M roles/git.sr.ht/tasks/main.yml => roles/git.sr.ht/tasks/main.yml +6 -0
@@ 3,6 3,9 @@
community.general.apk:
name:
- git.sr.ht
+ - git-daemon
+ - openssh
+ - fcgiwrap
state: latest
- name: Setup /etc/hosts localhost redirect
@@ 13,6 16,9 @@
- name: Setup Database
ansible.builtin.import_tasks: db.yml
+- name: Setup ssh daemon config
+ ansible.builtin.import_tasks: ssh.yml
+
- name: Setup config & services
ansible.builtin.import_tasks: config.yml
M roles/git.sr.ht/tasks/nginx.yml => roles/git.sr.ht/tasks/nginx.yml +6 -0
@@ 5,6 5,12 @@
dest: /etc/nginx/http.d/git.sr.ht.conf
register: nginxconf
+- name: Start & enable fcgiwrap
+ ansible.builtin.service:
+ name: fcgiwrap
+ state: started
+ enabled: true
+
- name: Start & enable nginx
ansible.builtin.service:
name: nginx
A roles/git.sr.ht/tasks/ssh.yml => roles/git.sr.ht/tasks/ssh.yml +35 -0
@@ 0,0 1,35 @@
+---
+- name: Ensure ssh is installed
+ community.general.apk:
+ name:
+ - openssh
+ state: latest
+
+- name: Make sure ssh dispatch is properly setup
+ ansible.builtin.blockinfile:
+ path: /etc/ssh/sshd_config
+ marker: "#-- {mark} ANSIBLE git.sr.ht --#"
+ block: |
+ AuthorizedKeysCommand=/usr/bin/gitsrht-dispatch "%u" "%h" "%t" "%k"
+ AuthorizedKeysCommandUser=root
+ PermitUserEnvironment SRHT_*
+ register: sshdconf
+
+- name: Remove password protection from git account
+ ansible.builtin.user:
+ name: "git"
+ password: ""
+
+- name: Manually create shell log file
+ ansible.builtin.file:
+ path: /var/log/gitsrht-shell
+ owner: git
+ group: git
+ state: touch
+
+- name: Start & enable sshd
+ ansible.builtin.service:
+ name: sshd
+ state: restarted
+ enabled: true
+ when: sshdconf.changed