3 files changed, 62 insertions, 20 deletions
diff --git a/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml
deleted file mode 100644
index e69de29..0000000
--- a/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml
+++ /dev/null
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
index 375bd8f..51f17eb 100644
--- a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
@@ -3,10 +3,16 @@
    state: present
    name:
      - cgit
+      - git
      - nginx
      - fcgiwrap
      - security/py-certbot-nginx
      - py39-virtualenv
+      - py39-docutils
+      - py39-markdown
+      - py39-pygments
+      - python39
+      - gitolite
 - name: Create git directory
  file:
@@ -22,23 +28,74 @@
    state: directory
    recurse: yes
- name: Render nginx config file
+- name: Render Nginx config files
  template:
    src: nginx.conf.j2
    dest: "/usr/local/etc/nginx/nginx.conf"
    mode: 0644
- name: Render nginx config file
+- name: Rendier cgit nginx config
  template:
    src: cgit.conf.j2
    dest: "/usr/local/etc/nginx/conf.d/cgit.conf"
    mode: 0644
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: sshd_enable
+    state: present
+    value: "YES"
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: nginx_enable
+    state: present
+    value: "YES"
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: fcgiwrap_enable
+    state: present
+    value: "YES"
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: fcgiwrap_user
+    state: present
+    value: "www"
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: fcgiwrap_group
+    state: present
+    value: "www"
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: fcgiwrap_socket_owner
+    state: present
+    value: "www"
+- name: Enable SysRC values
+  community.general.sysrc:
+    name: fcgiwrap_socket_group
+    state: present
+    value: "www"
+- name: Create git group
+  group:
+    name: git
+    state: present
+- name: Add git user
+  user:
+    name: git
+    group: git
+    home: /opt/git
 # TODO
 # create certbot https certificate
 # test nginx conf
 # reload nginx conf
-# create git user
 # gitolite config
-# create virtualenv
 # cgit filters
diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
index 625075d..9504e29 100644
--- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
+++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -17,20 +17,5 @@ server {
        root   /usr/local/www/nginx-dist;
    }
-    listen 443 ssl; # managed by Certbot
+    listen 80;
-    ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
-    ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
-    include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
-    ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
-}
-server {
-    if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
-        return 301 https://$host$request_uri;
-    } # managed by Certbot
-    listen       80;
-    server_name  {{ lookup('env', 'CGIT_DOMAIN') }};
-    return 404; # managed by Certbot
 }

diff --git a/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml deleted file mode 100644 index e69de29..0000000 --- a/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml +++ /dev/null


diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml index 375bd8f..51f17eb 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml
@@ -3,10 +3,16 @@
3	state: present	3	state: present
4	name:	4	name:
5	- cgit	5	- cgit
		6	- git
6	- nginx	7	- nginx
7	- fcgiwrap	8	- fcgiwrap
8	- security/py-certbot-nginx	9	- security/py-certbot-nginx
9	- py39-virtualenv	10	- py39-virtualenv
		11	- py39-docutils
		12	- py39-markdown
		13	- py39-pygments
		14	- python39
		15	- gitolite
10		16
11	- name: Create git directory	17	- name: Create git directory
12	file:	18	file:
@@ -22,23 +28,74 @@
22	state: directory	28	state: directory
23	recurse: yes	29	recurse: yes
24		30
25	- name: Render nginx config file	31	- name: Render Nginx config files
26	template:	32	template:
27	src: nginx.conf.j2	33	src: nginx.conf.j2
28	dest: "/usr/local/etc/nginx/nginx.conf"	34	dest: "/usr/local/etc/nginx/nginx.conf"
29	mode: 0644	35	mode: 0644
30		36
31	- name: Render nginx config file	37	- name: Rendier cgit nginx config
32	template:	38	template:
33	src: cgit.conf.j2	39	src: cgit.conf.j2
34	dest: "/usr/local/etc/nginx/conf.d/cgit.conf"	40	dest: "/usr/local/etc/nginx/conf.d/cgit.conf"
35	mode: 0644	41	mode: 0644
36		42
		43	- name: Enable SysRC values
		44	community.general.sysrc:
		45	name: sshd_enable
		46	state: present
		47	value: "YES"
		48
		49	- name: Enable SysRC values
		50	community.general.sysrc:
		51	name: nginx_enable
		52	state: present
		53	value: "YES"
		54
		55	- name: Enable SysRC values
		56	community.general.sysrc:
		57	name: fcgiwrap_enable
		58	state: present
		59	value: "YES"
		60
		61	- name: Enable SysRC values
		62	community.general.sysrc:
		63	name: fcgiwrap_user
		64	state: present
		65	value: "www"
		66
		67	- name: Enable SysRC values
		68	community.general.sysrc:
		69	name: fcgiwrap_group
		70	state: present
		71	value: "www"
		72
		73	- name: Enable SysRC values
		74	community.general.sysrc:
		75	name: fcgiwrap_socket_owner
		76	state: present
		77	value: "www"
		78
		79	- name: Enable SysRC values
		80	community.general.sysrc:
		81	name: fcgiwrap_socket_group
		82	state: present
		83	value: "www"
		84
		85	- name: Create git group
		86	group:
		87	name: git
		88	state: present
		89
		90	- name: Add git user
		91	user:
		92	name: git
		93	group: git
		94	home: /opt/git
		95
37	# TODO	96	# TODO
38	# create certbot https certificate	97	# create certbot https certificate
39	# test nginx conf	98	# test nginx conf
40	# reload nginx conf	99	# reload nginx conf
41	# create git user
42	# gitolite config	100	# gitolite config
43	# create virtualenv
44	# cgit filters	101	# cgit filters


diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 index 625075d..9504e29 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2
@@ -17,20 +17,5 @@ server {
17	root /usr/local/www/nginx-dist;	17	root /usr/local/www/nginx-dist;
18	}	18	}
19		19
20	listen 443 ssl; # managed by Certbot	20	listen 80;
21	ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot
22	ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot
23	include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
24	ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
25	}
26
27
28	server {
29	if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) {
30	return 301 https://$host$request_uri;
31	} # managed by Certbot
32
33	listen 80;
34	server_name {{ lookup('env', 'CGIT_DOMAIN') }};
35	return 404; # managed by Certbot
36	}	21	}