diff options
| author | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-13 20:05:25 -0500 |
|---|---|---|
| committer | Stonewall Jackson <stonewall@sacredheartsc.com> | 2023-02-13 20:05:52 -0500 |
| commit | 8c2dccad6652a535a6c549a2c4133afd9eb251ed (patch) | |
| tree | 6760ba328fe606693601f9c1c51bfd7b010a974b /roles/gitolite | |
| parent | 3e94667b6b73c588ea8503138b5e201b45686978 (diff) | |
| download | selfhosted-8c2dccad6652a535a6c549a2c4133afd9eb251ed.tar.gz selfhosted-8c2dccad6652a535a6c549a2c4133afd9eb251ed.zip | |
add docs
Diffstat (limited to 'roles/gitolite')
| -rw-r--r-- | roles/gitolite/README.md | 54 | ||||
| -rw-r--r-- | roles/gitolite/defaults/main.yml | 1 |
2 files changed, 54 insertions, 1 deletions
diff --git a/roles/gitolite/README.md b/roles/gitolite/README.md new file mode 100644 index 0000000..ac7688f --- /dev/null +++ b/roles/gitolite/README.md @@ -0,0 +1,54 @@ +Gitolite +======== + +Description +----------- + +The `gitolite` role installs [Gitolite](https://gitolite.com/gitolite/index.html), +an access control layer for Git repositories. + +Users are able to authenticate to Git using Kerberos/GSSAPI over HTTP, or via +the SSH key associated with their FreeIPA user account. In addition, Git access +can be restricted based on FreeIPA group memberships. + +This role does not configure a webserver. Configuring Apache to support +HTTP-based clones alongside [cgit](../cgit/) is nontrivial; check out the +[git playbook](../../playbooks/git.yml) for how it's done. + + +Variables +--------- + +This role **accepts** the following variables: + +Variable | Default | Description +------------------------|-------------------|------------ +`gitolite_ssh_user` | `git` | Name of Git SSH user +`gitolite_admin_group` | `role-git-admin` | FreeIPA group allowed to modify `gitolite-admin` repo (will be created) +`gitolite_access_group` | `role-git-access` | FreeIPA group of users allowed to access Gitolite (will be created) +`gitolite_freeipa_user` | `s-gitolite` | FreeIPA user for Gitolite LDAP queries (will be created) +`gitolite_anon_user` | `nobody` | Gitolite username mapped to anonymous Git requests + +This role **exports** the following variables: + +Variable | Description +-------------------------|------------ +`gitolite_user` | Local Unix user that owns Gitolite directory +`gitolite_home` | Path to Gitolite directory +`gitolite_cgi_script` | Path to Gitolite CGI script +`gitolite_archive_shell` | Shell command to archive Giolite repositories + +Usage +----- + +Example playbook: + +````yaml +- hosts: git_servers + roles: + - role: gitolite + vars: + gitolite_ssh_user: git + gitolite_admin_group: git-admins + gitolite_access_group: git-users +```` diff --git a/roles/gitolite/defaults/main.yml b/roles/gitolite/defaults/main.yml index d653bcf..e61c44f 100644 --- a/roles/gitolite/defaults/main.yml +++ b/roles/gitolite/defaults/main.yml @@ -3,4 +3,3 @@ gitolite_admin_group: role-git-admin gitolite_access_group: role-git-access gitolite_anon_user: nobody gitolite_freeipa_user: s-gitolite -gitolite_uid: 1993 |