CU-eprjdn added git server role

ansible/deploy_home.yml

@@ -4,6 +4,7 @@
   - vars/vault.yml
   roles:
   - role: common
+  - role: git
   - role: ddns
   - role: ssl
   - role: http

ansible/roles/git/defaults/main.yml

@@ -0,0 +1,3 @@
+---
+git_user: git
+git_home: "/srv/{{ git_user }}"

ansible/roles/git/handlers/main.yml

@@ -0,0 +1,8 @@
+---
+- name: start-gitdaemon
+  become: true
+  systemd:
+    name: git-daemon.service
+    state: started
+    enabled: true
+    daemon_reload: true

ansible/roles/git/meta/main.yml

@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common

ansible/roles/git/tasks/main.yml

@@ -0,0 +1,3 @@
+---
+- import_tasks: user.yml
+- import_tasks: systemd.yml

ansible/roles/git/tasks/systemd.yml

@@ -0,0 +1,11 @@
+---
+- name: create the git daemon systemd service
+  become: true
+  template:
+    src: "templates/{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: 0644
+  with_items:
+    - git-daemon.service
+  notify: start-gitdaemon
+  tags: git, git-systemd

ansible/roles/git/tasks/user.yml

@@ -0,0 +1,36 @@
+---
+- name: create git user
+  become: true
+  user:
+    name: "{{ git_user }}"
+    comment: Git user for SSH remotes
+    shell: /usr/bin/git-shell
+    createhome: true
+    home: "{{ git_home }}"
+  tags: git
+
+- name: create git's .ssh directory
+  become: true
+  become_user: git
+  file:
+    path: "{{ git_home }}/.ssh"
+    state: directory
+    mode: 0700
+  tags: git
+
+- name: check git authorized_keys exists
+  become: true
+  stat:
+    path: "{{ git_home }}/.ssh/authorized_keys"
+  register: git_authfile
+  tags: git
+
+- name: touch git authorized_keys
+  become: true
+  become_user: git
+  file:
+    path: "{{ git_home }}/.ssh/authorized_keys"
+    state: touch
+    mode: 0600
+  when: not git_authfile.stat.exists
+  tags: git

ansible/roles/git/templates/git-daemon.service.j2

@@ -0,0 +1,18 @@
+[Unit]
+Description=Start Git Daemon
+
+[Service]
+ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ git_home }} {{ git_home }}
+
+Restart=always
+RestartSec=500ms
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=git-daemon
+
+User={{ git_user }}
+Group={{ git_user }}
+
+[Install]
+WantedBy=multi-user.target