From aea7310f33212351b6a38baf3a0054a063a1f002 Mon Sep 17 00:00:00 2001 From: Bastian de Byl Date: Tue, 20 Oct 2020 22:14:16 -0400 Subject: [PATCH] CU-eprjdn added git server role --- ansible/deploy_home.yml | 1 + ansible/roles/git/defaults/main.yml | 3 ++ ansible/roles/git/handlers/main.yml | 8 +++++ ansible/roles/git/meta/main.yml | 3 ++ ansible/roles/git/tasks/main.yml | 3 ++ ansible/roles/git/tasks/systemd.yml | 11 ++++++ ansible/roles/git/tasks/user.yml | 36 +++++++++++++++++++ .../roles/git/templates/git-daemon.service.j2 | 18 ++++++++++ 8 files changed, 83 insertions(+) create mode 100644 ansible/roles/git/defaults/main.yml create mode 100644 ansible/roles/git/handlers/main.yml create mode 100644 ansible/roles/git/meta/main.yml create mode 100644 ansible/roles/git/tasks/main.yml create mode 100644 ansible/roles/git/tasks/systemd.yml create mode 100644 ansible/roles/git/tasks/user.yml create mode 100644 ansible/roles/git/templates/git-daemon.service.j2 diff --git a/ansible/deploy_home.yml b/ansible/deploy_home.yml index a5d7830..5a5029d 100644 --- a/ansible/deploy_home.yml +++ b/ansible/deploy_home.yml @@ -4,6 +4,7 @@ - vars/vault.yml roles: - role: common + - role: git - role: ddns - role: ssl - role: http diff --git a/ansible/roles/git/defaults/main.yml b/ansible/roles/git/defaults/main.yml new file mode 100644 index 0000000..810aea9 --- /dev/null +++ b/ansible/roles/git/defaults/main.yml @@ -0,0 +1,3 @@ +--- +git_user: git +git_home: "/srv/{{ git_user }}" diff --git a/ansible/roles/git/handlers/main.yml b/ansible/roles/git/handlers/main.yml new file mode 100644 index 0000000..83d9a77 --- /dev/null +++ b/ansible/roles/git/handlers/main.yml @@ -0,0 +1,8 @@ +--- +- name: start-gitdaemon + become: true + systemd: + name: git-daemon.service + state: started + enabled: true + daemon_reload: true diff --git a/ansible/roles/git/meta/main.yml b/ansible/roles/git/meta/main.yml new file mode 100644 index 0000000..fdda41b --- /dev/null +++ b/ansible/roles/git/meta/main.yml @@ -0,0 +1,3 @@ +--- +dependencies: + - role: common diff --git a/ansible/roles/git/tasks/main.yml b/ansible/roles/git/tasks/main.yml new file mode 100644 index 0000000..36bc3dd --- /dev/null +++ b/ansible/roles/git/tasks/main.yml @@ -0,0 +1,3 @@ +--- +- import_tasks: user.yml +- import_tasks: systemd.yml diff --git a/ansible/roles/git/tasks/systemd.yml b/ansible/roles/git/tasks/systemd.yml new file mode 100644 index 0000000..7c4e7c0 --- /dev/null +++ b/ansible/roles/git/tasks/systemd.yml @@ -0,0 +1,11 @@ +--- +- name: create the git daemon systemd service + become: true + template: + src: "templates/{{ item }}.j2" + dest: "/etc/systemd/system/{{ item }}" + mode: 0644 + with_items: + - git-daemon.service + notify: start-gitdaemon + tags: git, git-systemd diff --git a/ansible/roles/git/tasks/user.yml b/ansible/roles/git/tasks/user.yml new file mode 100644 index 0000000..5aff36b --- /dev/null +++ b/ansible/roles/git/tasks/user.yml @@ -0,0 +1,36 @@ +--- +- name: create git user + become: true + user: + name: "{{ git_user }}" + comment: Git user for SSH remotes + shell: /usr/bin/git-shell + createhome: true + home: "{{ git_home }}" + tags: git + +- name: create git's .ssh directory + become: true + become_user: git + file: + path: "{{ git_home }}/.ssh" + state: directory + mode: 0700 + tags: git + +- name: check git authorized_keys exists + become: true + stat: + path: "{{ git_home }}/.ssh/authorized_keys" + register: git_authfile + tags: git + +- name: touch git authorized_keys + become: true + become_user: git + file: + path: "{{ git_home }}/.ssh/authorized_keys" + state: touch + mode: 0600 + when: not git_authfile.stat.exists + tags: git diff --git a/ansible/roles/git/templates/git-daemon.service.j2 b/ansible/roles/git/templates/git-daemon.service.j2 new file mode 100644 index 0000000..8c88f85 --- /dev/null +++ b/ansible/roles/git/templates/git-daemon.service.j2 @@ -0,0 +1,18 @@ +[Unit] +Description=Start Git Daemon + +[Service] +ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ git_home }} {{ git_home }} + +Restart=always +RestartSec=500ms + +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=git-daemon + +User={{ git_user }} +Group={{ git_user }} + +[Install] +WantedBy=multi-user.target