From 4a5073589cca64898016209c0a6b0d22d9fe2075 Mon Sep 17 00:00:00 2001 From: clarkzjw Date: Fri, 20 Jan 2023 16:17:29 -0800 Subject: WIP: add cgit config --- .../bia/ansible/roles/bsd_init/defaults/main.yaml | 0 .../config/bia/ansible/roles/cgit/tasks/main.yaml | 65 ++++++++++++++++++++-- .../bia/ansible/roles/cgit/templates/cgit.conf.j2 | 17 +----- 3 files changed, 62 insertions(+), 20 deletions(-) delete mode 100644 clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml diff --git a/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/bsd_init/defaults/main.yaml deleted file mode 100644 index e69de29..0000000 diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml index 375bd8f..51f17eb 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/tasks/main.yaml @@ -3,10 +3,16 @@ state: present name: - cgit + - git - nginx - fcgiwrap - security/py-certbot-nginx - py39-virtualenv + - py39-docutils + - py39-markdown + - py39-pygments + - python39 + - gitolite - name: Create git directory file: @@ -22,23 +28,74 @@ state: directory recurse: yes -- name: Render nginx config file +- name: Render Nginx config files template: src: nginx.conf.j2 dest: "/usr/local/etc/nginx/nginx.conf" mode: 0644 -- name: Render nginx config file +- name: Rendier cgit nginx config template: src: cgit.conf.j2 dest: "/usr/local/etc/nginx/conf.d/cgit.conf" mode: 0644 +- name: Enable SysRC values + community.general.sysrc: + name: sshd_enable + state: present + value: "YES" + +- name: Enable SysRC values + community.general.sysrc: + name: nginx_enable + state: present + value: "YES" + +- name: Enable SysRC values + community.general.sysrc: + name: fcgiwrap_enable + state: present + value: "YES" + +- name: Enable SysRC values + community.general.sysrc: + name: fcgiwrap_user + state: present + value: "www" + +- name: Enable SysRC values + community.general.sysrc: + name: fcgiwrap_group + state: present + value: "www" + +- name: Enable SysRC values + community.general.sysrc: + name: fcgiwrap_socket_owner + state: present + value: "www" + +- name: Enable SysRC values + community.general.sysrc: + name: fcgiwrap_socket_group + state: present + value: "www" + +- name: Create git group + group: + name: git + state: present + +- name: Add git user + user: + name: git + group: git + home: /opt/git + # TODO # create certbot https certificate # test nginx conf # reload nginx conf -# create git user # gitolite config -# create virtualenv # cgit filters diff --git a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 index 625075d..9504e29 100644 --- a/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 +++ b/clarkzjw.cc/config/bia/ansible/roles/cgit/templates/cgit.conf.j2 @@ -17,20 +17,5 @@ server { root /usr/local/www/nginx-dist; } - listen 443 ssl; # managed by Certbot - ssl_certificate /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/fullchain.pem; # managed by Certbot - ssl_certificate_key /usr/local/etc/letsencrypt/live/{{ lookup('env', 'CGIT_DOMAIN') }}/privkey.pem; # managed by Certbot - include /usr/local/etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot - ssl_dhparam /usr/local/etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot -} - - -server { - if ($host = {{ lookup('env', 'CGIT_DOMAIN') }}) { - return 301 https://$host$request_uri; - } # managed by Certbot - - listen 80; - server_name {{ lookup('env', 'CGIT_DOMAIN') }}; - return 404; # managed by Certbot + listen 80; } -- cgit v1.2.3