blob: 2c8fa04b6cbf22c51a6cee27e44213d9d876b125 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
- name: configure git repository
hosts: git_servers
roles:
- role: common
tags: common
- role: gitolite
tags: gitolite,git
- role: archive_job
archive_name: gitolite
archive_user: '{{ gitolite_user }}'
archive_shell: '{{ gitolite_archive_shell }}'
tags: archive
- role: cgit
tags: cgit,git
- role: apache_vhost
apache_default_vhost: yes
apache_document_root: '{{ cgit_static_dir }}'
apache_config: |
SetEnv "GIT_PROJECT_ROOT" "{{ gitolite_home }}/repositories"
SetEnv "GIT_HTTP_EXPORT_ALL" "1"
<LocationMatch "{{ git_backend_regex }}">
AuthType GSSAPI
AuthName "FreeIPA Single Sign-On"
AuthLDAPUrl "{{ apache_ldap_url }}?krbprincipalname"
{{ apache_ldap_creds }}
<RequireAny>
<RequireAll>
Require ip {{ kerberized_cidrs | join(" ") }}
<RequireAny>
Require ldap-attribute memberof=cn={{ gitolite_access_group }},{{ freeipa_group_basedn }}
Require ldap-attribute memberof=cn={{ gitolite_admin_group }},{{ freeipa_group_basedn }}
</RequireAny>
</RequireAll>
<RequireAll>
Require not ip {{ kerberized_cidrs | join(" ") }}
Require all granted
</RequireAll>
</RequireAny>
</LocationMatch>
Alias /static "{{ cgit_static_dir }}"
ScriptAliasMatch "{{ git_backend_regex }}" "{{ gitolite_cgi_script }}/$1"
ScriptAlias "/" "{{ cgit_cgi_script }}/"
vars:
git_backend_regex: '(?x)^/(.*/(HEAD | info/refs | objects/(info/[^/]+ | [0-9a-f]{2}/[0-9a-f]{38} | pack/pack-[0-9a-f]{40}\.(pack|idx)) | git-(upload|receive)-pack))$'
tags: apache
|