--- /dev/null
+++ b/roles/gitolite/vars/archlinux.yml
@@ -0,0 +1 @@
+gitolite_pkg: "gitolite"
diff --git a/roles/gitolite/vars/debian.yml b/roles/gitolite/vars/debian.yml
new file mode 100644
index 0000000..8195168
--- /dev/null
+++ b/roles/gitolite/vars/debian.yml
@@ -0,0 +1 @@
+gitolite_pkg: "gitolite3"
author	Tharre <tharre3@gmail.com>	2018-06-15 17:19:24 +0200
committer	Tharre <tharre3@gmail.com>	2018-06-15 17:19:24 +0200
commit	76a74270c16d916c1bf274ee53d42694874bbf78 (patch)
tree	81810a8d6279cad87963e59e7532bf6cd2be5d12
parent	c2e93c2370de9a0948b07e5768c7ac572d299c63 (diff)
download	infrastructure-76a74270c16d916c1bf274ee53d42694874bbf78.tar.gz infrastructure-76a74270c16d916c1bf274ee53d42694874bbf78.tar.xz infrastructure-76a74270c16d916c1bf274ee53d42694874bbf78.zip