git: Convert to CentOS 8 and Apache

* Update git hosts to CentOS 8
 * Drop nslscd and use sssd instead
 * Change nginx to apache for future GSSAPI support
 * Fix SELinux contexts from git data directory

hosts

@@ -56,6 +56,7 @@ atl01.vultr.foo.sh
 
 [centos8:children]
 adm
+git
 mail
 mirror
 nas
@@ -64,7 +65,6 @@ static
 vmhost
 
 [centos7:children]
-git
 ldap
 collab
 

playbooks/git.yml

@@ -24,4 +24,4 @@
     - base
     - git/client
     - git/server
-    - ldap/nss
+    - sssd

roles/git/server/files/git.conf

@@ -1,46 +1,24 @@
 
-error_page 418 = @query_auth;
+SetEnv GIT_PROJECT_ROOT /srv/git
+SetEnv GIT_HTTP_EXPORT_ALL
 
-# Git over HTTP
+Alias /static/ /var/www/git/static/
-location ~ ^/.*\.git/objects/([0-9a-f]+/[0-9a-f]+|pack/pack-[0-9a-f]+.(pack|idx))$ {
-    root /srv/git;
-}
-# Git operations that require authentication should go here
-location @query_auth {
-    auth_basic "Authentication Required";
-    auth_basic_user_file /etc/nginx/htpasswd;
-    rewrite ^(/.*)$ $1 break;
-    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
-    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
-    fastcgi_param PATH_INFO $uri;
-    fastcgi_param GIT_PROJECT_ROOT /srv/git;
-    fastcgi_param GIT_HTTP_EXPORT_ALL "";
-    include fastcgi_params;
-    fastcgi_param REMOTE_USER $remote_user;
-}
-location ~ ^(.*\.git/git-receive-pack)$ {
-    return 418;
-}
-location ~ ^/(.*\.git/(HEAD|info/refs|objects/(info/[^/]+)|git-upload-pack))$ {
-    if ( $query_string = "service=git-receive-pack" ) { return 418; }
-    rewrite ^(/.*)$ $1 break;
-    fastcgi_pass unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
-    fastcgi_param SCRIPT_FILENAME /usr/libexec/git-core/git-http-backend;
-    fastcgi_param PATH_INFO $uri;
-    fastcgi_param GIT_PROJECT_ROOT /srv/git;
-    fastcgi_param GIT_HTTP_EXPORT_ALL "";
-    include fastcgi_params;
-}
 
-# Gitweb
+#AliasMatch ^/(.*/objects/[0-9a-f]{2}/[0-9a-f]{38})$          /srv/git/$1
-location /gitweb.cgi {
+#AliasMatch ^/(.*/objects/pack/pack-[0-9a-f]{40}.(pack|idx))$ /srv/git/$1
-  root /var/www/git/;
+
-  include fastcgi_params;
+<Directory /usr/libexec/git-core>
-  fastcgi_param SCRIPT_NAME $uri;
+  Require all granted
-  fastcgi_param GITWEB_CONFIG /etc/gitweb.conf;
+</Directory>
-  fastcgi_pass  unix:/run/fcgiwrap/fcgiwrap-nginx.sock;
+ScriptAliasMatch \
-}
+	"(?x)^/(.*/(HEAD | \
-location / {
+			info/refs | \
-  root /var/www/git;
+			objects/info/[^/]+ | \
-  index gitweb.cgi;
+			git-(upload|receive)-pack))$" \
-}
+	/usr/libexec/git-core/git-http-backend/$1
+
+ScriptAlias /gitweb.cgi /var/www/git/gitweb.cgi
+<Location />
+  SetEnv GITWEB_CONFIG /etc/gitweb.conf
+  DirectoryIndex gitweb.cgi
+</Location>

roles/git/server/meta/main.yml

@@ -2,4 +2,4 @@
 
 dependencies:
   - {role: git/client}
-  - {role: nginx/fcgi}
+  - {role: apache}

roles/git/server/tasks/main.yml

@@ -9,6 +9,11 @@
     - highlight
     - perl-Digest-MD5
 
+- name: fix selinux context from data directory
+  sefcontext:
+    path: /export/git(/.*)?
+    setype: git_sys_content_t
+
 - name: create git directory
   file:
     path: /srv/git
@@ -44,11 +49,11 @@
     - logo.png
     - gitweb-local.css
 
-- name: create nginx git config
+- name: link apache git config
   copy:
-    dest: /etc/nginx/conf.d/{{ inventory_hostname }}/git.conf
+    dest: /etc/httpd/conf.local.d/git.conf
     src: git.conf
     mode: 0644
     owner: root
-    group: root
+    group: "{{ ansible_wheel }}"
-  notify: restart nginx
+  notify: restart apache