From e60e99796111ee6d43080b4e48971c08886c0570 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Romain=20Gon=C3=A7alves?= <me@rgoncalves.se>
Date: Sat, 11 Dec 2021 13:54:22 +0000
Subject: roles: Add git and cgit roles

---
 roles/cgit/defaults/main.yml                |  18 ++++
 roles/cgit/files/about-filter.sh            |   3 +
 roles/cgit/files/generate-static-git.sh     |  28 +++++
 roles/cgit/files/httpd.conf                 |  20 ++++
 roles/cgit/files/style.css                  | 155 ++++++++++++++++++++++++++++
 roles/cgit/meta/main.yml                    |   5 +
 roles/cgit/tasks/main.yml                   |  53 ++++++++++
 roles/cgit/templates/cgitrc.j2              |  39 +++++++
 roles/cgit/templates/footer.html.j2         |   3 +
 roles/cgit/templates/httpd.conf.j2          |  18 ++++
 roles/git/defaults/main.yml                 |   7 ++
 roles/git/tasks/main.yml                    |  45 ++++++++
 roles/git/templates/gitconfig.j2            |   2 +
 roles/git/templates/no-interactive-login.j2 |   7 ++
 14 files changed, 403 insertions(+)
 create mode 100644 roles/cgit/defaults/main.yml
 create mode 100644 roles/cgit/files/about-filter.sh
 create mode 100644 roles/cgit/files/generate-static-git.sh
 create mode 100644 roles/cgit/files/httpd.conf
 create mode 100644 roles/cgit/files/style.css
 create mode 100644 roles/cgit/meta/main.yml
 create mode 100644 roles/cgit/tasks/main.yml
 create mode 100644 roles/cgit/templates/cgitrc.j2
 create mode 100644 roles/cgit/templates/footer.html.j2
 create mode 100644 roles/cgit/templates/httpd.conf.j2
 create mode 100644 roles/git/defaults/main.yml
 create mode 100644 roles/git/tasks/main.yml
 create mode 100644 roles/git/templates/gitconfig.j2
 create mode 100644 roles/git/templates/no-interactive-login.j2

(limited to 'roles')

diff --git a/roles/cgit/defaults/main.yml b/roles/cgit/defaults/main.yml
new file mode 100644
index 0000000..0c60bd5
--- /dev/null
+++ b/roles/cgit/defaults/main.yml
@@ -0,0 +1,18 @@
+cgit_instance: cgit
+cgit_git_dir: /data/git
+cgit_chroot_dir: /var/www
+
+cgit_ip: 0.0.0.0
+cgit_port: 1235
+cgit_authenticate: false
+
+cgit__favicon: http://rgoncalves.se/logo.png
+cgit__logo: http://rgoncalves.se/logo.png
+cgit__css: http://rgoncalves.se/style/cgit.css
+cgit__root_desc: development hub
+cgit__root_readme: http://rgoncalves.se
+cgit__footer: /conf/footer.html
+cgit__clone_urls:
+  - git://git.{{ __global_domain_name }}/$CGIT_REPO_URL
+  - ssh://git@git.{{ __global_domain_name }}/$CGIT_REPO_URL
+  - https://git.{{ __global_domain_name }}/$CGIT_REPO_URL
diff --git a/roles/cgit/files/about-filter.sh b/roles/cgit/files/about-filter.sh
new file mode 100644
index 0000000..6193824
--- /dev/null
+++ b/roles/cgit/files/about-filter.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+cat -
diff --git a/roles/cgit/files/generate-static-git.sh b/roles/cgit/files/generate-static-git.sh
new file mode 100644
index 0000000..dd0db32
--- /dev/null
+++ b/roles/cgit/files/generate-static-git.sh
@@ -0,0 +1,28 @@
+#!/bin/sh
+
+GIT_DIR="/data/git"
+
+repositories=""
+repo=""
+
+for repo in "${GIT_DIR}"/*; do
+
+	if [ ! -f "${repo}/git-daemon-export-ok" ]; then
+		echo " [ERR] $(basename ${repo})"
+		continue
+	fi
+
+	repo=$(basename "${repo}")
+	repositories="${repositories} ${GIT_DIR}/${repo}"
+
+	echo " [OK ] ${repo}"
+	mkdir "${repo}" 2>/dev/null
+	(cd "${repo}" && /usr/local/bin/stagit "${GIT_DIR}/${repo}")
+done
+
+if [ -z "$repositories" ]; then
+	exit 1
+fi
+
+echo " [#] ${repositories}"
+/usr/local/bin/stagit-index ${repositories} > index.html
diff --git a/roles/cgit/files/httpd.conf b/roles/cgit/files/httpd.conf
new file mode 100644
index 0000000..238acf0
--- /dev/null
+++ b/roles/cgit/files/httpd.conf
@@ -0,0 +1,20 @@
+
+# httpd ~~ /etc/httpd.conf
+# managed by Ansible
+
+server "default" {
+	listen on * port 1234
+	root "/htdocs/stagit"
+
+	location match "style.css" {
+		request rewrite "/style.css"
+	}
+
+	location match "logo.png" {
+		request rewrite "/logo.png"
+	}
+
+	location match "favicon.png" {
+		request rewrite "/logo.png"
+	}
+}
diff --git a/roles/cgit/files/style.css b/roles/cgit/files/style.css
new file mode 100644
index 0000000..8e24ae9
--- /dev/null
+++ b/roles/cgit/files/style.css
@@ -0,0 +1,155 @@
+body {
+	font-family: monospace;
+	color: #000;
+	background-color: #fff;
+}
+img {
+	border: 0;
+}
+
+h1, h2, h3, h4, h5, h6 {
+	font-size: 1em;
+	margin: 0;
+}
+
+img, h1, h2 {
+	vertical-align: middle;
+}
+
+a:target {
+	background-color: #ccc;
+}
+
+a.d,
+a.h,
+a.i,
+a.line {
+	text-decoration: none;
+}
+
+#blob a {
+	color: #555;
+	border-right: 3px solid #aaa;
+	padding: 0 5px 0 0;
+}
+
+#blob a:hover {
+	color: blue;
+	text-decoration: none;
+}
+
+table thead td {
+	font-weight: bold;
+}
+
+table td {
+	padding: 0 0.4em;
+}
+
+#content table td {
+	white-space: nowrap;
+	vertical-align: top;
+}
+
+#branches tr:hover td,
+#tags tr:hover td,
+#index tr:hover td,
+#log tr:hover td,
+#files tr:hover td {
+	background-color: #eee;
+}
+
+#index tr td:nth-child(2),
+#tags tr td:nth-child(3),
+#branches tr td:nth-child(3),
+#log tr td:nth-child(2) {
+	white-space: normal;
+}
+
+td.num {
+	text-align: right;
+}
+
+.desc {
+	color: #555;
+}
+
+hr {
+	border: 0;
+	border-top: 3px solid #aaa;
+	height: 3px;
+}
+
+#content hr {
+	display: none;
+}
+
+pre {
+	font-family: monospace;
+}
+
+pre a.h {
+	color: #00a;
+}
+
+.A,
+span.i,
+pre a.i {
+	color: #070;
+}
+
+.D,
+span.d,
+pre a.d {
+	color: #e00;
+}
+
+pre a.h:hover,
+pre a.i:hover,
+pre a.d:hover {
+	text-decoration: none;
+}
+/*
+@media (prefers-color-scheme: dark) {
+	body {
+		background-color: #000;
+		color: #eee;
+	}
+	hr {
+		border-color: #222;
+	}
+	a {
+		color: #00abff;
+	}
+	a:target {
+		background-color: #222;
+	}
+	#blob a {
+		color: #555;
+		border-color: #222;
+	}
+	#blob a:hover {
+		color: #00abff;
+	}
+	pre a.h {
+		color: #00abff;
+	}
+	.A,
+	span.i,
+	pre a.i {
+		color: #0e0;
+	}
+	.D,
+	span.d,
+	pre a.d {
+		color: #e00;
+	}
+	#branches tr:hover td,
+	#tags tr:hover td,
+	#index tr:hover td,
+	#log tr:hover td,
+	#files tr:hover td {
+		background-color: #111;
+	}
+}
+*/
diff --git a/roles/cgit/meta/main.yml b/roles/cgit/meta/main.yml
new file mode 100644
index 0000000..a25f289
--- /dev/null
+++ b/roles/cgit/meta/main.yml
@@ -0,0 +1,5 @@
+dependencies:
+  - role: git
+    tags: dependency
+  - role: httpd_pre
+    tags: dependency
diff --git a/roles/cgit/tasks/main.yml b/roles/cgit/tasks/main.yml
new file mode 100644
index 0000000..6040ecf
--- /dev/null
+++ b/roles/cgit/tasks/main.yml
@@ -0,0 +1,53 @@
+- name: install cgit packages
+  package:
+    name:
+      - cgit
+      - lowdown
+    state: present
+
+- name: generate cgit configuration files
+  template:
+    src: "{{ item.template }}"
+    dest: "{{ item.file }}"
+    owner: 0
+    group: 0
+    mode: 0644
+  loop:
+    - template: cgitrc.j2
+      file: "{{ cgit_chroot_dir }}/conf/cgitrc"
+    - template: footer.html.j2
+      file: "{{ cgit_chroot_dir }}/conf/footer.html"
+    - template: httpd.conf.j2
+      file: /etc/httpd.d/cgit.conf
+
+- name: copy utilities in httpd chroot
+  copy:
+    src: "{{ item }}"
+    dest: "{{ cgit_chroot_dir }}/bin"
+    mode: preserve
+    remote_src: true
+  loop:
+    - /bin/sh
+    - /bin/cat
+    - /usr/local/bin/lowdown
+
+- name: copy about-filter generator
+  copy:
+    src: about-filter.sh
+    dest: "{{ cgit_chroot_dir }}/bin/about-filter.sh"
+    owner: 0
+    group: 0
+    mode: 0755
+
+- name: start and enable slowcgi service
+  service:
+    name: slowcgi
+    state: restarted
+    enabled: true
+
+- name: httpd password information
+  debug:
+    msg: |
+      Please provide a password using htpasswd,
+      in "{{ cgit_chroot_dir }}/htpasswd/cgit"
+  when: cgit_authenticate
diff --git a/roles/cgit/templates/cgitrc.j2 b/roles/cgit/templates/cgitrc.j2
new file mode 100644
index 0000000..40b4b07
--- /dev/null
+++ b/roles/cgit/templates/cgitrc.j2
@@ -0,0 +1,39 @@
+# managed by Ansible
+
+# visuals
+css={{ cgit__css }}
+logo={{ cgit__logo }}
+favicon={{ cgit__favicon }}
+footer={{ cgit__footer }}
+
+# readme
+readme=:README.md
+readme=:README.org
+readme=:README
+readme=:.README.md
+readme=:.README
+about-filter=/bin/about-filter.sh
+
+# features
+enable-commit-graph=1
+enable-http-clone=1
+enable-index-links=1
+max-stats=quarter
+robots=noindex, nofollow
+localtime=1
+
+# git
+clone-url={{ cgit__clone_urls | join(' ') }}
+
+# instance id
+root-title=git.{{ __global_domain_name }}
+root-desc={{ cgit__root_desc }}
+root-readme={{ cgit__root_readme }}
+
+# archives
+snapshots=tar.gz
+
+# sections
+section-from-path=1
+section-sort=1
+scan-path={{ cgit_git_dir }}
diff --git a/roles/cgit/templates/footer.html.j2 b/roles/cgit/templates/footer.html.j2
new file mode 100644
index 0000000..66ca627
--- /dev/null
+++ b/roles/cgit/templates/footer.html.j2
@@ -0,0 +1,3 @@
+<span style="background-color:yellow">
+remember that computers suck.
+</span>
diff --git a/roles/cgit/templates/httpd.conf.j2 b/roles/cgit/templates/httpd.conf.j2
new file mode 100644
index 0000000..962016a
--- /dev/null
+++ b/roles/cgit/templates/httpd.conf.j2
@@ -0,0 +1,18 @@
+# managed by Ansible
+
+server "cgit" {
+	listen on "{{ cgit_ip }}" port {{ cgit_port }}
+{% if cgit_authenticate %}
+	authenticate "realm" with "/htpasswd/cgit"
+{% endif %}
+
+	# cgit
+	location "/cgit.*" {
+		root "/cgit"
+		no fastcgi
+	}
+
+	# fastcgi
+	root "/cgi-bin/cgit.cgi"
+	fastcgi socket "/run/slowcgi.sock"
+}
diff --git a/roles/git/defaults/main.yml b/roles/git/defaults/main.yml
new file mode 100644
index 0000000..f99dec3
--- /dev/null
+++ b/roles/git/defaults/main.yml
@@ -0,0 +1,7 @@
+git_user: git
+git_group: git
+git_dir: /data/git
+
+git_shell: /bin/sh
+git_default_branch: trunk
+git_allow_ssh_login: true
diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml
new file mode 100644
index 0000000..4d2b74e
--- /dev/null
+++ b/roles/git/tasks/main.yml
@@ -0,0 +1,45 @@
+- name: install git package
+  package:
+    name: git
+    state: present
+
+- name: create git group
+  group:
+    name: "{{ git_group }}"
+    state: present
+
+- name: create git user
+  user:
+    name: "{{ git_user }}"
+    group: "{{ git_group }}"
+    shell: "{{ git_shell }}"
+    home: "{{ git_dir }}"
+    create_home: false
+
+- name: create git directories
+  file:
+    path: "{{ item }}"
+    owner: "{{ git_user }}"
+    group: "{{ git_group }}"
+    state: directory
+    mode: 0755
+  loop:
+    - "{{ git_dir }}"
+    - "{{ git_dir }}/git-shell-commands"
+
+- name: generate git-shell no-login prompt
+  template:
+    src: no-interactive-login.j2
+    dest: "{{ git_dir }}/git-shell-commands/no-interactive-login"
+    owner: "{{ git_user }}"
+    group: "{{ git_group }}"
+    mode: "0744"
+  when: not git_allow_ssh_login
+
+- name: generate gitconfig
+  template:
+    src: gitconfig.j2
+    dest: "{{ git_dir }}/.gitconfig"
+    owner: "{{ git_user }}"
+    group: "{{ git_group }}"
+    mode: 0644
diff --git a/roles/git/templates/gitconfig.j2 b/roles/git/templates/gitconfig.j2
new file mode 100644
index 0000000..b9923a2
--- /dev/null
+++ b/roles/git/templates/gitconfig.j2
@@ -0,0 +1,2 @@
+[init]
+        defaultBranch = {{ git_default_branch }}
diff --git a/roles/git/templates/no-interactive-login.j2 b/roles/git/templates/no-interactive-login.j2
new file mode 100644
index 0000000..bfe6011
--- /dev/null
+++ b/roles/git/templates/no-interactive-login.j2
@@ -0,0 +1,7 @@
+#!/bin/sh
+
+cat <<EOF
+ ▍ git
+ ▍
+ ▍no-interactive-login
+EOF
-- 
cgit v1.2.3