From 0c70ea19a91fa28cc5f97364ce1276ad5ae6f898 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= Date: Sun, 22 Jan 2023 19:51:36 +0100 Subject: feat(roles/cgit): add argument specs --- host_vars/dc0.yml | 12 +++++-- host_vars/stack0-dc1.yml | 1 - roles/cgit/defaults/main.yml | 38 ++++++++++++-------- roles/cgit/meta/main.yml | 73 ++++++++++++++++++++++++++++++++++++-- roles/cgit/tasks/dependencies.yml | 35 ------------------ roles/cgit/tasks/main.yml | 62 +++++++++++++++++++++----------- roles/cgit/templates/cgitrc.j2 | 24 ++++++------- roles/cgit/templates/httpd.conf.j2 | 5 +-- 8 files changed, 160 insertions(+), 90 deletions(-) delete mode 100644 roles/cgit/tasks/dependencies.yml diff --git a/host_vars/dc0.yml b/host_vars/dc0.yml index f0866ff..2c7461a 100644 --- a/host_vars/dc0.yml +++ b/host_vars/dc0.yml @@ -8,6 +8,14 @@ sshd_listen_port: "{{ ansible_port }}" relayd_connected_hosts: servers acme_connected_hosts: servers +cgit_listen_port: 1235 +cgit_domain_name: git.rgoncalves.se +cgit_favicon_url: "https://{{ __domain_name }}/img/favicon.ico" +cgit_logo_url: "https://{{ __domain_name }}/img/favicon.ico" +cgit_css_url: "https://{{ __domain_name }}/style/cgit.css" +cgit_description: development hub +cgit_readme_url: https://{{ __domain_name }}" + __is_vm: true __ip: @@ -33,6 +41,6 @@ __services: port: 443 - name: git - domain: git.rgoncalves.se + domain: "{{ cgit_domain_name }}" protocol: tcp - port: 1235 + port: "{{ cgit_listen_port }}" diff --git a/host_vars/stack0-dc1.yml b/host_vars/stack0-dc1.yml index be8f1a3..5971323 100644 --- a/host_vars/stack0-dc1.yml +++ b/host_vars/stack0-dc1.yml @@ -1,6 +1,5 @@ --- -cgit_authenticate: true cgit__root_desc: private - development hub __is_vm: true diff --git a/roles/cgit/defaults/main.yml b/roles/cgit/defaults/main.yml index cf70c5b..503b20b 100644 --- a/roles/cgit/defaults/main.yml +++ b/roles/cgit/defaults/main.yml @@ -1,20 +1,30 @@ --- -cgit_instance: cgit cgit_git_dir: /data/git +cgit_cache_size: 10 +cgit_cache_dir: /cache/cgit + cgit_chroot_dir: /var/www +cgit_chroot_required_files: + - /bin/sh + - /bin/cat + - /usr/local/bin/lowdown + +cgit_user: www +cgit_group: www + +cgit_listen_address: 0.0.0.0 +cgit_listen_port: 1235 +cgit_footer_path: /conf/footer.html -cgit_ip: 0.0.0.0 -cgit_port: 1235 -cgit_authenticate: false +cgit_clone_urls: + - git://{{ cgit_domain_name }}/$CGIT_REPO_URL + - ssh://{{ git_user }}@{{ cgit_domain_name }}/$CGIT_REPO_URL + - https://{{ cgit_domain_name }}/$CGIT_REPO_URL -cgit__favicon: https://rgoncalves.se/img/favicon.ico -cgit__logo: https://rgoncalves.se/img/favicon.ico -cgit__css: https://rgoncalves.se/style/cgit.css -cgit__root_desc: development hub -cgit__root_readme: https://rgoncalves.se -cgit__footer: /conf/footer.html -cgit__clone_urls: - - git://git.{{ __global_domain_name }}/$CGIT_REPO_URL - - ssh://git@git.{{ __global_domain_name }}/$CGIT_REPO_URL - - https://git.{{ __global_domain_name }}/$CGIT_REPO_URL +cgit_domain_name: "" +cgit_favicon_url: "" +cgit_logo_url: "" +cgit_css_url: "" +cgit_description: "" +cgit_readme_url: "" diff --git a/roles/cgit/meta/main.yml b/roles/cgit/meta/main.yml index bd45503..ddd865d 100644 --- a/roles/cgit/meta/main.yml +++ b/roles/cgit/meta/main.yml @@ -2,6 +2,75 @@ dependencies: - role: git - tags: dependency - role: httpd_pre - tags: dependency + +argument_specs: + main: + short_description: cgit main entrypoint. + options: + + cgit_git_dir: + type: path + required: true + description: Git directory + + cgit_chroot_dir: + type: path + required: true + description: Chroot directory for web service + + cgit_user: + type: str + required: true + description: Cgit web service user + + cgit_group: + type: str + required: true + description: Cgit web service group + + cgit_domain_name: + type: str + required: true + description: Cgit domain name + + cgit_clone_urls: + type: list + elements: str + requiredi: true + description: Available urls for cloning a repository + + cgit_cache_size: + type: int + required: true + description: Cgit cache size + + cgit_cache_dir: + type: path + required: true + description: Cgit cache directory + + cgit_chroot_required_files: + type: list + elements: str + required: true + description: Files to be copied in cgit chroot + + cgit_favicon_url: + type: str + description: Favicon url + cgit_logo_url: + type: str + description: Logo url + cgit_css_url: + type: str + description: Stylesheet url + cgit_description: + type: str + description: Instance description + cgit_readme_url: + type: str + description: Instance readme url + cgit_footer_path: + type: str + description: Footer path diff --git a/roles/cgit/tasks/dependencies.yml b/roles/cgit/tasks/dependencies.yml deleted file mode 100644 index a0d4d65..0000000 --- a/roles/cgit/tasks/dependencies.yml +++ /dev/null @@ -1,35 +0,0 @@ ---- - -- name: retrieve dependencies for lowdown # noqa: no-changed-when - ansible.builtin.shell: | - set -o pipefail - ldd /usr/local/bin/lowdown | tr -s " " | grep "0 1 0" | cut -d " " -f 7 - register: result - -- name: create dependencies directories in chroot - ansible.builtin.file: - path: "{{ cgit_chroot_dir }}{{ item | dirname }}" - owner: 0 - group: 0 - mode: "0755" - state: directory - loop: "{{ result.stdout_lines }}" - -- name: copy dependencies for lowdown - ansible.builtin.copy: - src: "{{ item }}" - dest: "{{ cgit_chroot_dir }}/{{ item }}" - mode: preserve - remote_src: true - loop: "{{ result.stdout_lines }}" - -- name: copy utilities in httpd chroot - ansible.builtin.copy: - src: "{{ item }}" - dest: "{{ cgit_chroot_dir }}/bin" - mode: preserve - remote_src: true - loop: - - /bin/sh - - /bin/cat - - /usr/local/bin/lowdown diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml index 64452f8..ce9ecbe 100644 --- a/roles/cgit/tasks/main.yml +++ b/roles/cgit/tasks/main.yml @@ -9,29 +9,58 @@ - name: create cgit cache directory ansible.builtin.file: - path: "{{ cgit_chroot_dir }}/cache/cgit" - owner: www - group: www + path: "{{ cgit_chroot_dir }}/{{ cgit_cache_dir }}" + owner: "{{ cgit_user }}" + group: "{{ cgit_group }}" mode: "0750" state: directory - name: generate cgit configuration files ansible.builtin.template: - src: "{{ item.template }}" - dest: "{{ item.file }}" + src: "{{ item.src }}" + dest: "{{ item.dest }}" owner: 0 group: 0 mode: "0644" loop: - - template: cgitrc.j2 - file: "{{ cgit_chroot_dir }}/conf/cgitrc" - - template: footer.html.j2 - file: "{{ cgit_chroot_dir }}/conf/footer.html" - - template: httpd.conf.j2 - file: /etc/httpd.d/cgit.conf + - src: cgitrc.j2 + dest: "{{ cgit_chroot_dir }}/conf/cgitrc" + - src: footer.html.j2 + dest: "{{ cgit_chroot_dir }}/conf/footer.html" + - src: httpd.conf.j2 + dest: /etc/httpd.d/cgit.conf -- name: include dependencies for lowdown - ansible.builtin.include_tasks: dependencies.yml +- name: retrieve dependencies for lowdown + ansible.builtin.shell: | + set -o pipefail + ldd $(command -v lowdown) | tr -s " " | grep "0 1 0" | cut -d " " -f 7 + register: cgit_result_lowdown_dependencies + changed_when: false + +- name: create dependencies directories in chroot + ansible.builtin.file: + path: "{{ cgit_chroot_dir }}{{ item | dirname }}" + owner: 0 + group: 0 + mode: "0755" + state: directory + loop: "{{ cgit_result_lowdown_dependencies.stdout_lines }}" + +- name: copy dependencies for lowdown + ansible.builtin.copy: + src: "{{ item }}" + dest: "{{ cgit_chroot_dir }}/{{ item }}" + mode: preserve + remote_src: true + loop: "{{ cgit_result_lowdown_dependencies.stdout_lines }}" + +- name: copy utilities in httpd chroot + ansible.builtin.copy: + src: "{{ item }}" + dest: "{{ cgit_chroot_dir }}/bin" + mode: preserve + remote_src: true + loop: "{{ cgit_chroot_required_files }}" - name: copy about-filter generator ansible.builtin.copy: @@ -46,10 +75,3 @@ name: slowcgi state: restarted enabled: true - -- name: httpd password information - ansible.builtin.debug: - msg: | - Please provide a password using htpasswd, - in "{{ cgit_chroot_dir }}/htpasswd/cgit" - when: cgit_authenticate diff --git a/roles/cgit/templates/cgitrc.j2 b/roles/cgit/templates/cgitrc.j2 index 99dcc17..4c139d4 100644 --- a/roles/cgit/templates/cgitrc.j2 +++ b/roles/cgit/templates/cgitrc.j2 @@ -1,14 +1,8 @@ # managed by Ansible -# visuals -css={{ cgit__css }} -logo={{ cgit__logo }} -favicon={{ cgit__favicon }} -footer={{ cgit__footer }} - # cache -cache-root=/cache/cgit -cache-size=100 +cache-root={{ cgit_cache_dir }} +cache-size={{ cgit_cache_size }} # readme readme=:README.md @@ -31,12 +25,18 @@ robots=noindex, nofollow localtime=1 # git -clone-url={{ cgit__clone_urls | join(' ') }} +clone-url={{ cgit_clone_urls | join(' ') }} # instance id -root-title=git.{{ __global_domain_name }} -root-desc={{ cgit__root_desc }} -root-readme={{ cgit__root_readme }} +root-title={{ cgit_domain_name }} +root-desc={{ cgit_description }} +root-readme={{ cgit_readme_url }} + +# visuals +css={{ cgit_css_url }} +logo={{ cgit_logo_url }} +favicon={{ cgit_favicon_url }} +footer={{ cgit_footer_path }} # archives snapshots=tar.gz diff --git a/roles/cgit/templates/httpd.conf.j2 b/roles/cgit/templates/httpd.conf.j2 index 962016a..0220f90 100644 --- a/roles/cgit/templates/httpd.conf.j2 +++ b/roles/cgit/templates/httpd.conf.j2 @@ -1,10 +1,7 @@ # managed by Ansible server "cgit" { - listen on "{{ cgit_ip }}" port {{ cgit_port }} -{% if cgit_authenticate %} - authenticate "realm" with "/htpasswd/cgit" -{% endif %} + listen on "{{ cgit_listen_address }}" port {{ cgit_listen_port }} # cgit location "/cgit.*" { -- cgit v1.2.3