aboutsummaryrefslogtreecommitdiffstats
path: root/playbooks/git.yml
diff options
context:
space:
mode:
Diffstat (limited to 'playbooks/git.yml')
-rw-r--r--playbooks/git.yml54
1 files changed, 54 insertions, 0 deletions
diff --git a/playbooks/git.yml b/playbooks/git.yml
new file mode 100644
index 0000000..9e4c112
--- /dev/null
+++ b/playbooks/git.yml
@@ -0,0 +1,54 @@
+- import_playbook: common.yml
+ vars:
+ hostlist: git_servers
+
+- name: configure git repository
+ hosts: git_servers
+ tags: git
+ roles:
+ - role: gitolite
+ tags: gitolite
+
+ - role: archive_job
+ archive_name: gitolite
+ archive_user: '{{ gitolite_user }}'
+ archive_shell: '{{ gitolite_archive_shell }}'
+ tags: archive
+
+ - role: cgit
+ tags: cgit
+
+ - role: apache_vhost
+ apache_default_vhost: yes
+ apache_document_root: '{{ cgit_static_dir }}'
+ apache_config: |
+ SetEnv "GIT_PROJECT_ROOT" "{{ gitolite_home }}/repositories"
+ SetEnv "GIT_HTTP_EXPORT_ALL" "1"
+
+ <LocationMatch "{{ git_backend_regex }}">
+ AuthType GSSAPI
+ AuthName "FreeIPA Single Sign-On"
+ AuthLDAPUrl "{{ apache_ldap_url }}?krbprincipalname"
+ {{ apache_ldap_creds }}
+ <RequireAny>
+ <RequireAll>
+ Require ip {{ kerberized_cidrs | join(" ") }}
+ <RequireAny>
+ Require ldap-attribute memberof=cn={{ gitolite_access_group }},{{ freeipa_group_basedn }}
+ Require ldap-attribute memberof=cn={{ gitolite_admin_group }},{{ freeipa_group_basedn }}
+ </RequireAny>
+ </RequireAll>
+ <RequireAll>
+ Require not ip {{ kerberized_cidrs | join(" ") }}
+ Require all granted
+ </RequireAll>
+ </RequireAny>
+ </LocationMatch>
+
+ Alias /static "{{ cgit_static_dir }}"
+
+ ScriptAliasMatch "{{ git_backend_regex }}" "{{ gitolite_cgi_script }}/$1"
+ ScriptAlias "/" "{{ cgit_cgi_script }}/"
+ vars:
+ git_backend_regex: '(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}\.(pack|idx)) | git-(upload|receive)-pack))$'
+ tags: apache
generated by cgit (git 2.34.1) at 2024-09-18 21:45:19 -0400