From 3a6ceec53c97670293a13e4fdde630590d25903d Mon Sep 17 00:00:00 2001
From: Timo Makinen <tmakinen@foo.sh>
Date: Fri, 17 May 2019 11:37:46 +0300
Subject: [PATCH] initial version of git server role

---
 roles/git/server/files/git.conf    | 46 ++++++++++++++++++++++++++++++
 roles/git/server/files/gitweb.conf | 26 +++++++++++++++++
 roles/git/server/meta/main.yml     |  5 ++++
 roles/git/server/tasks/main.yml    | 35 +++++++++++++++++++++++
 4 files changed, 112 insertions(+)
 create mode 100644 roles/git/server/files/git.conf
 create mode 100644 roles/git/server/files/gitweb.conf
 create mode 100644 roles/git/server/meta/main.yml
 create mode 100644 roles/git/server/tasks/main.yml

diff --git a/roles/git/server/files/git.conf b/roles/git/server/files/git.conf
new file mode 100644
index 0000000..44cd432
--- /dev/null
+++ b/roles/git/server/files/git.conf
@@ -0,0 +1,46 @@
+
+error_page 418 = @query_auth;
+
+# Git over HTTP
+location ~ ^/.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
+    root /srv/git;
+}
+# Git operations that require authentication should go here
+location @query_auth {
+    auth_basic "Authentication Required";
+    auth_basic_user_file /etc/nginx/htpasswd;
+    rewrite ^(/.*)$ $1 break;
+    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
+    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+    fastcgi_param PATH_INFO $uri;
+    fastcgi_param GIT_PROJECT_ROOT /srv/git;
+    fastcgi_param GIT_HTTP_EXPORT_ALL "";
+    include fastcgi_params;
+    fastcgi_param REMOTE_USER $remote_user;
+}
+location ~ ^(.*\.git/git-receive-pack)$ {
+    return 418;
+}
+location ~ ^/(.*\.git/(HEAD|info/refs|objects/(info/[^/]+)|git-upload-pack))$ {
+    if ( $query_string = "service=git-receive-pack" ) { return 418; }
+    rewrite ^(/.*)$ $1 break;
+    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
+    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
+    fastcgi_param PATH_INFO $uri;
+    fastcgi_param GIT_PROJECT_ROOT /srv/git;
+    fastcgi_param GIT_HTTP_EXPORT_ALL "";
+    include fastcgi_params;
+}
+
+# Gitweb
+location /gitweb.cgi {
+  root /var/www/git/;
+  include fastcgi_params;
+  fastcgi_param SCRIPT_NAME $uri;
+  fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
+  fastcgi_pass  unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
+}
+location / {
+  root /var/www/git;
+  index gitweb.cgi;
+}
diff --git a/roles/git/server/files/gitweb.conf b/roles/git/server/files/gitweb.conf
new file mode 100644
index 0000000..0026844
--- /dev/null
+++ b/roles/git/server/files/gitweb.conf
@@ -0,0 +1,26 @@
+
+# location of git repos
+our $projectroot = "/srv/git";
+
+# site name
+our $site_name = "foo.sh - Public GIT repositories";
+
+# add custom css
+push @stylesheets, "/static/gitweb-local.css";
+our $logo = "/static/logo.png";
+our $logo_label = "https://www.foo.sh/";
+
+# base urls
+our $logo_url = "https://www.foo.sh/";
+our $home_link = "https://git.foo.sh";
+our $home_link_str = "https://git.foo.sh";
+
+# avatar support
+$feature{"avatar"}{"default"} = ["gravatar"];
+
+# add support for bz2 and zip snapshots
+$feature{"snapshot"}{"default"} = ["tgz", "tbz2", "zip"];
+
+# syntax highlight (rhel8 supports detection without known extension)
+$highlight_bin = "highlight";
+$feature{"highlight"}{"defaut"} = [1];
diff --git a/roles/git/server/meta/main.yml b/roles/git/server/meta/main.yml
new file mode 100644
index 0000000..9a25c83
--- /dev/null
+++ b/roles/git/server/meta/main.yml
@@ -0,0 +1,5 @@
+---
+
+dependencies:
+  - {role: git/client}
+  - {role: nginx/fcgi}
diff --git a/roles/git/server/tasks/main.yml b/roles/git/server/tasks/main.yml
new file mode 100644
index 0000000..1fc9f44
--- /dev/null
+++ b/roles/git/server/tasks/main.yml
@@ -0,0 +1,35 @@
+---
+
+- name: install git server packages
+  package:
+    name: "{{ item }}"
+    state: installed
+  with_items:
+    - gitweb
+    - highlight
+    - perl-Digest-MD5
+
+- name: create git directory
+  file:
+    path: /srv/git
+    src: /export/git
+    state: link
+    owner: root
+    group: root
+
+- name: create gitweb config
+  copy:
+    dest: /etc/gitweb.conf
+    src: gitweb.conf
+    mode: 0644
+    owner: root
+    group: root
+
+- name: create nginx git config
+  copy:
+    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/git.conf
+    src: git.conf
+    mode: 0644
+    owner: root
+    group: root
+  notify: restart nginx