CU-eprjdn added git server role

2020-10-20 22:14:16 -04:00
parent c4a8b105ab
commit aea7310f33
8 changed files with 83 additions and 0 deletions
--- a/ansible/deploy_home.yml
+++ b/ansible/deploy_home.yml
@@ -4,6 +4,7 @@
  - vars/vault.yml
  roles:
  - role: common
+  - role: git
  - role: ddns
  - role: ssl
  - role: http
--- a/ansible/roles/git/defaults/main.yml
+++ b/ansible/roles/git/defaults/main.yml
@@ -0,0 +1,3 @@
+---
+git_user: git
+git_home: "/srv/{{ git_user }}"
--- a/ansible/roles/git/handlers/main.yml
+++ b/ansible/roles/git/handlers/main.yml
@@ -0,0 +1,8 @@
+---
+- name: start-gitdaemon
+  become: true
+  systemd:
+    name: git-daemon.service
+    state: started
+    enabled: true
+    daemon_reload: true
--- a/ansible/roles/git/meta/main.yml
+++ b/ansible/roles/git/meta/main.yml
@@ -0,0 +1,3 @@
+---
+dependencies:
+  - role: common
--- a/ansible/roles/git/tasks/main.yml
+++ b/ansible/roles/git/tasks/main.yml
@@ -0,0 +1,3 @@
+---
+- import_tasks: user.yml
+- import_tasks: systemd.yml
--- a/ansible/roles/git/tasks/systemd.yml
+++ b/ansible/roles/git/tasks/systemd.yml
@@ -0,0 +1,11 @@
+---
+- name: create the git daemon systemd service
+  become: true
+  template:
+    src: "templates/{{ item }}.j2"
+    dest: "/etc/systemd/system/{{ item }}"
+    mode: 0644
+  with_items:
+    - git-daemon.service
+  notify: start-gitdaemon
+  tags: git, git-systemd
--- a/ansible/roles/git/tasks/user.yml
+++ b/ansible/roles/git/tasks/user.yml
@@ -0,0 +1,36 @@
+---
+- name: create git user
+  become: true
+  user:
+    name: "{{ git_user }}"
+    comment: Git user for SSH remotes
+    shell: /usr/bin/git-shell
+    createhome: true
+    home: "{{ git_home }}"
+  tags: git
+
+- name: create git's .ssh directory
+  become: true
+  become_user: git
+  file:
+    path: "{{ git_home }}/.ssh"
+    state: directory
+    mode: 0700
+  tags: git
+
+- name: check git authorized_keys exists
+  become: true
+  stat:
+    path: "{{ git_home }}/.ssh/authorized_keys"
+  register: git_authfile
+  tags: git
+
+- name: touch git authorized_keys
+  become: true
+  become_user: git
+  file:
+    path: "{{ git_home }}/.ssh/authorized_keys"
+    state: touch
+    mode: 0600
+  when: not git_authfile.stat.exists
+  tags: git
--- a/ansible/roles/git/templates/git-daemon.service.j2
+++ b/ansible/roles/git/templates/git-daemon.service.j2
@@ -0,0 +1,18 @@
+[Unit]
+Description=Start Git Daemon
+
+[Service]
+ExecStart=/usr/bin/git daemon --reuseaddr --base-path={{ git_home }} {{ git_home }}
+
+Restart=always
+RestartSec=500ms
+
+StandardOutput=syslog
+StandardError=syslog
+SyslogIdentifier=git-daemon
+
+User={{ git_user }}
+Group={{ git_user }}
+
+[Install]
+WantedBy=multi-user.target