From a5af8f9f5522d4a6b4dc04655c55d07b68e301e4 Mon Sep 17 00:00:00 2001 From: Jakob Meier Date: Thu, 2 Nov 2023 20:32:13 +0100 Subject: [PATCH] Fixed git ssh/http(s) push and pull --- roles/git.sr.ht/tasks/main.yml | 6 ++++++ roles/git.sr.ht/tasks/nginx.yml | 6 ++++++ roles/git.sr.ht/tasks/ssh.yml | 35 +++++++++++++++++++++++++++++++++ 3 files changed, 47 insertions(+) create mode 100644 roles/git.sr.ht/tasks/ssh.yml diff --git a/roles/git.sr.ht/tasks/main.yml b/roles/git.sr.ht/tasks/main.yml index 72cbec1..d67f61c 100644 --- a/roles/git.sr.ht/tasks/main.yml +++ b/roles/git.sr.ht/tasks/main.yml @@ -3,6 +3,9 @@ community.general.apk: name: - git.sr.ht + - git-daemon + - openssh + - fcgiwrap state: latest - name: Setup /etc/hosts localhost redirect @@ -13,6 +16,9 @@ - name: Setup Database ansible.builtin.import_tasks: db.yml +- name: Setup ssh daemon config + ansible.builtin.import_tasks: ssh.yml + - name: Setup config & services ansible.builtin.import_tasks: config.yml diff --git a/roles/git.sr.ht/tasks/nginx.yml b/roles/git.sr.ht/tasks/nginx.yml index bffcb78..797ed01 100644 --- a/roles/git.sr.ht/tasks/nginx.yml +++ b/roles/git.sr.ht/tasks/nginx.yml @@ -5,6 +5,12 @@ dest: /etc/nginx/http.d/git.sr.ht.conf register: nginxconf +- name: Start & enable fcgiwrap + ansible.builtin.service: + name: fcgiwrap + state: started + enabled: true + - name: Start & enable nginx ansible.builtin.service: name: nginx diff --git a/roles/git.sr.ht/tasks/ssh.yml b/roles/git.sr.ht/tasks/ssh.yml new file mode 100644 index 0000000..9612e28 --- /dev/null +++ b/roles/git.sr.ht/tasks/ssh.yml @@ -0,0 +1,35 @@ +--- +- name: Ensure ssh is installed + community.general.apk: + name: + - openssh + state: latest + +- name: Make sure ssh dispatch is properly setup + ansible.builtin.blockinfile: + path: /etc/ssh/sshd_config + marker: "#-- {mark} ANSIBLE git.sr.ht --#" + block: | + AuthorizedKeysCommand=/usr/bin/gitsrht-dispatch "%u" "%h" "%t" "%k" + AuthorizedKeysCommandUser=root + PermitUserEnvironment SRHT_* + register: sshdconf + +- name: Remove password protection from git account + ansible.builtin.user: + name: "git" + password: "" + +- name: Manually create shell log file + ansible.builtin.file: + path: /var/log/gitsrht-shell + owner: git + group: git + state: touch + +- name: Start & enable sshd + ansible.builtin.service: + name: sshd + state: restarted + enabled: true + when: sshdconf.changed -- 2.38.5