aboutsummaryrefslogtreecommitdiffstats
path: root/roles/git/tasks/main.yml
blob: caf04f8cbf9e7ba041df4075c2baa0937f2f3027 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
---
- name: install packages
  pkgng:
    name: "{{ item }}"
    state: present
  with_items:
    - git
    - cgit
    - uwsgi-py36
    - highlight
    - gitolite

- name: check user group existence
  command: pw groupshow {{ git.user.name }}
  register: pw_cmd
  ignore_errors: true
  changed_when: false

- name: create user group
  command: pw groupadd {{ git.user.name }} -g {{ git.user.id }}
  when: pw_cmd.rc != 0

- name: check user existence
  command: pw usershow {{ git.user.name }}
  register: pw_cmd
  ignore_errors: true
  changed_when: false

- name: create user
  command: >
    pw useradd {{ git.user.name }}
    -u {{ git.user.id }} -g {{ git.user.name }}
    -d {{ git.user.home }} -m -M 0700
    -c "Git Repositories Owner"
  when: pw_cmd.rc != 0

- name: generate vars.conf file
  template:
    src: vars.conf.j2
    dest: "{{ git.user.home }}/vars.conf"

- name: copy git-shell commands
  copy:
    src: git-shell-commands/  # trailing '/' -> directory contents
    dest: "{{ git.user.home }}/git-shell-commands/"
    mode: 0755

- name: (local) github sync - check ssh key existence
  become: false
  stat:
    path: "{{ git.github.keyfile }}"
  delegate_to: localhost
  register: stat_result

- name: (local) github sync - generate new ssh key pair
  become: false
  command: >
    ssh-keygen -t ed25519 -C "git:github-sync" -N ""
    -f "{{ git.github.keyfile }}"
  delegate_to: localhost
  when: not stat_result.stat.exists

- name: github sync - create .ssh directory on the server
  file:
    path: "{{ git.user.home }}/.ssh"
    state: directory
    owner: "{{ git.user.name }}"
    group: "{{ git.user.name }}"
    mode: 0700

- name: github sync - copy public key to the server
  copy:
    src: "{{ git.github.keyfile }}"
    dest: "{{ git.user.home }}/.ssh/id_{{ git.github.keytype }}"
    owner: "{{ git.user.name }}"
    mode: 0400

- name: create directory for linking public repos
  file:
    path: "{{ git.user.home }}/{{ git.public_dir }}"
    state: directory
    owner: "{{ git.user.name }}"
    group: "{{ git.user.name }}"

#
# gitolite
#

- name: gitolite - copy the admin ssh key to the server
  copy:
    src: "{{ ansible_ssh_private_key_file }}.pub"
    dest: "{{ git.user.home }}/admin.pub"
    mode: 0644
  tags: gitolite

- name: gitolite - setup
  become_user: "{{ git.user.name }}"
  command: gitolite setup -pk "{{ git.user.home }}/admin.pub"
  args:
    chdir: "{{ git.user.home }}"
    creates: "{{ git.user.home }}/.gitolite.rc"
  tags: gitolite

- name: gitolite - copy config
  copy:
    src: gitolite.rc
    dest: "{{ git.user.home }}/.gitolite.rc"
    mode: 0644
  tags: gitolite

- name: (local) gitolite - check local admin repo existence
  become: false
  stat:
    path: "{{ playbook_dir }}/gitolite-admin"
  delegate_to: localhost
  register: stat_result
  tags: gitolite

- name: (local) gitolite - clone admin repo to local
  become: false
  command: >
    env GIT_SSH_COMMAND="ssh -F /dev/null -p {{ ansible_ssh_port }} -i {{ ansible_ssh_private_key_file }} -o IdentitiesOnly=yes"
    git clone
    "{{ git.user.name }}@{{ domains[0].name }}:gitolite-admin.git"
    "{{ playbook_dir }}/gitolite-admin"
  delegate_to: localhost
  when: not stat_result.stat.exists
  tags: gitolite

- name: (local) gitolite - note about the push command
  become: false
  copy:
    content: >
      env GIT_SSH_COMMAND="ssh -F /dev/null -p {{ ansible_ssh_port }} -i {{ ansible_ssh_private_key_file }} -o IdentitiesOnly=yes"
      git push
    dest: "{{ playbook_dir }}/gitolite-admin/GIT_PUSH_CMD.sh"
  delegate_to: localhost
  tags: gitolite

#
# cgit
#

- name: cgit - create root directory
  file:
    path: "{{ git.cgit.root }}"
    state: directory

- name: cgit - create static directory (allow git checkout)
  file:
    path: "{{ git.cgit.root }}/static"
    state: directory
    owner: "{{ git.user.name }}"
    group: "{{ git.user.name }}"

- name: cgit - generate config file
  template:
    src: cgit/cgitrc.j2
    dest: "{{ git.cgit.root }}/cgitrc"
  notify: restart-cgit

- name: cgit - copy scripts
  copy:
    src: cgit/syntax-highlighting.sh
    dest: "{{ git.cgit.root }}/syntax-highlighting.sh"
    mode: 0755

- name: cgit - create static repo
  become_user: "{{ git.user.name }}"
  command: >
    ./git-shell-commands/create
    {{ git.cgit.static_repo }}
    "cgit static resources repo"
  args:
    chdir: "{{ git.user.home }}"
    creates: "{{ git.user.home }}/{{ git.cgit.static_repo }}"

- name: cgit - add post-receive hook to the static repo
  template:
    src: cgit/post-receive.j2
    dest: "{{ git.user.home }}/{{ git.cgit.static_repo }}/hooks/post-receive"
    owner: "{{ git.user.name }}"
    mode: 0755

- name: cgit - setup with uwsgi in rc.conf
  blockinfile:
    path: /etc/rc.conf
    marker: "# {mark} ANSIBLE MANAGED - uwsgi/cgit"
    block: |
      uwsgi_profiles="${uwsgi_profiles} cgit"
      uwsgi_cgit_uid="git"
      uwsgi_cgit_gid="git"
      uwsgi_cgit_flags="-L --log-reopen --logfile-chown --cgi /usr/local/www/cgit/cgit.cgi --env CGIT_CONFIG={{ git.cgit.root }}/cgitrc"
  notify: restart-cgit

- name: enable and start uwsgi
  command: rcenable uwsgi

- name: start cgit
  command: service uwsgi start cgit