Robert Cranston authored on 25/04/2020 20:40:28
| ... | ... |
@@ -150,3 +150,10 @@ |
| 150 | 150 |
command: "{{ gitolite_hooks_dir | quote }}/git-multihook update"
|
| 151 | 151 |
register: result |
| 152 | 152 |
changed_when: result.stdout != "" |
| 153 |
+ |
|
| 154 |
+ - name: "Symlink post-receive hooks" |
|
| 155 |
+ file: |
|
| 156 |
+ src: "{{ gitolite_deps_dir }}/{{ item | basename }}/{{ item | basename }}"
|
|
| 157 |
+ dest: "{{ gitolite_hooks_dir }}/post-receive.d/{{ item | basename }}"
|
|
| 158 |
+ state: 'link' |
|
| 159 |
+ loop: "{{ gitolite_deps_post_receive }}"
|
Robert Cranston authored on 14/04/2020 04:16:48
| ... | ... |
@@ -133,3 +133,20 @@ |
| 133 | 133 |
src: "update-gitweb-access-list" |
| 134 | 134 |
dest: "{{ gitolite_post_compile_dir }}/update-gitweb-access-list"
|
| 135 | 135 |
notify: 'gitolite compile' |
| 136 |
+ |
|
| 137 |
+ - name: "Clone dependencies" |
|
| 138 |
+ git: |
|
| 139 |
+ repo: "{{ item }}"
|
|
| 140 |
+ dest: "{{ gitolite_deps_dir }}/{{ item | basename }}"
|
|
| 141 |
+ loop: "{{ gitolite_deps }}"
|
|
| 142 |
+ |
|
| 143 |
+ - name: "Symlink 'git-multihook'" |
|
| 144 |
+ file: |
|
| 145 |
+ src: "{{ gitolite_deps_dir }}/git-multihook/git-multihook"
|
|
| 146 |
+ dest: "{{ gitolite_hooks_dir }}/git-multihook"
|
|
| 147 |
+ state: 'link' |
|
| 148 |
+ |
|
| 149 |
+ - name: "Run 'git-multihook'" |
|
| 150 |
+ command: "{{ gitolite_hooks_dir | quote }}/git-multihook update"
|
|
| 151 |
+ register: result |
|
| 152 |
+ changed_when: result.stdout != "" |
Robert Cranston authored on 17/04/2020 20:07:17
| ... | ... |
@@ -127,3 +127,9 @@ |
| 127 | 127 |
loop: |
| 128 | 128 |
- "{{ gitolite_post_compile_dir }}"
|
| 129 | 129 |
- "{{ gitolite_hooks_dir }}"
|
| 130 |
+ |
|
| 131 |
+ - name: "Override 'update-gitweb-access-list' post-compile trigger" |
|
| 132 |
+ copy: |
|
| 133 |
+ src: "update-gitweb-access-list" |
|
| 134 |
+ dest: "{{ gitolite_post_compile_dir }}/update-gitweb-access-list"
|
|
| 135 |
+ notify: 'gitolite compile' |
Robert Cranston authored on 13/04/2020 18:15:30
| ... | ... |
@@ -109,3 +109,21 @@ |
| 109 | 109 |
permissions: 'rwX' |
| 110 | 110 |
default: yes |
| 111 | 111 |
state: 'present' |
| 112 |
+ |
|
| 113 |
+ - name: "Get local custom code directory" |
|
| 114 |
+ command: "gitolite query-rc LOCAL_CODE" |
|
| 115 |
+ register: gitolite_query_local_code |
|
| 116 |
+ changed_when: False |
|
| 117 |
+ |
|
| 118 |
+ - name: "Set local code direcory facts" |
|
| 119 |
+ set_fact: |
|
| 120 |
+ gitolite_post_compile_dir: "{{ gitolite_query_local_code.stdout }}/triggers/post-compile"
|
|
| 121 |
+ gitolite_hooks_dir: "{{ gitolite_query_local_code.stdout }}/hooks/common"
|
|
| 122 |
+ |
|
| 123 |
+ - name: "Create local code directories" |
|
| 124 |
+ file: |
|
| 125 |
+ path: "{{ item }}"
|
|
| 126 |
+ state: 'directory' |
|
| 127 |
+ loop: |
|
| 128 |
+ - "{{ gitolite_post_compile_dir }}"
|
|
| 129 |
+ - "{{ gitolite_hooks_dir }}"
|
Robert Cranston authored on 18/04/2020 01:33:56
| ... | ... |
@@ -88,3 +88,24 @@ |
| 88 | 88 |
loop: |
| 89 | 89 |
- "{{ gitolite_user_home }}/repositories"
|
| 90 | 90 |
- "{{ gitolite_user_home }}/.gitolite"
|
| 91 |
+ |
|
| 92 |
+ - name: "Set SETGID on gitolite logs directory" |
|
| 93 |
+ file: |
|
| 94 |
+ path: "{{ gitolite_user_home }}/.gitolite/logs"
|
|
| 95 |
+ mode: 'g+s' |
|
| 96 |
+ state: 'directory' |
|
| 97 |
+ |
|
| 98 |
+ - name: "Allow group write access to existing gitolite logs" |
|
| 99 |
+ file: |
|
| 100 |
+ path: "{{ gitolite_user_home }}/.gitolite/logs"
|
|
| 101 |
+ mode: 'g+rwX' |
|
| 102 |
+ recurse: yes |
|
| 103 |
+ state: 'directory' |
|
| 104 |
+ |
|
| 105 |
+ - name: "Allow group write access to future gitolite logs" |
|
| 106 |
+ acl: |
|
| 107 |
+ path: "{{ gitolite_user_home }}/.gitolite/logs"
|
|
| 108 |
+ etype: 'group' |
|
| 109 |
+ permissions: 'rwX' |
|
| 110 |
+ default: yes |
|
| 111 |
+ state: 'present' |
Robert Cranston authored on 17/11/2019 11:34:33
| ... | ... |
@@ -17,9 +17,16 @@ |
| 17 | 17 |
- name: "Create gitolite user '{{ gitolite_user_name }}'"
|
| 18 | 18 |
user: |
| 19 | 19 |
name: "{{ gitolite_user_name }}"
|
| 20 |
+ group: "{{ gitolite_user_group }}"
|
|
| 20 | 21 |
home: "{{ gitolite_user_home }}"
|
| 21 | 22 |
shell: "/bin/bash" |
| 22 | 23 |
|
| 24 |
+ - name: "Add '{{ gitolite_webserver_user_name }}' to the '{{ gitolite_user_group }}' group"
|
|
| 25 |
+ user: |
|
| 26 |
+ name: "{{ gitolite_webserver_user_name }}"
|
|
| 27 |
+ groups: "{{ gitolite_user_group }}"
|
|
| 28 |
+ append: yes |
|
| 29 |
+ |
|
| 23 | 30 |
- become: yes |
| 24 | 31 |
become_user: "{{ gitolite_user_name }}"
|
| 25 | 32 |
vars: |
| ... | ... |
@@ -71,3 +78,13 @@ |
| 71 | 78 |
RW+ user/USER/ = USERS |
| 72 | 79 |
RW = WRITERS |
| 73 | 80 |
R = READERS |
| 81 |
+ |
|
| 82 |
+ - name: "Allow group read access to gitolite files" |
|
| 83 |
+ file: |
|
| 84 |
+ path: "{{ item }}"
|
|
| 85 |
+ mode: 'g+rX' |
|
| 86 |
+ recurse: yes |
|
| 87 |
+ state: 'directory' |
|
| 88 |
+ loop: |
|
| 89 |
+ - "{{ gitolite_user_home }}/repositories"
|
|
| 90 |
+ - "{{ gitolite_user_home }}/.gitolite"
|
Robert Cranston authored on 23/01/2021 15:48:21
Robert Cranston authored on 23/01/2021 14:16:24
Robert Cranston authored on 17/11/2019 11:03:51
Robert Cranston authored on 17/11/2019 10:58:09
| ... | ... |
@@ -58,3 +58,14 @@ |
| 58 | 58 |
src: "gitolite.rc" |
| 59 | 59 |
dest: "{{ gitolite_user_home }}/.gitolite.rc"
|
| 60 | 60 |
notify: 'gitolite compile' |
| 61 |
+ |
|
| 62 |
+ - name: "Allow user created repos" |
|
| 63 |
+ blockinfile: |
|
| 64 |
+ path: "{{ gitolite_user_home }}/.gitolite/conf/gitolite.conf"
|
|
| 65 |
+ marker: "# {mark} User created repos"
|
|
| 66 |
+ block: | |
|
| 67 |
+ repo CREATOR/..* |
|
| 68 |
+ C = @all |
|
| 69 |
+ RW+ = CREATOR |
|
| 70 |
+ RW = WRITERS |
|
| 71 |
+ R = READERS |
Robert Cranston authored on 22/01/2021 23:14:17
Robert Cranston authored on 22/01/2021 21:17:37
| ... | ... |
@@ -8,8 +8,47 @@ |
| 8 | 8 |
name: 'gitolite3' |
| 9 | 9 |
state: 'present' |
| 10 | 10 |
|
| 11 |
+ # https://docs.ansible.com/ansible/latest/user_guide/become.html#risks-of-becoming-an-unprivileged-user |
|
| 12 |
+ - name: "Install acl" |
|
| 13 |
+ apt: |
|
| 14 |
+ name: 'acl' |
|
| 15 |
+ state: 'present' |
|
| 16 |
+ |
|
| 11 | 17 |
- name: "Create gitolite user '{{ gitolite_user_name }}'"
|
| 12 | 18 |
user: |
| 13 | 19 |
name: "{{ gitolite_user_name }}"
|
| 14 | 20 |
home: "{{ gitolite_user_home }}"
|
| 15 | 21 |
shell: "/bin/bash" |
| 22 |
+ |
|
| 23 |
+- become: yes |
|
| 24 |
+ become_user: "{{ gitolite_user_name }}"
|
|
| 25 |
+ vars: |
|
| 26 |
+ default_repos: |
|
| 27 |
+ - "gitolite-admin" |
|
| 28 |
+ - "testing" |
|
| 29 |
+ block: |
|
| 30 |
+ |
|
| 31 |
+ - name: "Run dummy setup" |
|
| 32 |
+ command: |
|
| 33 |
+ cmd: "gitolite setup -a dummy" |
|
| 34 |
+ creates: "{{ gitolite_user_home }}/.gitolite"
|
|
| 35 |
+ |
|
| 36 |
+ - name: "Remove directories of default repos" |
|
| 37 |
+ file: |
|
| 38 |
+ path: "{{ gitolite_user_home }}/repositories/{{ item }}.git"
|
|
| 39 |
+ state: 'absent' |
|
| 40 |
+ notify: 'gitolite compile' |
|
| 41 |
+ loop: "{{ default_repos }}"
|
|
| 42 |
+ |
|
| 43 |
+ - name: "Remove config of default repos" |
|
| 44 |
+ replace: |
|
| 45 |
+ path: "{{ gitolite_user_home }}/.gitolite/conf/gitolite.conf"
|
|
| 46 |
+ regexp: '^[ \t\n]*repo[ \t]+{{ item }}((?!^repo)(.|\n))*'
|
|
| 47 |
+ notify: 'gitolite compile' |
|
| 48 |
+ loop: "{{ default_repos }}"
|
|
| 49 |
+ |
|
| 50 |
+ - name: "Create keydir" |
|
| 51 |
+ file: |
|
| 52 |
+ path: "{{ gitolite_user_home }}/.gitolite/keydir"
|
|
| 53 |
+ state: 'directory' |
|
| 54 |
+ notify: 'gitolite compile' |
Robert Cranston authored on 22/01/2021 13:16:41
Robert Cranston authored on 01/11/2019 15:14:36
git.rcrnstn.net