diff options
| author | Romain Gonçalves <me@rgoncalves.se> | 2021-12-11 13:54:22 +0000 |
|---|---|---|
| committer | Romain Gonçalves <me@rgoncalves.se> | 2021-12-11 13:54:22 +0000 |
| commit | e60e99796111ee6d43080b4e48971c08886c0570 (patch) | |
| tree | 481e8fd119b3afdd0e2a2730ce1f41d623577e9e | |
| parent | 48208c520bb15d16b0eab623b97fa5e86c6f665c (diff) | |
| download | infrastructure-e60e99796111ee6d43080b4e48971c08886c0570.tar.gz | |
roles: Add git and cgit roles
| -rw-r--r-- | group_vars/all.yml | 2 | ||||
| -rw-r--r-- | playbooks/site.yml | 5 | ||||
| -rw-r--r-- | roles/cgit/defaults/main.yml | 18 | ||||
| -rw-r--r-- | roles/cgit/files/about-filter.sh | 3 | ||||
| -rw-r--r-- | roles/cgit/files/generate-static-git.sh | 28 | ||||
| -rw-r--r-- | roles/cgit/files/httpd.conf | 20 | ||||
| -rw-r--r-- | roles/cgit/files/style.css | 155 | ||||
| -rw-r--r-- | roles/cgit/meta/main.yml | 5 | ||||
| -rw-r--r-- | roles/cgit/tasks/main.yml | 53 | ||||
| -rw-r--r-- | roles/cgit/templates/cgitrc.j2 | 39 | ||||
| -rw-r--r-- | roles/cgit/templates/footer.html.j2 | 3 | ||||
| -rw-r--r-- | roles/cgit/templates/httpd.conf.j2 | 18 | ||||
| -rw-r--r-- | roles/git/defaults/main.yml | 7 | ||||
| -rw-r--r-- | roles/git/tasks/main.yml | 45 | ||||
| -rw-r--r-- | roles/git/templates/gitconfig.j2 | 2 | ||||
| -rw-r--r-- | roles/git/templates/no-interactive-login.j2 | 7 |
16 files changed, 409 insertions, 1 deletions
diff --git a/group_vars/all.yml b/group_vars/all.yml index 77af34b..380aa39 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -2,7 +2,7 @@ ansible_hostname: "{{ ansible_host }}" ansible_become_method: su wireguard_domain_controller: "{{ __global_domain_controller }}" -nfsclient_server: "stack0" +nfsclient_server: stack0 httpd_use_nfs: true __is_vm: false diff --git a/playbooks/site.yml b/playbooks/site.yml index d354cb7..eef50b8 100644 --- a/playbooks/site.yml +++ b/playbooks/site.yml @@ -18,6 +18,11 @@ - role: nfsclient tags: role_nfsclient +- hosts: stack0-dev0 + roles: + - role: cgit + tags: role_cgit + - hosts: servers roles: - role: httpd diff --git a/roles/cgit/defaults/main.yml b/roles/cgit/defaults/main.yml new file mode 100644 index 0000000..0c60bd5 --- /dev/null +++ b/roles/cgit/defaults/main.yml @@ -0,0 +1,18 @@ +cgit_instance: cgit +cgit_git_dir: /data/git +cgit_chroot_dir: /var/www + +cgit_ip: 0.0.0.0 +cgit_port: 1235 +cgit_authenticate: false + +cgit__favicon: http://rgoncalves.se/logo.png +cgit__logo: http://rgoncalves.se/logo.png +cgit__css: http://rgoncalves.se/style/cgit.css +cgit__root_desc: development hub +cgit__root_readme: http://rgoncalves.se +cgit__footer: /conf/footer.html +cgit__clone_urls: + - git://git.{{ __global_domain_name }}/$CGIT_REPO_URL + - ssh://git@git.{{ __global_domain_name }}/$CGIT_REPO_URL + - https://git.{{ __global_domain_name }}/$CGIT_REPO_URL diff --git a/roles/cgit/files/about-filter.sh b/roles/cgit/files/about-filter.sh new file mode 100644 index 0000000..6193824 --- /dev/null +++ b/roles/cgit/files/about-filter.sh @@ -0,0 +1,3 @@ +#!/bin/sh + +cat - diff --git a/roles/cgit/files/generate-static-git.sh b/roles/cgit/files/generate-static-git.sh new file mode 100644 index 0000000..dd0db32 --- /dev/null +++ b/roles/cgit/files/generate-static-git.sh @@ -0,0 +1,28 @@ +#!/bin/sh + +GIT_DIR="/data/git" + +repositories="" +repo="" + +for repo in "${GIT_DIR}"/*; do + + if [ ! -f "${repo}/git-daemon-export-ok" ]; then + echo " [ERR] $(basename ${repo})" + continue + fi + + repo=$(basename "${repo}") + repositories="${repositories} ${GIT_DIR}/${repo}" + + echo " [OK ] ${repo}" + mkdir "${repo}" 2>/dev/null + (cd "${repo}" && /usr/local/bin/stagit "${GIT_DIR}/${repo}") +done + +if [ -z "$repositories" ]; then + exit 1 +fi + +echo " [#] ${repositories}" +/usr/local/bin/stagit-index ${repositories} > index.html diff --git a/roles/cgit/files/httpd.conf b/roles/cgit/files/httpd.conf new file mode 100644 index 0000000..238acf0 --- /dev/null +++ b/roles/cgit/files/httpd.conf @@ -0,0 +1,20 @@ + +# httpd ~~ /etc/httpd.conf +# managed by Ansible + +server "default" { + listen on * port 1234 + root "/htdocs/stagit" + + location match "style.css" { + request rewrite "/style.css" + } + + location match "logo.png" { + request rewrite "/logo.png" + } + + location match "favicon.png" { + request rewrite "/logo.png" + } +} diff --git a/roles/cgit/files/style.css b/roles/cgit/files/style.css new file mode 100644 index 0000000..8e24ae9 --- /dev/null +++ b/roles/cgit/files/style.css @@ -0,0 +1,155 @@ +body { + font-family: monospace; + color: #000; + background-color: #fff; +} +img { + border: 0; +} + +h1, h2, h3, h4, h5, h6 { + font-size: 1em; + margin: 0; +} + +img, h1, h2 { + vertical-align: middle; +} + +a:target { + background-color: #ccc; +} + +a.d, +a.h, +a.i, +a.line { + text-decoration: none; +} + +#blob a { + color: #555; + border-right: 3px solid #aaa; + padding: 0 5px 0 0; +} + +#blob a:hover { + color: blue; + text-decoration: none; +} + +table thead td { + font-weight: bold; +} + +table td { + padding: 0 0.4em; +} + +#content table td { + white-space: nowrap; + vertical-align: top; +} + +#branches tr:hover td, +#tags tr:hover td, +#index tr:hover td, +#log tr:hover td, +#files tr:hover td { + background-color: #eee; +} + +#index tr td:nth-child(2), +#tags tr td:nth-child(3), +#branches tr td:nth-child(3), +#log tr td:nth-child(2) { + white-space: normal; +} + +td.num { + text-align: right; +} + +.desc { + color: #555; +} + +hr { + border: 0; + border-top: 3px solid #aaa; + height: 3px; +} + +#content hr { + display: none; +} + +pre { + font-family: monospace; +} + +pre a.h { + color: #00a; +} + +.A, +span.i, +pre a.i { + color: #070; +} + +.D, +span.d, +pre a.d { + color: #e00; +} + +pre a.h:hover, +pre a.i:hover, +pre a.d:hover { + text-decoration: none; +} +/* +@media (prefers-color-scheme: dark) { + body { + background-color: #000; + color: #eee; + } + hr { + border-color: #222; + } + a { + color: #00abff; + } + a:target { + background-color: #222; + } + #blob a { + color: #555; + border-color: #222; + } + #blob a:hover { + color: #00abff; + } + pre a.h { + color: #00abff; + } + .A, + span.i, + pre a.i { + color: #0e0; + } + .D, + span.d, + pre a.d { + color: #e00; + } + #branches tr:hover td, + #tags tr:hover td, + #index tr:hover td, + #log tr:hover td, + #files tr:hover td { + background-color: #111; + } +} +*/ diff --git a/roles/cgit/meta/main.yml b/roles/cgit/meta/main.yml new file mode 100644 index 0000000..a25f289 --- /dev/null +++ b/roles/cgit/meta/main.yml @@ -0,0 +1,5 @@ +dependencies: + - role: git + tags: dependency + - role: httpd_pre + tags: dependency diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml new file mode 100644 index 0000000..6040ecf --- /dev/null +++ b/roles/cgit/tasks/main.yml @@ -0,0 +1,53 @@ +- name: install cgit packages + package: + name: + - cgit + - lowdown + state: present + +- name: generate cgit configuration files + template: + src: "{{ item.template }}" + dest: "{{ item.file }}" + owner: 0 + group: 0 + mode: 0644 + loop: + - template: cgitrc.j2 + file: "{{ cgit_chroot_dir }}/conf/cgitrc" + - template: footer.html.j2 + file: "{{ cgit_chroot_dir }}/conf/footer.html" + - template: httpd.conf.j2 + file: /etc/httpd.d/cgit.conf + +- name: copy utilities in httpd chroot + copy: + src: "{{ item }}" + dest: "{{ cgit_chroot_dir }}/bin" + mode: preserve + remote_src: true + loop: + - /bin/sh + - /bin/cat + - /usr/local/bin/lowdown + +- name: copy about-filter generator + copy: + src: about-filter.sh + dest: "{{ cgit_chroot_dir }}/bin/about-filter.sh" + owner: 0 + group: 0 + mode: 0755 + +- name: start and enable slowcgi service + service: + name: slowcgi + state: restarted + enabled: true + +- name: httpd password information + debug: + msg: | + Please provide a password using htpasswd, + in "{{ cgit_chroot_dir }}/htpasswd/cgit" + when: cgit_authenticate diff --git a/roles/cgit/templates/cgitrc.j2 b/roles/cgit/templates/cgitrc.j2 new file mode 100644 index 0000000..40b4b07 --- /dev/null +++ b/roles/cgit/templates/cgitrc.j2 @@ -0,0 +1,39 @@ +# managed by Ansible + +# visuals +css={{ cgit__css }} +logo={{ cgit__logo }} +favicon={{ cgit__favicon }} +footer={{ cgit__footer }} + +# readme +readme=:README.md +readme=:README.org +readme=:README +readme=:.README.md +readme=:.README +about-filter=/bin/about-filter.sh + +# features +enable-commit-graph=1 +enable-http-clone=1 +enable-index-links=1 +max-stats=quarter +robots=noindex, nofollow +localtime=1 + +# git +clone-url={{ cgit__clone_urls | join(' ') }} + +# instance id +root-title=git.{{ __global_domain_name }} +root-desc={{ cgit__root_desc }} +root-readme={{ cgit__root_readme }} + +# archives +snapshots=tar.gz + +# sections +section-from-path=1 +section-sort=1 +scan-path={{ cgit_git_dir }} diff --git a/roles/cgit/templates/footer.html.j2 b/roles/cgit/templates/footer.html.j2 new file mode 100644 index 0000000..66ca627 --- /dev/null +++ b/roles/cgit/templates/footer.html.j2 @@ -0,0 +1,3 @@ +<span style="background-color:yellow"> +remember that computers suck. +</span> diff --git a/roles/cgit/templates/httpd.conf.j2 b/roles/cgit/templates/httpd.conf.j2 new file mode 100644 index 0000000..962016a --- /dev/null +++ b/roles/cgit/templates/httpd.conf.j2 @@ -0,0 +1,18 @@ +# managed by Ansible + +server "cgit" { + listen on "{{ cgit_ip }}" port {{ cgit_port }} +{% if cgit_authenticate %} + authenticate "realm" with "/htpasswd/cgit" +{% endif %} + + # cgit + location "/cgit.*" { + root "/cgit" + no fastcgi + } + + # fastcgi + root "/cgi-bin/cgit.cgi" + fastcgi socket "/run/slowcgi.sock" +} diff --git a/roles/git/defaults/main.yml b/roles/git/defaults/main.yml new file mode 100644 index 0000000..f99dec3 --- /dev/null +++ b/roles/git/defaults/main.yml @@ -0,0 +1,7 @@ +git_user: git +git_group: git +git_dir: /data/git + +git_shell: /bin/sh +git_default_branch: trunk +git_allow_ssh_login: true diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml new file mode 100644 index 0000000..4d2b74e --- /dev/null +++ b/roles/git/tasks/main.yml @@ -0,0 +1,45 @@ +- name: install git package + package: + name: git + state: present + +- name: create git group + group: + name: "{{ git_group }}" + state: present + +- name: create git user + user: + name: "{{ git_user }}" + group: "{{ git_group }}" + shell: "{{ git_shell }}" + home: "{{ git_dir }}" + create_home: false + +- name: create git directories + file: + path: "{{ item }}" + owner: "{{ git_user }}" + group: "{{ git_group }}" + state: directory + mode: 0755 + loop: + - "{{ git_dir }}" + - "{{ git_dir }}/git-shell-commands" + +- name: generate git-shell no-login prompt + template: + src: no-interactive-login.j2 + dest: "{{ git_dir }}/git-shell-commands/no-interactive-login" + owner: "{{ git_user }}" + group: "{{ git_group }}" + mode: "0744" + when: not git_allow_ssh_login + +- name: generate gitconfig + template: + src: gitconfig.j2 + dest: "{{ git_dir }}/.gitconfig" + owner: "{{ git_user }}" + group: "{{ git_group }}" + mode: 0644 diff --git a/roles/git/templates/gitconfig.j2 b/roles/git/templates/gitconfig.j2 new file mode 100644 index 0000000..b9923a2 --- /dev/null +++ b/roles/git/templates/gitconfig.j2 @@ -0,0 +1,2 @@ +[init] + defaultBranch = {{ git_default_branch }} diff --git a/roles/git/templates/no-interactive-login.j2 b/roles/git/templates/no-interactive-login.j2 new file mode 100644 index 0000000..bfe6011 --- /dev/null +++ b/roles/git/templates/no-interactive-login.j2 @@ -0,0 +1,7 @@ +#!/bin/sh + +cat <<EOF + ▍ git + ▍ + ▍no-interactive-login +EOF |