Tag git setup foo
This commit is contained in:
jaseg
parent
d95759c23e
commit
a62a4e1e11
5 changed files with 117 additions and 30 deletions
BIN
cgit-logo-orig.png
Normal file
BIN
cgit-logo-orig.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 102 KiB |
BIN
cgit-logo.png
BIN
cgit-logo.png
Binary file not shown.
|
Before Width: | Height: | Size: 102 KiB After Width: | Height: | Size: 41 KiB |
23
cgitrc
23
cgitrc
|
|
@ -1,11 +1,24 @@
|
||||||
css=/cgit.css
|
css=/cgit.css
|
||||||
logo= /cgit.png
|
logo=/cgit.png
|
||||||
|
|
||||||
enable-http-clone=1
|
enable-http-clone=1
|
||||||
robots=noindex, nofollow
|
robots=noindex, nofollow
|
||||||
virtual-root=/
|
virtual-root=/
|
||||||
|
|
||||||
readme=:README.rst
|
readme=:README.rst
|
||||||
|
readme=:readme.rst
|
||||||
|
readme=:README.md
|
||||||
|
readme=:readme.md
|
||||||
|
readme=:README.txt
|
||||||
|
readme=:readme.txt
|
||||||
|
readme=:README.mkd
|
||||||
|
readme=:readme.mkd
|
||||||
|
readme=:README.htm
|
||||||
|
readme=:readme.htm
|
||||||
|
readme=:README.html
|
||||||
|
readme=:readme.html
|
||||||
|
readme=:README
|
||||||
|
readme=:readme
|
||||||
about-filter=/usr/libexec/cgit/filters/about-formatting.sh
|
about-filter=/usr/libexec/cgit/filters/about-formatting.sh
|
||||||
|
|
||||||
enable-index-links=1
|
enable-index-links=1
|
||||||
|
|
@ -18,3 +31,11 @@ source-filter=/usr/libexec/cgit/filters/syntax-highlighting.py
|
||||||
|
|
||||||
project-list=/var/lib/gitolite3/projects.list
|
project-list=/var/lib/gitolite3/projects.list
|
||||||
scan-path=/var/lib/gitolite3/repositories
|
scan-path=/var/lib/gitolite3/repositories
|
||||||
|
|
||||||
|
mimetype.gif=image/gif
|
||||||
|
mimetype.html=text/html
|
||||||
|
mimetype.jpg=image/jpeg
|
||||||
|
mimetype.jpeg=image/jpeg
|
||||||
|
mimetype.pdf=application/pdf
|
||||||
|
mimetype.png=image/png
|
||||||
|
mimetype.svg=image/svg+xml
|
||||||
|
|
|
||||||
74
playbook.yml
74
playbook.yml
|
|
@ -35,20 +35,24 @@
|
||||||
hosts: wendelstein
|
hosts: wendelstein
|
||||||
tasks:
|
tasks:
|
||||||
- name: Set hostname
|
- name: Set hostname
|
||||||
|
tags: setup
|
||||||
hostname:
|
hostname:
|
||||||
name: wendelstein.jaseg.net
|
name: wendelstein.jaseg.net
|
||||||
|
|
||||||
- name: Install common admin tools
|
- name: Install common admin tools
|
||||||
|
tags: setup
|
||||||
dnf:
|
dnf:
|
||||||
name: htop,tmux,fish,mosh,neovim,sqlite
|
name: htop,tmux,fish,mosh,neovim,sqlite
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
- name: Install host requisites
|
- name: Install host requisites
|
||||||
|
tags: setup
|
||||||
dnf:
|
dnf:
|
||||||
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
|
name: nginx,uwsgi,python3-flask,python3-flask-wtf,uwsgi-plugin-python3,certbot,python3-certbot-nginx,python3-libselinux,git,iptables-services,python3-pycryptodomex,zip,python3-uwsgidecorators,nsd
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
- name: Disable password-based root login
|
- name: Disable password-based root login
|
||||||
|
tags: setup
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /etc/ssh/sshd_config
|
path: /etc/ssh/sshd_config
|
||||||
regexp: '^PermitRootLogin'
|
regexp: '^PermitRootLogin'
|
||||||
|
|
@ -56,12 +60,14 @@
|
||||||
register: disable_root_pw_ssh
|
register: disable_root_pw_ssh
|
||||||
|
|
||||||
- name: Restart sshd
|
- name: Restart sshd
|
||||||
|
tags: setup
|
||||||
systemd:
|
systemd:
|
||||||
name: sshd
|
name: sshd
|
||||||
state: restarted
|
state: restarted
|
||||||
when: disable_root_pw_ssh is changed
|
when: disable_root_pw_ssh is changed
|
||||||
|
|
||||||
- name: Configure iptables firewall service
|
- name: Configure iptables firewall service
|
||||||
|
tags: setup
|
||||||
copy:
|
copy:
|
||||||
src: iptables.rules
|
src: iptables.rules
|
||||||
dest: /etc/sysconfig/iptables
|
dest: /etc/sysconfig/iptables
|
||||||
|
|
@ -70,13 +76,18 @@
|
||||||
mode: 0664
|
mode: 0664
|
||||||
|
|
||||||
- name: Enable iptables firewall service
|
- name: Enable iptables firewall service
|
||||||
|
tags: setup
|
||||||
systemd:
|
systemd:
|
||||||
name: iptables
|
name: iptables
|
||||||
enabled: yes
|
enabled: yes
|
||||||
state: started
|
state: started
|
||||||
|
|
||||||
- name: Create containers
|
- name: Create containers
|
||||||
include_tasks: setup_containers.yml
|
tags: setup
|
||||||
|
include_tasks:
|
||||||
|
file: setup_containers.yml
|
||||||
|
apply:
|
||||||
|
tags: setup
|
||||||
vars:
|
vars:
|
||||||
containers:
|
containers:
|
||||||
- gerboweb
|
- gerboweb
|
||||||
|
|
@ -84,31 +95,72 @@
|
||||||
- pogojig
|
- pogojig
|
||||||
|
|
||||||
- name: Setup web server
|
- name: Setup web server
|
||||||
include_tasks: setup_webserver.yml
|
tags: www
|
||||||
|
include_tasks:
|
||||||
|
file: setup_webserver.yml
|
||||||
|
apply:
|
||||||
|
tags: www
|
||||||
|
|
||||||
- name: Setup gerboweb
|
- name: Setup gerboweb
|
||||||
include_tasks: setup_gerboweb.yml
|
tags: gerboweb
|
||||||
|
include_tasks:
|
||||||
|
file: setup_gerboweb.yml
|
||||||
|
apply:
|
||||||
|
tags: gerboweb
|
||||||
|
|
||||||
- name: Setup clippy
|
- name: Setup clippy
|
||||||
include_tasks: setup_clippy.yml
|
tags: clippy
|
||||||
|
include_tasks:
|
||||||
|
file: setup_clippy.yml
|
||||||
|
apply:
|
||||||
|
tags: clippy
|
||||||
|
|
||||||
- name: Setup secure download
|
- name: Setup secure download
|
||||||
include_tasks: setup_secure_download.yml
|
tags: secure-download
|
||||||
|
include_tasks:
|
||||||
|
file: setup_secure_download.yml
|
||||||
|
apply:
|
||||||
|
tags: secure-download
|
||||||
|
|
||||||
- name: Setup tracespace
|
- name: Setup tracespace
|
||||||
include_tasks: setup_tracespace.yml
|
tags: pogojig
|
||||||
|
include_tasks:
|
||||||
|
file: setup_tracespace.yml
|
||||||
|
apply:
|
||||||
|
tags: pogojig
|
||||||
|
|
||||||
- name: Setup openjscad
|
- name: Setup openjscad
|
||||||
include_tasks: setup_openjscad.yml
|
tags: pogojig
|
||||||
|
include_tasks:
|
||||||
|
file: setup_openjscad.yml
|
||||||
|
apply:
|
||||||
|
tags: pogojig
|
||||||
|
|
||||||
- name: Setup pogojig
|
- name: Setup pogojig
|
||||||
include_tasks: setup_pogojig.yml
|
tags: pogojig
|
||||||
|
include_tasks:
|
||||||
|
file: setup_pogojig.yml
|
||||||
|
apply:
|
||||||
|
tags: pogojig
|
||||||
|
|
||||||
- name: Setup notification proxy
|
- name: Setup notification proxy
|
||||||
include_tasks: setup_notification_proxy.yml
|
tags: notification-proxy
|
||||||
|
include_tasks:
|
||||||
|
file: setup_notification_proxy.yml
|
||||||
|
apply:
|
||||||
|
tags:
|
||||||
|
notification-proxy
|
||||||
|
|
||||||
- name: Setup semi-public git server
|
- name: Setup semi-public git server
|
||||||
include_tasks: setup_git.yml
|
tags: git
|
||||||
|
include_tasks:
|
||||||
|
file: setup_git.yml
|
||||||
|
apply:
|
||||||
|
tags: git
|
||||||
|
|
||||||
- name: Setup private DynDNS service
|
- name: Setup private DynDNS service
|
||||||
include_tasks: setup_dyndns.yml
|
tags: dyndns
|
||||||
|
include_tasks:
|
||||||
|
file: setup_dyndns.yml
|
||||||
|
apply:
|
||||||
|
tags: dyndns
|
||||||
|
|
|
||||||
|
|
@ -43,26 +43,34 @@
|
||||||
name: uwsgi-app@cgit.socket
|
name: uwsgi-app@cgit.socket
|
||||||
enabled: yes
|
enabled: yes
|
||||||
|
|
||||||
- name: Copy gitolite admin pubkey
|
- name: Check if gitolite ssh config exists
|
||||||
copy:
|
stat:
|
||||||
src: ~/.ssh/id_ed25519.gitolite.pub
|
path: /var/lib/gitolite3/.ssh/authorized_keys
|
||||||
dest: /tmp/jaseg-gitolite.pub
|
register: gitolite_ssh_keys_stat
|
||||||
owner: gitolite3
|
|
||||||
group: gitolite3
|
|
||||||
|
|
||||||
- name: Run gitolite initialization
|
- name: Gitolite admin key setup
|
||||||
command: gitolite setup -pk /tmp/jaseg-gitolite.pub
|
block:
|
||||||
become: true
|
- name: Copy gitolite admin pubkey
|
||||||
become_method: su
|
copy:
|
||||||
become_user: gitolite3
|
src: ~/.ssh/id_ed25519.gitolite.pub
|
||||||
become_flags: '-s /bin/sh'
|
dest: /tmp/jaseg-gitolite.pub
|
||||||
args:
|
owner: gitolite3
|
||||||
creates: /var/lib/gitolite3/projects.list
|
group: gitolite3
|
||||||
|
|
||||||
- name: Remove leftover admin pubkey
|
- name: Run gitolite initialization
|
||||||
file:
|
command: gitolite setup -pk /tmp/jaseg-gitolite.pub
|
||||||
state: absent
|
become: true
|
||||||
path: /tmp/jaseg-gitolite.pub
|
become_method: su
|
||||||
|
become_user: gitolite3
|
||||||
|
become_flags: '-s /bin/sh'
|
||||||
|
args:
|
||||||
|
creates: /var/lib/gitolite3/projects.list
|
||||||
|
|
||||||
|
- name: Remove leftover admin pubkey
|
||||||
|
file:
|
||||||
|
state: absent
|
||||||
|
path: /tmp/jaseg-gitolite.pub
|
||||||
|
when: not gitolite_ssh_keys_stat.stat.exists
|
||||||
|
|
||||||
- name: Allow uwsgi group to access gitolite repo dir
|
- name: Allow uwsgi group to access gitolite repo dir
|
||||||
file:
|
file:
|
||||||
|
|
@ -113,3 +121,9 @@
|
||||||
home: "{{ getent_passwd['gitolite3'][4] }}"
|
home: "{{ getent_passwd['gitolite3'][4] }}"
|
||||||
uid: "{{ getent_passwd['gitolite3'][1] }}"
|
uid: "{{ getent_passwd['gitolite3'][1] }}"
|
||||||
|
|
||||||
|
- name: Hack to fix cgit handling for restructuredtext readmes
|
||||||
|
file:
|
||||||
|
src: /usr/bin/rst2html
|
||||||
|
dest: /usr/bin/rst2html.py
|
||||||
|
state: link
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue