git.rcrnstn.net - rcrnstn/ansible-role-gitolite

tasks/main.yml

f939f92c	--- - become: yes block: - name: "Install gitolite" apt: name: 'gitolite3' state: 'present'
ae125be2
c13e1cf7	# https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user - name: "Install acl" apt: name: 'acl' state: 'present'
ae125be2	- name: "Create gitolite user '{{ gitolite_user_name }}'" user: name: "{{ gitolite_user_name }}"
228564e8	group: "{{ gitolite_user_group }}"
ae125be2	home: "{{ gitolite_user_home }}" shell: "/bin/bash"
c13e1cf7
228564e8	- name: "Add '{{ gitolite_webserver_user_name }}' to the '{{ gitolite_user_group }}' group" user: name: "{{ gitolite_webserver_user_name }}" groups: "{{ gitolite_user_group }}" append: yes
c13e1cf7	- become: yes become_user: "{{ gitolite_user_name }}" vars: default_repos: - "gitolite-admin" - "testing" block: - name: "Run dummy setup" command: cmd: "gitolite setup -a dummy" creates: "{{ gitolite_user_home }}/.gitolite" - name: "Remove directories of default repos" file: path: "{{ gitolite_user_home }}/repositories/{{ item }}.git" state: 'absent' notify: 'gitolite compile' loop: "{{ default_repos }}" - name: "Remove config of default repos" replace: path: "{{ gitolite_user_home }}/.gitolite/conf/gitolite.conf" regexp: '^[ \t\n]repo[ \t]+{{ item }}((?!^repo)(.\|\n))' notify: 'gitolite compile' loop: "{{ default_repos }}" - name: "Create keydir" file: path: "{{ gitolite_user_home }}/.gitolite/keydir" state: 'directory' notify: 'gitolite compile'
c4517a83	- name: "Write gitolite.rc" copy: src: "gitolite.rc" dest: "{{ gitolite_user_home }}/.gitolite.rc" notify: 'gitolite compile'
7fd652b3	- name: "Allow user created repos" blockinfile: path: "{{ gitolite_user_home }}/.gitolite/conf/gitolite.conf" marker: "# {mark} User created repos" block: \|
bf85b040	repo CREATOR/[^/]+
7fd652b3	C = @all RW+ = CREATOR
89167e91	RW+ = OWNERS
81d341ec	RW+ user/USER/ = USERS
7fd652b3	RW = WRITERS R = READERS
228564e8	- name: "Allow group read access to gitolite files" file: path: "{{ item }}" mode: 'g+rX' recurse: yes state: 'directory' loop: - "{{ gitolite_user_home }}/repositories" - "{{ gitolite_user_home }}/.gitolite"
9dc3494b	- name: "Set SETGID on gitolite logs directory" file: path: "{{ gitolite_user_home }}/.gitolite/logs" mode: 'g+s' state: 'directory' - name: "Allow group write access to existing gitolite logs" file: path: "{{ gitolite_user_home }}/.gitolite/logs" mode: 'g+rwX' recurse: yes state: 'directory' - name: "Allow group write access to future gitolite logs" acl: path: "{{ gitolite_user_home }}/.gitolite/logs" etype: 'group' permissions: 'rwX' default: yes state: 'present'
76c38bd1	- name: "Get local custom code directory" command: "gitolite query-rc LOCAL_CODE" register: gitolite_query_local_code changed_when: False - name: "Set local code direcory facts" set_fact: gitolite_post_compile_dir: "{{ gitolite_query_local_code.stdout }}/triggers/post-compile" gitolite_hooks_dir: "{{ gitolite_query_local_code.stdout }}/hooks/common" - name: "Create local code directories" file: path: "{{ item }}" state: 'directory' loop: - "{{ gitolite_post_compile_dir }}" - "{{ gitolite_hooks_dir }}"
4e5efbc7	- name: "Override 'update-gitweb-access-list' post-compile trigger" copy: src: "update-gitweb-access-list" dest: "{{ gitolite_post_compile_dir }}/update-gitweb-access-list" notify: 'gitolite compile'
6587107f	- name: "Clone dependencies" git: repo: "{{ item }}" dest: "{{ gitolite_deps_dir }}/{{ item \| basename }}" loop: "{{ gitolite_deps }}" - name: "Symlink 'git-multihook'" file: src: "{{ gitolite_deps_dir }}/git-multihook/git-multihook" dest: "{{ gitolite_hooks_dir }}/git-multihook" state: 'link' - name: "Run 'git-multihook'" command: "{{ gitolite_hooks_dir \| quote }}/git-multihook update" register: result changed_when: result.stdout != ""
18a0a364	- name: "Symlink post-receive hooks" file: src: "{{ gitolite_deps_dir }}/{{ item \| basename }}/{{ item \| basename }}" dest: "{{ gitolite_hooks_dir }}/post-receive.d/{{ item \| basename }}" state: 'link' loop: "{{ gitolite_deps_post_receive }}"