diff options
author | bnewbold <bnewbold@robocracy.org> | 2016-04-09 18:28:42 -0400 |
---|---|---|
committer | bnewbold <bnewbold@robocracy.org> | 2016-04-09 18:28:42 -0400 |
commit | 449688096d3cda8e0ea843fe0a8bbf76ff7bd94a (patch) | |
tree | 6d2cf0ffbf7ed5d283790efef1023261f51a8bc7 /roles | |
parent | 76c09caaf4d9952cabb75ae12f917e88fe636f4e (diff) | |
download | infra-449688096d3cda8e0ea843fe0a8bbf76ff7bd94a.tar.gz infra-449688096d3cda8e0ea843fe0a8bbf76ff7bd94a.zip |
import git hosting from sovereign
Diffstat (limited to 'roles')
-rw-r--r-- | roles/git/files/home_git_.gitolite.rc | 176 | ||||
-rw-r--r-- | roles/git/tasks/cgit.yml | 59 | ||||
-rw-r--r-- | roles/git/tasks/gitolite.yml | 31 | ||||
-rw-r--r-- | roles/git/tasks/main.yml | 2 | ||||
-rw-r--r-- | roles/git/templates/etc_apache2_sites-available_cgit.j2 | 27 | ||||
-rw-r--r-- | roles/git/templates/etc_cgitrc.j2 | 137 |
6 files changed, 432 insertions, 0 deletions
diff --git a/roles/git/files/home_git_.gitolite.rc b/roles/git/files/home_git_.gitolite.rc new file mode 100644 index 0000000..07bab4f --- /dev/null +++ b/roles/git/files/home_git_.gitolite.rc @@ -0,0 +1,176 @@ +# configuration variables for gitolite
+
+# This file is in perl syntax. But you do NOT need to know perl to edit it --
+# just mind the commas, use single quotes unless you know what you're doing,
+# and make sure the brackets and braces stay matched up!
+
+# (Tip: perl allows a comma after the last item in a list also!)
+
+# HELP for commands can be had by running the command with "-h".
+
+# HELP for all the other FEATURES can be found in the documentation (look for
+# "list of non-core programs shipped with gitolite" in the master index) or
+# directly in the corresponding source file.
+
+%RC = (
+
+ # ------------------------------------------------------------------
+
+ # default umask gives you perms of '0700'; see the rc file docs for
+ # how/why you might change this
+ UMASK => 0027,
+
+ # look for "git-config" in the documentation
+ GIT_CONFIG_KEYS => 'gitweb\.(owner|description|category)',
+
+ # comment out if you don't need all the extra detail in the logfile
+ LOG_EXTRA => 1,
+
+ # roles. add more roles (like MANAGER, TESTER, ...) here.
+ # WARNING: if you make changes to this hash, you MUST run 'gitolite
+ # compile' afterward, and possibly also 'gitolite trigger POST_COMPILE'
+ ROLES => {
+ READERS => 1,
+ WRITERS => 1,
+ },
+
+ # ------------------------------------------------------------------
+
+ # rc variables used by various features
+
+ # the 'info' command prints this as additional info, if it is set
+ # SITE_INFO => 'Please see http://blahblah/gitolite for more help',
+
+ # the 'desc' command uses this
+ # WRITER_CAN_UPDATE_DESC => 1,
+
+ # the CpuTime feature uses these
+ # display user, system, and elapsed times to user after each git operation
+ # DISPLAY_CPU_TIME => 1,
+ # display a warning if total CPU times (u, s, cu, cs) crosses this limit
+ # CPU_TIME_WARN_LIMIT => 0.1,
+
+ # the Mirroring feature needs this
+ # HOSTNAME => "foo",
+
+ # if you enabled 'Shell', you need this
+ # SHELL_USERS_LIST => "$ENV{HOME}/.gitolite.shell-users",
+
+ # ------------------------------------------------------------------
+
+ # suggested locations for site-local gitolite code (see cust.html)
+
+ # this one is managed directly on the server
+ # LOCAL_CODE => "$ENV{HOME}/local",
+
+ # or you can use this, which lets you put everything in a subdirectory
+ # called "local" in your gitolite-admin repo. For a SECURITY WARNING
+ # on this, see http://gitolite.com/gitolite/cust.html#pushcode
+ # LOCAL_CODE => "$rc{GL_ADMIN_BASE}/local",
+
+ # ------------------------------------------------------------------
+
+ # List of commands and features to enable
+
+ ENABLE => [
+
+ # COMMANDS
+
+ # These are the commands enabled by default
+ 'help',
+ 'desc',
+ 'info',
+ 'perms',
+ 'writable',
+
+ # Uncomment or add new commands here.
+ # 'create',
+ # 'fork',
+ # 'mirror',
+ # 'sskm',
+ # 'D',
+
+ # These FEATURES are enabled by default.
+
+ # essential (unless you're using smart-http mode)
+ 'ssh-authkeys',
+
+ # creates git-config enties from gitolite.conf file entries like 'config foo.bar = baz'
+ 'git-config',
+
+ # creates git-daemon-export-ok files; if you don't use git-daemon, comment this out
+ 'daemon',
+
+ # creates projects.list file; if you don't use gitweb, comment this out
+ 'gitweb',
+
+ # These FEATURES are disabled by default; uncomment to enable. If you
+ # need to add new ones, ask on the mailing list :-)
+
+ # user-visible behaviour
+
+ # prevent wild repos auto-create on fetch/clone
+ # 'no-create-on-read',
+ # no auto-create at all (don't forget to enable the 'create' command!)
+ # 'no-auto-create',
+
+ # access a repo by another (possibly legacy) name
+ # 'Alias',
+
+ # give some users direct shell access
+ # 'Shell',
+
+ # set default roles from lines like 'option default.roles-1 = ...', etc.
+ # 'set-default-roles',
+
+ # system admin stuff
+
+ # enable mirroring (don't forget to set the HOSTNAME too!)
+ # 'Mirroring',
+
+ # allow people to submit pub files with more than one key in them
+ # 'ssh-authkeys-split',
+
+ # selective read control hack
+ # 'partial-copy',
+
+ # manage local, gitolite-controlled, copies of read-only upstream repos
+ # 'upstream',
+
+ # updates 'description' file instead of 'gitweb.description' config item
+ # 'cgit',
+
+ # allow repo-specific hooks to be added
+ # 'repo-specific-hooks',
+
+ # performance, logging, monitoring...
+
+ # be nice
+ # 'renice 10',
+
+ # log CPU times (user, system, cumulative user, cumulative system)
+ # 'CpuTime',
+
+ # syntactic_sugar for gitolite.conf and included files
+
+ # allow backslash-escaped continuation lines in gitolite.conf
+ # 'continuation-lines',
+
+ # create implicit user groups from directory names in keydir/
+ # 'keysubdirs-as-groups',
+
+ # allow simple line-oriented macros
+ # 'macros',
+
+ ],
+
+);
+
+# ------------------------------------------------------------------------------
+# per perl rules, this should be the last line in such a file:
+1;
+
+# Local variables:
+# mode: perl
+# End:
+# vim: set syn=perl:
diff --git a/roles/git/tasks/cgit.yml b/roles/git/tasks/cgit.yml new file mode 100644 index 0000000..fd9f549 --- /dev/null +++ b/roles/git/tasks/cgit.yml @@ -0,0 +1,59 @@ + +- name: Install cgit dependencies + apt: pkg={{ item }} state=installed + with_items: + - groff + - libssl-dev + - python-pip + tags: + - dependencies + +- name: Install cgit pip dependencies + pip: name={{ item }} + with_items: + - docutils + - pygments + +- name: Download cgit release + get_url: url=http://git.zx2c4.com/cgit/snapshot/cgit-{{ cgit_version }}.tar.xz + dest=/root/cgit-{{ cgit_version }}.tar.xz + +- name: Decompress cgit source + unarchive: src=/root/cgit-{{ cgit_version }}.tar.xz + dest=/root copy=no + creates=/root/cgit-{{ cgit_version }}/configure + +- name: Build and install cgit + shell: make get-git ; make ; make install + executable=/bin/bash + chdir=/root/cgit-{{ cgit_version }} + creates=/var/www/htdocs/cgit/cgit.cgi + +- name: Copy cgitrc + template: src=etc_cgitrc.j2 dest=/etc/cgitrc + group=www-data + owner=root + +- name: Rename existing Apache cgit virtualhost + command: mv /etc/apache2/sites-available/cgit /etc/apache2/sites-available/cgit.conf removes=/etc/apache2/sites-available/cgit + +- name: Remove old sites-enabled/cgit symlink (new one will be created by a2ensite) + file: path=/etc/apache2/sites-enabled/cgit state=absent + +- name: Configure the Apache HTTP server for cgit + template: src=etc_apache2_sites-available_cgit.j2 + dest=/etc/apache2/sites-available/cgit.conf + group=root + owner=root + +- name: Enable Apache CGI module + command: a2enmod cgi creates=/etc/apache2/mods-enabled/cgi.load + notify: restart apache + +- name: Enable Apache rewrite module + command: a2enmod rewrite creates=/etc/apache2/mods-enabled/rewrite.load + notify: restart apache + +- name: Enable cgit site + command: a2ensite cgit.conf creates=/etc/apache2/sites-enabled/cgit.conf + notify: restart apache diff --git a/roles/git/tasks/gitolite.yml b/roles/git/tasks/gitolite.yml new file mode 100644 index 0000000..8e2538f --- /dev/null +++ b/roles/git/tasks/gitolite.yml @@ -0,0 +1,31 @@ +- name: Create gitolite group + group: name=git state=present + +- name: Create gitolite user + user: name=git state=present home=/home/git system=yes group=git + +- name: Add www-data to the git group + user: name=www-data groups=git append=yes + +- name: Install gitolite3 package + apt: pkg=gitolite3 state=installed + tags: + - dependencies + +- name: Copy .gitolite.rc file + copy: src=home_git_.gitolite.rc + dest=/home/git/.gitolite.rc + group=git + owner=git + mode=0644 + +- name: Copy SSH public key to server + copy: src=gitolite.pub + dest=/home/git/{{ main_user_name }}.pub + group=git + owner=git + mode=0644 + +- name: Setup gitolite + command: su - git -c 'gitolite setup -pk {{ main_user_name }}.pub' + chdir=/home/git diff --git a/roles/git/tasks/main.yml b/roles/git/tasks/main.yml new file mode 100644 index 0000000..33302ee --- /dev/null +++ b/roles/git/tasks/main.yml @@ -0,0 +1,2 @@ +- include: gitolite.yml tags=gitolite +- include: cgit.yml tags=cgit diff --git a/roles/git/templates/etc_apache2_sites-available_cgit.j2 b/roles/git/templates/etc_apache2_sites-available_cgit.j2 new file mode 100644 index 0000000..af59a34 --- /dev/null +++ b/roles/git/templates/etc_apache2_sites-available_cgit.j2 @@ -0,0 +1,27 @@ +<VirtualHost *:80> + ServerName {{ cgit_domain }} + + Redirect permanent / https://{{ cgit_domain }}/ +</VirtualHost> + +<VirtualHost *:443> + ServerName {{ cgit_domain }} + SSLEngine On + + DocumentRoot /var/www/htdocs/cgit/ + <Directory "/var/www/htdocs/cgit/"> + AllowOverride None + Options +ExecCGI + Order allow,deny + Allow from all + </Directory> + + Alias /cgit.png /var/www/htdocs/cgit/cgit.png + Alias /cgit.css /var/www/htdocs/cgit/cgit.css + Alias /favicon.ico /var/www/htdocs/cgit/favicon.ico + Alias /robots.txt /var/www/htdocs/cgit/robots.txt + ScriptAlias / /var/www/htdocs/cgit/cgit.cgi/ + + CustomLog /var/log/apache2/cgit_access.log combined + ErrorLog /var/log/apache2/cgit_error.log +</VirtualHost> diff --git a/roles/git/templates/etc_cgitrc.j2 b/roles/git/templates/etc_cgitrc.j2 new file mode 100644 index 0000000..abba971 --- /dev/null +++ b/roles/git/templates/etc_cgitrc.j2 @@ -0,0 +1,137 @@ +# Enable caching of up to 1000 output entries +cache-size=1000 + + +# Specify some default clone urls using macro expansion +clone-url=git@{{ domain }}:$CGIT_REPO_URL + + +# Specify the css url +# css=/css/cgit.css + + +# Show owner on index page +enable-index-owner=1 + + +# Allow http transport git clone +enable-http-clone=0 + + +# Show extra links for each repository on the index page +enable-index-links=1 + + +# Enable ASCII art commit history graph on the log pages +enable-commit-graph=1 + + +# Show number of affected files per commit on the log pages +enable-log-filecount=1 + + +# Show number of added/removed lines per commit on the log pages +enable-log-linecount=1 + + +# Sort branches by date +branch-sort=age + + +# Add a cgit favicon +# favicon=/favicon.ico + + +# Use a custom logo +# logo=/img/mylogo.png + + +# Enable statistics per week, month and quarter +max-stats=quarter + + +# Set the title and heading of the repository index page +root-title={{ domain }} git repository + + +# Set a subheading for the repository index page +# root-desc=tracking the foobar development + + +# Include some more info about example.com on the index page +# root-readme=/var/www/htdocs/about.html + + +# Allow download of tar.gz, tar.bz2 and zip-files +snapshots=tar.gz tar.bz2 zip + + +## +## List of common mimetypes +## + +mimetype.gif=image/gif +mimetype.html=text/html +mimetype.jpg=image/jpeg +mimetype.jpeg=image/jpeg +mimetype.pdf=application/pdf +mimetype.png=image/png +mimetype.svg=image/svg+xml + + +# Highlight source code with python pygments-based highlighter +source-filter=/usr/local/lib/cgit/filters/syntax-highlighting.py + +# Format markdown, restructuredtext, manpages, text files, and html files +# through the right converters +about-filter=/usr/local/lib/cgit/filters/about-formatting.sh + +## +## Search for these files in the root of the default branch of repositories +## for coming up with the about page: +## +readme=:README.md +readme=:readme.md +readme=:README.mkd +readme=:readme.mkd +readme=:README.rst +readme=:readme.rst +readme=:README.html +readme=:readme.html +readme=:README.htm +readme=:readme.htm +readme=:README.txt +readme=:readme.txt +readme=:README +readme=:readme +readme=:INSTALL.md +readme=:install.md +readme=:INSTALL.mkd +readme=:install.mkd +readme=:INSTALL.rst +readme=:install.rst +readme=:INSTALL.html +readme=:install.html +readme=:INSTALL.htm +readme=:install.htm +readme=:INSTALL.txt +readme=:install.txt +readme=:INSTALL +readme=:install + + +# Allow cgit to use git config to set any repo specific settings +enable-git-config=1 + + +# Removes .git suffix for the url and name +remove-suffix=1 + + +# A list of subdirectories inside of scan-path +# that should loaded as git repositories +project-list=/home/git/projects.list + + +# A path which will be scanned for repositories +scan-path=/home/git/repositories
\ No newline at end of file |