diff options
author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:23:43 -0500 |
---|---|---|
committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-04 01:52:13 -0500 |
commit | 0261e875679f1bf63c8d689da7fc7e014597885d (patch) | |
tree | 3f19cd74a0c1070944f75437f30b098d6ef2ffcb /playbooks/git.yml | |
download | selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.tar.gz selfhosted-0261e875679f1bf63c8d689da7fc7e014597885d.zip |
initial commit
Diffstat (limited to 'playbooks/git.yml')
-rw-r--r-- | playbooks/git.yml | 54 |
1 files changed, 54 insertions, 0 deletions
diff --git a/playbooks/git.yml b/playbooks/git.yml new file mode 100644 index 0000000..9e4c112 --- /dev/null +++ b/playbooks/git.yml @@ -0,0 +1,54 @@ +- import_playbook: common.yml + vars: + hostlist: git_servers + +- name: configure git repository + hosts: git_servers + tags: git + roles: + - role: gitolite + tags: gitolite + + - role: archive_job + archive_name: gitolite + archive_user: '{{ gitolite_user }}' + archive_shell: '{{ gitolite_archive_shell }}' + tags: archive + + - role: cgit + tags: cgit + + - role: apache_vhost + apache_default_vhost: yes + apache_document_root: '{{ cgit_static_dir }}' + apache_config: | + SetEnv "GIT_PROJECT_ROOT" "{{ gitolite_home }}/repositories" + SetEnv "GIT_HTTP_EXPORT_ALL" "1" + + <LocationMatch "{{ git_backend_regex }}"> + AuthType GSSAPI + AuthName "FreeIPA Single Sign-On" + AuthLDAPUrl "{{ apache_ldap_url }}?krbprincipalname" + {{ apache_ldap_creds }} + <RequireAny> + <RequireAll> + Require ip {{ kerberized_cidrs | join(" ") }} + <RequireAny> + Require ldap-attribute memberof=cn={{ gitolite_access_group }},{{ freeipa_group_basedn }} + Require ldap-attribute memberof=cn={{ gitolite_admin_group }},{{ freeipa_group_basedn }} + </RequireAny> + </RequireAll> + <RequireAll> + Require not ip {{ kerberized_cidrs | join(" ") }} + Require all granted + </RequireAll> + </RequireAny> + </LocationMatch> + + Alias /static "{{ cgit_static_dir }}" + + ScriptAliasMatch "{{ git_backend_regex }}" "{{ gitolite_cgi_script }}/$1" + ScriptAlias "/" "{{ cgit_cgi_script }}/" + vars: + git_backend_regex: '(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}\.(pack|idx)) | git-(upload|receive)-pack))$' + tags: apache |